In this edition of our podcast, the PCI Security Standards Council is pleased to host a panel discussion featuring four women from Coalfire, a leading provider of IT advisory services for security in a variety of industries, including payments.
Welcome, ladies. Let's start by introducing yourselves around our virtual table. And Bhavna, we'll start with you.
Bhavna Sondhi: Thank you, Alicia. I am Bhavna Sondhi. I have been here with Coalfire for almost eight years now. I work as a principal security consultant and a practice subject matter expert for PCI DSS, PA-DSS, SSF, 3DS, P2PE compliance, all the standards that are set forth by PCI Council. And, I get to have fun enjoying working on various projects and leading different assessments here.
Collette Thepenier: Hello, my name is Collette Thepenier. I have been with Coalfire for over six years now. I am a senior consultant. I work primarily with the DSS doing reports on compliance with retail merchants, also with some service providers. And I'm moving into doing work now with some of the financial services customers.
Divya Jeyachandran: Hi, my name is Divya Jeyachandran. And I am a director here at Coalfire, managing PCI compliance, assessment and advisory service for our cloud and technology clients. I've been in this industry for a little over 11-and-a-half years and I've been with Coalfire for the last six-and-a-half years.
Monica LaCroix: Hi, good morning, Monica LaCroix. I've been with Coalfire for six-and- a-half years. I am a QSA and currently, in the last year, I moved into a position as Director of Product Management. So, I'm managing our SAAS platform that we use throughout our industry to deliver our assessments.
We're going to start with going around the board again to talk about how each of you got started in the technology or the payment space. And I'm curious to know what led you to that career choice? And Bhavna, we'll start with you.
Bhavna Sondhi: You could say that I was in the technology domain from the beginning. I always had a passion for learning something new. I ended up doing my undergraduate in computer science, back in India. After that, I worked as a software developer for a few years. And then came to pursue my master's degree in computer science in the United States. My advisors at school recommended that I do some of the cyber security courses and then, eventually, I ended up obtaining a master's degree in computer information systems security. The courses were really challenging, interesting. I also realized that there were very little sources of information out there related to cyber security. I really wanted to change that landscape. Seeing a lot of cyber security breaches out there, it just piqued my curiosity and I wanted to research further on it and understand the underlying problem; how they could be fixed. After my graduation, I ended up joining Coalfire and started working in the payments field. That's how I came into doing more of the payments technology. And every day I end up learning something new here and I believe that's what is going to keep me in this industry for a very long time.
And Collette?
Collette Thepenier: That's a great question. And I wish I could say that it was more planned that I ended up in this industry. It was kind of an accident. I was in a position with an organization. And, I'll be honest, I was kind of bored. So, I was looking for something new and different and challenging to do. And somebody mentioned this compliance role. And so, I just went for it. My formal education is in biology so there's really not a whole lot of technical in there with computers and cyber security, certainly. It just happened I fell into this. I really enjoyed it. And the more I liked it, the harder I worked. The harder I worked, the more I got to do. I was on the merchant side, the service provider side. So, for several years, I was actually a Coalfire customer. And then I got an opportunity to work with Coalfire. I just hopped on the other side of the table, and I've been here, happily, for six plus years, ever since.
Wonderful. And Divya?
Divya Jeyachandran: Sure. For me, it was definitely a lot of social influence. I have always seen technology to be a space that has endless possibilities to solve some of the toughest challenges. I got my bachelor's degree in information technology, and a master's degree in computer science and engineering with a focus in cyber security. The more I learned about security, I realized it gives me countless opportunities to work directly with entities from different industries, like financial services, healthcare, technology, cloud, where their common goal is to protect and secure data. I joined Coalfire as an intern, just to get more experience in the security field. And, gradually, learning more about PCI and the prescriptive nature of the framework, I thought it was the right place to be.
Excellent. And Monica?
Monica LaCroix: Yes, I'll try to keep this as short as possible, but it's been a long journey which has all been very supportive, for my ultimate role here at Coalfire. I started out with an architecture degree, so a traditional architect. And building buildings and doing drawings. That is where I got my start as far as understanding that what I like to do and what inspires me to have challenging work, which having a creative and analytical mind, having the challenge of solving problems is what I found I really enjoyed in my career.
