Talks Tech #56: The Value of Risk Management to Companies

Talks Tech #56: The Value of Risk Management to Companies

Written by Lily Yeoh



This article has been adapted from the podcast recording of Talks Tech #56. 

Watch or Listen on YouTube

Lily Yeoh, Founder & CEO at C1Risk, sits down with Women Who Code to discuss The Value of Risk Management to Companies. She shares how she was the first in her family to go to college, her transition from biology to tech, and what inspired her to start her own company.

What did your mom and dad do? How did you get into this path?

My family history is pretty humble. I was born in Malaysia and immigrated to the United States when I was seven years old. My parents were not college-educated. I’m the eldest of two, the first to go to college. My parents had very humble jobs when I was growing up. They had to work really hard to allow us to have the opportunities that my sister and I have today. They mainly worked in the restaurant business from the time I was a child to my teenage years. Then, my dad transitioned from working in restaurants to working for the US Postal Office so that he could build out his retirement plan. I grew up mainly without parental guidance at home because my parents were working most of the time.

You have this incredible journey in tech; what was that moment when you knew that this was a path that you wanted to take forward?

It was my junior year in undergrad; I was going through Organic Chemistry, Genetics, and all those upper-level classes for my biology and chemistry major. I met other friends who were engineers and electrical engineers and spent a lot of time in the computer lab. I really fell in love with technology. Back then, it was like Web 1.0, creating GIF files of running and moving pictures, and it was just really exciting. I didn’t have any coding experience. I was a biology major. I was completely self-taught with the help of a bunch of friends. I just got into it and loved it. I had my own website. I was spending a lot of time on Chat networks; back then, it was the IRC network. I would call it early social media. That was when university students were able to connect with each other. 

The pivotal moment for me was after I graduated from undergrad. I spent a little time working at a hospital trying to evaluate which professional path I was going to take with my biology and chemistry career. When I was in the hospital system, I felt like it was really inefficient in how their business process was run. I really wanted to build a database to track performance evaluations for my department. I was so passionate and believed in this cause that I pitched it to my manager. I offered to build this custom system for free. She completely turned me down. I created the database with or without her wanting to see it, just to see. While I was developing this database for performance evaluation, I had a lot of challenges because I wasn’t professionally trained to be a programmer. I had to do a lot of research on my own. I had to get into some really advanced queries that I needed to know how to do. I had to consult with my electrical engineering friends. That’s when I realized this is what I wanted to go to grad school for.

Can you share a time when you faced a significant barrier or obstacle in your career and how you overcame it? 

I don’t think there was any one particular roadblock. In different stages of our career, I think we’re going to hit different challenges. In my earlier security engineering days, I was part of a rotation program for a very big Fortune 500 company. I was green and ambitious and wanted to do the right thing. Solving technical challenges and technical problems is the easy one; it’s the problems that are related to the soft skills and the people that are challenging. 

In my 20s, a lot of those roadblocks and challenges were more of the political landscape, how to navigate your relationships in the workplace, how to not burn bridges, how to have positive outcomes in terms of getting the right influence to pursue your ideas, your projects, and how to manage perception. Later in my career in enterprise sales, I saw roadblocks in commanding the room when you speak as a woman and a minority. 

In the cyber security profession, only 3% of women leaders exist. When you are communicating with different groups of people with different backgrounds, you have to adjust how you communicate. The biggest thing with communication that matters is how others receive your communication. That is something that I worked really hard on. From a personal growth perspective, you have to gain confidence in yourself. With the assurance and confidence you bring to the table, you will be respected for what you do and say. You can be successful in anything you do.

You decided to create your own software company. What was the light bulb moment for you in your career that made you feel like this was the right next step for you?

After I left RSA, I had no plans to start a company. I believe in the power of working with really good people. When you’re working with other A players, they’re the ones that are going to make you better. They push you and vice versa. I realized that I had exhausted my search for where I wanted to go. Part of my career journey was at Deloitte. When I was there, I got to work with some of the most amazing companies, some of the largest in the world. I’ve seen tons of management styles. I’ve seen tons of different cultures in organizations. 

I went to Silicon Valley and experienced tech life and the culture of tech. It was great to experience all of that because it gave me a broad perspective and understanding of different organizations to apply my knowledge. However, at that time, my journey with the corporate world had come to an end. I just wasn’t inspired anymore. 

I did have customers who understood my value. They had asked me to help them with business continuity or the GRC risk program different projects here and there. I took those as an individual consultant. I realized that people needed the solution that I always thought the cybersecurity industry needed. Everyone I talked to really validated that there was really a need. The idea behind how we started C1Risk was that the existing product out there for GRC was really costly, with high implementation costs. What gets me up every morning is to do something that I can feel proud of. Companies that are private companies, startups, and companies that couldn’t afford the $13 million budget for a GRC have compliance and risk management needs. They didn’t have that type of budget to make it happen. That market is still so big. 

How did you find the company? How did you make your dream a reality?

I’ve always been attracted to people from whom I can absorb information. Throughout my journey, I have met other startup founders. I was interested in their journey and their path. I had only worked for big companies and was aware of the various strategies for growth. I think management consulting teaches you a lot about how you think and how you can be very creative with many different strategies. I spent some time connecting with other people who are driven to build tech products. I felt like it was time for me to do this. I gave myself milestones. Building mini milestones for myself turned into building milestones for the company’s business roadmap. That turns into updating a roadmap every year. That’s kind of how it all started.

How do you manage burnout? 

I’ve learned to always really value people. Some of my growth was learning to trust others. I can do a lot of things myself until I burn myself out. That is not a sustainable path. Once you realize you have to trust, you must hire well. You have to build a good culture in your company. You have to let other people do their work and hold them accountable. If I feel burned out, it’s because I haven’t delegated enough. When you delegate, everybody wins. You’re creating jobs for people who need the job. You’re creating value for the market. Your customer will see the teamwork. 

Do you have a side hustle?

Work-life balance is really important to me. My only side hustle is to be an advisor in a very limited way. I only take one company when I do have the capacity. Currently, I am an advisor to a company called Partner Tap. It’s a woman-owned company, and they’re not in cyber security. I’m a cyber security advisor to them. 

What emerging technologies are you excited about right now? 

The technology that I’m really excited about is the new generation of integration platforms. We now have multiple Cloud infrastructures. Orchestrating networks, orchestrating applications, and orchestrating the data layer across all three platforms in a multi-cloud, high-performance, secured way will be a huge challenge for many organizations. I get excited about integration and APIs. 

Is there anything inspirational you would like to share?

It’s the hard days that will give you breakthrough moments. You don’t have to solve everything by yourself. Give yourself some space and time to get inspired, solve any issues, or get through any emotions you’re dealing with. That’s going to be something that’s going to make you stronger and have those breakthrough moments.