Author: Sana Fatima
RINKI SETHI
CISO, BILL.COM
Rinki Sethi is an American technology executive who has held Chief Information Security Officer and Vice President of Information Security roles at several large companies like Twitter Inc. (now X). Sethi is an undergraduate degree holder in computer science engineering from the University of California–Davis before venturing on a nearly 2-decade career in cybersecurity. She began as an information security specialist at Pacific Gas and Electric Co. (PG&E). She later attained her master’s degree in information security ( just like a master’s degree in cybersecurity) and became a cybersecurity leader at the most prominent names in the industry like Walmart.com, eBay, Intuit, Palo Alto Networks, IBM, and Rubrik. Sethi joined Twitter after the 2020 Twitter bitcoin scam breach which compromised accounts of then-presidential candidate Joe Biden, Kim Kardashian, Elon Musk and Microsoft co-founder Bill Gates.
Read ahead for a candid conversation between Rinki Sethi and BBWIC Foundation on cybersecurity, diversity and the challenges of being a woman of color in this feature.
Can you tell us about your journey to becoming a CISO? How has your identity as a BIPOC woman influenced your career?
My career started by chance when I was recruited by PG&E at UC Davis in my final year of studying computer science engineering and I have never looked back since then! I probably always had a hacker mindset. I think I realized this when my dad installed a parental spy tool on my computer back when I was in high school (also known as a keylogger) and was tracking all my online chats on AOL Instant Messenger with my friends. I heard him mention something to my mom that he would have only known had he been reading my chats. I developed a tool to detect and delete this spy tool — we played a cat-and-mouse game throughout high school; he installed it and I uninstalled it! I think I was destined to enter the field of cyber.
Later, I took on various roles in Product Security, Security Operations, and other areas of cybersecurity over the last two decades working at Walmart.com, eBay, Intuit, and Palo Alto Networks, and ultimately landed on the CISO role at Rubrik, where I helped build and scale the team pre-pandemic into the pandemic era. Consequently, I took on the CISO role at Twitter, leading the company through the public cybersecurity breach and the US election where Twitter was the centre of the conversation. Currently, I am the CISO at BILL and lead the security and IT organizations here.
During the initial years of my career, I didn’t see people like me (women of color) in CISO roles. I thought I had attained the maximum height of my career when I became a manager. Being who I authentically am has been very important to open doors for other women like me to feel that they can have a career path in cybersecurity.
What are the challenges you faced as a BIPOC woman in the cybersecurity industry and how did you overcome them? Any accomplishment/s from your career in cybersecurity that you are particularly proud of?
One challenge that I faced and the one I hear the most from other women is that “you can’t be what you can’t see.” I remember being promoted to manager and feeling like this was the best place I would ever get to in my career. There were almost no women in senior security leadership or senior technical roles back then. Although the number has significantly increased, it is still far from where it should be because breaking stereotypes can be hard. The biggest challenge is teaching those around us that through diversity we can solve the most difficult problems in the cybersecurity domain.
I am proud of many achievements of mine but leading the initiative to build the first set of cybersecurity badges for grades K-12 for the Girl Scouts of the USA and unlocking cybersecurity curriculums for girls in every zip code of the USA is the one I’m most proud of. This enabled these girls to learn about cybersecurity, by teaching their community members how to protect themselves from attackers and pursue careers in cybersecurity.
I’m also proud of my time at Palo Alto Networks building their first security operations center for customers to see. I’m proud of leading the Twitter security team during a challenging time, and I’m proud of all the individuals I’ve hired who are thriving in their careers. I’m proud of either getting to immediately impact or be their cheerleader.
How have you continuously learned and evolved in the cybersecurity industry?
Reading books, being updated on news, and obtaining certifications was the way I evolved during the initial years of my career. Later, I learned a lot by networking and participating in different events. Now I learn a lot from my peers in the industry and the startup ecosystem. I continue to learn from my team as well. Being curious and passionate about learning - I decided to embark on my Master’s degree early in my career while I was working to be able to understand the cybersecurity space in-depth.
How can we consistently celebrate and recognize women’s achievements in cybersecurity year-round?
I do see women’s achievements being recognized and celebrated throughout the year and I am glad that is happening! I hope we see more women entering the field so there are more reasons to celebrate in future.
How has the cybersecurity industry evolved in terms of diversity, equity, and inclusion? How do you prioritize DEI as a CISO?
During the initial years of my career, about 10% of women were in the domain. We are now at approximately 20%. This is an improvement, but we have a long way to go. The top targeted population for cybercrime is women of color and yet it is the least represented in the cybersecurity workforce. Improving diversity, equity, and inclusion has always been a top priority for me. Everything from building the first set of cybersecurity badges for the Girl Scouts, unlocking the cybersecurity curriculum for girls and their communities in every zip code in the USA, to ensuring prioritizing hiring for diverse backgrounds in the teams I have led. I love mentoring and guiding girls and women and many others in the cybersecurity field and beyond.
How has mentorship impacted your career development, and have you had influential female mentors in cybersecurity?
There are so many it would be hard to pick just one. A few active mentors, role models, and sponsors of mine include Mark McLaughlin, Lucas Moody, and the entire ForgeRock board that I had the honor to work with. These folks have impacted my career greatly. They’ve provided very real (good and tough) feedback and advice, and have been my biggest champions — I’m inspired by them all. There are more — and I’m grateful for each one of them!
Any advice for BIPOC women who are interested in pursuing a career in cybersecurity?
Learning from mistakes and failures is going to shape your accomplishments and your innovative mindset and leadership. I was so scared of making mistakes early in my career that I tried to stay within my lane and comfort zone. It’s only when I was allowed to do something challenging and new that I made mistakes that I learned from. I became less scared after realizing that the consequences of making mistakes and failing were not so severe if you learned from them and that innovation only happens when you fail. I like taking risks and I love encouraging others to do so as well — it has shaped me in the way I am and the way I lead today.
Interviewed and edited by Dr. Sana Fatima.
(Sana is an advisory board member of the BBWIC Foundation.A Medical Scientist, a Dental Surgeon, and a writer/editor, Sana is a cybersecurity enthusiast herself.)