So, as a traditional architect, I started doing support and building standards for our CAD, Computer Aided Design. That evolved into working internally for the architecture firm as far as developing more extensive CAD standards, as well as building out our infrastructure. As I got into more of building networks and building network infrastructure, I ended up moving from being an architect to actually a technology role within the same company.
From there, I then had an opportunity to manage resort properties for a large ski resort company. And it was a good transition from looking at infrastructure at a property and managing all aspects of how they deliver their technology, which included compliance. And then, similar to Collette, I became a customer of Coalfire. As I worked with Coalfire in various aspects, I transitioned within that company to also being the GRC Manager. So, it's been a little bit of a journey, but all the background has led me to actually being an assessor for Coalfire in the payments industry.
I love hearing all your stories and backgrounds. And it's so much fun to see how all of you ended up where you did and where you are today. I just really love those stories. Thank you for sharing those with us. We're going to open it up for group discussion for the next few questions, so feel free to weigh in. Do you notice a lack of women in technology? And, if so, why do you think that is the case?
Monica LaCroix: Absolutely, and I look at this question a little bit different than maybe it's always traditionally perceived because technology is definitely a male-centric industry. But I don't know any women that want a technical role that don't have them, personally. I tend to look at the question as it might be that the technology opportunities that they might be interested in are not as well known to them or how their core competencies could make them successful in a technical role. I come from a very technical family. I have relatives that are data base administrators and other things. So, it was very natural and something to gravitate towards. Yet I think there are a lot of women that maybe don't understand how their skill sets could make them successful in a technical role. And so, they don't consider it or take on that challenge to find those roles. We've seen a lot of people, even within Coalfire, that are very successful and maybe they start in a technical role and move into management and project management of technical projects. And find their skill sets can make them very successful in ways that maybe they didn't think they were going to, or that they didn't think the job entailed, or that the role actually included.
Bhavna Sondhi: Can I add something to that? So, from my opinion, literally in all parts of the world, yes, it is a male-dominated industry, I would say. But there are associated problems with it. Women have to struggle at every step, like navigating career, motherhood, making sure things are done right at home, right at work. You criticize yourself all the time, like, "No, I need to be better. I need to be the best out there." But we shouldn't be thinking in that way, in my opinion. The other part I also have seen is there are moms who are out there who have had technical education, but they had a gap for several years. And then they're trying to get back into the industry and it's very difficult for them to get into the technology industry. Because all they get told is, "No, you don't have enough experience." And no one is kind of giving them the opportunity to do so. I had this real time experience because I have spoken with so many women out there. Then the other case is there are girls in school, they always want to opt out of these courses because they always feel like technology means coding. And they think in that way all the time even if that is not the case there. That's what Monica is mentioning, right? Making sure they know about the roles, what it entails. There are so many different roles out there in technology, not just coding, that they should be made aware of. I want everyone to know and maybe give that encouragement and support to others, which can help them get there.
Collette Thepenier: Can I say something to that as well? Because I think not being aware of opportunities or not realizing the translation of core competencies from one industry to another, it is a huge problem. I come from the biological sciences. I have two degrees in the biological sciences. And when I started in this job, a long, long, long time ago, it was on accident, as I said. And I always second guessed myself. I don't have technology experience. I don't play video games. And, you know, I look around me at all these very seasoned people or people who do this on the weekends and they're playing video games and they're writing their own code or they're developing their own home networks. And I always just didn't feel like I fit in. But it took understanding how my skill sets in the biological sciences could translate over into technology. And that's what, I think, gave me a little bit of a confidence booster. So, the scientific process, developing hypotheses, investigation, data analysis, all those things, it's no different. Whether you are in biological sciences or whether you are in cyber security. It's just a different data set. And I think if more people, more women, more young girls realized that there are these skills that they can easily translate into IT, it's a healthy curiosity, it's a desire for challenge. Cyber security is absolutely within reach. I think it's important that all women know that.
Divya Jeyachandran: I personally feel a lot of the lack of women in technology is primarily because the lack of awareness, right. I think these days I do see a lot of women in the STEM field and a lot of awareness is starting to come, starting from schools and from universities, and colleges. So, I think it's gradually coming there, but women, we still need a lot of awareness. So, I think a podcast like this is a great way to get the word out there to show our experiences, to show what we've accomplished. And that would set a trend that motivates other women there to, “Oh these are different career paths I could take.” Or “these are different courses I could take in university.” So, I think the primary reason is lack of awareness, but definitely we are getting there, and we all have a role to play and to make sure that we are creating a positive impact and getting the word out there to motivate and inspire and encourage other women to be more active in the technology field.
