Sandra Cavazos, VP at Comcast and Duke Engineering Alumna met with Duke Cybersecurity students

November 13, 2023 | Emilia Chiscop-Head, Duke Fintech and Cyber Program Manager

Sandra Cavazos, VP at Comcast and Duke Engineering Alumna met with Duke Cybersecurity students


Sandra Cavazos, VP for Product Security and Privacy at Comcast

Sandra Cavazos, Vice President of Product Security and Privacy at Comcast and an Alumna of the Pratt School of Engineering met with the Duke Cybersecurity students on Friday, November 3rd. As a guest speaker of the Cybersecurity Seminar, a course during which first year master’s students are exposed to industry leaders, Sandra shared insights from her personal experience in a cybersecurity career. “I graduated from Pratt in 1997 and started to work for Intel’s largest facility in New Mexico,“ she started her story. Sandra returned to school a few years later to earn a master’s degree in electrical engineering at Stanford University. “At the time, cybersecurity was not even a thing,” she recalled with a smile. Not much later, when the first cyber-attacks occurred, manufacturing facilities realized that they needed to do things differently. Sandra Cavazos was on Intel’s team to implement this change – her first cybersecurity project. Years later, Cavazos started her career at Comcast, a company with more than 30 million customers in the US.  Founded in the 60s as American Cable Systems, Comcast Corporation, based in Philadelphia, is providing cable television, entertainment, and communications products and services.

Sandra’s responsibilities include threat modeling, pen testing, SDL coaching, DevSecOps tooling, cloud security, micro segmentation, and privacy operations. She is responsible for building security and privacy in all customer-facing and internal products and technology that support Comcast residential and Comcast business customers as well as the enterprise.

She talked with students about the shared services that Comcast provides across the organization, including third party security assistance, threat modelling, secure design patterns, secure coding, production ready security assessments, and more. “As a part of the threat modeling practice, we have a skilled architect who trains his team to act like hackers and identify threats on their own. In secure coding, we scan the code that we write and identify vulnerabilities to fix them. Fixing is harder than identifying. It is like cleaning your house – not letting problems pile up is key,” she explained. The Comcast VP also introduced students to the early career programs at Comcast, such as CORE (Career Opportunities & Rotational Experiences). “This is a 2 year program during which employees will work in three positions within the company to get exposure to different areas and roles, network and decide what they would like to do next.” Asked what academic backgrounds Comcast is looking for, Cavazos answered that engineering backgrounds are in top. She also said that individuals with cybersecurity training, especially with a master’s degree, have higher chances to succeed if they also have soft skills, such as writing and oral communication skills. “We look for people who are curious, are eager to learn and have a problem-solving mindset,” she said.