Secret CSO: Mary Gardner, F5 Networks

Secret CSO: Mary Gardner, F5 Networks

Name: Mary Gardner

Organisation: F5 Networks

Job title: Chief Information Security Officer

Date started current role: July 2018

Location: Seattle, Washington, USA

Mary Gardner has worked in Information Security for over 15 years and has experience in fraud prevention and compliance. Before joining F5 Networks she worked in the not for profit sector.

What was your first job? My first job was working as a bookkeeping assistant for my mum at a camera store when I was 15.

How did you get involved in cybersecurity? It's a bit of a roundabout story. I earned my Bachelor's degree in Biology, but I quickly realised that it probably wasn't going to be a career that could support me. After graduation, I held several jobs before finding my place working in tech for a small software company in New Mexico. My role was to assist people in building and securing small networks.

What was your education? Do you hold any certifications? What are they? I studied for my undergraduate degree in Biology at Trinity University in San Antonio. I also spent a couple of years of graduate work at the University of New Mexico.

Explain your career path. Did you take any detours? If so, discuss. I didn't. Once I found tech, and more importantly, cybersecurity, I immediately knew it was my calling. This industry moves really quickly and that's exactly why I love it. It allows me to continually learn and grow.

Was there anyone who has inspired or mentored you in your career? While I was working in Washington, one of my colleagues took me under her wing and helped me develop into a senior manager. I owe her a lot. She was amazing and gave me a lot of great advice. There was also another woman that I watched quietly teach people about security. She has had a huge impact on many careers. If you mention her name to anyone in the industry, it's very likely they'll know her. It just goes to show the importance of having more women working in the industry that set an example and continually encourage development.

What do you feel is the most important aspect of your job? The most important aspect of my job is to educate, train and help people to better understand cybersecurity and risk. We can implement as much tech as budget and appetite allows, but the last mile is the people, staff and the customers who are the most important link in the security chain. There is nowhere to hide if you get it wrong, so it is crucial that I ensure everyone is continually educated to understand the risks.

What metrics or KPIs do you use to measure security effectiveness? We measure a range of factors, including training progression, phishing attempts, frequency of prevention system activation, as well as internet traffic and context. Metrics constantly evolve as the threat landscape broadens. There is always a new threat on the horizon, so we increase our threat intelligence monitoring and action efforts accordingly.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Few organisations are unaffected by limited access to security talent.  Hiring the right talent is tough. It is a highly competitive field and it can take time to fill vacancies. The biggest challenge facing the industry relates to threat hunting, security engineering and development. These are areas where we really need people with a strong security background.

Cybersecurity is constantly changing - how do you keep learning? I try and dedicate time each week to read security publications and spend time with our threat research team in F5 Labs to get insight on the latest developments. I also stay in touch with other security professionals and CISOs to share and gather information.

What conferences are on your must-attend list? RSA stands out for the breadth and depth of the information it provides. I also head to a local Seattle-based gathering of cybersecurity professionals that takes place each quarter.

What is the best current trend in cybersecurity? The worst? The best trend right now is the realisation that we really need to attract more a more diverse, curious and youthful workforce. Naturally, this includes engaging more women. This is one of the best things we can do close the industry skills gap and unlock new routes to innovation. 

The worst trend is that companies and cybersecurity teams are often focused on finding an all-encompassing technological silver bullet. It's a myth. Instead of going after unattainable solutions, we should work to build strong teams, programs and processes. At the end of the day, we need to facilitate good decisions about risk and cybersecurity investments. Spending money on tech is just half the solution. The missing piece of the puzzle is all too often investing in people and their ongoing education.

Best advice you received? Be yourself. When I really focus on doing what I love, in an environment where I can be myself, I am much more motivated and likely to perform better.

What advice would you give to aspiring security leaders? Be curious, do your research, be technically adept and focus on people, behaviour and risk.

Looking back with 20:20 hindsight, what would you have done differently? I probably would have explored a career in tech earlier than I did.

What is your favourite quote?

What are you reading now? Right now, I'm reading The Dragon Awakens, a fictionalised account of a cyber battle between two nation states. I'm only two chapters in, but it's really interesting and could be taken from some of today's headlines.

In my spare time, I like to… Ride my bike, read and play with my dogs.

Most people don't know that I… Played varsity basketball and softball in college!

Ask me to do anything but… Eat liver. Ew!


« CIO Spotlight: Link Alander, Lone Star College


CTO Sessions: Christian Reilly, Citrix »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?