Executive Spotlight: Dana Simberkoff, Chief Risk, Privacy and Information Security Officer

First, tell us about your role at AvePoint.

I am the Global Chief Risk, Privacy and Information Security Officer at AvePoint. My team is responsible for AvePoint’s privacy, data protection, and security programs. Our team of subject matter experts also provides executive-level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. We provide guidance on product direction, technology enhancements, customer challenges, and market opportunities.

How did you first learn about AvePoint?

I learned about AvePoint through mutual connections at the Microsoft Federal Partner team. I regularly participated in joint meetings with AvePoint and became familiar with the company and technologies.

What’s your story? How did you get involved in the cybersecurity field?

I have a B.A. from Dartmouth College and a J.D. from Suffolk University Law School. I am also a Certified Information Privacy Professional (CIPP) from the International Association of Privacy Professionals (IAPP).

When I was attending law school, I fully expected to become a practicing attorney. However, I began working for a software company focusing on regulatory compliance almost immediately after graduating. I never looked back, though I have found my law degree to be useful throughout my career.

I became involved in privacy and cybersecurity when my organization was tapped to work on the privacy programs for our corporate and public sector customers in addition to operations security projects for our U.S. Department of Defense customers. I was asked to research and become a subject matter expert in DoD OpSec requirements (early precursors to the cybersecurity landscape we see today).

What tips do you have for those who are thinking about entering this profession?

Building and maintaining a strong network of peers within the security and privacy community is not only essential for your personal career growth, but it also allows you to learn from the experiences, good and bad, of your peers.

How do you network within this field?

Because the privacy field is on the rise and yet still remains a relatively small group of professionals, organizations like IAPP provide a great opportunity to meet, socialize, and share stories with your peers. Because we also manage our security practice, it’s critical to maintain strong peer-to-peer connections inside and outside of your company.

Was there anyone who inspired or mentored you in your career?

I think it’s very important for women to have peers and mentors to help support, promote and inspire them. I’ve had many such mentors within my family and throughout my education and later within my professional life. This started with my mother who is a social worker and has a master’s degree in economics and my grandmother who was one of the youngest women attorneys to graduate from Albany Law School in the 1920’s. My grandmother went on to work well into her 80s and travel the world. My mother is still helping others in her full-time career.

I am inspired by many of the women and men with whom I’ve had an opportunity to work on a regular basis and across my professional networks. I have been extremely fortunate throughout my own professional and personal life, to have friends, family, mentors, and managers who always believed in me and my ability to achieve anything I wanted to do.

What have you learned about self-promotion?

Women tend to believe that if they work hard and keep quiet, someone will eventually notice. Thus, I believe it’s important for women to become their own promoters and advocates both inside and outside of their organizations. At AvePoint, I try to promote the importance of my role and my team’s work, both up my leadership chain and across the business. We are also lucky to use internal social media platforms to publicize and promote our activities. Everyone that works for me knows that I have a saying: “Being a legend in your own mind, or even in my mind, is not going to be that meaningful for you.” You need to make sure that leadership is aware of your work and accomplishments and do so in a way that is not boasting, but rather informative and helpful.

I submit myself and colleagues for speaking sessions at industry conferences, and I am a regular contributor to many publications. Because of that external exposure, I was asked to write a monthly column on privacy and data protection for CMSWire. I also frequently post on the AvePoint blog. Serving on two advisory committees for IAPP has helped me promote the work that I do as well.

The cybersecurity field is constantly changing; how do you keep up?

We maintain a very rigorous program of ongoing training and certifications within our team and company and expect our employees to continue to grow their skills. We recently achieved ISO 27001:2013 certification, a milestone that was the result of a huge team effort! This process alone involved a major learning push for everyone involved. Beyond this, we regularly attend industry conferences, participate in training, and provide funding to participate in continuing education programs.

What’s the best career advice you ever received?

The best career advice I was ever given is, “life is not fair.” And indeed, it is not. We all play the hand that we are dealt, but I believe that all of us have an opportunity to rise. As such,  it’s important to prove your value and worth every day, and to be sure that you are not only an asset in your own mind, but in that of your management, peers, and organization. It’s important to lift others as you lift yourself and to remember the people who have helped you along the way.

What has been your greatest career achievement?

I have a slightly different perspective on this question than others may. My father would probably say that it was earning my law degree. Others may say that it was leading operations for a global software company, becoming an advisor to the privacy teams of several U.S. federal agencies, or becoming a CPO and a CISO. However, I think the most important achievement of my career has been not any one thing that I have done, but instead the collective achievements and the ongoing privacy and security contributions that the companies and teams I have had the privilege to be a part of have been able to achieve and continue to make every day. I am also very fortunate to work in a field that I believe in passionately.