CyberVoices

Mary Carmichael didn’t begin her career in a server room or a tech startup. She began in finance, working as a certified public accountant on large financial services projects. But those projects opened her eyes to a truth that would shape the rest of her career: technology and business are inseparable and managing risk in one means managing risk in both. “I realized early on that cybersecurity wasn’t just about protecting systems, it was about protecting trust,” she says.

That realization sparked her transition from finance into technology. Carmichael led payment security initiatives, cloud migrations, and major digital transformations, all while pursuing top ISACA certifications like CISA, CRISC, and CISM. Those credentials, combined with her risk-focused mindset, gave her the foundation to bridge business strategy with cybersecurity practice. She quickly became known not just as someone who could manage compliance, but as someone who could translate complex risks into boardroom language.

Her career took a defining turn when she joined the City of Vancouver’s technology team leading up to the 2010 Winter Olympics. The global spotlight brought new responsibilities in business continuity planning, incident response, and protecting public infrastructure from disruption. Carmichael calls it a turning point: “The Olympics were a catalyst for cybersecurity maturity. It wasn’t just technical work, it was about enabling public trust and operational resilience.” She also spearheaded digital projects that brought more municipal services online, proving that cybersecurity could support, not hinder, innovation.

Over the next 15 years, Carmichael expanded her expertise across government, higher education, utilities, and energy. That breadth of experience prepared her for executive leadership and eventually led her to found Momentum Technology, a boutique risk advisory firm. As Managing Director, she works with leadership teams to align governance and cybersecurity with strategic growth. Recently, her focus has shifted to the risks and opportunities of artificial intelligence. “Risk management should be a launchpad for innovation, not a hurdle to progress,” she says, underscoring her belief that strong governance fuels growth.

Her influence extends well beyond business. Carmichael has become one of the most visible community leaders in Canadian cybersecurity, particularly through her work with ISACA. Starting as a volunteer, she rose to become President of the Vancouver Chapter, serving more than 1,000 members. Under her leadership, the chapter expanded training, mentorship, scholarships, and even launched an AI Mastery Series. The chapter’s growth and innovation were recognized with ISACA Global’s Outstanding Chapter Achievement Award, a milestone Carmichael describes as proof of what community can achieve when it commits to inclusivity and lifelong learning.

She also serves as a SheLeadsTech Ambassador, advocating for women in technology leadership and sharing her own journey to inspire others. “Being part of SheLeadsTech has reminded me of the power of storytelling, mentorship, and visibility,” she says. That belief in collective progress drives her to sponsor student hackathons, lead incident response exercises for local businesses, and build stronger information-sharing networks in British Columbia.

Her commitment to governance and education reaches the international stage as well. Carmichael contributes to ISACA’s Global CRISC Committee and Emerging Trends Working Group, shaping how professionals worldwide are trained to manage risk in the era of AI and digital transformation. She also writes for ISACA’s global newsletter, sharing practical cybersecurity insights with more than 200,000 readers. At Toronto Metropolitan University’s Rogers Cybersecure Catalyst, she serves as a Fellow and Ambassador, leading research into AI risks in the public sector. And as a board governor for a Vancouver college, she brings her governance expertise into higher education.

Recognition has followed. In 2025, she was named one of Security Magazine’s Women in Security and received the “Lift as You Climb” Mentorship Award from Canadian Women in Cybersecurity. She has also been cited among Canada’s top cybersecurity influencers,  a reflection not just of her credentials, but of her ability to rally others around a vision of resilient, ethical, and community-driven cybersecurity.

What sets Carmichael apart is her ability to connect dots that others often keep separate. She speaks the language of finance and governance, but also of IT operations and cybersecurity defense. That fluency allows her to build frameworks, dashboards, and programs that protect assets while enabling growth. “Cybersecurity should support strategy, not slow it down,” she says, distilling her philosophy into a line that resonates across boardrooms and classrooms alike.

Her story is also a reminder of the nonlinear paths into cybersecurity. A career that began in accounting led to Olympic-scale technology projects, to founding a consultancy, to shaping international standards. Along the way, Carmichael has proven that curiosity, continuous learning, and community leadership are as important as technical skills.

As cyber threats grow more complex, her work shows how leadership anchored in both business and community can make the difference. Whether advising a board on digital trust, mentoring a student entering the field, or researching AI governance, Carmichael’s goal remains the same: to strengthen systems, build trust, and empower people. “Canada’s cybersecurity advantage won’t be technology alone,” she says. “It will be our ability to build a trusted, resilient, and united community.”

You can reach Mary Carmichael on Linkedin.