author photo
By SecureWorld News Team
Mon | Aug 21, 2023 | 3:22 PM PDT

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.

Krista Arndt is the Chief Information Security Officer for United Musculoskeletal Partners (UMP). She has  worked in and around security, risk, and governance since 2008 in various roles. "I've always been very mission driven, and therefore have worked in the DoD, finance, and healthcare, knowing that we are helping to support a better quality of life for our customers, patients, and country," Krista said.

Krista Arndt family racingShe is a mom to a wonderful daughter, and wife to a husband who serves in the U.S. Air Force Reserves and is a firefighter for his city of employment. For fun, she does archery and drag racing. She and her husband have been racing together since they met, and they build and tune their own cars. Their daughter has also really taken a liking to it; she has a Power Wheels and helps out at the race track when they compete.

Get to know Krista Arndt

Q: Why did you decide to pursue cybersecurity as a career path?
A: I have always searched for a career that allowed me to make a significant difference for others. In taking on a leadership role as a program manager in the U.S. Department of Defense, it was coincidentally for a threat management/security operations contract. I fell in love with the challenge and complexity of the field, paired with knowing that not only was I helping to defend the country in my own way, but I could also really engage with other people and reach them on a level where they may not have been engaged before.

Security awareness was always my absolute favorite part of being in cybersecurity, using your position as a forum to ensure people are prepared to defend themselves and their families against cybercriminals and bad actors beyond the work place. I started teaching myself cybersecurity, and a few really great people took me under their wing and helped me to grow and thrive, and now it's my turn to give back.

Q: What encouraged you to join your current organization?
A: The organizational mission and the culture and values they maintain. UMP's driver is to enable our practices to provide better quality of life for patients and to provide accessible care. I also really value how engaged our practices are with our communities across the country. It is evident by the actions of our physicians, employees, etc., and the relationships they've built with their patients, that they truly do this because they care and want to make a positive difference. 

Q: How would you describe your feelings about cybersecurity in one word?
A: Unpredictable. It's what makes it exciting and challenging at the same time. 

Q: What has been your most memorable moment thus far working in cybersecurity?
A: That's a tough one. There are so many significant moments I've experienced that have brought me to this point in my life. Probably when I received my first cyber job in the private sector. I'm a true believer in the saying "never forget where you came from," and just one person putting faith in my ability to learn and grow has changed my life, and in turn has allowed me to touch a lot of lives for the better.

Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?
A: Multi-factor- authentication (MFA) on personal accounts. It is such an easy way to significantly reduce cyber risk to your personal assets.

Q: If you could pass or change one regulation/law in cybersecurity and data protection, what would it be and why?
A: For personal account providers, like personal email, to require MFA by default. It would solve a lot of problems and help companies better defend their assets by increasing trust on the customer's end.

Q: What is an industrywide change you would like to see happen in the future?
A: More transparent, cohesive, and centralized information sharing across sectors. Just like we want visibility down our supply chain and across our assets to make more informed decisions, the better the information sharing, the more context we have to make good decisions in building and maturing our programs. Specifically, a more nationally-adopted approach to third-party risk assessment would save us all a lot of time and headache.

Q: What is your stance on generative AI (such as ChatGPT and Google Bard)? Is it a necessary evil? How can it be used for good?
A: I think generative AI is a great capability. It is absolutely necessary to reduce the cost of doing business while enabling more streamlined business. However, I think more due care needs to be done with adoption so it isn't adopted too soon into critical situations without knowing full well how it could affect the outcome. I'm really excited to see what it does to support better patient outcomes and maybe cost reduction in healthcare.

Q: When you tell people what you do for a living, what do you say?
A: I am an educator, a defender, a student, and a strategist.

Q: What are you most looking forward to at your regional SecureWorld conference this year?
A: Hearing other unique perspectives, not only from other speakers, but from attendees and vendors. Everyone has a different and diverse take on what they do and how it affects cyber and how it should be approached. It really gets the wheels spinning to help us to push ourselves to do better.

Q: In honor of our 2023 conference theme, CyberSonic: Security & Sound Remix, what is your all-time favorite song?
A: "Courtesy Call" by Thousand Foot Crutch


To hear more from Krista Arndt, catch her keynote presentation, "What Do Drag Racing and Cybersecurity Have to Do with Each Other?," at these upcoming SecureWorld conferences:

Continue to follow our Spotlight Series for more highlights from industry experts.