Channel Women In Security: Understanding Risk In Digital Security

In the first episode of Channel Women in Security, Cass Cooper speaks with Rosanna Filingeri, Vice President of Sales at CyberSafe Solutions.

The two talk about the evolving landscape of cybersecurity, discussing the challenges faced in securing digital environments, the importance of understanding unique client risks, and the role of regulations in shaping security practices.

Filingeri emphasizes the need for cohesive security programs, risk acceptance, and the significance of building strong partnerships based on trust and education.

(transcript below)

What are the biggest challenges you’ve faced in your career securing digital environments?

That’s a great question. I’ve been in the cybersecurity space for almost seven years, and I’ve seen a lot. The world has changed, the marketplace has evolved, and client needs have shifted. But one consistent challenge is the over-reliance on security products. Many products are marketed as game-changers, but even the best solutions require a skilled security practitioner behind them. We need to understand where they fall short and build security programs that account for those gaps.

A major challenge is ensuring there’s a cohesive security program in place, one that can detect and respond in real-time. It’s not just about using a product but about creating visibility into the various risks a client may face. We’ve focused on educating our clients on how to maintain a comprehensive security posture that accounts for the specific risks they face.

What trends in cybersecurity are you excited about? You mentioned education is crucial for your clients. What trends in education are you focusing on to keep them informed?

It’s all about holistic visibility. When we discuss security best practices, the conversation often returns to regulation—whether it’s insurance requirements, regulatory bodies, or industry-specific standards like HIPAA or FINRA. These regulations share a common focus: ensuring that organizations can detect, respond to, and recover from security incidents before any major damage is done.

Our goal is to help clients understand that every business is unique. Even two companies in the same industry might face different risks, so their security needs will differ. By educating clients on their unique risk profile, we can better tailor their security programs and make the most of their investments.

Tell me more about the term “risk acceptance.” For someone new to the space, how would you explain it to a client?

The fundamental principle of risk acceptance is about balancing security and functionality. There’s a saying: 100% security means no functionality. It means if you lock everything down too tightly, it becomes hard to get work done. So, we find a balance between those extremes.

Sometimes clients need to use older products or platforms that might introduce certain risks. They might not like it, and we might not like it, but it’s necessary for their business. In these cases, they accept the risk but plan for how to control potential damage. Risk acceptance involves determining what level of risk the company can live with and then building detection capabilities and safeguards around it. It’s a crucial part of any security conversation.

It sounds like being an MSSP is a bit like playing matchmaker—finding the right products and solutions that fit a client’s unique risk profile. Would you say that’s accurate?

Absolutely! It is very much like matchmaking. It’s about understanding each client’s needs and comfort level with risk, and then finding the right solutions for them. Sometimes that means recommending a product, and other times it’s about suggesting a different approach. Every client has different needs, and part of our job is to ensure that what we offer aligns with those needs.

You mentioned partnerships. What are the key factors to building strong partnerships in cybersecurity right now?

It comes down to relationships and trust. Security is a sensitive topic—no one wants to have those conversations when they’re feeling vulnerable or scared. While it’s true that security breaches aren’t a matter of “if” but “when,” we focus more on how prepared our clients are for that moment.

A key part of building those partnerships is being honest and transparent with clients. For example, if a client wants a pen test (simulated hacking), but we see gaps in their current setup, we’ll advise them to close those gaps first. This ensures that when the test happens, it’s a true reflection of their security posture. Building a security program is a journey, and it’s our role to guide clients through it.

How have your various roles in customer success and account management shaped your leadership approach in cybersecurity?

It’s always about going back to the basics. My experience in different business units has helped me understand what clients see as success and how to manage that mutual accountability. We aim to meet clients’ needs proactively rather than reactively, which means helping them understand what’s possible within their constraints, whether that’s budget or other priorities.

Being in customer success roles has taught me that clients value a true partner—not just a vendor. They want someone who understands their challenges and helps them find better solutions. And often, those solutions don’t necessarily require more spending but smarter approaches that can make a real difference.

You also mentioned that not every solution requires a financial investment. Can you elaborate on that?

Absolutely. Sometimes, it’s about using the resources a client already has in smarter ways. For instance, making procedural changes or fine-tuning existing tools can have a huge impact without costing additional money. We remind clients that they can make meaningful improvements without breaking the bank.

Leave a Reply

Your email address will not be published. Required fields are marked *