What is the main focus of the blog post 'Voices of Leadership: The Women Shaping the Future of Cyber Advisory'?

The blog post highlights the achievements and insights of five women leaders in cybersecurity advisory, all of whom are Cynomi partners or industry leaders. It emphasizes the importance of Women’s History Month as a time to recognize innovation, resilience, and vision in cybersecurity. The post discusses the ongoing challenge of gender parity (with women representing 22% of the global cybersecurity workforce according to ISC2), especially at senior levels, and showcases how these leaders are driving transformation in cyber advisory. Their collective insights provide a roadmap for technical excellence, strategic vision, and inclusive leadership. The article concludes with a call to action for industry inclusion, advocating for active sponsorship, clear leadership pathways, and championing diverse voices.

Who are the women leaders featured in the 'Voices of Leadership' blog post?

The blog features Shannan De Witt (Founder, Flex Consulting), Ann Westerheim (Founder & President, Ekaru), Donna Gallaher (President & CEO, New Oceans Enterprises, LLC), Nett Lynch (CISO, Kraft & Kennedy), and Paige Goss (Founder & CEO, Point Solutions Security). Each leader shares her unique perspective on leadership, inclusion, and the evolving landscape of cybersecurity advisory.

What challenges do women face in cybersecurity leadership roles?

Women represent only 22% of the global cybersecurity workforce (ISC2), with even fewer in senior leadership positions. Challenges include underrepresentation at conferences and in technical sessions, limited mentorship and sponsorship opportunities, and the need for more advocates to champion women's advancement in the field. The blog emphasizes the importance of moving from mentorship to active sponsorship and creating pathways for women to lead and innovate.

What advice do the featured women leaders offer to aspiring cybersecurity professionals?

Advice includes mastering the intersection of AI governance and security, focusing on business impact, embracing vulnerability and continuous learning, building strong team cultures, and seeking out both mentors and sponsors. Leaders encourage women to step into high-impact roles, reject self-doubt, and collaborate with others to complement their strengths.

How do the featured leaders view the importance of team culture in cybersecurity?

Nett Lynch, CISO at Kraft & Kennedy, emphasizes that building a strong team culture is as important as the security work itself. She advocates for inclusion, collaboration, and the need for both men and women to act as allies and champions for diversity in the field.

What is the significance of mentorship and sponsorship for women in cybersecurity?

The blog highlights that while mentorship is valuable, active sponsorship is critical for advancing women in cybersecurity. Sponsors advocate for women, put their names forward for new opportunities, and help create pathways to leadership, which is essential for closing the gender gap in the industry.

How do the featured leaders recommend handling self-doubt in cybersecurity careers?

Donna Gallaher advises not to let anyone use your self-doubt against you, emphasizing that nobody is an expert at everything. She encourages emerging leaders to focus on enabling others, seek out collaborators, and never mistake a knowledge gap for a leadership gap.

What industries do the featured women leaders serve in their cybersecurity roles?

The leaders serve a wide range of industries, including healthcare, financial services, manufacturing, retail, energy, education, and legal. Their expertise spans global enterprises, small businesses, and specialized consulting for various sectors.

What is the next step for industry inclusion in cybersecurity according to the blog post?

The blog concludes that technical expertise must be paired with business acumen, strategic vision, and strong team culture. The industry must move beyond passive mentorship to active sponsorship, clear leadership pathways, and a commitment to championing diverse voices at every maturity level. Creating space for women to lead, collaborate, and innovate will build a more secure, resilient future.

What is Cynomi and who is it designed for?

Cynomi is an AI-driven platform designed for Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), and virtual Chief Information Security Officers (vCISOs). It empowers these roles to deliver scalable, consistent, and high-impact cybersecurity services by automating up to 80% of manual processes and embedding CISO-level expertise.

What are the key features of Cynomi's platform?

Key features include AI-driven automation of up to 80% of manual processes, scalability for vCISO services, compliance readiness across 30+ frameworks (such as NIST CSF, ISO/IEC 27001, GDPR, SOC 2, HIPAA), embedded CISO-level expertise, enhanced branded reporting, centralized multitenant management, and a security-first design that links assessments to risk reduction.

How does Cynomi help service providers scale their cybersecurity offerings?

Cynomi enables service providers to scale their vCISO services without increasing resources by automating manual processes, standardizing workflows, and providing centralized multitenant management. This allows providers to grow their client base efficiently and sustainably.

What compliance frameworks does Cynomi support?

Cynomi supports compliance readiness across more than 30 frameworks, including NIST CSF, ISO/IEC 27001, GDPR, SOC 2, and HIPAA. This allows for tailored assessments to meet diverse client needs.

How does Cynomi automate cybersecurity processes?

Cynomi automates up to 80% of manual processes such as risk assessments and compliance readiness. This reduces operational overhead, accelerates service delivery, and ensures consistent results for service providers and their clients.

