Smart Cookies features Niamh Muldoon, a longtime security leader, discussing trust, AI adoption, team diversity, mentorship, and the role of women in cybersecurity.
Listen now
Overview
Welcome to Smart Cookies, a conversation series focused on cybersecurity, privacy, and risk leadership. In this episode, we sit down with Niamh Muldoon, a seasoned security leader with more than two decades of experience. She shares insights on leadership, trust, innovation, and the importance of diversity in tech.
Niamh’s career in security was not planned. Growing up with four brothers in Ireland, where sports and community were central parts of life, helped shape her sense of being born to protect. She first wanted to work in fashion design, but after September 11 her career path shifted toward cybersecurity.
The conversation also turns to Niamh’s mix of security leadership and innovation work. She explains that real innovation in cybersecurity goes beyond defense and supports trust and business growth. She also argues that cybersecurity can help organizations adopt new technologies such as AI when the right controls are in place.
Diversity is another major theme. Niamh says varied teams support stronger decision-making, stronger incident handling, and better problem-solving. She also speaks about mentorship, sponsorship, and creating more room for women in cybersecurity leadership.
Trust is a core point throughout the episode. Niamh encourages startups to build security into products from the start and to “drink their own champagne” by using strong security practices in their own environments. She argues that trust is not only a security feature, but also a key part of brand strength and customer relationships.
What this episode covers
- How Niamh Muldoon entered cybersecurity leadership.
- Why trust helps organizations adopt AI, cloud platforms, digital signatures, and cryptography.
- Why diverse teams support better decisions and stronger incident response.
- How mentorship and sponsorship can help women in cybersecurity.
- What security leaders can learn about communication, adoption, and business value.
FAQ
Who is Niamh Muldoon?
Niamh Vianney Muldoon is a longtime security leader with more than two decades of experience across security, trust, privacy, and risk.
How does Niamh Muldoon describe cybersecurity?
She describes cybersecurity as a business enabler that builds trust and helps organizations adopt new technology with the right controls in place.
Why does team diversity matter in cybersecurity?
Niamh argues that diverse teams support better decisions, stronger incident handling, and better problem-solving across security functions.
Full transcript
Bryon: Niamh and I were just chatting here before the show. I think it is close to a decade, maybe, that we have known each other. We were introduced a while back, and Niamh is a good friend. If it is okay, Niamh, I would like to give a little bit of your background and bio. Feel free to correct me as needed, but here is a bit of Niamh’s professional experience. She is a longtime security leader. She has been in the industry for more than two decades, building and leading security, trust, privacy, and risk-related programs, primarily across financial services, but also in the tech space. Currently, Niamh is serving as a chief information security officer and innovation leader. Over the course of her career, she has held a number of leadership roles across security, privacy, data protection, and trust. Aside from Niamh’s operational leadership, she has worked closely with executive teams and boards on security strategy, program maturity, and cyber insurance. Niamh is a well-regarded leader within the technology and security space, and we are very glad to have you here with us today, Niamh. I like to dig into these conversations by leveling the playing field, so to speak, and having all of us think back to when we were younger. I do not know if you would have said this was the career you dreamed of in your early years, but when you were a kid, Niamh, what did you want to be when you grew up?
Niamh: I was just thinking about this with my brothers recently. I used to play this game with one of my younger brothers and one of my older brothers where I would interview them, so I wanted to be a presenter, like the person sitting where you are today on the radio. We found a tape of my interviews, so that was quite funny. Cybersecurity did not exist as an industry when I was a kid, or at least you could not study it at school. There were very few jobs in technology as well. I did want to be a fashion designer. I went to a convent secondary school with nuns, and they said I was good at math, so I should study accountancy. That set my path from school into university. Then September 11 changed my life forever. I was an IT graduate in financial services, two weeks into the role, and then September 11 happened. The bank needed somebody to specialize in security, helping the business travel securely and use mobile devices. So September 11 changed my life and changed things for everyone. That is how I got into it, believe it or not.
Bryon: Wow. It is fascinating how life happens and moves us in different directions. You mentioned interviewing your brothers. I have heard you talk about how you grew up with brothers, and I have also heard you describe yourself as born to protect. Where does that mindset come from? Is it a family dynamic, or where did that come from?
Niamh: Yeah. I grew up with four brothers and no sisters. My parents were heavily involved in the GAA, the Gaelic Athletic Association in Ireland. Every opportunity my brothers had, I had as well. I grew up as an equal to my brothers in education and sports. I played football, and the position I played was in goal. So from an early age, protecting the goal made me think I was born to protect. I was a good goalkeeper in soccer, and when I look back on it now, that is probably where it all came from.
