author photo
By Karly Tarsia
Thu | Apr 7, 2022 | 4:15 AM PDT

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.


Tammy Klotz is the Chief Information Security Officer at Covanta. She is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and is also Certified in Risk and Information Systems Control (CRISC). Prior to joining Covanta, Tammy was responsible for the cybersecurity program at Versum Materials, which included Information Risk Management, Plant Cybersecurity, as well as IT Security, Risk & Compliance activities. She was with Versum since its start-up in October 2016 and was responsible for standing up all security services required for the new company as part of its spin-off from Air Products & Chemicals.

When Tammy is not speaking on the SecureWorld stage, she is the President of the Lehigh Valley Chapter of Cloud Security Alliance and is involved with WiCyS – Delaware Valley. Tammy was a 2019 Finalist for T.E.N Information Security Executive ® of the Year for the Northeast & North America regions and received OnCon’s Top 10 Information Security Professional Award in 2021.  

Get to know Tammy Klotz

Question: Why did you decide to pursue cybersecurity as a career path?

Answer: Interesting story... I didn't exactly choose it, it was chosen for me. Let me explain. Having spent most of my career in various parts of a global IT organization of air products and chemicals, I was tapped on the shoulder to take on an IT Audit Manager role. During my tenure in that role, I first dipped my toes into the cyber world by co-sourcing a cybersecurity assessment of the organization. After three years in audit, the company hired a new CEO who decided to spin off the "and chemicals" part of the business. It was at that time that I applied for a role on the IT leadership team of the spin-off company, Versum Materials. The funny thing is that when I applied for the IT Service Management role, the Versum CIO said to me, "I want you on the team, but I want you in the cybersecurity role given your business understanding and strong relationships with the business." My answer was, "really?!" And as they say, the rest is history.


Question: What encouraged you to join your current organization?

Answer: In 2020, Versum Materials was acquired by Merck KGaA, and my CISO position was eliminated in April 2020. At that time, I began my search for my next position and was fortunate to have landed a position at Covanta Energy in June 2020 working again for Dave Beltz, my prior CIO at Versum Material, who had joined Covanta in May of 2019. When Dave learned my position was being eliminated, he reached out and told me Covanta had an opportunity I may be interested in.


Question: How would you describe your feelings about cybersecurity in one word?

Answer: Challenging


Question: What has been your most memorable moment thus far working in cybersecurity?

Answer: My time at Versum was a truly a unicorn experience. We had an AMAZING team who did great things in a very short amount of time. We were essentially a green field organization with an established customer base and revenue stream with a visionary leader who set a cloud-first, BYOD vision before it was the "cool thing" to do. I had the opportunity to build the cyber program from scratch and established a very cyber-aware culture across the organization in both our IT and OT environments.


Question: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?

Answer: Make your people your strongest link in your cyber defense strategy. Build a solid training and awareness program.


Question: What is an industry-wide change you would like to see happen in 2022?

Answer: Ensure companies we work for realize that cyber is a business risk not an IT risk. This can be extremely difficult depending on the culture of the organization, especially when the CISO is part of the IT organization.


Question: If you could pass or change one regulation/law in cybersecurity and data protection, what would it be and why?

Answer: A national data privacy law in the United States, rather than individual laws that vary by states.


Question: What do you hope attendees took away from your session?

Answer: Never be afraid to step out of your comfort zone to try new things. Be confident in your capabilities. Build a strong support network.


Question: What were you most excited about this year at SecureWorld?

Answer: Getting the gang back together. We have a very strong cyber community in the Philadelphia region. Reuniting in-person with my trusted colleagues and friends was amazing!

To hear more from industry experts like Tammy Klotz, register and attend an upcoming SecureWorld conference or Remote Sessions webcast.

If you're interested in presenting at an upcoming SecureWorld conference, please fill out our speaker submission form.

Continue to follow our Spotlight Series for more highlights from leaders in cybersecurity.