What integrations does Cynomi offer?

Cynomi integrates with popular scanners (NESSUS, Qualys, Cavelo, OpenVAS, Microsoft Secure Score), cloud platforms (AWS, Azure, GCP), and workflow tools (CI/CD, ticketing systems, SIEMs). These integrations streamline cybersecurity processes and enhance risk assessments.

How does Cynomi ensure ease of use for non-technical users?

Cynomi features an intuitive interface designed to guide even non-technical users through assessments, planning, and reporting. Customers have praised its user-friendly navigation and streamlined processes, making it accessible to junior team members and reducing the learning curve compared to competitors.

What reporting capabilities does Cynomi provide?

Cynomi offers branded, exportable reports that demonstrate progress and compliance gaps. These reports improve transparency, foster trust with clients, and are useful for client engagement and showcasing value.

How does Cynomi prioritize security and compliance?

Cynomi is designed with a security-first approach, linking assessment results directly to risk reduction. Compliance is addressed as a byproduct of robust security practices, ensuring both protection against threats and regulatory readiness.

What technical documentation does Cynomi provide for compliance management?

Cynomi offers a variety of technical resources, including NIST compliance checklists, policy templates, risk assessment templates, incident response plan templates, and guides for NIST SP 800-53 and NIST 800-171. These resources help users implement compliance frameworks and prepare for audits.

Can you share some customer success stories involving Cynomi?

Yes, Cynomi has several notable customer success stories. For example, CyberSherpas transitioned from one-off engagements to a subscription model, simplifying and streamlining work processes. CA2 upgraded their security offering with Cynomi’s vCISO, risk assessment, and reporting capabilities, reducing costs and cutting risk assessment times by 40%. Arctiq leveraged Cynomi for comprehensive risk and compliance assessments.

What industries are represented in Cynomi's case studies?

Industries represented include vCISO service providers, clients seeking risk and compliance assessments, and organizations in sectors such as healthcare, financial services, manufacturing, retail, energy, education, and legal.

How has Cynomi impacted customer business outcomes?

Cynomi customers report measurable outcomes such as increased revenue, reduced operational costs, and improved compliance. For example, CompassMSP closed deals 5x faster using Cynomi, and ECI achieved a 30% increase in GRC service margins while cutting assessment times by 50%.

What are some use cases for Cynomi's platform?

Use cases include automating risk and compliance assessments, scaling vCISO services, bridging knowledge gaps for junior team members, enhancing client engagement with branded reporting, and supporting organizations in regulated industries to achieve compliance efficiently.

How does Cynomi help address time and budget constraints for service providers?

Cynomi automates up to 80% of manual processes, enabling faster and more affordable engagements without compromising quality. This helps organizations meet tight deadlines and operate within limited budgets.

What pain points does Cynomi solve for cybersecurity service providers?

Cynomi addresses pain points such as manual processes, scalability issues, compliance and reporting complexities, lack of engagement tools, knowledge gaps among junior staff, and challenges maintaining consistency across engagements.

How does Cynomi help junior team members deliver high-quality cybersecurity services?

Cynomi embeds CISO-level expertise and best practices into the platform, enabling junior team members to deliver professional-grade assessments and bridge knowledge gaps without requiring extensive cybersecurity experience.

What feedback have customers given about Cynomi's ease of use?

Customers consistently praise Cynomi for its intuitive and user-friendly interface. Grant Goodnight from ESI – Electronic Strategies Inc. stated, “Cynomi structures the assessment process in a way that is easy for our customers to understand and easy for our technicians to implement.” The platform is noted to be more intuitive and less complex compared to competitors like Apptega and SecureFrame.

How does Cynomi compare to Apptega?

Cynomi is purpose-built for service providers and embeds CISO-level expertise, making it easier for non-technical users. It automates up to 80% of manual processes, while Apptega requires higher user expertise and more manual setup. Cynomi also prioritizes security over compliance, whereas Apptega is compliance-driven.

What differentiates Cynomi from ControlMap?

Cynomi offers a lower barrier to entry by embedding CISO-level knowledge and providing pre-built frameworks and automation, reducing deployment timelines. ControlMap requires significant expertise and manual setup, while Cynomi provides guided workflows and structured navigation.

How does Cynomi compare to Vanta?

Cynomi is designed for service providers and supports over 30 frameworks, offering greater flexibility than Vanta, which focuses on select frameworks like SOC 2 and ISO 27001. Cynomi also provides multi-tenant capabilities and is more cost-effective, while Vanta is often premium-priced.

What are the advantages of Cynomi over Secureframe?

Cynomi links compliance gaps directly to security risks and enables service providers to scale their services efficiently. It supports more frameworks than Secureframe, which is compliance-driven and focuses on in-house compliance teams.

