At a security conference in San Diego last summer, a dozen security and IT professionals sat down for lunch, all of them women. It wasn't until a lone male delegate joined them that the others realized (or at least verbalized) that the table tilted heavily toward their gender. That prompted a middle-aged database manager from the Midwest to remark, "Now, this is something you don't see every day."
Maybe not, but it's something we're seeing more often. Women are expanding their ranks and their responsibilities within infosecurity, impacting a traditionally male-dominated field. They're helping turn the corner on innovation, change policies and influence boardroom decisions.
Information Security celebrates the contributions women are making by honoring 25 technologists, teachers, lecturers, lawyers and overall IT and business leaders who are shaping the industry. The five most influential women will receive our inaugural "Women of Vision Award" this month at the Executive Women's Forum on Information Security in Fort Myers, Fla.
All honorees were chosen by our editorial staff from a nomination list some 150 strong, representing myriad sectors, both public and private. Settling on these 25 wasn't easy, considering the wealth of talent in the field. Some recipients entered IT before infosecurity formally existed. Others nurtured it during its infancy. Many, especially those in their early to mid 40s, may be beneficiaries of decades-old gender parity programs aimed at filling college computer science programs with female students. What all have in common is that they're influencing the next wave of infosecurity leaders by generating opportunities and serving as role models and mentors.
These women are enhancing the idea of infosecurity not just as an IT investment but as a business proposition. They're defying critics and creating cool tools. Raising families at home while also raising the bar at the office. Passing on their knowledge in books, lectures and training sessions.
In other words, these women--and the many other unsung heroes we don't mention here--are helping the infosecurity profession mature and find a seat at the table.
20 Women Luminaries
Senior VP and CISO, Royal Bank of Canada Financial Group
With overall responsibility for securing Canada's largest financial institution, Burke wears many hats: creator of the company's global information security governance framework, founder and chair of the RBC Information Security Council, chair of the Canadian Financial Institutions' CIRT and more. Yet Burke's greatest accomplishments have nothing to do with security. Actively involved in diversity and community initiatives, she's president of Women For the Project for Advancement of Childhood Education (PACE) and a member of such organizations as the Epilepsy Foundation and International Women's Forum. In 2002, Burke was the first Canadian recipient of the Tony Coelho Award, which recognizes commitment to the employment of persons with disabilities.
Author and Distinguished Engineer, Sun Microsystems' Boston Center For Networking
Perlman is simply one of the preeminent figures in the field of networking and network security. She's an innovator, thought leader and an author of seminal works Interconnections: Bridges, Routers, Switches and Inter-networking Protocols and Network Security: Private Communications in a Public World. She created the spanning tree algorithm--the foundation of switches--and her research includes contributions to security (sabotage-proof networks) and routing (link state distribution). Data Communications magazine named her one of the networking industry's 25 most influential people in 1997.
Chairperson, Financial Services/Information Sharing and Analysis Center; Managing Director, Corporate Information Security, SIAC Corp.
Gorman is transforming the FS-ISAC from an exclusive club of a few dozen high-profile financial institutions to an inclusive organization. When the "next generation" FS-ISAC is unveiled, Gorman will have an organization that will share security information and intelligence with literally any willing financial services organization-banking, investment houses, insurance agencies. Additionally, she holds leadership positions on the ISAC Council, a cooperative board of 10 industry ISACs; the Financial Services Coordination Council; and the New York Office of Cybersecurity and Critical Infrastructure Coordination Board. Few have the reach and influence of Gorman.
The Xerox security lead and former analyst at Eastman Kodak knows the importance of "image" to security and risk management. As the creator of Xerox's Information Security Risk Management Center of Excellence, Stutsman leads more than 50 business units in the design and implementation of a global security governance framework and a cross-functional Electronic Security Emergency Response Team. The mother of five also founded and chairs the Rochester Area Information Security Forum.
