CyberWire Daily - Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge [Threat Vector]
Episode Date: March 16, 2025We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector ever...y Thursday here and on your favorite podcast app. In this special Women’s History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42. They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today. Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/ Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
I think we can pick certain situations where we either delivered some innovation and or
we solved a customer critical issue and things like that. But, you know, over time, I think it's, you know,
I can't say it's me or I who have done it.
It's really a team of people
and just working with incredible people
like I am now at Palo Alto Networks
is I think the most substantial way to make it happen.
Welcome to Threat Vector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity
threats and resilience and uncover insights in the latest industry trends.
I'm your host, David Moulton, Director of Thought Leadership for Unit 42. This episode is a special one.
In honor of Women's History Month, we're highlighting the experiences, insights, and
advice of four incredible women in cybersecurity, leaders here at Palo Alto Networks who are
shaping the future of our industry.
I spoke with Christy Fredericks, Chief Partnerships Officer at Palo Alto Networks, Tanya Shastri,
SVP of Product Management, Sama Machada, Consultant at Unit 42, and Stephanie Regan, Principal
Technical Architect at Unit 42.
These women come from diverse backgrounds, business, network, AI, digital forensics.
But they all share something in common, a passion for problem solving and making an impact.
In this episode, we'll hear about their journeys into cybersecurity and what's kept them engaged
and the advice that they have for the next generation of women in this field.
Let's start with what brought them into cybersecurity and why they chose to stay.
Christy Fredericks, Chief Partnerships Officer at Palo Alto Networks.
Can we say I've pursued a career in cybersecurity when it's been about 14 months out of my
career?
I was inspired by a couple things.
I have always been drawn to mission-driven organizations.
When I was early in my career,
I thought that meant nonprofits,
and I spent a little bit of time both in public education
as well as in nonprofits,
and I realized that I believed
that I could have a better impact in the for-profit sector.
I started my career in consulting,
having an impact on my clients
and making sure their businesses were operating effectively for-profit sector. I started my career in consulting, having an impact on my clients
and making sure their businesses
were operating effectively
so that they could have strong careers
and add value to their customers.
I moved into technology.
My first operating role was in the observability space.
And the mission of that company
was to help software run and perform well.
And when you think about how much of our day-to-day life
is dependent on software,
that felt like an important mission.
But there's nothing that really beats
keeping the digital way of life safe.
So as I was working in observability
and making sure software runs properly,
you could see how much of an opportunity there was
for bad actors to attack software and
really impact people's livelihoods, people's experiences, and it just felt like a really
important industry.
And what better company to pursue than Palo Alto Networks?
Tanya Shastri, Senior Vice President of Product Management at Bolo.
I lead our network security platform and product operation.
In my early part of my career, I did a bunch of networking because I had studied telecommunications
and networking and so on.
I had also done some information theory in my masters and that course had always been
something I wanted to go back to.
So, it was very intentional at one point in
my career to move to more of a data analytics insights,
machine learning, AI, all those kinds of things.
And through that process,
securing data became very important to understand.
And I started working on what we called
malicious fault-tolerance systems,
Byzantine fault tolerance, and so on.
And that kind of segued my interest into security.
And that's what actually brought me to
Palo Alto through that interest in security.
And it's been so interesting because
when it all comes together
actually security is a there's a lot of analytics and AI you know as part of security.
My name is Sama Manjanda. I'm a consultant at U of 42. I think my main inspiration when I came
to cyber security was the very first professor I actually had in cyber. I took a two-unit elective
in cyber and I just kind of-unit elective in cyber,
and I just kind of didn't really know what to expect.
Lo and behold, a semester later, I was totally hooked.
I credit it all to that professor of mine, Joe, from USC.
He changed my outlook on so many different,
in so many different ways.
He challenged me to like think a different way
and opened me up to a whole new world of possibilities.
And when I decided that I wanted to pursue cybersecurity also, again, he was my mentor
also during college.
He really just was very, very encouraging in terms of like helping guide me through
what classes to take, what kind of, you know, career opportunities there were. And so that whole program just totally changed my life
in many different ways.
My name is Stephanie Regan,
principal consultant on the IR team with Unit 42.
Generally, I have always had a mission-driven desire
to help others.
So everything that we do day in, day out,
whether it's working a ransomware recovery case
or building a better way to respond during crisis ease
or improving protections to prevent crisis ease
from happening in the future,
the work that we do day in and day out is impactful
to the other people that are on the other side
of our services.
I was really attracted to cybersecurity
and even just the tech field in general
based on the growth and opportunity that is presented
in a rapidly evolving environment.
So tech is changing every single day.
We've seen the advent of AI.
We've seen, gosh, so many different implementations
of new technologies over the years
that the hunger and desire to just keep learning and growing as the field evolves,
and change, and pivot to the next technology or the next big thing,
is something that's really exciting.