Bryon: That is awesome. You traded the goalkeeper’s gloves for enterprise technology and security tools. That is super interesting. Out of curiosity, where were you in the order with your brothers? Oldest, youngest, middle?
Niamh: Middle. I just have one younger brother, but he is like my big younger brother because he is six foot four and he is like my bodyguard in a way.
Bryon: You mentioned, Niamh, that your family was very involved in the GAA, the Gaelic Athletic Association. How do you think that sports and competition shaped how you show up in your professional career now?
Niamh: The ethos of the GAA is about belonging and community. As I got into my teenage years, I was not as interested in football as my brothers were, and I was often a substitute. But my parents always used to tell me that your team is only as good as your substitutes. That created a sense that everyone had a role and everyone had opportunities. When I look at the ethos around the GAA and how it brings people together, I think that is what I took from it all. When you bring people together and have different views from a business perspective, it allows you to create great teams, and that is what really helps a business move forward. It is also important when operating as a global team. A lot of the companies I have worked with have had a global presence, and I have been very lucky to lead Irish teams and help create that global connection.
Bryon: That is cool. It is interesting to hear you talk about a sense of belonging, along with that team cohesion. Sometimes the things we do not think will shape how we lead later in life actually become the base for how we show up day to day. I am curious, Niamh, shifting more toward your recent leadership experience in security, you mentioned September 11 earlier and the impact that had on the wider security space. Now we are a couple of decades removed from that, and we have seen other major shifts in regulation. You being in Ireland, you lived through GDPR coming onto the scene. We are also in the middle of the AI shift and what that is doing. And now here you are with both a CISO role and an innovation leadership role. When did you realize that security had to move past a defensive posture and into building trust and helping innovation? When did that happen for you?
Niamh: I think it came when I took on leadership roles in technology companies. That is when I really noticed that security is a great business enabler because it allows people to use new technologies. For people to use new technologies, they need to trust them. That is really about meeting people where they are, bringing leadership to the table, and showing how new technologies can help the business move forward. I think that is where we are now with AI. Quantum is coming down the line. Digital assets, cryptography, and cryptocurrencies are becoming part of day-to-day business discussions. So it is about opening the door for people to understand what the new technologies are, how they can help the business, and then giving them confidence that the right controls are in place to protect the business, the data, the money, the brand, and the reputation. My first role around that was with cloud platforms, as people were moving important data into the cloud and asking whether they could trust it. Then later I worked around digital signatures, where legal teams were asking whether they would stand up in court and how personal data would be handled. But when I think about it now, my very first role in a bank was to come up with innovative ways to secure mobile devices, and I found a clever way to get email onto a Nokia 6310 device over an encrypted channel with PIN-based access. We take that for granted now, but twenty-five years ago there was no BlackBerry and no iPhone. I sat down with top executives, including the CEO at the time, and explained how the data on the phone was protected and how they could use it. So I was bringing people along even then. It has just been an extension from security services into larger-scale technology such as AI.
Bryon: It is fun to hear you talk about these moments now, especially when you say we take these things for granted. Even the example of digital signatures is a good one. These were major shifts at the time. Looking at security through the lens of innovation and trust, what does that look like in practice day to day? Is there anything that comes to mind?
Niamh: When you define cyber innovation, what does it really mean? People talk about cyber innovation, but what is it? I always say it is something new that does not exist yet from a product or process point of view, and it brings a new lens to a problem. So how do you think about that? What does it look like? It is understanding the problem a business or individual is dealing with and being open to trying new technologies and new ways of solving it. That might sound easy, but it actually takes time to bring people along. It means showing up consistently when you explain it, and being able to demonstrate the use cases. Seven is the magic number. People often make a decision after hearing about something seven times. I know that from leading global training and awareness programs. The decision might not always be in favor of something, but at least they will decide whether to commit or not commit. I have seen that in practice with training and awareness programs around risk behaviors, but also with the adoption of new technologies. In particular, with digital signature programs, I was often the person on calls with legal teams, talking through contracts, what it meant for the organization, and how it would work. The decision was usually made within seven points of contact, whether that meant seven calls or seven explanations.
