The 2011 Executive Women's Forum "Women of Influence" Awards were celebrated recently at the annual EWF event in Scottsdale, Arizona.
The awards were co-presented by Alta Associates and CSO Magazine, recognizing women in four categories: one winner from the public sector, a private solutions provider from the security industry, a corporate practitioner from the private sector, and finally, "One to Watch," a future leader in the security field. The winners were nominated by peers in the security community.
See the list of the 2010 Women of Influence award winners
CSO asked each winner this year for some perspective about the challenges women face working in the security industry, and what advice they would give to others pursuing security-related careers.
Here is a list of the winners, and their thoughts and advice for career success.
Private Solutions
This year, the winner in the private solutions category is Pamela Warren, Cybercrime Strategist and of Global Public Sector and CIP Initiatives with McAfee. Warren has worked in the security industry in both the U.S. intelligence community and the private sector for over a decade and is recognized as one of McAfees experts on critical infrastructure and public sector issues.
As McAfee's Cybercrime Strategist, Ms. Warren engages government agencies and leaders, industry CIOs, Chief Privacy Officers and the law enforcement community to help facilitate the exchange of innovative ideas on the global issue of cybercrime. She regularly engages McAfee customers and ICS vendor partners for solutions involving critical infrastructure issues and cybercrime. Ms. Warren speaks at numerous industry events, has testified to the Senate Select Committee on Intelligence, served on the DSL Forum security working group, ANSI X9, and on the U.S. National Security Telecommunications Advisory Council to address cyber security and critical infrastructure issues, and is regularly quoted by the media regarding McAfee activities. Most recently, she led the development of McAfees CyberSafety Resources Portal and K-12 cybersafety outreach program for greater consumer awareness, and represents McAfee on the Board of the National Cyber Security Alliance (NCSA).
What is the biggest challenge for women in security professions today?
Unfortunately, women are still in the minority in the industry and, with some exceptions, are not often recognized for their contributions or as "one of the team" of male experts. You do not have to let that hinder your growth as you prove your value to your team, your company, your profession.
What advice would you give to those in considering security as a profession, or who are in security but want to take their career to the next level?
Security is a fascinating and ever-evolving field to pursue. Spend the time finding the right role and the right company to find ones you feel instinctively meet your particular interests. Once you do so, I believe that you will find it extremely fulfilling and full of intellectual challenge, as well as growth potential.
What valuable advice have you received along the way in your career?
Rather than specific career advice, I have relied upon the advice from Buddhist and other inspirational leaders in all aspects of my career, especially when I face professional situations which I consider difficult at the time: "What you resist, persists", "Flow like a river over the rocks."
When you find it difficult to follow these concepts, you know it is time to move on to your next job or career opportunity either within your existing employer or elsewhere. I have sought opportunities that felt right for me personally, not what others thought I should value in a job, as each of us have professional and life lessons to learn through our unique life journeys. I have relied heavily on my instinct about professional challenges and new opportunities. And finally, I have taken seriously life lessons of loss —deaths of close friends at early ages from M.S., leukemia, and breast cancer — which helped me not waste precious time in unfulfilling professional roles. Always pursue what you know instinctively will make you happy— not what someone else suggests for you based on their measured standard. Enjoy your career wherever it leads!!!
Public Sector
The 2011 Public Sector winner is Lisa Lee, IT Examiner with the U.S. Treasury, Office of Comptroller of the Currency.
Lee has served for 23 years as a banking regulator, first as a safety & soundness examiner analyzing new investment vehicles and financial management and then as an IT examiner for the past 14 years. Following the merger of the Office of Thrift Supervision (OTS) and the Office of the Comptroller of the Currency (OCC) in July 2011, Ms. Lee now serves as an IT Examiner in the Large Bank Division at the OCC. While at the OTS, she served as the lead IT examiner at examinations of companies including General Electric, Citibank, E*Trade, and Fiserv.
Lee specializes in cloud computing, information security, enterprise risk management, and social networking and social media. She developed and hosted a Cloud Computing Symposium for the OTS in 2009 with leading experts and then led a team that drafted regulatory guidelines. She was instrumental in developing work programs for reviewing databases and hosted the OTS' first Webinar to help thrifts understand how to manage a security incident.
What is the biggest challenge for women in security professions today?
One of the biggest challenges for women in information security seems to be isolation. Who you know in this industry really matters and can help you stay on top of what is important in the flood of information. Unfortunately, many of us do not focus on building a strong network of professional contacts and making sure we have mentors and sponsors to encourage us as we navigate the next career move. Betsy Myers, EWF keynote and author of Take the Lead, notes it is not just about the glass ceiling anymore it is about the sticky floor. Many women find themselves in positions where they feel undervalued and underutilized, but unsure of how to move their career forward. We need people who will be there to help us, who will encourage and push us to live up to our full potential; who will inspire us to think outside of the box, and who will cheer our success.
