Chandra McMahon, senior vice president and CISO at Verizon Communications
Verizon's Chandra McMahon has built a career in cybersecurity by staying curious and never being afraid of the next challenge.
“I love the security field, love the challenges it presents in terms of working with new and emerging technologies and would like to see more women in information security,” she says. “My hope is that we can attract more women so the population of women in cybersecurity is on par with the number of women in the technology field in general.”
McMahon was referring to statistics released by the Women's Society of Cyberjutsu, which reported that while 25 percent of computing occupations are held by women, only 11 percent of the information security workforce are female.
Science and technology is McMahon birthright. She grew up in the Dayton, Ohio, area. Her father was a veterinarian and worked for Wright-Patterson Air Force Base as a researcher. And later on in life, her mother earned a degree in computer science and became a computer programmer.
As a student, McMahon was fond of science and math and had teachers who encouraged her in high school. During the summer of 1983, McMahon attended a special week-long women in science and engineering program at Carnegie Mellon that led to her attending undergraduate school at Virginia Tech. McMahon holds a bachelor of science degree in Industrial Engineering and Operations Research and later earned a master's degree in engineering science from Penn State University.
Her first job was working in mission operations at GE Aerospace. On that job, she worked on classified government systems, using tools to analyze mission data. She also did some coding and ran software development teams. Over the years, McMahon also worked in database management, requirements and verification and testing.
“While I didn't start out in security, all the work at an aerospace company such as GE is security-focused, so I've been conscious of security for several years,” she says.
Later on, she moved on to Lockheed Martin, where she ultimately became the CISO and did a stint as vice president of commercial markets. She also worked in the life sciences field for five or six years before returning to Lockheed Martin.
McMahon, who was recently named to Hot Topic's list of Top 100 Global CISOs, started as Verizon's CISO in May 2015 and recently celebrated her two-year anniversary.
She has some definite advice for women looking to work in the cybersecurity field.
Form a personal board of directors. Early on in her career, she identified the people who knew her best and would be willing to help her expand her career. Today, McMahon's personal board is made up of a startup CEO/entrepreneur, a technology strategist, a seasoned finance business leader and a close personal friend who understands her family and personal values. She also takes counsel from a former boss and mentor, another veteran professional CISO and an early career technology professional who works in Silicon Valley. The personal board of directors helps McMahon review her professional and personal goals, extend her network and receive input on diverse perspectives on business, professional and personal matters.
Take risks. McMahon makes it a point to change assignments every two to three years. She tries never to take a job where she has mastered 100 percent of the job tasks, adding that a good ratio is roughly bringing 65 to 70 percent of existing skills to a new job and have about 30 percent be new skills. Women also need to develop business-side skills because with all the high-profile breaches today, CISOs are not just technology people in the back office anymore. They have to present their arguments to top management and have increasingly become an important part of a company's management team.
Get started. Many women who have come into cybersecurity have started from other technology and related fields. She points out that there's practically zero percent unemployment in the security field today and that global demand will outpace supply at every level for at least the next five or 10 years. McMahon believes that there are tremendous opportunities. Every large company needs people to work in the security operations center and there's a need for security architects and people who work in threat intelligence and on the business process side. There's also a great opportunity for women to work on the legal and regulatory side of the business, as well as in the policy area.
Decide which track works best. There's plenty of room for all types, McMahon says. Women more interested in the corporate path can pursue that track, but there's also room for women who want to work from home and focus more on their personal lives. They can do more technical jobs that lend themselves to working from home.
McMahon says the profile of women in cybersecurity has very much increased in the last five to seven years. She points to the Executive Women's Forum, which recently released its Women in Cybersecurity study. And she has praise too for male CISOs, particularly Jim Routh of Aetna; Brad Maiorino, formerly of Target and now with Booz Allen Hamilton; ADP's Roland Cloutier; and Rohan Amin of JPMC, who, she says, have all been very supportive.
“My mentors have been a combination of men and women, but the ones who really cared saw to it that I had business-side experience so I could develop as an executive,” she adds. “What I tell people is to get trained in some aspects of security. Whatever they do in technology it all has to be done securely. If they become developers, they have to code securely, and test and do threat modeling properly.” – Steve Zurier