“Oftentimes, it feels as though companies are quick to buy the newest “whizz-bang” tool or software that is presented as an all-in-one solution that can fix all of their problems without ensuring that the basic security checkboxes are filled.”

Twitter: @0xNBE1 • Website: www.linkedin.com/in/kyliemartonik

Kylie Martonik is a managing security consultant. Specializing in pentesting, she has seen an array of diverse environments ranging from small credit unions to large healthcare providers. Kylie has assisted security and IT teams in long-term project efforts, short-term operations, and building the road map to bring them closer to the ideal security program. Outside of work, she can be found flying her drone, playing video and board games, or actively hunting for the next action figure to add to her collection.

If there is one myth that you could debunk in cybersecurity, what would it be?

The myth I would debunk is that it’s all technical work. I believe people tend to directly correlate “cybersecurity” with technical tasks or skills, such as hacking, malware reverse engineering, incident response, and so on. However, there are many other areas within cybersecurity where in-depth technical skill is not required, such as policy, compliance, and privacy.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity ...