CyberWire Daily - Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
Episode Date: November 19, 2023In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we a...re starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi, Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy, VP, Leadership & Business at Skillsoft Lauren Zabierek, Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing
the world what AI was meant to be.
Let's create the agent-first
future together. Head to
salesforce.com slash careers
to learn more.
Breaking news
happens anywhere, anytime.
Police have warned the protesters repeatedly
get back. CBC News
brings the story to you live.
Hundreds of wildfires are burning.
Be the first to know what's going on and what that means for you and for Canada.
This situation has changed very quickly.
Helping make sense of the world when it matters most.
Stay in the know.
Download the free CBC News app or visit cbcnews.ca.
With TD Direct Investing, you can get live support.
So whether you need help buying a partial share from your favorite tech company, opening a TFSA, or learning about investing tools, we're here to help.
But keeping your cat off your keyboard? That's up to you.
Reach out to TD Direct Investing today and make your investing steps count.
Plus, enjoy 1% cash back.
Conditions apply. Offer ends January 31, 2025.
Visit td.com slash dioffer to learn more. Thank you. series brought to you by Tulsa Innovation Labs. N2K is excited to host an engaging virtual panel
discussion moderated by our president, Simone Petrella. The discussion features insights,
experiences, and strategies for advancing more women into leadership roles within the field.
We hope you enjoy. Good afternoon, everyone. Thank you so much for joining us.
Wanted to get kicked off today and welcome a guest of panelists we have to talk about
some really important issues around women in cybersecurity.
So in this dynamic field, it's been well established that creating more opportunities
for diversity, inclusion, it's essential for developing a highly skilled workforce.
And as an industry, we're starting to see the fruits of that labor,
but there is still a growing need for more diverse leadership
to nurture continuous innovation and resilience in cybersecurity.
So I am so excited as part of N2K's 2023 Women in Cyber content series
to host this engaging virtual panel discussion featuring
the insights, experience, and strategies for advancing more women in leadership roles within
the field. So I will let each of my panelists introduce themselves here. But before we dig in,
I want to give a big thank you to Tulsa Innovation Labs for being our champion sponsor of this content
and our Women in Cybersecurity content series this year.
So appreciate all the support.
Thank you so much for everything you do.
As a reminder to also anyone here,
this discussion is being recorded.
Not only be available for access and listening
after we record this discussion,
but will also be available as a special edition episode
on the Cyber Wire Daily
Podcast. And that will feature and run on Sunday, November 19th. So thank you all again for being
here. We've talked about, you know, what I'd like to start things is around navigating the
cybersecurity landscape and what types of opportunities and challenges that also presents
for women navigating the space.
So if we can start it off, and Abisoya, I'd love to start with you.
If you can start with an intro of yourself and a really brief summary of your journey
into your current role.
Thank you very much, Simone.
My name is Abisoya Jai.
I am the Cyber and Analytics Manager for Tulsa Innovation Labs.
I am deeply committed to creating economic opportunities for underserved communities
and have a strong passion for mobilizing technology to generate diverse economic prospects
for underrepresented demographics.
So early in my career, I actually established one of the pioneering tech boot camps for
girls in Lagos, Nigeria.
And for approximately, let's say, a decade, I led this nonprofit organization called Pulse Africa.
The essence of it is that it's dedicated to empowering young girls and women from underserved communities with tech skills, mainly for the purpose of economic independence. And three years ago, I came to the U.S. to pursue a master's degree
in public administration at the Harvard Kennedy School of Government in Cambridge, Massachusetts.
And following that completion of the degree, I decided to follow my career and
went on to pursue an MBA in cybersecurity at Ottawa University.
So upon finishing my second master's degree, I got my current role.
So in my current position, I'm responsible for managing the cyber portfolio at Tulsa Innovation Labs,
where I help in designing and executing philanthropic initiatives aimed at fostering Tulsa's cyber and data analytics ecosystem.
Amazing. Thank you so much for being here. Lauren, why don't we hop over to you?
All right. Well, thank you so much for having me. It's such a pleasure to be on with all of you.
And I just really want to say that I'm such a fan of Tulsa Innovation Lab, so this is a real
pleasure. And I was saying, I heard you just
mention the Harvard Kennedy School. I think we must have crossed paths at some point while we're
both there. So that's really exciting. So my name is Lauren Zabrick. I am a senior advisor at the
Cybersecurity and Infrastructure Security Agency, where I get to work on a host of really hard problems for the security of our nation.
I have a little over 20 years in national security between the military, my time as a
civilian in the intelligence community, private sector with a cybersecurity startup, and then
into the Harvard Kennedy School where I was a student,
but then also ran the cyber project at the Belfer Center there. So looking at national security for a number of different angles and, you know, just really excited to have this conversation today.
