Security Leadership: Women in the Spotlight
Meet nine female executives who are succeeding in security leadership roles.
One was inspired by her father and grandfather, one wanted to be a police officer, and another wanted to be a teacher. Whatever path they took, and how they got there, today, they are all successful women in the security industry, with titles such as VP of Global Security, Director of Corporate Security, Chief Cyberstrategy Officer, and more.
I had the pleasure to speak with nine female executives who are succeeding in security leadership roles:
- Maureen Carlo, Business Development Manager, BCD Video
- Karen Frank, Director of Global Security, Pratt & Whitney
- Ashley Holmes, Governance and Compliance Manager, Delta Airlines
- Margaret J. Levine, Vice President, Corporate Security, Bridgestone Americas, Inc.
- Monica Mellas, Vice President, Global Security, Materion
- Elaine Palome, Director of Human Resources, Axis Communications, Inc.
- Julie Parrish, Chief Operating Officer and Chief Marketing Officer, RedSeal
- Simone Petrella, Chief Cyberstrategy Officer, CyberVista
- Sabine Wiedemann, Director, Corporate Security, Daimler AG
Director of Global Security
Pratt & Whitney
It was a law enforcement mentor who suggested that Karen Frank get into corporate security. Frank had been working for the State’s Attorney’s Office in Tazewell County, Ill. when he suggested an opportunity in corporate security. “I had never considered it. He suggested I try it with the thought that I could always go back to the public sector.”
She entered Caterpillar’s Corporate Security team leading business investigations and over time took on additional accountabilities and global leadership roles in strategy, threat and vulnerability assessments, traditional physical security and asset protection, trade secret and IP protection, in addition to traditional IT operations. “The IT aspect was a unique experience outside of my comfort zone,” she explains. “It was my CSO, Timothy Williams, who explained that the information technology nexus would be critical going forward and that I needed to have that knowledge base. It helped me grow as a leader but also to develop skill sets in information security, infrastructure, asset management and vendor management that are very relevant to contemporary enterprise security.”
Last October, Frank left Caterpillar after 12 years to become Director of Global Security for Pratt & Whitney, a leading aerospace manufacturer in East Hartford, Conn. The company designs, manufactures and services aircraft engines and auxiliary power units for commercial and military aircraft customers as well as smaller turbojet propulsion systems.
“When it comes to security it’s less about the sector in which you operate and more about the overall discipline of enterprise risk management,” Frank notes. “Often as security professionals we are not good marketers. We look at security from the silo aspect of what we want to put forth as opposed to the employee lifecycle and experience. How can we infuse all aspects of tangible and intangible security awareness from the onboarding, to the moment they first travel to when they off board and make holistic security a part of the employee lifecycle? Employees are often the greatest asset of a company, but when they employ uninformed decision making they also become the greatest risk.”
Her thoughts on female leadership is that discussions need to be less about gender. “I think that it is more about becoming the most qualified candidate and equally competing for the role. That is done by staying abreast of technology and risk management issues but also having a breadth of experiences to serve as a business leader with security as your area of accountability. The past days of an isolated physical security function do not adequately help manage the business risks of today and tomorrow.”
Frank believes in formal and informal mentors. “When someone applies for a position and is not qualified, it’s important to offer an opportunity for feedback to share why they were not considered. For those accepting of the offer, I have found most are thankful for the time. I was personally afforded such feedback on my career journey and found great perspectives in identifying areas for growth. I am also an advocate of multi-faceted development plans, and I encourage my team to have mentors in and outside of the security industry. The problems and challenges as a leader are often less about the specificity of security and are more about managing people and solving business problems.”
Business Development Manager
Maureen Carlo has always recognized a lack of female leadership in the security industry. However, that has not stopped her ability to succeed professionally.
She began her career as a systems integrator before working for a security manufacturer, Videotec Security, as US Sales and Business Development Manager. “I became involved with the Security Industry Association and I went to a Securing New Ground conference. I remember looking at the stage and thinking, ‘That is a lot of middle aged white men with dark suits. I saw dark suits, dark shoes and dark socks.' I told SIA that they need some color on that stage! I was also vocal about the fact that the industry needed some female leadership.”
She was contacted by SIA as it began to form the SIA Women in Security Forum, a group for women and men that offers programs, professional development opportunities and networking events to support the involvement of women in the security industry. Carlo is a co-chair and is on the group’s steering committee.
