EXCLUSIVE: Top female CIO on IoT implementation and security

Female executives in tech firms are in short supply. And the gender gap within the industry as a whole is staggering, although concerted efforts are being made to reverse this historically imbalanced sector.

As CIO of ForeScout, Julie Cullivan falls into the small number of women challenging the male-dominated boardroom. She was brought in to help drive the company’s next stage of maturity around IoT security.

>See also: It’s time to take IoT security seriously

Bringing more than two decades of experience, Cullivan is leading ForeScout’s cross-functional operational initiatives, helping manage execution of the company’s priorities in partnership with the business functions and leading the IT organisation.

In an exclusive interview with Information Age, she discussed the effective implementation of an IoT strategy, securing those devices and the issue of the gender gap within the technology industry, and how to address it.

How is IoT being deployed to improve business productivity and operations?

Today, IoT is being deployed with a number of benefits in mind – from improved user experiences and services, to creating a rich data set to support things like artificial intelligence and machine learning. Organisations have also experienced cost savings from better asset management and efficiencies, and better awareness and decision making.

The sensors and systems that make up the Internet of Things (IoT) have a huge range of applications across multiple types of businesses in different industries. Some might use IoT sensors within the fabric of the building in order to monitor and respond to things like change in temperature, or provide notification about doors and windows being open or closed. Manufacturers will use sensors to understand the temperatures, pressures, and tolerances of their materials and machinery.

>See also: Women in IT Awards 2018: nominations open!

Additionally, IoT as well as operational technology (OT) are helping organisations understand their environment and the behaviours of their objects, assembly lines, employees and the public alike. It is providing operational benefits for ‘HVAC’ (heating, ventilation, and air conditioning), access control, employee badges, mobile phones, etc.

What are the security challenges in implementing an IoT strategy?

While IoT provides significant benefits, enterprise security teams face a common challenge of being able to see and manage the large volume of new devices joining and leaving networks. This spans from unmanaged traditional devices such as laptops, smartphones and tablets, to non-traditional IoT devices including smart lights, security cameras, printers, etc.

Undetected devices can significantly expand an attack surface, yet are invisible to many traditional, agent-based security solutions. Overall, strong cyber hygiene is critical. Many of the incident we see taking place today are quite scary and are due to bad actors taking advantage of the weakest link.

With these new technologies connecting to the enterprise there is often lack of IT and OT alignment, which is a major issue given that IoT connects everything to a common network.

>See also: Insider: Women in the technology industry

Many IoT services work based on an ‘opt in’ model. IoT only works if employees and users trust the systems and believe their data and quality of service will be protected.

It’s critical that endpoints, infrastructure and data are protected. Furthermore, each device’s permissions to access other services, data and systems must be based on intended use.

For example, a thermostat should only have access to environmental systems in a building. It should be restricted from other sources of data, and if its behaviour changes that should be flagged as a warning sign.

Julie Cullivan, SVP, Business Operations and CIO at ForeScout Technologies
Julie Cullivan, SVP, Business Operations and CIO at ForeScout Technologies

Can you advise on the best practices for implementing an IoT strategy?

According to recent Forrester research, commissioned by ForeScout, 82% of organisations surveyed struggle to identify all of their network-connected devices. The first step in implementing a strong IoT strategy is to make sure you have the visibility into what is connecting to your network. Visibility is foundational.

ZK Research discovered (The Internet of Things Requires a Security Rethink) that the biggest challenge related to IoT was security. They also came to the conclusion that a successful IoT implementation is based on automating several processes that need to work together.

>See also: Tips for protecting IoT devices in the connected era

Some overall practices to keep top of mind include:

• Identify the areas where IoT can offer the biggest benefits
• Hire and train IoT talent
• Secure the Internet of Things
• Chose security solutions designed specifically for the IoT era

When it comes to the implementation of a solution, a best practice for control policies is to have policies configured during initial deployment, but with enforcement actions disabled. This provides time for the security and operations team to determine which endpoints will be restricted by set policies, whether or not to refine policies, and what endpoint issues need to be fixed.

To optimise the end-user experience, control actions should only be enabled after policy testing with notification-only actions for both users and IT personnel, allowing time for issues to be resolved simply the first time around.

As a woman in an executive position you are in a fairly unique position within the tech space. How can the industry help address the gender imbalance, particularly at executive level?

I encourage women themselves and companies as a whole to participate in a mentor program and/or senior sponsorships that empower transparency across organisations to address any concern about gender imbalances.

This is an area that I am very passionate about and spend considerable time speaking at events and encouraging women that are coming up the ranks to be confident in their ability to lead and take on responsibilities well beyond what they believe they are ready for.

>See also: Diversity of thought: breaking down barriers and championing women in IT

It’s often said that what isn’t measured doesn’t get done – so it’s important to see and understand just what’s happening in terms of the applicants the organisation receives and the diversity of the workforce, as well as understanding how the culture, communications and benefits may be affecting perception of the overall brand. Without really understanding the landscape, it’s not possible to change it. I see some very positive signs that this movement is gaining traction but it will take time.

How important are female role models in closing the gender gap?

It’s a representation issue. The fundamental issue is not doing enough to encourage young women that they can grow their careers at the same time that they want to grow in their personal lives.

Too often, companies don’t do enough to highlight successful women executive role models either within or outside the organisation. If the future workforce sees a diverse set of leaders and workers then they know that there is a place for everyone within business.

It’s the same for all kinds of people, not just men and women. Role models for all employees demonstrate how modern organisations successfully operate: With a variety of people working together to achieve shared goals. Time and time again, it has been proven that diversity of thoughts and ideas have proven to positively impact companies.

Does the journey to gender equality in tech start at school (STEM)?

Definitely, and here’s where role models come in again. Students must see that all roles are open to all types of people – that there are no ‘boys’ jobs or ‘girls’ jobs any more. And with new sectors and job roles it maybe that teachers, parents and schools don’t know about the range of careers in STEM subjects. Many weren’t around when parents were art school!

>See also: Top 10 companies for women in tech 

Awareness must be raised as to the opportunities out there, and it must be done to encourage applicants of all sorts. Most importantly, we have to start encouraging students at a much younger age and with more meaningful examples of roles, if we really want to open up their eyes to the possibilities. Young people today are far more interested in having an impact on quality of life and community, so we have to help them make those connections to a career in tech.

Clubs, presentations from industry experts, and alumni can all help to energise students as to the possibilities out there, and schools should actively seek them out. Many people are willing to tell their stories and encourage the next generation that there isn’t a barrier to promoting STEM in the least.


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...