Tech Talent Spotlight Series: Jaclyn Miller

10 minutes

As an award-winning woman in cybersecurity, Jaclyn has honed her expertise in healthcare tec...

As an award-winning woman in cybersecurity, Jaclyn has honed her expertise in healthcare technology leadership and cybersecurity managed services for global healthcare and life sciences companies.

During her tenure at DispatchHealth, NTT, and Secure-24, she specialized in working closely with product teams and leading service development teams. As a multi-time CISO and decisive business leader, Jaclyn has developed a keen eye for mastering efficient compliance strategies and achieved groundbreaking product and service outcomes. Jaclyn is an authority on building exceptional solutions and teams for healthcare cybersecurity and IT operations. She envisions a future where healthcare transformation enables the speed and quality of care and is secure across the continuum of care.

Can you provide insights into your background and how you entered the cybersecurity industry?

As many cybersecurity professionals have, my journey into cybersecurity was a bit winding. I did my undergraduate degree in music with a concentration in audio recording, which is where my technology background started.

I then joined a startup early in my career in the cloud hosting space around 2008, a time when outsourcing and cloud adoption were becoming popular. I worked with financial services and healthcare companies, which introduced me to cybersecurity through compliance and the need to meet evolving industry standards. This led me to security operations.

I was fortunate to be with a growing company that was eventually acquired by NTT. Our business was merged into NTT Limited and NTT Data. I had the opportunity to be a divisional CISO, working with global teams and customers. My passion for mission-driven cybersecurity, particularly in healthcare, kept bringing me back to the field.

My journey continued at Dispatch Health in Denver, Colorado, where I was the Chief Security Officer. An opportunity then arose to start Blackwell Security, and in April 2023, my co-founder and I launched the business. We both had similar journeys, although slightly different from my own. We've been growing it since, and recent breaches, like the Change Healthcare and Ascension attacks, have validated our approach.

So, this is a high-level overview of how my career has developed over the last 18 years.

What stands out as one of the most challenging moments in your career, how did you overcome it, and what lessons did you learn?

There isn't one specific moment, but I've faced several challenging situations in my career that share common themes. In cybersecurity, especially in security operations, delivering bad news is one of the hardest aspects. When an attack occurs, and we aren't entirely sure of the details but know it's impacting operations, it becomes a significant challenge.

I've learned a lot from these crisis conversations with customers, business partners, and peers. Understanding what's happening during a crisis and navigating through it has provided some of the most challenging yet educational experiences in my career.

In such tough situations, there's often a bonding through adversity. When an organization faces a cybersecurity attack or an outage, everyone aligns with the mission, which is crucial to our daily work. We often say, "Never waste a good incident," meaning that these situations highlight the importance of our work. If we do our jobs well, ideally, no one notices us, as everything runs smoothly, and threats are mitigated.

The recognition and partnership needed to achieve this state take considerable effort. Coming out of a tough incident often leads to deeper collaboration. For those of us who stay in cybersecurity despite the difficulties, these moments offer the opportunity to deepen our partnerships within the business and with our customers.

If you could address one problem in the tech industry based on your journey and experience, what would it be?

Oh, boy. Some people focus on technology or specific threat detection and defense capabilities. For me, there's great technology available that can protect organizations and advance the careers of security professionals.

The biggest challenge, from a U.S. healthcare perspective, is deploying that technology effectively and ensuring there are no gaps.

One of the most disappointing aspects of technology investment, particularly at the board and leadership level, is that a single gap can undermine the entire effort. While this may not be entirely true, the perception can feel that way. To address this, the cybersecurity community needs a standard for understanding the attack surface and ensuring protective and detective tools are fully deployed.

These gaps and blind spots make the job of analysts and security operations teams difficult and can lead to burnout. Addressing these root causes would significantly improve our industry and reduce burnout. That’s what I would fix.

Your perspective on women in the cybersecurity field is crucial. Given the industry's male-dominated nature, with minimal female representation, what steps can companies take to actively promote women's participation?

I think it's important to include a learning model within your security program. Frameworks like NIST and ISO 27001 emphasize continuous learning and development as essential for security professionals because the industry, attacks, and technology constantly evolve. If there isn’t support, it’s difficult to bring in and develop diverse talent effectively. a fundamental need that every security leader, if they want to focus on diversity, equity inclusion, and particularly promoting women in our industry, have to have those resources available in a program to do it with.

The second point is being intentional about who we hire and the balance of the team. It's not necessarily looking at like filling gender quotas by any means, but looking at the culture and the personality mix, having all one type of person means it's just like the tool problem where we have a lack of deployment in some of our attack surface areas and we're completely blind.

 Having a lack of thought leadership or different types of backgrounds within our security team leaves us blind to solving or catching different types of problems. From a recruitment standpoint, thinking through the cultural mix of what you're trying to build in your program is incredibly important, which naturally leads to including people with different backgrounds, like women, who bring unique perspectives to cybersecurity.

 Lastly, is partnering with organizations that promote and grow women. There are many great and accessible programs that organizations can support, regardless of size, through time or donations.

For example, the Michigan Council for Women in Technology focuses on women in tech, including cybersecurity. Programs like We Hack Purple and Try Hack Me offer affordable resources for tactical training for women entering the industry.

Serving as the Co-Founder, President & Chief Operations Officer (COO) of Blackwell Security, what is the company's overarching goal?

