DigitalMunition’s 30th anniversary Q&A with Catherine Allen

As DigitalMunition celebrates its 30^th anniversary, we asked
luminary Catherine Allen, chairman and CEO of Shared Assessments and CEO of the
Santa Fe Group to look back on her 30-plus years in the industry and talk about
some of the strides women have made.

Catherine A. Allen, chairman and CEO of Shared Assessments and chairman and CEO, The Santa Fe Group

DigitalMunition: How long have you been in security?

CA: I am not a security professional but rather a
business executive that has promoted and integrated cybersecurity into my
various career roles. As CEO of the Smart Card Forum and BITS. As the CEO of
the Shared Assessments Program. As a cyber or digital director on corporate
public boards. As a speaker and writer in the field.

SC: What have been most surprising aspects of your
career and industry – industry direction, developments or career turns?

CA: How quickly cyber and privacy issues, combined
with the emergence of social media, took technology out of the back room and
into the board room. There is not a board meeting I have attended, or in
speaking to other board members, where cybersecurity is not discussed. Some
times in depth, sometimes as a point of concern.

SC: How has your discipline changed over the years?

CA: You must be more holistic in understanding the
threats; risk management, privacy and data concerns, data analytics, compliance
and legal issues, emerging technologies like IoT, AI and ML must all be
understood and integrated into the cybersecurity policies and practices today.

SC: How has your discipline changed for women over
the years? More opportunity? Different direction?

CA: I think women are naturals for the emerging
cybersecurity leadership positions because of their ability to look at risk in
a more holistic fashion, their concern about broader sets of stakeholders
rather than shareholders, their natural tendency to work collegially in problem
solving, and their ability to communicate.

SC: How has your career changed over the years?

CA: I am on a journey, not a destination. I actually
majored in retailing and fashion design, and today I am CEO of a
technology-based company in third party risk management and cybersecurity. I
have been a retailer, professor, corporate executive, entrepreneur, corporate
board director, author, speaker and mentor. I will always continue to mentor
because it is the best way to leverage my experiences and knowledge to the new
generation of professionals!

SC: Please tell us about
some personal milestones re: your journey in security?

CA: 1) As founding CEO of the Smart Card Forum when I was an
executive at Citibank, [I really got the opportunity to] understand and promote
the role smart cards can play in access control and information security. 2)
The work we did with Richard Clarke when he was the Cyber Czar in the Clinton
and Bush White House when I was the CEO of BITS, the technology-based sister
organization to the Financial Services Roundtable. We worked with the CISOs,
CIOs and heads of Fraud of the 100 largest financial institutions in the U.S.
After 9/11, at BITS we pivoted quickly to focus on cybersecurity, antiterrorism
and privacy issues. We worked closely with the industry and government to set
up DHS, the ISACs and FISSIC and FIBBIC for the financial industry. 3) The
growth of The Santa Fe Group Shared Assessments Program to include
cybersecurity, the cloud, business continuity and GDPR, among other things, in
the tools and educational programs, as well as the certification requirements.
4) Being named the Chair of the Security Committee for El Paso Electric Company
and setting up the Risk Committee at Synovus Financial Corporation as a board
director. This not only was a best practice, but I served to educate the entire
board on cybersecurity. I also am called on to speak at board education events
on cybersecurity and what boards need to know. And 5) Being honored by SC
Magazine for the contributions the Shared Assessments Program had made, as well
as myself, to the industry around cybersecurity.

SC: Where are we now re:
women in security?

Catherine Allen: Women are making inroads into senior positions marked by
the growing number of CISOs, but overall the number of women in cyber has not
dramatically increased. We need to understand why. There are more women in
risk, privacy, compliance and IT, but still not enough to fill the job
opportunities in cyber. Is it lack of exposure to the field? A desire to be in
a more social driven environment? The burnout and 24/7 requirements? Sexual
harassment and “boys club” atmosphere?

SC: What strides have
been made?

CA: Many organizations have specifically targeted getting more women
and minorities into the field, as well as the professional associations like
the International Consortium of Minority Cybersecurity Professionals (ICMCP),
and the Executive Women’s Forum, founded by Joyce Brocaglia. Community colleges
and universities have developed cyber programs. The Shared Assessments Program
has third party risk management, which includes cybersecurity and
certifications, and encourages women to attend. Girls Who Code and the Girl
Scouts both have programs to encourage girls to get interested in coding, IT
and cybersecurity.

SC: Name some significant
milestones for women in the security industry.

CA: Women who have emerged as CISOs of major organizations. The
growth of the Executive Women’s Forum as well as corporate sponsorship of it.
And women being the Cyber Czars at the White House under the Obama and Bush
Administrations.

SC: What has the industry
done right re: WIS?

CA: Acknowledging there needs to be more diversity in the industry
and that diversity brings creative problem solving and perspective. Creating
programs to encourage girls and women to enter the field. Women CISOs being
mentors and bringing other women along. The role EWF has played in networking
women in security.

SC: Where has the
industry fallen short?

CA: The workplace is often hostile to women … especially if they
have children. Long hours, lots of stress, 24/7 on call, sexual harassment,
“boys club” attitudes, etc.

SC: Where do we go from
here?

CA: Try to understand what is keeping more women from choosing the
field, getting promoted and/or leaving the field mid-career. Once understood,
do something about it.

SC: What needs to be done
to elevate women, put them on equal footing with men? Where should resources
and efforts be aimed? What issues need to be addressed?

CA: We have to start young to get girls interested in IT and math,
then show them career options with internships and mentoring when they are in
middle and high school, then give scholarships, mentoring and internships in
college. Have active recruitment and mentoring programs in early career and
support mid-career.  All this has to be based on an understanding of the
pivot points and attitudes at each stage.

SC: Where do you see the opportunities
going forward?

CA: Demand will only increase for cybersecurity expertise. Some
industries may be more conducive such as healthcare and financial services. The
career needs to be reframed in how it helps society, not as warfare or gaming.
Also roles in privacy, risk and compliance will continue to grow … combing
cyber with those careers will help.

SC: What are some of the
potential pitfalls?

CA: Thinking men and women go into cybersecurity for the same
reasons. Making cybersecurity an isolated effort, rather than a team effort.
Making the workplace continue to be toxic or unappealing to women.

Comments are closed.