Simplicity is the new competitive advantage. Simplicity trumps complexity every time. To quote another of my extraordinary mentors, Michael Stankosky in his book 21 for 21, Leading the 21st Century Global Enterprise. Especially in the cybersecurity space, we get bogged down in the technical minutiae and perhaps paralyzed in analysis. To lead is to be a great communicator, listening for the level of understanding of our audience. Ask yourself, did the message land over there to accomplish my purpose. As a CISO, you have at best, 5 minutes with the Board of Directors, distill the message to its essence, in the language of the business.
A sa part of my series about “Lessons From Inspirational Women in STEM and Tech”, I had the pleasure of interviewingJill Allison, Advisory CISO at Kudelski Security
As Advisory CISO for Kudelski Security, Ms. Allison provides strategic advisory services to cybersecurity and enterprise risk management teams in areas of strategy and governance; risk, threat and vulnerability assessment; incident response and cyber resiliency. In this role she helps CISOs mature their cyber security programs and achieve agile security initiatives that align with business priorities and secure board-level investment commitments.
She brings over 30 years of cybersecurity industry and enterprise risk leadership experience with focus in consulting and advisory. She has consulted for clients spanning industry sectors, including financial services, retail, health care, critical infrastructure, energy, medical device, manufacturing, technology development, and cloud service providers. In areas of strategic alliances, she served on the leadership team for the Manhattan Cyber Project, National Biometric Security Project (NBSP), and consortium to deliver the first cybersecurity insurance coverage from partners Cigna, SAIC and Pinkertons. Her background includes a B.A. in Economics from Gustavus Adolphus College, M.I.M. in Technology Management from Thunderbird Graduate School of International Management, and M.B.A. from the Wharton School in Strategic and Entrepreneurial Management. Her volunteer leadership roles include Advisory Board for the Cyber Security Summit, InfraGard Minnesota Executive Board, and currently planning launch for the Minnesota affiliate of Women in Cyber Security (WiCyS).
Thank you so much for doing this with us! Can you tell us a story about what brought you to this specific career path?
Myfirst professional role out of graduate school was as a program analyst for a boutique security consultancy who were designing sophisticated security systems for upgrading all of the U.S. embassies worldwide in the wake of the Beirut embassy terrorist bombing. The firm’s leadership team embodied a guiding philosophy for holistic security program development and systems integration encompassing core elements of people, process and technology to deliver extraordinary program outcomes. Their core values, mission and business model were formative in influencing my cybersecurity career path.
Can you share the most interesting story that happened to you since you began at your company?
Inmy initial consulting company tenure, our teams evaluated many emerging security technologies for high-end government and industry applications. The most interesting innovation came to us from two ophthalmologists and a software genius who collaborated to patent the world’s first biometric technology algorithms for iris recognition. Our management team spun-off an entrepreneurial venture to commercialize this ground-breaking iris recognition technology and license the intellectual property and software for secure identification and access control systems worldwide.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
Not a mistake, but a lesson in recruiting for diversity in a male-dominated engineering firm. While I was working at IriScan, and the company grew, I was presented the opportunity to recommend my first professional hire. She was an excellent candidate and I was thrilled when she accepted the offer. After accepting the role, she let me know she happened to be three months pregnant and would need to have time off at the end of the year. Important lessons learned in factors to consider recruiting and retaining diverse talent, and the value employees associate with managers who work to understand and accommodate work life balance and long-term career development. My CEO later told me her hiring was one of the best investments the company had made and credited me for the decision.
What do you think makes your company stand out? Can you share a story?
Kudelski Security has a compelling vision to continually challenge the cybersecurity status quo, with focus on highly differentiating solutions and services enriched with proprietary innovation and advanced R&D. The company’s deep engineering capability and drive to solve our clients most difficult cybersecurity problems is something truly special and led me to join this amazing enterprise.
Our strategic investment in innovative technologies and understanding of emerging applications is translated into pragmatic solutions for our clients to manage expanding risks and increased complexity of their network environments.
One challenge many of our client organizations are navigating is managing secure application development initiatives and cloud migration strategies to support digital business transformation. Our advisory teams are called in to support from leadership decision making and provide guidance to frame security and digital risk impacts of strategic investment decisions. In one case, we built trust with a client through our relationship in managed security services monitoring of their enterprise networks. This trust evolved as we delivered on cloud strategy assessment and recommendations for board-level decision to bring critical application development in-house from outsourced third parties.
Are you working on any exciting new projects now? How do you think that will help people?
Yes, we have a number of exciting initiatives supporting CISOs and their teams in the area cyber business management delivered via our Secure Blueprint platform. This strategic management platform enables CISOs to gain and maintain visibility across the span of their cyber program elements with metrics to prioritize initiatives, inform investment decisions and drive continuous maturity improvement.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Are you currently satisfied with the status quo regarding women in STEM? What specific changes do you think are needed to change the status quo?
Myperspective is focused on challenging the status quo of women in cybersecurity.
While we’ve made strides in recent years, current research from Cyber Security Ventures estimates women comprise only 20% of the cybersecurity work force. By 2021, it is projected that as an industry we are facing a shortfall of 3.5 million unfilled cybersecurity job openings. To address this gap, we need to raise the bar and target something closer to 50% of future cyber workforce to be women.
There is also an imperative to bring greater diversity of thought to address the emerging threat landscape as well as address the significant talent and resource shortage in the cybersecurity space.
In your opinion, what are the biggest challenges faced by women in STEM or Tech that aren’t typically faced by their male counterparts? What would you suggest to address this?
