Meet the Logician: Tracey Neal
Meet the Logician: Tracey Neal
Welcome to the first “Meet the Logician” blog!
What is a “Logician”?
Simply put: A Logician (rhymes with magician) is an employee or user of Anvilogic. But beyond that, a Logician is a unique blend of intelligence, skill, and wit — someone with a passion for innovating and making security better by making magic happen in their respective areas of expertise. Here at Anvilogic, we value our people, users and security community, and we wanted to give you a sneak peek into the people behind the company. Across the company, we have people from all walks of life who’ve worked at big and small companies, some doing stints in the public sector space, all with varying skills and expertise. There are so many great stories to be told and we’re just getting started. And as October is Cybersecurity Awareness Month, there’s no better time to reveal our first featured Logician.
Our first featured Logician is Tracey Neal who manages our Governance, Risk and Compliance (GRC) program. Traditionally, it’s not seen as the most glamorous job in cybersecurity, but it’s hypercritical to any business. Luckily, we have Tracey who takes everything in stride with her positive attitude and years of experience.
Based in South Florida, Tracey’s been in cybersecurity for at least 25 years, starting her journey at the Department of State setting up budgets and establishing charters for information security. She then began building teams and moving on to leadership roles within the Department of Treasury, eventually settling on GRC work. After achieving her Master's Degree in Business and Security and doing stints in the corporate and public sector areas, she landed at Anvilogic this past March, where she’s been hyper-focused on helping us achieve a number of certifications, including SOC 2 Type I and SOC 2 Type II in record time.
Soon-to-be-Doctor Tracey gave us great insight into her journey, why she enjoys her work, and sage advice for both newcomers and veterans in cybersecurity.
Since you’ve been in cybersecurity, what has changed?
I would say the biggest, notable change is the speed at which it moves. I was at the State Department during the time of Y2K and everyone thought all the computers were going to crash. At that point in time, information security wasn’t moving as fast as it is now. Now, changes are happening daily and threat actors have gotten so savvy.
Why did you decide to pursue the GRC side of cybersecurity?
As I made my way through cybersecurity, I’ve always been in leadership roles and have built several security organizations over time. I coined myself “the fixer” because executives would pull me in to clean up their shops. So I would come in and fix organizations that were really plummeting and build up teams for optimal results — making sure they comply with regulatory standards in whatever sector they’re in. Building up teams and picking the right people — that’s always been my strong point and it tends to come very naturally for me, so I just stayed in that space.
You seem to be a natural-born leader in terms of putting all the right pieces in place, identifying gaps, and working collaboratively. Sometimes when people think of cybersecurity, they tend to think of the “hands-on-keyboard” analyst space, but there’s a whole other side with GRC that is just as important.
Yeah. And it’s one of the things I always tell people, whether I’m mentoring or just talking to my peers, is that I always say I don’t have to have all the answers, but I know how to surround myself with the people who can complement whatever answers I don’t have. And so, for me, that’s how you build strong teams. Leaning on each other and also being able to share without fear of being threatened by the next person. If we all just lean on one another, we can all make it happen. That’s my philosophy.
What advice would you give to someone who’s just starting out in cybersecurity?
Take the time to do intern work in different areas of cybersecurity to find where your passion is. What I’ve seen is that sometimes people end up in some of these positions simply because they were told that’s where the money is. And that’s nice, but a person flourishes when they’re passionate about something. Also, connect with the network of people you find along the way and perfect your skills as time goes on.
What made you move from the public sector space to more of the vendor space with Anvilogic?
What made me excited about Anvilogic was I love being on the front end of building out organizations — there’s an excitement there. I previously worked with Kevin Gonzalez [Anvilogic’s Director of Security] at another company, and I remember him joining Anvilogic and how excited he was to build out the security for the company. You know, the challenge with the public sector is that it moves so slow and you can lose so much time there. I’m not interested in sitting back somewhere and retiring, I’m interested in making my mark in the industry. And so that’s what led me here.
What’s a typical day like for you? Any challenges you face in your day-to-day?
When I was onboarded in March, my main objective was to get SOC 2 and ISO 27001 certifications, so I’ve been doing those two audits in parallel. I prioritize my day between those two audits, continuous improvement with the GRC program, and filling out security assessments from new companies we onboard, which can be comprehensive — the longest one I had was about 200 questions. From a GRC standpoint, we know that we have to meet certain regulatory requirements, but that doesn’t mean that I’m going to stop the business from doing what it needs to do to meet objectives. So I have to figure out how to be nimble and flexible, to move and navigate through those weekly product releases to get what I need but not disrupt the business.
You’re on your way to getting your doctorate degree which is awesome! What made you want to go on an extended learning path?
The interesting thing is my doctorate is in emergency management, which is essentially business resilience — governance, risk, and compliance is business resilience. There aren’t many women in the field with a doctorate degree, and I knew I wanted to go on to higher education and be the first doctor in our family. Looking at my focus on what I’ve done over the years and how I continue to build resilience for organizations is what led me in that direction.
What’s one thing that you would want organizations, boards, or the security community to know?
I find that organizations tend to be on the reactive side of resilience. They often neglect taking the time to build out the foundational components of GRC due to other priorities. If organizations take the time to obtain at least one industry standard certification, they will have a foundation to build upon. In addition, the certification reflects that you care about your customers’ and partners’ data and that it's your mission to keep their information protected. After all, data empowers the business to make informed decisions about objectives.
Between all the things you need to do for your doctorate program and your daily work activities, what do you like to do to unwind?
I am a foodie! I like to travel and eat, and I love to cook. My husband has a fit with me, telling me, “Honey, we’re not going to this place just to eat.” And I say, “Well, we are going to this place just to eat. But if there’s something else you want to do, have at it.” I’m the type of person who will research the menu beforehand and knows exactly what I’m going to order. Yep, I’m that person.
Interested in becoming a Logician? Check out our Careers page.
You May Also Like
Ready to learn more about Anvilogic?
Kickstart your security operations
Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.