Governing Body Spotlight

Co-Chair of the San Francisco CISO Community

Cassie Crossley

VP, Supply Chain Security

Schneider Electric North America

Cassie is an experienced cybersecurity technology executive in Information Technology and Product Development and author of "Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware."

She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. 

Cassie's fun fact is that she attends Star Wars events dressed as Mandalorian princess Bo-Katan Kryze.

Learn more about the San Francisco CISO community here.

Give us a brief overview of the path that led to your current role.

I started as a software developer many years ago and transitioned into various project management roles, creating applications for customers and internal users. Originally on a path toward a CIO role, I began leading program management offices and large technology transformation programs. 

I shifted into cyber program management and governance, and that eventually brought me back into R&D as a product security officer, leading over 12,000 R&D staff toward secure development practices. My work with third-party suppliers triggered the need to write a comprehensive, practical book on how to secure the end-to-end software, firmware, and hardware supply chains.

What is one of your guiding leadership principles?

My main, guiding leadership principle is to 'start with the end in mind.' The approach, path, and journey can be done in so many ways, but if there is agreement or understanding of the end result, the method for achieving that result can be up to the team. This provides everyone the opportunity to participate in the planning and provide significant contributions toward the end goal.

What is the greatest challenge CISOs face today, and how are you addressing it?

Specifically with product and supply chain security, there are an infinite number of factors that can create risk to an organization and impact the outcomes. To address these risks, it is important to identify criteria for risk stratification, prioritize the risks, and manage the risks. This means critical suppliers may not always be identified by the highest budget spend, but by the services they provide, the data they hold, or the impact to business operations if not available.

What is the key to success for someone just starting out as a CISO?

Continuously learn new topics by listening to podcasts, reading materials, asking questions, but most importantly, always challenging yourself. If the role isn't overwhelming with something new every day, then it is not providing opportunities to grow.

How do you measure success as a leader?

I consider my leadership successful when my team members support anyone in the organization in accomplishing a goal, even if it's not their personal or team goal. If I hear "it's not my job," then I would consider that a leadership failure.

What is the value of being a member of the Evanta community?

The Evanta community has provided me with so many peer connections over the years, that when I have questions or want to learn more about something, I know who I can reach out to about the subject. Being a Governing Body Member allows me to see the key topics my peers are interested in, but also provides a place to elevate the topics that are important to me.

Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.