Wisdom from the Women Leading the Cybersecurity Industry, With Nisha Holt of Check Point Software

Have a vision and turn that vision into an actionable, coherent, and achievable plan that you share with your team. Show them their part in that vision and their path to success so they fully understand the value of their role and the importance of their contribution.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Nisha Holt of Check Point Software Technologies.

Nisha Holt is Check Point’s Head of Americas Channel Sales. She joined Check Point in 2020 and served as the Head of National Channel partners. Nisha has been in cybersecurity for over 20 years with a concentrated focus on helping organizations grow through partnerships, alliances and other varying routes to market.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I was born in Texas to Indian parents who had recently migrated to the US. My time spent growing up was divided between relentless academic study and, in my teens, running our small family business. When I was accepted to college, my parents informed me that I had three options: engineering, pre-med, or to continue to live with them until they were able to arrange a marriage that was beneficial to them. When I expressed a sincere desire to enter business school, my father asked me “what are YOU going to do in business?” That question, really a statement, and the tone in which it was asked, stayed with me all these years. I enrolled in a pre-med track, majoring in biology, but then at twenty, I decided to pursue my own interests and forge my own path to become what I wanted to be.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

When I was in elementary school, I checked out a book from the school library on Marie Curie and was fascinated by her accomplishments: she was the first woman to be awarded a Nobel Prize, the first person to be awarded two Nobel Prizes in two different areas, and the first women physics professor at the Sorbonne. She discovered two elements and then pioneered truly groundbreaking research into using radioactivity in treating cancer and she made the first ever portable radiology units (X-ray machines) to be used in the field to diagnose soldiers’ wounds during WWI. I was inspired not only by her intellect, determination, scientific contributions, and social work, but moreover by her desire to break down barriers and not let the rules of the time regarding women constrain her and prevent her from pursuing her dreams.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I began my career at a technology company that outsourced sales and marketing activities to IT companies. I was exposed to and trained on myriad technologies, but ultimately honed in on the burgeoning field of cybersecurity. Cybersecurity fascinated me then and it still does today. Let’s take the concept of a virus as seen in the natural world. A specifically evolved microscopic bit of DNA is introduced into a specific host body by some sort of mechanism — a cough, a mosquito, a handshake — the virus then begins to replicate and attack the host, while the host counterattacks via T-cells, antibodies, and other mechanisms. Now, let’s compare that to a virus as seen in the cyber world. A specifically engineered bit of code is introduced to a host (a PC, a laptop, a smartphone, a network) via some sort of mechanism — an e-mail, a text, a link, a flash drive — the virus then begins to replicate and attack the host, while the host counterattacks via various forms of cybersecurity. One form of virus and the mechanisms that defend against them have evolved in the natural world over the millennia, while other forms of virus and the mechanisms that defend against them are purely the result of human ingenuity. Truly fascinating stuff!

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

Most of my early days in sales involved hours and hours of cold-calls, the vast of majority of which resulted in leaving a rather scripted voicemail. However, I will always recall the first time that a CIO of a rather large company actually answered the phone. It did not go well! After introducing myself, I then unleashed a lightning-fast verbal assault detailing every single benefit of the solution that I was selling and why his company, and every company for that matter, definitely needed it. I unloaded so much information on him in so short a period of time, that he had no idea what I was talking about. I had to slowly repeat everything, and then after a short back and forth, realized that his company wasn’t at all a fit — neither from a technical standpoint, they had the wrong OS, nor from a fiscal standpoint, as they had just declared bankruptcy. I learned A LOT from a cold call that ultimately lasted less than five minutes. All of the lessons that I learned are just as relevant today as they were then: be prepared to deliver a succinct, coherent sales pitch, not an infomercial. Do your homework before you speak to the customer. Ask pertinent questions, stop talking, listen, and learn about the customer’s specific needs, wants, concerns, issues, etc.

Are you working on any exciting new projects now? How do you think that will help people?

