Rose Lally’s career began long before cybersecurity was a defined discipline. Her first job out of college was at IDX, where she worked as a programmer and was introduced to a tool called Security Plus. “It was the first inkling of anything related to cybersecurity,” she says. “We would probably equate it today to more of an identity and access management tool, but that’s where I started getting into the concept of people having role-based access or layered security on personal data.”
When HIPAA regulations were introduced, Rose led a new eCommerce team focused on healthcare privacy and data security. “We converted people from those big magnetic tapes to electronic data interchange,” she recalls. Her company was later acquired by GE, where she held multiple leadership roles that shaped how she approaches management today. “GE has this concept where they take leaders they think have potential and drop them into individual contributor roles for a year,” she explains. “You learn to influence people who don’t report to you, how to use metrics and KPIs, and how to present to executives who don’t have to take your advice.” That experience proved invaluable when she transitioned into infrastructure leadership, providing data center services for hospitals and universities, especially when she launched disaster recovery services soon after Hurricane Katrina struck.
Seeking to broaden her expertise, Rose then spent several years at a global manufacturing company, overseeing all technology services, security, and vendor management and was ready for new challenge. “My cousin called and said, ‘There are several open positions I think you’d be a great fit for, and you’d really like this company and its culture,’” she recalls. That company was Altisource. “I went in for an interview and opted for governance and controls - a new team being formed to oversee the technology organization as emerging regulations around data privacy and security took shape. I’ve always enjoyed building teams from the ground up to tackle new challenges and have a deep interest in all things risk.”
It didn’t take long for her role to expand. “Through building that team, we uncovered opportunities to strengthen security controls, and eventually I was asked to lead InfoSec - becoming CISO about seven years ago.”
A Culture of Support
Rose has stayed at Altisource longer than most CISOs remain in a single role, and she credits that to a culture of trust and support. “I report to our CTO/Chief Strategy Officer,” she says. “He’s the same person who hired me, and he always has my back, provides unwavering support and insightful guidance. That kind of support is rare.”
Her tenure has also been shaped by consistency within leadership. “I’ve been working with the same leadership team for about ten years,” she says. “We got through COVID together and all the craziness that came with it. Many of my direct reports have been with me for years, and that strong foundation of mutual respect and trust goes a long way in retaining great colleagues.”
That longevity, she says, builds trust that can’t be replicated. “Every day is something different, and there’s no playbook because it’s unprecedented,” she says. “The support I receive for my decision-making is at the base of our loyalty and commitment - key elements of a stable and resilient leadership environment. Why would I go anywhere else?”
Leading Complex Programs
Rose oversees governance and controls, information security, business continuity and disaster recovery, IT asset management, technology risk, corporate vendor management, and even facilities. “Bringing these areas together under my leadership was driven by the need for a unified approach to risk management - strengthening resiliency, enhancing security, and ensuring robust governance across technology and physical domains.”
With such a broad scope, she relies on collaboration and strong teams. “It’s a lot,” she admits, “but I wouldn’t be able to do it without my team and the support of leadership.” She describes how consolidation has helped streamline decision-making. “Before, I’d have to join calls with four or five other leaders and we’d all be debating from our own perspectives. Now those conversations are with my direct reports, and we’re invested in figuring things out together. It’s much more collaborative.”
AI, Risk, and Human Error
Looking ahead, Rose is focused on three major priorities: artificial intelligence, third-party risk, and minimizing human error. “I’m a big fan of AI for productivity and efficiency, but I’m also a little terrified of it,” she says. “I know all the risks, and I try to stay educated on the regulations and threats that come with it.”
She believes AI can be both a solution and a vulnerability. “AI offers immense potential for productivity and efficiency, but it requires strict governance. Our approach is proactive - implementing safeguards to ensure responsible and secure adoption.”
To encourage learning, Rose created an internal education series called Knowledge and Nibbles, a play on “lunch and learn” where global employees share short presentations on how they use AI. “We have people from all over the company do 5 to 7 minute sessions on how they’re using AI to make their work easier,” she says. “At the same time, I sneak in education on security, how to use AI safely while still exploring its benefits.”
While AI is top of mind, she’s equally focused on people. “Human factors are the number one challenge,” she says. “You can have world-class security tools, but unintentional human errors can undermine everything.” She often uses a car analogy: “Accidents happen, which is why most vehicles are equipped with safety features - many operating behind the scenes - to help keep drivers and passengers safe.”
Building Awareness and Trust
Rose’s approach to leadership includes consistent education and open communication with business leaders. “I use data to show leaders what’s really happening,” she says. “When I was working on phishing awareness, I used a gamified tool that gave scorecards. I’d present how each team performed, and it turned into a competition. Suddenly, everyone was invested.”
That hands-on, visual approach has proven powerful. She recalls using an AI-generated voice phishing simulation to make risk more tangible. “It was the CEO’s voice on the call telling people to reset their passwords,” she says. “As they said no, the voice got more urgent. It took a minute and a half to make people realize how real this is and the damage that could be done.”
She also keeps executives informed whenever major industry incidents occur. “If a vendor has a breach, I’ll share the details to the CEO and his leadership team,” she says. “I’ll say, ‘Our customers might ask about this. Here’s how we’re protected.’ It not only builds trust but also ensures future conversations are grounded in awareness of emerging issues.”
Leadership and Lifelong Learning
Rose describes her leadership style as transparent and supportive. “I can’t be successful unless my teams are,” she says. “I rely on people’s strengths, offer training where it’s needed, and ask for feedback regularly. I want to know what’s driving them crazy, what I can do differently, and how I can best support them.”
She emphasizes empathy and balance. “I meditate every morning,” she says. “It helps me start the day calm, and to make a concerted effort every day to treat people the way I want to be treated. If someone calls me for help, I do my best to get them to the right person or solve it myself.”
Her team spans multiple functions, and she takes pride in their growth. “Most of them have been with me for years, and some have changed roles and areas of expertise a few times – it’s a remarkable group of people.”
Outside of Altisource, Rose remains active in the cybersecurity community. She attends and speaks at events, often focusing on leadership, risk management, and women in cybersecurity. “If it’s about women in tech or leadership, I usually say yes,” she says. “It’s important to get out there, represent, and show support. I had a very strong woman as a mentor for many years early on in my career – I keep that in mind and do my best to pay it forward whenever I can.”
Above all, she believes continuous learning is essential. “I make time every morning to listen to new webcasts or read relevant articles,” she says. “Cybersecurity moves fast. You have to stay on top of it and never get complacent.”
Subscribe
Stay up to date with cyber security trends and more