Skip navigation
Industry News

Hello, I am CISO Helen. Nice To Meet You :-)

Hello, I am Helen Patton, and I am the newest Advisory CISO at Duo. It may just be coincidence that 2021 is the year in which the original Australian “Mad Max” movie took place. In a post-apocalyptic dystopia, Max fights the breakdown of civilization, resource shortages and institutions to exact revenge against his personal enemies. This has nothing to do with why I’m choosing to come to Duo right now. Really. 

On the contrary, when I say I’m thrilled to be joining the team, I really am. While I was a CISO at Ohio State we partnered with Duo to implement MFA across our organization. Research universities are weird, less like a company and more like a city. There is every type of technology under one institutional umbrella. Some of our customers (aka students) will try very hard to circumvent security controls. You want to manage insider threat? Talk to a Higher Education CISO (note to security product engineers – if you ever want a testbed for your ideas, partner with a university).   

From Education CISO to Duo CISO

Having Duo helped raise the security consciousness of the entire university and medical center. Duo and I go back to Duo’s earliest roots. I am told I am the inspiration for the “CISO Helen” persona. My team forged tight partnerships with our Duo colleagues, which will continue long after I’ve left. I’m looking forward to being part of the Duo team because Duo builds these kinds of relationships all over the globe. I’ve seen what good it can do, and I’m in.

Fair warning, I have some pet peeves about security in general, and as much as I can I will try to convince Wendy and her amazing team to agree with me, and I will be considering these as I advise Duo and our customers:

  • Pet Peeve #1: The finance industry is not the standard for all industries - every other vertical is different. It does no good for healthcare, or retail, or higher education, or a tech start-up, to try to do what finance does – it’s a different model with different risks and different needs. Wall Street banking is not the gold standard for Security – it’s the gold standard for security of Wall Street banking. So, security vendors, stop trying to sell your products by convincing CISOs they’d be as good as a big bank. We don’t care. 
  • Pet Peeve #2: People make rational risk decisions. Yes, they do. I’m inclined to bash my non-security partners for making really bad risk decisions, but the reality is that they make the most logical decisions based on the information they have and the things that motivate them. Just because I don’t understand them doesn’t mean they are not completely valid. Like wearing socks and Crocs. 
  • Pet Peeve #3: I want security products that enable good security actions without making people think too hard first. I want security teams to be spending time on high value things, not cleaning up after a security denier.  
  • Pet Peeve #4: CISOs don’t lack security imagination, but leadership often does. CISOs are forced to get creative on the daily. They have a weird sense of humor, (slightly maniacal) and must find ways through, around and over institutional norms just to get stuff done. Tinfoil hats are part of the uniform. It is no coincidence that security folks share a common love of #dadjokes. Other company leaders rarely share the same sense of humor, or sense of how to incorporate security into delivering the mission. CISOs need help in getting the rest of leadership to see the world like we do. 

There comes a point in every CISO’s tenure when they sit back and think “what’s next?”  Duo is my next place. I’ve learned a lot, and I want a place where I can share all that learning.  Let’s get started.


Try Duo For Free

With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.