Profile: Patricia Voight, CISO, Webster Bank
Published On: March 31, 2025
Patricia was featured in the March 2025 Feats of Strength magazine
Patricia “Patty” Voight represents a true subject matter expert and distinguished leader in cybersecurity and risk. She has spoken at industry conferences across the world, sharing valuable knowledge with the greater security community, and forging relationships across the market. She is an avid reader and contributor to numerous publications and articles, as well as a participant and supporter of many financial services, security, and risk related groups.
Patty began her interest in security during her college years, where she started learning more about the computer industry and the capabilities that came with the internet. She explains, “Back then, the internet provided many opportunities to learn about computers and I participated in some hacking groups. Not necessarily the ones with nefarious intentions, but ones that were just teaching skill sets to other users navigating the environment at the time.”
As Patty’s interest and education around computer programming and engineering evolved, she entered the workforce on a clear path and her career has significantly grown from there.
Patty has an illustrious background working at organizations such as Citi, Wells Fargo, and EY, in consulting, risk management, and cybersecurity focused roles. She comments, “I came up through the big banks, working in the financial services industry. And I worked at EY, a large consulting firm where I leveraged my skillsets working with different clients across every bit of the industry. I gained extensive experience working across large global, medium-size regional, and startup clients, and consulted and advised on everything across technology risk and cybersecurity. I consider myself a technology risk integrated cybersecurity leader.”
SUPPORTING GROWTH AT WEBSTER BANK
Currently, Patty is the Executive Managing Director, CISO and Technology Risk Management at Webster Bank. In her previous consulting roles, Patty had experience with both Webster Bank and Sterling Bank, who recently went through a merger, so she was familiar with the culture and the environment before she joined.
Patty joined Webster Bank because she believed in the vision of the leadership team, and knew it was an opportunity to strategically mature and grow the organization. In her role, Patty is responsible for technology and cyber and information security risk. She explains, “I oversee the cyber and technology risk team that helps mitigate risk across the business as well as the corporate information security team that focuses on resiliency, security, architecture, and engineering. Each of these teams focus on the framework we use across the business. The security operations team runs the day-to-day operations to include threat intelligence and monitoring events and activities in our view.”
She continues, “All of these teams work together and it is important for me to understand the crossovers between them to make sure I know how they are operating and aligning back to the business with the value they are providing. Our customers, shareholders, and stakeholders care about what we are doing, so we make a lot of what we do public, in things like our published cyber fraud index.”
MAKING AN IMPACT
One of the most important aspects of Patty’s role is to collaborate with the CIO and board to ensure they understand cybersecurity and how her program is shaping the organization. She says, “One of my biggest successes has been my relationship with the board and executive leadership. I make sure I am transparent about our strategy and roadmap, so they are part of our journey. I meet with three different committees and the full board as well. Our board has a hunger for information, and I always show them what we are doing with clear status updates. I’m moving into risk quantification to show them what we are doing from a business perspective, to make sure I’m transparent about how we are bringing value to the corporation from a risk lens.”
Patty values that her board enjoys learning about cybersecurity, and she prioritizes sharing, educating and providing them with opportunities to absorb more about what they are doing. This might even include having them sit in on tabletop exercises to gain a first-hand perspective.
Another focus area is growing the team and ensuring she provides a clear path for each member. This means not only focusing on their current roles, but ensuring she helps them achieve any future career goals. She connects with each team member to discuss opportunities both internally and externally that might help them further their ambitions, whether it is gaining a certification or engaging in cross collaboration.
Growing the culture of cybersecurity within the organization and their community is another focus, and something Patty believes to be pivotal in continuing to mature her program. She says, “There are many opportunities for us to share things like cybersecurity awareness training across Webster Bank but also communities that we support.”
CYBER THREAT CHALLENGES
The dynamic threat landscape poses challenges for Patty and her program. She states, “We are seeing the increasing sophistication around cyber threats, supply chain vulnerabilities, and regulatory scrutiny, that is requiring a constant amount of vigilance. We are always watching where cyber criminals are evolving, because they’re getting faster than traditional defenses. With AI-driven attacks, there are concerns with deep fakes, and with geopolitical cyber risks, we are preparing for what that impact might be.”
She continues, “For firms especially in the financial services industry, there is a large amount of navigation around regulatory complexity and compliance adaptations. That is always high on my list. We are constantly staying ahead of evolving regulations.”
MAKING SMART INVESTMENTS
“When making investments it is important to have clear business alignment. Investments are sometimes driven by trends or vendor influence rather than business needs. It’s important to base investments on what is truly needed and ensuring those decisions are inline with the business need. It is also important to focus on the long-term sustainability of where the company is going and to make very strategic investments aligned to our investment strategy with strategic objectives, the risk appetite for the firm, and long-term value creation in the forefront,” says Patty.
Subscribe
Stay up to date with cyber security trends and more