I am the chair for Check Point’s Women Leadership Network — F.I.R.E — Females In Roles Everywhere. Our mission is to empower women by educating, energizing, and embracing every single female Check Point employee so that they are more confident in ANY role — their current role, or in any future role. We do this by creating a support ecosystem so members can collaborate, share knowledge, and network. Our goal is to make cybersecurity more accessible to future female leaders through our four subcommittees: Campaign and Content, Community Outreach and Alliance, Mentorship, and Diversity & Inclusion. We have launched a number of new initiatives and programs around leadership training, mentorship, and personal development that are aimed at helping women at Check Point advance in their career. We’re also working on community programs to help further the conversation outside of Check Point with other women and with the younger generation of school aged children.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

One, the dangers from cyber-attacks are VERY real — ranging from something as simple as having your identity stolen to something as complex as a coordinated attack that disables a power grid. The ultimate goal of cybersecurity to protect both people and critical assets from these crimes, making cybersecurity a meaningful pursuit that truly make a difference.

Two, unfortunately, the volume and the intensity of cyber-attacks is steadily increasing, making cybersecurity a field that is more critical than at any other time. Recent research from Check Point Research found that organizations are being attacked an average of 1,130 times per week! Fortunately, the industry is responding to this uptick in cyber-attacks with the creation of many exciting, and varied, job opportunities.

Third, there are more women joining the cybersecurity field now. Today, women still only hold roughly 25% of the positions in cybersecurity, but that’s up significantly from just 5 years ago. Hopefully, we’ll continue to see that trend going forward.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

Cyberattacks continue to rise. We recently published in our Check Point Cyber Security Report for 2022, that the total number of attacks increased by 50% year over year. Cybercriminals are getting smarter, bolder, and more sophisticated every day as they continue to advance, elevate, and escalate their techniques. However, in spite of this disturbing reality, we’re seeing below targeted adoption levels of security with companies, leaving them highly vulnerable and terribly exposed.

Cybercriminals are also taking advantage of the shift to remote work that was created by the pandemic as numerous companies focused their IT resources on the transformation to remote work, frequently postponing or, even cancelling, critical security projects and upgrades. Cybercriminals are aware of these security lapses and taking maximum advantage of them, furthermore, they are pinpointing and exploiting the security holes related specifically to the explosion of the use in remote access.

The staffing shortfall in cybersecurity is a concern. According to a recent report, over 700K jobs were unfilled in the US alone and nearly 3.4 million worldwide

Companies need to plan for security in the present and plan for security in the future, as opposed to doing just enough to squeak by for the next six to twelve months. Companies need to build security spending into their budgets, they need to take the time to investigate and to understand where they are vulnerable, and then partner with organizations to help them build a strong security strategy. Cybersecurity needs to be paramount and the responsibility of everyone in the company, making it imperative that companies educate their employees against the dangers of cyber-attacks and implement best practices that can be utilized at the individual user level.

When it comes to the staffing shortfall, we need to focus more on educating and inspiring our young people regarding the field of cybersecurity, its potential for creativity, innovation, and real-world benefit, along with numerous employment opportunities that are highly lucrative in a field that will only continue to grow.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

We are starting to see more companies experiencing Generation 5 attacks which are large scale, multi-vector, mega attacks that use advanced tools and can be challenging to detect and stop. While every company has a cybersecurity strategy, many are only focusing on Gen 2 and Gen 3 type attacks to their network and applications. However, they are not thinking big enough. Cyber criminals are creative and incredibly smart and spend their time looking for vulnerabilities. It’s critical that every company deploy a consolidated solution that protects across their entire threat surface (from PCs to printers to network to datacenter to public cloud to IOT and beyond) that uses advanced threat prevention technology to prevent Gen 5 attacks from occurring in the first place.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

At Check Point, we believe everyone deserves the best security — including our employees! Every day I use Check Point Harmony to protect company data, my laptop and phone from cyber threats. The best part is that Harmony scans every email and document in fractions of a second, ensuring that no malicious files every make it onto my devices. It’s seamless and I would forget it was there if it wasn’t for the notification that it’s OK to open files from colleagues as they have been scanned and deemed safe.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

It’s true and with cybersecurity, prevention is important. I would encourage you to take our free assessment to help companies assess, test and improve their security defenses with analysis, penetration testing and compromise analysis. [Embed Video if possible: https://www.youtube.com/watch?v=mGdqnXvey0A]

Keep in mind, cybercriminals use a variety of methods to attack computers, networks and servers, including malware, phishing, ransomware, denial of service and more. This can make it difficult for companies to prevent and detect attacks without a consolidated cybersecurity solution.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

First, collect attack details from your team, including how the attack was discovered, possible causes, its impact and initial actions taken.

