Kim Smathers, who has worked in this field since the mid-90’s, is the Head of Information Security and Compliance at Snapdocs. Her resume is extensive and includes big names like Symantec, Walmart, and Jobvite among many others, as well as several years experience teaching Microsoft and Citrix certification courses and Engineering at the Computer Learning Institute.
She’s just as passionate about building agile teams as she is about risk assessment and resolution and considers communication the most important aspect of being a leader.
“When I build my teams, I avoid people who are absolutely convinced that they already know everything. That almost eliminates the possibility of having a conversation and, in cybersecurity, collaboration is absolutely vital. We’re influencers.”
Q. Describe your role as a CISO in 300 characters or less.
My job is all about giving people an understanding of risk and figuring out how to translate, address and resolve that risk.
Q. How did you end up in a cybersecurity leadership position?
The surprising thing about me – especially given where I am now in executive management – is that I don’t have a significant formal education. While I completed a bit of college, I didn’t earn my degree. But, a few years before Microsoft took off, before laptops were even a thing, I went to The Computer Processing Institute in Connecticut. This was back when computers took up an entire room!
That’s where I got my start and, for some reason, not only was I really interested in it, but it was really easy for me. I had a natural aptitude first towards coding, then networking, then technology, and I just kept going. Every time things changed, I changed. And, you have to remember, when I first started out, security wasn’t really a “thing”. It’s evolved and grown so much since then. Now, there’s so many different facets to it, so much depth.
Q. What changes have you seen in yourself since then?
For quite a long time, I was the only woman in the room and I would often be leading teams that were exclusively male. It was very, very hard to find any women working in information security or cybersecurity and it was even harder to find these women in leadership positions.
Initially, working in a male-dominated environment led me to think that I needed to adopt more masculine attitudes. I think a lot of women who have worked in the industry as long as I have would tell you a very similar tale. Doing this – trying to act like someone else or act how you think people want you to act – is problematic for so many reasons.
Once I started taking the time to talk to other women, I changed my approach. You’re going to get push-back from people no matter what; this taught me to rely on data instead of adopting attitudes that weren’t mine. That enables a lot more diplomacy and – more importantly – authenticity. That’s what’s really allowed me to thrive and do my best work.
Q. Are you starting to see more women in leadership positions like you?
There’s still only a tiny percent of women in senior leadership positions in this industry but I do see a shift, yes. Only in certain places, though. In certain companies – specifically really established companies – you still have boardrooms that are filled predominantly with white males. You can’t underestimate the impact that has on a larger organization. It all trickles down. If you’re a woman in that environment with aspirations to be in senior leadership and you’re only seeing one kind of person in those positions, the career path there can seem very unclear.
But, when you work in an organization like I do now, there’s an incredible amount to compare and contrast. There are women, there are people of color. It’s a totally different environment.
Q. What advice would you give women who want to achieve the same sort of success you have?
Be authentic to who you are and what you’re thinking and let go of the fear of saying “I don’t know” or “Explain it to me” or “Can I have more information, I’m not sure I understand”. Asking these questions doesn’t mean that you’re ill-informed or don’t know enough. Letting go of that fear will give you a lot more control over what goes on around you.
When I build out my teams, I avoid people who are absolutely convinced that they already know everything there is to know about a topic. That almost eliminates the possibility of having a conversation and, in cybersecurity, collaboration and openness are absolutely vital. We’re influencers. My job is to bring diverse groups of people together, make them feel comfortable, and let them really exercise their creativity in order to actually influence other teams and solve problems.
This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more.