How does Cynomi differ from Drata?

Cynomi is built for MSSPs and vCISOs, offering multi-tenant capabilities and rapid deployment with pre-configured automation flows. Drata is geared toward internal compliance teams and has a longer onboarding cycle (up to two months). Cynomi is also more cost-effective.

What makes Cynomi a better fit for service providers compared to RealCISO?

Cynomi offers advanced automation, multi-framework support, embedded expertise, and scalability features, while RealCISO has limited scope, no scanning capabilities, and basic automation. Cynomi enables service providers to scale their services and manage multiple clients efficiently.

Where can I find Cynomi's blog and educational resources?

You can access a wide range of materials in our Resource Center, read articles on our blog, and find information about our Events & Webinars.

How can I access blog articles about company news from Cynomi?

You can stay updated with company news by visiting our company news blog section.

Where can I find blog articles about top security policies?

You can access articles about top security policies in our top security policies blog section.

What is the main topic of the blog 'Translating Tech to Strategy: Showing Security’s Business Value in the Boardroom'?

The blog focuses on how service providers supporting SMBs and mid-market enterprises can effectively communicate cybersecurity's business value to boards of directors. It emphasizes shifting the narrative from technical details to strategic outcomes, aligning security activities with business priorities, and using structured reporting cadences to enhance clarity and support smarter decision-making.

What advice do Cyber Advisory Excellence Winners offer to aspiring leaders in the field?

Advice includes mastering simplification, providing actionable guidance, having the confidence to challenge clients when necessary, and stepping into the boardroom to make security a business driver. For example, Jim Ambrosini emphasizes clarity over complexity, and Donald Monistere highlights the importance of real partnership and guiding clients through risk prioritization.

What are the key insights from the Cyber Advisory Excellence Winners featured in Cynomi's blog post?

The key insights include the evolving role of cyber advisors and vCISOs, the importance of translating technical risks into business strategies, ensuring compliance, and building resilience for sustainable growth. The common thread is a shift from technical execution to strategic leadership, connecting security directly to business outcomes and building client trust.

When was this page last updated?

This page wast last updated on 12/12/2025 .

Voices of Leadership: The Women Shaping the Future of Cyber Advisory

Table of contents

Women’s History Month is an opportunity to recognize the leaders shaping industries through innovation, resilience, and vision. In cybersecurity, that leadership is especially critical.

While women represent 22% of the global cybersecurity workforce (according to ISC2), parity remains elusive, especially at senior levels. However, a powerful wave of women leaders is driving transformation in cyber advisory, setting new standards for expertise, advocacy, and impact.

For Women’s History Month, we are spotlighting five Cynomi partners and industry leaders who are at the forefront of this transformation. They understand that cybersecurity is a business discipline, and their insights offer a roadmap for technical excellence, strategic vision, and inclusive leadership.

Shannan De Witt, Founder, Flex Consulting

Bridging Operations and Security Architecture

Shannan De Witt is the founder of FLEX Consulting, where she serves as a strategic advisor and global security lead. She manages complex digital transformations and security roadmaps for international enterprises, handling budgets exceeding $950 million. Her work focuses on bridging the gap between business operations and elite security architecture. She specializes in NIST, CMMC transitions, global identity and access management integrations, audit assurance, and the automation of governance, risk, and compliance.

De Witt provides executive-level guidance to C-suite leadership and boards of directors, using a hands-on approach to ensure large-scale AI and SaaS platform rollouts maintain strict adherence to regulatory standards.

Strategic advice for navigating a complex landscape

With over 20 years of experience leading global SaaS, cybersecurity, and AI transformations, De Witt has watched the industry evolve from technical gatekeeping to strategic business enablement. Her approach relies on a core set of principles:

Master the intersection: True leadership happens where AI governance and global data governance meet core security.

The multi-framework mindset: Compliance is about building strategic ROI roadmaps across various compliance and regulatory frameworks, rather than just checking boxes.

Forensic rigor: Lead with a data-driven approach, leveraging forensic investigations to establish authority in high-stakes environments.

Continuous excellence: Elite credentials represent the gold standard for GRC expertise.

Operational vision: Focus on the strategic reasoning to drive initiatives that move the business forward.

Beyond the data center, De Witt’s background coaching football and serving as a firefighter and paramedic taught her that technical skill requires seamless teamwork. She brings that high-pressure, collaborative approach to cybersecurity, knowing that the strength of any crisis response depends on team unity.

When it comes to women in leadership, De Witt emphasized, “While we’ve made incredible strides, we must continue pushing for progress in mentorship pipelines and representation for women in cybersecurity, infrastructure, and AI.”

Ann Westerheim, Founder & President, Ekaru

Strengthening the Foundation for Small Businesses

Ann Westerheim is the founder and president of Ekaru, a technology consulting firm focused on strengthening the technology foundation and cybersecurity posture of small businesses. She helps organizations build the resilience they need to operate securely and efficiently.

