There’s a common expectation that the higher you go in any business, the less you see of your customers. But Laurene Hummer, senior offering manager for identity and access management (IAM) services at IBM Security, makes a point of taking every opportunity offered to speak with end users.

Laurene works by a motto she learned during a course called Pragmatic Marketing: The answer to your questions are not in the building.

“Any time a seller pulls me in or a consultant invites me to a call, any opportunity to have a direct conversation with the customer, I take it,” she said. “And if you’re talking to only existing customers, you’re missing the input from all of the people who aren’t your customers yet, but could be — so it’s also important to talk to users outside of your current base to understand why they’re not your customers yet.”

Setting the Direction

Describing herself as the “mini CEO” for her specific line of business, Laurene said her day-to-day involves looking at the governance and performance of the IAM services business, evaluating the value provided to customers, understanding the market and closely examining how competitors go to market. Then, she develops new offerings to address client pain points and guides their go-to-market and delivery execution. She must consider how to enable all the various IBM functions to effectively deliver those services to clients and help them address their challenges. That’s quite a responsibility.

It’s all about setting the direction for the IBM Security IAM services business as a whole.

“Being an offering manager is making an impact through influence,” said Laurene. “We need to be able to articulate the mission and get people to agree to work together towards a common goal. It’s a lot of relationship building.”

Being at the helm of even a small part of IBM Security might mean lots of meetings, and lots of meetings also mean lots of internal conversations — and you can easily get lost talking to internal stakeholders and making sure you’re aligned, said Laurene.

“The most important thing, our North Star, really is the customer and what the market needs,” she said. “We need to let that guide us and be the reason why we’re having all these internal conversations, and not the other way around. You must keep in mind the true reason you’re doing it, which is solving customer problems.”

Answering the Big Questions

But Laurene is not only part business leader, part politician and part diplomat. She’s also part chemical engineer: After earning a Bachelor of Science in Chemical Engineering, Laurene spent time working in the oil and gas industry, and later in alternative energy, which is all quite far removed from cybersecurity at first glance.

The thing about physical engineering is that everything is quite straightforward — you apply well-established laws of physics and are constrained by them. Laurene looked at the business world and decided that was where she could find more freedom to be creative.

“Of course engineering can be very complex,” she said, “but the cool thing about business is there is more uncertainty, there’s really no right answer to things. I thought it was just a different way to have an impact.”

A guest speaker in one of her business classes introduced her to the world of cybersecurity, and Laurene was sold; it sounded like “a very pressing, important problem” for society.

“I started in energy, and energy is the foundation of our society, so that was a really big, important problem to work on, and I saw cybersecurity as something very similar,” she said. “As our digital lives are growing in importance and interfacing more closely with our physical lives, cybersecurity is starting to become integral to the fabric of society.”

The Consumerization of IT

So, having made the transition from physical engineering, Laurene now leads the strategy and offering development for identity and access management (IAM) services, the part of IBM that helps organizations tackle their toughest IAM challenges. Most people’s experience with IAM is the interaction with the login screens they see when accessing, say, their work email or apps. But it also emcompasses all the stuff behind that login screen that allows each individual to have access to the right resources at the right time. The IBM services organizations help companies deal with consumers’ increasing expectation for things to be easily accessible from anywhere.

Laurene calls it the “consumerization of IT” — those changing expectations that how we log in to our work applications should mirror our personal applications — and businesses can struggle to deal with the change.

“A lot of the time, identity and access management can get in the way of employee productivity,” she said. “A lot of organizations’ security teams will say, ‘No, you can’t access this application from your mobile phone,’ or, ‘You can’t access it when you’re on the road or from your personal device because it’s not secure.’

“Having the right identity and access management policies in place can allow an organization to let their employees have much more flexible access to their assets in order to improve their productivity and make it a better experience. And that’s becoming more and more important as consumers have their own personal experiences with IT.”

Resilience and Strength From Two Cultures

Perhaps Laurene’s drive to answer society’s big questions and to make lives easier comes from her adolescence, when she was uprooted from her native France and brought to the U.S. at the age of 13. She believes her two worlds have helped her to be open to other cultures and to understand things are done differently all over the world — but it’s also made her very resilient, she said.

“When I was in France, I was a pretty bright kid and things came easily, so I didn’t have to work too hard, and I could goof around,” she admitted. “Then I moved to the States and I didn’t speak the language, so I had to work three times as hard to achieve the same outcome.

“That was a really hard adjustment. I had to show I may not speak the language, but I was very capable. That gave me the motivation to work hard, and I think that’s really carried through even today.”

Laurene ensures she speaks French at home to her two boys, aged four and two, to instill some of that multicultural open-mindedness. She then logs in to her work laptop using the very systems she helps clients implement at IBM Security, and goes to work making our digital lives a bit easier and more seamless.

Meet Machine learning researcher Irina Nicolae

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today