It’s not easy being a woman in a profession mostly dominated by men. But Provation Medical CISO Milinda Rambel Stone says one of the secrets of her success is to radiate confidence about her skills and knowledge.
“You have to remind yourself that you are as skilled and as good as any other,” she says. “And I built that confidence over the years by having wins in my career in software engineering, and in security. I’m very strong willed, so I never let the gender issue get in my way.”
One of the things she is most proud of as a CISO is her mentoring work, pushing for diversity in cybersecurity. “There is significant potential here,” she says. “And the good news is that one does not have to begin with great technical knowledge. You can learn that. I can teach you that,” she says.
Instead, what spell success in the field are skills that people already have but probably do not recognize as important in security – being analytical, being a good communicator, being a problem solver. “It’s likely one already has these things,” Rambel Stone says. “You just have to think about how to use these in security.”
Over the course of her career, Rambel Stone has built security engineering leadership programs at three different companies. “I have recruited, as interns, people who didn’t have any direct security experience. I ultimately hired them. It’s a great way to pay it forward in our industry: bringing people into security and making them passionate about it.”
Starting from a detour
While Rambel Stone has found her passion in cyber, it did not appear that way in the beginning. The plan was to go to medical school – she just needed to go take some science prerequisites. When she was doing this, however, she got a volunteer job at the University of Minnesotta’s National Institute of Health Studies, building their healthcare software.
“I thought it was the perfect set-up, because I could work full time, take my classes and pay for them, and go on to med school.”
She was beginning to enjoy her volunteer work when she learned that the university was offering a graduate degree in software engineering. She then started wondering whether that might be a better path. “I was doing the things that this program offers, but I am not trained to be it. So, why not do that and be recognized in the industry for being qualified to do this work?”
“When I finished my masters, I knew I needed to stay in software, needed to be an engineer. It was easy to forego my dreams of a medical career because by the time I graduated, software engineering had become such a big deal.”
Rambel Stone helped find ways to better understand fraudulent behavior, suspicious activity and patterns that showed which user was likely to commit fraud. From there it was easy to hop over to security and compliance. “I knew it was my calling to pursue this.”
Security threats have evolved in so many different ways, Rambel Stone said. “Just as they have increased in volume and complexity, there is also an increased need for organizations to understand where the threats are, and that there are many different variables to pay attention to.”
Even predictive analytics, which got her into security in the first place, has to be done in an automated way. “We can’t approach things in the manual way we used to. It’s too much work and too much complexity.”
The evolution is happening as we speak. Security automation is already starting. “The more we can automate from a security perspective, the more successful we will be in protecting our environment. Automation allows you more visibility in different areas of risk, and so security must really be embedded in development. You can only be truly safe if you cover all your bases.”
The right conversations
Rambel Stone’s current role constantly tests her ability to prioritize. “There are lots of competing factors in security, lots of things to do, you will never have enough resources to get it all done.” In determining which tasks are more important than others, she has one criteria. “It could not be what is good for Melinda, but what is good and right for the organization. I always focus on framing security issues as a business question so that our executives can make business decisions around it.”
It follows that the biggest demand on a CISO is the ability to demonstrate business value. “My executive team is supportive, and they hired me precisely because of my expertise in security.” This expertise however does not mean that she could spew technical terms and expect the C-suite to understand.
“I approach security conversations from a business perspective,” she says. “Instead of instilling fear through depicting doomsday scenarios, I take the security issue and put it in the context of the business direction and the risks it wants to take.”
In relation to this, a good CISO also needs to be a good communicator who is compassionate and focused on team building. He or she must be a teacher, helping people not only understand what is going on but also getting them to be part of the solution.
A contagious passion
On a particularly challenging work day, Rambel Stone steps away from her computer and tries to put everything into perspective. “I do this to first remove myself from the situation so I can go back in fresh and objective.”
She has come to be passionate about this field that she no longer thinks what could have happened if she pursued medicine.
She tries to impart this zeal to many – even to individuals that may not have the security experience but who possess the skills, attitude, and the hunger for learning.
“Cybersecurity is an amazing field with lots of opportunities for growth and potential,” she says.