A former supervisor once told me my biggest problem is I always want to make things better. When I see a problem I want to solve it, and I think isolation is a problem we can solve. At last year's EWF Conference, keynote Nuala OConnor Kelly from GE suggested we should "lift as we rise." That statement had such a momentous impact on me I devoted the last year to working with Claire McDonough from Google and Beth Dunphy from IBM to develop a mentoring and peer program called Lift.
Life is designed to help women from the Executive Women's Forum who work in information security, risk management, and privacy build a network of contacts. The trial program was running within six months, and more than 90 women recently registered for the full launch — only one year after the idea bloomed. In addition, I was inspired to create the Cheer program of quarterly networking dinners in four major cities — Washington, D.C., New York, the San Francisco Bay area, and Seattle — to help women nurture their network throughout the year. The first dinner was held within one month of the idea, and now, one year later, we are in the process of developing the first international Cheer group.
What advice would you give to those in considering security as a profession, or who are in security but want to take their career to the next level?
Choosing information security as a career is exciting because the level and pace of change are increasing rapidly. If you are just starting out, take time to write a purpose statement for your life. I have known my purpose for some time, but never actually wrote it down until earlier this year. Now I have a gauge for my career decisions and am encouraged to live out my purpose a little bit each day. That would be valuable information to have early in your career.
For those desiring a move to the next level, I think you need three things — perspiration, inspiration, and a strong network. Identify two or three positions that interest you and then develop a strategy to work toward one of them. Find a good mentor who can give you feedback about experience or certifications, evaluate positions you are considering, and coach you on your career path. In addition, focus on building a strong network within the industry. Most job opportunities still get passed along through contacts. Even if you do not want to move up at the moment, those contacts will be invaluable when you are stumped by a difficult decision about a risk or a tool.
What valuable advice have you received along the way in your career?
One of the best pieces of advice I received was to find ways to give back. As a little girl in Sunday School, I learned to do unto others as I would have them do unto me. That belief grew into a professional goal as I began to seek ways to do for others. Investing in people has an extremely high rate of return and a high level of warm fuzzies. Investing in kids is one of the best ways to invest in the future, so I wanted to use my knowledge of information security and privacy to help protect kids from online threats. I am so thankful the NCSA, McAfee, and the women of EWF feel the same way. At the 2010 and 2011 annual conferences, a group of EWF volunteers from numerous companies joined with me to teach more than 1,200 middle school students how to be safe online. It was a great way for a conference to give back to the local community.
Another good piece of advice shared with me was to know why you do what you do. Recently, I took a suggestion from Harriet Pearson of IBM to heart and wrote out my 15 best work moments ever. I was surprised that only two of them had anything to do with winning an award or recognition. Most of them involved persevering when I was told it could not be done, thinking outside of the box, and helping others. One of my favorite work moments was helping a small business owner recoup losses suffered after an account compromise. It was difficult to identify what went wrong, but rewarding to reach a positive outcome for both the customer and the bank when we finally did. Everyone wants to think their job matters. This was a rare opportunity for me to actually see the difference I and others from my agency made. It truly was a good day at the office.
Corporate Practitioners
The winner of the 2011 WOI award in the Corporate Practitioners category is Michelle Nix, Director of IT Risk Management with Juniper Networks.
Nix's role with Juniper is to act as a business and IT partner to articulate, measure and track business and technology risks to support informed decision making and maturation of the technology risk posture of the organization. Michelle has been in this field for 8 years and prior to Juniper was at McKesson managing a team which oversaw the IT Risk Management program for the $100 billion US Pharmaceuticals division. In that role she successfully led a team to achieve 4 ISO 27001 certifications in 8 months.
What is the biggest challenge for women in security professions today?
I would say the biggest challenge facing women in security professions today is related to leadership style differences from their male counterparts. The security field is a highly technical, analytical and gadget filled industry. Communication often occurs with these core concepts in mind...we talk widgets and data trends as well as bits and bytes. All good stuff. However, I believe, and I always have, there is another dimension to a good security leader which is to know how to take people with these excellent, data focused mentalities and drive them to be less about gadgets and more about business awareness and further to that personal and cultural awareness.
The self-aware female leader is more likely to lead her team through a combination of culture analysis, gut interpersonal feel and empathy. These are not foreign concepts in business leadership overall — but in security it seems that that highly focused right brain mentality shirks from that view due to the potentially uncomfortable nature of the dialog. This does not benefit our field and while it is probably one of the hardest parts of being a women in security, this is also our greatest strength and largest differentiator. So I say embrace it and expand on it.
What advice would you give to those in considering security as a profession, or who are in security but want to take their career to the next level?
I would say that security is such a large and complex field that the best place to start is to understand what drives you. What makes you happy? What doesn't? What are you good at? What are you not? Personally I know that I am at my most happy and effective when I am driving teams and cultures through positive change to a larger vision while remaining effective in the little things and my relationships. I know that I am not good in maintaining the status quo. If you know yourself and your interests, you will be able to choose the right roles in the industry that fit what I call your personal happiness profile.