CISO Kayla Williams is responsible for maturing the information security and technical privacy program at Devo. She’s a trusted security advisor to more than 100 customers by providing guidance on how to best use the Devo Platform for automation while increasing risk coverage and reducing SOC fatigue. In this blog, she shares her leadership experience and discusses challenges women face in the cybersecurity industry. Kayla will be hosting a discussion with other female cyber security leaders later this month.
Q. Please share your journey to becoming a CISO including what first got you interested in cyber security.
Kayla: I began my career with a specific goal in mind — to be a Chief Financial Officer. My undergrad degree is in accounting; my masters is in management. So I started out as an external auditor, received two years of experience required for my CPA, and soon realized CFO wasn’t the career for me. I then moved into internal auditing, which switched my focus to operational, compliance, and IT audits for a financial services company. Shortly after, a new global CISO was brought into the company to formalize alignment of the security teams in the four regions the company was operating in and I submitted my resume to join the team. The areas of information security and technical privacy were becoming critical to our operations, and they also fit my management experience. The complementary skill sets have been key to my success.
Q. Have you ever felt like leaving the industry, and if so what happened and why did you decide to stay?
Kayla: Yes! Over the last 15 years I’ve considered leaving the industry due to the stress, time commitment, and overall wear and tear of being a professional in ‘Corporate America,’ but I realized that I love transformational change. I like building things from the ground up, the collaboration of teams, and the entire journey of a security program. I feel fortunate to be in this position and be able to lead a pretty impressive talent pool of security and risk management professionals.
Q. Walk us through a typical day in the life of leading all security operations at Devo.
Kayla: There is no typical day! Some days are jam packed with back-to-back meetings for internal security decisions and metric reporting. Other days are full of customer/prospect calls and vendor discussions. It’s a challenge and exciting at the same time. But every day involves interacting with my team, in particular my two leads, Analia Perilli and Maria Luisa Redondo. We sync over slack mainly, making decisions together or they’re informing me of a decision they’ve made. We don’t have the time or desire to micromanage. The trust amongst the security leadership team is pivotal to our program’s success.
Q. How do CISO jobs differ in terms of industry and company size?
Kayla: The CISO role is still relatively new. Every company defines the roles and responsibilities of the CISO — even the reporting structure — very differently. In contrast, the CMO, CFO, and CEO roles have been around for quite some time and tend to be similar in description. I haven’t come across two CISO roles that mirror one another yet. But to be successful, a CISO needs to facilitate and encourage constructive debate by challenging key risk issues, ensuring that management information is provided in an accurate, timely and clear manner. That’s a big part of the role today and should be in every job posting.
Q. Have you benefited from female mentors throughout your career? If so, what advice do you have for other women in cybersecurity who are looking to advance their careers?
Kayla: When I moved into the security field there weren’t many female CISOs or security directors/VPs. My mentors for the most part have been men; men who have been dedicated to advancing women’s involvement in security, both the technical and non-technical aspects. Today, there are so many women in our field making a name for themselves. In fact, next month I’m leading a panel discussion with women CISOs from across the industry. We’ll share experiences and discuss challenges women still face in cybersecurity.
I have to say, I wish I had their experiences to follow and learn from back when I started. Even today, I try to reach out to women on LinkedIn and Twitter to follow their journeys. That’s my advice to others. Reach out — start by following leaders you admire or want to learn from and don’t be afraid to contact them. I’ve made some cold contact/messages recently and almost everyone replied positively and made time to meet with me.
Q. What can we (the industry at large) do to encourage more women to pursue cybersecurity career paths? Where are we going “wrong”?
Kayla: We can start by targeting high school career fairs, college fairs, and establish internship programs. There’s a lot to be said for getting in gear early and getting the grunt work out of the way. No one wants to do the admin work, but it’s that admin work that sets you up for success later on.
Additionally, holding lunch time webinars/seminars and in-person events will attract more women than after-work events due to busy schedules. Today, a lot of the responsibility for child care and/or adult care falls on women still, so accommodating them with meetings during the day, where they don’t have to choose between networking or industry events and family care responsibilities could bring more women to those events.
Q. What trends do you think security professionals should be aware of and prioritize addressing in 2023?
Kayla: The “trend” is burnout — for all companies. Security teams are still seen as only a cost center, and tools and staff are being cut across all industries. This leads to increased work load and stress on teams while the cybersecurity risk of incidents and breaches continues on. There’s no reduction in the risk an organization faces just because they’ve had a RIF or layoffs. Couple that with overworked resources and you’re likely to find your company experiencing employee morale problems, volunteer terminations, and more, leaving your company more vulnerable. Our customers point to workforce automation as an effective way to help alleviate some of this SOC pain. Tools can help analysts perform faster, detect threats quicker, and give them a needed break from chasing alerts.
Sign up for Devo’s Women in Cybersecurity, a panel discussion led by Kayla on March 22 where woman from across the industry will come together to share their experiences, discuss challenges that women still face in the cybersecurity, and share advice for other women who are looking to grow their cybersecurity careers.