Ashley Devoto: Developing the Next Generation of Cyber Leaders with Authenticity & Passion

The Most Influential CISOs of the Year 2023

For cybersecurity leader, Ashley Devoto, the path to leadership as President and CISO of Cerberus Sentinel (now rebranding to CISO Global) has been shaped by her continuous determination to move the field of cybersecurity forward. Through her unique military and consulting pedigree, she has gained an uncommon insight into the challenges that organizations face with their cybersecurity programs across people, processes, and technologies.

“I distinctly remember my early years as an Air Force cyberspace operations officer, and how privileged I felt to get to fight on the front lines of the cyber war with colleagues who made every day stimulating and fun – despite the criticality of the mission,” she recalls.

Ashley has been very intentional about capturing that magic from her experience as a cyberspace operations officer and parlaying that into a long-term career; and she looks back with gratitude for her 17+ years of military experience across her active duty and Reserve capacities for that strong foundation.

Since that time, she has gone on to work closely with organizations of every size and across almost every industry to help them design, build, and operate their cybersecurity programs.

With a deep appreciation of the “warrior ethos”, and recognition that the cyber domain is where tomorrow’s war will be fought, Ashley’s goal has always been to organize, train, and equip a lethal force of offensive and defensive cyber operators to project power in this domain.

Acquiring leadership training as a military officer

As an ROTC (Reserve Officers’ Training Corps) college scholarship recipient, a significant part of Ashley’s curriculum was leadership training in preparation for her commission as an officer upon graduation.

Leadership principles and skills were a key component of her military education, which ingrained a strong foundation of leadership through formative years and her experience as an active duty officer, and served her well as she pivoted into a private sector career.

Ashley notes that one of the most impactful aspects of military service is that junior officers become cross-functional at a very early age and get experience formally overseeing and developing others.

Thanks, in part, to a diverse range of roles and responsibilities, military officers often achieve the kind of breadth and big-picture perspective that is key to being an effective leader — and they do so relatively early in their careers.

Regarding her cybersecurity specialization, Ashley credits the Air Force to credit with that as well, as cybersecurity was a burgeoning domain when she was assigned to the unit that conducted the cyber defense mission for the Air Force.

As cyberattacks on infrastructure services grow in scope and severity, cybersecurity is fast becoming one of the most crucial businesses to protect democratic principles, and demand for cybersecurity personnel is growing globally.

As a result, there is not only a severe talent shortage but also a far larger and more problematic gap: a lack of diversity in cybersecurity. The proportion of underrepresented groups in the business is declining, and women make up only 24% of the cybersecurity workforce.

Passionately shaping the future of the cybersecurity industry

Even prior to joining the military, as a computer engineering student at Vanderbilt, and later at Southern Methodist University where she did her graduate work, Ashley clearly saw the future the world was facing – a global economy dependent on technology.

It was apparent to her that technology would fuel and direct both our society and economy. Her career as a cybersecurity practitioner has been – and continues to be – stimulating and fulfilling. Each day presents new threats, new tactics, and new problems to solve.

Ashley remarks that those who have seen, first-hand, the clear and present danger from cyber threats, and understand the trends, know that they’re in this for the long haul. They are passionate and highly motivated to lead, educate, and equip the cybersecurity workforce and shape the future of this industry.

Prior to joining Cerberus Sentinel, Ashley spent several years in other private sector roles, including serving as CISO at Booz Allen Hamilton, BISO at Bank of America, and at several consultancies.

Although the “road warrior” lifestyle was demanding due to intense travel schedules and the demands of client work, Ashley appreciates the invaluable perspective she acquired, from working to solve cybersecurity problems, across heterogeneous environments, diverse industries, companies, and programs, and she wouldn’t trade that experience for anything.

Ashley observes that it is possible to see commonalities, trends, and outcomes of certain decisions (or lack thereof), and that breadth of perspective has really shaped and enriched her understanding as a cybersecurity leader and practitioner.

It also grounded her world view and taught her that there are universal, shared challenges, and that we’re all in this together. Ashley points out that, whether military or private sector, no one has really “solved” cybersecurity, because it’s not a singular problem to be addressed.

“It’s a journey, and I’ve learned that most organizations are still at the point where they’re working to implement and operationalize the fundamentals. It’s really become a mantra of sorts, excelling at the basics, because it’s a perspective rooted in years of firsthand experience and observation and tethered to real-world data,” she declares.

Walking the walk with a “warrior ethos”

Ashley joined Cerberus Sentinel because of its laser focus on bringing together the best and brightest cybersecurity talent, with a “warrior ethos”, and empowering them to solve hard problems. The company’s motto, ‘Cybersecurity is a culture, not a product™’, reflects her own experience that this is not an individual’s game, but a paradigm shift that institutionalizes cyber vigilance.

When Ashley was asked to take on both the President and CISO roles, she saw that as clear and compelling evidence of the company’s commitment to this shared value. Cerberus was industry-leading in elevating the CISO to the President role, and empowering the senior-most cybersecurity practitioner to impact the way they managed and operated their own business and delivered excellence to their clients.

