{"id":6600,"date":"2026-01-19T07:30:00","date_gmt":"2026-01-19T07:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6600"},"modified":"2026-01-19T07:30:00","modified_gmt":"2026-01-19T07:30:00","slug":"from-arts-degree-to-cybersecurity-rona-michele-spiegel-brings-fresh-perspective-to-cyber-leadership","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6600","title":{"rendered":"From arts degree to cybersecurity: Rona Michele Spiegel brings fresh perspective to cyber leadership"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

<\/a><\/p>\n

Rona Michele Spiegel\u2019s <\/a>journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was going regarding electronic \u201cstuff.\u201d<\/p>\n

\u201cI was doing musical work. I was doing all sorts of what we would call multidisciplinary art. And I played around a lot with the evolution of systems and digital technology and how people would interact with them. And I built that into some of my art pieces. I always loved painting and the traditional arts. But very quickly, I got involved in how it interacts with systems and tools and how technology is going to impact humankind,\u201d Spiegel tells CSO.<\/p>\n

She was in a band and then started doing electronic music. She was also interested in the film industry and found her way into it with sound design. It was a time of many opportunities, Spiegel says.<\/p>\n

\u201cIt\u2019s really about digital transformation and that is the thread for me, and it\u2019s always been. Digital transformation and human computer interface concepts \u2014 how do people interact with systems and how do they influence one another?\u201d she says.<\/p>\n

And it was the digital transformation mindset that landed Spiegel at Deloitte Consulting where she helped create the first user experience practice. There she gained a lot of experience in product management and learned how to communicate with others about dependencies and risks.<\/p>\n

At Cisco she started working in technology governance, but she had the opportunity to experience another change: from hardware to software, when enterprises start consuming products on a subscription model based in the cloud.<\/p>\n

It was only after 10 years at Cisco that her mentor asked about her intentions of getting a master\u2019s degree. The timing was right, as her son, whom she had raised for most of the time as a single mum, was going to college. So, Spiegel set about getting her master\u2019s degree in cybersecurity.<\/p>\n

Her next role was with Wells Fargo where she had \u201ca whole other vision and really got to get deep into cloud controls. And I realized, \u2018Yeah, I want to work in this space,\u2019\u201d she says. That role was impacted by a restructuring, after which Spiegel decided to work independently helping startups and small businesses with compliance.<\/p>\n

Spiegel is now senior manager, security and trust, mergers and acquisitions at Autodesk and she spoke to CSO about all things cybersecurity.<\/p>\n

What are the main cybersecurity concerns when it comes to mergers and acquisitions?<\/strong><\/p>\n

Spiegel:<\/strong> First of all, is understanding the difference between a mature company and a small company. In a small company you need to consider whether it is feasible for them to prioritize cybersecurity. If they don\u2019t have a product and they don\u2019t have customers, then there\u2019s nothing to protect. And if they have very limited resources then it\u2019s hard for them to justify. The whole thing about risk management is quantifying what the potential risk is, what you could lose.<\/p>\n

So, it\u2019s hard to justify putting tremendous amount of funding into purchasing a tool or hiring an experienced CISO to come in and do this kind of work when you know you barely have budget to have a product and you don\u2019t really have much revenue yet.<\/p>\n

When I\u2019m doing merger work now I consider how absorbing that business is going to impact your risk. It\u2019s going to impact your security posture, so you have to figure out how to understand its posture and then put together a strategy that allows the acquiring company to benefit from the acquisition without putting itself at risk by inheriting the vulnerabilities as well.<\/p>\n

What are some of the key challenges you\u2019re facing today when it comes to AI?<\/strong><\/p>\n

Spiegel:<\/strong> With AI the big questions are how to use AI, how to secure AI, and how to fend off AI all at once. And then look at that across different product lines and against different components. You also have to consider third parties and the ecosystem, and all of that magnifies with the acquisition and integration of other companies, large and small and scale does matter, actually.<\/p>\n

You\u2019re just adding so much complexity so fast. We\u2019re adding complexity into the supply chain and the ecosystem so quickly. This transformation reminds me similarly of when we all moved to the cloud. Everyone is doing it at once but for what reason? And will it make us safer or more vulnerable?<\/p>\n

What are your views on hiring and skills gap?<\/strong><\/p>\n

Spiegel:<\/strong> There\u2019s this fallacy that we don\u2019t have enough people. There are a lot of people. I\u2019m grateful that I have a job in this space, but the expectations are very high that we\u2019re going to have all this experience in all of these different areas. We have a lot of practitioners out there and some of them are out of work.<\/p>\n

There are fewer entry-level positions offered and this is going to be a problem because the tools are good but you really need somebody who understands what they\u2019re reading, and that means a wide range of experience, problem-solving, critical-thinking capabilities, to be able to aggregate all of this massive amount of data following prescriptive processes. Entry level positions help build this capacity and that is what we are missing.<\/p>\n

There\u2019s a fear, I think, in hiring people that don\u2019t have all the experience everywhere. I\u2019m working with this nonprofit group called Project Cyber and we are helping women get into the workforce and the technical spaces. One of the main considerations is, \u2018What are the skills?\u2019 And it\u2019s like speaking Greek or Latin; it\u2019s a different set of skills, and cybersecurity is a challenge because it\u2019s so huge.<\/p>\n

And it\u2019s no different for CISOs: The expectation for cybersecurity leadership is to be able to rotate in different areas. It\u2019s a very different mindset because it includes talking to the boards. You need to be able to present a business case for funding, you have to be a storyteller, you need to be able to understand data, and you need to be able to read the data and discern the data. And there is intelligence, and penetration testing, ethical hacking, there\u2019s risk management. A lot is expected from cybersecurity professionals of all levels.<\/p>\n

