Kim Smathers, who has worked in this field since the mid-90’s, is the Head of Information Security and Compliance at Snapdocs. Her resume is extensive and includes big names like Symantec, Walmart, and Jobvite among many others, as well as several years experience teaching Microsoft and Citrix certification courses and Engineering at the Computer Learning Institute. She’s just as passionate about building agile teams as she is about risk assessment and resolution and considers communication the most important aspect of being a leader. 

Q. Describe your role as a CISO in 300 characters or less. My job is all about giving people an understanding of risk and figuring out how to translate, address and resolve that risk. Q. How did you end up in a cybersecurity leadership position? The surprising thing about me – especially given where I am now in executive management – is that I don’t have a significant formal education. While I completed a bit of college, I didn’t earn my degree. But, a few years before Microsoft took off, before laptops were even a thing, I went to The Computer Processing Institute in Connecticut. This was back when computers took up an entire room!  That’s where I got my start and, for some reason, not only was I really interested in it, but it was really easy for me. I had a natural aptitude first towards coding, then networking, then technology, and I just kept going. Every time things changed, I changed. And, you have to remember, when I first started out, security wasn’t really a “thing”. It’s evolved and grown so much since then. Now, there’s so many different facets to it, so much depth. Q. What changes have you seen in yourself since then? For quite a long time, I was the only woman in the room and I would often be leading teams that were exclusively male. It was very, very hard to find any women working in information security or cybersecurity and it was even harder to find these women in leadership positions.  Initially, working in a male-dominated environment led me to think that I needed to adopt more masculine attitudes. I think a lot of women who have worked in the industry as long as I have would tell you a very similar tale. Doing this – trying to act like someone else or act how you think people want you to act – is problematic for so many reasons.  Once I started taking the time to talk to other women, I changed my approach. You’re going to get push-back from people no matter what; this taught me to rely on data instead of adopting attitudes that weren’t mine. That enables a lot more diplomacy and – more importantly – authenticity. That’s what’s really allowed me to thrive and do my best work. Q. Are you starting to see more women in leadership positions like you? There’s still only a tiny percent of women in senior leadership positions in this industry but I do see a shift, yes. Only in certain places, though. In certain companies – specifically really established companies – you still have boardrooms that are filled predominantly with white males. You can’t underestimate the impact that has on a larger organization. It all trickles down. If you’re a woman in that environment with aspirations to be in senior leadership and you’re only seeing one kind of person in those positions, the career path there can seem very unclear.  But, when you work in an organization like I do now, there’s an incredible amount to compare and contrast. There are women, there are people of color. It’s a totally different environment. Q. What advice would you give women who want to achieve the same sort of success you have? Be authentic to who you are and what you’re thinking and let go of the fear of saying “I don’t know” or “Explain it to me” or “Can I have more information, I’m not sure I understand”. Asking these questions doesn’t mean that you’re ill-informed or don’t know enough. Letting go of that fear will give you a lot more control over what goes on around you. When I build out my teams, I avoid people who are absolutely convinced that they already know everything there is to know about a topic. That almost eliminates the possibility of having a conversation and, in cybersecurity, collaboration and openness are absolutely vital. We’re influencers. My job is to bring diverse groups of people together, make them feel comfortable, and let them really exercise their creativity in order to actually influence other teams and solve problems.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber

Sara Zahid is the Assistant Vice President at Jefferies, a global investment banking firm headquartered in New York City. After earning her Bachelor’s Degree in Business Administration with a focus on Finance from the University of Toronto, she started an internship at Scotiabank. Over the course of 5 years, she was promoted several times to eventually become a Lead Business Analyst. After that, she transitioned to a more IT-focused role and gained product management experience at Clarus Commerce. In her current role at Jeffries, she’s combined her business acumen with IT project management to safeguard the company’s Information Security. 

