ITWC’s 2023 Top Women in Cybersecurity: An interview with Susan Chiang of Cloudflare

Experts regularly insist that diversity — be it in age, colour, ethnicity or other categories — helps make an organization vigorous.

An example is Susan Chiang. A woman born in Taiwan whose family moved to the U.S., she has risen to become senior director of security at Cloudflare, overseeing a staff of 100.

Yet, by her account, she “fell into cybersecurity.”

She was interviewed by IT World Canada CIO Jim Love in a fireside chat as part of the Top Canadian Women in Cybersecurity event on Wednesday.

“I didn’t know what I was passionate about for a career” after graduating from university, she recalled. Chiang started with management consulting in healthcare, as well as advising firms on mergers and acquisitions. That work taught her about empathy and the way to move innovation forward. After a brief stint with Salesforce, she moved to Uber, where initially she worked on M&A deals. But it also took her deeper into IT and ultimately cybersecurity, “where some of the most fascinating problems are solved.”

It wasn’t always easy.

“I was told to minimize my diversity to fit in, to not stand out,” she said. “I also struggled with confidence, in terms of feeling I belonged, feeling I could do the job people asked of me.”

“Over time as I reached success I kept reminding myself that, ‘I did it before, I can do it again’.” But she also credits others who saw her potential.

Differences, she also realized, can be an asset in cybersecurity. “If you hire 10 people who installed the same solution in their prior companies, it’s so much harder for them to think outside the box. It’s so much easier to do what you’ve done before.” But while a more diverse group of 10 might create friction as they talk through the pros and cons of a solution, she said, a much better answer will emerge because they challenge each other.

“We are all going to make the wrong decisions over time … so we need people to challenge us, we need customers to challenge us. We love hearing from customers saying, ‘We’re using this and I’m getting an entirely different experience.'”

“It’s really cool to be on a cybersecurity team at a security company,” she added, “because you have the opportunity to think, ‘How could I solve this in a way I couldn’t before’, and inspire the product engineers at the company to do it.”

“Curiosity is necessary in cybersecurity,” she said at another point. “Security is not one of those things where you look at a rule book and check the boxes. You need creativity to stay ahead of adversaries.”

She advises women thinking of going into cybersecurity — or who are already in the profession — and who have doubts, to look inside themselves. “You have strengths as a person. Play to your strengths and build confidence from that.”

“Choose roles based on the people you get to work with,” she added. “That’s where you will have the most learning and the most joy in your career. If you work with good people, you’ll advance each other. Cybersecurity is a small community, so finding your people will bring you the most sustenance and the most joy.

“I could have made more or have fancier roles, but I don’t think I could be here today if I chose those over finding people I’m excited to be around every day.”