I’m delighted to announce the latest member of our growing CISO Advisor team, Pam Lindemoen. Pam joins us with 25 years experience in the IT industry, with her most recent role being Deputy Chief Information Security Officer at Anthem, Inc.
At Anthem Pam was considered a bold and strategic thinker who envisioned and delivered a world class Enterprise Information Security strategy, including leading the Steering Committee with cross functional business and technology membership.
Pam is an exceptional leader; dedicated to advancing women in the IT industry, and I’m so glad she’s now joined Cisco to work closely with our community of CISOs and offer advice and guidance based on her incredible experience.
I recently sat down with Pam to talk about her security story, her greatest insights, and what she’s most looking forward to in her role as CISO Advisor at Cisco.
Can you tell me about your background, and how you first got into cybersecurity?
I’ve always viewed cybersecurity as everyone’s responsibility, so when I worked in infrastructure and application development (decades ago), I viewed myself as an extended member of the Security team. I took an active role in understanding what the Security team were trying to achieve, and how my work and my team could help them.
But if you’re asking me about my first role with a cybersecurity title, that came in 2011, when I was recruited to run the vulnerability management team for a major enterprise.
I had just completed a major contract renegotiation project, where I partnered with all the IT divisions within the enterprise (so all of the divisional CIOs, CTO, CISO, procurement, legal, etc.). My role was to give every division a voice in the renegotiation and deliver on those obligations by building a governance program for that particular contract.
It was a tough eight months, but an incredible experience. Shortly after that, the deputy CISO approached me to evolve the vulnerability management program, and run that team.
It took a while for me to say yes. I didn’t feel like I necessarily had the experience to run that group. But they were a great group of people, strong experts in their field, and there was a strong buzz around security; it was brimming with excitement.
They told me they needed the leadership that I displayed during the contract renegotiation. Eventually, I decided to go for it, and my first order of business was to sell the team on my big ideas. I knew I wouldn’t be successful without the team and their experience – in any team, the people are your greatest strength.
I grew from there, and ended up becoming the Deputy CISO for the global organization.
My background into security is probably a great lesson for people, in that there are many transferable skills that can lead you into a career. The industry is sometimes very difficult to get into, and I wasn’t academically trained in IT. I have a communications degree.
But throughout my career I stayed engaged and listened to other talented people, learned from them, remained inquisitive, fostered great relationships, and took up as much on the job training as I could. I’ve essentially built my career by learning from others.
I know you do a lot of work to encourage more women into business and IT, do you have any mentoring experiences that stand out for you?
About four years ago, I worked with a coach. She helped me articulate my own personal mission and put together an action plan. I still have the words that I wrote down in a book that I keep next to me: “By 2032, I will be known as an authentic, adventurous, caring, passionate woman who is present in helping women grow and overcome the fear of living up to their full potential.”
At the time I had very few female friends in the world, and I wasn’t fostering those relationships, nor was I managing my female network. So I started building a community of women for myself.
Every city that I visited, I built groups and met communities. And when I was in town, we all got together. I told them, “Here’s my mission, I need you to help me hold me accountable.”
From that, I’ve made strong connections with women outside and inside security, and I’ve helped to bring women into the industry. I also started an intern program within the information security group at my last position, because for me it’s all about building the pipeline and giving people opportunities they might not otherwise have had.
Four years ago, I wasn’t talking to the universities. I wasn’t sharing my story, and I wasn’t helping other women to come into IT. That’s all changed now.
It’s the little things that we do every day to help others, that counts. I’d encourage everyone to make a conscious action plan that you can put together, to make sure we’re helping women get into technology.
What attracted you to the role of CISO Advisor at Cisco?
The security ecosystem is complicated, and it’s ever evolving. As a leader within Security, you’re faced with managing a portfolio of products and programs that must provide you with a holistic security posture on a budget. Knowing orchestration and automation are key, the lack of interconnectivity between products frustrated me.
There’s very few domains within security that I’ve not been involved in a program rollout for, but I’d reached the stage where I wanted to work somewhere that had the ability to stitch it all together, simplify it, and take away some of the nuances. The vision at Cisco is to connect, secure and automate, as simply as possible. That’s what I’m excited about – the ability to help bring simplicity to more security organizations.
You’ve been part of the litigation process and full program development during and after an unprecedented cyber-attack. What are your main learnings from this experience?
Like myself, most IT professionals are trained in handling outages that impact business processes. In addition, the detection, response and recover playbook is translatable across industries. What I personally learned through the experience is that my non-technical competences were as crucial and valuable (if not more so) as the technical abilities. Here’s two learnings from the world of incident response that don’t get talked about often enough:
Maintain bench strength at all times. Make sure your 2nd, 3rd and 4th incident response string practice and are prepared to fill in each role required while containing and recovering from an incident, to minimize breach fatigue and burnout.
Keep your communications factual at all times. If you lean toward emotional and sensational responses, learn how to maintain clear, unbiased, unemotional communication and make it a habit you practice with every email you write.
One last comment I will make about my personal experience, incidents do not define you or your organization – how you respond during and after the event will.
So, prepare, stay calm, factual and recognize your leadership matters before, during and after the event. Not only will your team be looking at the shadow you cast during this trying time… your entire organization, country, or the world could be watching. Your security community will be there for you… I personally felt it, you will too.
Tell me about your approach to fostering partnerships and stakeholder relationships across the rest of the organization
For me, relationships happen organically. I believe in helping and supporting others through their own journey. We all have knowledge, talent, and perspectives we can share with each other…build upon what you bring to the table and how you can help your partners. Being curious about what others are doing and why they’re doing it, is incredibly powerful for building and maintaining relationships.
Within security, the value I brought to the table was helping bridge the gap across my existing partnerships for my security colleagues by simply developing forums to communicate the value behind the programs, people and technology. When fostering relationships with the rest of the business, I pushed aside the technologist within me and explained everything in simple business terms, value and risk. Once the partnerships were aligned and perspectives understood, we were able to build businesses cases together for funding needs and/or improve our control stance.
What are you most looking forward to in your role at Cisco?
The problems many of us face around security are not unique; lots of us are we’re fighting similar battles. I’m really looking forward to being part of some of those solutions, and keen to take a more active role in the security community with what I have to offer.
I’m also looking forward to growing and learning with the role. It was time to shake things up a bit, so here I am, ready to learn and be inspired by others.
If you would like to speak to Pam, and/or join our CISO community, please visit our dedicated CISO Connections page.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels