Sem Ponnambalam is the President and Co-founder of Xahive, an organization with over 160 years of combined experience. She serves as a Board Member for MAPLE Business Council. She has been a Panelist at WEF, a G20 YES Panelist, and an Online Cybersecurity Governance Advisor for both private and public sectors and a Post-Secondary Cyber Governance Instructor. Sem is an Ambassador at the Catalyst.
If you ask Sem Ponnambalam how she got into the cybersecurity industry, her warm features light up, and she laughs good-naturedly. You can hear her six-year-old playing joyfully in the next room. Sem is in the moment, her posture fully engaged. She tents her hands in front of her. For Sem, the cybersecurity sector came as an afterthought to the first chapter of her career.
With over 22 years of private and public sector experience, including work with the Canadian federal and provincial governments, Sem knew how to persist in the face of high stakes. But she didn’t anticipate that a privacy breach while working in government office would change the trajectory of her career forever. For a while after, Sem went about her day-to-day, but ultimately she realized she had to devote her life to preventing similar experiences from happening to others.
Bridging the gap is possible, Sem urges, as she reflects on the bravery involved in that change. It all boils down to a growth mindset, she says. Cyber is changing daily, and Sem says the key is to stay adaptable.
When Sem got into cybersecurity, the industry wasn’t easily accessible from an interdisciplinary perspective. Having found her way in, Sem now wants to help others of diverse backgrounds do the same. She now runs a cybersecurity company, leading bright technical minds with a combined 40 years of experience.
She credits much of her growth and her ongoing relationship with expert mentors to the Catalyst. “I was excited to be a part of the Catalyst because I had never really been a part of a cyber-focused accelerator.” One of the lasting impacts of Sem’s time at the Catalyst was the relationships she cultivated with mentors — and among them, Steve Cohen, the Senior VP, Global, Cybersecurity Solutions and Services at Infostream Solutions Inc. Cohen was previously an Entrepreneur-in-Residence at the Catalyst. Sem continues to seek counsel from Cohen, and it is this relationship with a good mentor that has influenced her outlook as a cyber leader.
Sem explains, “The accelerator made a huge difference for me. It connected me with different organizations and put me in front of different cyber experts with whom I would not have had the opportunity to connect. It gave me a different perspective on cyber.” Sem looks forward to becoming an Ambassador at the Catalyst in the coming months.
At her core, Sem is motivated to make a difference in education and an interdisciplinary culture within cybersecurity. According to her, the typical focus right now is AI. But she thinks this misses the target. From her perspective, it all comes down to education.
“You have to educate people on why cybersecurity is important,” says Sem. The majority of organizations today do not understand the importance of cybersecurity.” According to Sem, understanding governance is key to unlocking the critical concepts related to cyber. This is why she focuses much of her work on thought leadership.
By extension, Sem feels strongly that cyber-education should be standardized in the K-12 classroom. She finds herself frequently reinforcing important concepts of cybersecurity to her young daughter. She points to the room behind her, smiling, and reflects on the daily struggle to explain that inputting personal information like your home address into an app is dangerous. Sem is on the front lines in multiple capacities.
You need to be constantly growing, constantly taking new courses, constantly adapting because cyber criminals and state actors aren’t sitting around saying, ‘ok, we’ll give you guys a break.
While Sem places great value on sitting interdisciplinary minds around the table, she returns to one concept. Sem believes that good cyber professionals have one thing in common — growth mindset. This is essential for the work, since cyber experts need to innovate attack vectors, which are constantly evolving. This means that you don’t want uniform thought. Instead, complex and adaptable problem solving happens when people from different academic and personal backgrounds collaborate.
According to Sem, it’s not the technology aspect that’s missing. Again, she circles back to education. Sem offers the example of a group of engineers and developers who belong to the same nation and have the same institutional background. “You’re going to get group think,” she says. “They’ll all problem-solve in the same way.”
Solution-minded, Sem has a way out of that problem. If you bring new perspectives—people with regulatory experience, business experience, and social science expertise—you break the singular mindset.
The main problem right now is if we have some of the best technology tools out there, why are we continuing to get breached? If big companies are getting breached, what does that say?
As Sem gained strength in her cyber career, paradoxically, she felt more alone. She was a woman in a male-dominated industry and at conferences, individuals who were not steeped in cybersecurity were quick to talk more loudly than her.
Characteristically, Sem broaches this subject with compassion. In an industry that is male-dominated, she has had wonderful collaboration, mentorship, and support from men. That hasn’t made it easier to be a woman. But it is an important fact. When Sem attended the World Summit on the Information Society as a panelist, she wanted to discuss governance and education. But she also wanted to represent the industry from a female perspective.
There are a handful of women in each country in the space, Sem comments. “Everyone is trying to play a leadership and a mentorship role. But it’s difficult to have great allies. And I’ve had a ton of allies who are men who have helped me through my career, and if it wasn’t for them stepping up and going that extra mile, I wouldn’t be where I am today.”
Sem says that 90% of cyber professionals are men, but they’re the ones who have been there for Sem. “If you exclude men,” says Sem, “You’re doing the very thing you’re accusing them of.” Being a woman in tech, a woman in a male-dominated space takes courage and comes with responsibility. If you fill that responsibility, you are tightening the gap. And since men and women may think and problem-solve in different ways, female contribution makes it more attainable to solve complex cyber concerns.
People think that you have to be an engineer, or developer, or computer scientist in order to be in cyber and that’s not the case at all.” Interconnectedness is missing in the industry. According to Sem, “First off, we need to have better access to who’s out there in the space,” she says. “We work in such silos. There’s no directory.
Sem acknowledges that the other thing lacking is mentorship. Because of this, it’s difficult to navigate the space if you are, say, from an interdisciplinary background you don’t have a map or a network. That, in and of itself, can be prohibitive. But you need people willing to do the work, learn, and research.
“If people don’t take initiative, those aren’t the type of people you want to be working in the field because you’re protecting people’s data,” says Sem. The process must be taken very seriously. There aren’t easy solutions to multifaceted, morphing problems in the field. But according to Sem, the Catalyst comes closest in finding a technical, holistic training methodology to address the biggest issues in the cyber sector
I find the really great thing about the Catalyst is that they have so many networking and event opportunities. And that connects you.
Sem says that if she could wave a magic wand, she would ensure cybersecurity for all—K – 12, right through to adults. From experience, Sem knows that it’s essential to understand the importance of cybersecurity. Otherwise, you don’t know the implications until it’s too late.
She connects this to the job gap, which in cyber is 75%. “Most people don’t look at cyber because they think I’m not a technological specialist,” says Sem. “That’s why we need to enable access for people not in those traditional academic educational backgrounds to pursue a career in cybersecurity.”
As we wrap up our conversation, Sem’s daughter enters the room. She says one or two sentences—indecipherable. “Time for Mommy duty,” Sem says. She flashes a smile and shuts her laptop.