Q. Describe your role as an Assistant Vice President in 300 characters or less I am responsible for requirements gathering, simplifying requirements, testing, organizing sprints, managing the sprint cycles, delivering requirements, communicating with stakeholders and management, and other business analysis and project management activities across Jeffries’ Global Information and Technology umbrella. As a manager, one of my key responsibilities is to make sure the team stays organized. Q. Have you always been interested in cybersecurity? When I was younger, I always got feedback that I was creative, so I initially pursued marketing. But, as soon as I started as an undergrad, I realized that I was missing an important piece, which was practical, hands-on work. I actually got an offer for a marketing job straight after college and didn’t take it because it just didn’t seem interesting enough. It didn’t seem like a challenge. That’s what drove me to consider finance, then IT, and now cybersecurity.  I love to critical-think, I love to strategize, I’m great at problem-solving. It’s been a great fit. Q. What did your path into this industry look like, then? A recruiter actually reached out to me based on my experience in product management and business analysis. At that point, I had zero exposure to cybersecurity. I didn’t know what it looked like. But, during the interview, I was told that if you have a background in IT, you’ll be able to pick-up cybersecurity. It’s not rocket science.  That was hugely comforting to me and enabled me to look at the job description with a much more open mind.  They were looking for an experienced project manager who was willing to learn. I ticked both those boxes. The journey from that day until today has been exactly that: all about learning.  Q. Was it challenging to transition from business analysis to a highly technical role? I’d say my knowledge base is currently 50% technical and 50% business analysis. But that’s part of the appeal for me. It’s something I have to work at, especially because IT and cybersecurity change so drastically, so quickly.  That means that I have to learn something new every single day and I’m not afraid to admit that. I don’t think that’s a weakness, I think that’s a strength. I know 50% more about cybersecurity than I did a year ago and that number is only going to continue to grow.  And I’m not afraid to ask questions! I’m not afraid to say that I don’t know.  Asking is the only way that you get an opportunity to get involved and expand on what you already know. Q. Has your work in cybersecurity so far been what you expected it to be? I didn’t fully grasp how many problems the industry solves until I got into cybersecurity myself. Even with a background in IT and business, I didn’t know. You think about logging into your computer every morning at work. We all do that. I never even considered how a functionality like that is safeguarded until I started in cyber. Most people don’t spend time thinking about how many characters their password has or whether or not two-factor authentication is enabled, the work behind the scenes is normally done for us. I’m now the one behind the scenes doing that work. And it’s incredibly important work! Not just for the individual, not just for the company, but for any and all external parties involved in that company as well.  Q. Did you face any challenges related to the disproportionately low percentage of women in the industry? It’s very clear that there are fewer women in this field than there are men, but I don’t feel – or haven’t been made to feel – like I’m less than because of that. If anything, I’ve gotten more respect from male colleagues because of it. It’s actually in many ways empowered me and boosted my confidence. Not only have I taught myself about the industry and progressed by doing so, I’ve progressed in an industry where not many women currently exist. That’s something to be proud of, not burdened by. I also have to give credit to my colleagues and managers and people in leadership; the culture at Jeffries enables me to do my best work. The problem isn’t solved just by acknowledging that there’s a problem. It’ll take time. But, this is such an important industry and we’re solving real problems with a real impact. It’ll continue to evolve, expand, and attract more people. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber

Tess Frieswick recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security consultant. She started as a Security Analyst straight out of college and was promoted to a more senior position after just six months.  In addition to earning her Bachelor’s Degree in World Politics with a minor in Islamic World Studies at The Catholic University of America, she’s gained political experience through internships at the International Model United Nations Association (IMUNA), the National Consortium for the Study of Terrorism and Responses to Terrorism (START), and the American Enterprise Institute.

