“Be authentic”, With Jason Remillard and Leah MacMillan of Trend Micro

I’ve learned that to be an effective leader you need to establish a level of trust with your employees and peers. Trust is built through a consistent demonstration of honesty, integrity, empathy, vulnerability and an appropriate level of intimacy — an intimacy that involves sharing parts of our lives beyond the office (or video meetings these days). […]

Thrive invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive or its employees. More information on our Community guidelines is available here.

I’ve learned that to be an effective leader you need to establish a level of trust with your employees and peers. Trust is built through a consistent demonstration of honesty, integrity, empathy, vulnerability and an appropriate level of intimacy — an intimacy that involves sharing parts of our lives beyond the office (or video meetings these days). You need to allow your team members to see you as an authentic human.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Leah MacMillan.

As CMO, Leah MacMillan is responsible for all aspects of global marketing strategy and operations.

Her oversight includes all functions that drive greater awareness, interest, and preference for Trend Micro and its solutions globally: corporate brand management, product marketing, analyst and media relations, web and digital marketing, as well as communications and events. Leah’s passion for high-tech innovation and storytelling has fueled her success throughout her career.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

My dad was a pilot in the Canadian Air Force, so I grew up as a military brat, moving every two or three years. I think I lived in ten houses by the time I graduated high school and spent about a third of my early years living in Europe. Having to move frequently and being exposed to other cultures and languages helped me learn how to adapt quickly to new situations and also fueled my desire to see the world.

When we settled in Canada towards the end of my father’s career, my mother — who had been continually adding to her credentials over the years — opened up a successful psychology practice and helped establish a Women’s Business Network in Ottawa. We were extremely close, and she was an incredible role model for me…not only as a successful businesswoman, but as a kind, positive, energetic friend to many.

I was one of those kids who enjoyed a variety of activities in high school — I played on most team sports, was in the school band, and part of the drama club. Outside of school I played competitive basketball and that experience had an incredible impact on my ability to collaborate in team environments, and ultimately to lead and inspire others. I went on to play four years as a starting guard and co-captain for McGill University while I earned my business degree, and then spent a year playing basketball for a competitive team in the Italian-speaking part of Switzerland after I graduated. I played basketball on a fairly regular basis right into my 40’s at which point my body demanded sports that were easier on my knees.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

There is a TED Talk that jumps to mind that affected me at a critical time a few years ago: Elizabeth Gilbert’s talk from TED2009 called “Your elusive creative genius.” I actually didn’t watch it until the end of 2017 or so, at a time when I was feeling incredible pressure to create and evangelize an updated corporate story. I wasn’t sure I could improve on what I had done the year before and I was feeling stuck. I could feel the weight and importance of ‘getting it right’ and was anxious knowing time was running out before I had to share it with our entire salesforce and the market. Elizabeth’s message of releasing the anxiety, taking a moment to pause and understand that the creativity will come resonated so deeply with me, and as a result I gave myself the permission to let the creative process run its natural course. Ultimately, the ideas flowed, and the story came together beautifully just in time. I still think about that particular TED talk when I find myself in a similar place.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I started in cybersecurity in 1997, at a time before security was ‘cool’, and I honestly don’t think I consciously knew how important this industry would become. I had spent the early part of my career at Corel Corporation, a B2C software company, where I had run product management and gained experience in international sales and marketing. I was recruited to join Entrust Technologies — which at the time was a private, early-stage startup — to lend my expertise in driving the product management and design of desktop applications. Joining Entrust was a pivotal decision in my career. For eight years, I worked closely with large enterprises and government agencies to help solve their identity and data protection requirements. I experienced the growth of the company through public offering and tech bubble and met some of the brightest and most inspiring colleagues of my career. It is no coincidence that many of those colleagues that I met during my tenure at Entrust are also now fighting the bad guys at Trend Micro.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

It probably didn’t seem funny at the time — in fact I think I was mortified — but I can’t help but laugh about one of my mistakes now. A couple of years into my career, I stepped in to run media and industry analyst relations for someone out on maternity leave, and I was very keen to touch base with all of the key contacts to establish a personal relationship. This was pre-email days, so I was calling each person by phone. On the very first morning of calls, at about 8:30 am ET, I reached out to one of the most important contacts. Unfortunately, she was based in California and I woke her up at 5:30 am! She answered and suggested that perhaps we pick a better time to chat. Ooops! I have never made that mistake again. It is a simple lesson, but a good reminder to be very conscious of time zones when connecting with people around the world.