“We just wrote a mission and a vision statement, which was more challenging than I expected, and began to have conversations with people in the industry about gaps and goals,” she says. “I would hear things about men being told they’re not being included in some of our events. I became a little more fired up because that’s not the message that we’re sending. We cannot develop this movement without the participation and support of men in the industry who are our allies, who also need to understand why diversity and inclusivity matter.”
Today, Carlo is Business Development Manager for BCDVideo, which builds IP video data infrastructure and appliances. “They reached out to me last summer, as we worked together in my integrator days, when the company was still Burgess Computer Decisions, and we decided it was the right time to work together again. I am fortunate to work with a CEO who says, 'If Maureen is passionate about women in security, BCDVideo is passionate about women in security.' They support and encourage my participation in the Forum, as they support and experience the value of diversity and inclusivity in our industry.”
She admits that the industry still has bias towards female leaders. “The conversation has to be more than just getting to the top; it has to be about showing women what aspects of security they can be involved in. Women need to know that they can go after security industry roles. I have spoken with some male leaders in our industry who say they do not care if they hire man or a woman. They want to hire the right person for the job. But do women know that? We need to work together and find men who are allies. We can teach them, they can teach us and when we work together, great things can happen. There is impressive data to back that up.”
Early in her career, Carlo had a mentor who introduced her to some students that Carlo later mentored. “I am inspired by seeing a younger generation who want to get involved. As much as they inspire me, I want to inspire them, too.”
Director, Corporate Security
As a young girl, Sabine Wiedemann wanted to be a teacher. However, she changed her mind, instead starting a career in the security sector working for the German FBI, which also included a post in Paris working as a liaison officer for the French police.
After leaving the public service for the private sector, she worked in various security roles for a leading German airlines and for the Deutsche Post/DHL, until she obtained her current role, Director of Corporate Security for Daimler AG.
She also enjoyed her FBI career, in particular, because of the ability for her to network with female peers. “One third of my colleagues were female. At the beginning, I didn’t see how the FBI could help my future career, but I had some great supervisors who helped to make it possible. They supported me and promoted me when I was ready. I was fortunate that they gave me interesting cases to work on. They were also open-minded and supportive of my success.”
At Daimler AG, an automotive company based in Stuttgart, Germany, Wiedemann has found it to be male dominated, but that does not deter her in any way. “The automotive industry was and is male-dominated,” she says, “so it was surprising to receive the job offer. However, during my time here so far there have been many initiatives within the company and Germany-wide to support future female leaders.”
At Daimler AG she is responsible for the security of more than 280,000 Daimler employees worldwide. “We have a great variety of backgrounds on my team,” she says, “from police, to border control and former military, in addition to former engineers and lawyers. We see a need to not only concentrate on hiring from typical law enforcement backgrounds, but others, as well, in order to have different perspectives on how to accomplish our mission.”
She enjoys mentoring future female security leaders. “Some female executives are really afraid and they do not think that they have a chance to succeed in this industry. There are also others who say, ‘I'm going straight ahead. I have a goal, I am smart and I will work hard to fulfill it.’ Two different types of perspectives, but I enjoy working with them.”
Chief Cyberstrategy Officer
You could say that Simone Petrella’s path to cybersecurity was via the Department of Defense. After graduate school, Petrella worked for the DoD as an intelligence analyst. “I soon realized that I wanted to pursue a more merit-based career path, so I went into defense contracting consulting, where I spent 10 years,” she explains. “I was hired because of my background in social network analysis specific to counter terrorism. I worked on what was then known as intelligence support to computer network operations. That was my first foray into what is now known as cybersecurity.”
She eventually transitioned into the commercial sector at Booz Allen and spent the later part of her time there building cyber-fusion centers and the integration of cybersecurity operations before she moved into her current role at CyberVista.
“Through my career, I firsthand had to live through the joy and the pain of recruiting, training, and retaining talent. Many times, I was on the receiving end of onboarding someone who quickly left for 30-percent more money. I am attuned to the cyber workforce talent issue because I have had to quickly stand up large cyber teams. I was inspired to co-found CyberVista, which is a cybersecurity training and workforce development company, because I felt passionately about the cause, and I wanted to be a part of it.”
Petrella has some interesting theories about why more girls and women do not choose a cybersecurity career. “There is a hypothesis that in 1982, when the personal computer was introduced into the average American home, that personal computer marketing and advertising was targeted specifically to young boys. By the time those young boys grew up, went to high school and then got into college and were taking the same programming classes that their female counterparts were also in, they had prior exposure to computers. What needs to change is that anyone who is interested in technology, computing or coding, or even security, should be given the fostering and environment to do so.”
