Educated as a nurse, Maria Horton is a service-disabled veteran retired from the U.S. Navy who became the first Nurse Corps Officer to become a CIO of the National Navy Medical Center (NNMC) with fewer than 5 years of direct technical experience. Her experiences led her to found a successful information assurance and cybersecurity firm, EmeSec, which she has since grown into a respected authority on government security issues. Last year she established a pilot program to hire fellow veterans who may need more specialized work experience to grow in today's economy.
How has your life experience made you the leader you are today?
From a young age, I always tried to focus on the big picture and work towards my long-term goals. My first job was working as a waitress for my parents' catering service. That instilled in me the critical importance of customer service and being personable--lessons I carry to this day. Later in my work as an Intensive Care Unit (ICU) nurse, I was exposed to and worked in a high-pressure environment that forced me to adopt a clarity of thinking and to prioritize next steps. In some instances, I needed to be decisive with next steps while considering alternative options.
How did your previous employment experience aid your position at EmeSec?
The best lesson I learned from my time in the Navy was how to anticipate change and adapt appropriately before things escalated. At EmeSec, I approach and analyze strategy in much the same way. What do we need to do now to be healthy in a year? To grow? Digital capabilities and its protection via cybersecurity are ever-changing and organizations need to anticipate evolving threats and simultaneously adjust their strategies for preemption and defense. We emphasize keeping up to date with the latest technical and business issues impacting security such as cloud, mobile and privacy so we can offer our clients best counsel.
What have the highlights and challenges been during your tenure at EmeSec?
A key highlight was winning the Federal Risk and Authorization Management Program (FedRAMP) certification as a third-party assessment organization (3PAO). FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for government cloud products and services. As one of only 27 authorized FedRAMP 3PAOs and one of the few small businesses, EmeSec conducts testing for companies that are cloud service providers undergoing certification. Cloud services and cloud security services are rapidly impacting the federal market and the FedRAMP program provides a baseline for addressing security requirements of both the public and private sectors. The challenge for a 3PAO is to effectively translate requirements and conduct transparent testing that results in good business for the government and a more ingrained security practice for commercial companies bringing the latest technology advancements to government.
A key challenge was gaining that initial access to federal agencies to demonstrate performance. We were able to do so with some commercial partners. Then, small businesses experience inflection points as they grow requiring new skills from their leaders and their staff. These inflection points may differ for every company but the business aspect requires addressing all components from human resources to regulatory compliance to financial support, as well as changes even in the CEO's approach to the work he or she accomplishes on a day-to-day basis.
Tell us about your time as a female CIO at the NNMC.
My last assignment for the U.S. Navy was CIO for the NNMC, now known as the Walter Reed National Military Medical Center. I achieved that position despite an unconventional background in nursing. While I was there, I oversaw the implementation of the Health Insurance Portability and Accountability Act (HIPAA) privacy guidelines and witnessed their impact on security. We also experienced some of the cybersecurity issues leaders see today including the probes, early advanced persistent threats, and technical glitches related to protecting key information. We also had a tight budget with many priorities just as organizations face today. That was more than a decade ago and some of the automated tools we use today were just beginning to be recognized as best practices. Following 9/11, I was able to participate in many of the IT continuity issues and the early considerations of critical infrastructure protection. Those experiences made me believe in the foundation of security first.
The role of CIO was not one that I had considered prior to my assignment. Because of my limited technical background and the fact that I focused on technology from a business perspective, I had to find the means of becoming more technical. Pragmatically, I had to rely on multiple opinions from my staff as well as improve my own knowledge base. I asked and worked with a bright, more junior colleague in what might be considered tutoring on specific technical issues to rapidly come up to speed. Often we would work on critical issues daily and focus on the aspects of the technology that would make or break an implementation, an acquisition or the desired functionality the organization wanted. The lesson I took away was to never underestimate your ability to succeed in a job outside of your initial comfort zone or your ability to add to your technical skill set.
What advice would you give to women who are looking to start their own business?
First, focus. What is your vision for that business? Do you believe in yourself? Build upon that vision and develop the capabilities to differentiate yourself in the marketplace. Then, work hard. Realize the work you put into your business serves as a multiplier over the life of the business. Finally, employ individuals that will challenge you and support you as an individual. The challenges will clarify your vision and hone your differentiators. Staff who support you will bring you confidence during the trials and look out for those things that may slide off of your very full plate of activities as a business owner.
How do you maintain a work/life balance?
As a single mother of three kids, my family has always remained a priority even while I was on active duty. While two of them are grown now, I still balance my executive responsibilities with my equally important responsibilities as a mother. As for hobbies, perhaps it's because I grew up with brothers, I enjoy playing golf and poker. I enjoy vegetable gardening and I try to "unplug" when on vacation. I am learning now as my business responsibilities grow play is more important than I once thought.
What do you think is the biggest issue for women in the workplace?
Self-doubt. From an early age, girls have not been encouraged in the fields of math and science. Sometimes, these subtle negative assumptions sink in, and many women tell themselves they cannot succeed in the mathematics or IT fields, let alone in business.
I've had to work very hard to succeed in male-dominated fields like the U.S. military and cybersecurity where there were few females in leadership to emulate. I challenge the young men and women I mentor to shape their own experiences.
How has mentorship made a difference in your professional and personal life?
I don't like the word "mentor," as it can be associated with cronyism and favoritism. It may also suggest or hint at passivity such as the need for a mentor to open doors so one can be successful in a field or a career. I try to encourage my staff to rely on themselves and use personal initiative to create opportunities. There were times in my career journey where I did not have a positive mentor but rather what I would call a "negative mentor or role model." I chose to take from those experiences what I wouldn't practice or how I would choose not to act if given the opportunity to lead others. Probably as a consequence, I prefer the term "leader" and I think leadership is essential to running a good business. A leader is someone who can motivate, encourage and inspire you through their example.
Which other female leaders do you admire and why?
Meg Whitman is currently spearheading the turnaround at HP. Having made her fortune at eBay, she could have retired long since. She joined eBay when it was just a 30 person company with $4 million in revenues, and when she left a decade later it had $8 billion in revenues. She also tried her hand at politics. While she ultimately was not elected as California's governor, her tenacity to run serves as a reminder that success is as much the experience as the accomplishment.
Carly Fiorina is another self-made woman who rose from a management trainee to senior executive at AT&T. She was chosen over the leading internal candidate to be the CEO of HP in 1999. This was the height of the dot-com bubble, and many now believe that she was specifically selected to fail. She then led HP in its acquisition of Compaq to build the largest computer manufacturer in the world--and she survived a proxy fight by Walter Hewlett to do so. Carly exhibits the grit that should inspire women (and men).
What are your hopes for the future of your company?
Over the next decade we'll see desktop computers phased out as mobile and cloud solutions permeate all aspects of our lives from household appliances to cars and even the walls within which we live and work. Security will likely transition from a protocol to an expected characteristic within technology while a shift toward situational or contextual privacy will become more of a centerpiece within security practices. My expectation is that EmeSec will continue to grow in both the government and commercial sectors to help safeguard digital information.