It was never in the original plan for Renee Guttmann to pursue a career in cybersecurity. The CISO Emeritus and founder of CisoHive, Guttmann’s first love was singing.
She wanted her parents to pay for voice lessons, but learned the accordion instead, mainly because her parents came from Austria after World War II and there were a lot of accordion players in the community. She worked in a record shop and snuck into jazz clubs around Toronto near where she grew up, but later went to college at Wilfrid Laurier University in Waterloo, Ontario, Canada, where she graduated with a degree in archaeology.
As fate would have it, her final course was in programming and not long after, she decided to take some additional courses and became a computer programmer.
As a programmer, Guttmann said she implemented the first email system for a large pharmaceutical company. Her team managed the firewalls. During a merger with another company, she lost her management position.
But she knew people on the information security team and immediately asked the manager there for a job. Guttmann was hired to develop policies, awareness, and implement the first public key infrastructure to support encryption of sensitive patient data.
“I guess I was in the wrong, right place at the right time,” Guttmann jokes.
Guttmann said being a women in a male-dominated field in the industry’s early days was very challenging. She worked with a male co-worker who treated everyone poorly. She said this was considered acceptable by HR and she was told that she needed to get a backbone. Not long after that, Guttmann asked the CIO for a coach and he provided her with personal coach. From her mentor, Guttmann said she learned how to have difficult conversations.
“I was also told to build a power wardrobe and not to wear earrings that dangled,” said Guttmann.
The first RSA that Guttmann attended in 1996 had a vendor area with only five companies. That year, the theme was World War II code talkers. The industry honored the Navajo code talkers, who were a group of Navajo Indians who were recruited by the Marines during World War II to serve in the communications units. Because the Axis powers didn't know the Navajo language, the code talkers were able to send and receive messages for Allied forces without fear of eavesdropping.
"I think that I was the only person without a Ph.D. at my first RSA," said Guttmann. "I don’t recall meeting any other females that year. That said, I learned so much during the conference and realized that cyber was more than encryption and that cybersecurity was a challenge that was relevant to every organization.”
Rather than be intimidated by smart men, Guttmann said she chose to look at cybersecurity as an opportunity to be part of a growing industry and become surrounded by brilliant people. When asked whether she wanted to do something besides cybersecurity to advance my career, she said no. She also loved solving problems, especially when people told her that something could not be done.
Circa 2024, the cybersecurity gig has worked out for Guttmann. Over the years she’s steadily progressed, landing CISO positions at the Campbell Soup Company, Royal Caribbean Cruises, and the Coca-Cola Company.
When asked how the industry can attract more women, Guttmann said organizations need to support women connecting with other women — especially when the organization does not have many women in cyber or leadership.
“I know several male CISOs who budgeted and defended the cost of sending their female team members to Women in Cybersecurity events,” said Guttmann. “These men told their organizations that the conferences enable learning and networking. They were not spa retreats.”
The industry also needs to be intentional about diversity, said Guttmann. She said at one company she worked for, the entire access control team was female — and every other cybersecurity team was 100% male. So, if there are no women on the incident response team, security architecture, or OT cyber program management, companies must determine if this needs to change.
“If yes, determine how to include women,” said Guttmann. “This includes promoting from within and sponsoring additional education. This same advice goes for vendor organizations and VC firms. I always check the leadership profile of a company before I decide whether to work with them.”
