The Impact of Cyber Security - Meet Karla

Tell us your name, title, and provide us with an overview of your role as a Cyber Security Incident Response Lead.

My name is Karla, and I’m a Cyber Security Incident Response Lead. In general, I’m responsible for security incidents in North America & Latin American time zones at Nestlé.

How did you first become interested in the field of IT security and compliance?

In 2012, I had the opportunity to choose my specialty with my career path at my first job, and I decided to focus on Information Security. I started in the financial sector and recognized the importance of information security. Security and compliance aligned with my interests in investigations and analysis.

How do you stay up to date with the latest developments in IT security and compliance?

I joined Forum of Incident Response and Security Teams (FIRST) to help support me in my role within the Cyber Security Incident Response team (CSIRT) and this year, I joined WiCyS (Women in Cyber Security).  Both groups help me focus on growing my experience in the field and I’ve learned how important it is to be part of these communities to increase networking, knowledge, and to help me learn from other companies and people.

Can you discuss the importance of collaboration and communication in your role, particularly with other departments, opco’s, and stakeholders?

Communication is important to me. Prior to Nestlé I was executing security awareness campaigns and incident response. This is where I started to recognize that communication is a crucial component of cyber security. Soft skills, like being precise and timely, are important when communicating high-risk information with business stakeholders to prevent critical consequences.

Collaboration is key in cyber security and incident response too. We need support from other areas of the business like IT experts network, identity management, owners of infrastructure and applications, even legal, and HR to work together to help prevent threats. Regardless of the affected area, we need different teams and people involved to apply containment and remediation actions, understand operations, weight out the impacts, and investigate to identify the root-cause of the security incident.

How do you promote a culture of security awareness among employees?

After a security incident, CSIRT works together to share recommendations and lessons identified within the markets. The goal of sharing this information is to help them prepare internal cyber security awareness campaigns, communications, and training or additional strategies to help prevent the same security incident.

What do you find most rewarding about working as a Cyber Security Incident Response Lead?

I’m passionate about cyber security, and every day within my role is different. For example, today I could be focused on a phishing case, but tomorrow I could be focused on a lost mobile device malware, or unauthorized access. Each incident could have effects on the business operations, tools, stakeholders, or even countries! Every day is a challenge, providing new things to learn, and introducing me to new areas or people to meet. I enjoy this but at the same time, I know the responsibility and importance of coordination and timely response.

What would be your security themed super-power and why?

Read minds! I would prevent a user clicking on a malicious link, prevent non-compliant actions, or take care about the data!

What tech gadget could you not live without?

I'm involved in technology every day, so I think my laptop is crucial to do my job. In my personal life, I prefer to live in the present and take some hours without using a tech gadget.

Anything else we should know about you?

I love cyber security, but it is a challenge depending on the situation (it could be a crisis, for example) so I balance this by participating in yoga, meditation, and travelling in my free time.

Karla's dedication and passion for protecting Nestlé's data and systems from cyber threats doesn’t go unnoticed. She demonstrates the importance of communication, collaboration, and awareness in her role, as well as the challenges and rewards of working in a dynamic and diverse field.

If you're interested in a career like Karla’s with Nestlé IT, visit our careers site to view our open opportunities and join our Talent Network so we can help match your skillset to one of our current or future open positions within our organization.