So thank you. Koma, last but not least. Hi everyone, I'm Koma Gandhi, Vice President of Leadership and Business Solutions
at Skillsoft.
And my entry into the cybersecurity landscape
started a long time ago.
I was an active duty naval officer.
When I left active duty,
I started working in information security
and cybersecurity.
So I really was fortunate
to see one of the sort of evolutions
of cybersecurity moving away from
simply things that we thought about in, let's say, a national security context,
but into how it started to permeate our everyday lives.
Throughout my career, I have been sort of adjacent to cybersecurity, information security,
putting together solutions in various landscapes like financial services, aerospace, and defense,
where if it's not a primary concern,
it is definitely a concern when we're thinking about how do we implement technology solutions
that increase efficiency without exposing companies and organizations to operational
and information security risks. And later in my career, I came to Codecademy, whose mission was
to provide technical education to anybody who wants it and to almost democratize access to technical education.
And I spearheaded our cybersecurity curriculum
because we all recognize the gap in providing cybersecurity professionals
who are equipped and spearheaded that curriculum involvement at Codecademy.
And now as part of Skillsoft, I'm really excited to be part of an organization
that offers not just technical instruction,
but instruction in certifications that are relevant
and necessary for cybersecurity professionals,
along with equipping cybersecurity leaders
with the skills that they need to lead teams
and organizations effectively.
So really excited to be part of this panel
and really excited to learn from everybody and talk about all the ways that we can get a more diverse representation into the cybersecurity profession.
Great. Thank you so much. And it's so interesting to hear, you know, especially when I talk to folks who have been like yourselves in the industry for so long.
I've been in cybersecurity industry for over 15 years.
And we talk about, you know, each of you share your kind of story and your career path, whether it's military, intelligence community, through academia,
nonprofits, they're so different and so diverse. And I think there's a perception today, especially
for increasing diversity in the field, that there's actually a singular path to get into
cybersecurity. And we're an example of that there are actually many divergent paths to get in there.
But I'm curious, just to throw this first question out to anyone who wants to kick off, and we're an example of that there are actually many divergent paths to get in there.
But I'm curious, just to throw this first question out to anyone who wants to kick off,
you know, as that landscape is evolving for us in cybersecurity,
what are some of the unique challenges it's presenting for women in the field? And on the converse, are there any unique opportunities that are kind of in play as a result too?
I believe there's a vicious cycle created by stereotypes,
whereby girls often avoid STEM subjects.
And this leads to fewer women in tech organizations,
which pretty much perpetuates this cycle.
Despite this current underrepresentation of women and young girls in cyber, I believe this is poised
to change because even cybersecurity is one of the career choices that allows remote work. And so I
believe this flexibility makes it more accessible to a broader demographic of women and young girls.
So I am optimistic that as cybersecurity continues to evolve and become even more conducive
to remote work, more women will take advantage of this opportunity. Lauren, what do you think?
Yeah, you know, I think there's, you know, obviously I was just mentioning this,
the challenge at the entry and junior levels, And I think that's absolutely right.
But then we also face issues later on, right?
So you mentioned this idea of remote work,
which is so important.
I work remotely.
And to be quite honest, I don't know if I would be able to have
such an impactful, great job
if I wasn't able to work remotely
because I have a family and
other considerations. And so, yeah, there are a lot of different challenges that I think
in cybersecurity we can overcome. And certainly a lot of opportunities. You know, when Camille,
Stuart Gloucester, and I started Share the Mic in Cyber, we came to that with, you know,
a mutual understanding and agreement that diversity is national security. And we have to do what we
can in order to clear pathways and provide opportunities and, you know, shine a light on
people who are doing this work, you know, who maybe haven't gotten that recognition before.
doing this work, you know, who maybe haven't gotten that recognition before, but in doing so,
you know, really highlight the workforce, again, challenges and the opportunities. And I think,
you know, as we're saying, there's a lot here that, you know, we can really make it conducive for a lot of different people. Koma, I'm interested in your perspective, given that you're looking at
this from, you know, educating and training, aspiring people in the field.
And so what have you observed, whether it be in Code Academy, your current work at Skillsoft, that are kind of the challenges women face breaking into the field as the landscape changes, as well as the opportunities?
to make education as accessible and as welcoming as possible, where we wanted to encourage anyone who wanted to pursue a career in cybersecurity
and show them that this was possible, that it's not just for a special group of people,
it's not just for former military people,
that there are a lot of concepts, both technical and in terms of just how you think about solving problems,
And in terms of just how you think about solving problems that somebody can bring to the table and find opportunities to pursue exciting careers in cybersecurity. So we designed our curriculum when I was at Code Academy.
We lead with interactivity.
So we wanted people to feel like they were engaging in the types of activities that they might actually hone and develop as a professional worker in the
cybersecurity industry. So we introduce them to basic tools. We introduce them to basic concepts.
We get their hands on the keyboard, actually doing things and learning elements of what they need to
be successful early on to build that confidence and to build that muscle that says, hey, I can
actually do this. So that was really the approach that we took, that we created an accessible curriculum for
anyone, not just a former programmer or somebody who already knows Python or, you know, that
we brought them into the environment and then encouraged them to explore so that they would
immediately feel like this was something that they could do and then expanded on that curriculum in different directions so that once they built that foundation,
not necessarily technical foundation, but that feeling that, yes, I can do this, then
we basically allow them to pursue different options.
And now combined with Skillsoft, there are specific courses that can be taken in certifications
that are industry recognized.
So it really was, how do we create a curriculum that is welcoming, inviting, and builds confidence
on day one so that that person can see themselves in the role that they aspire to?
One thing that sticks out to me is around this idea of, when you think of the opportunities,
we're creating more opportunities for women and more diverse people from different backgrounds to get into the field. But there's that secondary component around what's
the ecosystem that surrounds it and how do we think about the mentorship and allyship and what's
that network of women who are not only breaking into the field at the entry level, but are
progressing and becoming leaders as well. How can we create that environment where everyone thrives?
And Lauren, I want to actually kind of start with you on this because you mentioned that you co-founded the social media
movement, Share the Mic in Cyber, which I am a huge fan of and a huge fan of both you and Camille.
I want to start actually by telling a story because it came up for me last night and it's
not related to cybersecurity, but I had the opportunity to go totally out of my comfort realm. I was in a room with a dinner of women, all in the investor space, which is apparently very similar to cyber in that there are not a lot of them. In fact, potentially even less representation of women who are investors and manage capital than we have in cybersecurity.
than we have in cybersecurity. And one woman shared the story about dealing with her daughter in college and asking about the different areas that her daughter was interested in going into
and specifically called out finance. And her daughter was like, oh, the finance bros? No,
like I don't have a Patagonia vest and I'm not going to be a finance bro. And none of my friends
are going to be finance bros. Like that's only the finance bros. And her mom was like, oh my God,
like why? Like why? Like what is
the barrier to you wanting to do this as a field where you kind of have to get in there? And I
think it led to a conversation around, well, if you don't see yourself because you don't see other
people like you in the field, it becomes almost a deterrent. And so Lauren, I kind of want to talk
a little bit more about Share the Mic and Cyber and this idea of the impact that we can have and what we need to be doing to create an environment where women not
only thrive in cybersecurity, but see themselves in cybersecurity and progressing and leading in
cybersecurity. Yeah, no, thank you. And I appreciate that story. Yeah, I'm sure we've all found
ourselves in rooms like that where, or at least in places like that, in boardrooms or offices, we're kind of looking around and saying, hmm.
Yeah, it's just a hoodie.
We have a hoodie.
They have a Patagonia vest.
We have hoodies.
Yeah.
Let me kind of start, you know, by telling another story, actually.
you know, by telling another story, actually. So when I was coming up through the military and the intelligence community, I didn't see a lot of mentorship. I didn't see a lot of community
and outreach. And I distinctly remember this saying, I don't know who said it. I don't even
remember the context, but, you know, I had asked someone about this and they basically told me,
you know, our generation pulled ourselves up by and they basically told me, you know, our generation
pulled ourselves up by the bootstraps and you should too. And that threw me. I was like,
okay, that's, you know, understood. But when you take a step back and you think about this
from a recruiting and retention standpoint, that is so damaging to the workforce. And so at that point, I just
remember thinking, this is not the answer. We need to do better here. Now, at the same time,
I had been in the counterterrorism realm. And so you can probably imagine what kind of environment
that is. I remember just always having like the scowl on my face because, you know, if you're,
you know, smiling or whatever, people might take that a certain way. And so it face because, you know, if you're, you know, smiling or whatever, people might take
that a certain way. And so it's just, you know, always kind of in this, you know, really hard
mindset. And I also felt like I was banging my head against a wall. And then I took this class
at Georgetown. I had been going to Georgetown at the time. I only got halfway through the program
because I kept deploying. But I took this class called Women in Leadership in National Security.
And I'm not kidding you, it changed my life.
And this class was taught by my now friend, I call her friend now,
DeeDee Halfhill, when she was a colonel in the Air Force.
And it just made me think about the things that we bring to the table
and the connections that we can make and that we shouldn't
put ourselves sort of away, right, in a box just to be at the table, right? We should bring our
whole selves and it should be celebrated. And that truly just changed everything for me.
And so, you know, in subsequent places, I tried to bring that with me, right? And I had also met someone in the Army who,
she had started this sort of mentorship network thing that was kind of like this
peer-to-peer sort of initiative. And so I took those ideas with me at different locations to
try to further those ideas, some, you know, readings and things like that, because I just thought
we have to do better. We have to come together. We have to help each other or else we're, you know,
we're not going to have what we need in our, or the representation that we need in these industries.
And so that ethos, you know, was really with me too when we did start Share the Mic and Cyber. But I think, you know, to your point
about seeing each other or seeing yourself in these roles, I think is super important. And I
think too, in situations where others can see you as well is also so impactful. I look at some people
who saw me when I didn't see myself. And I'll just call out, obviously, I probably
remember him, Eric Rosenbach, right? Like without someone like him, and, you know, I certainly
wouldn't be where I am right now. So like that concept of mentorship and connection, I think,
is so critical. Yeah. So yeah, I would love to get your perspective on this and where you see
mentorship and that's allyship and strong
network, both of women and champions and men in the entire ecosystem in kind of propelling women
into leadership roles in cybersecurity. Alluding to what Lauren said about representation,
representation matters in the workplace and is super important everywhere else.
Most cyber-related organizations are male-dominated.
I believe it's the same with every STEM-related sector anyways.
So having a mentor will help anyone to understand
the nuance of the new environment.
So for folks who have been trying to get into the cyberspace,
for instance, I would say a mentor can actually help you
build self-confidence.
And having an ally will actually help you when it comes to advocacy.
Women should look for two different kinds of mentors, if you ask me.
I would say you need people who are generally building your confidence.
You need people who are probably giving you actionable guidance on specific career paths.
And you can find them, again, you may not be able to find them in the same package, actually. So if you're looking for someone with a general form of
mentorship, I'll say it can be a close personal connection or someone you have some form of
shared history with. And if you're looking for a specific career mentor, I'll say this can actually
show certain mentors in this category would actually prefer that
you show a situation or you show a trait that implies that you are worth investing in.
And this can be that you've done a ton of some homework by yourself and a potential mentor will
just know that you're ambitious enough to say my time is worth it and you're worth this kind of investment.
So get two different kind of mentors. Some you have personal connection with,
personal history with, who can actually help in building general confidence,
help you build your self-esteem and a specific one for career related goals.
You know, one thing that strikes me when you mention that, and Lauren, it speaks to what you said earlier, too. I have found both in my own career, but also with like women coming up who I've mentored and talked to, we sometimes don't state our intentions of where we want to go on the table.
you know, asking someone to be a mentor or a champion, if you don't know, if you don't kind of articulate where you want to go, then it's hard for someone to help you get there. And it just
strikes me that that's something that we probably should all take away is, you know, we shouldn't be
afraid to bring our whole selves to the table, but also be unapologetic in articulating, hey,
this is where I want to go. Help me get there, you know? And if someone says no, they're a pretty terrible person.
Abhisoy, the second thing that you said, which also I think is really critical in kind of this idea of closing the gender gap, is there need to be actionable strategies. And those best practices
and the strategies are often really fall to the organizations, right? We put a lot of burden on
individuals to help themselves. And that's certainly, I think, a distinctly American perspective. But organizations and agencies
and companies all play a role in this too. What are some of the things that you see in organizations
that are some of the obstacles women face when they're trying to kind of pursue these leadership
roles within cybersecurity? This is going to be a continuation of my
previous line of thoughts, which is aspiring female leaders should build self-confidence,
seek mentorship from experienced professionals, and women should invest more in expanding
professional network. Absorb as many women in your professional network. And even men,
absorb as many women in your professional network. And even men, men can actually be great allies,
if you ask me. And I'll probably share some part of that, you know, from my earlier career pathways. But yes, when you get to the top, you will have internal and external allies supporting
you because you've done a lot of work building your network. Continuous learning and skill development
are also appreciated in gaining expertise
and credibility in the field.
To be honest with you, it is lonely at the top.
It's not just a cliche.
And especially when it comes to women in cyber,
when it arrives to leadership,
men can be your allies.