How do you keep your team inspired?<\/strong><\/p>\n

Spiegel:<\/strong> I think it\u2019s important to give people a voice, to make sure they are enjoying what they\u2019re doing, making sure they\u2019re learning, they feel respected, they feel connected. Not forcing people to be in the office but treating people like adults; they can make those choices themselves, because everybody\u2019s different.<\/p>\n

Being aware of the signs of burnout, making sure people take time off. Really listening and respecting, I think is the most important thing. I don\u2019t believe in old school\u00a0top-down management because I don\u2019t feel like I\u2019m smarter than other people. I do think that with experience I can see things coming and I can see patterns that I feel like that\u2019s a little bit of a superpower for me, that someone half my age isn\u2019t really going to be able to see yet because they haven\u2019t lived through those cycles. Collaborating across a multigenerational workforce is going to motivate everyone and produce better outcomes.<\/p>\n

Where do you see the cybersecurity leader role going in the next few years?<\/strong><\/p>\n

Spiegel:<\/strong> Many people across the CISO community have been talking about the notion of the cybersecurity profession versus that of a trade. When we look at that, the whole cybersecurity profession and CISO leadership development, it\u2019s an interesting conversation. I find it to be a combination of both, or I should say some really believe it\u2019s a profession, and it\u2019s problematic for it to be considered solely as a trade, although there are some aspects of the skillset that support that argument.<\/p>\n

But I do think that the trend of thinking right now is that the trade is the hands-on entry level, starting out in the field, and the sort of technical hands-on aspect of it. And the profession is really about that elevation and standardization, and helping one another grow and evolve, and the greater good, and in the interconnectedness with other technology and risk management types of professions. I think the jury\u2019s still out collectively about whether you know we\u2019re a profession or a trade. But the more I talk with my peers, the more we\u2019re all landing on it is a combination of both.<\/p>\n

Then there is the exposure concern. The trend is for CISOs or cybersecurity leaders to not be anywhere for very long. I think that\u2019s a mistake. I think it is rising outside of being embedded in the secondary leadership team. And I think it\u2019s becoming a top-level leadership.<\/p>\n

There\u2019s a merging that\u2019s happening between governance, risk, compliance, and all the software-driven vulnerabilities and data-driven vulnerabilities and technology-driven vulnerabilities I think when we see cybersecurity in the engineering space, we start to see that notion of trust and that transparency of trust, which then starts to merge with physical security, sometimes even privacy, resiliency. So, I\u2019m seeing chief trust officers now<\/a>.<\/p>\n

What are you most and least proud of in your career?<\/strong><\/p>\n

Spiegel:<\/strong> What I was most proud of in my career really was the ability to build this career while I was a single mother, commuting back and forth between school and work, and I don\u2019t even know how I was able to do this. I don\u2019t recommend it for everyone but going back to school at the same time and getting my graduate degree.<\/p>\n

I will say that the UC Berkeley School of Information\u2019s Master of Information and Cybersecurity (MICS) program is tremendous. And the network, that\u2019s probably really in part how I was even able to do all of this, by having the right mentors and having the right people around me and support. And just the program is amazing.<\/p>\n

Also, it enabled me to get these certifications, and to just go all in and prepare myself for this pivot and really pivoting to cybersecurity ultimately has been really that end result. That, and bringing up this wonderful boy.<\/p>\n

I was really blown away when I got my CISSP certification. That was really hard for me, studying that hard and sitting and taking a test like that and then feeling like I could put that at the end of my name. That felt really, really good.<\/p>\n

Right now I\u2019m also really enjoying mentoring people, these college students who are studying behavioral psychology and cyber, and data science, and are really recognizing how amazing that is.<\/p>\n

I feel like it takes a lot of emotional maturity to handle the personal relationship aspects of working in any profession. For me, working in technology and working in cybersecurity, and just developing leadership qualities, I feel it requires a self-awareness, and I feel like it took me a long time. \u2026 What I\u2019m least proud of is perhaps some of the emotional responses I had.<\/p>\n

We talk about burnout<\/a>. But back in the early days we didn\u2019t talk about burnout. I think it\u2019s important to talk about that, and to make sure that you don\u2019t do more harm than good when you\u2019re moving and pushing yourself as hard as you can. And sometimes that means really figuring out ways to depersonalize in terms of how you respond to difficult situations, but also to remember that the people aspect and the relationships are more important than anything else in the long term and really helps everybody succeed.<\/p>\n

I feel that earlier in my career I lagged in that emotional intelligence, and it took me a long time to build that. And any bridges burned along the way, I think, is something that you really pay for later. And I feel like I\u2019ve grown in leaps and bounds in that area, and that really contributes to my ability to lead.<\/p>\n

Do you have any book recommendations for fellow cyber leaders you\u2019d like to share?<\/strong><\/p>\n

Spiegel:<\/strong> The Seventh Sense<\/em> by Joshua Cooper Ramo is about just being prepared for the future, which I think is very, very important. And it\u2019s historic, and it\u2019s sort of anthropological, and I read it a couple of times, and I\u2019ve quoted from it as well. I love that book.<\/p>\n

The conversations around AI, the one that really hit me that I\u2019ve been recommending to people also is The Coming Wave<\/em> by Mustafa Suleyman. About the kind of convergence of all the huge leaps and bounds that we\u2019re making in technology.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Rona Michele Spiegel\u2019s journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was […]<\/p>\n","protected":false},"author":0,"featured_media":6601,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6600","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6600"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6600"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6600\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6601"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}