Treasurer, International Information Systems Certification Consortium (ISC)2
Gilmore has held many infosecurity positions, from director of security of a financial institution to cyberdean of InfoSec University. But it's her work with two influential organizations that earned her a spot on our list. Rather than do the minimal to maintain membership, Gilmore has held key positions at both the Information Systems Security Association (ISSA), where she was named its first Honor Roll member; and (ISC)2, which governs the CISSP. She was instrumental in crafting (ISC)2's new systems Security Certified Practitioner (SSCP) credential. Today, she's cochairing the ISSA-(ISC)2 Foundation Task Force, which is promoting security education, research and credentialing.
Director, Office of Planning and Partnerships in the Information Analysis and Infrastructure Protection (IAIP) Directorate, Department of Homeland Security
Wong is one of the key people--if not the key person--responsible for forging private-public partnerships to protect the nation's critical infrastructure from cyberattack. She came to government with an intimate knowledge of security for a vital utility as head of Pacific Gas & Electric's computer and network operations. She led the national risk assessment team for the Critical Infrastructure Assurance Office, which helped develop Presidential Decision Directive 63 on Protecting America's Infrastructure in 1998. In her government leadership roles, she has created government partnerships with key business organizations, including the National Association of Corporate Directors and the Institute of Internal Auditors, as well as state and local governments.
Executive VP for product delivery and response, Symantec
Already established as one of the top women in IT with a strong management track record at Compaq and Hewlett-Packard, Hamilton continues to make her mark at Symantec, where she's a key player in making the billion-dollar giant the one-stop source for all things infosecurity. As the executive responsible for developing and marketing the full range of Symantec's solutions, Hamilton has steered the company through its aggressive strategy of acquisitions--witness last year's purchase of MSSP Riptech, IDS vendor Recourse Technologies and intelligence service Security Focus--integrating management, cultures and products.
Principal Scientist and Area Manager, Palo Alto Research Center's Security Group
Privacy and information sharing is the goal of Lunt's attention. Lunt is the principal architect behind a Department of Homeland Security program to make the government's Terrorism Information Awareness program more efficient without violating individuals' privacy. It's the latest effort in her illustrious 20-year research career, which has produced the underlying technology for network-based IDSes and database security tools. If Lunt's latest endeavor is successful, she'll create technology that will make information sharing, statistical analysis and data mining less invasive and more secure.
Jennifer Stisa Granick
Executive Director, Stanford Law School's Center for Internet and Society
Count on the provocative Granick to help us continually redefine the fine line between national security and civil rights. As one of cyberlaw's leading attorneys, with more than a decade of technology litigation experience, Granick heads Stanford Law School's Cyberlaw Clinic, which pairs students with working attorneys on active cyberlaw cases. She also remains a favorite speaker at popular infosecurity conferences and hacker conventions. The two case law areas she's most passionate about are computer crime and electronic surveillance.
Sandra (England) Bergeron
Executive VP of Corporate Development and Strategic Research, Network Associates
The face and focus of Network Associates is being rebuilt, in large part under the tutelage of Bergeron. She's principally responsible for overseeing the strategic vision of the security software company as it transitions from antivirus to more holistic intrusion prevention solutions. She's integrating the functionality of Network Associates' McAfee antivirus and content security solutions, Sniffer network management products and the intrusion prevention technology acquired from IntruVert Networks and Entercept Technologies.
Kendra L. Martin
CIO and Director of Security Program, American Petroleum Institute
As the API's CIO, Martin implements security programs, oversees internal technology systems and manages cyberdefense and homeland security policies. That puts her in a position to influence how and by when power plants improve their antiquated infosecurity infrastructure. In addition, Martin provides security advice to three industry boards, including the Technology Policy Council for the U.S. Chamber of Commerce.
