Kris Lovejoy: A Superior Female Cybersecurity Leader

Kris Lovejoy | Global Practice Leader | Security and Resiliency
Kris Lovejoy | Global Practice Leader | Security and Resiliency

“In the face of a three-year-old who is wailing at the door as I leave for a business trip, I can tell you it’s an incredibly difficult choice,” Kris Lovejoy told CIO Look when we asked her about the hurdles she had to overcome.

Being a Global Practice Leader for Security & Resiliency at Kyndryl, Kris realizes the challenges women face in her profession are very different. It wasn’t easy to be a single mom and a business leader both simultaneously.

It was a pleasure to speak with Kris, who is an inspiration to many, and learn about her sacrifices and hardships to get to where she is now.

Storms Abound on the Road to Prosperity

Kris came to Kyndryl from EY, where she was the global consulting cybersecurity leader responsible for its multi-billion-dollar security practice. Prior, she was the founder and CEO of BluVector Inc., an AI-powered sense and response platform Comcast acquired in 2019. She was also general manager of IBM’s Security Services division, where she led teams that built end-to-end security programs for IBM’s global clients.

Kris holds U.S. and EU patents in areas around Risk Management. She served as a member of the World Economic Forum’s cybersecurity committee. She was also humbled to be named one of the “Top 50 Cybersecurity Leaders of 2021” by The Consulting Report and Consulting Magazine’s “Top Woman Technology Leader” in 2020.

While she never had a choice as to whether she was going to work – she was a single mom – she had to decide whether to take the safe road or take a risk and pursue promotion.

Kyndryl’s philosophy and ideology

At Kyndryl, they are committed to the health and continuous improvement of the vital systems at the heart of the digital economy. With their partners and thousands of customers, they co-create solutions to help enterprises reach their peak digital performance. The world has never been more alive with opportunities. Everyone can seize them.

Kyndryl was spun-off from IBM IT infrastructure services in 2021. Its global base of customers includes 75 of the Fortune 100 companies. With   90,000+ skilled professionals operating from more than 60 countries, it is committed to the success of its customers, collaborating with them, and helping them to realize their ambitions.

Inspiring a change in the cybersecurity industry

About 25 years of experience in “cyber resiliency,” the phrase Kris prefers, has taught her that everyone must treat living with cyber threats as one does living with viruses. They are unavoidable. The question is – how do you best protect yourself against it and assure a quick recovery?

Cyber resiliency services are an essential component of modernizing and managing any IT infrastructure, and strategies and budgets must be aligned to address the “new normal.” Companies must prioritize fast-track modernization programs – to infrastructures like a hybrid cloud – so they can achieve a resilient business transformation.

Kris’ contribution then, she hopes, will be in shifting the work that she does in this field from simply “security” to one of “cyber resilience.” The public and private sectors need both. It is important to be able to anticipate, protect against, withstand, AND recover from cyber threats. That’s what she means by “cyber resilience.”

Kyndryl and Its Tower of Strength

When Kris’ company was spun-off, the first order of business was to name the new company. A lot of thought went into that, arriving at this description that she attributes to her leadership collectively, beginning with the CEO. The team articulated: that “Kyn” comes from “kin.” It represents the strong bonds the company forms with customers and with each other. Its people are at the heart of the business. “-dryl” is coined from “tendril,” evoking new growth and connections. By working together, they are growing.

The work they do at Kyndryl reflects these principles. So, in her leadership role, as Kris travels virtually across the world and meets fellow Kyndryls, she is often asked, “What’s our vision and mission in the Security and Resiliency Global Practice?”

Kris answers, “I believe that in order for our customers to operate effectively in today’s world – they have to not only understand and act on existing risk but be able to “see around corners,” and make informed decisions about the cyber risk that’s emerging so that they can embrace transformation and innovation with confidence. Our mission at Kyndryl is to help customers see around the corners. To help them transform from a backward-facing, compliance, or crisis-driven security function to one that embeds resilience by design.”