Q. How did you end up in cybersecurity after studying World Politics and Islamic World Studies? I was fortunately hired to work for IMUNA during my first semester of college after getting involved in the organization in high school. I really lucked out and was assigned to work on the Counter-Terrorism Executive Directorate which, at the time, was focused on the terrorist group Boko Haram in Nigeria. I loved learning about African politics and counter-terrorism efforts in the region which sparked my interest in international security.  By the time I was ready to graduate, I was more certain that was the direction I wanted to take, I just wasn’t sure in what particular specialty. I had a few years of experience in counter-terrorism, but no real experience in cybersecurity. Q. What was it like, then, starting as a Security Analyst at Uber so soon after graduating? When I first started, I was a bit intimidated. I was the youngest on my team, didn’t have my Master’s, and was one of the only women on my team. I felt like I had a lot to prove, but that inspired me to work really hard. I had a manager and a boss who both recognized and valued my skills and trusted me with big projects that had a global impact.  My team actually worked on 565 different tasks from executive protection to assessing phishing emails. That experience really reinforced that cybersecurity was the path I wanted to pursue. Q. What interested you the most about cybersecurity? The 2016 presidential election piqued my interest. I remember learning about Russian interference, bots, and the manipulation of social media after Trump was elected and recognizing that cyber security is bigger than people realize. It provides a new landscape for modern warfare and these things are changing the dynamics of politics. Even something like the recent assassination of Qassim Soleimani; that presents a potential cyber warfare risk. After the assassination, I was doing assessments and considering what retaliatory actions Iran may take. Could it result in cyber warfare? Would they target critical United States infrastructure?  Developing technology is driving all of this; it’s changing everything. Politics is constantly evolving, especially with the development of cybersecurity and cyber warfare. It’s fascinating!  Q. Did you have any specific technical skills that made you especially marketable for jobs in the field? I haven’t taken any cybersecurity-specific classes. Everything I know about cybersecurity I either taught myself by reading or learned on the job. After leaving Uber, I was really upfront during interviews that I didn’t have technical skills. But, that was balanced by the fact that I can learn really quickly. That’s what I focused on. I think my writing background was also something that made me stand out. I have experience writing intelligence products in a strong, thoughtful way. At Uber, I wrote over for a project 70 documents, including style guides for products, global standard operating procedures, and security policies. Talented writers might be surprised that they have a place in cybersecurity but they’re needed to create really polished products that impress clients. Q. You had an internship at an all-female media company while you were in college. Was that a formative experience in your professional development? In every single internship I’ve had, I’ve had a woman that I looked up to for advice and counsel. I’m also just a huge feminist. I’m obsessed with Ruth Bader Ginsberg – she’s my hero, and I love Madeleine Albright. From athletes to politicians, I’m constantly seeking out stories of successful women, and women fighting for equality and change, to motivate me. I still think of some of these mentors years after working with them and I hope I am making them proud. Now, as the only female leader in my new role, I have a responsibility to step up and empower other females, too. This is especially important for women who are shy or aren’t as quick to speak up. Those people – even if they’re smart and capable – can be overlooked. Backing up their ideas, supporting them, making sure they feel empowered…it all makes a big difference.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Funding Circle, IBM and more. #TheFutureIsCyber

Carolann Shields was recruited for a Chief Information Security Officer role at KPMG LLP almost 7 years ago after rising through the ranks at McKinsey & Company. Starting in system reconciliation and deployment, going on to managing development for all of their enterprise systems, and then to becoming the IT Security Program Manager (de facto deputy CISO).  Throughout her career and to date, she’s driven more than fifteen company-wide cybersecurity initiatives and has done so by developing collaborative, positive security cultures and multi-faceted teams. While Carolann had an interest in math and aced computer classes from a young age, she actually studied and earned a degree in Business Studies in Ireland  before starting down the path to cybersecurity. Having a background in business has shaped her style and approach to security, driving a focus on efforts that reduce an organization’s overall cyber risk.