So women, we have to be,
when we get into a new environment, new organization,
carefully study the men in the organization and seek out your allies. This way, when you get to
the top, you have a lot of people supporting you. And I'm in the same situation, so I'm talking to
all of us, basically. Yeah, no, great point. Koma, I'm curious, from your perspective,
what are some of the advice that you give to, you know, young women that you have worked with around,
you know, they're looking to break into the field
or aspiring to overcome those challenges
and pursue leadership opportunities in cybersecurity?
What advice do you give them?
Well, first of all, don't be deterred
in the sense that it's not going to be easy.
But if you believe in yourself,
just like Apasoye said about building that self-confidence, if you believe in yourself and you apply yourself, you will
be able to find those opportunities.
And also find those people who are going to support you in your career.
A friend of mine who I worked with several employers ago said something that was really
interesting.
Your work speaks for itself, but it doesn't say your name.
something that was really interesting.
Your work speaks for itself, but it doesn't say your name.
So you need to be recognized for the hard work that you put in to have people that will support you.
And especially not only allies and mentors, but sponsors.
Who is that person who's going to be in the room?
And when a problem comes up or a challenge or opportunity,
they say, you know what?
I know a perfect person
that can work on this. That that person will be able to align you towards opportunities where you
may not be in the room yourself, but you've built that relationship, but they're your sponsor and
they're helping guide and propel your career in directions that you may not have access to because
you're not in the conversations where those decisions are being made. And I know that is
something that I personally struggled with in the sense that coming out of the armed forces and coming out of my experience
in the Navy, you're not really used to going out and doing that. And when I was on active duty,
there were very few women in leadership roles. And it was few and far between to be able to
find those women and those male allies to be able to build that sponsorship type of relationship.
Now we're talking about it.
There's lots of discussions about how important it is.
It's top of mind for leaders.
So don't be bashful in figuring out and determining not just who your allies are, those women
and men in the organizations, but find those sponsors and articulate what your desires are.
And Lauren, I love the fact that you met people
who could see you before you could see yourself.
It is so important to have that mixture
of people supporting your career
because those are the folks
that when you're surrounded by them
will align, prepare,
provide you the constructive feedback,
identify those blind
spots and help you work on them so that when an obstacle shows up, you're able to knock it down
and just keep it moving. So it's just important to really build those networks and the richness
of those networks will help you shape, define and guide your career wherever you choose to direct it.
That's a great point. And I think, you know, we as women,
it's actually one of the things
we're so naturally skilled at
is kind of building networks and collaborating
and coming at problems from a different angle.
And, you know, in some ways,
we're uniquely in a position of strength
to be successful in leadership roles in cybersecurity.
And it's just a matter of kind of helping to grow it up.
Lauren, what is the
advice you would give, especially, you know, you've been in military and the intelligence
community and the private sector. How would you kind of approach someone who's looking to overcome
some of these challenges as they pursue a career in cybersecurity and then moving into leadership?
Yeah, I've thought about this a lot. And I come at this from a structural standpoint, actually.
So as a mother of two young children, you know, once I kind of came into motherhood,
you know, it sort of all hit me.
Let me back up real quick and just say when I was a student at the Kennedy School, I did
a paper looking at maternity leave in the intelligence
community. It hadn't been a thing yet. They didn't have leave yet. And this was after I had left.
And as I was doing that research, I saw that at the entry level, the recruiting of men and women
was basically on par. So at the entry-level ranks, it was mostly equal.
But as you got to the higher levels, mid-career and, of course, senior levels,
there was a high amount of attrition of women. And to both Koven's and Abasoya's point,
and I started to think about, well, why is that? And a lot of this has to do with the policies,
whether it's an organization, a company, the country, for instance. And so what we need to
keep women in the workforce and progressing to more senior levels is this support, right? The
parental leave, or even if you're not a parent, caregiver,
access to childcare, high quality, low cost childcare, just health, right? Maternal health,
mental health, physical health, just access to high quality healthcare. Those things are all
so important. And I think in these conversations about, oh, well, you know,
why aren't women in these, you know, ranks and why aren't they doing these things? Let's look
at the structure. These things are matters of safety and national security. It's not just a
nice to have. And yet, you know, our nation, our policies just don't, you know, they just discount
them. Yeah. And that's a great point. And there actually was
a question from one of our audience members that I think kind of hits on this because,
Lauren, you point to, you know, there's, it's maybe not so much a entry level experience gap
that we're experiencing, but it's this squeeze in the middle, right? You get to the leaders,
but it's those in the middle and that becomes a really tenuous time. For a lot of folks in the industry right now,
we have been dealing with a very challenging market. There have been significant layoffs
in technology and other sectors. And many women facing those layoffs are kind of coming to this
realization that they need to pivot after having maybe a 10, 15, 20-year career in a related but non-cybersecurity field.