Providing Resourceful Solutions by Utilising Technological Improvements

While everyone understands cyber risk, they also understand the needs of a business vis-a-vis IT modernization. The ability to bridge and navigate is not a capability many vendors offer. At Kyndryl, they have a deep bench of skilled practitioners across a massive range of technology platforms. They also have a strong and growing set of tech alliances.

At this point of an alliance, they are combining their world-class capabilities with other companies that have complementary capabilities to deliver world-class solutions for their customers. A recent example is a partnership they announced with Dell Technologies to help secure critical data sets for their customers and provide a verified process to recover data back into their business when faced with a cyber threat. Today’s technology and a skilled workforce enable this capability.

Adjusting the Company’s Focus to Address Impending Issues

Business as usual isn’t working. So, Kris would shift the company’s approach. A focus strictly on cyber defense will not suffice. Today it is no longer a question of whether cyber attackers will breach Kyndryl’s defenses, but when they will break through and how much damage they will do.

Hackers only need to be skilled (or lucky) enough to break through just once; businesses and governments would need to fend off 100 percent of the constant attacks to remain safe—that’s a hopeless proposition. Just as the company’s approach to COVID has shifted from focusing only on prevention to embracing a broader strategy that also includes managing its inevitable impact, cybersecurity must also adopt a new posture. It’s time to embrace a comprehensive strategy for cyber resilience—not just cyber security.

Cyber resilience means anticipating, protecting against, withstanding, and recovering from attacks on cyber-enabled services. These cyber incidents affect all of society, spreading uncertainty and risk among the public, governments, and commercial markets alike.

“We must make 2022 the year we implement a whole-of-economy cyber resilience strategy. The business community and policymakers must align on a consistent set of cyber resilience principles to ensure that our entire economy and critical institutions are prepared for future attacks. That’s the direction I would take this industry,” Kris adds.

Preparing to Be a Part of Major Changes

Nation-states seeking an advantage in the cyber competition are turning to AI for offensive and defensive applications. On the defensive side, AI automation of cybersecurity tasks previously handled by analysts and detecting so-called “dark patterns” from large quantities of data demonstrates the possibilities of machine learning methods for detecting zero-day malware, threat detection, and automated remediation. From an offensive perspective, the growing diffusion of AI tools and techniques in cybersecurity functions also presents a new front in cyber competition, specifically making the conditions even more conducive to cyber conflict.

Attackers are already using methods like reinforcement learning and generative adversarial networks to produce new types of cyberattacks that can evade cyber defenses, meaning that adversaries could employ a variety of methods, including compromising ML supply chains, poisoning training data such as open-source malware repositories, unleashing malware with greater degrees of autonomy, and targeting defenders’ trust in machine learning systems.

Net – as AI becomes the new normal in cyber operations, the line between offense and defense will continue to fade. It may fuel the low-level drumbeat of cyber competition during peacetime. And during a crisis, the concern is the potential for AI technology to misinterpret information, signal, and event, possibly leading to an avoidable escalatory cycle.

Their intention at Kyndryl is to help lead the market in establishing a set of cyber norms that inform and guide behaviors vis a vis the appropriate use and management of AI specifically, and advanced technology like quantum computing within the cyber realm. They believe technology companies and regulators need not act as competitors but work together to create a level and ethical playing field and allow for innovation.

On the Path to Excellence

For Kris, future goals are fairly simple – build security and resiliency capabilities that enterprises both need and value, deliver those capabilities via knowledgeable and passionate practitioners, and assure those services are delivered with excellence. If she can achieve those goals, she is certain that market success is inevitable. And market success in terms of leadership means that she has achieved her ultimate goal – changing the world for the better by making it possible for organizations to innovate with confidence.

A Guiding Light

Kris has a piece of advice for aspiring entrepreneurs, “The balance between “work” and your life outside of work is critically important. Don’t sacrifice one for the other. Your contributions to your partner, your children, and your family are as important, if not more important, than the work you do for your company. Embrace both and bring your ‘best self’ to the task of achieving what’s important to you and your family, as well as your career.”