Jen Stone is a Principal Security Analyst for SecurityMetrics.
In her 4 years at SecurityMetrics, she has completed over 80 security assessments that include PCI, HIPAA, CIC CSC (SANS Top 20) and 23 NYCRR 500. She assisted in developing and expanding audit protocols used by other assessors in the department. Jen has extensive experience in technical product management and has been in the technical information sector for over 25 years.
Jen holds Qualified Security Analyst QSA (Qualified Security Assessor), CISSP (Certified Information Systems Security Professional), and CISA (Certified Information Systems Auditor) certifications. She received a Bachelor of Science degree from Brigham Young University and a Master of Computer Information Systems from the University of Phoenix. As one of SecurityMetrics' QA HITRUST assessors, Jen is a CCSFP certified CSF practitioner.
Jen started her career in IT operations and has worked with varied teams throughout the IT sector, including DevOps and Development. Because of her broad background, she thinks in terms of big picture systems, which allows her to see end-to-end security solutions and detect potentially exploitable vulnerabilities.
Known as a skilled negotiator and communicator, Jen is a go-to evangelist for the message of data security. She has presented at numerous security shows, including HIMSS, PCI North America Community Meeting, SaintCon, and ISC2. As a University Audit team member, Jen has spoken to the Treasury Institute of Higher Education numerous times about handling the unique security challenges in a University setting.
She has a penchant for tackling problems that others find too difficult, particularly, the communication “divide” between non-technical employees and their IT teams. With a firm belief that good process and successful communication are absolutely essential to a successful security and compliance program, Jen untangles the snarls of IT security in sectors including healthcare, education, retail.
Jen says of her passion for demystifying security, “When security professionals bring in an ‘I am smarter than you’ or ‘Only I can do this for you’ attitude, it’s not helpful because businesses will feel afraid and helpless. They will stop trying to improve their security stance. They nihilistically think everyone is going to get breached, and there’s nothing they can do about it. But that’s just not true.”
Jen serves as a “Women in Technology” Mentor for SecurityMetrics. She leads group meetings and provides one-on-one mentorships with women who want to pursue careers in security. Jen says this is an important mission, because, “only 14-18% of the IT security workforce are women. And we lose something when people with different perspectives are not involved in solving problems.”
For fun, Jen likes to build things, shoot things, and eat things.