“Confrontation is not for everyone, but I feel that it’s necessary for you to grow,” she added. “If you’re doing everything and it’s not happening, well, maybe that’s not the right culture for you. It’s time to move on.”

“Is that your boyfriend’s computer?”

Laura Deaner has shaped her experience of such questions into a powerful message for underrepresented sectors in cybersecurity: persevere.

“Don’t get caught up in those moments where you feel like somebody’s making you feel like you don’t belong there,” said the CISO from Northwestern Mutual, who faced gender bias throughout her studies and career, as well as discrimination over her background as a North African with a Muslim family. “Whether it’s because of your gender, how you identify or even your cultural background, whatever you want to do, you’ve got to persevere and not let other people have that agency over you.”

The numbers have risen, but still today, only about one in every four CISOs is a woman. When Deaner began studying computer science at Old Dominion University, there were only five women among a class of roughly 300.

Seeking a community

“When I was younger, I probably didn’t have the confidence to address biases, so I found a community in employee resource groups,” she recalled. That setting allowed her to be authentic, without fear, and helped her to gain the confidence to confront a situation or person when she felt like they were biased.

Women in IT was an obvious group to join. Deaner also joined other employee resource groups that didn’t necessarily fit her background, like the Asian Employee Resource Group, to get different perspectives.

“I learn something every time,” she said. “I don’t care how many degrees I get or books I read, I feel like I get much better interaction when I’m actually hearing from the community themselves. That’s why I join every single employee resource group so that I can learn as much as possible. Over the last two companies I’ve been at, I had the fortunate opportunity to be part of the Diversity, Equity and Inclusion structure.”

‘Very isolated’

Deaner recalls being at a financial services company when 9/11 happened.

“I felt very isolated, because there was hate crimes against Muslim Americans at that time,” she said.

And I unfortunately experienced some people saying some pretty bad things at work. Being involved in a community through an employee resource group helped me feel that I belonged, confirmed that what these people were saying was not OK, and gave me the resolve that I could do something about it. That touched me very early in my career, and that passion has been fueled over time as I became more involved.”

Personally, she can’t pinpoint a situation where she was passed over for promotion because she’s a woman, but she’s heard such stories. Her advice is to start with managerial conversations and hold them accountable to explaining why and where the development opportunities are.

“I’m very analytical, so I would want facts on why I was not the right candidate for that role,” she said. “Then have some empathy and be open to the possibility that there are things that you have to work on right now. You have to find out what behavior it is, or what capability you don’t possess. However if there are no facts, then I’m a fan of escalating. I’m also a New Yorker, so maybe that’s part of my direct nature!” she said, laughing.

“Confrontation is not for everyone, but I feel that it’s necessary for you to grow,” she added. “If you’re doing everything and it’s not happening, well, maybe that’s not the right culture for you. It’s time to move on.”

Business leader

In her current job, Deaner sees herself first and foremost as a business leader.

“This may be controversial, but cybersecurity and risk management is not ‘just’ a technology thing,” she said. “It is something that may manifest itself in technology, but it is a business problem. That is why I see myself as a business leader. My role is to ensure that I’m setting strategy to ensure that we are not going to wind up on that headline – but also to make sure we have a world class and relevant cybersecurity and IT risk management program.”

With her background in technology, “there were plenty of times I just wanted to shut something down, but the business was going to be hurt by it. I needed a good mentor, or manager, to tell me that’s just not going to work, and you’re going to have to change your approach on that,” Deaner said. “The technology background helps, but the business side is super important because if you feel that everything gets solved by shutting something down, then your business is probably not going to like you all that much.”

Deaner devotes time explaining her program, or addressing something that might have been in the news, to others in her business and regulators, too.

“I spend a lot of time making sure my stakeholders – which is pretty much everyone, honestly – understand what we do and understand how that impacts the business, just breaking it down for them in a way that they can get it.”

The cybersecurity talent shortage is one reason she’s changed her philosophy on whether a cybersecurity team must be stacked with computer scientists or computer engineers.

“Now, I look for the capacity to learn and the capability to solve problems,” Deaner said. “The interview process to me is really important.”

“I also look for humility,” she added. “We are all really smart in technology, and I think practicing some empathy is going to go a lot longer than being lectured about something that is not working properly. Listening to another group of people and understanding what the problems are, taking other perspectives, is really important, so I look for that as well.”

As a computer scientist, Deaner has always been fascinated by artificial intelligence, so she’s interested in applying AI and any kind of machine learning to solving tough problems in cybersecurity. However, cybersecurity is an industry that has exploded with solutions, and teams have to do their research to separate the hype from the facts, she said.

“What’s important for me and my team is actually looking under the hood to understand what’s really happening, by asking really great questions. We get a lot of vendors that want to send us PowerPoint slideshows and we don’t even look at them. Instead, we get on a call with them and ask them to tell us technically how they’re doing this thing or that. We glean a lot more information doing it that way than getting a demo or seeing a 60-page slide deck of how great they are and how many other companies are using them.”

Maintaining a good work-life balance – or work-life harmony, as she puts it – is a constant challenge.

”I have to remind myself and keep disciplined every day that my mental health is important to me. My family is important to me,” said Deaner, the mother of four young children. “I put in boundaries about five years ago, but I have to reinforce them constantly, because otherwise, I’ll be sitting here in this beautiful NYC office until midnight working.”

When she unwinds, it’s with her family. They love to get outdoors to bike, hike, and go to the beach or pool, she said.

“I personally love astronomy because I’m a big nerd,” Deaner said, laughing. “I love reading about the James Webb Space Telescope. I try to get out and look at the stars as much as possible, but living in New York City makes that challenging. We try to go upstate as a family where there’s not a lot of pollution and just look up.”

“I’m still working on my kids to see if they can be as nerdy as I am on this stuff, but they’re not there yet,” she said with a chuckle.

Read the CISOs Connect™ Magazine CISO Spotlight Edition here: https://bit.ly/3Z2tIGc