The finalists for WashingtonExec’s Chief Officer Awards were announced April 15, and we’ll be highlighting some of them until the event takes place virtually May 27.
Next is Chief Information Security Officer Award finalist Amy Howland, who was vice president and CISO at Perspecta. Peraton acquired Perspecta in January. Here, she talks professional achievements, proud career moments and turning points, primary focus areas and more.
What key achievements did you have in 2019/2020?
Being part of a team that was able to successfully integrate two companies with disparate cultures and systems into a single, cohesive Perspecta network was a phenomenal achievement. It was the work of many people, that I am proud to say I had a role in.
What has made you successful in your current role?
My team, my peers and corporate leadership. Having a tremendous team who supports me and always tries to do the right thing while weighing cybersecurity with the needs of the business has made us all successful. Being successful in this role, means having buy-in and support from more than just a few people. It takes the support of the IT operations team as well as the extended OCIO team who help support and implement what needs to be done from a cybersecurity perspective.
On top of that is having the support of my direct and extended leadership who help make sure we are able to achieve our goals.
What was a turning point or inflection point in your career?
Becoming the CISO at CSRA. I had been practicing cybersecurity, largely in a consulting role or overseeing teams supporting customers. Reviewing policies, advising on what should be implemented or what should be remediated. Basically, as I realized later… telling people what to do.
When you are a CISO of an organization, or really part of an internal corporate cybersecurity team — it is then on you to actually DO all of the things that you have been telling people to do all these years. Doing versus telling is VERY different! It has provided me with a much different perspective on how difficult it often is to implement an organization-wide solution successfully.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
A current focus for myself and my peers in the Defense Industrial Base is attaining a Cybersecurity Maturity Model Certification. This is making sure that companies supporting the Department of Defense have an environment that is capable of securely storing customer sensitive and/or Controlled Unclassified Information on their networks.
This is an extremely collaborative effort between the CISO and IT operations areas, as well as with other organizations within the company, such as HR, facilities, CSO and the business groups. CMMC goes beyond the initial NIST SP 800-171 controls.
Aside from just making sure that those controls are implemented, CMMC requires companies to have written policies, processes and plans that show maturity. Our nation’s supply chain directly impacts our national security. Attaining CMMC certification, and doing it right is an important focus.
Looking back at your career, what are you most proud of?
I feel fortunate to say that I am really proud of where I have been able to work, and what I have been able to see, do, learn and contribute in making other companies better and/or more secure. I began my career as a financial auditor for Ernst & Young. That was a phenomenal organization to grow up in; I learned so much. The companies that I was able to interact with were remarkable. I was able to build a solid business-focused foundation, and from a financial perspective, understand what the crown jewels were from many different industry types and companies.
I helped take companies through the IPO process prior to moving into one of my favorite things — being an ethical hacker. Making that ask and having the support from the partners and leaders at E&Y helped to change my career path. Becoming an ethical hacker was one of the coolest things I’ve done, and something I am still proud of today. I learned so many skills that continue to be important in what I do, even though I don’t do penetration testing myself any longer.
That foundational understanding of cyber helped me further my career in cybersecurity, where I was exposed again to many different customers and industries. I was able to see how cybersecurity was done from a cultural and global perspective, as well as how it changed based on the industry and requirements.
Again, I think I am fortunate to have been able to see many sides, starting in commercial and moving into the federal space. Becoming the CISO at CSRA has been a moment that I continue to be proud of. I was given the chance to become a CISO of a large, integrated, corporation supporting many federal government customers, to include the Department of Defense. I was proud of my role and what I and my team could contribute to making our company, and the new network we were building, secure.
I continue to be proud of what I do as the CISO at Perspecta, another integrated company. Building relationships with my peers and creating an environment we ALL can be proud of is something that I am very proud of.
What’s your best career advice for those who want to follow in your footsteps?
Go for it! Don’t be shy. Work hard, be a contributor. Listen to the issues and offer constructive ways to fix them. Be a leader. This doesn’t mean be the loudest or the most heard. It means do meaningful work and be recognized for it. Hard work does pay off.