Deborah Golden is a Deloitte risk and financial advisory principal in Cyber Risk Services at Deloitte & Touche LLP, where she has worked for more than 22 years. Her specializations include both the commercial sector (life sciences, health care and financial services industries) and the public sector (federal health, civilian and defense, security and justice industries).
Golden’s predominant focus these days is leading cyber risk services for Deloitte’s Government and Public Services clients, as well as being the co-leader for Deloitte’s GPS wellbeing.
Why Watch: A self-described “techie,” Golden enjoys bridging the gap between business and technology.
“I could code with the best if I wanted to dust off that skill, but it’s my ability to bring technology and innovation with business and the ability to execute on a problem — while at the same time considering risk and its impact on multiple stakeholders that makes it exciting for me,” she said.
In an age in which there are more cybersecurity considerations than ever, organizations can expect to get hacked even when they exercise leading practices, Golden said. One of the keys to cybersecurity is having a plan for recovery when breaches happen so an organization may minimize the impact of the breach and showcase resiliency when faced with such a crisis situation, she said.
“There are many factors that play into detection and recovery — sometimes that information is reliant on operations, processes, technology and people — or all of the above, but candidly, it’s understanding the most business critical, mission critical, important factors that need to be up and running post a breach so that your organization can sustain and ultimately maintain operations,” she said. “I think some people define ‘up time’ as it has to be 100 percent operational post a breach. However, that’s certainly not a likely scenario or if it is — it could take a lengthy time to get there as opposed to phasing activities (based on risk and criticality) back into operation.”
One of Golden’s strengths, she said, is helping clients understand their business imperatives in conjunction with their supporting technology platforms in a risk-based approach to help monitor and manage those functions or operations “in much more digestible chunks.”
Related to that work are efforts around leveraging artificial intelligence and pattern-based behavioral analytics to help narrow down when incidents are likely to happen so organizations are already poised for detection and subsequent recovery efforts.
“Where I’ve been most helpful is when we’ve been able to help our clients make sense of the myriad of potential attacks on their environment — taking a strategic, long-term view while achieving short-term successes — to strategize a means to create an approach towards prioritizing and ultimately mitigating their risk of exposure to internal or external threats,” she said.
With the proliferation of cyber threats, Golden sees both risk and opportunity from open-source data as the cyber landscape continues to expand outside of an organization’s own walls.
“One of the things where we’ve been able to evolve in terms or our thinking around cyber is to leverage approaches like behavioral predictive analytics,” she said. “In order to support those activities, our threat analysis leverage many different vantage points — including open source data and intelligent tools to provide valuable historical and reputational data which helps our team establish much larger fact patterns used in their analysis efforts.”
Golden and others are Deloitte are heavily engaged in public policy and keeping a view on the horizon to upcoming policy changes, she said. That goes, too, for startups and venture capital businesses that may have an impact on the innovation landscape, including potential impact on their clients and customers.
Golden is also heavily involved in STEM education outreach and promotion through her role at Deloitte and finds a personal and professional passion in the advancement of women in the fields of technology and cybersecurity. Those efforts include campus recruitment, input on course curricula, and sponsoring women in business through various university programs.