“In short, we are ‘walking the walk,’ not just ‘talking the talk!” she proclaims.

Ashley notes that Cerberus was designed from inception, to bring talented cybersecurity practitioners together. Their cybersecurity experts span not only geographies, but also specialties, industries, regulatory frameworks, and focus areas.

Cerberus has joined together the best thought leaders, technologists, and consultants across the globe. With the cybersecurity workforce gap growing year-over-year, it provides the expertise to demystify and accelerate their clients’ journey to cyber resiliency.

Everything flows from strategic intent.

Ashley’s consulting and military pedigree has given her unique insight into the challenges that organizations face with their cybersecurity programs, across people, processes, and technology.

By bringing that insight to Cerberus, she ensures that they maximize their value proposition to their clients through their capabilities and solutions. Ashley has issued a ‘call to action’ for their teams to be bold and tenacious in identifying ways to simplify and accelerate their clients’ journeys to cyber resilience.

She and her team work with clients to integrate and optimize their technology stack and prioritize cyber hygiene more effectively. As an industry, it is common to see a “more is more” approach driven largely by vendor saturation, but these key areas of focus are what help organizations make the most rapid and meaningful progress.

One of Ashley’s first initiatives after joining Cerberus, was to define their corporate vision, mission, and core values – or strategic intent. She notes that it’s important for any organization to have a clear sense of purpose, and that it’s especially important for an organization such as Cerberus and their unique model.

Ashley affirms that, as they continue on their rapid growth trajectory and bring more and more entities into the Cerberus portfolio, it’s critical that the company maintain’s its identity and culture to unify them as a cohesive team. Her goal is for Cerberus to have that clear North Star to give them focus and unity of effort.

“The strategic intent will be the bedrock of our culture. It will drive our hiring. It will drive our go-to-market strategy. It will drive our inorganic growth strategy and pipeline. It will drive our services portfolio. Everything flows from strategic intent,” she asserts.

A relentless focus on the fundamentals of cyber hygiene

Devoto points out that the cybersecurity industry has reached a saturation point with vendors, products, and point solutions promising to be the latest silver bullet.

As a technologist and computer engineer, herself, Ashley confesses that she does “geek out on innovation as much as the next techie, as there are some truly innovative and game-changing tools emerging – specifically around anti-ransomware mitigations.”

While she is excited to see if and how that changes the asymmetric war they are fighting in the cyber domain, she also never loses sight of the reality that a relentless focus on the fundamentals of cyber hygiene is always going to trump a single product or tool, in an organization’s overall cyber resilience posture.

Directional shift in the cybersecurity industry

Ashley sees the industry coalescing around the idea that vendor fatigue is real, and that people have to move beyond a ‘more is more’ approach to the cybersecurity technology stack. She is also seeing acknowledgement that the way to truly move the needle is by simplifying the vendor/partner ecosystem, improving processes, and maximizing the technology stack through integrations.

As part of this shift, security leaders are also seeing that, with the ongoing cybersecurity talent gap, doing everything internally is not feasible. Organizations have become more and more willing to embrace a hybrid model, and pair their internal specialists with external experts, to make more rapid progress on their security posture.

Bringing authenticity to her role as a cybersecurity leader

Ashley remarks that, in her dual role, she gets to ensure alignment between Cerberus’s internal cybersecurity journey and the portfolio of services and solutions that they deliver. A believer in leading by example, she likes being able to tell people that they are implementing the same best practices and consuming their own services.

In her purview as CISO, Ashley has a deep understanding of the cyber threat landscape and what it takes to mitigate threats successfully, day-in and day-out, to reduce risk to the business. When she tells clients to make business decisions with cybersecurity at the center of their thinking, they know that she’s doing the same calculus to weigh the same tradeoffs in her own organization.

“My team knows that I want to be ‘Client Zero,’ so that I get firsthand insight on the customer experience,” she declares. “In one word – I bring authenticity; I empathize deeply with the challenges our clients face, because we are shoulder-to-shoulder in the trenches of this cyber fight.”

On a daily basis, Ashley meets with clients to help them on their journeys, leading teams that oversee technology and integration rollouts, supporting excellence in service delivery, and planning secure growth for the organization. Everything from internal operations to client services crosses her plate, and she works to continuously fuel that unity of vision around creating a culture of cybersecurity.

Ashley’s plans for Cerberus are aligned to their company vision. In fact, as she notes, that was one of her early contributions to the organization, helping them define and articulate that vision: to boldly drive cybersecurity forward, relentless in the pursuit of excellence for their clients and their talent.

“The future of Cerberus Sentinel is bright, and I’m excited about the opportunity to take us there,” Ashley proclaims.

She is committed to positioning Cerberus as the place that smart, talented people want to work, and want to stay, because they feel empowered and equipped to solve hard problems. The company will also continue to lean in with their clients to be their trusted partner on their cybersecurity journeys, by bringing insights, expertise, and quality.

