Debra Baker

Debra Baker has over 30 years of experience in information security, beginning her career in the United States Air Force. She then joined IBM as a DNS administrator for the IBM Southeast Geoplex, quickly becoming a team lead in just three months. Afterward, she pivoted to Entrust as a PKI engineer, installing and deploying PKI infrastructure while guiding customers in maximizing their X.509 digital certificates. During her tenure at Entrust, she shifted towards product compliance, specifically Common Criteria (ISO 15408). At Cisco, Debra worked as a Regulatory Compliance Manager responsible for managing product lines such as Nexus, ASR, ISR, ESA, and WSA while guiding developers in creating more secure products that comply with Common Criteria. She worked closely with a developer to create an automated test bed and GAP questionnaire to streamline the Common Criteria process. Later, she joined RedSeal as a Senior Technical Program Manager and eventually became the Director of Information Security (CISO), where she oversaw RedSeal’s Common Criteria and FIPS 140 evaluations and built their SOC2 program from scratch. Within six months, the program earned SOC Type 1 certification, and six months later, she successfully led the SOC 2 Type 2 audit while developing their security program.

• Develop and manage the entire corporation’s Compliance, Information Security, Risk Management, Governance, and policy programs.
• Build SOC2 Compliance Program that successfully achieved SOC2 for RedSeal’s Stratus, a Cloud Security Posture Management (CSPM) Software-as-a-Service (SaaS) cloud compliance product that runs in AWS.
• Drive technology and security control deployment efforts in hybrid and multi-cloud (AWS, Azure, GCP) environments including Zero-Trust.
• Analyze information security threats, vulnerabilities, and current trends. Assess the impact on the organization’s risk posture.
• Cross-functional coordination with IT, executive, and board-level leadership; advise and drive an appropriate level of security across RedSeal.
• Facilitate, track, and implement cyber awareness training for the entire organization.
• Develop, implement, and track a strategic, comprehensive enterprise-wide Information Security and Information Technology (IT) Risk Management program to ensure Personally Identifiable Information (PII) and critical asset data are owned, controlled, and managed.
• Conduct Risk Assessment of RedSeal against NIST Cybersecurity Framework (CSF) driving senior management and board-level awareness to gain budgetary support to develop the program.
• Develop and maintain risk registers for information security.
• Drive risk treatment efforts and board-level understanding of risk posture for the business.
• Author and maintain information security policies, standards, and guidelines.
• Develop, implement, and maintain Third Party Vendor Risk Management Program.