In your experience does being a woman in your profession come with confidence challenges that you have to overcome, for instance, doubting your own ability? And, if so, how do you overcome it?
Bhavna Sondhi: Yes, there are several occasions that happen when you don't feel that confident, even if you are outperforming the job that you are doing sometimes. I can give an example. Personally, I had so many doubts myself when I had my kids. Would I be able to do the work? Would I be able to put in that many hours? Would I be capable for promotions in the industry? I had my own several reasons associated, like, I'm not good enough. I don't think I can do this. But I feel like I could overcome all of this by just talking to mentors and other women who have been through this. I got all the encouragement, support from others out here. I spoke with others in the department. I'm going to especially call out the Coalfire RISE group here, which is a Recruit, Influence, Support, and Education community that a few members here have developed, and also the HR team. So, they brought me into Spotlight several times in the company and it helped boost my confidence that, yes, I can do this. And I was able to get out of that part and build my own confidence here and be promoted and do anything that I want here.
Collette Thepenier: I would like to say that I think, to Bhavna's point, sometimes you might not see it in yourself, but don't be timid about accepting accolades from others, especially if it's a male cohort. Instead of dismissing compliments, say thank you, even if you don't believe it yourself. File it away in your mind, retrieve it later when you need it. If someone else thinks you’re great, who are you to disagree? And I think it's very challenging for women sometimes to accept that. I for one, start to think to myself, "Am I being arrogant? Did, did I really do that? Do I deserve that?” And, again, if someone else thinks you did a great job then agree with them, right? They're not trying to blow sunshine in your face; they're being honest. And, in the end, own your worth. Own it, cultivate it. And then go ahead and pass it forward; help other women find theirs. It's so easy to question yourself when you look around and you don't see anybody that looks like you. In a room full of men sometimes there's even an overt lack of respect versus maybe just a kind of underlying dismissive nature. So, if somebody tells you that you're good enough, believe them and own it.
Divya Jeyachandran: I, 100 percent, agree with Bhavna and Collette. This industry can be very intimidating. I get to work with so many smart people who are extremely knowledgeable and technical. And sometimes people tend to question your capabilities, especially when you’re a woman because they have this preconceived notion of what a woman can do, or cannot do. In times like that I always challenge any self-limiting beliefs and remind myself to focus on my strengths and own my achievements. Being firm but fair has definitely helped boost my confidence level.
Monica LaCroix: Those are all great comments. I really love that, Collette: “own your worth”. And that is so true, take the compliments. Take them and say thank you. A lot of times I see, in myself and other women, they try to downplay sometimes those compliments. This is something I actually worked through and gave a lot of thought this year and spoke to my mentor about. I was in a situation where I didn't quite have a voice. I was asked to come to the table but then didn't have a voice. And I noticed the behavior of, and this very specifically, where I made a comment and there was no, necessarily immediate response, but my comment was repeated by a male in the room and then it was responded to. And I kind of sat back in that situation and said, "really?" At that point, you have a choice. You have a choice to react. You have a choice to say, "that is exactly what I just said," and that's I think some of my biggest learning moments. And my advice for women is, in those moments you have a choice to be the bigger person because if someone is taking that path, they're taking it for a reason, and you have to understand and be confident that they also have their insecurities. And don't for a second think they don't.
That is a great segue into our next question, which is, along those similar lines, that many women in the tech industry have felt that their gender has affected the way that they are perceived or treated. Have you ever been in a situation like that, and how did you handle it?
Collette Thepenier: That is a great question. And I really enjoy the opportunity to speak to that. I do feel like there're still spaces in the male workplace where women are made to feel unwelcome. Whether that is a public sentiment, or whether it's a little bit more concealed. I personally have felt talked down to. To Monica's point, I've had the quality of my work, or my expertise questioned only to later be deemed credible or accepted when restated by a male colleague, even one of lesser tenure. I chose not to react to it, and I chose not to subscribe to the disbelief, even if it aligned with my inner critic, which frequently it does. In my head I said, “maybe they're right, maybe I'm not good enough. Do I belong to be here?” Instead, though, in those situations I've taught myself, trust yourself Collette, trust your experience. You know what you've done, you know what you can do. So, in those circumstances, I do my job. I don't allow myself to be bullied. I try to take the perspective of maybe that's their insecurity that's speaking here, less about my capability. In those cases, I reflect back confidence. I maintain professionalism. I'm not going to be broken down. And I'm not going to be forced to react. Effectively, I just choose to not participate in the game because sometimes the most powerful message is the one that has no words.