Author and CISO, Pacific Life
Like few others, Krause has devoted her time and energy to cultivating the profession of infosecurity. The 2002 Hal Tipton Award winner has held numerous executive leadership positions in ISSA and (ISC)2, and is one of the industry's leading advocates for professional certification. Along with Tipton, Krause edits the highly respected Information System Security Handbook, now in its sixth edition.
President & CEO, Alta Associates; Founder, Executive Women's Forum on Information Security
As head of one of the top IT recruiting firms, this New Jersey native is the godmother of infosecurity executives and practitioners everywhere. Through her extensive personal and professional network, she has placed scores of men and women in top security positions, and fostered people's careers from entry-level admins to CISOs. Her latest endeavor is the Executive Women's Forum on Information Security, an event being held this month exclusively for leading women in the security field.
CEO and Cofounder, Guardent
Under Cirino's direction, Massachusetts-based Guardent has quickly become a leader in the highly competitive managed security services market. When founding Guardent three years ago, Cirino identified the potential market for protecting e-commerce ventures. She won the backing of top-flight investors to ensure funding as the economy stumbled. Recognized as one of the leading women in business, this 18-year high-tech veteran's honors include Ernst & Young's Entrepreneur of the Year for Business Services and being named to the Women's Business Hall of Fame.
Senior Trustworthy Computing Strategist, Microsoft
With the spotlight still very much on Microsoft's Trustworthy Computing initiative, those charged with ensuring security is embedded in every process of the company's software development are on the hot seat. That includes Koehler, a senior strategist with eight years of experience making sure customer and partner loyalty aren't forgotten. Koehler came into her current position in October 2002 after overseeing global operations in Europe, Africa and the Middle East. Her current role: helping the software giant culturally shift toward a workforce dedicated to security from product development through deployment.
Jana D. Monroe
Assistant Director, FBI Cyber Division
FBI director Robert Mueller tapped Monroe last year to oversee the agency's new Cyber Division's education and investigation initiatives--two areas bound to grow in importance given current geopolitical and domestic environments. Monroe, a former special agent, has more than two decades of law enforcement, public corruption and white-collar crime experience. Now, she oversees all FBI inquiries related to federal computer crime allegations, including hacking, social engineering and insider exploitation. Expect to see her name in the papers as the government pushes for more cybercrime prosecutions.
Executive Director, Electronic Frontier Foundation
The Philadelphia-area native has a few years invested in setting the EFF's direction for protecting online civil liberties, currently focusing on government surveillance under the USA PATRIOT Act, intellectual property law for the digital era and securing digital voting and democracy tools. The mother of two also serves as an advisor to government committees, including the National Research Council on U.S. encryption policy. As cofounder of Bridges.org, Steele works to ensure sound technology is established in developing nations.
Author; Founder, Logical Security
This former U.S. Air Force red teamer wrote the industry's leading tome on CISSP certification, CISSP: All-in-One Exam Guide, and commands top dollar as a seminar leader. Harris recently launched Logical Security, a multimedia training company, through which she'll educate the next generation of CISSPs and security pros.
CISO, Time Inc.
Few practitioners have Guttmann-Stark's depth and scope of experience in Fortune 500 infosecurity. The former Gartner Group senior research analyst has guided high-level risk management strategy for several international corporations and, most recently, led the infosecurity policy, strategy and architecture efforts for Capital One Financial Group. Since July 2000, she has been responsible for the enterprise information security program at Time Inc., as well as the application security of systems used by AOL/Time Warner corporate.
Chairperson, National Executive Board of InfraGard VP of enterprise services, eCommSecurity
Expanding the infosecurity community is Schneck's mission. Since becoming the national chairperson of the FBI's InfraGard program in 2001, she's focused on expanding the public-private infosecurity information exchange membership, expanding it from 5,000 to 9,000?and counting. Schneck, who holds a Ph.D. in computer science, learned early in her career that bringing people together with different experiences and skill sets can solve huge, complex problems. Her goal: Make InfraGard a model for other public and private organizations for sharing information and collaborating on security problems and threats.