Christine Whichard is Global Chief Information Security Officer & SVP Enterprise Technology/Systems at SmartBear, earning the CISO title in 2022.

Christine joined SmartBear in 2018 and has been an instrumental leader in the company’s cybersecurity plans, including an overhaul of its Information Security program. Christine has a successful record of accomplishments spanning over 20 years with a unique balance of both business and technical experience. Prior to SmartBear, Christine was SVP, Client Engagement and Operations at Videology (now part of Amobee) for nearly seven years. She was also Senior Director of the Technology Solutions Group at Merkle, a global performance marketing company supporting nearly 10,000 employees and 50 locations. She has held various roles in data analytics for and Medstar Health, among others.

What was your first job?

My first job was as a waitress for TGI Friday’s, and I loved every minute of it. I totally killed it and sported my stripes and my best “flare,” 21 pieces required! Multi-tasking was my specialty and that has carried over to my current role. I totally get made fun of for this job to this very day.

How did you get involved in cybersecurity?

At a very young age, I have always been interested in technology and curious about how things work. I love to “unpack” complex problems to troubleshoot and find solutions. The more challenging and complex, the better! So, when SmartBear needed a leader to take on cybersecurity, my technical drive and curiosity led me to deep dive into the cybersecurity domain which has resulted in new discoveries, new relationships, and new opportunities, and where I have experienced the most growth.

What was your education? Do you hold any certifications? What are they?

I have a bachelor’s degree in economics from Fairfield University in Connecticut, and for the record, I had no interest in being a financial planner or accountant. I am a member of ISACA, ISSA, and the CISO Executive Network. I am in the process of obtaining the CISM certification.

Explain your career path. Did you take any detours? If so, discuss.

I am the master of twists, turns, and detours. Going from a waitress at TGI Fridays to a global leader of information security for a software company took a few pivots here and there, and that’s the best part. My career path can be encapsulated into three L’s. To grow in your career, you must continuously LEARN through your challenges and interests, LIVE and experience your interests, and LOVE what you do. Wherever that takes your career is the exciting part of the journey.

Was there anyone who has inspired or mentored you in your career?

Personally, my grandfather has been an inspiration to me in my career. He was a second-generation Italian who grew up in tenement housing in the west end of Boston. He came from a terrible living situation and overcame many obstacles to build two successful glass businesses that his grandchildren run today. His perseverance and grit have long inspired me.

What do you feel is the most important aspect of your job?

My job is all about gaining the best possible visibility into our threat landscape so there’s early detection and response while understanding where potential behaviours can translate into reducing business risk while taking on your adversary head-on. I work every day to be proactive at this, not reactive, while thinking through not just what we need in the next six months to keep SmartBear secure, but what we need in the next decade as technologies like artificial intelligence (AI) and machine learning (ML) turn the tables on security. The evaluation, rollout, and optimisation of technology require your investment, focus, and commitment.

What metrics or KPIs do you use to measure security effectiveness?

Measuring the effectiveness of security is quite different than measuring return on investment (ROI). We measure risks based on likelihood and impact by what we can control here and now, and at the same time, forecasting where the next cybersecurity “storm patterns” may be coming from. It’s part art and science. The bottom line is, we cannot improve if we can’t measure it in some fashion. There is a bevy of the standard metrics such as mean time to detect and mean time to respond, but at the end of each day for me, what we measure is how much risk a business is willing to absorb while keeping its products, partners, customers, and employees safe. Visibility is paramount as I have learned over the years that we cannot protect and defend what we can’t see. What security incidents did we avoid? What data breaches did we avoid? And what associated costs did we avoid by not having an incident or breach? Those accruing costs – remediation costs, legal fees, impact to revenue – can get very large very quickly.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill?

I think cybersecurity teams everywhere continue to struggle with hiring and retention, a problem that cannot be solved with just tech. Cybersecurity professionals come from non-traditional backgrounds and experience, and it is important to understand what motivates them, much like me, my core is based on varying life and professional interests and experiences. I pride myself in finding talent in unusual places and to see the potential in people we can learn from as well as coach. Some of the best cybersecurity talent I have run into have music backgrounds, love art, and have more often than not worked at TGI Fridays…just kidding.

Cybersecurity is constantly changing – how do you keep learning?

Oh wow, how can I not learn from being in the cybersecurity field? There is not one day that goes by that there isn’t something that I haven’t seen before, and I dig right in and learn. So, I think it comes with the territory that if you want to be part of cybersecurity, you need to be prepared to learn, learn, learn – as part of your role.

What conferences are on your must-attend list?

I am always on the lookout for more “grassroots” conferences in general, not just in cybersecurity, as I think that’s where communities of interest really grow and make impact amongst each other. Don’t get me wrong, I love good swag at conferences, but for me, it’s the impact of practitioner-led conferences like Security BSides.

What is the best current trend in cybersecurity? The worst?

The future of cybersecurity is AI and ML. The automation that AI is bringing to security is helping us to better understand the risks, threats, and vulnerabilities. It’s giving us critical visibility we need to stay protected. AI is improving efficiency, reducing costs, and saving time with security challenges.

The worst trend is the increasing number of technology solutions. The cybersecurity market is flooded. However, throwing technology at every problem is not the answer. Today’s complicated tech stacks are creating more blind spots. We must simplify our tech stacks to minimise potential threats.

What’s the best career advice you ever received?

Dreams don’t have deadlines. Meaning, don’t be in a rush to constantly achieve the next rung in the corporate ladder or let titles define where your career passions are. Do what interests you so you can keep learning and contributing.

What advice would you give to aspiring security leaders?

Don’t be afraid to come to the table with solutions that you are not 100% sure will solve the problem. Don’t be afraid to not know all the answers. Cyber criminals are working hard. It’s impossible to have all the answers. Also, bring your excitement and passion around cybersecurity to the table. That positive energy transfers to others on your team. At the same time, show up every day as your authentic self. Be the person you are and not the person you think people need you to be. Never compromise who you are. Don’t be who somebody wants or needs you to be. This can make all the difference in a successful career in cybersecurity.

What has been your greatest career achievement?

I gauge my achievements on how and what I have contributed both in life and in my career. I have my own internal gauge, and it is fueled by the impact I can make. I have run over 17 marathons, 12 of them being the Boston Marathon, supported animal rescue for many years, and even faced off with a huge deer on a bridge…a long story for another time, but the achievement dearest to my heart is my family.

Looking back with 20:20 hindsight, what would you have done differently?

I would have worn a ton more flare when I worked at TGI Fridays. It would have made more people smile.

What is your favourite quote?

“Great leaders are almost always great simplifiers who can cut through argument, debate, and doubt to offer a solution everybody can understand.” – Gen. Colin Powell, former U.S. Secretary of State

What are you reading now?

The Body Keeps the Score by Bessel van der Kolk, M.D.

In my spare time, I like to…

Jump into any endurance sport.

Most people don’t know that I…

Don’t like sweets BUT have a major weakness for flourless chocolate cake. I keep telling myself it’s healthy for me.

Ask me to do anything but…

Go bungy cord jumping in South America…they just don’t have the regulations (LOL).

Read more from our inspirational women here.