This one is so hard for me. In order to make the best decisions, sometimes you need to let your team work through finding the solution themselves. As a woman CEO in technology who didn’t study technology, I sometimes feel I need to show my value, prove that I deserve to be at the head of the table — so I want people to know I have an answer right away. I can end up regretting that and wish I’d let everyone else speak up first — the best solution could have remained unsaid out of respect for me as the boss. I personally really appreciate straight talk and welcome people coming up to me and professionally pointing out a potential flaw in a plan or an idea that didn’t get discussed. I recognize that speaking up is not easy for everyone and they may hold back if it appears I’ve endorsed or made a decision already.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Lisa Partridge. She started working with XYPRO Technology Corporation, a cybersecurity solutions company in Simi Valley, CA, in 1990 in the sales organization and assumed responsibility for the Sales and Marketing function as Vice President in 1997. Instrumental in XYPRO’s growth and leadership position in the HPE NonStop security world, Lisa was promoted to President in 2011 and assumed the role of CEO in 2014 following a management buyout of XYPRO’s founders. Lisa is a seasoned professional with hands on experience in many areas of a running and growing a software development organization, with a focus on employee engagement, customer relationship building and strategic product management decisions.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
Like many of life’s journeys, I got into technology indirectly and moved to Los Angeles unexpectedly. When I was a high schooler in Calgary, I had an inspiring teacher who often talked about her traveling experiences and her time in the Student Work Abroad Program (SWAP), which enabled her to live and work in the UK for a couple of years via a special VISA for commonwealth countries. I couldn’t wait to do the same thing! I applied for the Visa and in 1987 I headed to London! I had the time of my life! Living, working, exploring and learning to be an adult.
That teacher changed the trajectory of my life.
Eventually I landed at a software company that had a European sales distribution relationship with XYPRO Technology in California. Through the training process, I was able to get to know the folks at XYPRO and they invited me to join their company and come to California. Having never imagined living in the States, let alone glamorous Los Angeles, California, I was thrilled. For that opportunity, I am forever grateful.
I started out on the sales side of the organization here at XYPRO, which was a much smaller company at the time. In small companies, everyone pitches in to help in every area and so I learned a lot about what’s involved in running a software company, supporting customers, coming up with product ideas, networking, etc. The market for our solutions was a relatively niche group that uses a particular “big iron” server for very high volume online transaction processing. Our customers are B2B, Fortune 500 companies. Thanks to the vision of XYPRO’s founders, we pivoted our specialty focus to Cybersecurity in the early 1990s and were definitely early players in the space. Other than a small blip in 1994, our business grew slowly but steadily. I was allowed to be quite autonomous in how I built up the sales organization and distributor network, moving into an officer level role as VP of Sales and later promoted to company President. When the founders realized they wanted to retire, I was approached to gauge my interest in a management buy-out. I was terrified but with a partner I did it. In 2014 that deal was closed and I became the CEO.
The scariest part then and the scariest part now is being ultimately responsible for everything — Responsible to our client base and most importantly, to the employees who trust their jobs to the decisions I make.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much? Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I was in the right place well before the right time! I started working at XYPRO in the early 90s and our founder had identified cybersecurity as the future. When I first started with XYPRO, we were early participants in information security. It wasn’t a requirement, there were no compliance regulations in place — security was a “nice to have”. Those clients that came onboard back then were early adopters and visionaries who foresaw, as XYPRO’s founders did, the importance of security and protecting the data of their customers, which is all of us.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
I’m not sure that I found any of my mistakes funny. They usually ended up costing us money and I tried not to make them twice, that’s for sure.
I can tell you that with experience comes the ability to own up to a mistake and the value in that for yourself and those looking to you for leadership.
Are you working on any exciting new projects now? How do you think that will help people?
Our newest project is a product called XYGATE SecurityOne®. This is a next-generation risk management and security analytics platform that actively detects “Indicators of Compromise” and alerts on suspicious activity in real time. Our patented contextualization technology gathers data from multiple, disparate sources and uses specialized security intelligence algorithms to correlate, contextualize and analyze events to display a detailed security incident picture in real time. Those responsible for monitoring security at some of the largest banks and credit card companies in the world can detect security events and stop them in their tracks, before they become a breach.
Now that security is a requirement, the seriousness with which a company approaches protecting their customers data has a direct impact on their business and on public opinion. A security breach is more damaging than a network going down for other reasons (like hardware failure). A security breach requires that you notify your customers that their personal information may have been stolen. A preventable security breach can mean the end of someone’s career and potentially put a company completely out of business.
Security innovations that lead to products like XYPRO’s SecurityOne are there to protect your personal information, your money, your identity.
Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
It’s an industry that is moving so fast because those with malicious intent are smart and have the time and the resources to keep trying new ways to steal data, money or just cause chaos. Security professionals have to be right 100% of the time but the criminals only have to be right once and they’re in! Companies like XYPRO are constantly researching, investing, catching up and anticipating methods and finding ways to, at a minimum, reduce the risk. BYOD, IoT, VPN, ISO, PCI are all acronyms over which those responsible for the security of an organization, lose sleep.
According to Microsoft, 81% of data breaches occur because of weak, default, or stolen credentials and 99% of those attacks can be blocked by implementing Multi-Factor Authentication (MFA).
MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information:
- Something you know (password)
- Something you have (security token)
- Something you are (biometrics)
With the unfortunate increase in COVID-19 phishing scams targeting your remote workers, isolated from their day-to-day environments, there is no better time to implement multi-factor authentication across your critical applications, servers, and services.
