Shamla Naidoo – who has 37 years of industry experience in technology and security – is currently leading C-Suite strategy and integrating security with digital transformation at IBM, where she previously served as the Global Chief Information Officer. Having held Senior Officer roles at Starwood Hotels and Resorts, WellPoint, and Northern Trust, she’s a true veteran in the industry and has used her professional and personal experiences to help mentor and motivate teams and individuals across departments within all the organizations she’s served.
Earlier in her technology career, she earned degrees in Information Systems and Economics (her fail-safe!) and, afterwards, went on to receive her Juris Doctor degree.
“To many people, cybersecurity equates to - and is limited to - someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry”
Q. Describe your role as a CISO in 300 characters or less.
A CISO’s job is to protect an organization’s brand and reputation by managing cybersecurity threats. Protecting a corporation’s digital footprint supports business growth enables the acceleration of innovation.
Q. How did you get started in cybersecurity?
This is my 38th year working in technology and initially, security wasn’t a separate function, role or organization; it was completely integrated. As a developer, my job was to write code that worked and that included working in a secure way. As a network engineer, I built networks, in a secure way. I never envisioned security would become a free-standing profession. But, after almost 20 years of integrating security into my technology roles, I realized Security was becoming important and that I was actually knowledgeable on the subject. Not because I had a security title at that stage, but simply because I had done it before.
Q. What does this integration of tech and security roles mean for the cybersecurity industry?
There’s now an entire ecosystem for security and because of that, you can participate without having technical skills or a hardcore technical background. You can now become a security expert without ever having written a line of code in your life; you can become a security expert without ever having built any kind of technology solution. It’s really expanded the opportunities for career paths in security.
Q. Do you think people are aware that technical skills aren’t necessarily required to succeed in cybersecurity?
There’s still a lot of mystery surrounding what exactly a profession in cybersecurity entails. The information isn’t that forthcoming. It’s not clear or simple to understand. This requires us to demystify the opportunities and talk about them not just in business terms, but in relatable terms.
Perhaps we’re just missing the mark on how to market jobs in this industry…
Q. Do you think that the industry has an image problem?
To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry.
Q. How did your role as a CISO enable you to champion the industry and the people in it?
I believe leaders take ordinary people and enable them to do extraordinary things. I have been able to do that; I’ve been able to mentor and coach people to be better versions of themselves, better professionals, better employees, more productive, more engaged, better community leaders…
My goal is to help people connect hard work and aspiration.
Sure, you could go out and read a book on cybersecurity, but if you don’t understand the vocabulary or the required outcomes, and you don’t understand what impact these types of roles can have, you miss the plot. If you can contextualize it, it becomes real quickly. When I coach people, I ask them to pick a person who they aspire to be. I ask them to tell me their name. You learn best by observation! If you can pick a person and you can visualize the role you want, it’s more attainable. If it’s a role that you want to have rather than a person you want to be like, then find the role you want, seek out the person doing that role, and try to understand what led them to that position. What do they know? How did they prepare? What do they deliver? How are they recognized for it? That research will help you to create a roadmap of how to get there.
This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, Funding Circle and more.