Mea Clift’s path into cybersecurity began long before it became her professional identity. She recalls joining the internet in 1995, experimenting with early tools like Vax/VMS connections, Telnet, and even learning the risks of email spoofing.
“When I look back on that now, I think it really set me up for my future in a very unrealized way,” she says. These early lessons in safe practices, authentication, and network management planted seeds that would later flourish into a distinguished career.
By 2012, Clift was managing a cloud environment when she witnessed a ransomware attack unfold in real time. Watching files lock and systems grind to a halt was both “fascinating and horrifying.”
It marked a turning point, fueling her commitment to governance, risk, and compliance (GRC). From that moment on, she focused on bridging the gap between technical controls and enterprise risk management—ensuring that organizations not only understood threats but could build resilient structures to withstand them.
Today, as Principal Cyber Risk Engineer in Liberty Mutual’s Global Cyber Office of Underwriting, Clift advises underwriters and insureds on emerging cyber risks, maturity models, and trends shaping the industry.
Her work integrates Zero Trust, NIST frameworks, and supply chain security into enterprise strategies. But at the heart of her leadership is empathy. “At the end of the day, humans are why we do what we do. There’s always a human on the other side of our actions,” she says — a principle that defines her approach to mentoring and executive guidance alike.
Impact through mentorship and education
For Clift, impact isn’t measured in accolades—it’s in the knowledge she shares and the professionals she helps elevate. “It’s hard to gauge impact sometimes when you’re just doing because you feel it fills a need,” she admits. Yet her contributions have been profound. She co-developed a hands-on GRC course with Compyl to fill a gap for aspiring professionals, a program designed to make compliance frameworks accessible and practical for those entering the field.
Equally significant has been her mentorship. Through organizations such as Cyversity, WiCyS, and ISACA, Clift has guided countless mentees, many from underrepresented backgrounds, into successful cybersecurity careers.
“Sometimes you just need someone who’s in the right place to elevate a person and advocate for them, to give them the opportunity to excel,” she says.
Her advocacy extends beyond structured programs. She teaches Fundamentals of GRC, frequently speaks at diversity-focused events such as Day of Shecurity and The Diana Initiative, and ensures her educational efforts remain accessible.
“My GRC class is not purchasable,” she notes. “I choose to teach it for organizations that are specifically focused on Diversity, Equity, and Inclusion in the cybersecurity space.”
In 2024, her dedication earned her recognition as Cyversity’s Educator of the Year, a reflection of her commitment to shaping the next generation of cyber leaders.
Resilience, challenges, and the road ahead
Clift is candid about the challenges she faces as a woman in a male-dominated field. From having to work harder to prove her expertise, to enduring unfair scrutiny and even disparagement from colleagues, she has navigated painful moments. Yet each experience fueled her resilience.
“Many times it was painful to me, as I do tend to carry my heart on my sleeve, but it also pushed me to do better and be better. To take those extra classes, to stand up for what I believe in, and to advocate where it’s needed,” she says.
Looking forward, Clift sees both opportunity and risk in the forces reshaping cybersecurity. She is pragmatic about large language models (LLMs) and agentic AI, recognizing their potential for defenders as well as attackers. She also highlights operational technology (OT) security and third-party risk management (TPRM) as areas requiring urgent attention in the next five years. “Something is going to have to happen in the TPRM space,” she cautions, pointing to the rising frequency and downstream impact of supply chain compromises.
Outside of her professional life, Clift is a quilt historian and educator, living in St. Paul, Minnesota, with her three greyhounds. Much like her cybersecurity work, her love of quilting reflects a deep appreciation for patterns, resilience, and the stories that connect us across generations.
Her journey—from a curious internet explorer in the 1990s to a nationally recognized cybersecurity educator and mentor—underscores what true leadership looks like in the field: empathy, resilience, and the drive to leave the industry better than she found it.
