Mary Ann Davidson
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle Software Security Assurance. She represents Oracle on the Board of Directors of the Information Technology Information Sharing and Analysis Center
(IT-ISAC), has been named one of Information Security's top five "Women of Vision," is a Federal 100 award recipient from Federal Computer Week, and has been named to the ISSA Hall of Fame. She has served on the Defense Science Board
and as a member of the Center for Strategic and International Studies Commission on Cybersecurity for the 44th Presidency. She has testified on cybersecurity to the U.S. House of Representatives (Energy and Commerce Committee; Armed
Services Committee; and Homeland Security Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology) and the U.S. Senate Committee on Commerce, Science and Technology.
Ms. Davidson has a BSME from the University of Virginia and an MBA from the Wharton School of the University of Pennsylvania. She has served as a commissioned officer in the U.S. Navy Civil Engineer Corps.
Many ISSA members work in regulated industries; the rest of us soon may, as incipient cyber security legislation emerges in multiple countries. While regulatory compliance is not optional – and often crowds out “real security” – we nonetheless
have no choice but to meet them. The degree to which we can leverage other’s experiences and knowledge in these areas helps us be smarter, faster. Furthermore, we must – without necessarily becoming a “lobby group” - weigh in on public
policy issues that affect us as security practitioners, particularly as most regulators do not understand the practical limits of security and often have no idea of the cost of mandated measures vs. tangible benefits from those measures.
We must also strengthen our “pipeline” of new recruits by targeting universities. The next generation of practitioners may have as much to teach us as we have to teach them and will help us create the “ISSA community of tomorrow.” We must
use our interaction with universities to help improve security education in multiple disciplines such as computer science, software engineering and related disciplines (e.g., control systems engineering and for that matter, business
school curricula). If we do not change our collective mindset – which means educational change - there are not enough IT security professionals in the world to secure critical IT-based infrastructure that was never designed as infrastructure.
Click on the link to return to the Election Info page.