These 10 women were selected for their longstanding contributions to the IT security space. As veterans in the field, they've served as exemplary women taking on leadership roles in the community. We celebrate by offering their stories as well as testimonials from colleagues who have been inspired by them.
Heather Adkins, director, information security, Google
In 2006, Heather Adkins, a founding member of the Google Security Team, wrote on the company's blog: “We've learned that when security is done right, it's done as a community.”
Although she credits the Google community for the company's successful security, Adkins, now the company's director of information security, more or less created the department on her own at age 25, before the department even existed. In May, she celebrated her 13th year with the company.
Prior to her work at Google, Adkins attended Humboldt State University, initially to study marine biology. While there, however, she found herself interested in the UNIX operating system.
She eventually got a job at Excite.com, a previously popular search engine, without finishing college. She attributed this to the lack of available education on the subject in formal institutions. She told one Silicon Valley-based publication that she and other were drawn to the field and unable to find it taught in schools. “For a young woman, it wasn't really available,” she told Silicon Valley Business Journal. “In the maths and sciences, there's a very small number of women and even fewer that have chosen security. The Facebook generation is maybe going to be more attuned to this, since it's right in front of your face. It will hopefully help girls understand this is an area of concern and a field of study or at least have an option to do it.”
On the security side, Adkins pronounced in 2013 that: “Passwords are dead,” and that they were “done at Google.” At the time, she mentioned Google's use of two-factor authentication and its hunt to find a password alternative, such as tokens.
Beyond her strong password stance, she stands by patching, as she told The Economist in 2014 that each month she holds a “monthly patch day,” to update all the software running on her electronic devices at home. – AC
Photo by Brandon Downey
Ann Barron-DiCamillo, director of US-CERT, U.S. Department of Homeland Security
Between her work with domestic and international organizations and staying abreast of constantly evolving technology and vulnerabilities that impact the nation's security, Ann Barron-DiCamillo, director of the United States Computer Emergency Readiness Team (US-CERT), readily shares that her job is “challenging, but a very rewarding career.”
The Oklahoma native leads the U.S. Department of Homeland Security's efforts to respond to major security incidents and collaboration with more than 400 public and private sector partners around the globe as it shares critical threat intelligence to thwart cyberattacks. Of her position overseeing round-the-clock operations at US-CERT, Barron-DiCamillo says that the team is exercising all the time for cyber incidents.
“We have a first-actions list that we have created based on operational events,” she says. So when we have a real live event, we are always improving. We always look at how we can improve the severity and follow-up of an event. It can take some time to do a full analysis of things, so while we do that, we are sharing information.”
Prior to joining DHS in October 2012, Barron-DiCamillo served as the chief of the Capabilities and Control Branch for the Defense Information Systems Agency (DISA) and, before that, as DISA's chief engineer at its Enclave Host Security Division. At DISA, she helped integrate host-based security and configuration risk management solutions, such as CMRS and HBSS, into the Defense Department's enterprise system architecture. Barron-DiCamillo, who has also served as the chief of analytical and modeling simulation within the Department of Commerce's National Telecommunications and Information Administration, reveals that she started her first IT job in 1997 on the Hill, right after finishing her undergraduate studies at Baylor University.
While serving as an administrative aide for Rep. Tom Coburn, who went on to serve two terms as a U.S. senator, Barron-DiCamillo helped manage the congressman's website.
“It was 1997 when I was starting and everyone was getting onto the internet at the time and getting a web presence,” she says. “And D.C. was kind of at the forefront of that.”
Nearly two decades later, Barron-DiCamillo looks back on her first job experiences and says that, while she had considered doing cybersecurity work before then, she hadn't previously considered it as a full-time job. Today, the industry, faced with a workforce shortage, must change this paradigm so that young people are contemplating opportunities in the field even earlier than she did.
“In the schools, we need to bring in educators and help them translate what cybersecurity is to their classrooms,” she says. “And encourage both girls and students of diverse backgrounds to enter the field. We've got to start filling these slots with professionals and explain that this is something that contributes to making the internet safer.”
