Fiona Williams

Partner, Deloitte US

Cyberattacks are the number one business risk in most of the world, according to a 2022 study from the World Economic Forum. Not all cyber threats are alike, and diverse problems require diverse solutions. Yet, the cyber industry is predominantly led by men. How can we solve this significant threat to the business world with only half of the population? Fortunately, the women who make up that percentage are some of the fiercest in the greater technology industry. In this series, The Female Quotient and Deloitte are putting a spotlight on 25 women at the forefront of the cyber revolution, amplifying their career advice and sharing their insights on how the industry will evolve in the future. Their stories are proof that behind every functioning society is a woman in cyber.

What does a typical day of work look like for you?

My day usually starts early on calls with my global alliances teams. Then, I usually have US client and team calls later in the day. Recently, I have been traveling for meetings and conferences. I attended our Global SAP strategy meeting in Lisbon, meetings in Washington D.C. with AWS, followed by SAP Sapphire in Orlando.

What's a common misconception about women in cyber you'd like to debunk?

I believe that the profile for a cyber professional is not necessarily a technical education. I have seen women with broad backgrounds applying their skills to help to deliver cyber projects.

What aspects of your career journey have taken you by surprise?

I never expected to be a Deloitte “lifer.” I joined right after college and planned on only staying a couple of years to get experience for my next opportunity. It’s hard to believe that I am still loving being at Deloitte after 38 years. I’m amazed by all the opportunities I have had as I’ve watched the firm grow.

What's your superpower as a woman in cyber?

What's the most challenging component of your job today?

Tell us about the cyber project you're most proud of working on in your career.

I’ve been fortunate to enjoy a number of challenging yet fun projects. I’ve loved working on lots of production companies while they were filming major movies and TV shows – and loved seeing the stars up close. I enjoyed the challenge of being the first CISO for the US firm and building an incredible team. Helping build the technology to support the SoFi stadium, attending the first, in-person Rams game at the stadium, and then watching them going on to win the championship was amazing.

What's one must read, watch or listen for women wanting to work in cyber?

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

When I first started in cyber, we called it security and controls. Most organizations had never experienced a breach, and our services were looked at as “an insurance policy that you hoped you would never need.” Many clients chose to “self-insure,” i.e. do nothing. If they had adequate manual controls in place, they would detect a material insider issue. Today, cybersecurity has become a common issue. All organizations have either been breached or are not aware that they have been breached. Now, when you tell people at a cocktail party what you do, they are very interested whereas when I first started in cyber no one understood or cared.

What's one piece of advice you'd give your younger self about getting started in cyber?

Who are some women working in cyber today that you admire?

I admire many of my fellow Deloitte professionals. As the global leaders of cybersecurity, I am so proud of what my colleagues have accomplished. Mary Galligan is one of my heroines who has helped me so much in the past. Emily Mossburg is an amazing global cyber leader, and Deb Golden leads our US cyber practice. It’s awesome to have two women leaders of the practice.
Fiona’s experience includes cyber risk, organization and process improvement, application design and implementation. During her 38 years at Deloitte, she has established and led the Security practice; the SAP Security, Controls and GRC practice; and the Advisory Technology Risk Service Area focusing on growing the Technology and Cyber practices. Leveraging her hands on experience as the Deloitte CISO, Fiona currently advises and assists other CISOs with their Security programs from strategy, implementation, and operation including board and management reporting. Fiona leads Deloitte Advisory’s Global SAP Alliance including cyber security, controls and compliance, digital controllership, treasury and sustainability. Fiona also leads Deloitte Advisory’s Global AWS alliance.