On a typical weekday, the hum of TD’s security operations is steadier than the headlines it helps prevent. It is by design. As senior manager of information security, Farzia Khan is the sort of leader who keeps the focus on systems, people and practice, building capabilities long before a crisis demands them. “You have to think about the risk,” she says. “What about the cybersecurity?”
It is a question that has shaped her path from self-taught student to team builder in one of Canada’s most risk sensitive industries.
Before she had a title, Khan had a habit: teach yourself, then go deeper. Growing up without a family background in tech, she taught herself high school subjects online and came to a simple but powerful realization, that “the power of technology” is that “you can pretty much self-teach yourself anything online.”
That confidence pushed her toward a STEM degree and into a field where she would ultimately thrive. It did not hurt that she speaks six languages, a skill that mirrors her knack for translating between business priorities and technical realities.
A pivotal spark arrived at York University, where a cybersecurity course led by professor Natalija Vlajic flipped the subject from abstract to urgent. The class was “super engaging,” Khan recalls, with a professor who “truly cared about her students” and brought in guest speakers to show how fast the field was evolving. It turned cybersecurity from a checklist into a conversation, and that is a conversation Khan has continued at every step of her career.
Early exposure to the scale and stakes of financial services came through the Bank of Montreal CEO’s millennial advisory council.
As a second-year student, she gained access that few undergraduates receive. She saw how large technology departments in major banks actually operate. The experience also connected her with her mentor and sponsor, Claudette McGowan, someone who hired her while she was still a student. The timing placed Khan inside real projects enhancing technology experience and touching emerging technologies, from service robots and voice interfaces to early AI.That work sharpened her lens on risk.
“As banks we tend to be risk averse,” she says, “and that is where the cyber security conversation got into the picture.”
The translation was natural. If you are testing the cutting edge, you must harden the basics. As Khan moved to TD, that mindset turned into a mandate. Her work has included building a cyber program under the Fusion Centre, advancing strategic initiatives, leading simulations and tabletop exercises, expanding security awareness training and spearheading a push on external partnerships and upskilling.
In other words, practice, prepare, partner.
The story is not only about structure, but also about culture. Alongside the frameworks and exercises, Khan is intent on influencing how people think about security in the flow of their work, the everyday decisions, the language leaders use and the openness to ask for help. It is consistent with her broader view of what actually moves the field forward
Community, for Khan, is not a talking point; it is a practice. When she moved to Canada in 2013, she noticed how isolating some spaces could feel.
After attending a hackathon with a “bro culture” where she felt out of place, she helped build the space she wished existed. ElleHacks, described as Canada’s first and, today, largest all-women or women-focused student hackathon, became a national signal that belonging powers excellence.
The event drew sponsorship from Microsoft, Google, Deloitte, Shopify and banks. But what Khan returns to are the conversations after the fact; students who say the experience changed their confidence and their trajectory.
“It just makes me feel so good that something small that you can start, can grow into something so big,” she says. “You can literally change people’s lives.” She adds that over the years “countless female students” have told her they landed internships or full-time roles because of ElleHacks.
If the throughline is clear, so are the headwinds. Khan is frank about the market’s contradictions. On the one hand, we talk constantly about a shortage of talent. On the other hand, she meets many people who feel they have experience, but who are not getting opportunities.
The problem, as she frames it, is a gap in the middle – plenty of eager early career candidates and a shortage of seasoned specialists. “If there are no opportunities for the talent to build that muscle,” she warns, the industry cannot grow the experts it needs.
There is also the asymmetry between offence and defence.
“For offenders, a single breakthrough can be enough” Khan notes, “whereas in our case there is no margin for error” Compliance and process are essential, but they can slow defenders in ways adversaries do not face.
Now add generative AI. “The adversaries are using it,” she says, and with escalating threats, the next few years will be an interesting trajectory for everyone in the space.
Her advice to aspiring professionals is crisp and pragmatic. Do not start with a wall of certifications. Khan holds the CISSP and respects what credentials signal – industry credibility – but she cautions against making certs the first step. Instead, find out which domains interest you the most, then work toward building expertise. Do the reps. There is no shortage of learning materials and resources online, she adds, pointing to platforms like Hack The Box and TryHackMe. Pick a path, stick to it and build depth.
And do not do it alone. “There are some amazing people in the community and amazing networks available,” Khan says. Competitions, hackathons, meetups and capture the flag events are chances to learn and to be seen. If her own trajectory proves anything, it is that skill and sponsorship compound. The industry needs both to close its gaps, and leaders need both to build cultures that last.
At work, that means continuing to invest in simulations, awareness and partnerships, disciplines that turn capability into muscle memory. In the community, it means creating more on-ramps, more visibility and more chances to try. It is the builder’s mindset – make the system better and bring more people along. The result is fewer headlines and more careers.
Kicker: Khan measures success in quiet rooms and open doors, systems that work when no one is looking, and a next generation that walks through them with confidence.
Readers can connect with Farzia Khan on LinkedIn here
This section is powered byRevenue Dynamix. Revenue Dynamix provides innovative marketing solutions designed to help IT professionals and businesses thrive in the Canadian market, offering insights and strategies that drive growth and success across the enterprise IT spectrum.
Terms and Privacy Policy