Are you working on any exciting new projects now? How do you think that will help people?

The project that I am most excited about is the formal establishment of Trend Micro’s program for Diversity, Equity and Inclusion (DEI). For several years, I have been part of driving great equity for women in technology with our “Close the Gap” initiative, but I am excited to be part of a team that is now expanding and formalizing a much broader DEI program, creating an environment in which any individual or group can be and feel welcomed, respected, supported, and valued to fully participate. All employees and managers will benefit as they will gain greater awareness, sensitivity and training around bias and potentially exclusionary behavior and how to create the best culture and environment for everyone. As the site leader for Trend Micro Canada, I am also helping to tune the program specifically for Canadians.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

The connected world has introduced many positive changes, including our ability to deal with the turbulent recent times that have seen unprecedented changes and that are merging our personal and business lives together in unexpected ways. People are working from home, from cafes…from anywhere. And with these changes come risks and concerns that need to be addressed.

  1. Complexity: The use of new environments, especially cloud (like AWS and Microsoft Azure), SaaS (like Microsoft 365 and Dropbox), and the Internet of Things (IoT) are making it very difficult to manage securely, especially with the extended mobile workforce we are seeing because of COVID-19.
  2. This complexity combined with a very real cybersecurity skills gap leads to misconfiguration and mistakes that ultimately need to be dealt with in some way. At this point, the skills gap is getting dangerously close to a skills crisis.
  3. This is further compounded by a continuous stream of vulnerabilities, like Zero Logon, that could be used to attack an organization with damaging threats like Ryuk ransomware.

It has never been more important for organizations to take security very seriously, requiring not only user education but also a strategy that includes a layered approach to protection, detection, and response (there is no silver bullet!), combined with using data from ongoing research into the threats of today and tomorrow to keep pace with the continuous advancement of cyber threats.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

Digital transformation and the cloud have changed the approach to application delivery, increasing in both speed and sophistication while being influenced by a highly connected global competitive market. The public cloud(s) and new technologies like virtualized workloads, including containers and server-less, have introduced new delivery approaches like DevOps as well as pushing organizations to leverage SaaS apps for increased competitiveness.

However, just as businesses have increased in sophistication, so too have the cybercriminals and the attacks they launch. Cybercriminals now have more than 20 years of professionalism under their belt — this is not a hacker in a basement — and they are profit-focused businesses intent on breaching & exploiting companies using attacks like ransomware and business email compromise.

The combination of new technologies and cybercriminal sophistication adds up to major risks for organizations everywhere. And with the majority of organizations having 25+ security tools to manage while dealing with an unprecedented global skills shortage for security professionals, the threat of significant disruption to an organization is very real, including to those dealing with critical infrastructure where an attack can have significant human and economic impacts. Good recent examples of the types of threats include Ryuk, Sunburst, and DoppelPaymer, all which have caused significant damage to date — and promise more in the future.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

With over 500,000 commercial customers around the world, we are constantly shielding our customers from breaches. However, there is no silver bullet when it comes to security, so we are continuously looking for ways to identify and stop threats sooner, minimizing or stopping damage from occurring.

A recent example where we helped to identify and stop a potential breach was with a large European organization. With our deep knowledge of new threats like Ryuk and Sunburst combined with our global threat intelligence network, we were able to identify multiple indicators of compromise (IoCs) in the customers network that showed that an attack using the Ryuk ransomware was imminent. We were able to proactively reach out to that customer and work with them to both clean up their environment as well as more effectively protect their infrastructure with some of our advanced new SaaS security offerings. We also tapped experts to help augment their overwhelmed security teams.

The big take-away from this example is that being able to see across the entire enterprise IT infrastructure with a cybersecurity platform that has visibility, detection, and response capabilities is critical to being able to minimize and even stop threats. And being a global provider of cybersecurity with so much experience, depth, and desire to help our customers is something that truly helps us to deliver.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

Well, as an experienced cybersecurity professional, I probably understand the risks we are all facing every day, but the good news is that we all have the ability to protect ourselves, especially in the face of the global pandemic everyone is dealing with.