Barron-DiCamillo, who earned her Master of Science Degree in Information Systems from American University in 2002 and became a Certified Information Systems Security Professional (CISSP) in 2003, is also a recipient of the Commerce Department's Bronze Medal Award for Superior Federal Service. – DW
Julie Cullivan, senior vice president of business operations and chief information officer, FireEye
In February 2013, Julie Cullivan was hired as Milpitas, Calif.-based network security firm FireEye's chief information officer, her first stint as CIO after having worked more than 25 years in the technology space in a number of marketing and sales roles. Cullivan, who served as vice president of global sales and marketing operations at Autodesk before coming to FireEye, says that she was excited about the prospect of joining the company being “very much aware of what they were doing” in the IT security space, though admittedly she was “a little nervous” about taking on her first CIO role.
Upon accepting the challenge, however, Cullivan learned that the job entailed making many decisions from a business and risk perspective. “It was like marrying the business perspective into what we need to do to grow in scale with our technology capabilities,” she explains.
Cullivan turned out to be a great fit for the CIO position, as well as a number of other roles at FireEye, as her title has since been expanded, says Dave DeWalt, CEO and Board Chairman at FireEye. Around a year after being appointed CIO, Cullivan was also named the senior vice president of business operations at the company. In addition, she also runs its integration office, where she oversees IT integration occurring when FireEye acquires or merges with other firms.
“She started running the integration office around the Mandiant acquisition time,” DeWalt says. “She oversaw the acquisition of Mandiant and nPulse Technologies – and really all the big projects in the company fall in her world. Whenever we have a new project, she helps run it.”
In January 2014, FireEye announced that it had acquired Mandiant, an incident response and forensic firm based in Alexandria, Va., that climbed in notoriety with its in-depth report on the inner workings of a China-based cyberespionage group, dubbed APT1. FireEye reportedly acquired Mandiant for just over $1 billion in cash and stock.
DeWalt says that, throughout her time at the company, Cullivan has really blossomed. “Giving her more roles seemed like a natural step,” DeWalt says.
Prior to her time at FireEye, Cullivan worked at Autodesk, and also held executive roles at McAfee, where she was senior vice president of worldwide sales operations, EMC, Asera and Oracle, where she got her start in the IT industry before moving up in the company to the position of vice president of sales consulting.
On attracting more women to the IT security field, Cullivan believes that “we need to start earlier in the career lifecycle to get them to understand that it's a really exciting opportunity. And it doesn't mean that everybody needs to be an engineer.”
For women who've already started careers in the space, Cullivan encourages them to be proactive and aggressive in making their goals come to fruition.
“You've got to be clear on what it is you want to do, and you have to raise your hand and go after it because people aren't going to do it for you,” she says. – DW
Kathy Fithen, CPO, Coca-Cola
Though she doesn't court it, Coca Cola Chief Privacy Officer (CPO) Kathy Fithen is quite comfortable catching the attention of others whether it's as the only woman in a room full of male executives or the only one sporting brightly colored clothing and shoes in a crowd clad mostly in what can best be described as “IBM blue” suits.
“I put my personality out there and my fashion,” says Fithen, who notes that well before she began her 14-year stint at Coke she was a buyer in the fashion industry. “I tend to wear bright colors, shoes and handbags…make my statement and show my personality in meetings.”
She also shows her privacy know-how, setting the tone for the beverage company's impressive privacy agenda.
Fithen found her way to Coke after consulting with the company about computer forensics and creating a blueprint for a program while she was at PwC. “Coke asked me to come build it out,” she says. And so she did. First building the forensics and incident response programs. When the latter moved to the IT department, she went with it and expanded the initiative. Forensics soon fell under the umbrella of corporate security. “When I was in IT, I helped build the privacy program out of IT,” she says. “My IT and security background helped ensure that we met privacy requirements.”
The first order of business when the effort got underway in 2005 was to develop a privacy council consisting of stakeholders from different divisions, such as HR, as well as global players. It's a move Fithen credits, in part, for the success of Coke's privacy program. “We worked together as privacy laws evolved and made sure we aligned with the laws,” she says. “Because of the partnership with legal, etc., we've built a robust program that's integrated and rolled out easily.”
When Coke created the CPO role four years ago, it naturally tapped Fithen to fill it.
Coke is “a marketing company through and through” with vast experience influencing consumers and others. And that's the same approach it's taken with privacy – launching general awareness initiatives and then more targeted awareness campaigns aimed at those employees handling sensitive information. A lot of people don't realize that they're dealing with data that needs to be protected, until you point it out to them, she explains.
“We've got to button down every single thing,” she says. In privacy as in security, “the hackers only have to find one thing.”
