Welcome to Dark Reading’s Heard It From a CISO video series, showcasing advice on breaking into and advancing within the cybersecurity field from those who have been there.
In this latest installment, Dark Reading associate editor Kristina Beek interviews Patricia Voight, CISO at Webster Bank.
With decades of experience spanning telecommunications, financial services, and emerging technologies, Voight has carved out a career defined by passion, adaptability, and a relentless drive to combat financial crimes. In this interview, she shares her journey, offering her insights into the challenges and opportunities that define this evolving industry.
Voight’s path to becoming a CISO is anything but conventional. Starting in telecommunications during an era when hacking long-distance services was a major threat, she quickly recognized the critical need for robust security solutions. Her career evolved as she transitioned into financial services, drawn by the complexity and intensity of protecting institutions that are prime targets for cyberattacks. For Voight, the allure of cybersecurity lies in its dynamic nature — an industry where innovation is constant and the stakes are high.
As the CISO of Webster Bank, a regional financial institution headquartered in Stamford, Connecticut, Voight oversees a security landscape that spans multiple states and entities, including HSA Bank in Wisconsin. Her role demands not only technical expertise but also a deep understanding of the business she protects. Voight emphasizes the importance of knowing where the “crown jewels” are — understanding how institutions make money and aligning security strategies to support growth. Beyond her technical acumen, she champions diversity and mentorship, running internship programs that prioritize neurodivergent individuals and foster the next generation of cybersecurity talent.
For those considering a career in cybersecurity, Voight’s advice is both practical and inspiring: follow your passion and embrace the industry’s constant evolution. Whether you’re starting in security operations or exploring niche areas like architecture and engineering, the key is to stay curious and committed to learning. As artificial intelligence and automation reshape the field, Voight remains optimistic, assuring that human expertise will always be essential, encouraging aspiring professionals to dive into a field brimming with opportunity, innovation, and the chance to make a meaningful impact.
Also, check out our other installments in this series: “Think Like an Attacker: Cybersecurity Tips From a CISO” with Etay Maor, CISO at Cato Networks; “Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity” with Bruce Jenkins, chief information security officer at BlackDuck, Jeff Liford, associate director at Fenix24, and Frankie Sclafani, director of Cybersecurity Enablement at Deepwatch; “From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership” with Myke Lyons, CISO at Cribl; “Fastly CISO: Using Major Incidents as Career Catalysts” with Marshall Erwin, CISO at Fastly; “From FBI to CISO: Unconventional Paths to Cybersecurity Success” with Kaseya CISO Jason Manar; “Cyber Career Opportunities: Weighing Certifications vs. Degrees” with longtime CISO Melina Scotto; and “Male-Dominated Cyber Industry Still Holds Space for Women With Resilience” with Weave Communications CISO Jessica Sica.
Heard it From a CISO: Full Transcript
This transcript has been edited for clarity.
Kristina Beek: Hi, everyone. I’m Kristina Beek. I’m an associate editor with Dark Reading, and I’m here with another episode of Heard It from a CISO, joined by Patricia Voight, CISO at Webster Bank. Thank you so much for being with us, Patricia.
Patricia Voight: Thank you for having me. Greatly appreciated.
KB: Awesome. So we do these episodes basically to just get advice from CISOs to people currently interested in going into the field, or maybe advice you have for other CISOs. So let’s just start with where you are now. Can you introduce yourself and tell us about the work you do with Webster Bank?
PV: I’m Patricia Voight. I am the Chief Information Security Officer for Webster Financial as well as Webster Bank, Webster Financial being the holding company, Webster Bank being one of the major entities under that.
KB: Okay.
PV: We are a regional bank based in Stamford, Connecticut. We cover everything from Boston down to the New York, New Jersey area. We also own HSA Bank, which is in Wisconsin, along with other entities.
KB: Awesome. So I saw that you have an MBA and a bachelor’s in computer science. What does the beginning of this journey in cybersecurity look like for you? Why did you choose to study what you did?
