Six CISOs share practical wisdom from the front lines of security leadership
Once a month, CISO Series hosts an AMA (Ask Me Anything) on r/cybersecurity. Our May AMA brought together six accomplished women CISOs from diverse backgrounds to answer questions about the challenges and realities of leadership in cybersecurity. Some shared their experience navigating a male-dominated industry. Others focused on practical advice for building teams, transitioning roles, or charting a path into the profession.
While this AMA was framed around representation, it delivered so much more: tactical insights, executive-level clarity, and human stories from the top of the security ladder.
Got feedback? Join the conversation on LinkedIn.
Here are the key lessons that stood out.
1. Donโt let others define your path.
Q: What challenges do you face as a woman in cybersecurity, and how do you deal with them?
“I really stopped caring about those types of reactions and focused far more on perfecting my exec leadership skills as well as communication with board/executives. That will move me forward and give me more opportunities.”
โโฏ Patty Ryan, sr. director & CISO, QuidelOrtho
It’s not about ignoring bias. It’s about refusing to let it define your performance or your potential.
2. Leadership is not one-size-fits-all.
Q: What do you need to succeed as a CISO? How much is technical vs. business?
“You need both. You will not get a company to fund you if you do not have the business acumen to understand how to ask for money… But you also need to understand tech so that you aren’t overspending or making stupid decisions or securing Fort Knox when you are working for McD’s.”
The most successful leaders donโt pick sides. They learn the language of both business and tech, and coach their team to do the same.
โ Hadas Cassorla, JD, MBA, CISSP, principal consultant, SideChannel
3. Experience is built, not given.
Q: Whatโs the best entry-level role that builds toward becoming a CISO?
“I’d say an audit, risk or governance role. Learning how security programs are built from the ground up is very beneficial… Everyone should have some experience in this for the context it provides.”
โ Krista Arndt, associate CISO, St. Luke’s University Health Network
Security careers donโt need to start with hacking tools. Roles like audit and governance build decision-making instincts that translate well to executive leadership.
4. Certification isnโt your only credential.
Q: Do I need certifications to start a career in cybersecurity?
“I don’t personally care if someone has them. I’d rather you tell me you set up a system in your basement to learn how something works.”
โ Hadas Cassorla, JD, MBA, CISSP, principal consultant, SideChannel
Credentials help. But proof of curiosity, hands-on experience, and initiative can matter more than a line on a resume.
5. Be usefulโcerts alone wonโt cut it.
Q: How should I break into cybersecurity without a lot of experience?
“Your next step is not to get certifications. Go get a job thatโs below what you consider entry level and make yourself useful to the security team at that company.”
โ Renee Guttmann, founder & principal, Cisohive
Certs might open doors, but usefulness keeps you in the room. Be the person solving problems, not just collecting badges.
6. Step outside your comfort zone.
Q: What helped you rise into a leadership role?
“At one point, I was volunteering as a yoga instructor, a wellness webinar host, an ERG panelist, a finance mentor. All of it helped.”
โโฏMandy Huth, CISSP, CIPT, QTE, svp, CISO, Ultra Clean Technology
Leadership isnโt just about expertise, itโs about influence. Mandy built hers by showing up across the business, not just inside the security org.
7. Translate tech into trust.
Q: How do CISOs get the funding and support they need?
“If youโre not learning how to present information in a compelling way, youโre not going to get the funding, resourcing, or respect your team deserves.”
โ Bethany De Lude, CISO emeritus, The Carlyle Group
Being right isnโt enough. Bethanyโs advice is to speak in terms the business understands, because the real job is getting people to act on your expertise.
Final Thoughts
This AMA delivered a reminder that wisdom in cybersecurity leadership doesnโt always come from books or frameworks. It comes from experience, and the willingness to share it. Whether they were advising students or speaking hard truths to their peers, each participant brought clarity and candor that benefits the entire community.
Want to explore more from this discussion?
Read the full Reddit AMA thread here
Join us next time!
CISO Series will be hosting another AMA on r/cybersecurity next week. It all begins at 5PM ET/2PM PT on Sunday, June 22, 2025, and will run through Saturday June 28, 2025. Stay tuned to CISO Series to learn how to participate!