Setting new standards
Finding allies is a big help when you’re a woman in infosec, says Renee Guttmann, one of the earliest females to hold information security leadership roles, starting with GlaxoSmithKline in 1994. There, Guttmann implemented firewalls and encryption products before there was a commercial internet to connect to.
Guttmann later built Capital One’s security program for customers’ first online activities (retrieving statements), and then became the first-ever director of IT security for Time, Inc., in 2000, eventually running security for both Time Inc, and Time Warner where she was VP of information security and privacy. She’s also won several awards for her work in the corporate sector, including the CSO Compass Award in 2008, and a Woman of Influence Hall of Fame award from the Executive Women’s Forum in 2007.
“I remember a meeting with other security women in 1993, including Donna Dodson from NIST, Dr. Dorothy Denning [from Georgetown University at the time], and other smart females leading the infosec charge back then. Many of them went on to start companies and powerful careers around infosec," says Guttmann, who’s now CISO at Campbell Soup Company.
"I remember debating encryption and certificate management with them in a small meeting room with ten people and wondering if these things would ever matter to anyone but us,” Guttmann says.
Dodson, NIST fellow and chief of cybersecurity for the NIST IT lab, retired in 2020 from her final role there as the director for NIST’s National Cybersecurity Center of Excellence. She started at NIST in 1987, and NIST cites her contributions to artificial intelligence, internet of things, quantum-resistant cryptography, and privacy engineering (among others). She was awarded one of the top ten most influential people in government IT in 2011 and is recipient of the Presidential Rank Award in 2019.
Back in the early days, there were no CISOs, Dodson reiterated in her NIST retirement interview. So early female CISOs like Guttmann and Rhonda MacLean, who held leadership posts at Boeing and Bank of America in the late 1990s, came up truly creating the job on the fly.
When Guttmann started the job at Time Inc., for example, no one knew what a CISO-level manager was supposed to do. At first leading information security for a magazine company (in 2000) seemed like a pretty easy job. But then she went to the business units and started asking them questions about their business and potential risks—essentially helping to frame the business-focused role of a true CISO today.
“I remember wanting to learn how I could best support the mission of Time Inc. I met with the leaders of several business units to better understand the Company,” she explains. “One of the first groups I met with was Finance. I learned that we had millions of credit card numbers between our different magazine titles, and that we were also fulfilling subscriptions for other notable magazines. This was well before the Payment Card Industry standard even existed. But coming from Capital One, I had already built a program around card protection.”
Read more at: CSO