Stephanie Liew is the Chief Information Security Officer for Asia Pacific, Middle East & Africa at BAT. She brings over 20 years of experience in cyber security, but her real strength lies in translating complex risks into clear business decisions and building teams that thrive on trust. Stephanie is known for her approachable, high-energy leadership style. She’s a transformational leader who develops mindset and behaviour to drive high performance across diverse, global teams. She is also an ICF-certified coach, a Licensed Master NLP®️ Coach, and a Human-Centred Design Practitioner. She also serves as the Cyber Security Board Member at Build a Future Team by Peoplelogy, Leadership & Career Mentor with ISACA Malaysia. Outside work, Stephanie is a proud mum of three, an advocate for diversity and inclusion, and a passionate mentor for women. She doesn’t just lead with strategy; she leads with heart.
Recently, in an exclusive interview with CIO Magazine, Stephanie shared insights on the role of cybersecurity in enabling business growth, personal hobbies and interests, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Stephanie. What sparked your interest in cybersecurity, and what motivated you to pursue it as a career?
That’s a fun one. Growing up, I was the second youngest of five siblings. I was constantly told what to do: by my parents, older siblings, so naturally, I developed this drive to have control over something… to take charge in my own way.
I wasn’t into dolls or soft toys. I gravitated toward strong female characters, like Wonder Woman and Charlie’s Angels. They were bold, independent, and didn’t wait around to be saved. I’d imagine myself as Wonder Woman on the school bus, sneaking off to fight bad guys, save the day, and then return in time for dinner. It sounds funny now, but that feeling stuck.
When I started my career, cyber security wasn’t even a “thing.” It wasn’t a department. It wasn’t cool. It definitely wasn’t something people aspired to. But I saw its potential early, and more importantly, I felt its purpose.
As I grew older, cyber security gave me a real-world way to channel that same energy. It wasn’t just about protecting systems, it was about defending people, enabling businesses to thrive safely, and staying one step ahead of those trying to cause harm.
So for me, cyber wasn’t just a job choice, it was a natural fit.
What do you love the most about your current role?
What I love most is being right where cyber security meets the business.
I get to solve real-world problems, influence decisions, and make security meaningful to people who don’t speak “cyber.”
It’s not just about keeping systems safe, it’s about enabling performance, building trust, and proving that cyber security drives the business forward, not slows it down.
And honestly, nothing beats coaching high-performance teams. Helping people grow, build confidence, and lead with purpose: that’s where I find the most energy.
At the core, I know I’m protecting people, not just data. That sense of purpose? It never gets old.
What’s your perspective on the role of cybersecurity in enabling business growth, and how do you see it evolving in the future?
Cyber security used to be seen as just insurance or a compliance checkbox. That’s changed.
Today, it’s a growth driver. If you can’t build digital trust, you’ll lose customer loyalty, brand credibility, and speed to market.
Looking ahead, cyber will move from reactive to predictive, augmented by AI, behaviour analytics, and real-time data to stay ahead of threats and make decisions faster.
Security won’t be an add-on. It’ll be part of the business model from day one. That’s where the real value and competitive edge will come from.
What personal or professional philosophies have contributed to your success, and how have you applied these principles in your career?
I’m flattered, but honestly, I don’t see myself that way. We’re all a work in progress, and I’m still learning every single day.
There are three principles I keep coming back to:
-
- Control what I can. Let go of the rest. That mindset helps me stay grounded, especially in high-pressure situations.
- Be human first. Cyber security is technical, yes, but people drive decisions. Empathy always makes the biggest difference.
- Performance matters, but behaviour sustains it. I care just as much about how we show up as I do about KPIs, especially when no one’s watching.
I bring this to life through coaching, asking better questions, and role-modelling what trust looks like in real situations.
What’s your approach to coaching teams to lead with trust, rather than control, around cybersecurity?
I create safe spaces where people feel heard, not judged.
It starts with listening, not jumping in with solutions. I help teams move from just ticking boxes to truly owning what they do. When people feel trusted, they naturally step up.
We focus on progress over perfection. I don’t micromanage: I coach, guide, and then step back. But I stay close enough, so they know I’m there if they need me.
It’s about creating space for people to grow, while making sure they feel supported. I want them to lead with confidence, not fear getting it wrong.
Is there a particular person you are grateful for who helped get you to where you are?
My parents taught me resilience, hard work, and grit. Those values are still my foundation.
But professionally, I’m especially grateful to a former boss who challenged me to stop playing small.
She once told me, “You don’t need to ask for permission to lead.”
That moment shifted everything for me. It gave me the push I didn’t know I needed.
What are some of your passions outside of work? What do you like to do in your time off?
I’m a mum of three active children, so weekends are full-on, in the best way.
You’ll find me juggling swimming training, running practice, dance rehearsals… and the family gym session where we challenge each other for fun.
Saturday night dinner is sacred for us. It’s our “dinner party” at home, no screens, just good food, loud conversations, and connection.
And if I ever get a quiet moment to myself, I’ll reach for one of the books collecting dust on my shelf. Reading’s my reset button, it just doesn’t happen as often as I’d like.
Which technology are you investing in now to prepare for the future?
All the shiny, state-of-the-art tech available, of course!
But honestly, my biggest investment is in people.
I’m focused on upskilling teams to work with AI, not fear it.
Tech will keep evolving. What sets us apart is how quickly our people can adapt. That’s the real edge.
What is your biggest goal? Where do you see yourself in 5 years from now?
My biggest goal is to build a security culture that outlives me, one that’s deeply embedded in how people think, decide, and act.
In 5 years, I see myself influencing global strategy, whether that’s in corporate, policy, or advisory roles.
I want to help shape a more inclusive, human-centric model of leadership, one that embraces AI not just as a tool, but as a partner.
Because the future of security isn’t just about tech, it’s about how humans and machines work together to make smarter, faster, more ethical decisions.
What advice would you give to aspiring CISOs or cybersecurity professionals looking to advance in their careers?
Don’t chase titles. Chase impact.
Focus on understanding the business, not just the tech. Communicate clearly. Learn how to influence without authority, that’s where real leadership starts.
And don’t wait until you feel “ready.” You grow by stretching, not by standing still.
Take the leap. You’ll figure it out.
And if you need to bounce ideas or get unstuck, find a mentor or coach.
That support makes all the difference.