Heather Gant Evans

I became involved in cyber security after I started working at the consultancy firm Booz Allen Hamilton. During my time there, I was given the opportunity to support the US Air Force’s Cyber Command as a cyber threat intelligence analyst because of my background in technology management and as an all-source intelligence analyst in the US Army Reserves. Working in cyber threat intelligence was a fantastic first role to have because I was able to immerse myself in cyber threat reporting and build a solid understanding of the cyber threat landscape and cybersecurity terminology.

After that, I worked with Ernst and Young to develop their Cyber Threat Intelligence service offerings, as well as build cyber threat intelligence programmes for companies. My career path kept growing by putting myself forward to take on broader challenges. For example, I raised my hand to help build out security operations centres, cyber exercise programmes, cyber resilience programmes and ultimately entire cybersecurity programmes.

In my current role, I am Chief Information Security Officer (CISO) at SailPoint, the leader in identity security. I’m responsible for corporate and product security across the business. In my role, I love that I also get to be customer number one of our products and engage with our diverse and elite customer base.

Did you ever sit down and plan your career?

I would like to be able to take credit for being the master architect of my career, but I have never sat down and been that prescriptive. I would have never, on my own accord, dreamed of being where I am today. My career unfolds as a matter of preparation meeting opportunity. I prepared by always being curious about the functions tangential to the one I was focused on, maintaining a customer and partner-centric approach to my work, communicating to both technical and business leadership levels, and relentlessly focusing on operational excellence. In doing so, I stacked up champions who propelled me to dream bigger and opened opportunities for me.

What career challenges have you faced?

The biggest career challenge I have had to date is dealing with grief at the workplace. We don’t talk about this much, and even now whilst typing this, it feels taboo. I worked through this by taking my full bereavement and then once returning to work, continuing to heal with the help of a coach and therapist. It takes more than your own hands to pick up the pieces at times and I was very thankful to a peer at work who encouraged me not to delay processing my grief by diving deeper into work.

What has been your biggest career achievement to date?

I am proudest of my focus on creating inclusive teams that look more like our communities and customer populations. I have done this by leading book clubs and discussions on anti-racism, prioritising networking and educational events for diverse team members, and purposefully seeking out non-STEM backgrounds to build a more diverse team. In building more diverse teams, I have built stronger cyber security programmes for the benefit of all business stakeholders.

What one thing do you believe has been a major factor in you achieving success? 

I wouldn’t be in the position I am today without those that have inspired me and my network of mentors and champions.

What top tips would you give to an individual who is trying to excel in their career in technology?

The best career advice I ever received is to research and role-play the target audience, to best anticipate their questions and concerns. Any career in tech, and especially in security, requires you to understand what your partner teams, customers, and other stakeholders really do and need. It’s important to reach out and understand their day-to-day, and to make a strong connection. Establishing these relationships will enable you to weather challenges – especially those that come with leadership roles – so much better, and develop a deep understanding of how to help people around you.

What is the biggest barrier for women trying to succeed in cyber security?

I think the biggest barrier is the lack of approachability in how people in cybersecurity talk about cybersecurity opportunities and roles. To overcome this, we need to drop the overly technical jargon and write approachable position descriptions that clearly articulate which non-traditional skills and backgrounds would excel in this role. We need to include language that encourages those folks to apply, and equip recruiters with details on non-traditional backgrounds to do proactive outreach in order to fill open roles.

What do you think companies can do to support the careers of women working in technology?

I personally feel that the most impactful thing that can be done to support the careers of women is at the individual level – identifying a woman you believe in, telling her you believe in her and why, and then advocating for opportunities for her when she isn’t in the room.

If you had a magic wand, how would you improve the 21% female representation in tech?

If I could use a magic wand, I would eliminate the subliminal gender assignment to certain professions that little boys and girls pick up on within our culture. This is the hardest barrier in getting little girls excited about STEM careers. I love seeing more STEM television programmes and toys geared towards little girls for this reason.

What resources do you recommend for women working in tech?

The most powerful resource for women in technology is the community itself. Reach out and get to know your local women in technology however works for you. Introduce yourself and set up a casual gathering over a nice glass of wine and of course, you can always join a WeAreTechWomen event!