In this episode of Women in Cybersecurity, I was delighted to interview Helen Patton, an experienced CISO who literally wrote the book on Navigating the Cybersecurity Career Path and is currently CISO for the Cisco Security Business Group. I'm also a longtime follower of hers on twitter where she shares information and resources for security leaders.
Like many of us, her path to cybersecurity wasn't exactly direct or planned; she says, it was "a series of accidents and unexpected opportunities," where she moved from IT support, to disaster recovery, to cybersecurity. As someone who is passionate about her role and helping others, she is generous in sharing information and advice for other CISOs, as well as bringing more people into our field and helping them thrive.
Helen described her background in the early '90s with the rise of PCs, working for a consulting company installing accounting software for small businesses. She also held roles supporting infrastructure, ran a help desk and ran desktop support, network support, and basic data center support. The late '90s came with computing worms and viruses, such as the ILOVEYOU virus, and Y2K issues. While running an infrastructure team for a software development company, she moved into creating disaster recovery (DR) and business continuity plans. Then, she moved back into consulting with JP Morgan doing DR and business continuity, and when there was an opportunity to take a job running the security team, she made the move into cybersecurity.
She said she was always a working adult, doing school part time and taking 15 years to get her undergrad degree in business administration. When she became CISO at Ohio State University (OSU), she had the opportunity to get her master's degree in public policy, with a focus on technology policy as part of her employee benefits, and this has influenced her approach as a CISO.
As a CISO, I tend to lean more on governance risk and compliance functions more than, say, software development, although (I have a) background in tech. I geek out on security policy a lot, so I spend my hobby time keeping track of regulations, policy changes that are happening around the globe, so my education has been very influential in my career."
Helen spent 8 years at OSU, where she helped them build out their security team to support their cloud transformation. Her role included evaluating what they had and what they needed, building out the team and adding security functionality. She noted that a few years into the job, they had to get rid of some technologies she introduced years before because they had to evolve as things changed.
In higher ed, you play in many spaces, technologies, and you're subject to regulations because we have hospitals, we're regulated like a bank, we have PCI, so I got to play in a lot of areas.
In 2021, she joined Cisco as an advisory CISO. Moving to a security vendor gave her a new respect for how much technical expertise is needed to determine what goes into a security product. Her role at Cisco gives her the opportunity to have a global footprint, understanding industry trends across the globe and applying her experience, while helping customers.
When you feel like you're on top of a mountain of information, it's easy to get overwhelmed. It's important to 1) take time intentionally to learn something new, with self-based learning; 2) find mentors and a network as part of a security community to help you with learning or training, to have resources who can set your mind at ease that you don't have to learn everything, or to have someone who can validate how you're thinking; and 3) know when to say "no" to things so you can focus.
For CISOs: Be intentional about why security, why this industry, why this job, why this company, and why now, and be prepared to share it broadly—not only with your team, but with the community as a whole.
For customers: Take advantage of vendors, and partner with them to make sure you get the most out of their tools and see how you can network with their other customers.
Helen says podcasts are a great way to learn and help you gain historical context and learn from past events. And you can listen while exercising or walking your dog—excellent for me since walking my dog is my favorite exercise! Her favorite podcasts include:
Check out Helen's video below, and don't miss the full audio interview where we cover much more!
Be sure to visit ESG's Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.