Another challenge, she says, is who is responsible for correcting the problem? Is it the responsibility of executive teams to invest and commit resources within the community? “The reality is that the vast majority say yes, it’s a problem, we have to correct it, but we are in such dire straits that we don’t have the time,” she says.
Petrella is quick to credit several formal and informal mentors as key to her success. “I have had individuals who were a sounding board. for me. The ones that stick out the most were informal mentors, what some might call advocates, that were willing to work with me in the areas that I needed improvement and were willing to take risks because they knew that I would be the right person to get the job done.”
She mentors others, noting, “You are going to have a variety of people that will need your help from all walks of life and in some way, shape, or form, those all are opportunities to mentor. That’s why organizations, like ISACA’s SheLeadsTech, are such important initiatives in this space.”
Director of Human Resources
Axis Communications, Inc.
“I look forward to work each day,” says Elaine Palome, Director of Human Resources at Axis Communications, Inc. “I always wanted a career that focused on people and business strategy, and I have found it. I am allowed to do HR the way it should be done. At Axis, the HR Director sits with executive management and because of that, we can translate business goals into people recruitment and retention.”
There are 60 HR professionals at Axis worldwide, which translates into one HR professional for every 65 employees. “It’s the right ratio for us,” Palome explains. “I have a 10 person team in the Americas. We focus on five pillars: values and culture, people attraction and recruiting, people development, leadership, and scalability.”
Palome knows the challenges that women face to obtain leadership positions in the security industry. “But it’s not because they aren’t out there,” she explains. “There are more women with technical degrees than you would think, but research says that as women continue in their careers, fewer are making it to the top echelon of the company they work for. As they excel they are being outpaced, but they are still being hired. We strongly believe in hiring the best person for their job, but we are also forming relationships with local colleges and high schools to speak to women about a future career in the security industry. Most women who work in this field do not plan to do so; we all get here through some type of path, and that is likely because we haven’t heard about those opportunities early in our careers.”
In addition to community outreach, Palome and her team manage a robust internship program that hosts up to 20 interns per year. Axis also hosts an annual women in security event that includes presentations from female executives in the industry to discuss their career experiences. Axis recently launched a new mentorship program worldwide, has a quarterly webinar series with topics that pertain to diversity and inclusion, and conducts anti-bias training for managers to recognize any interview bias and how to eliminate them during the interview process.
“It’s a very exciting time to be a woman in the security industry,” Palome says. “Every month I see new programs popping up that cater to future female security leaders. It’s nice to see all of those programs taking off and doing well.”
Global Security, Materion
“I actually went to college to become a police officer but at the time in Ontario it was very difficult to get a job in the policing environment,” says Monica Mellas. “A career guidance counselor shifted me into the loss prevention field with the intention of providing a different avenue.”
Mellas took a co-op placement role at Johnson Matthey, a gold and silver refining company in Ontario with offices in Salt Lake City, Utah and one near Niagara Falls in Ontario, Canada. She intended to stay for a short time, but eventually stayed for 19 years, as a divisional security manager for the gold and silver refining division. “It was one of my proudest accomplishments at that time, as I was successful in leading the security of that division.”
She left Johnson Matthey for a role with Materion, which is a global high-tech solutions provider of performance alloys, precision coatings and advanced materials, to develop the physical security component of the company’s precious metals management program. Her role has evolved and now encompasses the traditional corporate security roles, in addition to anti-money laundering, compliance and trade secret protection.
“I have had the ability to build a team and a corporate security program,” she explains. “I have three divisional security managers that are responsible for each major division in the United States and two regional managers, one in Asia and one in Europe.”
A main challenge in her current role is to secure the Materion supply chain. “We outsource processes to business partners, and we need to ensure that they are acting accordingly with the risks of handling a precious commodity.”
Another challenge is workplace violence training and the safety of all Materion employees. “Anything that I can do to add to employee well-being, whether it is workplace violence prevention or travel security, I will do it. Those programs are very easy to sell to the C-suite because it affects employees. We just instituted Alice workplace violence training and it has been an overwhelming hit amongst the employee base.”
A former manager served as a mentor and helped to develop her confidence and gave her opportunities that set her up for success. Another colleague from a Toronto ASIS chapter has guided her professionally and personally. “He was the person who encouraged me to increase my skill set, knowledge and my networking. He also pushed me to get my CPP designation. I really believe that I wouldn’t have been as successful without his guidance.”