PV: Correct. If you go all the way back for me, I’ve had security along my entire career in various areas. The interesting thing about cybersecurity, especially in financial services, is that it’s always evolving and changing. I would really say it’s cybersecurity, but in the broader sense, it’s financial crimes. Historically, the most intense areas around financial crimes are the banks because they’re processing funds. I started my initial career in the telecommunications industry.
KB: Thanks.
PV: Back then, being able to hack in and acquire long-distance capabilities was critical. When it moved into cellular communications, people wanted free services and were attacking the telecommunications industry. I migrated from that into developing security solutions for the telecommunications industry, working with startups, and then moved into risk management and security oversight across the security spectrum. Financial institutions are some of the biggest supporters of investing in and purchasing niche startup security solutions. That’s how I gravitated toward working in financial services, wanting to understand the business, how money is made, and how I could provide support in the broader financial crimes industry. I find it fascinating and it’s an area of passion.
KB: Yeah.
PV: I recommend this as a great area to get into. If you’re the kind of person who gravitates toward reading these stories and finds them interesting, then this is a great industry to be in. It will take you through your entire career because it will always be evolving and changing. A lot of the information is publicly available, including how situations are resolved. It’s just pure fun.
KB: Yeah, that’s awesome. Obviously, now you’re a CISO, but nobody starts out as a CISO. Would you say it’s something you aspired to, or did you aspire to have any kind of leadership position in cybersecurity? What did that look like for you?
PV: I aspired to work in an area I was passionate about. I started my career developing security solutions. I enjoy the startup environment and working in high-performing teams in fast-paced industries. For me, it was about building cutting-edge, emerging tech solutions for business areas and deploying them globally. I worked with large global institutions, providing security services and solutions they didn’t already have. I still find the development area interesting and enjoy working with emerging technologies and startups, partnering with them to evolve and leverage their solutions across the financial services industry.
KB: I once asked Jessica Sica in a Heard It from a CISO episode what would be the best industry within cybersecurity to go into. I’m curious about your answer to that. Would you say financial services is a good place for someone to start since it’s so highly targeted and intense in terms of the attacks you’re getting?
PV: Financial services is a bit of a higher bar due to the regulatory environment and oversight, which sets higher standards and requirements. There’s more money in financial services to spend on cutting-edge technology solutions and partnerships. It’s a nice area to get involved in, especially when starting out. You have access to a lot of information, new technology solutions, and technical experts from diverse backgrounds. Financial services also has a large community for information sharing. However, other industries also need support and help. The information and skills you gain can be leveraged across industries. It’s important to build partnerships and relationships across industries to stay on the cutting edge of information. Healthcare, for example, has privacy concerns similar to financial services. It depends on your interests and passions. You also need to learn the business you’re protecting, understand what’s important, where the crown jewels are, and how institutions make money to support security and business growth.
KB: Awesome. In terms of building relationships, I understand that you run a mentoring internship program. I was wondering if you could tell us about that. I know you prioritize hiring neurodivergent individuals as well. I’d love to hear more about that.
PV: We have programs at Webster Bank where we partner with universities and academic institutions to bring on summer interns and others for rotational programs. These programs don’t necessarily lead to direct hiring, but we do create job opportunities for college graduates to apply for roles. This helps build future growth, not just for senior roles but also for new roles over time. It’s important to have diverse backgrounds across teams because different perspectives and experiences are crucial in security situations. High-performing teams are incredibly rewarding to work with. I’ve had the fortune of working with great leaders and teams in the past, and I gravitate toward those situations because they offer so much learning and growth.
We also have programs to onboard neurodivergent individuals through partnerships in the community. I’ve worked with other institutions, like EY, which have been successful in these areas. I wanted to bring that success to Webster Bank. We’re involved in helping communities grow and supporting different avenues for growth. Cybersecurity is fascinating and offers many paths of entry. You don’t necessarily need a specific academic program to get involved. The biggest piece is having a passion for it. The more you love learning about this industry, the better it will be for you in the long run. It’s something you do because you love it.
