​​This month, we're excited to feature Dr. Alex Shulman-Peleg, the Global CISO at Kraken Technologies. Alex is passionate about using security to help modernize utilities for a greener future.

Her leadership is built on deep technical discipline – from a Ph.D. in Computer Science to holding 14 patents and authoring over 30 scientific works. Having managed large-scale security programs at Citibank and EY, Alex believes that cybersecurity is ultimately about the responsibility of protecting the systems we all rely on.

‍

1. How do you describe what you do in cybersecurity and why it matters in everyday life to people who don’t know the field? 

‍Think about your daily life from the moment you wake up - we check our phones, read the news, and pay for our commute with digital wallets. All of our data, whether it’s healthcare or finance is online and being targeted. Behind every online account is a human being with a story, a family, and a right to privacy. Cybersecurity is about protecting our people and communities from those with malicious intentions.

‍

2. Cybersecurity helps protect real people - families, patients, homeowners, and communities that rely on critical systems. When you think about cybersecurity through a human lens, who are you protecting, and why does that motivate you?

Unfortunately, the number of cyber attacks impacting the end users is only growing. But it’s not just about hacked accounts. Threat actors are constantly trying to take down our most critical systems. When these systems are hit – for example, during a ransomware attack – our families and communities are the ones who suffer.

We’ve seen cases where hospitals couldn't operate or labs couldn't process urgent blood work because of a cyberattack. Even in my own local community, high school students were unable to take their finals because threat actors took the school systems down, which then impacted their college applications.

Personally, I think about cybersecurity through a human lens every day and every night -- it’s what motivates us to work around the clock. While no one can control every threat or guarantee that a breach will never happen, everyday my team and I work tirelessly to raise our defenses, reduce risks, and do our best to protect our communities.
‍

3. Cyber incident response can be compared to emergency response or healthcare triage. What parallels do you see between cyber response and 911 or EMT work? Where do those comparisons break down?

Just as a healthy lifestyle cannot fully eliminate the risk of a medical emergency, even the best cybersecurity controls cannot perfectly prevent a breach. When an emergency strikes – in our case, a cyber attack – the response follows a remarkably similar lifecycle to 911 and EMT service responding to an emergency like a car accident.

Both fields rely on rapid triage to prioritize the most critical 'wounds' and containment to stabilize the situation. Much like an EMT translates medical chaos into a calm, professional plan, a cyber responder must guide panicked stakeholders through technical recovery with clarity and precision.

However, the comparison breaks down when facing an active human adversary. Unlike a medical condition, a cyberattack involves a thinking opponent who adapts to the  “treatment” in real time. Furthermore, while one EMT typically focuses on one patient, a digital first responder often manages a crisis that can impact millions of people and global infrastructure simultaneously. Cyber incident response is a critical function and I hope more students will appreciate the huge impact that they can make in these roles.

4. Both cybersecurity and emergency services rely on preparation as much as reaction. How do you think about prevention versus response in cybersecurity, and how should that balance shape cybersecurity programs?

‍Similarly to healthcare, a balanced program treats prevention as the “immune system” and response as the “emergency room”. Prevention focuses on reducing the attack surface through engineering best practices, hygiene, automation and resilience of the entire organization. While the response focuses on containment and recovery. Exactly as in the medical space, both are critical to reduce risk and impact.

5. After a cybersecurity breach or incident, learning and adaptation are critical. How do cyber teams reflect, improve, and adjust protocols after an event to better protect people moving forward?

Indeed, it is a common practice to do a retrospective after both cyber and medical emergencies. But here we have one key difference between the two fields: In the medical emergency case the retrospective will focus on what the EMT could have done better, while in the cyber case we are analyzing both the cyber defense team actions and the vulnerabilities that allowed it to happen. The goal is to follow with preventative controls that will reduce the risks of the incident happening again.

6. What skills are important in cybersecurity roles, and how may someone transition into cybersecurity from other fields?

In my opinion, the most critical quality required for cybersecurity is a fundamental desire to protect others. It is a common mistake to envision this field with the 'hacker in a hoodie' stereotype. In reality, we need people who are committed to safeguarding their communities and are willing to work diligently to reduce the risk of harm.

We need individuals who possess the same core characteristics as EMTs, nurses, teachers, or coaches -- roles built on high-stakes responsibility, quick thinking under pressure, and a service-oriented mindset. Those who have spent their careers looking out for the well-being of others possess the triage, empathy, and vigilance that form the most important foundation for a career in cybersecurity, as that protective instinct and the ability to remain calm during a crisis are difficult traits to find.

7. Tell us about your journey - what experiences, moments, or influences shaped your path, and how do they influence how you show up in cybersecurity today? ‍

My journey into this field began as a software developer and engineering leader. When I started leading early cloud computing projects nearly 20 years ago, I realized how critical cybersecurity was going to be. Going deeper into the field reminded me of the complexity of biological systems, and I became fascinated by its depth and challenges.

Unlike many who are drawn to the “hacker in a hoodie” stereotype, I never found joy in the act of breaking systems. During cyber exercises, I often felt a sense of disappointment at how easily software could be compromised. I am always more excited to be on the protection side, seeing various exploits blocked by our defense tooling. It is this commitment to protecting others that inspires me every day and motivates me and many others to work tirelessly in this space.