Chief Operating Officer
and Chief Marketing Officer
“My college major – decision and information science – served me really well,” says Julie Parrish, who is Chief Operating Officer and Chief Marketing Officer for RedSeal, which provides cybersecurity solutions for public cloud, private cloud and physical networks.
Parrish used that major to secure her first professional role – a marketing job at Hewlett Packard. She then moved into senior marketing roles at NetApp, eventually working as a chief marketing officer and then moved on to her current role at RedSeal.
“Underlying all of my roles was a strong focus on operations and strategy, planning and numbers, and all of that come from an information science background,” she says.
“I’ve felt that there are two different ways you can think about a career path. Some people like to sit down and methodically plot a course. Others focus on learning and excelling at the job they have and see what happens next. That was my path. I haven’t conducted a survey, but I feel like more women end up choosing the latter path and more men are more comfortable with plotting a course and chipping away at it.”
The cybersecurity industry is struggling to not only fill roles, but female roles, as well. “While we do see more women in CIO, CSO and C-level positions, it’s still challenging,” Parrish says. “It’s complicated. I personally have not seen overt bias against women. I really do not think that men are sitting around in boardrooms saying, ‘Okay, guys, how do we keep the girls out?’ That is just not happening. However, unfortunately, there is more of an ingrained approach in the way that job descriptions are written. The pool of women in sales roles has not been big enough for enough time to shift the perceptions and requirements that you must have at least 25 years of experience in sales in order to achieve an executive position. Maybe 10 years is good enough. I worry that there is an ingrained approach with job descriptions that still favors men.”
In addition, Parrish points out, as women choose to have families, that factor often takes them out of the job pool for a while. “I also feel like society, in general, not corporate America specifically, but men are still rewarded for bringing home the bacon and women are still more rewarded for cooking the bacon and watching the home front,” Parrish says. “I never fault a woman for doing that. If it is possible for a man to be a great husband, great father and a great executive, it has to be possible for us. We have to persevere. Then maybe, over time, slowly but surely, more women are able to persevere and that will shift the broader society perspective.”
Some of the words that her colleagues have used to describe her are approachable and authentic. “I’ve always tried to maintain an open door policy. That sounds cliché, but to me it means continually encouraging employees at all levels in the organization, whether they report to me directly or not. A practice I started at NetApp was ‘skip level lunches,’ which are lunches that do not include my direct reports, only their employees. I would pick four or five random people in the organization, have lunch and play a game to figure out what we all might have in common. It is a way to try to connect on a much more personal basis.”
Parrish takes a different approach to mentoring. “I joke that I have a lot of mentors who don’t know that they are mentoring me because I reach out to specific people on specific topics. Sometimes mentoring comes from simply watching and observing other successful females in my organization.”
“I’m humbled when people ask me to mentor them,” she adds. “I encourage them to talk to lots of people, not just to me. It is rewarding to pass on some experience. My approach is to ask them to bring me a challenge they are facing rather than having a generic conversation about career paths. Let’s focus on something tangible and you’ll get a lot more out of it.”
Governance and Compliance Manager
“I didn’t receive a degree in security,” says Ashley Holmes. “I have a Bachelor’s degree in accounting and information systems. I always had my mind set on working for a public accounting firm. When I interviewed with a few accounting firms they were interested in my IT background. One firm hired me and taught me everything that I needed to know.”
Shortly after, Holmes moved to Atlanta to work for SunTrust as an Information Security Governance Manager. She recently joined Delta Airlines as Governance and Compliance Manager, a role in which she helps to ensure the airline conforms to appropriate Information Security standards and regulations.
Holmes is very complimentary of several mentors who helped to forge her path to her current role. “One senior manager took much of his free time to train and mentor me. His family is my family. He’s meant so much to me, as he has been a pillar of knowledge and strength for my career.”
She also had the opportunity to mentor others, which she believes can benefit both parties. “I consider their success as my success and their failures as my failures. We cannot do anything without each other. I have to teach them and groom them in a way that we can all work best together while also helping them to learn and plan for their future career.”
“Most colleges want you to pick a major, to be narrowly focused,” she adds. “One thing that I appreciated from my mentor early on is to embrace many options. I walked into an accounting firm and admitted that I didn’t know anything about cybersecurity, but I was curious and I was willing to investigate different opportunities.”
Holmes also invests time with outreach to local colleges and universities. “Curriculum is still catching up to the skill sets that are needed to succeed in cybersecurity. We need to provide a concerted effort to ensure that males and females are given the opportunity to be exposed to and be engaged with STEM education.”
Margaret J. Levine
Vice President, Corporate Security
Bridgestone Americas, Inc.
