b'Story Behind the Story: Interview with Susan KoskiD F: How did you grow in the company? D How did you look for your next job? F: SUSAN: In cybersecurity,SUSAN:The company allowed me to learn by expanding the capabilities ofyou never haveThrough my network, I began exploring opportunities for a the processes, people and technology. The key items were continuallarger role. A colleague on the Board of Directors at Synovus, improvement in the maturity of functions. The culture allowedthe same daya regional bank, indicated they were seeking a Chief expanding our capabilities but also encouraged questioning whytwice. Information Security Officer (CISO). She introduced me and how to do things differently to achieve the best solution. Theseto the person who would be my new boss. Without that opportunities gave me the levers to be seen as a key leader whoconnection, I never would have had the opportunity. expanded capabilities and got things done. As I was interviewed, the Chief Operating Officer and his Then when the merger happened, my bosss boss came to me and said, We want you to work on thestaff really impressed me. The initial offer wasnt enough merger, integrate both companies, and create best of breed. This provided the ability to work with executiveto make the move to another state. However, I knew that leaders and an expert project manager to meet the best of breed and synergy goals of the merger. Thattaking this role would allow me to work with a leader with was pivotal and significantly helped me in my next roles. I am grateful for these leaders for seeing myvisionary skills about customer experience in banking, as potential and allowing me to flourish. well as take the next step to the C-Suite.D F: What do you consider one of your biggest successes there?F:Did you turn down the job or negotiate for aSUSAN: D better position?My biggest success was building an excellent team that worked incredibly well together. We were aSUSAN:lean, mean fighting machine with incredible collaboration and comradery. Im still connected to them. I called a good friend and told her about the offer. She said, Did you ask for more? You need to ask. I called and asked for an increase and hadnt even finished my sentence before the increase was approved. D F: What is it that excites you about cybersecurity? As women, we dont ask. We think if we put our heads down, someone will notice, someone will give us SUSAN: the opportunity. You have to have the skills, but you also have to askfor the project, for the opportunity, for the raise.What I love about the field is the continual learning opportunities. I always ask myself, How do I feed my curiosity?Thats a large part of how I got where I am. In cybersecurity, you never have the sameD F:Did you regret not asking for more? day twice, which is perfect for someone who doesnt like to do the same thing over and over. Also, in cybersecurity, you have to question why and have the ability to consider various hypotheses, manageSUSAN:relationships, negotiate and influence for appropriate risk management. At first, I realized that I possibly could have received more, but what I took away from this was much more importantto ask. After being there six months, my boss rewarded me. He handed me a piece of paper D F: The merger challenged you, not only to balance both and said, You just got a raise. Youve done such a great job, were recognizing you for that. responsibilities, but it also helped you segue into risk management.SUSAN:It allowed me to learn something new. I pulled together all the data and analyzed how to combine it for You have to have the skills, but maximum efficiency and then presented it at an executive level. Technologists tend to be detailed-oriented you also have to askfor the but thats not how to communicate to management. This role helped me hone executive management presentation skills. From there, I was asked to take a more significant role in the firm, managing technologyproject, for the opportunity, for risk assessments globally. The focus was looking at risk but through a technology lens: infrastructure,the raise.applications, user-defined technologies and third parties. For me, it was something else to learn, much broader with a global lens, including regulations. After about four years, I decided it was time to search for opportunities outside of the firm.Page 9 Page 10'