Kristina Beek: Yeah.
Patricia Voight: Makes it a whole lot more enjoyable and easier to be the best that you can be in that industry.
KB: Yeah, so true. That’s awesome. What would you say about people entering this field? How do they know that cybersecurity is what they’re interested in, in particular? Because, in my head, the way I see it is we have this overarching technology of it all, and then there are so many different avenues that people can pursue. So how is it cybersecurity that they know this is what they want to do?
PV: I think it’s about gravitating towards the aspects you enjoy doing, where you can make a significant contribution, where you feel the value of your skill sets, and where you enjoy the work you’re doing on a daily basis.
KB: Yeah.
PV: There are different paths you can go into. Typically, the security operations area and the analyst role are great starting points. From there, you can pivot around, learn about different topics, and figure out what personally interests you and what you find fascinating.
KB: OK.
PV: It’s a personal decision about what you enjoy and how you enjoy working. It’s not always a direct path. People often think there’s a very direct path in careers, but when you talk to those who have been in the industry for a long time, you’ll find it wasn’t necessarily always direct.
KB: Yeah.
PV: Sometimes, it’s the people and teams you work with that make the job exciting. You want to be doing something new and exciting, something you can embrace and contribute to. Keep an open mind to all the different paths. There isn’t one direct path, and not everyone will become a Chief Information Security Officer (CISO). Being a CISO may not be the role everyone imagines it to be when considering the responsibilities involved.
Whether or not you want to take on those responsibilities, you can still have a great career and be incredibly successful in many areas by focusing on what you’re passionate about and enjoy investing in. You can make an incredible contribution to your organization by doing what you love. You can still be successful and earn a good salary.
You can work in security operations, architecture, and engineering and still achieve the salaries you’re aiming for. It’s about enjoying what you’re doing and being the best you can be. The industry is constantly evolving, so it’s important to stay up to date on the cutting edge.
KB: Yeah.
PV: That can only be done by being passionate about what you do.
KB: For my last questions, what would you say about this industry in terms of its growth? Is it an industry that is growing? You’re talking about how it’s evolving a lot, but many people are concerned with the rise of AI. Is there going to be a job for me? Is there going to be an entry-level role for me at any company? What would you say to those concerns?
PV: I would say yes. Roles will continue to evolve, but there will always need to be a human-in-the-loop element, especially around AI. What you’ll see happen is that jobs will become more interesting.
KB: OK. Awesome.
PV: They will leverage the expertise, knowledge, and subject matter expertise you bring to the role, and there will be less focus on mundane tasks that can be automated and done faster.
Some of those mundane jobs aren’t the most interesting aspects of a career. They’re a step on the journey, but there will still be steps on that journey. Oversight will always be necessary as AI is rolled out. This won’t eliminate roles; they will just evolve in different directions as the industry progresses.
KB: Yeah.
PV: This evolution would happen regardless because the industry is always changing. Looking forward to the future is exciting because it brings new opportunities and challenges, which can be exciting for everyone. There will be new opportunities for growth.
The future is bright for careers in cybersecurity. This industry will continue to exist, and there will still be people working in cybersecurity as we move forward. It will evolve, with more focus on privacy and trust.
As I look to the future, especially next year, I see a lot of focus on AI and automation. However, as I tell my organization, nobody has to worry about their role. You’ll likely enjoy your jobs more. Most of us are passionate about doing cutting-edge work and being the best we can be while leveraging technology to improve.
KB: Yeah.
PV: The future is bright, and I encourage everyone who is passionate about cybersecurity or financial crimes to pursue it. It’s clearly a growth industry with many paths to take. There isn’t just one path to enjoy a successful career.
KB: Awesome. Thank you so much for sharing all your insights. That was so great. I think we ended on a high note for anyone watching, knowing they definitely have a job in cybersecurity if they want one. Thank you so much.
PV: Absolutely. Thank you so much, Kristina. I greatly appreciate it.
