Sarah Orrico gets excited about cybersecurity. “Security needs change all the time, and you always need to think ahead,” she says. “I love the challenge.”
Last spring, near the end of her junior year at Colorado State University, Sarah went to a job fair looking for a summer position where she could put her computer science major to use in the real world. She met Chris Martinez, Senior Director Information Security at DigitalGlobe. He explained what our company is about, and why cybersecurity is particularly essential because of our business and our customers.
If she was interested in an internship, he said, she’d have the chance to experience how things get done in a complex business, and make a real impact on the ever-evolving programs and tools DigitalGlobe deploys to build a strong defense against cyber threats.
She jumped at the chance. “This was a great opportunity to really contribute, nothing like I’d seen in other internships,” Sarah says. Chris was true to his word, starting her on day one with a PowerPoint slide of challenges that needed solutions. He asked her to research his wish list, select the one she wanted to tackle, and go for it. “He put the ball in my court and I really appreciated that.”
Sarah decided to focus on threat modeling. “What has been overlooked in our cybersecurity efforts are the nearly 1,000 developers in our workforce,” Chris says. “We need people on the cybersecurity team like Sarah who ‘speak development’.” He made a point of having Sarah join a couple of sprints with the Cloud team and also work with the GBDX platform team—to get to know developers in teams across the company and better understand security gaps in how they work.
“Chris asked me to look at vulnerabilities in our apps, focusing on ways we could better protect our sensitive data,” Sarah says. “Developers usually just want to deploy and worry about risks later, but it’s better to build in security checks at the beginning and make sure there are protections throughout all steps, from software design to sending it out to customers. Her big to-do was to find a tool that would offer protection throughout the software lifecycle, one that development teams could get behind.
Chris has a well thought out approach to mentoring interns—real responsibilities and the space to figure out how to get things done. A key part of that is to let them experience the complexity of working in a big company; as in, the process required to get something moving forward, figuring who has to approve what and the perseverance required to see it through. His goal is to end up with evangelists for the company who inspire other talented students to check out DigitalGlobe.
One of Sarah’s first accomplishments was setting up a secure https proxy for one of the Cloud team’s apps to safely encrypt data. For her threat modeling project, she researched available tools to identify one that would be a good fit for the needs of the business. She reached out to vendors, found one that seemed the best—faster, a “living dynamic tool.” She then began the protocol to implement it for a test: working with procurement and legal to get a proof of concept license, introducing it to team members so they could try it out for two weeks and provide feedback.
That testing is currently underway, and so far, it’s looking like a keeper. “Sarah has done an awesome job,” Chris says. “She really got into the weeds and found a solution that could work, one that will have a broad impact on our business.”