I just hate stagnation.
I'm a person that gets very bored or upset if I'm
sitting still and not moving forward in my career, in my life.
I was really attracted to cyber and tech,
which in its nature is constantly evolving.
And I get to be a lifelong learner
and continue to grow as the field develops.
["Dreams of a New World"]
It's fascinating to see the different paths that led each of them into cybersecurity, whether it was through AI, partnerships, education, or forensic investigations.
And yet, a common thread among them is that cybersecurity is a field that demands constant
learning and problem solving.
So, what keeps them engaged?
It really brings it home when you have kids.
And for me, actually, it was when the kids aged into
the sort of grade school years where it's just such
a special time and such an exciting time that
all of the time that I have when people ask me what my hobbies are,
that's my hobby is raising children, because that's what I do in my spare time.
But anytime you're not with them,
you wanna have that time matter.
And a great bonus is that you're creating a better
place for them to eventually grow up,
live, work, start their careers.
And it's just a nice combination when you see like,
I love the time I spend at home
and I love the time I spend at work.
And you realize how precious both of those things are,
so they really need to matter.
Just yesterday in a hallway conversation,
you know, there's a few of us who agreed that folks here,
we actually get energy from those tough problems.
So it isn't like we have to keep our energy up.
It's kind of the other way around almost.
And each one of us had our own story
as to how we stay mission oriented
and continue to have the energy for what we do.
Personally, on my end, I've, since I was a child,
been kind of very interested in the
defense forces, you know, the army, Navy, Air Force. At one point, I wanted to be part
of a cavalry somewhere because I did a lot of horse riding growing up. And I feel like
what I'm doing today has brought me closest to that hope I had as an elementary school
child, right? So it's very interesting how each one of us brings
a different perspective and what drives us towards it.
But at the end of the day, I think it comes back
to the fact that we are actually energized
by solving these hard problems.
We want to do it.
I think when I first got started,
I was almost a little overwhelmed
just because there's so many different parts of cyber,
there's so many different avenues you can go down.
And I really just didn't, I kind of like frozen,
was like, I have no idea what I wanna do.
I tend to explore some things and I get more interested
and it's like, wait, now it's like,
I can't decide between them.
Like, what am I more interested versus less?
And that's one thing where I think unit 42
was really great when I started working here.
Nobody ever told me,
yeah, don't go down this path.
Like if you're interested in it, like, oh, sorry,
you're stuck to only this one box.
Like you can only look into incident response.
You can't, you know, explore other sides of cybersecurity.
When I started here, I actually had a couple
of really cool mentors who took me under their wing,
let me watch, let me sort of shadow along, and let me explore. And I think that's really
what kept me going.
I basically always had a fascination with tinkering and making things faster, better,
smoother. I'll take you back to the days where I was running a crime lab out in Hawaii, kind of what made me probably most proud of my career out in Hawaii was the introduction of rapid DNA.
So in rapid DNA is a very new technology in kind of the crime lab
world and we were really early adopters of it. That was a really proud
moment of my career to see these tools that we implemented get utilized
on a very large and impactful scale
that just kind of continues and carries throughout my career,
whether it be the X products that we have at Palo
or it's playing with the latest AI platforms and automations
or whether it's kind of just tinkering with anything random
that we have within our toolkit of digital forens them, it's a mission.
And that passion translates into real-world impact.
I asked each of them to share a moment in their career where they felt that they made
a meaningful difference.
When I'm in with our alliance partners, ideating and innovating on how we go to market together.
I'll give a couple examples.
Deloitte has an AI factory where they are building
a scalable way to actually build, deploy, and run
AI applications for their customers.
Really important, it's the way businesses are going to be run.
Nobody really knows how to do that.
They want a trusted advisor.
But none of the partners at Deloitte were really thinking,
hey, we've got to be security first in this,
except for some of our security colleagues at Deloitte.
And the ability for our AI suite of products,
AI runtime, AI access, AI SPM,
to make sure that Deloitte can not only provide
that service for their customers,
but see around corners and keep it secure,
was eye-opening for the Deloitte partners
that I was able to meet at their partner event
in Las Vegas in December.
And it really resonated as they thought about,
it's not just about the new technology,
it's about keeping the new technology secure.
The initial reaction of the non-security partners was,
security would be a nice to have,
but then when you could articulate actually, not only is it a need to have, it's a relatively
straightforward thing to incorporate from the jump because of Palo Alto's suite of products.
So the fact that I was able to be there alongside those partners as they were ideating on their
AI factory, and we were able to bring together our technology, our technologists and their salespeople and partners
to create a whole new way of approaching AI
was an experience I'll remember
because it was one of those sort of pinch-me moments
of how am I able to be a part of this innovation?
I won't be shy to say I've had a long career.
