Michelle Drolet is a highly skilled information security professional who enjoys the respect of customers, peers in the field, and analysts. She often contributes to prestigious online sites, including Forbes Technology Council, Wired.com, and IDG CSO Online, and is in high demand as a speaker and panelist.
Michelle is the CEO and founder of the woman-owned company Towerwall, Inc. The company’s cutting-edge information security technology solutions and services have assisted several businesses in protecting their data and maximizing their IT investment.
Below are highlights of the interview conducted between World’s Leaders and Michelle Drolet:
Describe who you are as a person, inside and outside of the workplace.
I’m a big believer in giving back. Since founding Towerwall, I’ve been actively involved with organizations such as The Women’s Business Alliance (a joint effort between The United Way and MetroWest Chamber of Commerce), Voices Against Violence, and Young Women and Minorities in Science and Technology. Most recently, I helped launch the Lauro HYPERLINK “https://lnkd.in/dBy_Nhp6” Garner Minority Cybersecurity Scholarship in association with Mercer University.
Describe your background and what did you do before you started/joined the company?
I’ve been interested in criminal justice from an early age and made it my college major at Northeastern. I joined an IT consulting firm that had started up a cybersecurity practice back in 1993. The firm was eventually acquired by a public entity, but shortly thereafter I grew impatient with its strategy and found a means to buy the company back. Fast forward: Since 1999, we’ve been offering customized cybersecurity preparedness for organizations like Middlesex Savings Bank, Dean College, and Milford Regional Medical Center.
What has made you successful? What do you value?
I really believe in the aphorism, “Find what you love and you’ll never work a day in your life.” We love what we do at Towerwall because we’re very good at it. We solve problems that threaten to cause financial and reputational harm. Almost every modern organization struggles with cybersecurity today. Our clients trust Towerwall to provide them with continuous monitoring and protection against current and evolving threats. We learned that no single piece of technology or system will keep an organization secure. There is no “one-size-fits-all” approach to client engagements. Our success derives from developing a mature methodology that is consistent, repeatable, measurable, yet flexible enough to adapt to an ever-evolving threat surface. We call this customizable approach the “7 Dimensions of Cybersecurity,” which all organizations, regardless of size, industry, or security maturity, should adopt to establish a multi-dimensional, multi-layered defense in depth.
Which are the major services of the company and how do they the company to get ahead in the competition? What value-added services does the company provide?
As I mentioned before, we developed an operational approach that clearly distinguishes our firm from other providers. Towerwall cybersecurity services include establishing a program and developing policies, conducting security audits and risk assessments, threat detection and response; guidance on abiding by compliance and regulations, internal and external penetration testing, vulnerability scanning, vendor questionnaires, employee security awareness training that includes phishing simulations, and other security services.
We see all our services as “value-added”. But to answer the question, given today’s post-pandemic labor market and tough competition for skilled talent, Towerwall launched an outsourced service called “virtual CISO”—a personal service that assumes the role and responsibilities associated with the Chief Information Security Officer (vCISO). We also offer a virtual Data Protection Officer (vDPO) and a virtual Chief Privacy Officer (vCPO). These roles are brought into client organizations on a fractional or interim basis. Not everyone needs a full-time C-level security officer; the cost savings alone are substantial.
What are the most important aspects of a company’s culture? What principles do you believe in and how do you build this culture?
Given the environment related to the persistence of cyberhackers, few would argue against the importance of establishing a healthy security culture. Every major corporation in America has been victimized by cyberattacks, including ransomware scams, data exfiltration, CEO fraud (a.k.a. BEC), PII theft, zero-day exploits, and more. But a lack of clarity about what a strong security culture means can easily lead to misunderstandings. The responsibility for developing a culture that is “security-minded” rests with everyone in the organization from the top down. Only culture holds the power to change company-wide behaviors. This is important because hacking humans is a lot simpler than hacking systems—hacking systems requires technical skills; hacking people just needs to exploit human frailties like gullibility, impulsivity, and biases. (This explains why phishing, vishing, and smishing are all so highly successful.)
A sound security culture depends on policies and procedures and engaging employees through security awareness training—help them to identify hacking activities like phishing; include gamification to make it entertaining and lasting; reward good cyber best practices like use of multi-factor authentication (MFA/2FA) and long unique passwords (managed by a commercial password manager); and finally, encourage employees to report suspicious activity. Through the ongoing practice of these exercises, organizations can be best positioned to strengthen their security culture and achieve tangible business resilience.
Give us your opinion on; do organizations rely heavily on individual heroics or team processes?
You can’t run a business on lone-cowboy heroics. We believe in teamwork. Teamwork may be the most important factor in information security. Secure companies are not built by one person or one piece of technology; they rely on building teams, building a solid partnership network (to support the technology software side) and nurturing a strong security culture. We all face challenges in our personal and business lives, but the ability to persevere is the difference between success and failure. Particularly in business, nothing is more important than solving your customer’s needs. Our entire team is focused on cybersecurity. We often compete and win against larger players because our team has a “run through the wall” attitude.
What are your responsibilities as the Founder/CEO of the company? What is the happiest part of your daily routine?
As the CEO, it sets the direction and tone for our company. It is making sure our team continues to grow so they are enriched both personally and professionally. I am very fortunate to have a highly talented and committed team who puts our customers’ needs first.
As I mentioned before, cybersecurity and protecting our clients is all we do – and I truly love what I do.
A lot of my personal time is spent on community outreach. I’m very proud of founding the annual Information Security Summit in partnership with Mass Bay Community College. The purpose of the summit is to create an open forum for knowledge sharing between cyber professionals, vendors, and students. Additionally, the Summit serves as a vehicle to raise funds to provide academic scholarships in the field of cybersecurity for MassBay students in their Cyber Program. To date, more than $55,000 has been raised for scholarships.
What advice would you give someone going into a leadership position for the first time?
Be true to yourself. Know your heart and then commit to it. Follow your bliss. Never stop learning. Go out and network as much as possible. Get involved in community affairs. Find kindness in intelligent people and hire them.Protect your reputation at all costs—you only have one of those.