So as we think about not only advice for those women,
but kind of some of those structural things that we can do,
how can we help people who are looking to pivot mid-career,
you know, and kind of break into cybersecurity,
bring what is this wealth of knowledge from a whole career,
you know, in these very industries that we want to find them, what can we do to kind of give them an opportunity to get into some of those
cybersecurity roles that we so desperately need them in? I'm throwing you all a curveball, so I
don't have a particular person lined out. I think part of it has to do with helping people understand what cybersecurity is.
The variety of different types of skill sets that can be brought to the table.
So it's not just technical skills and certifications,
but what are the things that a person can marry from their career,
align with the technical understanding certifications and knowledge,
and then point them towards rewarding careers because people don't
necessarily understand that there is a variety of opportunities that don't just line up specifically
with what they might perceive to be the job role or the job families that sit within the
cybersecurity industry. So I think part of it is just being able to help educate and help give resources to women
so that they can discover, oh, I didn't realize that this was an opportunity, or I didn't realize
that people did this in the cybersecurity industry. So I think that really starts, that's part of it,
that for people who might have excellent skill sets and aptitude, it's not what they think it
might be. There's a wealth of opportunities
available to them, but they just have to get the opportunity to understand the different
types of job functions that are available within the broad space of the cybersecurity industry.
Lauren, what are your thoughts? Yeah, I think I definitely echo what Kamo is saying,
and I'll just provide a couple of concrete examples. I mean, for myself,
I came from intelligence, I came from counterterrorism, and a lot of, you know,
the lessons learned from all of those experiences have also, you know, shaped some of my thoughts
in cybersecurity. There's also, you know, a number of roles, you know, even in CISA. I know some people who are in user experience, customer experience. And here, it's There's all kinds of roles in cyber that you can bring your perspective,
you can bring your expertise from another place
to then bring to bear to this very vast, very complex set of issues.
Abisoya, I want to point out, because I know just, I believe,
about two weeks ago, President Biden announced that Tulsa, Oklahoma will be designated as a
tech hub. And that's a designation offered to it by the U.S. Economic Development Administration.
So first of all, congratulations to Tulsa. That's very exciting. How do you think that will kind of
open opportunities to elevate gender diversity in the Tulsa. That's very exciting. How do you think that will kind of open opportunities to elevate
gender diversity in the Tulsa community and beyond? Let's start with the fact that at the
core of everything we do in the Tulsa ecosystem is talent development. And at the core of this
is actually diversity and inclusion. So the Tech Hub designation will open up opportunities to
capture a significant share of the global market, resulting in substantial job creation.
Now, these jobs will specifically target women and underrepresented groups,
adding more diversity to the workforce and offering wages higher than the regional average.
And currently, we are working towards a phase two
of the tech hubs. We should be submitting this in February next year.
That's fantastic. And I think between pointing out what opportunities being a tech hub can,
Lauren, your comments and Koma's on switching from mid-career, one of the things I've always
noticed for us in the industry, and I've been in this space for the last 15, 20 years as well, is as an industry, we sometimes miss the boat on the fact that we care sometimes about institutional knowledge more than we do about the pure technical skills of cybersecurity.
And the one thing that you can't teach someone off the bat is all the experience required of understanding organization, its risk profile, what its ultimate
business objectives are.
And so for women in particular who are pivoting in from other fields, that doesn't leave you.
Like that's not experience that is not irrelevant.
In fact, it's actually incredibly valuable to pivot into a cybersecurity position.
I mean, my sense is sometimes that maybe as employers, we sometimes
are collectively kind of missing the value of that institutional experience over that technical
skills. Does that something you guys agree with? Do you see that as well? Or are we actually kind
of turning the corner and people get that now? I mean, I haven't necessarily worked in, you know,
the outside industry very much. But from what I've heard from lots of different people is that job descriptions are still really prioritizing those very hard skills or very technical skills and certifications and certain years of experience.
you know, certain years of experience. And I think, but there's also this conversation that, you know, don't need a four-year degree, you don't need X, Y, and Z, that entry-level jobs
don't require all, you know, this laundry list of things, right, that we have to sort of optimize
towards pulling in people and then you can teach them. You can teach those skills later on.
And so I think there has to be more of those opportunities
to pull people in based on curiosity and aptitude
and leadership and desire to do this
while giving them the experience and the skill set needed
and continue to build on that.
Come on, it looked like you wanted to add something to that.
So I wanted to give you a tip.