It's been multiple decades now.
So there's certainly been points in time, right?
But I think overall, over time, essentially driving
to what's most important, being able to have the impact
really,
I would ultimately say if I were to kind of really take a step back, it is being able to have the insights
on where we have the best leverage that we can have
or kind of where can we be most impactful.
And then bringing a team together of experts,
I don't expect myself to know everything
and to be able to bring all the answers together
at any one point of time.
But being able to have the insight
of where we need to focus and bringing the right people,
appreciating who can be the experts to solve those problems
and bringing people together to drive to those solutions, I think, is probably what I'd say
is the approach I've used that has created impact over time.
I think we can pick certain situations where we either
delivered some innovation and or we solved a customer critical
issue and things like that.
But, you know, over time, I think it's essentially really, you know, I can't say it's me or I
who have done it.
It's really a team of people and just working with incredible people like I am now at Follow
Order Networks is, I think, the most substantial way to make it happen.
My most impactful moments are always when I'm able to sort of help and guide somebody else.
I think my favorite way of thinking about it is that,
somebody did this for me, somebody opened a way up for me
and sort of changed my whole thing
and encouraged me in some way.
So it's always really rewarding when I can kind of give back.
And it's like, yeah, it's like some of the people
who've done it for me, obviously I can't give it back
to them specifically, but the idea of paying it forward,
I think really kind of always appeals to me, I guess.
And so, yeah, I've had a couple of instances,
actually one when I was still in school,
I was actually, I was a teaching assistant
and that was the very first time I think
I kind of had this realization
that what I've done is really cool just now.
And I had a student who was struggling, I was a TA for the inter cybersecurity class.
And I remember the beginning of the semester she was really frustrated, she was really
struggling and kind of was like, I don't know that this is a great fit, but she sort of
stuck with it.
And the whole semester, we worked together a lot and she just persisted
really that was the thing.
She worked really hard and at the end of the semester, she actually wrote me a handwritten
letter, I still have it actually.
And she wrote this card and said, thank you so much for all of your help, like because
you believed in me and because you said, you know, just keep going, I fully believe in
you. She ended up fully believe in you.
She ended up miring in cybersecurity.
And so I think that just was like one of my first like, whoa, like, okay, what I've done is I've made an impact on somebody.
One of the areas that's been majorly impactful to our ability to respond and incident response engagements
is some projects I was working on on automated eradication and containment. So being able to very rapidly ID what's going on in an environment
and contain that immediately.
So doing things like remediating IOCs, indicators of compromise on dist.
So whether that be files, whether it be users, whether it be services that exist,
being able to identify those and remediate
them right away and actually have that driven by the observation of the tool rather than
waiting for analysts to observe particular issues and then actually do them.
So that's one that's actually been able to really increase the rate at which we are able
to get our clients back to that business as usual and has been a very impactful project for us here at unit 42
Each of these moments highlights the power of cybersecurity not just in protecting organizations
but in shaping careers driving innovation and even changing lives and
shaping careers, driving innovation, and even changing lives. And as this industry grows, I ask what advice do they have for the next generation of women looking to break into
cybersecurity? I didn't enter this industry until 25 years into my career. So by then,
I had racked up a series of experiences and insights that I could bring to this business.
So if you wanna be like me,
what you would do is start by just learning the fundamentals,
whether it's engineering, which is not what I did,
engineering, computer science, that way of thinking,
problem solving, breaking things down
that can be applied in other fields,
or for me it was business.
I was always very passionate about
business strategy, ended up getting my MBA, I was a consultant for many years, and that's a way of teaching you how to think that is really foundational and fundamental. So I think
early in your career it's just think about how much can I learn, and it's about learning less,
less so about learning, hey I I'm gonna be the absolute expert
in a particular technology that will develop
and evolve over time.
But it's learning how to think
and it's learning how to lead people.
And there's a lot of different disciplines
that can help you do that.
Like you said, I haven't been in the cybersecurity space
for the entire duration of my career.
And when I first joined Polo Ordo Networks,
in fact, within the first few days,
I had 200 plus acronyms
that were kind of specific to cybersecurity.
I've had people talk to me about the cybersecurity space
being like the gaming industry, for example,
you know, you're either a gamer or you're not,
you're either a cybersecurity person or you're not.
And actually, when I look at it a little fundamentally,
I think it really is related sometimes the perception
is because of the language, right?
The point I made about 200 acronyms in the first few days.
Once you get over that and you understand
what the core principles are
or what those acronyms really mean,
I think it's not like it's a different industry dramatically.
You know, there's a lot of synergies between what happens here in the cyber security world and everywhere else.
That perception that it is, you know, you're either a cyber security person or you're not, I think is not accurate.
And I'd love for people to be aware that it's just a matter of a language, really.
And a lot of the language, it's like, you know,
there's a term in the cybersecurity space.
