Stephanie Franklin-Thomas
“Find comfort in being uncomfortable.”
Stephanie Franklin-Thomas, Ph.D. is a powerhouse in cybersecurity and business transformation, with more than 28 years leading global IT and security strategy. As Global VP and CISO at Medtronic, she protects operations worldwide. She’s held top roles at Fortune 500 companies, including ABM Industries and Motiva (a Saudi Aramco company), and sits on the boards of St. Luke’s Hospital and the National Cryptologic Foundation. A published author, dynamic speaker, and lifetime National Black Master of Business Association member, Stephanie blends tech savvy with leadership smarts.
What is one skill, interest or talent of yours that makes you great at your job?
One skill that I believe makes me particularly effective in my job is my ability to balance deep technical expertise with a strong understanding of patient safety and regulatory compliance. My ability to simplify complex technical concepts and communicate them in a way that is easily understood by both technical and non-technical stakeholders has been a key strength.
What is the best piece of unconventional career advice you’ve gotten?
Find comfort in being uncomfortable. In cybersecurity, the landscape is always changing, and staying in your comfort zone can quickly leave you behind. Whether it’s tackling a new technology, stepping into a leadership role, or handling a high-pressure security incident, discomfort is inevitable. Embrace it.
What is your proudest moment working in the cybersecurity industry?
One of my proudest moments was helping elevate someone on my team to secure his first CISO role. Watching him develop professionally, and guiding him through the process of honing his leadership and technical skills, was incredibly rewarding. To be part of his journey and see him step into such an important leadership position was a true highlight of my career.
When did you become interested in pursuing a career in cyber and what prompted it?
I started gaining exposure to the field, and as I took on more responsibilities, I developed expertise. Along the way, mentors, peers, and friends helped shape my understanding and encouraged me to hone my skills. As I progressed, I began to realize something important: I actually enjoyed working in cybersecurity, and I was good at it. What started as an unplanned journey gradually became a fulfilling career, and now I can say with confidence that cybersecurity is where I belong.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- Cybersecurity is as much about people as it is about systems. Technical skills are important, but so is the ability to influence behavior, communicate, and build a culture of security.
- Collaboration is key. An effective and successful cybersecurity team and program depends on building alliances and trust across the organization.
- Cybersecurity is a fast-evolving field, so stay curious and engaged with industry developments, and continuously build your technical and business acumen.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
One of the most persistent misconceptions is that cybersecurity is purely a technical issue, something that can be solved with the right tools, software, or technical teams. In reality, cybersecurity is fundamentally about managing risk and influencing human behavior. Technology is only part of the equation. People represent both the greatest risk and the greatest opportunity. Cybersecurity is as much about communication, culture, and leadership as it is about firewalls and encryption.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
I absolutely believe that I’m contributing to the security of the world, even if indirectly. My role is to help ensure the protection of sensitive data, systems, and networks from threats that could disrupt not only an organization’s operations, but also the lives of individuals who rely on those systems. In today’s interconnected world, the security of information has a profound impact on everything from personal privacy to national security.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
Bringing the next generation into the cybersecurity industry will help introduce fresh perspectives and innovative solutions to tackle the increasingly complex cyber threats we face. Growing up in a digital world, they are naturally tech-savvy and understand the intricacies of the online landscape. Their skillset in emerging technologies like AI, blockchain, and quantum computing will enable the development of more adaptive, scalable security solutions, helping to ensure we stay ahead of evolving cyber threats.
Who is your role model in the cybersecurity industry and why?
One of my role models is General Lori Robinson, the first woman to lead a major Unified Combatant Command in the history of the United States Armed Forces. She served as the commander of the US Northern Command and North American Aerospace Defense Command (NORAD). General Robinson’s leadership and strategic vision in complex, high-stakes environments offer powerful lessons that are highly relevant to cybersecurity.