There is a longitudinal study from MIT engineering graduates which reflects that while 20% of them are women, 40% of these either quit or never take up the profession, due to the masculine culture of the profession, being marginalized on project teams, negative internship and placement experiences.
There are cultural issues of conscious and unconscious bias that are being addressed in most organizations today. If you consider 80% of the cybersecurity workforce are men, then we need to come together to proactively address structural and cultural obstacles to workplace change. I think this starts with leadership and is incumbent on all of us to advocate for women and expand mentoring relationships. My first mentors were men that championed me and the confidence this instills is critically important.
What are the “myths” that you would like to dispel about being a woman in STEM or Tech. Can you explain what you mean?
One myth I would like to dispel is that there is a certain career path to advance in cybersecurity. Everyone needs to code, for example. Understanding technology is important, however something much less than half of our cyber talent stemmed from a computer science or IT specific discipline.
Whatever your path, ongoing training and development is vital, investing in online courses and taking advantage of educational pathways offered by employers is invaluable. Security analysts, privacy practitioners and risk management professionals may come from STEM or liberal arts, communications, or unconventional backgrounds. Given the resource shortages we face, recruiting and retention programs need to build on our strengths and augment training opportunities to address gaps.
What are your “5 Leadership Lessons I Learned From My Experience as a Woman in STEM or Tech” and why. (Please share a story or example for each.)
- Simplicity is the new competitive advantage. Simplicity trumps complexity every time. To quote another of my extraordinary mentors, Michael Stankosky in his book 21 for 21, Leading the 21st Century Global Enterprise. Especially in the cybersecurity space, we get bogged down in the technical minutiae and perhaps paralyzed in analysis. To lead is to be a great communicator, listening for the level of understanding of our audience. Ask yourself, did the message land over there to accomplish my purpose. As a CISO, you have at best, 5 minutes with the Board of Directors, distill the message to its essence, in the language of the business.
- Embrace risk. Fail fast — and learn from it and don’t make the same mistake twice. My career has been a journey integrating emerging technologies, entrepreneurial ventures in service of a greater cybersecurity mission.
- Authenticity. Be yourself and be true to yourself. No job is worth sacrificing your integrity.
- Pursue excellence. Don’t cut corners, ask yourself, is this fulfilled the best I know to do, and how it was intended to be fulfilled.
- Be an upstander for each other. Tim Crothers, VP Cybersecurity from Target Corporation shared with me an excellent book, That’s What She Said, What Men and Women Need to Know About Working Together. What he is practicing at Target Corporation, an enterprise with an exemplary workplace culture for embracing diversity, speaks volumes. We can all take pragmatic lessons from Joanne Lipman’s book on how to bring out the best in each other.
What advice would you give to other female leaders to help their team to thrive?
Make sure everyone has opportunity to contribute and manage healthy and respectful communication. Listen to your team, they might be the ones teaching you something new or improving a process, either way our end goal is to thrive as a company and as a team, their win is “our win.”
Speak to them from a place of truth and power, but don’t stop there, mentor them, give them direction and create a sense of community for them to be able to openly share ideas, challenges and issues to — at the end — be able to give the best result for the company and support their own growth.
What advice would you give to other female leaders about the best way to manage a large team?
Trust your team. Provide the high-level vision and sustain it over time. Let the creative collective power of the teamwork build the roadmap to deliver results.
None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story about that?
Iwas fortunate to have been blessed with some invaluable mentors in my career. The founder of Penn Central Technical Security, IriScan, National Biometric Security Project, John Siedlarz, was a fantastic leader and visionary. He also embodied values of integrity, kindness and had a real gift for building extraordinary teams. These trusted relationships are foundational in the security community, and I’ve found a common sense of mission in leveraging talent and resources to face the tremendous challenges to address cybersecurity threats, protect critical infrastructures and manage digital risk to organizations.
How have you used your success to bring goodness to the world?
Iam passionate about supporting the cybersecurity community in our region, and volunteer in leadership roles with several organizations. I am a Secretary to InfraGardMN Alliance, I am part of the Advisory Board, International Committee for the Cyber Security Summit in Minneapolis, and lead the CISO Collaborative program series in the Twin Cities.
With the Cyber Security Summit, we are leading initiatives for the CISO community and women in Tech as part of an ongoing Women in Cyber series. Upcoming events include a Women in Cyber retreat during the first quarter of 2020, with a strong contingent of women CISOs in our region; and launching the Women in Cyber Golf Open in June, to raise money for STEM and Breast Cancer research.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂
Listen for what we have in common, rather than focus on division and what separates us. Inclusion should be one of the biggest movements not only in a work environment but in all aspects of our life.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
“Every organization needs (at least) one core competence: innovation.” — Peter Drucker
I’ve always been attracted to organizations with innovation at the heart of their enterprise. Given the technology changes impacting companies and industries I’ve worked for over my career, the ability to adapt and take advantage of changing environments is compelling. That’s why Kudelski Security’s mantra to challenge the status quo and identity as a technology disrupter is interesting as a business model.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch with, and why? He or she might just see this if we tag them 🙂
Iheard Reshma Saujani at the RSA Conference a couple years ago who had taken on a bold promise to change the way coding occurred for girls over the next decade. She was completely inspiring.
I would love to get a chance check on her progress and join her movement. She distinguished how girls tended to avoid failure, seeking something like perfectionism, and this thwarted coding skill building where you learned by continually making mistakes and course correction. She was bringing coding camps to young girls.