Second, call Check Point! We have a dedicated Security Incident Response Team working 24/7 around the world to help companies who are experiencing security incidents in real-time. Learn more here: https://www.checkpoint.com/support-services/threatcloud-incident-response/

Third, work with Check Point to identify points of compromise and fully eradicate the threat. Our team can also help you communicate the details and ramifications of the attack to management teams.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

Not viewing cybersecurity as an absolute priority, but rather, as a nice to have that is frequently relegated to the domain of the security team.

Having a poor grasp of the ever-evolving threats and their level of risk, which often results in a lack of understanding of their actual needs, along with a shoddy end to end security policy that fails to cover all of their threat vectors.

Believing that greater security can only be achieved as the result of obtaining more tools, as opposed to honing in on and identifying your specific needs, and then acquiring the specific tools to address those needs.

Not having a security strategy, for the present or the future, that can be understood as anything other than reactionary in nature.

Companies need to understand the threats, their level of risk, their needs, and then create an actionable security strategy that addresses those needs today and in the future.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

Not at all, so much more needs to be done! It’s encouraging to see that more girls are showing interest in STEM and it’s been shown that they consistently outperform boys in both math and science-related assessments. However, STEM is still often viewed as more pertinent and applicable for boys. A number of surveys and studies have shown that girls that do not have role models in STEM are highly unlikely to see STEM as either a field of study or as a career option. We have to continue to do more to educate, inspire, and empower girls to see themselves in these careers through education and outreach programs.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

The prevalent myths are that you have to be technical (a recent survey shows that 23% of people in cyber started with a non-IT background), male, young, and that you’re either a hacker or a coder that spends all of his time glued to LCD screens awash in graphs and data that require constant analysis. Now, let’s be clear, there are a lot of people in cybersecurity that fit the aforementioned mold, but there are A LOT more people that don’t fit that mold. The cybersecurity sector is vast, replete with many different career paths and roles, and in need of people with diverse backgrounds and varied skillsets in order to fill all of the roles that are currently open.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Lead by example. In order to inspire and motivate others, you have to be the leader that sets the example by being the hardest-working, most dedicated individual.

Have a vision and turn that vision into an actionable, coherent, and achievable plan that you share with your team. Show them their part in that vision and their path to success so they fully understand the value of their role and the importance of their contribution.

Expect to make mistakes, own them, and understand why you made them. From my experience, that’s the only way to truly learn from them and to prevent the same mistakes going forward.

Inspire and motivate the people on your team to be best they can be. Instill the desire for excellence and create an environment where they desire to do the best job they can. Give credit and accolades to foster positivity and encourage the right mindset.

Learn about a situation first, then provide your recommendations. I’ve seen the following mistake made repeatedly throughout the entirety of my career. A new executive of sales, or marketing, or engineering is hired, and then within days or, in some instances, even prior to their first day, she decides to implement the exact same strategy that led to success at her previous company, with very little knowledge of her new company, and more specifically and importantly, the differences between her previous company and her new company. Success with a specific strategy at company A does not in any way guarantee success with the same strategy at company B. Every company is unique and therefore different, making it imperative that you understand your company’s individual culture and value proposition, its institutional knowledge, customer base, values, people, core competencies, areas for improvement, processes, and history — both internally and externally. Failure to appreciate the uniqueness of your new company often leads to disastrous consequences both internally and externally.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

Angela Merkel. Her impressive career and track record of 16 years as the German Chancellor is remarkable. She is known to be a pragmatic consensus builder and her approach to leadership through the lens of her background and training as a research scientist is very interesting to me.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!