Industry Insights

Epi Named Former Microsoft Tech Strategist as CIO & CISO

This past July, Episerver expanded its long-standing partnership with Microsoft by announcing the release of Episerver Commerce for Microsoft Dynamics 365. Shortly after the announcement of this collaboration, the two vendors were mentioned together in the news again but this time, it was because Episerver announced it hired Microsoft veteran Sue Bergamo as the company's chief information officer (CIO) and chief information security officer (CISO). The recruit of Sue Bergamo marked the first woman to be a member of Episerver’s C-suite. Following the announcement, our media reporter Laura Myers got a chance to chat with her on her expansive experience in the space, what she has up her sleeve for the future of Episerver, and her personal opinions on some hot topics in the industry today.

Bergamo took on not only the role of CIO but also, the newly expanded role of CISO, Chief Information Security Officer. Before joining Episerver, she was a global technology strategist at Microsoft for over three years, where she worked with a worldwide team of enterprise architects and account managers to execute the strategic development of a range of applications, products and solutions. Prior to her role at Microsoft, Bergamo served in a number of CIO positions in Boston including facilities management and food services conglomerate Aramark. She also headed up enterprise data management at global office supply retailer Staples and oversaw enterprise application development for drugstore giant CVS Pharmacy.

As she continues to climb the ladder of corporate America, we were eager to hear about how she will apply her more than two decades of leadership experience in strategic planning, product management, IT operations and infrastructure, cybersecurity, data management, and application development. “I want to bring all of these experiences to Episerver, specifically my experiences at Microsoft around becoming a cloud architect and developing solutions for large accounts as all nicely fit in what we are doing here at Episerver,” explained Bergamo. She also shared her feelings, saying: “It is very exciting to be the first female C-suite here.”

Before moving forward with her in-depth insight on some hot topics in the industry today, for those who are interested in hearing some career advice from significantly successful people like Sue Bergamo, she shared what it takes to build a successful career and maintain it over the years. According to Bergamo’s experience, the best career advice would be: “Never stop learning and always make yourself industry-relevant.” The piece of advice she shared with us also explains what attracted her to Episerver as a career opportunity: “Before I went to Microsoft, I had been in the cloud-enabled world for so long. Therefore, I wanted to be a cloud architect when I accepted my role at Microsoft. I fought for it with my manager there and became a certified cloud architect while still working at the C-level.” Becoming a certified Azure architect wasn’t something that Bergamo just wanted to check off of her to-do list, yet it was part of her bigger career plan which was bridging her two specialties; cloud and security. This is also where this story circles back to her new role at Episerver as she believes the position she took on at Episerver offers the bridge that she has been looking for.  

Speaking of security, the drumbeat has started to pick up as we are getting closer to the European Data Protection Regulation deadline of May 25, 2018. To help organizations, which are getting prepared to comply with the new regulations, navigate these daunting waters, Bergamo started off by warning businesses: “Even though it is little ways away, there is no time like the present to get started.” Then she recommended companies making sure that they fully understand what that regulation is looking for: “There is a lot of details behind the regulation, especially around the data privacy. Those of us doing business internationally really need to granulize where our data is residing and how we are making sure that we protect it both internally and externally if we store the data in other countries. Then, we also need to understand the protocols around the regulation.”

A breach of the GDPR can result in fines of up to €20 million or 4% of annual global turnover (whichever is greater) and Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements. On top of the steep penalty that organizations will face in the event of non-compliance after the GDPR has come into effect, the average cost of a data breach alone is estimated at $4 million, and 70% of data breaches are caused by internal employees. Even though GDPR readiness is a large exercise, as Bergamo suggests, understanding what the regulation is looking for and how to satisfy that from a data management perspective would make a great starting point.

It is no secret that data breaches are evolving threats for all industries thus organizations need to take security more seriously. Therefore, Bergamo is so excited for the pace of cyber security technology, as she puts it, “Technology around security is fast and furious as every month there seems to be a new technology out there. That’s terrific because vendors are helping us protect our businesses.” She sees the recent positive improvements around machine learning and big data as the fuel of the powerful tools such as advanced analytics to withstand against cyber-attacks: “Gone are the days of having network administrators read log files and trying to figure out when breaches or threats are occurring as those sophisticated and advanced analytics tools are taking shape in the space to help us propel the industry moving forward, and hopefully find some horrible criminals out there that just need to be caught and put away.”

Today, many enterprises use cloud services to enable their employees to collaborate through sharing, editing and updating files on the cloud without having a comprehensive security protocol to protect sensitive information within the shared files. As a result, this situation leads to increased chances of sensitive data loss through violations of data loss prevention (DLP) activities. A study conducted by Netskope, for instance, concluded that webmail has the highest occurrence of the policy-violating activity. The report also noted that DLP violations can differ, giving examples of improper downloading of a non-public press release and theft of customer data from CRM by a departing employee. All sensitive information from private transactions, to a personal communication to intellectual property is a target. Organizations have to fully understand that cybersecurity is a fundamental component of confidentiality. Employing an alarmingly sloppy web security, communications policy and unpatched content management systems may result in loss of critical information as well as reputational and financial losses.

Another emerging trend that excites Bergamo is prescriptive analytics which uses a combination of techniques and tools such as business rules, algorithms, machine learning and computational modelling procedures to advise on possible outcomes before the decisions are actually made. The difference between prescriptive analytics and predictive analytics is the fact that while predictive analytics are about understanding the future, prescriptive analytics are all about providing advice.


The technology landscape has been changing at light speed in recent years, so much so that today, we are developing high-end technology to establish a permanent, self-sustaining colony on Mars. Having said that, there is still a specific aspect of the technology industry that should have moved much faster by now: the inclusion of women within meaningful IT and technology leadership roles. Today, unfortunately, women only make up to 25% of the U.S technology industry. The percentage is even more depressing when it comes to senior positions. Off camera, Bergamo also shared her opinions on being a women in the technology world. As a matter of fact, being a minority in such a male-dominated industry seemed to lead her to embrace that career advice mentioned earlier in this article. We loved the way she put this, saying: “As a female, it is really hard in tech to keep the job as there is always another groom that shows up. I don’t want another groom behind me I am the bride! The only way to make this happen is to stay relevant and never stop learning.”

Bergamo sets another strong example of an accomplished female tech executive with firsthand experience in building a more inclusive and collective corporate culture. As the CMS-Connected team, it is always delightful having insightful conversations with incredible women in the tech industry thus we are excited to hear more about the progress the Episerver team will make after Bergamo’s participation in the near future. 

Venus Tamturk

Venus Tamturk

Venus is the Media Reporter for CMS-Connected, with one of her tasks to write thorough articles by creating the most up-to-date and engaging content using B2B digital marketing. She enjoys increasing brand equity and conversion through the strategic use of social media channels and integrated media marketing plans.

Laura Myers

Laura Myers

A digital business, marketing and social media enthusiast, Laura thrives on asking unique, insightful questions to ignite conversation. At an event or remotely, she enjoys any opportunity to connect with like-minded people in the industry.

Featured Case Studies