6 Questions | Product Security Analyst at Stanley Black & Decker

Welcome back to our “6 questions” series where we ask someone 6 career-centric questions about themselves.

This week we’re chatting with Alison Hiatt, Product Security Analyst at Stanley Black & Decker.

What is your job title & what does a day in your role look like?
I am currently working as a Digital Product Security Analyst at Stanley Black & Decker. A typical day includes discussing vendor onboarding and due diligence work, as well as working with our coordinated disclosure program.

What was your career path to getting your current job?
I started off at Smartsheet, a cloud-based collaborative work management software, as a customer service representative directly after finishing my Bachelor’s degree at Boston College. My work in tech really had nothing to do with what I studied (Spanish & Arabic!), but I was able to leverage my “soft skills” into a role at the fast-paced start up. About a year and a half after this, I became a Product Trainer at Smartsheet, and, a year later, I transitioned to a role as an Information Security & Compliance Specialist on the Compliance team. I was, at that time, working through the Master’s in Cybersecurity Policy and Governance at Boston College, and was able to leverage that experience and become a part of the Compliance team.

While finishing my Master’s, I decided to ask my professor if she’d like a teaching assistant for her summer courses (I mean, there isn’t much else to do during these Coronavirus days!), and she accepted. After the courses ended (and I graduated!), that very same professor asked me if I’d be interested in a role at her company. A few weeks later, I started on her team as a Digital PRoduct Security Analyst at Stanley Black & Decker.

Most challenging part of your role? Most rewarding?

If you’d asked me 5 years ago whether I’d be working in Cybersecurity, I probably would have laughed at you (in Spanish or Arabic!). I’ve never been one to be overly technically-inclined, so learning those concepts and getting more comfortable with the technical parts of the role has been the biggest challenge for me so far. However, I’ve been able to realize that it’s all manageable if you have people who are willing to help you, which is why I’m so grateful for the professors at Boston College and my current professor-turned-boss!

The most rewarding experience I’ve had so far is definitely yet to come, since I only started at SBD a few weeks ago. However, I am thrilled to be working on the coordinated disclosure program (which is a program that allows hackers to “hack” products within specific, agreed-upon parameters and following rules that we set out). I also always feel encouraged to know that my work is, hopefully, making the real world a safer place. We always talk about the true risks in the cybersecurity world being loss of life and the highest priority being human life and safety; it’s so awesome to think that, in whatever small way we are, we are making a difference and keeping people safe.

Favorite campaign or recent project that has been exciting to work on?

I sort of mentioned this above, but I am really excited about running our coordinated disclosure program. A coordinated disclosure program is similar to a bug bounty program, in that you set out a program whereby hackers are allowed to hack your products if they follow your rules and also tell you about the problems, bugs, or vulnerabilities they may find. It’s so interesting and helps me learn more about the technical aspects of our products.

What’s something someone might not know about your role?

I usually have to tell people “no, it’s not like in the hacker movies…” For the most part, we are making sure that products are encrypting their data and that vulnerabilities are being patched when they’re being found so that those movie scenarios never present themselves.

If someone is interested in working at your company, what steps should they take? Or general advice for someone interested in a career like yours?

If you’d like to work at Stanley Black & Decker, you can do so in pretty much any sector you can think of. With such a giant company covering so many different things, pretty much anyone could find a job here. Whether you’re a mechanic, a lawyer, or an IT professional, there is probably a spot for you at SBD. If you end up interested in a role at SBD, please feel free to message me on LinkedIn!

However, if you’re interested in Product Security, I would recommend learning as much as you can and making connections in the industry; one way in which you can do that is by attending courses, certificate programs, or undergraduate or graduate degree programs and getting to know your classmates and professors. Don’t think of it as “networking”–a lot of times that ends up with stiff, transactional relationships. I recommend trying to make real connections with people and make friends (or at least good working relationships!) with people in your programs; the best way is to not go into it thinking that you want something out of the relationship. Talk to your professors! Talk to your classmates! So many of my classmates and teachers in my Master’s program were established in the field and we frequently talk to each other for open roles.

Please feel free to message me on LinkedIn if you think there’s a role that you’re interested in!