SPOTLIGHT: EUGENIE ZUMGANG, CYBERSECURITY RISK SERVICES (CRS) SUPERVISOR

Williams Adley is dedicated to recognizing and investing in up-and-coming talent, and we take pride in the enormous potential of the future leaders we are cultivating. One of our most recent additions to our Future Leaders Program (FLP), Cybersecurity Risk Services (CRS) Supervisor Eugenie Zumgang, is an accomplished FISMA auditor with nearly a decade of experience supporting the Department of Education, and a true cybersecurity expert.

Read our interview with Eugenie below to learn how she has found success and how she has committed to keeping Williams Adley on the forefront of cybersecurity.

Q: One of the most notable aspects of your career is your extensive experience on our FISMA Audit for Department of Education, on which you have had a significant role since 2016. What has it been like to have such crucial involvement on a large and complex engagement such as this? And how has it helped develop your skillset and prepare you to participate in Williams Adley’s Future Leaders Program?

A: My experience and my roles on the Department of Education FISMA audit have evolved from supporting the engagement to leading the engagement over the years. The different roles/function I have played on this engagement have helped me to have a better understanding of the client, its environment, the regulatory requirements and how they are applied. My experience has helped me to play a pivotal role in the successful completion of the Department of Education FISMA audit by leading the planning, the coordination efforts between the client, the auditee and my team, conducting the assessment and testing, and proving the results/findings of our work.  Moreover, using skills such as communication, teamwork, and problem solving that I acquired during all these years at the Department of Education has prepared me to align my experience and skills with the requirements of the Williams Adley’s Future Leaders Program (FLP). Finally, my qualifications and the progress made during these years at the Department of Education has helped increase my chances of being selected for this great FLP opportunity.

Q: This engagement had a rather steep learning curve and can be very demanding. What are some specific strategies you have used to adapt quickly and deliver value to the client? What have been some of your most important lessons learned?

A: On the Department of Education FISMA engagement, the strategies that have helped me to adapt quickly and deliver value to the client have been ranged, based on what particular circumstances called for. One of the strategies that I have used the most is to review the NIST guidelines and previous audit report to understand common compliance challenges. I have also leveraged existing templates and checklists to streamline the assessment process and prioritize tasks based on priorities and deliverables. I have adopted effective communication with key stakeholders to keep them informed about any emerging issues and collaborated with experienced colleagues and mentors to form a deep understanding of my work and the needed solutions. I have also prioritized high-risk areas during the work and adopted a continuous learning methodology that helps me to stay informed on the latest developments in information security, FISMA regulations, and NIST guidelines. 

My most important lesson learned has been the importance of detailed and accurate documentation to provide a clear audit trail. I have learned to prepare and adapt myself to changing requirements, unexpected challenges and new information that may arise during the audit. Lastly, I have had to practice the self-care. This means I have taken regular breaks during work to avoid burnout. I have also tried to exercise when possible, and I have stuck to a diet with balanced nutrition to keep my energy levels high. Additionally, I believe continuous learning and getting feedback has helped me to improve my work.

Q: You’ve juggled responsibilities outside of work while achieving significant career success. That’s no small feat. What strategies or resources have you found most effective for balancing these different spheres of life?

A: In my role as a FISMA auditor, I have successfully balanced my professional responsibilities with my personal life by implementing effective time management and selfcare strategies. I prioritize tasks using the Eisenhower Matrix and create daily plans to ensure that high-impact tasks were completed first. Moreover, I set clear boundaries and designate a specific workspace where I maintain a healthy work-life separation. I also leverage productivity tools like Teams to collaborate efficiently with my team and delegate tasks based on individuals’ strengths.  Finally, I use breaks when needed, exercise, and practice mindfulness to help me stay energized and focused.

Q: We all encounter challenges and adversity while pursuing our career goals. What was the biggest obstacle you faced, and how did you overcome it? What advice would you give to others to help them avoid similar challenges on their path to success?