No, I think you raise a lot of interesting points
because the mindset from working in an industry
that might not be specifically cybersecurity,
that institutional knowledge is beneficial to shorten the distance
between helping a business or an organization understand where its vulnerabilities are because
you understand the ecosystem and the industry in which they operate and i'm just thinking about
aspects of having that information security and cybersecurity training later on when i was working
financial services when we're doing let let's say, evaluations of software, having an understanding of why certain
questions are being asked or what questionnaires are being presented that help teams who are
supposed to be evaluating the security profile and security risks, being able to have better
quality conversations about why they need information or how to connect the dots more
easily rather than somebody who may not have had an InfoSec background and or understand the about why they need information or how to connect the dots more easily
rather than somebody who may not
have had an InfoSec background
and or understand the industry
that they're working in
and may not understand
why certain questions are being asked
or why they need to understand
specific aspects of architecture
or planned deployment
or where data is going to be residing.
And things like that,
that those basics that you retain
don't leave you.
And I think that it's really important that those basics that you retain don't leave you. And I think that it's
really important that we recognize that there is something to be said for being able to bring both
together. And you can acquire the technical skills. There's a lot of opportunities to educate yourself,
but we shouldn't discount the value of that institutional knowledge and the ability to
shorten the distance between information gathering and being able to communicate effectively with senior leaders in an organization who need to understand the
implications of certain things that are or could happen. And if I can make a quick call out,
because to the point on job descriptions, I know that's something that we see very,
very frequently is just how poorly written job descriptions are, even if they over-index for
technical skills or they are under-indexed in the things that are actually critical for someone to
be successful in the role. That whole issue is compounded for women because we have studies that
show that women will not apply for a job unless they meet almost 100% of the criteria. I think
structurally, institutionally, we can kind
of keep the charge going to change those job descriptions. But my kind of quick highlight
here is that if you are a woman looking to pivot or achieve some of those jobs, apply, apply,
apply, apply, whether you think you meet the criteria or not. Agree. Definitely agree.
think you meet the criteria or not. Agree. Definitely agree. So I want to kind of, the last topic I'd like to cover before we wrap for the afternoon is really around the future of
cybersecurity leadership and how can we look at this evolving role that women can play in shaping
the future here. So I throw this out, Abasoya, maybe we start this one with you.
How do you see the role of women evolving,
specifically in cybersecurity leadership?
Are there any emerging trends or new technologies
that you think will help play a role in this evolution?
Where are we going?
I'll say the role of women in cyber leadership
is evolving positively.
And this is probably driven by increased representation, educational initiatives, and the formation of supporting networks.
So, for instance, I belong to like two, three different WhatsApp groups, whereby maybe each of them have about 400 people trying to get into cybersecurity.
I mean, I don't even do anything in that group besides just watching and listening to conversations.
And whenever folks need, you know, some form of assistance, I pop in, you know, recommending courses, certifications or training opportunities.
So I believe the general drive for inclusion will also help to get more women in cyber.
There are so many initiatives across the U.S. right now encouraging women to join the cyber workforce.
And when it comes to trends, I believe the shift to remote work really offers greater flexibilities, especially for mothers.
Lauren, what's your take?
Do you see, you know, as you've kind of done all the initiatives you've done in Recorded Future with Share the Mic, where do you see women going in cybersecurity leadership positions?
You know, I look to the women now who are in cybersecurity leadership, but I'm looking more government-wise because that's, you know, where I am and that's kind of where I've been focused for the last few years. But like, you know, we've got Kemba, who's acting national cyber director. We've got Ann Neuberger at the NSC running cyber, got, you know, my boss, my ultimate
boss, Director Jen Easterly at CISA. Then you've got all these women underneath them, right? Val
Cofield, our chief strategy officer at CISA. Camille Stewart Gloucester, the deputy national cyber
director for tech and ecosystem security, and the women who work with her, Umu Lai, Anjana Rajan,
Aon Islam, you can see the imprint or their imprint upon the strategic vision documents
that have come out of the White House. You know, when the national cybersecurity strategy came out,
and then the cyber workforce strategy came out,
you could see the difference in the perspectives
that shaped those particular documents.
And I think it was fantastic.
It was amazing to see.
And I'm just, I'm so proud of Camille and like just everything
she's done and everyone at the National Cyber Directorate. And then of course, to be able to
work with all these women at CISA from the director on down to the women that I work with every day.
So we're here, right? We're doing stuff. So I'm not necessarily worried about, you know,
So I'm not necessarily worried about where we might be going. We're filling these top roles. It's the sustainment. I'm busy pulling former students in and pushing them to apply to things and get out for talks and go and, you know, go for different roles. So I'm, I'm so proud of all the students that have done that. And so I'm, I'm kind of focused on that. Like, how do we get, um, young
women who are really interested in this, who want to, um, you know, to serve in some way to get
these experiences, um, and then keep them here and, and not necessarily just stay in government.