Our goal is to defend healthcare, with a current focus on U.S. healthcare. The healthcare industry globally is incredibly broad, encompassing not just care providers, health systems, and hospitals, but also the entire supply chain that interacts with patient data and supports care delivery. This includes ensuring timely access to medicine, processing insurance payments, and managing coverage information—all integral parts of the care process. Our mission is to protect this entire scope.

It's a big mission. It's very much needed as we've seen over the last several years, it hasn't been a mystery that healthcare become a target within critical infrastructure, particularly in the Western world. Medical data is a valuable commodity on the dark web.

Our goal as a company is to come up with an efficient model to be able to protect health care, health systems, and the health care supply chain and address and assist the deployment complexity issues that continue to plague the industry. Unlike financial services, which have invested heavily and overcome many security challenges, healthcare still struggles with these problems.

We focus on the "cyber poverty line" and consider organizations below or near this threshold. Our goal is to identify the most efficient models and next steps these organizations can take in security operations to better protect their operations and patients.

Reflecting on your career, what stands out as the most defining moment—one that you take particular pride in?

The most defining moment recently has been launching Blackwell and introducing Managed Healthcare Extended Detection and Response, or MHXDR.

I'm very proud of the thought leadership that has gone into developing our core product and our approach to offering services to the industry. The cybersecurity space is crowded, with many declaring that SOAR and SIEM are either dead or the next big thing. It often feels like the Schrödinger's cat of security products.

We've simplified our approach by focusing on how to get security operations working effectively from the start and improving them continuously. This is the core of what MHXDR does. I'm incredibly proud of what we've launched this year with MHXDR and of the team that built and contributed to it. I'm very excited about the future and what we will continue to build.

What can companies be doing to help encourage more women into STEM roles?

One of the things we can do, especially for women, is to recognize near-STEM roles. Many women may not realize they are in STEM roles, and as the world becomes more software-driven, managing software often becomes an entry point for technology. When we think about stakeholders or key advocates across the business who are technology partners in business roles, I see these women as having great potential for quickly increasing female representation in technology.

We also need to continue to invest in our girls. I have two daughters, ages 10 and 12, and programs aimed at young girls are incredibly important for building a larger future pipeline into the workforce. However, we also have a current need to get more women into technology roles now.

Connecting women in business roles to STEM, inviting them into technology and technology resiliency conversations, and naturally leading into cybersecurity discussions are key strategies for addressing the talent gap in the short term.

Recognizing the cybersecurity workforce shortage, particularly for women in security, why is it essential for young women to have exposure and knowledge of cybersecurity?

I think it's important for their daily lives. We are talking about generations that have grown up exclusively with technology, unlike us who experienced a transition. We had a childhood which had a period, where there wasn’t much technology.

These girls are growing up with technology from the start. Teaching them how to keep themselves safe online is as fundamental as teaching them to be aware of their surroundings and find good people in society. They need to navigate what's true and false in the cyber world and learn how to stay safe.

Once you have a firm grounding in personal cybersecurity, then you can understand its importance in running a business and its role as a key pillar in business strategy. This helps pull people in who need to be mission-driven about their work to feel successful in their work. One of the best aspects of cybersecurity is the clear purpose it provides: knowing why we are here day in and day out and the negative impact if our profession didn't exist.

So those are the two things we can continue to focus on with young girls and continue to enforce. This alongside making cybersecurity more fun and accessible through camps, training, and activities like capture the flag hackathons.

Where would you like to see the representation of women in the cybersecurity industry in the next five years?

I would love to see a significant change in the representation of women in leadership roles, particularly within cybersecurity companies. In tech companies, we've seen a focus on getting women on board seats, especially in Fortune 500 publicly traded companies. Now, we need to see a similar shift in cybersecurity companies to build up thought leadership.

For women who have reached the C-suite, there are many opportunities, almost too many for the small number available. We need to invest in elevating the next generation of women leaders into those seats. They will bring influence and passion to ensure that future generations of women are supported and mentored in the industry.

Currently, mentorship and sponsorship for women looking to move from director or VP roles to the C-suite or board seats are mostly provided by men. 

That’s one of the big gaps that we have right now, is that it's very difficult as a woman growing in the later stages of her career to find people that look and sound like her to be able to ask key questions of “How do I navigate this part of my journey? How do I make the next step?”

 I would like to see more women supported in, in kind of more gender-diverse roles in the future.

Share the best piece of advice you've ever received, and offer a key piece of advice for individuals contemplating a career in technology.

Contemplating a career in technology, I was drawn to the opportunity to understand the inner workings of businesses—what drives them, what hinders them, and how to enhance their operations to better serve customers. Early in my career, a mentor advised me to seek where all the information resides, as it can't be contained in one person's mind alone.

This led me to focus on technology, where data and systems are at the heart of business operations. While people are vital to a company's growth, technology plays a crucial role, and understanding its workings is key to influencing business outcomes. It's easy to get lost in the details of specific technologies or projects, like threat research or implementing new systems, but the real reward for me comes from seeing how technology supports and enhances overall business functions.

For those who enjoy solving puzzles, I would share this advice: Technology is where all the business puzzles live, so delve into it to gain a deeper understanding of how everything fits together.

 




A huge thank you to Jaclyn for dedicating your time to this interview, your insights and experiences are remarkable and we are grateful you allowed us to give you this platform. If you would like to find out more information about Jaclyn or Blackwell Security then head to her LinkedIn profile 
here, or alternatively check out their website here.

If you, like Jaclyn, have an inspiring story to tell within Technology or IT Infrastructure then please get in contact today for us to share your story.