Q. Describe your role as a CISO in 300 characters or less. I lead a team with complimentary talents and skills to work together effectively and bring transparency to an organization’s cyber risk in order to identify and design solutions and processes to mitigate those risks. I also educate and influence behavior to ensure compliance and protection while making security a commercial benefit, not just a cost. Q. What would encourage more women to pursue roles in cybersecurity? Need is the mother of invention. Highlighting the number of open positions and highlighting the fact that there are women with these skills in and outside of the industry is the first step. The fact is, you’re cutting out 50% of the population when you don’t create an environment for women where they feel they can excel and actually progress in their careers. Even if you hire a lot of women – which we’re seeing now they don’t move through the ranks as easily because they don’t have enough role models or advocates. That’s why it’s so important that the women that do become successful reach back to support the women who are coming behind them. Encouragement is incredibly meaningful, and it doesn’t take much for leaders to give it.  Q. With that in mind, can organizations really ever guarantee diversity within teams? When you decide you’re only going to hire the most qualified or the one with the most potential , you naturally have diversity. On the other hand, if you start saying I’m only going to hire women, or men, or this ethnic group or that religious group, the goal of recruitment breaks down. Decisions-makers should only be interested in your brain and emotional intelligence. Who is the most qualified with the most potential? That’s who you should want for that role. Q. Have you had role models or advocates throughout your life who enabled you to achieve the success you have? The CISO at McKinsey at the time I started working there was a woman, Denise Hart, who has since retired, so it never even occurred to me that it wasn’t possible to achieve what she had or that it was in any way unusual that she had because she was a woman. On top of that, I had a father whose beliefs were sort of the reverse of what we typically think of.. He believed that men should be out physically working and that women were much better as lawyers and accountants and doctors. For me, there were no limits as a child growing up about what I could be from a career perspective. Q. What are some of the skills, interests, or personal attributes that lend themselves to a career in cybersecurity? People who care about consequences and the bigger picture and who understand the larger impact of their role in an organization are the ones who will be successful and really excel in this industry. It shouldn’t be about just a paycheck; you need to care about what you do. Why? The vast majority of organizations get hacked because of mistakes; someone clicks on a link, firewalls are misconfigured, access is overly permissive etc. The way to really prevent that is to have people care about their work so that they pay attention to the details, identify mistakes early and correct them before there is any harm done. Q. Are there any misconceptions about cybersecurity that you want to set straight? Security teams believe in the mutual benefit of being safe, which makes it collaborative by nature. While – yes – some of the most talented security engineers are at their desk working alone, a lot of it is about relationship building and collaboration and working with teams to develop and manage secure solutions. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Nielsen, Funding Circle and more. #TheFutureIsCyber

Gisela Rossi is a Backend Software Engineer at Tessian who’s earned both her Bachelor’s Degree and Master’s Degree in Computer Science. Before starting at Tessian, she gained experience at Intel, Lyst, and Facebook and, for the last several years, has been very involved in the larger software community, specifically those communities that empower women and other minorities.  She’s a co-leader of PyLadies London, a member of the WISE Young Professionals Board, and a former mentor and volunteer at CoderDojo. 

