Moving on to New Things in 2017 / by Debra Farber

Leaving Visa for new adventures

Today is my last day as Sr. Director, Global Public Policy (Security, Privacy, & Risk) at Visa. My decision to leave has not been an easy one. I have had the honor of working with amazing people on many challenging public policy issues that include payment authentication, threat intelligence and information sharing, cybercrime and payment fraud disruption, data localization, big data, IoT and secure payments, and EU data protection law, among others.

I believe strongly in Visa, its products and services in the market, and its overall ethos. In fact, I am a proud shareholder, and I know that Visa will enjoy many future successes. Moreover, I adore the members of the Global Public Policy Team and other peers at Visa. It is very tough to leave wonderful co-workers, despite knowing that this move is the right one for me. I mean, just look at how much enthusiasm the Visa Global Public Policy team has in this photo!

Why leave a great thing?

I have enjoyed analyzing the global security and privacy regulatory landscape, defining Visa's policy positions, and aligning our internal business to those policies. However, as a long-time information security and data privacy expert, I have greatly missed working directly with product and development teams and advising on risk strategy. Some incredibly interesting opportunities have come my way, and I just cannot pass them up.

What's next for me?

Tons! It's only the 1st week of January and I have already lined up quite an eventful and rewarding 2017, as I embark upon the following new ventures and activities:

  • Writing a Book: I am currently writing a short form book for O’Reilly Media, “Going Pro: Getting into Information Security,” which is slated to be published in Q2 2017. I'll be reaching out to many of you in my network for some of your stories, advice, and quotes. While the book does not focus on the topic of diversity, it will incorporate viewpoints and advice from a diverse set of security experts.

  • Expanding NotSoSecure's Pentesting Services & Hacker Training Classes in the U.S.: After NotSoSecure’s massive success in delivering penetration testing services (web, mobile, & infrastructure) to Fortune 500 companies and hacker training classes, including: “The Art of Hacking” (infrastructure & web hacking) | “AppSec for Developers,” | “IoT Hacking,” | "Advanced Infrastructure Hacking," etc.) at BlackHat and for large organizations in Europe & India, the founding team has offered me the amazing opportunity to oversee U.S. expansion efforts as NotSoSecure Inc.'s VP of Business Development. Stay tuned for upcoming announcements regarding our Bay Area Hacker Training Series in March 2017, an exciting collaboration to teach kids to hack, and other news.
  • Launching a Privacy Startup: With an experienced and deeply-knowledgeable founding team, I am building out a SaaS-based privacy platform as CEO that services small to medium-sized businesses. We are bootstrapping this startup and are in super stealth mode. However, if you are seriously interested in possibly investing as an Angel, please do get in touch.

  • Advising BigID: I will continue to serve on BigID's Advisory Board, serving as a "voice" of the Chief Privacy Officer and advising on product features. BigID’s platform gives enterprises intelligence and governance controls needed to help protect against proliferating privacy risk and the increasing threat of personal data breaches, and help drive compliance with privacy and security requirements. The platform offers solutions for the privacy office such as: data mappingEU GDPR compliance automation, and tools for completing PIAs (e.g., data inventory and data flows). Please reach out if you are interested in a piloting the platform in your enterprise and I'll facilitate an introduction to the team.

  • Serving as an Editorial Board Member for Cyber Security: A Peer-Reviewed JournalCyber Security is the major new peer-reviewed journal, by Henry Stewart Publications, publishing in-depth articles and case studies written by and for cyber security professionals. The inaugural issue will be published in March 2017. It will showcase the latest thinking and best practices in cyber security, cyber resilience, cyber crime and cyber warfare, drawing on practical experience in national critical infrastructure, government, corporate, finance, military and not-for-profit sectors. Its detailed articles and case studies – all of which are peer-reviewed by an Editorial Board of leading cyber security experts – will provide in-depth, actionable advice and ‘lessons learned’ from fellow professionals, showing how cyber security programs have been specified, designed, implemented, tested and updated in their organizations, as well as how data breaches and exercises have been managed in practice.

  • Expanding Women in Security and Privacy (WISP)'s reach and offering: WISP is a fiscally-sponsored project of Community Initiatives that I co-founded, which promotes the development, advancement, and inclusion of women in our fields. We have grown our membership base tremendously over the last year and are excited for 2017, as we plan to expand our member services.

  • Continuing as Executive Faculty at IANSI will continue to provide executive-level advice to CISOs and senior management on a range of security and data protection topics that significantly impact security programs and the success of businesses. I deliver advice via consulting calls, written Faculty Insights, IANS webinars, and speaking at Regional IANS Forums. Is your company a member of IANS? If not, reach out and I'll connect you to the right people to get you set up.

  • Serving on the IAPP's CIPT Exam Development Advisory Board: I have just been appointed to this Advisory Board for a 3 year term (2017-2019) to oversee development of the Certified Information Privacy Technologist (CIPT) exam.

  • Completing my Certificate in Business Excellence from the Berkeley Haas School of Business

  • Keynoting EventsI already have one keynote speaking engagement lined up for September in Chicago. Please reach out if you have a worthy opportunity.

  • Traveling for Fun: I'm looking forward to traveling to several security and privacy conferences across the U.S. and Europe. To avoid burnout, I also plan to sneak in some leisure travel to Iceland (yes,'s magical), England, Thailand, and Panama.

To follow my upcoming ventures, please visit, subscribe to my blog, and/or follow me on Twitter (@privacyguru). To stay in touch or connect on LinkedIn, go ahead and send me an invite and let me know how I can add value to your business.

I wish you all the best in the new year. I know that 2017 is looking pretty darn fun and exciting from where I am sitting!