Fithen says that gender has never been an obstacle or disadvantage in her career. But being the only woman in the room raised her visibility and tested her memory skills. “Everyone remembered who I was, but I had to work harder to remember who they were,” she says.
She also “learned very early on to make sure I was correct when I was speaking about something,” she says. “And, if didn't know the answer, to say I'd come back.” A mentor early on in her career demonstrated by example how powerful it could be to listen. “He was quiet until he had something to say, then everyone listened,” she says. “I've used that.”
She passes many of those lessons on to the young women she mentors. “I want them to get into these fields, to know they're as good as everyone else,” says Fithen. – TR
Renee Guttmann, VP of information risk in the office of the CISO, Accuvant
For the past year, Renee Guttmann has served as the VP of information risk in the office of the CISO at Accuvant. In the role, she has a wide variety of responsibilities, some of which include driving strategies, providing guidance to security professionals and vendors, supporting the community through research and awareness, and ultimately helping to evolve information security and shape emerging practices.
Well before Guttmann entered the world of computers and information security, she was a young woman growing up in Canada who worked in a record shop, would sneak into jazz clubs in Toronto, and had aspirations of becoming a singer. Understanding the challenges of making it as a performer, she went to university where she graduated with a degree in historical archaeology, and later went on to use her skills at a variety of digs.
Seeking change, Guttmann eventually ended up making her way to Austria, the home of her parents. There, she became a nanny and took up residence with the family in a castle right outside of Vienna. She lived with the family for a while, but soon realized that she did not have much of a life outside of her duties, so – after a stint working as a translator – she decided to take a five-month programming course. It was during the class that Guttmann became enamored with computers.
Back in Canada, Guttmann faced one of the first challenges of her early career in the industry. The hiring manager at Black & Decker told her three times that she was not qualified for a job she was seeking. Unwilling to take no for an answer, Guttmann drove all the way to visit the hiring manager in person and, needless to say, she left with the job – a gig that involved programming point-of-sale systems.
From there, Guttmann began climbing the ladder, working with companies such as Honeywell and Xerox. She began focusing on information security in the mid-90s while working at Glaxo Wellcome, when – after moving to the U.S. – she noticed that research was being sent in the clear over the internet.
After Glaxo, Guttmann worked as a senior research analyst for information security and privacy with Gartner, then as an information security architect with Capital One. She then worked in a variety of information security leadership roles with Time and Time Warner before taking on her final position prior to joining Accuvant: CISO of The Coca-Cola Co.
Some of Guttmann's greatest achievements include adopting new technologies early and becoming a reference in the industry, helping build governance in the space, hiring college graduates and veterans and helping people get a new and fresh start – and being a mentor to a variety of individuals. Additionally, she is proud of raising two children along the way.
Guttmann advises younger people looking to get into the industry to build a solid network, improve communication skills and improve business writing skills. Additionally, she encourages people to make informed decisions by thinking what choices made today could look like six months down the line. – AG
Latha Maripuri, SVP and global CISO, News Corp.
After spending 15 years at IBM in various positions, first as the web development team lead for the company's global financing group and ending with a four-year stint as director of worldwide security services, Latha Maripuri took a leap, moving to News Corp. earlier this year to become senior vice president and global CISO.
She has distinguished herself as an expert on security issues – an outspoken and thoughtful commentator – who has honed skills in threat intelligence, data security, GRC, identity and access management, mobile security, application security and incident response. And Maripuri was recently identified by a news source as one of the 10 women at the time that media magnate Rupert Murdoch, her employer, follows on Twitter (he follows fewer than 100 people in total).
While others have eschewed or at least warily embraced the cloud, Maripuri has spoken of its benefits. Her advocacy is not surprising considering that in her last position at IBM she and her teams were in charge of launching industry-leading consulting, managed and cloud security services across many key areas, such as emergency response, data and application security, infrastructure and endpoint security, identity and access management and risk and compliance.
In the past, she has said that information security offers women the flexibility they may desire to achieve a work/home balance. “IT and security, because it's very much doing work remotely, gives a bit more balance than people would expect,” Maripuri told CSO Online.
But, she also indicates there's a lot to be done, telling the online publication she “would love to see more focus highlighting women executives in the IT security space, for younger people in high school and college trying to figure out what careers they should go.”
Maripuri earned a bachelor of science in computer science at Manhattan College and holds a masters in engineering from the University of Michigan. – TR
Melinda Rogers, CISO, Department of Justice
It's an often repeated adage about data breaches, to the point that it's nearly now cliché: “It's not if, it's when.”