Q. Describe your roles as a Backend Software Engineer in 300 characters or less I work with Python to build and create products that are used by Tessian’s clients to protect their Human Layer from data breaches. I work closely with product and customer success teams to ensure we’re building solutions that make an impact. Q. For those who might not be familiar, can you explain what Python is? Python is my favorite programming language. Different languages have different styles and different communities around the language. There are conferences, online groups, and other events and Python has one of the more diverse and inclusive groups around the language. I’m actually one of the organizers of PyLadies London. It’s not just the community, though. The language itself is really thoughtful.  You can compare a programming language to what those of us in computer science call a “natural language”…English, French, Japanese. At the end of the day, they all serve the same purpose. You can have the same conversations but in different languages. Just like you’d have a preference in a natural language, you can have a preference in a programming language.  Q. And what about PyLadies London, what’s that? The real goal is to encourage minorities to be more active participants in the Python community and, for some maybe do a career change into the industry. There are talks, workshops, etc. It’s really about mentorship and empowerment. Q. Do you think more mentors or role models would encourage more women to get involved in the industry? I think mentorship is especially important for minorities – not just women – because we have to overcome different challenges. And those challenges aren’t necessarily big hurdles. For some people, it can be several small things.  It could be a professor you have or a bad internship. One bad manager or experience isn’t representative of the whole industry, but it can be demotivating if you don’t know that there are more positive environments where these things don’t happen. That means those of us already in the industry have to fight the fight! More than anything though, you need more minorities to be decision-makers. You need those people in higher positions to demonstrate what’s possible and empower others to do the same.  It’s especially important because the problems you solve in this industry are interesting, the work is fun, you’re well compensated. There are a lot of benefits if you can overcome the lack of diversity. But, you do need a diverse group of people to have a better chance of solving those problems. Age, race, gender…the more diverse the group, the more diverse the ideas. Q. What problems have you been most interested or focused on so far in your career? Data. All of our data is available online and when you consider all the people who could potentially access that data, you can start to see how big the industry’s scope is.  The average person doesn’t realize how valuable their data is. People hand over their personal information for a free voucher without thinking twice about it. They don’t have bad intentions, of course, but from a security perspective, that’s a big risk. If you input your email address, home address, and phone number into a site that isn’t secure and that site gets hacked…you’ve got a big problem. At the end of the day, you are your data. So, what happens when someone steals it?  But, it’s not even just scary from the perspective of hackers. Massive corporations and governments hold a lot of our data, too. What happens if they misuse it? That’s something that we’re trying to figure out in this field. We’re trying to mitigate that risk.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, IBM and more. #TheFutureIsCyber

Niki Tailor is a Platform Engineer at Tessian, where she’s worked for almost two years. Since starting, she’s been promoted to Team Lead and manages three people. Prior to joining Tessian, she worked first as an Analyst at Nomura, then as an Equities Technology Development and Operations Engineer at Bank of America.  Before entering the field, she earned her Bachelor’s Degree in Computer and Management Science.

Q. Describe your role as a Platform Engineer in 300 characters or less Security, stability, scalability, reliability, and automation of our Human Layer Security platform. As a Team Lead, I have people management responsibilities too, but day-to-day work involves solving problems, building new architecture, and empowering our engineering teams. Q. Have you always been interested in cybersecurity? Even though I studied Computer Science and Management, I didn’t always know I was interested in the field. My A-levels were a random mix of Math, French, Art and Economics. I didn’t know what I wanted to do so I chose a broad range of subjects that would allow me to pursue pretty much anything later on.  But there are a few tech professionals in my family, so I was exposed to it throughout my life. I was always taking a peek at what my dad was working on so, unlike a lot of other people, I knew the industry existed and what the path to it could look like. Q. How did you isolate Engineering as your area of interest from the larger umbrella of Computer Science? I’ve had a lot of opportunities both at University and through the work experience I got during and afterwards that have helped direct me towards what I enjoy the most.  My business-focused courses showed me that the technical, hands-on work was what I was most interested in and the work I did coding as a developer made me realize that sort of role probably wasn’t the best use of my skills. I think those experiences are really important. Even though I didn’t enjoy the work, it’s good to have an understanding of the theory behind each of these things. It’s helped me do better work in the roles I really like. Q. What interests you the most about the work you do? Working in a start-up that’s trying to solve really interesting real-world problems is the best part for me. The challenges around securing sensitive data are immense, but that’s where the most interesting challenges lie. As a comparison, I’m not working in a corporate environment where bureaucracy is a challenge. The work I do isn’t done with the goal of making rich people richer. I’m actually doing something good.  You read articles where businesses or charities get scammed and organizations lose millions and people lose their jobs. It’s rewarding to be a part of what’s preventing things like this from happening. Q. Does that sort of work lend itself to unlimited growth potential? The field is only going to get bigger. The problems we solve are only going to get bigger. I mean, right now, Tessian is solving the problem of security on email. Eventually, we’ll be solving the problem of security on all platforms.  That means there are so many opportunities to learn new things and exercise creativity. This is a field that really encourages trying, even if it means failing which means you never get bored. No two days are never the same.   This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber

