This week we caught up with Theresa Payton for our thought leadership series on Women in STEM, Mentoring and Sponsorship. Theresa served as the first female Chief Information Officer at the White House, overseeing IT operations for President George W. Bush and the 3,000+ members of the Executive Office of the President. Currently, Theresa is CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company. Most recently, she served as Head of Intelligence on the CBS show, Hunted.
Julie Kantor @ Twomentor: Can you first share your fascinating journey as CIO of the Bush White House to Cybersecurity Entrepreneur?
Theresa Payton: I truly believe that this career chose me. After graduate school, I worked at Barnett Bank, Inc., which is now part of Bank of America, and then worked in technology roles supporting customers at First Union, now Wells Fargo, and Bank of America. And then the White House called.
I had recently returned from maternity leave, and my assistant said I needed to return a call to the White House because they were interested in including me in a list of candidates for the CIO position. I didn’t have any connections at the White House, so I assumed this was a social engineering attack. After a little convincing, I called them back, and in a joking manner I said, “I heard President Bush is looking for a CIO and I somehow ended up on the list, even though I don’t know anyone there. I need you to validate that this is legitimate.”
The person on the other end instructed me to visit WhiteHouse.gov, call the main number and ask for John. Thinking this was a joke, I was completely surprised when John actually answered the phone and I ended up apologizing profusely. From there, I went through the entire process and ended up becoming the first female CIO for the White House, which was an incredible honor to be able to serve the country. This call is something we both look back on and laugh about to this day.
Julie: What is the message you'd like to leave with our female readers about being a woman in cybersecurity?
Theresa: Overall, I think the cybersecurity industry can do more to help women understand the crucial role that cybersecurity professionals play that make a difference in our everyday lives. Unfortunately, hackers, both ethical and unethical, are often depicted as men wearing hoodies over their faces, making it difficult for women to picture themselves in that role as a realistic career choice because they don’t think they have anything in common with hackers. Studies show that women want to work in professions that help people; where they are making a difference. When you stop a hacker from stealing someone’s identity, you’ve made a difference in someone’s life or business. At the end of the day, the victims of hackers are people, and women can make a tremendous difference in this field. This is something the industry as a whole needs to do a better job of showing women.
Julie: So let's get down to business? I heard there were over 300,000 unfilled jobs in cyber -- Is there a labor shortage in your opinion?
Theresa: There certainly isn’t a labor shortage. I believe the best cybersecurity professionals are insatiable learners and highly skilled problem solvers who think about the user while never underestimating the adversary. Many hiring managers are leaving women and minority candidates on the sidelines by chasing the same resumes, the same degrees and the same alphabet soup of certifications in qualified candidates.
My biggest piece of advice to executives everywhere is to be creative, innovative, open, purposeful and mindful about how a candidate looks beyond their appearance on paper. Hiring managers should look for women, minorities, and veterans who may not be the exact “type” of candidate they are looking for, but if they invest the time to be a coach and mentor, they can get them up to speed. This, in turn, creates loyal, creative, problem solvers who are more likely to stay at their organization.
Julie: What is the risk you see for America and America's businesses? Are we playing by yesterday's rules when it comes to solutions?
Theresa: One of the biggest risks for businesses in the U.S. right now continues to be the threat of ransomware attacks. Ransomware is one of the largest underreported cyber crimes and it is growing exponentially because these cyber criminals are not easily caught since many know the good guy techniques and can easily hide their trails.
A lot of times it does not require a checkbook being opened to create a safer company. It comes down to the human element. There was a study done that said two-thirds of the global breaches are attributed to human error. The way we design security, we have zero empathy. If businesses around the globe want to win the war against cybercrime, we must move to a high empathy system. It’s all about design. We need to design all applications to assume that users will do everything wrong, according to the cybersecurity playbook -- they will share passwords, they will forget them, and they will do unsafe things to get their jobs done, such as use free, unsecure WiFi. If we keep doing the same security programs, but just try to speed them up with more money and resources, we are doomed for failure.
Julie: You know I have to ask this, how did you mentor others in tech both now and when you were at the White House?
Theresa: At the White House, my staff, as a mix of political and non political members, was given the opportunity to pursue technical and process training like Six Sigma to further their careers. On a more personal level, even on the days that were busier than usual, I would make time for lunch or coffee with staff. We were together so much that there were many moments throughout the day for coaching and mentoring which was such a blessing; however, stopping for a quick meal and having conversations in person made a huge difference towards taking these mentoring relationships to the next level. That's a practice that I've carried throughout my career and do at Fortalice now. We're all so busy and then you add in travel, client visits, etc and it's far too easy to conduct entire working relationships via technology. Keeping that human connection for coaching and mentoring is so important.
Julie: What do people most need to position themselves well for these jobs in your field?
Theresa: I’m seeing something very positive happening now at many conferences, which are women “get-togethers” such as social hours and dedicated tracks of networking. We don’t want to create a separation of men vs. women, but I highly recommend young talent take advantage of these events for the opportunity to network and meet with prospective mentors.
If you can’t make it to a conference, there are amazing free tools out there -- RSA, TED Talks and even YouTube videos, that include speeches from veteran cybersecurity professionals discussing their careers, their advice on how to succeed in the cyber industry and new skills to keep you competitive in the workplace.There are also free cybersecurity online courses, excellent security frameworks and guidance available for free online such as the NIST framework, CIS Critical Security Controls, SSÅE 16 and discussions on GDPR. Leverage social media to hear what’s on the minds of security experts. In this field, regardless if you’re a man or woman, we need to be a constant student of our profession.
For more senior women who are looking for a career change, with the way the job market has been, even in security, it’s been difficult. Don’t be afraid to explore freelance work if you’re looking to get into the field. And if you already have a full time job, look for opportunities to serve on volunteer committees or projects.
Julie: Anything you want to share that I missed?
Theresa: Only 10 percent of women are part of the global cybersecurity workforce. While there is a shortage of women in cybersecurity, there isn’t a lack of talented and strong women. That’s why we created the Help a Sister Up LinkedIn group to serve as a resource to empower women in cyber. If you’re someone looking to promote and support women in cybersecurity, we’d love for you to join. This is a complete safe space to ask fellow infosec pros about industry trends, helpful resources or just to make a personal connection and attract others to a possible career in cyber.
Twomentor, LLC is a high impact company focused on talent strategies for a diverse workforce. We value mentoring cultures & an entrepreneurial mindset. We have experience working with Fortune 500 Companies, small to mid-size businesses, education institutions and nonprofit organizations. We offer facilitated (and fun) mentor training and are here to support an engaged and passionate workforce. Plug into our unparalleled network in the entrepreneurship & STEM ecosystems to drive change. Please learn more about us here, client testimonials, meet our team, and our talented advisors.