Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResiliencePhysical Security

Justin Dolly: Proven Security Leader

How Justin Dolly has demonstrated true security leadership over 23 years and what he brings to his CSO role at Sauce Labs

By Maria Henriquez
SEC0620-Profile-Feat-slide1_900px
SEC0620-Profile-slide2_900px
SEC0620-Profile-Feat-slide1_900px
SEC0620-Profile-slide2_900px
June 3, 2020

For the past 20 years, Justin Dolly, new Chief Security Officer at Sauce Labs, has been leading security at public and private companies. He’s enjoyed his work. “I’ve really enjoyed it because no two days are ever the same. I’ve been doing this for a long time, and I’ve never had the same day twice.”

Dolly began his security career in the late 1990s, working at Wells Fargo as a network engineer. “Back then, network was where a lot of security lived,” Dolly explains. “It was about firewalls, VPN devices, network perimeters, circuits in data centers. It was very traditional in nature – vastly different from today’s landscape.”

Inevitably, Dolly says, he was pulled into many different security conversations as a network engineer, ranging from architecting and building networks for the bank and the various branches and departments, each having their own security requirements.

In 2000, he moved on to Macromedia, as Director and Information Security Officer, where he had global responsibility for ensuring the security and integrity of information, infrastructure and intellectual property. He also led product security, risk management, audit compliance and business continuity initiatives.

After six years, he began a new role as Vice President of Systems Operations and Information Security at CNET Networks, now known as CBS Interactive. There, he worked on building online platforms, streaming events such as March Madness and the Grammys, all while ensuring entertainment was delivered safely. “Now, we take streaming services for granted, but it was a different proposition back then,” he adds.

At Kaiser Permanente, he was Information Security Change Leader, where he developed and led a cultural transformation strategy for the entire organization in order to shape security awareness behaviors.

It was at VMware, as CISO, where Dolly played a key role in risk management, security engineering and operations, and compliance initiatives. Then, he moved on to ServiceNow as CISO and focused on building a high-performing security team, as well as fostering a security culture. His career also includes a stint as an advisor for CrowdStrike, Smarsh and Illumio. Prior to Sauce Labs, he was EVP, CSO and CIO at Malwarebytes and COO and CSO at SecureAuth Corp.

In January 2020, he took on the role of CSO at Sauce Labs, a privately held company and provider of continuous testing solutions. Dolly is responsible for developing, implementing and enforcing the company’s security strategy. He is also responsible for ensuring that Sauce Labs customers across the world have the necessary cybersecurity elements in place to innovate across cloud computing environments and meet existing and emergency regulatory compliance requirements.

He works closely with the product and engineering teams, as well, to explore opportunities to deliver security testing capabilities within the company’s platform.  As with every CSO role, he often gets pulled into different areas, including HR, privacy, physical security, customer advocacy and everything else that touches security or privacy. But, at the heart of his responsibility is ensuring he can protect and safeguard not only customer data, but the safety and security of every employee at Sauce Labs.

 

Building Security Teams

One task that Dolly enjoys is building teams and watching those teams execute, flourish and deliver. “I’ve built big teams in the past, and I’ve had super small teams.  The company culture should define the size and the scope of your security organization,” he says.

At Sauce Labs, Dolly says he is fortunate that the organization has made smart security decisions by hiring smart technical people. “I don’t have to go back to square one and start from there with the security program.”

The company also allows him to use his experience to move the security program forward “to not only strengthen the security of users, networks, intellectual property, but also the security of the platform so the services that we provide are as secure as they can be.”

To ensure a world-class security program is in place, Dolly leverages “data centers, a number of cloud environments, firewalls, web application firewalls, intrusion detection systems and various telemetry and deployment systems to ensure our security posture or attack surface doesn’t change without our awareness.”

 

Security in Perspective

Dolly is a firm believer that he learns something new every day. “It sounds trite to say something like that, but I actually do learn something every day. Often times, when meetings finish, I say to myself: What do I know now that I didn’t know 45 minutes ago or 60 minutes ago?”  There is always something learned.