Bryon: What you just shared tells me you have lived through the process of trying to roll out change and strategy, where on paper it sounds simple, but bringing people along is where the real difference happens. That is a strong leadership point, and I like the idea that seven times is often the magic number. One last question on this topic. In my day-to-day role, I interact with a lot of security professionals, and one of the things I notice across organizations is that CISOs and security leaders are often curious about what other organizations are doing and how those roles are structured. You are in an interesting spot because you hold both the CISO role and innovation responsibilities. Do you think that signals where the industry may be heading as those functions come closer together?
Niamh: This is my personal view. I think that as a CISO, if you do not have a dedicated function around cyber innovation, or at least somebody dedicated to it, you are not at the races. You are not doing your job, and you are not staying ahead of the threat landscape. It is really hard being a CISO because you have to keep a number of internal and external stakeholders up to date on what the program looks like, while also keeping up with huge changes in technology. So having a dedicated cyber innovation officer, or a function that feeds you that information, is critical to your success as a CISO and to your ability to protect your assets. I think that applies across every industry. How it looks can vary from one organization to another. And let us face it, as security professionals, one thing we all have in common is that we love to learn. We like to play with tools and understand how things work. So you are not going to have a problem getting people to sign up for proof-of-concept work, to work with startups, and to try new technologies. Another principle we always talk about in security is security by design. What I really like is working with startups that are based on new technologies like quantum, crypto, or AI because they are built with those architectures in mind. They are often at the front edge of understanding the threats that show up in those architectures and how their tools address them.
Bryon: Yeah, and I know you have stayed very active, whether in formal or informal advisory roles, and kept close to what some of these newer companies are doing around innovation. I appreciate that you brought your personal view into the conversation. Niamh, I would like to shift a bit. One thing you have been involved with over the last year is the documentary Women in Security, and I appreciate how you have been an advocate for women in technology, and more specifically women in cybersecurity. I have heard you talk about building a cybersecurity sisterhood. What does that look like in practice, and can you tell us more about your involvement?
Niamh: Throughout my career, I have been very fortunate to have people who sponsored me, really opened doors for me, and put their own careers on the line for me. One of those people was Vanessa Peguero, and that is where I think I really built this sense of sisterhood. She supported me, mentored me, managed me, and sponsored me. When I look at all the mentoring and sponsorship I received over the years, and now at being able to give some of that back, that is really what the sisterhood is about. It is about showing up for people and giving guidance and mentoring advice day to day. Being part of the documentary was important to me because it allowed me to amplify my voice about the opportunities in the industry, and the film also shows the support that is there for women when they ask for help. It is quite uplifting when you watch it.
Bryon: I love that story. It is great to hear how Vanessa’s impact on you shaped the way you keep paying that forward. While we are on this topic, help educate us a bit. This is not an issue that has been solved in terms of opportunity for women in leadership and in technology. What are some structural barriers that still exist for women in security leadership, and what helped you handle those challenges?
Niamh: I think people still have a stereotypical picture of what a CISO is, what that person should look like, how they should behave, and how they should show up. One thing the documentary shows well is that this is not the case. Part of the work is helping people bring their unconscious bias into conscious thought, especially around what a successful CISO or risk leader looks like. And that work happens day by day. We can talk about it at a global level, but we have to act locally, and that starts with each person and how they show up with their team every day. One practical piece of advice I would give anybody is this: in every meeting you go to, make sure every person’s voice is heard and that everyone is at the table. If people do not speak up, ask them what they would like to share. It starts from the top and from the ground up as well.
Bryon: I appreciate that. I think about it very practically in terms of how all of us can show up, and how I as a man working in security and technology can show up for colleagues who may be facing barriers that I am aware of or unaware of. What you said makes me think about advocacy and inquiry. Inquiry means asking for input from colleagues around the table who may not be heard. Often that can have a real impact. And then there is advocacy, which is speaking up about the things we do see. I appreciate the practical points. Is there anything else that comes to mind as you think about being an ally or an advocate in this industry?
Niamh: The other piece is that women are often the ones taking notes, doing the project management work, the task management roles, the less technical roles, or more of the GRC work. In other organizations where I have been a CSO, I always had a target around diversity. Fifty-fifty diversity within teams matters, and diversity is not only about gender. It can also be about the background you come from, whether that is financial services, technology, or something else, because having diverse teams is critical to getting a full picture, particularly in cyber. We know from incident management that having a diverse team really helps you make the right informed decisions at the right time, and it also improves your lessons learned.
Bryon: I hear that through the lens of team success metrics. It shapes how we hire, how we staff, and how we build the organization so we bring in different perspectives as we make decisions. Different people will have different views on how our leadership affects customers, employees, and others. I appreciate the wisdom there.