There is another term in another space
which means the same thing.
You just have to map them, you know?
And then once you have the language figured out,
I think everything else follows very quickly.
And it is a very welcoming industry.
I think, in a way, our CEO, Nikesh, will say, right?
He was new to the cyber security space
when he joined Polaroid Networks and the impact he's had is just phenomenal.
So I think everyone should have the awareness that you can get into this industry.
There is a lot of value to be generated.
It's a good place to be.
And with the right mindset, you know, no reason why someone shouldn't
try.
Finding like what you're interested in and sort of sticking with it is my big advice.
I think there are certainly like a lot of challenges that come with being in a field
like this and certain subsets more than others definitely, especially like, you know, some
fields might be more, might feel more demanding.
They might feel like, you know, there's a lot more on the line
and that you can have to be around 24-7
or that there's a lot more pressure in certain situations.
So I think the fine line there is, again,
finding something that you're genuinely interested in
and making sure that it is sort of something
that you are passionate about.
The field has been growing rapidly
and I think more and more doors are opening every single day.
One thing that I would say as far as the advice
to the next generation or even the current generation
of people is actually comes from another podcast
that I was listening to recently,
which was We Can Do Hard Things with Glennon Abbey
and Reese Witherspoon actually, that we're talking
about basically that most people and especially women always have this subconscious that we're
either doing too much or not enough and we're never quite in that sweet spot of where we
want to be in our careers.
You know, they went into a lot of reasons on why that is, but generally I think the
kind of takeaway there was that you can be successful.
And I feel like, you know, I've been able to be successful in my career and I've actually been able to bring my authentic self and my passion to the career and be successful.
I definitely fall into that sometimes thinking, you know, I need to do more than everybody else just to get to the same level.
than everybody else just to get to the same level. But that is not necessarily the reality of things.
And know that usually you have a seat at the table for a reason
and that you bring the tools that you need to be able to be successful
as long as you bring that passion.
Their advice is clear. Be curious.
Find mentors.
Keep learning.
And most importantly, know that you belong in cybersecurity.
But before we wrap up, I wanted to ask them one final question.
What's the one thing they wanted you, the listeners, to take away from this conversation?
Throughout your career, stay open-minded to how you can apply those different ways of
thinking.
So I've been in a number of different functions, but I started with being a consultant for
17 years, where you jump from problem to problem and you bring the same toolkit of sort of first principle thinking, problem solving, breaking things down into
their components, doing a whole bunch of analysis and that served me well in a
bunch of different fields and will continue to serve me well.
I have had the amazing opportunity to work with so many wonderful women here at Palo Alto Networks.
I can rattle off many names. We have PJ, who does our red teaming stuff, who's just awesome.
We have Mei Wang, who's our CTO for IoT and has done a bunch of fascinating things with the INML.
Of course, Wendy, such an amazing leader
who led all of Unit 42.
We have Mira, who's leading all our IT.
So I just think it's just a phenomenal place to be.
There are a lot of very impressive people
doing impressive stuff.
And like I said, it's a welcoming industry
and I'd love to see more women just enjoy the
work that is available to all of us to do here.
When you're able to give back to your own community and say, okay, yeah, the cyber community
has given me so much and I really hope that, yeah, like I'm able to serve as an example
and show that this is very possible, it's very doable and it's a great career to get
into and it's a great place to be. Look around you and especially to the women already in the field, be able to actually
reach that hand back.
So for people coming up in the next generation, really being able to say, hey, I can go reach
out to Stephanie.
I can go reach out to the women in the fields already to really grab support and kind of
see how they became successful in the fields already to really grab support and kind of see how they became successful in the field.
The other thing is for women that are already in the field
to reach back, to actually lend a hand
to the next generation of women in tech
and really utilize that to be able to further
women's footprint within the cybersecurity
and in the digital forensics incident response
field and in the tech field in general. I want to thank Christy, Tanya, Sama, and Stephanie for joining me on this special Women's
History Month episode of Threat Vector.
Their stories and insights remind us
that cybersecurity isn't just about technology,
it's about people, connections, and making a real impact.
If you're listening and thinking about a career
in cybersecurity, know that there is a place for you here.
Keep learning, stay curious, and surround yourself
with people who challenge and inspire you.
That's it for today.
If you like what you've heard,
please subscribe wherever you listen
and leave us a review on Apple Podcast or Spotify.
Your reviews and feedback really do help us understand
what you want to hear about.
If you want to reach out to me about the show,
email me at threatvector at paloalto networks.com.
I want to thank our executive producer, Michael Heller,
our content and production teams,
which include Kenny Miller, JoBanakurt, and Virginia Tran.
Elliot Peltzman edits the show and mixes the audio.
We'll be back next week.
Until then, stay secure, stay vigilant.
Goodbye for now.