A: During a recent FISMA audit, I encountered significant resistance from the auditee, who was concerned about the workload and potential disruptions caused by the audit. To overcome this, I held an initial meeting with the IT team to explain the audit process and its benefits. I had meetings with them to explain to and educate them on FISMA requirements. My team and I also maintained regular communication to demonstrate the value of compliance through quantifiable benefits. This process helped us to build trust and gain their cooperation. Moving forward, I plan to maintain ongoing engagement with the auditee and other stakeholders to reinforce the importance of the audit and address any emerging issue proactively.

Q: What initially attracted you to pursue a career with Williams Adley, and what factors have contributed to your continued commitment to the firm?

A: What initially attracted me to pursue a career at Williams Adley was the company’s culture and values that promote an inclusive and diverse environment where all employees feel valued and respected. Williams Adley also offers me a clear career path, access to professional development resources, and support to obtain relevant certifications. Over the years, Williams Adley has prioritized work-life balance by offering flexible work arrangements and fostering a supportive work environment for me.

Q: There are many young, ambitious professionals out there who are driven to pursue a similar path to yours. What advice do you have for young people who are looking to achieve such goals?

A: The advice I have for younger people is that to become a successful IT auditor, you need to love the work that you are doing. This means you need first to gain practical experience through internship or entry-level positions that will help you to have mastery of the work. Then you need to be open to mentorship from experienced professionals in the field and actively participate in professional organizations to build your network. Moreover, you need to continuously update your knowledge through courses and training programs that keep you informed about industry trends and regulatory changes. Finally, you need to have clear career goals and seek challenging opportunities that would help you advance to leadership roles and become a trusted professional in the field of FISMA/SSAE18 audits.

Q: The cybersecurity industry is changing rapidly these days, and it is critical for organizations to adapt to these new developments. As a Future Leader, what do you believe will be greatest challenge the industry will face in the near future? And how has Williams Adley prepared to face these challenges and stay ahead of the pack?

A: I believe that there are multiple challenges the industry will face in the near future due to the rapidly evolving cybersecurity landscape and the need to proactively adapt to the new developments. Some of the greatest challenges the industry will face in the near future are the increasing sophistication and the frequency of cyber threats, particularly those involving advanced persistent threats, ransomware, and state-sponsored attacks.

As a future leader, I recognize that the increasing sophistication and frequency of cyber threats pose significant challenges. However, Williams Adley is prepared to face these challenges and has developed a comprehensive cybersecurity strategy that addresses its employees, processes, and technology and ensures that cybersecurity is integrated into all aspects of its business operations and client services.

At Williams Adley, we recognize that practicing good cyber hygiene within our own firm is essential for effectively educating us on and preparing us for the cybersecurity challenges our clients face. Our ongoing security awareness program not only educates employees about the latest threats and best practices for safeguarding sensitive information, but also includes regular training sessions to reinforce this knowledge. In addition to these trainings, we conduct phishing simulation tests to evaluate and enhance our team’s ability to identify and respond to phishing attempts. We implement regular updates on emerging threats, encourage secure password practices, and provide resources for reporting suspicious activities. Furthermore, we actively participate in events and forums focused on critical topics such as zero trust, allowing us to stay informed about industry trends and best practices.

To further our commitment to client education, we are developing a podcast, titled CyberStorm, aimed at informing our clients about cyber risk and effective mitigation strategies. By prioritizing these internal security measures and engaging with the broader cybersecurity community, we strengthen our capacity to support and advise our clients in navigating their own cybersecurity environments, ensuring that we are well-equipped to address their unique challenges

Finally, Williams Adley has ensured that its employees have strong executive support for cybersecurity initiatives and has fostered a culture of security, developing and empowering cybersecurity leaders who drive its security strategy and initiatives every day. The Executive Management Team saw potential in me and encouraged me to pursue the Certified Information Systems Auditor (CISA). This certification has enhanced my expertise and enables me to provide exceptional service to our clients, and with Williams Adley’s support I am looking forward to progressing my career as a leader in cybersecurity.