At MassMutual, Ariel Weintraub is honing and maturing the firm’s cybersecurity posture as the first female chief information security officer (CISO) in the insurance company’s 172-year history. If that weren’t enough, she also is forging paths in the cybersecurity industry which establish her as a knowledgeable, precise and innovative leader among information technology (IT) security professionals.
When Weintraub found her first assignment at her first post-university job to be a bit underwhelming, she threw her name in the hat for a short penetration-testing assignment in PricewaterhouseCoopers’ (PwC’s) cybersecurity group.
“I didn’t have a ton of cybersecurity experience; I was a business information systems major. I was able to convince them to take me on for that project, and I found the new type of work exciting,” Weintraub says. She committed to learning about cybersecurity — and really hasn’t stopped since — and PwC moved her over to that practice, which subsequently defined the course of her career thus far.
The experience shaped Weintraub’s philosophy about hiring, helping her see that a degree in cybersecurity isn’t the only path to a successful career in the field. Considering candidates with diverse backgrounds and different experiences, she believes, can help better protect the enterprise based on their diverse perspectives in addition to presenting opportunities to a candidate who might otherwise be overlooked by other companies. In MassMutual’s cybersecurity organization, some employees hold cybersecurity degrees, while others have backgrounds in journalism, family therapy, economics, communications and more.
Weintraub has significantly impacted each organization she has worked for because she brings vast knowledge, expertise and a passion for learning to every role. “I like a new challenge, and I like to learn new things. In all the places that I’ve worked, I’ve moved around within the cyber and risk teams just to get different experiences,” Weintraub says.
For example, during her time at BNY Mellon, she built a vulnerability management program, a security metrics program and a security compliance reporting program. At the Teachers Insurance and Annuity Association (TIAA), Weintraub built a comprehensive identity and access management program, making it a centralized function within IT for the first time. “Building and solving problems is something that I really enjoy,” adds Weintraub.
One of the strategies she uses on new builds is “ride-alongs.” Weintraub describes herself as a detail-oriented person who likes to understand day-to-day processes before designing a strategy or program. For example, during the process of building a new security operations center (SOC) at MassMutual, she physically sat next to each of the SOC analysts while they worked, asking questions and listening to their perspectives.
“While I do a lot of asking questions and listening, I take my time before coming up with what the strategy should be,” she says.
After being promoted to Head of Enterprise Cyber Security at MassMutual two years ago, she became responsible for designing and operating the strategy for cybersecurity and the cyber risk program. She is instrumental in defining MassMutual’s strategy for leveraging data science to design new controls using a model-driven approach. Through her leadership, MassMutual built and implemented its own user behavior analytics (UBA) tool, which the company says outperforms off-the-shelf products and enables the SOC to investigate the most meaningful alerts.
“It’s hard to buy an off-the-shelf product, plug it in and assume that it’s going to find all things,” Weintraub describes. “So we decided, because we have an in-house data science team, to build our own. We built our own data models and integrated them into our security event management tool used by the SOC. We have full control over how we design the models, and we tune them in real time when we do various types of purple-team or red-team testing.”
The intersection of cybersecurity and data science is a topic Weintraub has spoken publicly about in forums and in a lecture series through New York University (NYU). She is very involved in mentoring students both formally and informally. “I have had many mentors myself, and I do mentor a lot of others. It’s important to find a mentor with whom you connect because it is such a personal relationship,” she says.
Weintraub is on the board of advisors at the Executive Women’s Forum, which has a core mission to engage, develop and advance all women in the information security, IT risk management and privacy industries. She is also on the board of One In Tech, an ISACA Foundation with a mission to bridge the digital divide and create more opportunities for underrepresented communities to enter the technology and cybersecurity industry. “This is where we see the biggest opportunity for increasing the talent pool for filling the millions of open roles there are these days in cybersecurity,” she relates.
Filling the talent pool and diversity, equity and inclusion (DEI) go hand-in-hand, she believes. Focusing on providing opportunities for people of different genders, racial backgrounds, financial backgrounds, etc., leads to increased diversity among cybersecurity teams.
“Increasing the diversity in our teams is really helpful for creating mature cybersecurity organizations because it gives us people that have different perspectives,” she says. “I always say that cybersecurity professionals are just problem solvers. Being able to problem solve using different types of backgrounds is the best way, I think, to create a very mature and resilient organization.”