Developing the next generation of cyber leaders

Ashley feels that her greatest achievement, so far, is not just one moment, but the culmination of experiences over the last 17+ years as a pioneer in the cybersecurity industry.

“I am proud to have been part of the initial cadre of cyber operators in the military who, together, have largely shaped where both the military and the industry have gone in the cybersecurity domain,” she affirms.

Reflecting on where they started 15 years ago, as a small group of specialists who were considered a “support function”, to seeing the formation and establishment of U.S. Cyber Command, Ashley reflects that it is a testament to what they built, and that she was privileged to be on the ‘ground floor’ of designing and building the framework for the Cyber Mission Force who would be tasked with fighting this cyber war.

Seeing the project that she was working on as junior officers in the Air Force, grow into something so formidable, is a moment of pride not just for her, but also for the industry’s progress.

That said, Ashley notes that becoming a CISO was a major professional milestone, and the culmination of years of serving as practioner, a trusted business advisor, and strategic partner with CISOs. In conjunction with being named CISO, the empowerment and opportunity to design and lead a full-scale transformation of the cybersecurity program, made the role even more fulfilling.

Ashley is also proud to see her team continue to grow, excel, and achieve their professional goals, and to share in their successes – whether that means progressing on their continuous learning journey to sharpen their cybersecurity skills, or getting their next well-deserved promotion.

“I could not do what I do without my team, and ultimately I want to pay it forward by investing in, and developing, the next generation of cyber leaders,” she declares.

The “safest” choices are not always the best.

Ashley points out that the way she has defined success has been different throughout her life and throughout her career, and that how she defined success at age 25 was very different from how she saw it at age 35 – and it will likely continue to evolve. But ultimately, achieving success is about doing the work she loves, with people who inspire her, and she feels fortunate to have been able to do just that.

Ashley observes that she has worked with some amazingly talented people during her career, and that she loves learning from others, the dynamics of teamwork, and the creative give and take. She also feels that success is when her team is unified and mobilized around a common vision, working as a collective to make a meaningful impact.

Ashley notes that one doesn’t become a leader without navigating and overcoming challenges, and that an important lesson she learned early, upon entering the private sector after leaving active duty, was how to overcome the fear of the unknown.

“I took a role at ExxonMobil as a business analyst – something very different from my operational experience in the military. Although I had several college internships in corporate America, the transition was a big adjustment. But I learned a lot during my time there to complement my technical skills and experience,” she recalls.

Although she sees that experience as more of a “detour” than a “roadblock,” Ashley took it as a lesson to embrace opportunities and to step outside her comfort zone, as that’s where the real growth and development happens.

Having taken that lesson to heart during the course of her career, it continues to serve her well, whether it has been changing companies or changing roles, because sometimes what feels like the “safest” choice is not necessarily what is going to be the most rewarding choice long-term.

The key to work/life balance is to build your second team.

Ashley observes that work/life balance is an ongoing struggle in corporate America. In cybersecurity, in particular, the concept of work/life balance feels increasingly elusive, as the 24×7 mission exacerbates the struggle of setting boundaries, with little differentiation between their personal and professional lives.

In her experience, few cybersecurity practitioners have been successful in truly achieving balance, because of the expectation to be “always on” and always accessible. That said, setting boundaries, prioritizing mental health, and striving for better work/life balance is something that she is mindful of and takes seriously.

As the CISO at Cerberus, Ashley still works long, highly focused hours, but is trying to set aside time in the evenings to recalibrate. She also made some life changes – including a cross-country relocation to be closer to her family. From a strategy standpoint, though, she insists that the critical success factor is to build your second team.

“We all have a limit when it comes to scale, and having a team of people you can rely on is essential to longevity. Prioritize finding and developing your ‘crew’ to help load balance!” she recommends.

Embrace the mindset of ‘doing the common uncommonly well.’

In her parting advice to aspiring information security leaders, Ashley suggests that keeping their focus on unifying teams around excellence, and on the day-to-day business of implementing effective cyber hygiene, will turn the dial for them more than overinvesting in the latest products or point solutions. To that end, she recommends that they embrace the mindset of ‘doing the common uncommonly well.’ It can be tempting to get heads-down in responsive security, putting out fires, and just trying to manage through the fluidity of the compliance landscape.

Ashley also encourages aspiring technology leaders to seek talent with diverse skillsets and experiences, because cybersecurity is a “big tent;” there is a compelling need to debunk the myth that cybersecurity practitioners can only be successful with a technical degree or a programming background.  Throughout her career, Ashley reflects that she has worked with highly talented cyber operators who came from very diverse non-technical backgrounds – several of whom have gone on to be CISOs themselves.  The diverse paths to CISO underscores the reality that there is no “one size fits all” path for a career in cybersecurity; what matters most is an analytical mind and intellectual curiosity.

“When building cybersecurity organizations, we need all hands on deck, and I encourage leaders to embrace the hybrid model (of buy/build and/or in-source/out-source) to accelerate ‘speed to effectiveness’ for your program and to bring in the right partners to turbocharge your mission,” she urges.

“Embrace the mindset of ‘doing the common uncommonly well.”