This mentality has taught him to think of security with simplicity in mind. He simply views the majority of security elements in two particular ways: defensive and offensive. The defensive strategy includes the tools that the organization employs to harden its environment and ensure it is not easy to attack, he explains. “And then there’s an offensive side of it, which is, are we testing ourselves? Do we test the defensive elements we put in place? Are we “pentesting” ourselves? And then beyond infrastructure and services: Are we reviewing the code that we wrote? Are we checking for security issues in our codebase? Are we using the right methodologies? Do we use the right libraries? If so, are they current?”

Whatever the size of your team, he says, “you should be, at the very least, looking at those two sides of the ball when it comes to security.”

In addition, having been in the banking, financial services, software and network industry has also taught him to communicate security risk to those that may not deeply understand it, he says. “You have to be really flexible in not only gauging risk because everybody’s risk is different, but also in describing the ways that people should think about that risk, and the possibilities for how you can offset some of that risk, or ideally eliminate it.”

Every role, he notes, has given him a bedrock of experience that he can draw upon and has allowed him to be more flexible with communicating the value of security. Often, he says, security conversations tend to get too technical. “Whether you’re working with hundreds of thousands of employees, or at a small company with a hundred employees, it’s critical to communicate with them in a way that allows them to understand security, and for everyone to feel that it is relevant to them.”

If he explains security accurately, says Dolly, his team and the organization can all get to the finish line together.

 

Communicating During Incidents

Learning how to communicate and explain risk becomes critical when an incident response plan is activated, he says. It’s important to create a list of roles and responsibilities for the incident response team members, a business continuity plan, a summary of the critical network and data recovery processes and physical and cyber tools that must be in place. Communications, both internal and external, is just as critical, he says.

“Externally [outside of the technical teams], you have to communicate with top executives at the organization, HR, legal and marketing teams and even with media. It’s important that whatever your plan looks like, however you manage it, whatever timeline you’re working against and however complicated it might be, to manage the crisis, you have to describe everything in a way that’s palatable for everybody.”

“Internally, one of the most important things in managing an incident is worrying about the people who are working for you on that incident. When an incident occurs, it’s all hands on deck for security teams.”

Most of the time, an incident only lasts for a few minutes or maybe only a few hours, he explains. But when it extends into days, the problem is, Dolly says, security teams are too dedicated, too invested in the outcome. “They don’t want to go home or even sleep. They want to be there when it’s all done – not because they want a pat on the back, but because this is who they are.”

When incidents last longer than a couple of days you start to have to manage people’s emotions and their energy levels. “Making sure that the human emotional aspect is part of your incident response plan is critically important.”

 

Changes in the Landscape

Security was vastly different 20 years ago, Dolly says, and was somewhat siloed or segmented away from other departments and even from other technology teams. “The only time the security team interacted with the rest of the company was when there was a security event – it was very adversarial,” partly because there wasn’t a focus on security.

Looking at the security industry today, Dolly notes, “It’s massive. It has blown up over the last 20 years and is worth billions of dollars. From a cultural perspective, we’ve bridged that gap. We have connected security to the business and helped demonstrate how security makes things better, not worse, and how it enables good behaviors and not necessarily just prohibits bad behaviors.”

Of course, the risk has grown exponentially, as well, he says. “The majority of data loss and breaches have occurred in the last five to 10 years, but this has helped security describe itself better” and has led a vast majority of people to have some level of understanding of security, he claims. Since everyone is concerned about security, it has become part of the conversation at the Board of Directors level at most companies, he says.

“I like the fact that security is now a voice at the table. It’s been a long time coming, but we also had to earn that credibility and earn those stripes. It’s taken time for security leaders to figure out the right messages to deliver, and deliver them in the right ways,” he says. “Going forward, we shouldn’t be afraid of the security conversation, which should occur openly and should be well understood by those involved. We should always ensure we have the conversation, so we can all be clear where we are and where we can make improvements.”

KEYWORDS: cyber security incident response information security leadership risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Justin Dolly

    Justin Dolly Named CSO at Sauce Labs

    See More
  • New Newswire Feature Image 3/8/2012

    IBIA Says Expanding PreCheck Should be Based on Strong, Proven Security Standards

    See More
  • Why Ports Need Proven, Agile Solutions Now

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!