Align Information Security

AI is omnipresent today. You may have seen stories on social media about AI models deleting entire code bases, or how malicious actors could exploit AI models in an environment to their advantage. Maybe your company began to use an enterprise LLM, and there are data leakage concerns. In a survey of 200 U.S. IT directors, Komprise found that 79% of IT leaders reported having a negative outcome from employee use of generative AI. Being involved in cybersecurity means constantly worrying about how technologies may be taken advantage of, and AI and their pipelines are no exception.

Data Security Posture Management is a tool that helps organizations gain visibility into their data estate, which is the underlying infrastructure that houses all corporate data. The scale at which organizations are producing data is on the rise, with an estimated 402 million terabytes of data being created every day in 2024 (Statista [1] [2]). To keep pace with this massive scale of data, DSPM solutions discover, classify, and categorize all data no matter where it sits.

Rachel Manca has built her career on curiosity and a drive to understand how technology shapes our lives. Early on, she became fascinated with data privacy and the question of how personal information moves, gets used, and can be protected. That interest led her to internships at TJX and Boston Scientific, where she gained hands-on exposure to security challenges in large organizations. After completing a two-year IT rotational program at Boston Scientific, she found her calling in cybersecurity.Now, six years later, Rachel serves as a Senior Cybersecurity Analyst, “My work focuses on cybersecurity defense, encompassing incident response and areas like threat intelligence,” she explains. She monitors Boston Scientific’s digital footprint, investigates alerts, and consolidates metrics across the security program. One project she is particularly proud of is developing an interactive dashboard of KPIs used by leadership. “It’s been really fun to see how that’s grown and used across a lot of different presentations and value demonstrations,” she says.Focus on Emerging Threats and InnovationRachel thrives on staying ahead of evolving threats. “I like keeping track of emerging threats and news. It’s interesting to wake up every morning and see what’s happening.” She notes two areas that stand out as priorities: supply chain security and artificial intelligence. She emphasizes the importance of maintaining clear visibility into which vendors are in use and how they connect to the business, ensuring the team can respond quickly and identify what information may be at risk if a security issue arises.AI represents both an opportunity and a challenge. “AI has many beneficial purposes and it’s being used in many good ways, but there is of course the dark side of it,” she cautions. “There are a lot of novel techniques that are emerging from threat actors using AI in malicious ways.” One key way to protect against these threats, Rachel believes: “Ensuring our user base understands AI literacy and analyzes what’s coming out of AI to ensure it is accurate before taken as full fact.”Challenges and Team CultureThe fast pace of cybersecurity brings constant pressure to innovate. Rachel notes that it can be easy for teams to fall into routine processes when responding to alerts, but she stresses the importance of continuously questioning whether current methods are the most effective. For her, the challenge is finding smarter ways to respond, and leveraging new tools to ensure the team keeps pace with the speed of evolving threats.She credits the ability to do so with a collaborative culture. “We have a great team that is used to working together. I came in as an intern and I’ve learned so much along the way,” Rachel says. With a mix of long-tenured employees and new hires, knowledge sharing remains a core strength. Culture of Impact and BelongingBoston Scientific’s mission, “Advancing science for life,” is central to Rachel’s motivation. One example is the annual Everyone Makes an Impact event. “We bring patients on site who have been treated with our products, and they talk about their stories. You walk away feeling the impact of all the work you’re doing,” she shares. “That definitely brings us together around our core mission and common goal, why we’re all here doing what we’re doing: providing the best results for the patient, regardless of our functional role.”She is also active in employee resource groups, including EmpowHer and the Young Professionals Network. “Definitely a sense of community,” she says of the benefits she derives from EmpowHer. “It’s a special way to connect with members outside of our team and to learn about their experiences and how they’ve advanced through different challenges.” Through peer mentoring programs, goal setting, and volunteering with local organizations, Rachel sees these groups as vital outlets for connection and accountability.Mentorship and Community EngagementRachel has benefited from mentors during her career, and she makes it a point to pay that forward. She often works with interns and early-career professionals to help them find their footing in cybersecurity. “I was given so many opportunities as an intern, and I want to make sure others feel the same support I did,” she explains. She emphasizes practical advice, how to build confidence in meetings, how to ask questions, and how to map out a career path in security.Outside the workplace, she stays active in community events, conferences, and panels. These platforms allow her to share her own journey, highlight the value of diversity in cyber, and learn from peers facing similar challenges. She views community engagement not just as professional development, but as a way to give back and inspire the next generation of security professionals.Vision for the Future of CybersecurityLooking forward, Rachel sees cybersecurity becoming even more embedded in everyday business and personal life. “It’s not just IT anymore, it touches every part of the business and every individual,” she says. She believes the future will require security professionals to be as strong in communication and relationship-building as they are in technical expertise. “It’s about being that trusted advisor, not just the person who blocks things.”She also expects rapid innovation in automation, AI-driven defense, and vendor risk management. “The pace of change is only accelerating. Successful organizations will embrace security as part of their culture, not just as a requirement, but as something that adds real value.” For Rachel, the ultimate goal is simple: “To keep learning, keep growing, and keep helping others feel empowered in this field.”Leadership AspirationsLooking ahead, Rachel sees herself moving into leadership roles. “I would definitely love to get into people leadership; currently I’m an individual contributor. I think that would be a great area to move into next,” she says. In the meantime, she remains focused on continuous learning: “I never stop learning and figuring out how I can apply different things that I’m learning in the community to the role that I’m in.”