Divya Jeyachandran: I agree with Collette. And I'm not surprised that many women feel that way. I personally have been in situations where people have undermined my experience and they look at me and assume I don't know something, or I don't have the experience to do something. The way I handle such situations is I remain professional, but I make a point to talk confidently about my diverse background, experience in the industry, the value I bring, and the impact I create. We own our achievements and accomplishments, and we shouldn't feel shy to talk about it.
Monica LaCroix: I agree completely. Those are great comments, Divya and Collette. And I think to the point of the last question is, we have a choice on how we react. Staying professional, to not react as maybe males, or others, are going to think or perceive how a woman is going to act. Also, to always check yourself. Stay professional, don't gossip, don't get caught in those situations, just be the bigger person.
Bhavna Sondhi: Yeah. I agree with all of you here. I would say, yes, I had some of these experiences myself. And it's very common. I have heard it from various other women that I have talked to. In that case, definitely, it takes time and patience to get your point across, but ultimately showing your confidence, learning new skills to handle it, and navigating through this will make that problem go away. And do your homework, be techno-savvy if you need to and show your technical expertise. That has helped me the most. I don't think anyone questions me that much anymore because I kept learning, improving my skill set, and people are confident that yes, I am the person to go to now.
Well, that is the end of our formal questioning, but I wanted to give each of you an opportunity to state anything that you didn't get a chance to say.
Divya Jeyachandran: I just quickly wanted to thank you for this opportunity. Like you said, this is a great way to spread the word out there that there are so many women who have had a struggling journey and they were still able to make it out there, in a small way or in a big way. But I hope this platform inspires other women to know that, yes, we can also do it. Irrespective to what degree it is, there are opportunities out there and we can definitely go get it.
Bhavna Sondhi: I agree. And thanks to the PCI Council and team for making this happen. And I wouldn't have imagined me being in this room, doing a podcast, so this is excellent work and excellent opportunity to be given by you all.
Collette Thepenier: I would like to say that I really appreciate the women role models that we have within Coalfire. I'm not an individual, necessarily, who feels comfortable putting myself out there on a stage, which is why this was a very interesting podcast to participate in because I'm sitting here saying all these things and I know that I was the one who needed to hear them, as recently as last year. And so, I really appreciate the confidence that others have had in me and that have inspired me to put myself out there and do this, even though I wouldn't have done it on my own. It's just really great that Coalfire has developed such supportive colleagues, and such a supportive environment. And I hope that I can do a service and pass that forward to other women in lesser tenure roles here at Coalfire. Even my niece, who is eight, and I'm trying to get her into STEM and she seems to really enjoy it and I like to think that my discomfort right now, and my opportunity right now, will then pave the way for others after me.
Monica LaCroix: That's great. I like those comments, Collette. I have some similar experience. I have a niece that's 26 and she is just killing it with her career. And she'll call me and it's really great to be able to take things that maybe I did wrong, or maybe that I have learned, or situations. And some of her situations were with males. In one case, it was a fairly inappropriate behavior, not towards her but towards someone she was managing and to hear the scenarios and to be able to say, I've seen this, and this is what you should do. Or, you know, here's some guidance; being able to learn from those experiences. I thank the Council for giving us this platform and Coalfire as well for all their dedication to working with women and diversity in our organization.
Collette Thepenier: Being a woman in technology, and overcoming and being successful, should be less about handling being a victim. It should be less about martyrdom. It should be about empowering yourself to be whatever it is you want to be. And I don't want to be someone who regurgitates quotes, but Gandhi said, "Be the change you wish to see in the world." So, if you want to be something, if you want the world to be something for someone else, then embody that. Don't be a victim, don't fall under the thumb, whether you throw yourself there or allow yourself to be put there. Don't be a victim. Empower yourself and just crush it. Own it. Be whatever you want to be.