With hacks this year at the White House and the State Department, Melinda Rogers, CISO at the Department of Justice, is especially aware of the constant threats facing the government.
“My job is to secure the systems that support the important missions of the Department of Justice,” Rogers tells SC Magazine. “It's a tough battle day in and day out.”
Having been in her CISO role for nearly three years, Rogers recommends that organizations not only adhere to basic IT hygiene, such as regular patching and configuration management, but also continue to “stay vigilant” and know who and what is on the networks at all times.
“Adversaries are constantly changing up their playbook and are increasingly agile,” she said. “Don't hesitate to think of different ways to evaluate a situation or event.”
Rogers previously worked primarily in business and business management, most recently as the assistant vice president for Equifax's Fraud Prevention and Identity Verification Solutions. Prior to that, she held management roles at Procter & Gamble and NationsBank. She received an MBA from Emory University and a Bachelor's in Economics from George Mason University.
Although she has more than 10 years of IT experience, her current position is her first dedicated cybersecurity role. Her previous leadership experience, however, gave her the foundation needed to manage a group of dedicated cybersecurity professionals, she says.
“There's so much happening in this space, so take advantage of the opportunity and learn about different capabilities and different threats, but this environment is evolving so quickly that it is equally important to learn to be flexible and responsive to change,” she says.
Being a female professional doesn't come without its own challenges. Although not only applicable to working women but also to men, it takes real planning to juggle both family and career, Rogers says.
With this in mind, she points out that it really does “take a village,” and good family structure at work and at home is essential to having success in both familial and corporate life.
“You want good allies and good support in your initiative,” she says. – AC
Neill Sciarrone, senior director, strategy and planning, BAE Systems
Serving as a cybersecurity expert at the highest level of government has elevated Neill Sciarrone to rarified environs. Yet, despite her official credentials she remains an objective critic of the roles government and the private sector should play in sharing information. She's asked tough questions among her elite colleagues to suss out just who is responsible at the Pentagon and Department of Homeland Security (DHS) for various domains, and pointed out the challenge – such as a lack of trust – these beauracracies face in integrating efforts to make certain websites, email networks and dotgov access is protected.
Neill was appointed by President George W. Bush to be the special assistant to the president and senior director for cybersecurity and information sharing policy. In this role, she developed and oversaw cybersecurity policies and programs, including the Comprehensive National Cybersecurity Initiative and the implementation of the Information Sharing Environment, efforts aimed at fostering the sharing of terrorism, law enforcement and homeland security data.
She tells SC that she never thought of herself as being a woman at the White House. “It was not a distinction that crossed my mind, nor something I considered either as a challenge or benefit.” For this, she credits the fact that there were a number of women in leadership roles already in place. In fact, for many of the policy meetings, she says, there were as many women at the table representing their department, agency or organization as there were men.
“My job was really about fostering collaboration among the departments and agency representatives and putting forward the right policy to get to solutions. I tried to keep the focus on the end state and not fighting over who should be responsible for doing it.”
“Neill Sciarrone has a laser focus on identifying the real problems and has an uncanny ability to move things forward, especially when tackling sensitive topics across a diverse set of communities,” says Amit Yoran, president of computer and network security company RSA. “Whether operating in the policy world or that of corporate strategy, Neill has set herself apart as actions- and outcomes-oriented. We all have a lot we can learn from her humbling playbook.”
Since leaving Washington, she has held several roles at BAE Systems, Inc., the U.S. subsidiary of U.K.-based BAE Systems plc. Currently she is the senior director for strategy and planning at the Arlington, Va. headquarters, where her work explores cyber challenges – like the threats to military systems and commercial aviation, security for the internet of things, control system security and secure and encrypted storage, and many other areas.
One of the biggest challenges she sees in this field is one of translation – bridging the technology and policy worlds where a common language or lexicon is missing. “We still tend to either talk about cyber in a highly technical, detailed way or at a 10,000-foot level, addressing ideological policy issues like the false choice between privacy and security. We often don't find the middle ground where we can talk comprehensively about how policy and practices can impact technology development and implementation.”