Corina’s career in cybersecurity began long before the industry was a formal discipline. Growing up in Europe, she attended a science and IT focused high school where she built computers, designed websites, and watched friends drift toward the black-hat world. Determined to be on the right side of the law, she set her sights on preventing cybercrime. Moving to the United States at 18, she initially studied biochemistry before ultimately following her passion for technology and earning her degree in IT with a focus on security certifications.Her early career followed the traditional IT path, from help desk to network and systems engineering, but the pivot to security happened quickly. While working at a financial institution, she was tasked with reviewing 10,000 pages of SIEM logs, a process she instantly knew needed to be automated. From there she dove deeper into security operations, disaster recovery, encryption, and compliance, building an impressive foundation in financial services at a time when few organizations prioritized cybersecurity at scale.Building Programs Across IndustriesAfter a decade in financial services, Corina moved into healthcare, where protecting sensitive patient data introduced a new set of challenges. There, she gained valuable experience implementing compliance frameworks such as ISO 27001 and SOC 2, while also launching a security program for a software product that credentialed medical staff. This work sparked her interest in software companies and the cloud. She went on to build security programs from the ground up at multiple organizations, helping them achieve critical certifications, migrate securely to the cloud, and establish mature vulnerability management and risk frameworks. Today, at Validity, Corina serves as Senior Director of Security and Compliance. Her responsibilities span customer trust, privacy and security compliance, vendor risk management, vulnerability management, and incident response. She leads a global team, including an in-house 24/7 SOC, and ensures alignment with frameworks. Her work balances the technical side of security with the governance and risk management needed to scale Validity’s operations amid growth and acquisitions. Focus and ChallengesLooking ahead, Corina is concentrating on three priorities: enhancing incident response preparedness, strengthening cloud security and vendor risk management, and maturing vulnerability management. With cloud misconfigurations continuing to be a root cause of breaches across industries, she is laser-focused on ensuring Validity has both preventive and responsive controls in place.The challenges are familiar: balancing speed of innovation with risk management, managing third-party risks without full visibility, and protecting a fast-moving business with a lean team. She emphasizes, “Security must be seen as a business enabler, not a blocker, even when decisions need to be made quickly with imperfect information.”Leadership StyleCorina describes herself as a transformational leader. She looks for team members who are “smart, hungry, and humble” and builds her teams around trust and collaboration rather than competition. She believes the right mindset is just as important as technical skills. She empowers her team to innovate, maintains a culture of continuous improvement, and ensures work-life balance without sacrificing high standards. For her, leadership is about creating trusted partnerships across the business while pushing her team to do their best work.Industry Perspective and AI GovernanceWith the rapid rise of AI, Corina has taken a proactive role in establishing Validity’s AI governance program. She works cross-functionally to ensure AI tools and data should be used responsibly. From vendor due diligence to internal policy, she has built a living framework that adapts as technology evolves. For Corina, the integration of AI represents both a risk and an opportunity, one that demands thoughtful governance to balance innovation with security.Women in CybersecurityHaving grown up in a culture where women in science and technology were common, Corina did not initially perceive gender as a barrier. She advanced quickly, landing IT management roles early on in her career. While she has occasionally encountered bias, she reframed those experiences as indicators of cultural misalignment rather than personal limitation. Today, she uses her platform to coach women entering the field, emphasizing grit, curiosity, and the ability to demonstrate initiative, whether through labs, certifications, writing, or community involvement.Her advice for women early in their careers is straightforward, she says, “Show your grit and excitement. It’s not just about experience; companies look for passion and drive. I’ve seen junior hires with only one year of experience outpace peers with five years, simply because they were hungry to learn and succeed.”Looking ForwardCorina thrives on the technical side of security as much as compliance and enjoys working with peers across business functions. She stays sharp by engaging in peer groups, conferences, hands-on labs, and ongoing training. For her, the future is about continuously improving programs, strengthening trust with customers, and shaping how security evolves alongside emerging technologies like AI.She is particularly energized by the challenges AI introduces. “AI is here to stay, and security leaders can’t afford to ignore it,” she explains. “We need to embrace it responsibly, making sure we put guardrails around how data is used and ensuring our teams understand both the opportunities and the risks.” For Corina, this means helping organizations navigate a middle ground: not slowing innovation but ensuring that innovation is done safely and transparently.Equally important for her is the human side of the equation. “At the end of the day, security isn’t just about tools and frameworks, it’s about people,” she says. “I want to keep creating environments where security teams feel empowered, where colleagues across departments know they can come to us with questions, and where customers feel they can trust us with their most sensitive data.” In her view, the next chapter of security leadership is not just about defending systems, but about building a culture of trust, resilience, and shared responsibility.