Holly Drake, Chief Information Security Officer for the State of Ohio, didn’t take a traditional career path. She began her career at Nationwide Insurance, working in the privacy team. There, she spent 14 years of her career and had the opportunity to tackle new responsibilities and projects — like cyber regulations.
“There were a lot of regulations coming out, affecting Nationwide and other financial institutions at that time,” Drake reflects.
As the cyber regulations grew, they also became more specific. Drake worked to keep the organization up to date on these compliance requirements, solidifying her experience and expertise in the area and eventually becoming the Director of Cybersecurity and Privacy Assurance. She remained in this role with Nationwide for nearly six years before accepting a role with State Auto Insurance as the Director of Privacy and Personal Lines Compliance.
With most of her career spent with Nationwide, Drake acknowledges that leaving was not an easy decision. “It was very hard to leave Nationwide, but it ended up being a good path for me to go because I got to push my expertise and experience,” she says.
Then, a dream opportunity came across her path.
“A position for the first Chief Privacy Officer at Ohio State University, was posted,” Drake recalls. “And I thought, ‘Wow, that’s my dream job, to go back to my alma mater and help them navigate privacy with all of the different constituents that come across campus.’ You have students, faculty, staff, patients, visitors, learners — it’s just a really dynamic environment.”
Drake applied for the job, which she referred to as “one of the hardest positions to earn” in her career. Nevertheless, she was offered the job, and she spent four years there before being offered another remarkable opportunity.
“My first boss and mentor at Nationwide had been tapped by Ohio Governor Mike DeWine to bring together all of the cyber activities that the state was driving and lead them from a central function,” Drake says. “And he asked me to join him and bring my experience and expertise to the state level.”
Be open to joining this profession, even if you may think that you don’t have the ‘right’ background.
Once again, Drake was confronted with a challenging career decision.
“I loved my job at Ohio State University,” Drake states. “But in the end, this opportunity to go think about cybersecurity so broadly — in a way that would affect so many Ohioans — was just really enticing and exciting.”
Unique Educational Background
Drake’s career path isn’t the only unique aspect of her journey — her educational background also sets her apart. Drake first pursued a Bachelor’s of Arts in Russian Language and Literature from Ohio State University, citing an interest in relations between the United States and the Soviet Union (now Russia).
Drake reflects on how this unique educational background has influenced her career in cybersecurity, stating, “I adore seeing humanities majors in cybersecurity. I think they bring experience in being able to empathize with others.” Drake elaborates further, explaining, “A lot of cybersecurity is about persuading people to do something, such as persuading someone not to share their password or persuading them to follow a secure process. Humanities majors have a skill of flexing their style to connect with others.”
Drake also earned a master’s in social work, which she believes is another asset to her cybersecurity career.
“The social workers you see working in your community might be driving change within one person they’re doing therapy with, or it could be a whole group,” Drake says. “They drive change in a community or in society.”
By applying this skillset to cybersecurity, Drake is able to identify the ways that she can help drive cyber change within her community
“I can buy every tool recommended. But if I can’t persuade someone to follow the process, use the tool, or respond to the alert, then the tool doesn’t matter,” Drake points out. “Cybersecurity is really about the person — getting them to change their methods or their perspective so they can drive better cybersecurity across the organization.”
For those looking to start or grow their career in cybersecurity, Drake encourages them to take risks, be comfortable with being uncomfortable, and not sell themselves short if their educational or professional background isn’t directly linked to cybersecurity.
“Cybersecurity welcomes a broad array of skills,” Drake asserts. “Be open to joining this profession, even if you may think that you don’t have the ‘right’ background. It’s a broad profession. Lots of skillsets are needed for cybersecurity to be successful — so bring your skills.”