I think there is huge value to, to come in and go out and get lots of different experiences, and then keep them here. And not necessarily just stay in government. I think there is huge value to come in and go out and get lots of different experiences. But I mean,
to stay in the workforce and feel supported. Again, I just go back to those policies, right?
You know, Adesoya, you mentioned working remotely. And again, I literally could not do this job if I had to be in the office every day because
my family, you know, we're settled up in the Boston area.
And so I just, I literally cannot pick them up and move them, you know, to DC right now.
And so I'm so grateful for Jen Easterly and, you know, all of CISA saying, yeah, that's
totally fine.
We want to hire talent where it is. And so I think looking to policies like that, and of course, leave and
childcare and, and, um, you know, all of those things are so important for creating this environment
where women can succeed. Koma, I want to direct this last question specifically at, at you,
you know, we just talked about outside of seeing the actual number of women in some of these positions go up,
what metrics or indicators could organizations use to track their progress in kind of advancing gender diversity in their cybersecurity leadership teams?
And most importantly, how do we hold ourselves accountable for achieving that change?
Well, leaders have to be held accountable.
Leaders have to be held accountable for the types of teams that they are expected to create
and expected to support.
So it is not good enough if you have a group of extremely bright, talented people who are
women or from underrepresented backgrounds who all exit at a certain point.
You have to understand why. Why are they leaving? Is it a structural issue where the maternity leave was not suitable
for what that person needed for their family? Were they a primary caregiver and have an older
mother or father who requires more care than the leave policy is allowing them to be able to do
that? Is it they don't have the access to new roles, new jobs,
they don't have mentorship and sponsorship.
You've got to figure out what those situations are
and then hold leaders accountable
for implementing policies
or implementing changes in their organizations
so we don't have people exiting at a particular level.
That's critically important
that if you don't measure it,
you're not
going to be able to understand it. And we have to hold leaders accountable all the way up to the CEO
to be able to understand what is happening in the organization. Because if you're losing talent,
not only is that expensive to the organization to find, recruit, hire, onboard, and train that
person, but you are basically truncating what could have been a brilliant career
by not investing in small things or big things
that can make the difference
between keeping top talent in the organization
that is happy and motivated
and feels like they can bring their best selves to work
or a talent that feels burned out, unsupported, upset,
and feels like they can only bring one dimension of themselves
to work and has to hide the rest of it. So I think that now, especially with the changes in
the workforce that aren't going anywhere, where before the pandemic, remote work in many industries
was unthinkable. Now it's something that many people expect or require to keep themselves and
their families healthy and secure.
That if we're not going to go back to this pre-pandemic five days in the office sort of face-showing type of environment, we need leaders to equip themselves with the tools and the
understanding to be able to lead these diverse organizations and meet people where they are.
So it's a combination of sort of, I would say, metric measurement to figure out where are these
people going at the edge of the organization. Is it really they had an amazing opportunity
somewhere else? Or did their manager not support them when they needed help? Or did the manager
not listen to them when they said, I need an extra day remote because I have to take care of my sick
mom or my husband who has cancer or my child that gets out of daycare at a certain time?
So really is thinking
about that because the cybersecurity industry isn't immune to those sorts of things. And if we
don't recognize them, both as people who are participating in the industry and emerging and
current leaders, we are going to lose a lot of talent. And not only is that an issue in the
private sector with preparedness and managing risk, but it is a national security issue
if we were not preparing and equipping
our best and most talented people
to pursue and remain in the cybersecurity industry.
Koma, I'm like keeping my arms down right now,
but I want to like raise them up.
I'm like, yeah, girl.
I say go for it, Lauren.
Like if you want to do it, we can do it.
There, I love it.
I think that's a fantastic note to end on
and a great call to action that, you know,
it's also not just because it's accountability of leadership.
It just makes good leadership sense.
Like why would we want to have organizations
that aren't as secure and resilient as possible?
And you do that by having really good invested long-term talent,
you know, wherever they go.
So a huge thank you to all of you,
Lauren, Koma, Abisoya, for joining today.
This was such a really just pleasure,
a really dynamic discussion.
And I want to give one last big thank you
to Tulsa Innovation Labs
for sponsoring our Women in Cybersecurity
content series.
And a reminder,
don't miss it if you did not catch us today, that this conversation will be available as a special edition on the CyberWire daily feed on Sunday, November 19th. Thank you all. Thank you. Thank you.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and
securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.