In addition to keeping my devices patched and updated, the 3 key cybersecurity tools that I use regularly include:

  • Endpoint protection for both my work and home computers. I keep these solutions current and they definitely do catch and contain threats. The most popular and recognizable type of endpoint security is antivirus solutions, which in addition to securing computers, are effective with tablets, mobile phones, Internet-of-things devices, and other wireless devices.
  • I use a router that has some advanced capabilities for shielding my entire home network from threats (using IPS technologies from Trend Micro), and I configure that router for maximum security (e.g., no remote administration from the Internet).
  • I also use 2-factor authentication not only for secure remote access to my company’s enterprise data and applications, but also at home for authorized access to personal applications like email and banking. I highly recommend this to everyone wherever possible, as it enables your mobile phone to become a way to stop cyber criminals from hijacking your identity and personal accounts. If you aren’t’ familiar with 2-factr authentication, it’s essentially an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. For example, if I log in to my bank account using my username and password (factor 1), I will then be sent a security code via text message to my phone to submit and confirm (factor 2) before being authorized access.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

That’s such an important question! I would say that the key things are to:

  1. Look for security agents that have been removed or turned off systems that have had them installed previously.
  2. Check logs for evidence of early warning malware that is associated with attack groups or known ransomware families. (e.g., Trickbot, Cobalt Strike led to Ryuk).
  3. Check for evidence of credential theft of your critical administrative accounts.

Of course, I would be remiss if I didn’t mention that ensuring that you have modern, current security in place can really help to ensure that the number of hidden threats are minimized.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

There are some critical things that should happen, including:

  • Follow the previously created incident response plan for managing a breach. If one hasn’t been developed, that is the first step to do now as a part of dealing with the issue. If help is required, reach out to a trusted security provider for incident response.
  • Identify any known system compromise and take them off the network, but do not re-build them until all forensic data has been recovered.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

With organizations overwhelmed by an acceleration of digital transformation and a lack of cybersecurity skills, the common mistakes that we see include:

  • Not running the most updated version of their security applications, including all security patches.
  • Not enabling the latest advanced threat detection technologies.
  • Risky user behavior that exposes the entire company to cyber threats such as ransomware or targeted attacks.

Key things that can help include:

  • Utilizing 2-factor authentication for administrative account access.
  • Patching critical operating systems and applications.
  • Leveraging current (and keeping it current) security tools that can detect the latest in advanced threats. SaaS offerings for security can really help with this.
  • Leveraging security service offerings (e.g., managed detection and response) to augment their security teams.
  • Training all users on security policies and procedures, especially how to spot and avoid clicking on malicious links in phishing emails.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

No, I don’t believe any of us should be satisfied with the representation of women in STEM. Studies have shown — and experience affirms — that teams make better decisions and perform better when those teams have gender diversity.

  • One of the key challenges the industry faces is in building a bigger pipeline of women in STEM. We need to encourage young women to choose education and careers in this space. There are some great organizations that are helping to address this challenge. Two that I have been personally involved with as a mentor are ‘Girls in Tech’ and ‘Technovation’, and there are others out there too. I would like to encourage experienced leaders in tech to participate in inspiring and mentoring these young women. We should also look to celebrate and share stories of successful women in STEM on social media, for example, promoting real-world role models to our next generation.
  • We also need to challenge our organizations to do whatever is possible to remove bias of all kinds from the recruiting process. This can include concepts like ‘blind resumes’, where the candidate’s name is removed to hide the gender and other indicators of bias from the review process.
  • And finally, a key challenge is to create an environment that is welcoming, equitable and inclusive for everyone. This requires a conscious effort by the organization to formalize these initiatives, including awareness and training for all managers and employees.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

I think one of the biggest myths about working in the cybersecurity industry is that people should only look at the ‘shiny, new’ security vendors when they want to be involved in the latest in technology. Working for a company like Trend Micro with over 30 years of experience means that we face this myth often in the market, but we are living proof that experience is a good thing when combined with a culture of innovation and passion for helping customers. This applies to both people looking to work in cybersecurity as well as organizations evaluating who to partner with.