But, there is good news for women and minorities in the field, she says. “I see women and minorities attaining their goals and I think this will continue as the IT security field continues to grow. The efforts to encourage and mentor women in STEM are beginning to pay off and I encourage many of the younger women I work with to seek a mentor, male or female, early in their career and to continue to build these mentoring relationships as they continue through the years. I know that I would not be where I am today without the mentors I've had through my career. Their insight – and at times tough guidance – helped me immensely.” – GM
Megan Smith, CTO of the United States
In September 2014, Megan Smith was named by President Barack Obama as the chief technology officer of the United States (in the Office of Science and Technology Policy). In this role, Smith works as an assistant to the nation's leader, focusing on how technology policy, data and innovation can advance the future of the country.
Prior to taking on the role of U.S. CTO, Smith served as VP of new business development at Google, where she oversaw a team managing early-stage partnerships, pilot explorations and technology licensing across the company's global engineering and product teams. During this time she played a key role in acquiring Google Earth, Google Maps and Picasa, as well as leading the Google.org team transition to expand and innovate engineering-based projects, such as Google Crisis Response, Google for Nonprofits and Earth Outreach/Earth Engine.
Later on, Smith took on the role of VP at Google[x], Google's advanced products team. Some of Smith's achievements during that time include co-creating the “SolveForX” innovation community project and the “WomenTechmakers” tech-diversity initiative.
Prior to joining Google, Smith was at PlanetOut Corporation – the leading gay, lesbian, bisexual and transgender (LGBT) online community – serving in a variety of roles, including CEO. There, Smith led a team that broke barriers, partnered with major web companies – such as Yahoo, AOL, RealNetworks, MSN and Netscape – and made PlanetOut the first venture capital-backed LGBT consumer-focused company. Before PlanetOut, Smith had taken on roles with General Magic and Apple Japan.
Smith earned a B.S. from MIT in mechanical engineering, and then went on to earn a M.S. from MIT in mechanical engineering. She took part in a number of activities and societies during her time at the prestigious university, some of which include being the two-year captain of the varsity swimming team, a member and president of Pi Tau Sigma, and the president of the MIT Athletic Association. She was additionally part of the student team that designed, built and raced a solar car 2,000 miles across the Australian outback as part of the first cross-continental solar car race.
Smith has served on the boards of MIT, MIT Media Lab, MIT Technology Review and Vital Voices. She has additionally served as a member of the USAID Advisory Committee on Voluntary Foreign Aid, and as an adviser to the Joan Ganz Cooney Center and the Malala Fund, which she co-founded.
Other engineering projects that Smith has contributed to include an award-winning bicycle lock, space station construction program and solar cook stoves. – AG
Myrna Soto, senior vice president & CISO, Comcast
An avid golfer, foodie, wine enthusiast and music lover, Myrna Soto also happens to be one of the strongest advocates for consumer privacy and security. With more than 20 years of information technology and security experience already behind her – including stints as CISO for MGM Resorts International and senior leadership positions with American Express and Kemper Insurance – Soto was recruited in September 2009 as Comcast's first chief infrastructure and information security officer.
Soto is responsible for enterprise information and infrastructure security strategy and is in charge of the several security teams focusing on the protection of customer data, the sanctity of her company's enterprise and delivery infrastructure, as well as activities dealing with compliance. Soto manages the protection and security of connections to 20 million homes.
Protecting the privacy and security of customers, she says, is the top goal. “We have taken steps to make sure our network supports our customers' secure and private communications,” she explains.
Soto says that she feels fortunate to have worked in a number of companies that have supported her growth. “As a result, any obstacles I've encountered have been tremendous opportunities to demonstrate value and lead by doing,” she says. Being a female leader in the security space certainly did not come without its fair share of obstacles and challenge, she adds. “However, I have been blessed to work with organizations that have embraced diversity and have shown a commitment to supporting a truly inclusive environment.”
Soto serves on the Hispanic IT Executive Council (HITEC) Board, where her colleague, J. Alberto Yépez, managing director at Trident Capital, says it's been a pleasure working together.
“Myrna Soto is an accomplished executive, natural leader and one of the most innovative cybersecurity practitioners in our industry,” Yépez says. “She is a big champion of diversity in technology and a role model and an inspiration for many women and minorities pursuing technology careers.”
Soto says there's some progress to be made, but finds it “incredibly satisfying” to see the continued expansion of programs and initiatives encouraging and supporting women to get involved in STEM fields. “I have been encouraged by the increase in talent in the security and technology pipeline who are women. We still need to make diversity a priority to achieve our goals, though.” – GM