LEADERS IN CYBERSECURITY

Chandra McMahon

Senior Vice President and Chief Information Security Officer, CVS Health

Chandra McMahon is Senior Vice President and Chief Information Security Officer at CVS Health. McMahon provides overall leadership, vision and direction for CVS Health’s Enterprise Information Security program. McMahon and her team work across CVS Health’s business units to protect the security and integrity of customer and company data

Prior to joining CVS Health, McMahon served as Verizon’s Chief Information Security Officer. Before Verizon, McMahon was at Lockheed Martin where she was the Chief Information Security Officer before becoming the vice president of commercial markets, where she was responsible for delivering cybersecurity solutions to Fortune 500 companies in critical infrastructure industries such as financial, utility and technology companies.

She is currently a member of the Aspen Institute Cyber Strategy Group, a cross-sector public-private forum aimed at translating pressing cybersecurity conversations into action. Recently, she was named to the CSO Hall of Fame, SecurityConnect Top 100 CISOs and CyberDefense Top Global CISOs.

McMahon holds a Bachelor of Science degree in Industrial Engineering and Operations Research from Virginia Tech and a Master’s degree in Engineering Science from Penn State University. She currently holds the following certifications: Certified Information Security Manager (CISM), Certified Secure Software Lifecycle Professional (CSSLP) and Certified Cloud Security Professional (CCSP).
Show more

What does a typical day of work look like for you?

I get up early, practice self-care, review my schedule, dive into meetings and focus on my priorities. My schedule is demanding – I have many meetings to inform, decide, align or advance items. Each week, I carve out focus time where I dedicate uninterrupted time to working on strategy or other important matters. My evening wind-down routine consists of scanning my schedule, wrapping up emails and transitioning to family time. Later in the evening, I’ll do a quick email check-in and make sure I get enough sleep before the next day. I strive to focus on my priorities each day, engage with my team, and, most importantly, have fun along the way, no matter what each day holds.

What aspects of your career journey have taken you by surprise?

While I never expected to become a CISO, I am glad my career journey has taken me down this path. I would not be here in my role today if I hadn’t listened to my mentors, who challenged me to take risks during my career and take on roles I didn’t think I was capable of performing. Also, having the full support of my husband and family has allowed me to take on opportunities that I might otherwise not have tried.

Tell us about the cyber project you're most proud of working on in your career.

When I worked at Lockheed Martin, I led our company’s response to the RSA token incident. It required me to use every skill I had learned to lead during that crisis. I had a phenomenal security and CIO team who rose to the challenge, and we successfully navigated the incident together. I went from leading that incident response to briefing congressional members and staff on the incident within days. To this day, I am proud of the overall team effort to thwart that advanced cyberattack.

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

Early in my career, cybersecurity was not well understood and rarely discussed at the executive management and board level. Today, it is a significant risk for many enterprises and has the attention of executive management and the board. Everyday citizens are more aware of cybersecurity and fraud impacts. Countries and governments understand that cybersecurity can ensure economic prosperity and national security. In the future, cybersecurity will be more challenging due to the acceleration of technologies (artificial intelligence, machine learning and quantum computing), digital transformation, the expansion of regulatory and country sovereignty laws protecting consumer data and the demands on the cybersecurity workforce. I believe that companies and public sector agencies will need to invest more in cybersecurity. More importantly, education and tools will be needed to support everyday citizens to protect them from increasing fraud and threats.

Tell us about your first job (can be anything!) and one lesson you might have learned from it.

I once worked in a thrift shop before college. We were required to wear all-white nurse’s clothing and carry a see-through purse (to ensure we weren’t shoplifting). I learned that one person’s throwaway item is another person’s treasure – it’s all a matter of perspective. And therefore, I recognize that each individual is just that: an individual. I try to learn more about their perspective, values and what is important to them.

What’s one piece of advice you’d give your younger self about getting started in cyber?

Cyber is an ever-changing and dynamic field. Technology changes, adversaries change and cyber defense changes over time. There are so many cyber roles and assignments – try several to find out what you like the most. Where you start in cyber may very different from where you go throughout your career.

Tell us about a role model or mentor who has helped shape your career.

I had a mentor early on in my career who saw more in me than I saw in myself. She challenged me by giving me more responsibility. When I worked for other leaders, she continued to mentor me in my career and leadership development. She helped me see that I could do more than I thought I was capable of. It was OK to try and risk failure because of the learning that would come. I am forever grateful for her investment in me. Every day, I look to pay it forward to other women leaders coming through the ranks.

A meeting gets canceled and you have a surprise 30 minute window of free time — how do you spend it?

How you use your time is important – it’s always a choice what you spend your time on. If 30 minutes just freed up, I’d choose one of the following: call an employee to say thank you or call a family member or friend who brings me joy or knock off something on the “quick hit” to-do list or, use the time for self-care.

What are the ways you stay grounded and take care of yourself?

I have learned over the years to prioritize my self-care routines. I admit I wasn’t good at that early in my career. Now, I meet weekly with a life coach that helps me focus on the things that are important to me and make the changes in my life that I want to make. I also focus on being healthy – nutrition, hydration and exercise. And I focus on connections and relationships with my family and close friends.

When you think about your personal legacy as a leader, what do you hope people will remember?

I would like the people I worked with to remember me as a fair leader who advocated on their behalf, supported them and performed with grit and grace. Knowing that I had added value in some small way to their career and personal journeys as they reached their full potential would be the highest compliment.