A second myth that I would like to highlight is that the cybersecurity industry is only about the technical threats that organizations are facing. Security is an enabler for digital transformation, which means that it’s about more than just advanced features like artificial intelligence and cloud data lakes — these are important of course, but there is more. It’s also about figuring out how to make it easy for customers to buy, both to expand the use of what they have and also try new capabilities that address new digital transformation challenges. And it’s about making it easy for organizations to understand their security posture in ways that help the business make better decisions — it’s all about making an organization resilient so that they can go further and do more.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

  1. Be authentic

This is the perhaps the most important aspect of leadership: always be yourself; be authentic.

I’ve learned that to be an effective leader you need to establish a level of trust with your employees and peers. Trust is built through a consistent demonstration of honesty, integrity, empathy, vulnerability and an appropriate level of intimacy — an intimacy that involves sharing parts of our lives beyond the office (or video meetings these days). You need to allow your team members to see you as an authentic human.

It should be noted that trust takes time to build, but it is quickly destroyed if the leader is perceived as disingenuous, patronizing or having a hidden agenda. I have personally experienced the instant loss of trust in a leader when I discovered that he had lied about a situation in order to manipulate my actions.

Trust in leadership has never been more important than during the pandemic. The lack of face-to-face interaction for well over a year has been tough on everyone. Even in these times, when we are all working at home, I believe my team feels that we have a safe environment where people are comfortable sharing their challenges surrounding home schooling, back-to-back video meeting fatigue, constant isolation and worry for friends and the community and more. This has allowed us to move forward as a team — not only supporting each other during these unprecedented times but feeling united as we work towards a common vision.

There is no doubt that being truly authentic requires a certain level of confidence that who you are as a person and what you have to offer in terms of your ability at this point in time, is enough. As a woman in leadership, this means that I don’t need to “act like a man” or shy away from using the qualities that I naturally bring to the table. After all, diversity only makes us stronger. My colleagues have often told me they value my ability to communicate clearly, motivate and mentor employees, pick up on subtle clues and “read the room”, and be a good sounding board when they need guidance. Whether or not these are perceived as “female qualities”, they are part of my true self and have been key to my leadership success for thirty years.

2. You learn from every experience

I encourage everyone, especially early in their careers, to say “yes” to new opportunities…and to do so with enthusiasm! Through your own experiences and by witnessing experiences of those around you, recognize that you can take something from every experience — even the ones you don’t particularly enjoy at the time.

In the early phase of your career when you are still trying to figure out what you love most in this world, others can often see the potential in you that you haven’t even realized yet. I can think of countless examples of roles that I accepted along my journey that I didn’t think I was ready for — or didn’t think that I would enjoy — but that gave me a new skill and perspective I could take with me into future opportunities.

Three months into my very first tech job in the early 90’s, I was asked to spend mornings doing inside sales for the Italian market (having recently come back from playing basketball overseas and still fluent in Italian at that time), and the afternoons doing competitive analysis for the product management team. I had no idea how this fractured role could possibly work, but my manager had a vision. Through this experience I not only learned the technical details of the product, but how to communicate its value to real customers. Ultimately, these proved a perfectly matched combination of skills to acquire.

At that same company — within a seven-year period — I said “yes” to opportunities that ranged from managing a team of summer students, to traveling as a sales rep for the UK, Australia and New Zealand markets, to speaking frequently as a product demo specialist, to running media and analyst relations, to leading a large product management organization. Throughout my time there, I was fortunate to travel the world and gain experience that spanned the software development and sales and marketing spectrums.

I believe that leaders thrive on challenge and opportunity and are willing to try new things to gain a breadth of experience and knowledge. With experience and success, you have the perspective and authority to take a more active role in creating your own opportunities for growth.

3. Respect everyone in the room

Having been part of many kinds of teams over the course of my career, from the typically more introverted software development teams to the more outspoken marketing and sales teams, I’ve learned that we ALL think and communicate differently. I tend to be someone that likes to talk through issues, using visuals and white board scribbles to work through concepts…but that certainly isn’t everyone’s style.

One of the most important lessons I’ve learned as a leader is to respect everyone’s contribution. As a leader, it is my job to guide the conversation, inviting insight and ideas from every person in a meeting, for example, regardless of their title, years of experience or communication style. There are some people who need time to process their thoughts before they can articulate them, and that is equally as valuable as someone who can instantly communicate in real-time. And sometimes, a totally fresh perspective can be more valuable than years of expertise around an issue. As a leader, it is your job to provide the space to consider all perspectives.