President Biden’s recent executive order regarding cybersecurity directly addressed the need for MFA across all federal agencies.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
Most importantly, companies must begin to adopt a model of zero trust. This means that you verify all users, devices and applications trying to access your corporate network and revalidate that verification throughout the session.
It’s no longer safe to trust but verify. Don’t trust and always verify.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
I am not personally involved in thwarting cybersecurity breaches but I my company is! We’ve had the pleasure of not only being able to spot suspicious activity and help thwart an attack via our security analytics solutions but we’ve also been able to prove that an employee made a simple mistake and not damaging company data intentionally.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
One of the most vulnerable points in a company are the employees and email. Its ability to trick the recipient into clicking on a link they shouldn’t and quietly infecting their computer with malware gives an intruder the ability to logon without detection whenever they want, stealing credentials, company secrets, account details, personal health information, you name it. It can take a company down! To combat this, we use security testing tools that not only provide training to our employees along with verification tests but also tests the staff on a regular basis with “fake” emails that reinforce the lessons they’ve been taught about cybersecurity and spotting suspicious emails. There are several companies out there that perform this service, I’d rather not say which ones we use.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
You must identify who is in charge and responsible for executing the steps of your incident response plan. That plan should outline who is responsible for which tasks. Without a plan, a crisis becomes a chaotic situation very easily. You must ensure your team has solid direction from a single source.
The next most important role is the public information officer — your identified single source responsible for all outbound communications.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
Most people have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate business networks. They’re a cyber criminal’s best friend.
Couple this password laziness with a lack of Multi-factor Authentication and this is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them.
Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?
Luckily, the status quo is no longer the status quo. Things are moving at a rapid rate — Girls Who Code, Women in STEM, Women in Tech — these are all organizations focused on encouraging technical education, networking, internships, mentoring and more — Opportunities to be exposed to Science, Technology, Engineering & Math, where it hasn’t been previously encouraged, opening up doors that were historically open only a crack. It’s a great start. It’s still not an equal representation for women but it will get even better over time. My son has asked, “Why are there special computer classes for girls?” This is progress, as he doesn’t know a world where it’s odd for the girls to be scientists, coders, CEOs. I know at XYPRO we get more applications from women than ever before. Our internship program, which started about 12 years ago is a great indicator — the first intern we ever hired was a woman in her 40s who had gone back to school to learn a new skill after raising her kids. It was the start of a very successful program at XYPRO from which we do the majority of our full-time recruiting in all the disciplines related to a software development company.
What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?
That it’s boring. Trust me, things are changing every day and if your goal is to be current with all that is happening, you will never be bored.
Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)
1. You’re a leader — decide what kind. Practice being the type of leader you had or wanted. When you fall short, apologize if that’s warranted and try to do better.
Make your instructions clear and your expectations high. Be there to help them and reward them with more opportunities to learn and shine. People will work very hard for you if they know you aren’t just waiting for them to screw up. Similarly, if someone isn’t pulling their weight, you have to tell them. Give them a chance to do better, but if they’re not cut out for the environment or the task, be honest and don’t prolong the agony. Finally, don’t take credit for other people’s achievements — it’s far better to make it known that someone awesome on your team came up with the idea that saved the day. That type of honesty is good for everyone.
2. Try to listen more than talk. This one is so hard for me. In order to make the best decisions, sometimes you need to let your team work through finding the solution themselves. As a woman CEO in technology who didn’t study technology, I sometimes feel I need to show my value, prove that I deserve to be at the head of the table — so I want people to know I have an answer right away. I can end up regretting that and wish I’d let everyone else speak up first — the best solution could have remained unsaid out of respect for me as the boss. I personally really appreciate straight talk and welcome people coming up to me and professionally pointing out a potential flaw in a plan or an idea that didn’t get discussed. I recognize that speaking up is not easy for everyone and they may hold back if it appears I’ve endorsed or made a decision already.
In group meetings, I’ll write in the corner of my notebook “don’t talk” just to remind myself. Some of the best ideas can be revealed that way.
3. Pay attention to the type of employee you tend to hire. Are you really making sure to diversify your team? Is there representation from different genders, cultures, orientations? It really does make a difference. You’re limiting the creativity and problem solving by hiring the same type of employee over and over. You may be saying to yourself: “I want to hire the best! Male or female.” and that’s true, I completely agree — but what is your definition of “the best”? It’s important to search beyond the familiar — that’s where ingenuity and collaboration can really blossom. And don’t forget that time when someone gave you a chance.
4. Pay it back. If personal gain and recognition is your motivator, I think you’ll find little support from those around you. Make your team the reason you do what you do. Someone gave you a chance, make sure there are opportunities for others to capitalize on such a chance.
5. Support yourself. The isolation of leadership can be difficult. When you start out as part of the workforce and then advance up the ladder you’ll have to learn to limit what you share and with whom. You lose camaraderie, sounding boards and sometimes friends. It’s important to find and maintain, supportive, trusting relationships. Find interests outside of work and seek out external advisors, networking groups or leadership coaches. I am a member of Vistage, a management networking group, and it’s literally been invaluable for me as a person and for the decisions I’ve made for the company.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them.
Selfishly, I’d love a sit down with Simon Sinek and Brene Brown. I respect both their thought processes and admire their positions on how you treat other people and how you treat yourself. That you can always keep trying to do the right thing, even if you’re not successful 100% of the time.
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!