Security Maturity: From Hostage Negotiator to Business Leader – Sandy Dunn – BSW #244

Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a “hostage negotiator”, constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying “knowledge management” to make it easy to understand security and becoming a “business listener” to make the right decisions. Visit for all the latest episodes!

Full Episode Show Notes

Security Maturity: From Hostage Negotiator to Business Leader


Sandy Dunn

Sandy Dunn – CISO at Health Payer Idaho


Sandy Dunn, CISO Blue Cross of Idaho has 20 years in Cybersecurity. Initially starting out in software and hardware sales she worked with NASA, JPL, Secret Service, IRS, and other Federal Agencies. Her roles in Cybersecurity have included Competitive Intelligence, Security Engineer, Information Security Officer, Senior Security Strategist, and IT Security Architect. She prioritizes a risk based, business focused, cyber security strategic approach through process, standards, and threat intelligence. She has a Masters from SANS in Information Security Management. And her certifications include a CISSP, SANS GSEC, GWAPT, GCPM, GCCC, GCIH, GLEG, GSNA, GSLC, GCPM, Security +, ISTQB, and FAIR. She is an Adjunct Professor at BSU in their Cybersecurity program, a frequent speaker on cyber security and helped organize the first BSidesBoise events in Boise, Idaho. She has two children, a wonderful husband, too many horses and lives outside of Boise Idaho.


Ben Carr

Ben Carr – CISO at Qualys

Ben Carr is the Chief Information Security Officer at Qualys. He is an information security and risk executive with more than 25 years of experience in developing and executing long-term security strategies. Ben has demonstrated global leadership and experience, through executive leadership roles of advanced technology, high risk, and rapid-growth initiatives, at companies such as Aristocrat, Tenable, Visa and Nokia. While at Aristocrat, Ben built a world-class global cybersecurity program from the ground up as part of a digital transformation. As a senior cybersecurity executive at Visa, Ben was responsible for developing and leading Visa’s Global Attack Surface Management Team and capability. Prior to Visa, he led all security programs for Nokia corporate IT as the Global Head of IT Security. Ben holds a certificate in Risk & Information Systems Control (CRISC), is a Certified Data Privacy Solutions Engineer (CDPSE).

Jason Albuquerque

Jason Albuquerque – Chief Operating Officer at Envision Technologies


Jason Albuquerque is the COO of Envision Technologies.

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance


Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.


  • Don’t miss any of your favorite Security Weekly content! Visit to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • We had an absolute blast putting together this year’s SW Unlocked virtual event! All presentations are now available on-demand for your viewing pleasure. Please visit to register and watch now!