A recent (ISC)² study reported that in 2018, women made up 24 percent of the global cybersecurity workforce, an increase of 13 percent from 2017. Though the number might seem small, it is mighty: more women are joining a field that has traditionally been dominated by men, and they are seeking and asserting themselves at the top of the leadership pyramid. Anne Marie Zettlemoyer of Mastercard is one of those individuals.
Zettlemoyer is Vice President of Security Engineering at Mastercard, the multinational financial services corporation, headquartered in New York, with more than 13,000 global employees in more than 105 offices across the world. She is responsible for Mastercard’s security by developing effective and sustainable solutions that can enable millions of customers to “transaction” safely.
Previously, she held positions such as Principal Strategy Analyst at DTE Energy, Special Advisor to the United States Secret Service and Senior Consultant of Strategy and Operations at Deloitte, Inc. She is also part of the Board of Directors at SSH Communications Security and is a Visiting Fellow at the National Security Institute, George Mason University.
What does Zettlemoyer attribute to her professional success, and what can future security leaders, both men and women, learn from her?
Crisscrossing to Security
Zettlemoyer has worked in eight industries in a variety of roles and has restructured companies, built profitability models, developed research on statistical and risk analysis and has led enterprise-wide IT and business transformation projects.
And then came an opportunity to solve a large task at an established utility company: payment issues and recovering and protecting revenue, and from there to updating payment systems and programs.
There, in addition to her role with the U.S. Secret Service, is where the ‘security bug’ bit Zettlemoyer, resulting in what she calls “a genuine love” for protecting people and business, while nerding out security protocols and analytics.
Security Hygiene
At Mastercard, the backbone of where millions of transactions take place every second of the day, Zettlemoyer is ensuring security hygiene by advocating for a mastery of the basics as an enabler of cutting edge technology. To mitigate security threats, Zettlemoyer believes that security enterprises need to focus on their security hygiene, which she notes are the “building blocks” of security.
“The basics are absolutely fundamental. Many times we get distracted by what might be sexy in the marketplace, but if we don’t solve the basic problems like access control, key management and visibility within our network, then whatever is built to protect those assets is not going to be very effective,” she explains.
She adds that the adoption of security hygiene requires high trust and confidence. “We take that responsibility very seriously,” she says. “We are not there to exist because of ourselves, but to protect and enable the business to achieve what it needs to and do so safely. Not just for Mastercard to transaction safely, but for the ecosystem. It’s about all end-point and every part of the ecosystem that we touch. We recognize how important that space is.”
Building the M team
According to Zettlemoyer, ensuring security hygiene encompasses having the right type of people on your team.
“I had a peer tell me he was building his team of experts,” Zettlemoyer explains. “I asked him, how is that working out? It wasn’t going well. He was looking at what I call, I-shaped folks, people who are experts in one area, but are very narrow and very deep in one subject area, meaning their perspective is limited. That can be powerful for the problems that apply to that perspective, but those types of problems are rare and teams may have trouble relating to each other.”
A step beyond I-shaped are T-shaped people who are still very deep in their knowledge area, but “they also have understanding (if you think of what a T looks like) of what it means to bridge other concepts. They have two pieces that reach out to other sides,” she says.
The ideal team, for Zettlemoyer, means leaders who are M-shaped people, or, those who are, “deep in a couple of areas and fairly deep on others,” she says. To Zettlemoyer, that signifies humility, curiosity, passion for craft to not only focus on one singular thing, but to be curious of what other areas might be affecting that initial focus. “A good mix results in powerful, innovated and multi-faceted solutions that work,” she says.
When a team is very homogenous in their backgrounds, it can get difficult, Zettlemoyer admits. “You need folks who look at a problem and come with other tools to help solve it. The very teams don't comprise of people who have had years and years of academics in cyber because cybersecurity did not come up in the academic world until recently. Many of us are self-taught, peer-educated practitioners. We come from all backgrounds, from pianists to electrical engineers and even accountants like me, but it is that diversity and creativity of thought and logic that makes people very powerful,” she says. “To me, it doesn’t matter where you came from, if you have that skillset, the aptitude and passion for security, then I want you on my team.”
Women in the Security Industry
The same passion Zettlemoyer looks for when building her internal team at MasterCard she also applies to helping advance and support other female executives in the security industry. "Success by its definition is challenging for anybody to achieve. Achievement is not something that is easy for everyone," she says.
“As a female executive, there are certainly unique challenges to overcome, as there would be for anyone who doesn't fit a "traditional mold" in an environment,” she adds. “Unconscious bias or judgment on how you look or are perceived can be an obstacle. My advice is to not give up. Through perseverance, hard work, patience and giving people the benefit of the doubt, we can build relationships to overcome unconscious bias that we all experience, regardless of why we are different from each other. By making sure I am prepared and always seek to understand the perspectives of others, I can ensure that my own voice is heard and respected as well. If we can talk with each other and not over or at each other, eventually that unconscious bias is overcome.”
Aside from mentoring, coaching and supporting colleagues in her free time, Zettlemoyer also takes part in the SheLeadsTech™ program, which seeks to increase representation of females in technology leadership roles and the tech workforce. “Mentorship is important, and it’s especially important for women in the industry,” she says. “We need champions and environments that can highlight our work, so that society is shown diverse examples of achievement and contribution. Part of the responsibility of being in a good place in your career life is to ensure as best you can that you are an example for others and that you help others get to where they want and need to be. SheLeadsTech™ is part of those wonderful programs that not only highlights women, but serves as a place where you can see examples of leaders you can relate to and see what is possible. They support women in technology through training, education, global alliances and leadership roles.”
Zettlemoyer challenges cybersecurity leaders to embrace “craftsmanship” in their work by implementing a mindset of understanding the organization that they are trying to defend, the threat landscape they’re operating in, and what they need to do to be creative, persistent and ‘partnering’ enough to build solutions and capabilities that are sustainable and effective.
“Show the people on your team that they can really challenge you and your thinking to bring perspectives in that can round out your solutions,” she says. “If everybody looks the same way, thinks the same way, and solutions the same way, then we will continue to be where we have been for years. Make sure your team is well equipped, not just with tools, but with perspectives.”