If You Don't Conceive it, You'll Never Achieve it


Leadership Profile
Written by Linda Luty

Stephanie Franklin-Thomas

CISO

Motiva

June 2020

How many IT workers have, after working in the field for some time, woken up one day and realized, “I am a cybersecurity professional”?

For Stephanie Franklin-Thomas, CISO at Motiva, this happened after spending years working in IT.

Reflecting on her journey, Franklin-Thomas said, “20 years ago, this was not a major discipline where people thought, ‘I want to be a cybersecurity professional.’ That just didn’t exist.”

Franklin-Thomas took some time to reflect on her journey to the role of CISO, growing diversity in IT and cybersecurity, and her strategy for leadership, business enablement, and professional development.

Flexibility and Fun

The language used to describe leadership is making an important shift from the paradigm of managing people to truly leading them, Franklin-Thomas said. Leading a remote team amidst a pandemic has required a flexible and adaptive leadership style.

“Leading a team in this environment changes by the person, because everyone has reacted to this environment a little differently. What works for one person won’t always work for others. So, I see myself as leading on a spectrum,” she said.

Establishing a “family environment” with her team, demonstrating transparency and adding levity to interactions have helped Franklin-Thomas support her team over several weeks of remote work.

“One of our core objectives at Motiva is having fun, making a difference. Keeping that in mind, going into this we decided at the beginning we were going to inject some really fun team building activities throughout the weeks,” she said.

Encouraging her team to do things that bring them joy, hosting virtual happy hours that contain fun activities such as scavenger hunts or party games, and creating question- of-the-day trivia for the team members who are working towards the achievement of their CISSP certification are a few things that the team has enjoyed while working remotely, Franklin-Thomas said.

The Path to Leadership

The growth of the cybersecurity field has been a function of necessity as technology and threats have advanced. But even with explosive growth, a lack of diversity has been a pain point that is only recently starting to shift, said Franklin-Thomas.

“I think what is driving the diversity trend is that we are seeing more women in cybersecurity and IT in higher-level roles and younger women entering the workforce are now able to see themselves in those roles and can aspire to be in the same place,” she said.

When Franklin-Thomas began her career, her colleagues were mostly men, and it took years before she could visualize a career as a CISO. About 10 years into her career, one of her mentors, a former CIO, who, like Franklin- Thomas, is a woman of color, asked her a very important question: what did she want to do? It wasn’t until Franklin- Thomas said aloud that she wanted to be a CISO that the pathway became clear and doors started to open.

“I truly am a believer that people have to be able to envision themselves in that role in order to achieve it. In any part of your life, if you don’t conceive it, you’ll never go after it. But as soon as you do, it’s amazing what any one person can achieve, you just have to recognize that it’s what you want,” Franklin-Thomas said.

Demonstrating Value, Building Relationships

Explaining technical concepts to executive leaders without a background in cybersecurity is often a challenge for CISOs, said Franklin-Thomas.

“I use my husband, who is a medical professional with no background in cybersecurity, to rationalize my ideas and develop my analogies for speaking. I know that if we can have a dialogue about it, then I can turn around and explain it to my CEO or my CFO and it will make sense,” she said.

Asking for funding to defend against what might be seen as an esoteric threat can also be an obstacle for CISOs to overcome.

“My advice to anyone who is trying to do that is to demonstrate value before you ask for anything. I want to be able to show what we can do as a cybersecurity group, what value we can bring, and that way when I come back to the table and I ask for funding, leadership already knows why I’m asking and that I’m going to deliver upon my commitments,” she said.

Franklin-Thomas encourages everyone in cybersecurity to take this approach, because unfortunately the value of cybersecurity is not always appreciated or understood until something happens, much like health insurance.

The Best is Yet to Come

There are many benefits of working in a field that has seen explosive growth, relevance, and shows no signs of slowing down. When asked about the future of digital transformation, Franklin-Thomas was curious to see if the rate will continue given the current economic environment.

“In cybersecurity, I am a believer that we should continue to work towards evolving maturity through digital transformation. However, my advice is to look at digital transformation in terms of ‘what is the problem you’re trying to solve?’ If you understand the root cause of it all, you can better evaluate whether it is something you truly need to invest in and push ahead,” she said.

Over the course of a career, there will be many milestones and accomplishments. When asked about her biggest achievement, she said, “I don’t think I’ve had my greatest achievement...yet. The reason I can say that is in the world of information and cybersecurity everything is evolving. World dynamics, possible threats, possible risk, technology to enhance the way we work, are all evolving; thus, to be effective I need to evolve too. So yes, I can cite various projects, security programs designed and implemented, challenging situations managed, but the reality is I still have a lot of great achievements that are yet to happen as a result of some things I’m doing now, so I’m not ready to claim one yet.”

Personal and professional growth can also come from valuable peer-to-peer relationships. “Frankly, I would rather learn from my peers and act, rather than finding out about an unexpected vulnerability on an audit or assessment, or worst yet through an incident,” she said. “Everybody has something to offer, and we have to be in tune enough to listen. Keep sharing, even if you think no one is listening or if you think what you’ve done isn’t ‘impressive.’ Someone is currently or will have to navigate a project or situation you have just worked through. Be involved where you can, and share your story, and learn from the story of others,” said Franklin-Thomas.

 

Special thanks to Stephanie Franklin-Thomas and Motiva.

by CISOs, for CISOs


Join the conversation with peers in your local CISO community.

LEARN MORE