As a senior in high school, Margaret Levine had the opportunity to see a criminal court case in action. That experience fueled her desire to work in security.
“To say the path getting to my current role didn’t take the traditional route through law enforcement would not be an overstatement,” Levine says. After graduate school, she worked for small to mid-sized government contractors researching law enforcement and justice related issues, in addition to providing technical assistance to local service providers. She then worked as director of the Office on Women for the city of Alexandria,
Va., which provided services that included employment training, teen pregnancy prevention and 24-hour sexual assault and domestic violence assistance programs. She also worked in the nonprofit sector, as the deputy director of the Commission on Accreditation for Law Enforcement Agencies.
She then joined Mobil Oil in its global security department. “I took to it like a fish to water,” she says. “I knew within my first year there that a career in security at a large corporation is what I wanted.”
Yet, she does admit the difficulty to obtain that first corporate security executive role. “I remember the excitement I felt when I was offered my first Chief Security Officer position,” she explains. “I naively thought that once I had risen to that level, my peers would automatically accept me and the naysayers who thought I could never be a security executive because of my non-traditional path would somehow fade into the woodwork. That wasn’t quite the case. I learned the lesson that if you are going to be a trailblazer, you have to embrace the fact that at times you may be challenging the status quo and all that comes with it. Tune out the negative and concentrate on the positives – build your personal brand not by focusing on gender and other noise, but by working hard, creating relationships and demonstrating who you are as a person and as a professional. Having said that, and while I think those lessons learned still apply, it’s now 20 years later and things have changed for the better. Although our numbers are still extremely small when compared with the number of men in the profession, there are more women who are security executives and more coming up through the ranks. Companies are waking up to the powerful benefits of diversity, so sometimes being a woman in a male-dominated industry can be an advantage because it tends to get you noticed. Of course, once you’ve been noticed, it’s up to you to deliver tangible business results and always prove your value to the organization. That never stops.”
Since her Mobil Oil role, she has held positions as the director of global security at Capital One and director of corporate security at Georgia Power. For the past 11 years, she has been the vice president of corporate security at Bridgestone Americas in Nashville, Tenn. She was also the first female president for The International Security Management Association and now serves as Vice Chair of OSAC’s Women in Security Forum.
At Bridgestone Americas, she notes, “Our C-suite relies on us to be an integral part of enhancing the company’s brand, especially at high-profile marketing and hospitality events. We’re expected to give our customers a great experience, and that means leaving with great memories. The C-suite trusts me and my team to ensure that guests are safe. The same trust also applies internally. We are a diverse company with a very big footprint, but no matter what or where our business is, our leaders and teammates can count on us.”
To complete that function, along with other corporate security needs, Levine relies upon in-house resources, in addition to outsourcing in areas such as her guard force, physical security assessments and certain investigative work. She also relies on colleagues and data from the State Department’s Overseas Security Advisory Council and the FBI’s Domestic Security Alliance Council.
Her successful career in enterprise security has given her knowledge that no matter what sector you operate in, the risks are similar. “I have found over the years that the security issues themselves are really pretty similar sector-to-sector,” she says. “We’re all concerned about keeping our employees and assets secure, and protecting the integrity and brand of our business. What’s most important to effective risk management is having a good understanding of the company’s culture, its risk tolerance and the personalities of the C-suite.”
Levine has had a number of mentors in her career. “I learned the value of networking and relationships early on,” she says. “The director of global security at Mobil Oil, who hired me, is the most impactful career mentor I have ever had. I really give him credit for igniting my passion about what I do and for helping me develop the tools that have made me successful. He taught me about security as a business strategy. He sought out leadership opportunities for me in the business, and taught me the value of compromise as a stepping-stone to getting buy-in to the ultimate solution. He believed in me and that gave me the confidence and resilience I needed to forge my career.”
She adds that sometimes mentoring is conveyed unintentionally through behavior and not through purposeful coaching. “My father and grandfather were both self-made men who built and led successful businesses. I watched them surround themselves with people whose strengths complemented their own and whose life experiences made the workplace richer. I saw them go against conventional wisdom at times. They helped me understand that life isn’t always fair and sometimes you just have to push through it, and that integrity and character are truly what matter the most. That is something I will always carry with me.”
Levine believes in “paying it forward,” which is why she mentors others. “I’ve been in coaching relationships and I’ve tried to be a role model for others, and it’s an honor to say that women and men I’ve mentored have become chief security officers, college professors, and some are now the first in their families to graduate from college. But it’s never a one-way street. I always learn from them, as well.”