Amber Pham is an Information Security Officer at iovation, a business unit of TransUnion. After earning her Bachelor’s Degree in Psychology, she transitioned into IT where she worked for over nine years, first as a Systems Administrator and then as a Systems Engineer for software and technology companies like Webtrends and Intel. She rounded out her IT experience with consulting and contracting and was able to gain a broad range of experience; this inspired her to go down a slightly different path and pursue a career in cybersecurity. She’s been working for iovation since then – except for a three-year stint in Amsterdam where she also worked as an Information Security Manager – and has watched both the organization and the industry grow exponentially. 

Q. Describe your role as an Information Security Officer in 300 characters or less I’m a people manager, which is probably my most important role. I ensure people feel supported and in cohesion with other teams to learn and grow. I’m also the central point of contact for the corporate business and, as a part of that, I work with Development and IT teams to get security work done. Q. How did you make the transition into cybersecurity after earning a degree in Psychology? When I came out of college with a Liberal Arts degree I had basically zero technical skills. But, tech companies were growing so fast that they were really willing to give people a chance and train them.  I got my “chance” thanks to a really good manager who recognized that I was a diligent worker and that I’d be able to figure the work out pretty quickly. That was working as tech support on a Help Desk, which is how I got into IT. I paid a lot of attention to the training and really just wanted to learn as fast as I could so that I could genuinely start contributing.  I didn’t actually even use my psychology degree until I got into my current role in security leadership. Understanding the psychology of motivation has been a key part of building a team and security program. Q. When did you make your move from IT to cybersecurity? I went out to do some contracting and consulting. That’s really where I grew the most. You learn a lot faster because you’re throwing yourself into different situations at different companies at a really high rate. I was able to sample a lot of the opportunities available in physical security and networking security that way, and that’s what’s really missing in recruitment for this field. People just don’t know the huge variety of roles that are available from social engineering to forensics to risk assessment.  Q. After you got a taste of all the different opportunities available, did you take any more steps to prepare yourself for the roles you were most interested in? I went on to get my CISSP which was a huge launching point for me. I know it’s just a test, but the studying that I did on the way to that really rounded out my knowledge and was a really strong signal to future employers that I had real experience under my belt and knew what I was talking about. This also gave me some confidence.  For a young person – or anyone really – who wants to launch into a professional career in cybersecurity, certifications like that are a good place to start, especially because it’s hard to jump from 50% system implementation or another aspect of IT all the way to 100% cybersecurity without taking a little bit of a step down and back. That’s something people are reticent to do. But, by doing that – by taking on a role with slightly less responsibility than I was used to, but that was a 100% security job – I was more prepared for the industry and got recruited just nine months later into what has turned into my current job. I was their first “security person” and was able to build a security program from scratch. Q. Having really run the gamut of IT and cybersecurity roles, has gender bias been an issue for you? I’ve almost always been the only woman within the teams I work in. Currently, out of about ten Information Security Officers, I’m the only one. It continues to be the trend but, more often than not, people completely disregard my gender. As long as people don’t talk about it, I don’t really feel it. When I was in my 20’s, it was more daunting. The combination of being young and a woman made me feel it more acutely, especially because I didn’t have a mentor.  You know, most men I work with that are at a certain level credit their success to a mentor. I feel like I’d be years ahead if I’d had one. That’s why I say “yes” every time there’s a Women in Cybersecurity function, a mentorship program, a local event, anything. I always say yes. My dental hygienist asked if I would mentor her daughter because she’s interested in security and, of course, I said yes. It’s so important!  You don’t have to be an activist to get involved and help someone.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, Funding Circle and more. #TheFutureIsCyber