Diana Pan didn’t intentionally enter the security field. Starting as a software engineer, she developed a passion for technology that led her to her current role, implementing and securing technology as the Chief Technology Officer at The Museum of Modern Art (MoMA) in New York City.
“What I love doing is building solutions, and I have followed different technologies over the length of my career,” Pan says. “As a software engineer, the first few things you’re taught are about security and how to secure the applications that you’re writing.”
Throughout her career, those foundational security lessons evolved into enterprise security across digital properties. As a solutions-oriented leader, Pan has built applications that benefit multiple industries, including in her previous role building educational apps for Scholastic, Inc., where she designed applications that complied with strict privacy laws in the K-12 sector.
Now, Pan and her team lead all technology initiatives employed by MoMA, from digital art installations to security technology. A large part of her role is directing the museum’s cybersecurity program, which started as a payment card industry (PCI) compliance mechanism and grew into the robust operation it is today. MoMA’s cybersecurity program has evolved to protect its assets and community around the globe, including cyber best practices, General Data Protection Regulation (GDPR) compliance and data privacy and protection.
Digital technologies play a large role in the museum’s history, and Pan has developed and overseen innovative cybersecurity solutions in order to protect MoMA’s cyber assets from threats. The cyber program at MoMA plays double duty, protecting both security and operational technologies as well as digital exhibits and works of art.
“My job falls across the board,” Pan says. “We don’t secure just one type of solution — we protect technologies that support our visitors, our members, our donors, our exhibitions, physical security, the building, and Internet of Things (IoT) solutions, as well.”
The first work of art that museum visitors experience when entering MoMA serves as an example of the museum’s digital exhibitions. “Echo,“ a site-specific commission by Philippe Parreno, is programmed to respond to outside and internal sensor data. “As soon as you enter the museum, you see this very technology-driven piece of artwork, so technology is deeply embedded in our collection and exhibitions,” Pan says.
In addition to supporting works like ”Echo,” Pan and her team work closely with MoMA’s physical security department, protecting and installing security technologies to maintain the safety of visitors, staff and assets. “Most recently, we’ve been focusing a lot on the use of machine learning and computer vision intelligence and how those technologies can further enhance our program,” Pan says.
Remaining on the cutting edge of technology is something Pan cherishes in her work, challenging her to solve interesting problems as technologies evolve. She helped drive MoMA’s early adoption of the cloud and mobile workflows, modernizing security and operations to enable the museum’s around 800 staff members to work from anywhere with a mobile device. According to Pan, “those were transformative technologies that we put in place that I’m proud of to this day. You could see the clear impact of the implementations — our staff didn’t need to be tethered to a desk.”
Pan’s passion for creating and protecting innovative technologies is one of the reasons her program achieves success even in challenging situations. As many organizations struggled to adapt to the remote and hybrid environments necessitated by the COVID-19 pandemic, MoMA’s proactive move to the cloud in the early 2010s helped save the cybersecurity team the headaches of cloud migration as employees worked from home.
Pan’s proactive cybersecurity strategy helps her focus on preventing new threats as they arise. One defense strategy Pan instills at MoMA is a strong security culture. “Our philosophy is that cybersecurity should be second nature for everyone,” she says. By developing and leading in-house awareness training, the cyber team helps reduce the risk of cyberattacks caused by human error. Museum staff participate in short- and long-form training, and the cybersecurity team distributes a recurring newsletter educating the organization on current threats.
“Our training is very, very continuous,” says Pan. “That type of training and helping everyone understand the basics of what they need to do, regardless of whether you’re at home or at work, is incredibly important.”
In addition to educating MoMA employees on cybersecurity, Pan also teaches technology and cybersecurity fundamentals at the Pratt Institute, a New York-based art and design higher education institution. “I love that the students I teach are more in the cultural and museum space than they are in technology,” Pan says. “I’ve been able to help them understand that you cannot ignore technology in your daily life, and yes, cybersecurity is actually a really important part of everything that you do.”
Incorporating cybersecurity into every aspect of her role isn’t an easy task, but it is one that Pan accomplishes with fervor. “At the end of the day, everything is very intertwined. And not only is it intertwined, but everything relies on having secure technology and maximizing its use, so you can get the most out of it,” she says.