A few years ago, all my team members and peers applied the Herrmann Brain Dominance Instrument (HBDI), a system to measure and describe thinking preferences in people. The results were very insightful, highlighting that some of us were more inclined to right-brained conceptual thinking and/or feeling, whereas others were more left-brained analytical thinkers and/or practical planners, or some a combination of each. We have since openly identified ourselves by our thinking preferences (affectionately referred to as our ‘colors’ in HBDI lingo), which has eased the understanding and respect of each other’s styles and helped in our interactions and communication daily.

As a leader, leveraging the HBDI system has been an invaluable tool for understanding the thinking preferences and strengths of my own team members. Based on the results, I have specifically guided a few of my team members to take on different roles based on their thinking preferences: one manager took on greater analytical and planning activities based on her strong left-brained preferences; another changed roles entirely to embrace his imaginative, conceptual abilities.

4. Hire smart people and empower them

There is one thing that I know for sure: you can’t know everything. While great leaders constantly learn and thrive when faced with new challenges, they also realize that being a good leader also means building a diverse team of specialists and empowering them to be at their best.

As a Chief Marketing Officer, I have personally performed many of the marketing functions during my 30+ years in tech, so I am fortunate to be able to leverage my knowledge and acquired skill set to help drive better outcomes in many circumstances. That said, I certainly haven’t rolled up my sleeves on every single marketing function, nor have I been deep in the weeds of the newest marketing technologies, so I have surrounded myself with smart people who can lend their area of expertise.

Of course, part of hiring great people onto your team is empowering them to be at their best. Setting the vision and offering guidance to your team — and not micro-managing them — empowers people to take on more of the decision-making, learn quickly from their own mistakes, and feel better about contributing to the team’s success.

The job of a leader is to set the vision, guide the team, communicate the team members’ successes, and remove any roadblocks in their path. If done well, a leader’s team members will shine, and they will be ready to take on the next opportunity in their own journey. That can be one of the hardest — but also proudest — moments for a good leader. Your best people will be recruited for great opportunities. However, you need to remember that old saying: “If you love something, set it free; if it comes back it’s yours.” That is a lesson that I’ve learned repeatedly over the years. People will always remember what it’s like to work with a leader who empowered and developed them, and they will want to work with them again. In my own experience, I’m happy to say that there are several fantastic people who I’ve had the chance to work with several times, at several different companies.

5. Inspire

My final leadership lesson is that the job of the leader is to inspire those around her — not just her own team members, but other stakeholders too. Providing inspiration is not about delegating tasks and checking up on their progress; it is about communicating a vision that stimulates others to feel and do something. If inspired, employees will want to follow the leader and feel committed to contributing to the collective success.

Leaders need to remember that there are several important elements of communicating that vision in a way that is truly inspirational:

  • First, people need to understand the ‘what’ and ‘why’ of the vision. This requires the leader to ‘paint a picture’ of what things will look like if the vision is achieved, and share ideas regarding the strategy to achieve it, and desired outcomes to measure success.
  • Second, it is critical that the leader truly believes in this vision, and that her passion and enthusiasm is evident.
  • Third, the leader needs to repeat the vision, strategies and goals often to ensure that there is a common understanding and alignment.
  • Finally, the leader needs to communicate frequently regarding how things are progressing and acknowledge and thank those that have contributed to the early successes.

As our ‘chief storyteller’, part of my job is to help formulate and communicate our corporate vision and strategy, and to inspire teams across the company (especially sales and marketing) to go forth and capture the incredible market opportunities available to us.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂

Without a doubt, the first person that comes to mind for me is Michelle Obama. I had the opportunity to see her speak twice as part of her ‘Becoming’ tour in 2019 and I thoroughly enjoyed her book. In some ways I feel I already know her and have a sense that we’d really hit it off. I found that her stories she shared about her role as a daughter, a wife, a mother and successful businesswoman were so relatable. Of course, there are so many quotable statements from her memoir, but perhaps this one captures so perfectly how I am feeling these days: “At fifty-four, I am still in progress, and I hope that I always will be.” I know that I am still learning, still evolving, still becoming. It would be a dream to meet Michelle as part of my journey.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.