LEADERS IN CYBERSECURITY

Laurie Pezzente

Senior Vice President, Chief Security Officer, Royal Bank of Canada

Laurie Pezzente is RBC’s Senior Vice-President and Chief Security Officer of Global Cyber Security.

In partnership with the organization’s executive leadership teams, she directs the development of effective cyber strategies to assess and mitigate risk globally. She is responsible for deploying state-of-the-art technology solutions and innovative security management techniques to protect RBC, employees and client data while ensuring appropriate protections and safeguards are in place to maintain compliance with regulatory and policy requirements.

Laurie represents the bank’s position on cybersecurity and risk management to RBC’s Board of Directors, senior executives, external partners, and government agencies. She is accountable for information security risk and global security operations, including physical security, threat intelligence, incident response, and operational risk management across the Technology & Operations portfolio, in order to ensure RBC’s resilience and protection against cyber-attacks.

Laurie Pezzente is an IT professional with over 25 years of IT experience, managing budgets over $500 MM, with a solid track record of building strong relationships, encouraging creativity and driving delivery excellence. Laurie has extensive experience in IT application development, Information Security, IT GRC and process improvement. As a former CISO at Canadian Imperial Bank of Commerce (CIBC), Laurie was responsible for IT risk, policy and standard design, implementation and governance for Enterprise IT security, with expertise in SOX, Disaster Recovery, IT Governance and Technology standards, and represented CIBC’s security position to the Board.

Known as a thought leader in the industry, Laurie was recognized as one of “Canada’s Top 100 Most Powerful Women” by the Women’s Executive Network in 2018 and one of Canada’s “Top Women in Cyber Security” by IT World Canada in 2020. She is the board co-chair and executive committee chair for the Cybersecure Catalyst at Ryerson University, which brings together academia, government, and industry to tackle cybersecurity challenges.

Laurie lives in Oakville with her husband and two sons. Show more

What does a typical day of work look like for you?

My days are usually action-packed, with most of my time spent with incredibly talented employees discussing various topics ranging from cyber threats and global regulatory expectations to strategic program delivery for the greater protection of our organization and clients. One hour I could be presenting to RBC’s Board of Directors; the next hour, I might be in a mentoring session, followed by a crisis management meeting related to a physical security incident, and then in meetings with global government agencies, vendors or academia to innovate new technology solutions to combat cybercrime. No two days are ever alike, and one thing is for certain – there is no such thing as a typical day of work in cybersecurity!

What aspects of your career journey have taken you by surprise?

The biggest surprise along my career journey was when I was asked to take on the role of Chief Information Security Officer after a significant data breach at a former organization – despite my background being strictly in application development. While I had spent 20 years in application development and had a strong understanding of IT, I had limited experience in information security. Needless to say, I was shocked. So why me? Reflecting back, I believe there were three key factors in my favor: First, I had built a strong reputation for leading large strategic initiatives. Second, I had a solid network across the organization. And third, I was very good at developing end-to-end strategies and connecting the dots between business and technology. Sometimes, when we least expect it, unique opportunities are presented, changing the course of our careers in ways we could have never imagined.

Tell us about the cyber project you're most proud of working on in your career.

Creating a Joint Security Operations Center (aka JSOC or Fusion Center) from the ground up has been a highlight of my career. By collaborating with various business units across the organization, we created a hub of data intelligence operated by a team of PhD-level data scientists using advanced technologies to analyze patterns and create predictive models to mitigate complex cyber threats. It’s hard to imagine that the concept wasn’t fully embraced from the get-go. Today, it is a formidable force against fraud and critical to staying one step ahead of cybercrime.
And speaking of building things from the ground up – I’m also very proud of building a world-leading cybersecurity team. When I started, we were a team of four or five people. Now, we’ve got a team of over 800 employees working together to protect millions of clients globally. Yes, I’m proud!

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

When I began my career, cybersecurity was made up of a small group of individuals who worked quietly in the back room. Their focus was on access management and provisioning access for employees. Fast forward to today, cybersecurity is a term we hear about a lot more and has become much more relevant and central in our daily lives. We are certainly not working quietly in the back room. Instead, we are sitting in the front seat with our business partners and leaders, helping shape business strategies to mitigate risks. We are front and center, and our role has never been more important. My prediction for the future is that the Chief Security Officer position will report directly to the CEO as threats and risks continue to rise.

Tell us about your first job (can be anything!) and one lesson you might have learned from it.

My first job was as a junior developer working on a credit application system. I learned a bit about myself during that time – I did not enjoy working alone in a cubicle all day and preferred working closely with others. So, while I could develop code, I didn’t have a passion for it. But I did have a passion for collaborating with super smart people!

What’s one piece of advice you’d give your younger self about getting started in cyber?

The advice I’d give my younger self about getting started in cybersecurity is to be visible, create opportunities and find strong mentors. Attend networking events and make connections to explore different pathways in cybersecurity. Find strong cybersecurity communities (e.g., WiCyS, Women in Identity) where you can share experiences, find opportunities to expand your professional network and strengthen relationships within and outside the organization you work in.

Tell us about a role model or mentor who has helped shape your career.

My passion has always been around technology. As a young girl, my mother encouraged me to enter what was then a male-dominated field of study because I had a genuine curiosity and spark about how things connect in our world and how technology makes our lives simpler and faster. Now, with over 35 years of technology and management experience behind me, I recognize that that was the pivotal moment in my life – when someone saw my passion and encouraged me to move forward regardless of obstacles. While there have been many talented people who have helped shape my professional journey, my mother’s initial encouragement – and continued support – laid the foundation for my present-day success.

A meeting gets canceled and you have a surprise 30 minute window of free time — how do you spend it?

If I am in the office, I will use the opportunity to walk around the floor, connect with my team and have a few laughs. If I am working from home, I will use the time to connect 1-on-1 with one of my employees, or I will use it to clear some of the backlogs of emails that inevitably pile up over the day.

What are the ways you stay grounded and take care of yourself?

Making time for my family and my grandchildren helps to keep me grounded. I enjoy going to our family cottage and taking some time away to enjoy the peacefulness of the outdoors. I also love fitness and will take any opportunity to jump on my Peloton and clear my head. Taking my dog for a walk is how I like to decompress after a long day.

When you think about your personal legacy as a leader, what do you hope people will remember?

I hope that I will be remembered as a leader with integrity who inspired people to take action. A leader who treated everyone equally regardless of hierarchy and championed the team toward success while removing barriers when needed. A leader who would roll up their sleeves and dive into the murky depths of a project to show support and encouragement. A leader who listened and showed empathy at every turn.
I’ve always had a passion for helping other female leaders excel in their careers in cybersecurity. I spent a lot of my spare time working with Toronto Metropolitan University on various programs, one of which is Emerging Leaders – a program that supports the advancement of women in cybersecurity. I hope my legacy of ‘championing women in cyber’ carries on through these talented leaders. As they say, pay it forward!