author photo
By Cam Sivesind
Sat | May 6, 2023 | 8:17 AM PDT

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.


Dd (Catharina) Budiharto is the founder of Cyber Point Advisory LLC, a fractional CISO firm providing cybersecurity advisory services to small and mid-size businesses (SMBs). She was a CISO for several Oil and Gas companies and was a past chairperson for the American Petroleum Institute (API) IT Security Sub-Committee. She has been an EDP (Electronic Data Processor, a pre-cursor to IT) auditor and cybersecurity professional for 30+ years.

Dd is a working mom of two and a wife. She was born and raised in Indonesia and came to the U.S. to learn English and avoid being married off. She decided to stay for college and was able to receive scholarships. She worked on campus to afford college, but since she didn't speak any English, she worked as a janitor while going to school.

Get to know Dd Budiharto

Q: Why did you decide to pursue cybersecurity as a career path?
AI went into the cybersecurity profession by accident. Starting out as an EDP auditor, I felt that my clients needed a lot of help to remediate their controls, so when I was recruited to be an info security analyst, I accepted it. I loved the role and continued the path without realizing that it was cybersecurity when I was promoted to be the head of the InfoSec team, which is the equivalent of a CISO now. Since then, the CISO title took off, and I became a CISO for other organizations.

Q: What encouraged you to join your current organization?
AI started my own firm because I was getting burned out as a corporate CISO. The demand of a CISO is highly unrealistic. My quality of life was affected; my children were going through transition in high schools, and I was not able to have quality time with my family or myself, let alone giving back to the community, which is one of my missions in life.

Q: How would you describe your feelings about cybersecurity in one word?
A: Evangelistic.

Q: What has been your most memorable moment thus far working in cybersecurity?
AConnecting my organization's CEO to President Obama when the President issued Executive Order 13636. My CEO was invited to the White House, and I worked with the White House Chief of Staff to coordinate the visit, etc.

Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?
A: Zero Trust Until Verified.

Q: What is an industrywide change you would like to see happen in the future?
A: The CISO reports directly to the CEO and has an indirect line to the Audit Committee.

Q: If you could pass or change one regulation/law in cybersecurity and data protection, what would it be and why?
AA bilateral information sharing between the Government and Public Sector to improve greater collaboration and information sharing.

Structured and coordinated efforts among OEM, Owners/Operators (practitioners), and the government. The burden should not be solely on owners/operators to ensure cybersecurity posture, e.g. complying with the regulations. The OEM should be accountable for ensuring that their products have integrated security controls before hitting the market. The SBOM and HBOM need to be expanded beyond the federal government agencies. 

Because cybersecurity threats are becoming increasingly complex and sophisticated, and no single organization (public or private) can address them alone. Therefore, sharing threat intelligence, best practices, and lessons learned can help organizations and the cybersecurity community as a whole to stay ahead of emerging threats. 

Q: What do you wish more people knew about your organization?
AMy firm focuses on helping SMBs enhance their cybersecurity posture because they are the backbones of the American economy. They are part of the supply chain, and when they experience a breach, it affects the security and stability of the digital ecosystem in today's digital marketplace. 

Q: When you tell people what you do for a living, what do you say?
ACybersecurity warrior.

Q: What are you most looking forward to at your regional SecureWorld conference this year?
AConnecting the cybersecurity tribe: practitioners, vendors, professors, students, next gen professionals.

Q: In honor of our 2023 conference theme, CyberSonic: Security & Sound Remix, what is your all-time favorite song?
A: "Fight Song" by Rachel Platten. It's a shout out for the other women cybersecurity warriors and the bad actors—we are strong; don't mess with us.

To connect with Dd Budiharto and other cybersecurity leaders from the greater Houston area, attend the 13th annual SecureWorld Houston conference on May 18, 2023. Dd will be a part of the opening keynote, "CISO Panel: Lessons Learned and Advice for the Next Generation of Cybersecurity Professionals," and is moderating the closing keynote panel on "The CISO: Chief in Name Only." See the conference agenda and register here.

Continue to follow our Spotlight Series for more highlights from industry experts.