Stepping into high-impact roles

Westerheim sees cybersecurity as one of the most interesting and high-impact careers in technology, offering far more opportunity than available talent. However, she notes a persistent gap in representation.

When attending technical sessions at industry conferences, Westerheim observes that the rooms remain overwhelmingly male. She advocates for more women to step into both technical and leadership roles, emphasizing that cybersecurity is a field where dedicated professionals can make a tangible difference for their clients and their communities.

Donna Gallaher, President & CEO, New Oceans Enterprises, LLC

Translating Cyber Risk into Business Impact

Donna Gallaher is the president and CEO of New Oceans Enterprises, a cybersecurity consulting firm specializing in data privacy and AI governance programs. Her firm provides fractional CISO services to organizations across healthcare, financial services, manufacturing, retail, energy, and education. She helps clients across healthcare, financial services, manufacturing, retail, energy, and education industries translate complex cyber and privacy risks into direct business impacts, empowering executives to make informed, strategic security decisions.

Leading with business acumen

Gallaher advises women entering cybersecurity leadership to focus on the broader business context. Cybersecurity is ultimately a business risk discipline, and leaders who rise quickly are those who speak the language of the boardroom.

She encourages emerging leaders not to feel intimidated if they aren’t deeply technical in every area. Leadership centers on enabling others to achieve their goals. Gallaher emphasizes the importance of rejecting self-doubt and ignoring critics who focus on perceived shortcomings. “Don’t let anyone use your self-doubt against you, because that tactic only works if you allow it,” she said. “Nobody is an expert at everything, including those who may criticize you.”

Instead, she recommends finding partners and collaborators who complement your strengths, building each other up, and never mistaking a knowledge gap for a leadership gap.

Nett Lynch, CISO, Kraft & Kennedy

Driving Strategy and Building Team Culture

Nett Lynch serves as the CISO at Kraft Kennedy, a technology consulting firm dedicated to the legal industry. She leads the firm’s cybersecurity strategy, compliance programs, and client advisory work. She also leads Legion, their left-of-boom cybersecurity advising division built for MSP partnerships. For Lynch, building a strong team culture is an operational priority equal to the security work itself.

Moving from mentorship to sponsorship

Having worked in the field for 30 years, Lynch has seen significant shifts. Early in her career, women in the C-suite (let alone the CISO seat) were the exception, not the rule. Today, she sees more women leading security programs, driving compliance frameworks, and earning seats at the executive table. However, she notes that progress does not mean the work is finished.

Lynch identifies a critical need to close the gap in sponsorship, not just mentorship. Women need advocates who will actively put their names behind new opportunities, rather than just offering guidance.

“There isn’t just one seat at the table for women in cybersecurity, and we have to act like it,” said Lynch.

She stresses that inclusion is not a zero-sum game. True progress requires men to act as genuine allies and women to actively champion one another and create space. That cultural shift, more than any single policy, is where she believes our next real progress lives.

Paige Goss, Founder & CEO, Point Solutions Security

Putting People First in Security Solutions

Paige Goss is the founder and CEO of Point Solutions Security. She focuses on building a company that prioritizes people, supporting both her clients and her internal team. Her role centers on growing the business, strengthening relationships, and ensuring that delivered security solutions genuinely protect and support the humans behind the mission.

Embracing vulnerability and continuous learning

Goss advises women stepping into leadership roles to lead with confidence, curiosity, and a willingness to stay uncomfortable. The cybersecurity industry changes rapidly, and successful leaders are those who continuously learn, push their own boundaries, and step into spaces where they may not feel fully ready.

She views vulnerability as a leadership strength. Being open about what you do not know, asking targeted questions, and surrounding yourself with people who challenge you will make you better and stronger over time.

“Cybersecurity is about far more than technology. At its core, it is about protecting people, organizations, and communities. When you stay grounded in that mission and lead with authenticity, your impact will go much further than you think,” said Goss.

Moving Forward: The Next Steps for Industry Inclusion

The insights from these five leaders make one thing clear: technical expertise must be paired with business acumen, strategic vision, and a strong team culture to deliver real outcomes. To continue building a robust cybersecurity workforce, the industry must move beyond passive mentorship.

We need active sponsorship, clear pathways to leadership, and a commitment to championing diverse voices at every maturity level. By creating space for women to lead, collaborate, and innovate, we build a future that is more secure, resilient, and ready for whatever challenges come next.

If you know a cybersecurity advisory leader who is making a significant impact on the industry and delivering exceptional results for their clients, we encourage you to recognize their contributions. Nominate them for our Cyber Advisory Excellence Awards today.

Frequently Asked Questions

Women in Cybersecurity Leadership