Niamh: You know, from an innovation point of view, ninety percent of venture capital money goes to men, so only ten percent goes to women. Any cybersecurity founder or startup founder who comes to me who is a woman, I go out of my way to meet with her. I go out of my way to connect her with the right people who might be able to do a proof of concept with her. Kudos to those women who never give up. There is an amazing founder I have known for maybe six to eight years, and it has been wonderful to watch her build her company and move it forward. So a shout-out to her as well.
Bryon: Love that. Shout-out to her and to other women who are leading in this space. I appreciate you bringing the venture capital point into the conversation. I would like to shift gears a bit and think more broadly about companies that look at security not only as a security system inside an organization, but as something that also helps build a trusted brand.
Niamh: Yeah.
Bryon: I know you mentor founders in the security and technology space. What do most security startups misunderstand about this idea of trust?
Niamh: In my cyber innovation role, I worked with strategic partners and investment teams, and at one stage I was speaking with anywhere from twenty to sixty startup companies in the fintech space in a month. I came up with a formula, and it has actually been quite successful.
Bryon: I would like to hear it.
Niamh: It is the passion of the founder. Are they drinking their own champagne? That is how I sum it up. I can tell very quickly if they do not have anyone dedicated to information security, then they are not really building that trust brand. If they are not backing their own program, then how are they going to sell their product, especially if it is a security startup selling to security professionals, if they are not drinking their own champagne?
Bryon: Yeah, that is a strong point for founders or aspiring founders listening. This idea of trust is essential. I like that phrase. I had not heard it before. In that same vein, what do you think separates a technically secure product from a trusted brand?
Niamh: Yeah, it is a great question. From my experience, it comes down to where the CISO sits in the organization. Does that role have a direct voice? Is security seen as a business value that helps the business move forward? Is it measured that way? Is security part of customer success or customer support measurement criteria? Does it affect the sales cycle, and how is it measured? Are you building a body of customer feedback and client feedback, and then using that?
Bryon: That is fantastic insight. I think a lot of the time, if security is viewed at all, it is through the lens of product security and risk reduction. But you make a strong point about building these ideas into customer feedback and other business processes so trust becomes stronger. As we start to wrap up, and as you think about your career as a whole, you talked earlier about wanting to give back to others and mentoring women who are looking at a career in cybersecurity. When you think about the impact you want to leave, or the legacy you want to have in cybersecurity, what comes to mind?
Niamh: My son came home from school, and I was telling him I was doing this podcast with you today. He said, “Would it not be that you left cybersecurity better than when you joined it, and left the industry in a better place than when you joined it?” So I think that is probably it.
Bryon: Wise young man. Good input from your son. I like that.
Niamh: Yeah. Is he going to follow me into cybersecurity? I do not think so.
Bryon: No, there is still time. It will be interesting to see. Just like your own path, you did not know where you would be twenty years later. It will be fun to look back on that for him as well, I am sure. Niamh, we may have younger listeners on the podcast, or people who are considering a career in the field and are not in security yet. What advice would you give to a young woman who is listening and entering the field?
Niamh: Follow your passion and take the opportunities. When I got into this field, I did not know there would be all these regulations. I did not know cloud computing would take off. When people gave me opportunities to be involved in a project, or to be part of work that was not directly related to cybersecurity, I always took it because it helped me build my network and get to know people. A lot of good opportunities came from that. I also had so much fun along the way, and I made so many great friends, including yourself. So my advice is to follow your passion and do not let anyone take you off course.
Bryon: There have been moments in my own path where I have been trying to break into a new space professionally, so it is encouraging to hear someone like you, who has had those hard-fought wins and seen that effort pay off. That is not to say things are easy. I am sure we could do another full episode on the day-to-day challenges you face. But it is validating to hear you bring it back to this point: do not forget who you are, do not forget what you care about, and keep going after those things. Niamh, thank you for your time today. I appreciate you taking the time. I know you and I are on different time zones, and I appreciate you using part of your evening to share your perspective and experience with us today. For those who are interested and listening, we will share a link to your LinkedIn profile if people want to learn more about your background. I would also encourage listeners to check out the documentary Women in Security. You can search for it online and find more information there. And thanks to everyone listening to Smart Cookies. If you enjoyed our conversation with Niamh, we will keep bringing you leadership perspectives from other areas too. Several other people came up in our conversation today, including Vanessa Peguero and other leaders doing strong work in this space. For those listening, until next time, thanks for listening, and a huge thank-you again, Niamh, for your time.