Lisa Lafleur didn’t plan a career in cybersecurity, she built one out of curiosity and conviction. “I was the first cybersecurity person at a bank I worked at during the beginning of my career,” she says. “When I hired on as a network manager, I saw a need for cybersecurity and talked to my boss about it. He said, ‘Do we even need cybersecurity people?’ That was really the attitude at the time.”
Lisa convinced him otherwise, laying the groundwork for what would become a long and distinguished career in information security. “That was my first entry into security, but there were always elements of it in my work,” she explains. “I had been writing policies for ten years, and I worked in audit, doing some auditing of cybersecurity as well.”
Her early years reflect the infancy of the cybersecurity industry. “When I was in audit, the main control was making sure we had power strips and we knew where the policy was,” she recalls with a laugh. “Auditors would read books to figure out what they needed to ask me. They once said we needed firewalls, but we weren’t even on the internet yet. I said, ‘We don’t need firewalls; we don’t have anything to firewall off.’ It was such an interesting time.”
Finding Her Place at Walmart
Today, Lisa is the Senior Director of External Party Risk Management at Walmart, a role she has held for more than four years. Her path to Walmart began long before the opportunity appeared. She spent years building a reputation in financial services, defense, and manufacturing, working in positions that exposed her to governance, audit, networking, policy writing, and eventually security leadership.
During her time at Raytheon she worked for a leader who became a long-term mentor. “The person who hired me at Raytheon hired her at Walmart. It is important to maintain your network and keep relationships going even if you change roles.”
The position at Walmart offered Lisa the chance to build something new. Lisa saw the External Party Risk Management program as an opportunity to apply decades of strategy and governance experience toward a large-scale initiative. “This was my opportunity to build something meaningful and give back to the community if I could build it the right way.”
Leading a Complex Global Program
Lisa’s role focuses on vendors that don’t supply the products on Walmart’s shelves but still handle sensitive data. “Any vendor with whom we exchange protected information has to go through my team,” she explains. “We look at it from two perspectives: onboarding and continuous management.”
Her team ensures that every vendor meets Walmart’s strict security standards before work begins. “We use NIST and other industry frameworks to make sure vendors meet our requirements,” she says. “We make sure they’re protecting data in the same way we would protect it in-house, with all the same or equivalent controls.”
The team has full authority to reject vendors that don’t meet those standards. “We absolutely have the power to say no,” she says. “And so far, every decision we’ve made has been backed one hundred percent.”
Once a vendor is approved, Lisa’s team monitors them continuously. “We make sure they maintain that level using mostly OSINT data,” she says. “We look for vulnerabilities on their external servers and make sure nothing’s falling through the cracks.”
Her group’s scope extends well beyond third-party oversight. “We’re not just third-party risk management; we’re external party risk management,” she explains. “That means we also look at fourth parties and beyond. Sometimes those fourth-party relationships pose even bigger risks to the supply chain than the third parties themselves.”
AI, Data, and the Expanding Risk Landscape
As with nearly every area of security, AI is both an opportunity and a challenge. “AI is probably the biggest change and the biggest challenge,” Lisa says. “All of a sudden, everybody can code and create tools. We’re going to need strong strategies and leaders to stand beside them to make sure these developments align with our goals and don’t become distractions.”
Her team is also exploring how AI can improve visibility into Walmart’s vast vendor ecosystem. “For years, we’ve been collecting data on all of our vendors,” she explains. “Now we’re asking, how can we use that data to make better risk-informed decisions and increase the health of the ecosystem?”
Lisa sees her work as part of something much larger. “The more data we analyze, the more we realize how interconnected every company is,” she says. “People joke about six degrees of separation, but in cybersecurity, it’s more like two. One vendor’s issue can quickly become everyone’s issue.”
Looking ahead, Lisa’s priorities include expanding the program internationally and integrating AI responsibly. “We want to leverage AI to increase insights and efficiency, but it has to be tied to the overall strategy,” she says. “And internationally, we’re figuring out how to scale our processes and make sure they’re built into everything we do.”
Translating Security into Business Impact
For Lisa, communication is as critical as technology. “That’s why I got my MBA,” she says. “I wanted to be able to explain what we do to the business and talk to executives in their language.”
She uses an agile framework to track progress and align with corporate strategy. “We capture everything in sprints, stories, and epics,” she explains. “I work with the program management office to make sure what I’m doing reads into their strategy. I meet with strategic leads all the time to explain my business cases and make sure our priorities are aligned.”
That alignment with business value is essential in Walmart’s culture. “At the end of the day, our job is to increase shareholder wealth,” she says. “Walmart is very particular about everyday low cost or EDLC. We look at every penny because we really do care about providing the lowest costs for our customers. It all makes sense when you walk into a store and see how that strategy connects.”
Leadership with Purpose and Integrity
Lisa describes herself as a servant leader, a philosophy that defines her approach to management. “My job is to empower the people around me to reach their full potential,” she says. “I tell my team all the time: my job is to get obstacles out of your way.”
She values transparency and open dialogue, even around difficult topics like AI. “We had an honest conversation about AI and its existential threat to some of the work we do,” she says. “One of my team members told me they were surprised I brought it up. But I think talking about it makes it less scary. Avoiding it doesn’t.”
Her empathy and honesty create a culture of trust. “I like to be honest and always say I’m too lazy to be dishonest,” she laughs. “It’s just too hard. I’d rather be upfront.”
Lisa also believes in giving back. “At a certain point in your career, it’s important to contribute to the community,” she says. “I’m active in ISC² and InfraGard and serve on chapter boards. I think it’s especially important as a woman in this field. Young women don’t always see opportunities for themselves, and sometimes they’re too hard on themselves. I want to change that.”
She makes time for mentorship wherever she can. “I love it when young women reach out,” she says. “If I can fit it in, I’ll always prioritize those conversations. We need more women in this field, and if sharing my story helps even one person, it’s worth it.”
Building a Diverse and Inclusive Future
Diversity and inclusion are more than talking points for Lisa, they’re daily priorities. “As a leader, I think it’s important to understand generational, cultural, and gender differences,” she says. “Those things can become barriers if we don’t take time to learn about them.”
She makes a point of learning from her global team members. “I have people from Panama, Ghana, Mexico, India, and it is fascinating to learn from them,” she says. “I’m constantly asking questions about where they’re from and how they see things. When you understand different perspectives, it builds appreciation and teamwork.”
Lisa believes that diversity strengthens security. “When you bring people with different backgrounds and experiences together, you get better ideas,” she says. “That’s how we build stronger teams and a stronger industry.”
At Walmart, Lisa leads with humility and a deep sense of purpose. “Every day is different,” she says. “There’s no playbook, but that’s what makes it exciting. My goal is to help my team succeed, support the business, and hopefully leave this program and this industry better than I found it.”
Subscribe
Stay up to date with cyber security trends and more