Lessons in leadership: What I learned at the Women in IT and Security CXO Summit

Last week’s Women in IT & Security CXO Summit convened a tight-knit group of women leaders committed to empowering their organizations through digital transformation. The summit was an opportunity to share challenges, explore solutions, and to reinject passion into our professions.

What follows are some of the key lessons I took away from spending time with so many inspiring women leaders.

1. There are significant cost savings to be gained from a “cloud smart” zero trust strategy

NOV is a distributed energy provider with a 150+-year history. With 35,000 employees, the Houston-based company employs more than 35,000 employees across 600 locations today. As VP of IT Infrastructure, Patricia Gonzalez-Clark is responsible for the company’s cloud presence, data centers, telecom networks, and endpoints.

“The things everyone expects — and needs — to work all the time,” as Gonzalez-Clark puts it.

A longtime Zscaler customer, NOV is familiar with navigating shifting energy markets and well aware of the need to make IT expenditures financially sound. While NOV’s journey to cost-cutting may look expertly premeditated in hindsight, as with so many organizations, it was the result of taking small but meaningful steps toward a larger goal.

Gonzalez-Clark and NOV began modernizing the company’s identity access and management procedures, providing the foundation for zero trust access. From there, the company was able to replace its vulnerability-plagued VPN with Zscaler Private Access (ZPA).

NOV also realized that most of its IT infrastructure could live in public clouds like AWS and Azure. With security and visibility covered by Zscaler, NOV was able to close 13 data centers globally and sunset several expensive licenses. Shifting the security stack to the cloud and directing traffic directly to the internet also allowed NOV to eliminate its MPLS connections, "a huge cost takeout in telecommunications and data expenses."

“I’m able to deploy Zscaler and all of these locations and have a single unified security management plane. And so that in itself is beautiful,” Gonzalez-Clark said. "Those savings have allowed us to reinvest in the business and invest in newer technologies where we were kind of constrained and we couldn't spend because of budget issues,” she said.

2. Organizational reporting structures in IT and security are evolving

A fascinating panel discussion between my colleague, Zscaler Global VP CTO in Residence Pam Kubiatowski, Kenvue Director for Network and Cloud Security Traci Sarmiento, and ChenMed CISO Janet Heins highlighted the ways our changing technology landscape is shuffling business reporting structures.

Rather than the typical CISO-to-CIO reporting structure, at Kenvue both the CIO and CISO report to an overarching chief technology and data officer. To me, this shift reflects security's growing importance as a business function and distinguishes it from operational IT functions.

For Heins and ChendMed, security is a risk management function ultimately answerable to the company's chief legal officer. Sarmiento distinguishes between the IT needed to keep the lights on and revenue flowing, and her role as managing risk and ensuring regulatory compliance.

Whereas a CIO is "in the business of providing technology to the organization and making sure it's running 24/7," Heins appreciates the opportunity to focus solely on risk mitigation.

These nuanced organizational decisions underscore the importance of security vendors understanding an expanding roster of positions, concerns, and mandates if we are to effectively serve customers. It's a trend I plan to follow closely as it evolves.  

3. Cybersecurity and business outcomes are now inextricably linked

Laura Kohl, CIO of Morningstar Financial, and Erika Voss, CISO of DAT Freight & Analytics, were kind enough to share their perspectives on how to achieve a successful and secure digital transformation with my colleague and Zscaler CIO, Praniti Lakhwara.

Both leaders emphasized the importance of collaboration and alignment between the CIO and CISO roles. Erica called it ”building a bridge” between the CIO and CISO to ensure there is mutual understanding of business priorities and where security fits in. That can become more complicated where the CISO doesn’t report into the CIO.

Finding balance between the needs of the business and security was also a theme. Erica described how she tries to analyze what the business wants to achieve, presents options for how to do that, and then assesses the risk of each. Together, the business and her team settle on the right solution.

For Laura, the greatest challenge is change management communications: “The technology at this point is the least of my worries. But working with engineers and security professionals is black and white often.” Laura’s solution is simply to keep repeating the message in emails and at staff meetings so the team is clear on what it needs to do.

Last, Laura and Erica agreed that technological expertise alone does not bring transformation success. Both speakers advocated for hiring based on passion and potential rather than just experience. They emphasized the importance of giving opportunities to newcomers and creating an inclusive environment that supports professional growth.

4. “We are drowning in data and starved for wisdom”

While the summit was an opportunity for technical and professional development, the agenda was also carefully curated to promote personal growth. "Refilling our cups," as one attendee put it. Themes to this end included strength in diversity, uncovering our resilience reserves, and how to be our most authentic selves.  

For inspiration, it’s tough to beat Arianna Huffington, our special guest and keynote speaker. Huffington is the founder and CEO of Thrive Global, the founder of The Huffington Post, and the author of 15 books. I was blown away by the amount of wisdom she shared, particularly when it came to maximizing our potential over the course of the thirty thousand or so days that make up the average lifespan. I was reminded of the importance of rest, focus, and water before coffee. I recounted my complete learnings from our discussion in this LinkedIn post.

I was also honored to reconnect with my friend Dr. Tarika Barrett, whose organization Girls Who Code does incredible work not only with school-age girls and non-binary individuals, but through women's college and early career journeys. While there's progress being made to close the gender gap in tech, there are still precarious times in girls and young women's careers where they quit STEM pursuits faster than their male counterparts.

These "cliffs," Dr. Barrett says, are periods "when the weight of society's assumptions around identity and intelligence start to coalesce and chip away at a girl's sense of what's possible. As they get older, they keep seeing a society that mirrors back to them that they don't belong."

As fields like AI and cybersecurity undergo rapid change, the curriculum at non-profits like Girls Who Code must keep pace. That's why I was proud to be able to announce that Zscaler has committed to training one thousand girls for zero trust certifications.

Finally, we wrapped with a lesson in resilience by the best-selling author Dr. Taryn Marie Stejskal. Based on more than two decades of research, her five habits of highly resilient people seeks to understand why some of us are better able to withstand adversity than others.

As women, as professionals, and as leaders our audience was plenty familiar with complex challenges. As IT and cybersecurity heads, we know how quickly blue skies can turn grey. The qualities Dr. Stejskal discussed – qualities like "Grati-osity" or the ability to meet difficult challenges with gratitude and generosity – are invaluable for all of us as we continue to lead in challenging roles and I intend to return to them often.  

As Ariana Huffington says, “"resilience starts with eliminating whatever drains our energy and adding whatever gives us joy." This community of women leaders is what gives me joy, and I look forward to years more of meaningful connections.