Behind the Scenes with Serena Zhao
By Serena Zhao, Principal Security Program Manager
For large, global organizations like Adobe, having robust security measures in place is paramount in protecting our customers and employees against evolving cyber threats. But here’s the catch: it’s not just about having security measures; it’s about making sure everyone knows why security matters. Much like the coxswain of a rowboat, you need to make sure everyone is rowing in the same direction to keep the entire crew both safe and motivated on the waters.
In this blog, we’ll take you Behind the Scenes to meet Serena Zhao, our principal security program manager to learn more about her career journey and efforts in championing a unified security story across internal teams at Adobe.
Tell us about your career journey and background. What initially got you interested in cybersecurity?
I didn’t actually find cybersecurity; cybersecurity found me. Fresh out of college, I started out as a blackbox quality engineer at Adobe, but quickly realized that it wasn’t for me. In the role, however, I had an opportunity to manage some key technical relationships with Apple and Microsoft and drove our transition from PPC to OS X, as well as the initial Window XP certifications for Adobe. I then decided to get a Program Management Professional (PMP) certification to formalize my own program management experience and haven’t looked back. I discovered that I love working with teams to help make their vision a reality.
Within my program management role, I initially worked on improving business process tools until my team got a call and shifted priorities. That’s when my team and I were parachuted into the fascinating world of security in 2012. Since then, I’ve hosted tech talk series in the security space, coordinated summits, and rolled out company-wide security tooling initiatives throughout my tenure.
I’ve been lucky enough to work with amazing teams to get things done. From revamping how we delivered ISO images onto DVDs (yes, there was a time when software companies did stuff like that!) with virus scanning, to establishing a secure code signing process, having a supportive team makes any mission possible. What really keeps me going in security is the shared commitment of those around me to do the right thing for Adobe, our customers, and the broader industry to continuously improve how we secure software and data. It’s the drive that keeps me excited for new challenges ahead.
What do you enjoy most about your current role?
As a principal security program manager, my work involves streamlining communications, which means helping align our security organization internally to share and amplify the security vision across the company. A big part of this endeavor is helping ensure that our product teams understand our security “why’s”. Hosting “tech talk” series is just one of the ways I achieve this goal, fostering a culture where members of our security organization actively share about their latest work and innovations. These channels not only serve as an open forum for internal feedback and discussion; they also allow our security members to engage and educate our product teams and the broader Adobe employee base about top-of-mind security topics.
All our teams are working on such fascinating projects every day, and I love being able to build bridges and connecting our security team with partners and groups. Building relationships and security mindsets across the company is important because security isn’t something that is meant to be imposed onto people as an afterthought. It’s integral to every decision made by our employees, especially on the frontlines. For our engineers, it’s how they design and code, what languages and tools they deploy, how they set up access, and thinking about what links to trust that ultimately influences real security outcomes.
What is your favorite part about working at Adobe?
That Adobe cares. From setting science-based targets to reduce carbon emissions, to sharing cybersecurity resources with the rest of the community, I truly believe Adobe wants to serve the communities we live and work in, giving employees the opportunity to make a difference in ways that matter most to them.
For example, I have the opportunity of managing our team’s relationship with the Cyberpeace Institute, a non-governmental organization (NGO) that connects other humanitarian NGOs to volunteer cybersecurity experts who provide ongoing guidance to help prevent cyberattacks. This partnership gives our security team opportunities to leverage their skills to help make meaningful, real-world impact. I also serve as the security liaison for our internship program, where I help define the experience for both our hiring managers and our interns. My efforts here will help foster the next generation of cybersecurity talent and bridge the looming cybersecurity skills gap that exists today.
I am also an active participant in Adobe’s Sustainability community, where I encourage people to share tips on how to electrify your home, move to greener lifestyles, and how to invest to enable a low-carbon economy.
What is one piece of advice you would give to someone interested in pursuing a career in cybersecurity?
Don’t be afraid to ask questions! The cybersecurity space changes every day with new technology, new tools, new people, and new thinking. You have to push yourself to always be learning, and I am thankful to all the people I’ve met who’ve shared their ideas, thoughts, and pointers with me.
Also, if cybersecurity is something that interests you, but coding does not, feel free to explore other facets of security — policy, program management, marketing, communications, compliance, and more. You don’t have to be a hacker to work in security!
Finally, what is one thing people would be surprised to know about you?
I am a seasoned Scout Volunteer with BSA Scout Troop 390 and T2390 in San Jose, California. Although I am a total indoor cat, for my kids, I have been camping, hiking, and trying to make peace with bugs. My time spent corralling scouts to cultivate leadership skills and empowering my teams at work to help realize their vision have mutually enriched each other.
