CyberWire Daily - Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
Episode Date: January 2, 2023On Thursday October 20, 2022, the CyberWire was pleased to host the annual Women in Cybersecurity Reception at the International Spy Museum in Washington, DC. This annual event brought together almost... 300 people to highlight and celebrate the value and successes of women in the cybersecurity industry. The reception included an industry-led panel discussion called “The Hidden Impact of Cybersecurity’s Talent Gap on the Cyber-Enabled Community,” discussing cyber-enabled professionals who aren’t usually included in conversations around the cybersecurity skills gap. The panel, moderated by Simone Petrella of CyberVista, included perspectives from experts including Davida Gray of MindPoint Group, Jennifer Walsmith of Northrop Grumman, Kyla Guru of Bits N’ Bytes, and Amy Mushahwar from Alston & Bird. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Thank you.
Hello, everyone.
I'm Jennifer Ivan.
I'm the senior producer at the Cyber Wire and one of the founders of this event.
And I can't tell you how pleased I am to see all of you here.
This is new for us.
We've never had a panel before.
So I'm going to introduce our panel moderator.
Her name is Simone Petrella.
She's the president and CEO at Cyber Vista.
And I'm going to hand the baton over to you.
Take it away.
Hi, good evening, everyone.
This is the most inspiring room to see.
This is awesome to see it full of all of these women and all of the men who support them. So we can't leave it out.
But so thrilled to be here this evening
with such an incredible panel of women. And I apologize that I'm doing this from a podium. It's
very crammed. So we'll try and keep it conversational, even though I look like I am
interrogating you. I am not. So part of what we wanted to discuss, especially given the focus of
the need for more increased diversity and representation of women in the field of cybersecurity is to talk about how does
this actually apply to the cybersecurity talent shortage that we've been sort of
grappling for the last 15 years and certainly have been talking about for the
last five.
And this has sparked action across every community, universities, government
agencies, corporations.
And so what I think is so incredible about this room is that there is this overlooked
vital group of people who can fill critical cybersecurity roles.
And how do we think about how we kind of leverage that population to support this mission and
provide opportunity for people to get to the field?
So I'm very, very honored tonight to have four panels, and I'd like to introduce them.
I have Davida Gray, the Director of Human Resources at MindPoint Group.
Kyla Guru.
Oh, you've got like a fan club.
Kyla Guru, Founder and CEO at Bits and Bytes Cybersecurity Education.
guru, founder, and CEO at Bits and Bytes Cybersecurity Education. Amy Mushawar, partner on the Privacy,
Cyber, and Data Strategy team at Alston and Byrd Law Firm. And Jennifer Walsmith, Corporate Vice President, Cyber and Information Solutions at Northrop Grumman. Thank you for being here.
All right, so to kick off the question, and I'm going to start Jennifer here with you,
but then we'll go down the line. Instead of telling us just your resume, I would love for
each of you to give a quick intro of your story of how you got into cybersecurity and what that
looked like. So Jennifer, kick us off. So I was thinking about this question,
and how did I get into cybersecurity? Well, it really started because I worked for the National Security Agency,
and I was in computer science.
And many of you might not know what the National Security Agency is.
It's a Department of Defense organization specializing in protecting our nation
using signals intelligence.
So fast forward, I was in computer science and
you know it really was around 9-11 that we started really doing what was before
the overt cyber, you know the cyber work that we talked about today was the
journey really in the information highway of what today is known as
offensive and defensive cyber
as it relates to national security. So I've been in this business for a long time. I've watched it
change a lot. I've watched it speed up a lot. I've watched innovation. I've watched threat.
And it's been quite an adventure. Thank you. Kyla. Amazing. I got to visit the NSA Collaboration Center this summer,
and it was so cool. So definitely, everyone, NSA is a really cool place to be. But hi, everyone.
I'm Kyla, and I'm 20 years old. I'm an undergraduate student at Stanford. And my journey into cyber was
kind of non-conventional, too.
When I was 14 years old was when I looked at the world,
and I was realizing we were having a heck of a lot of cyber attacks, and most of them, if not all of them, were boiling down to human error
or individuals not feeling empowered to build strong passwords
or take care of their cyber hygiene.
And I looked at the K-12 education system myself as a student and I realized that we didn't have much
education around digital citizenship or cybersecurity in general. So from there I
started my nonprofit Bits and Bytes Cybersecurity Education which still
works to empower young people to care about cybersecurity and understand like
that you are a part of this bigger picture of national and global security so um so that's sort of been my passion project
and labor of love over the past few years that kind of got me into women and children safety
which brought me to trust and safety um so i've worked across apple and sysa and consulted for
different projects across the board but um but truly, everything has sort of come back to, like, how do we empower humans?
And especially in my particular interest, how do we empower Generation Z
in feeling like they're a part of this conversation that we are all here today to talk about?
So, yeah, I'm excited to represent that sort of power on this panel today.
And, yeah, happy to hop into questions, too. Thanks.
Davida. Thank you. happy to hop into questions too. Thanks. Davida.
Thank you. My name is Davida Gray. I'm the director of HR for MindPoint Group. So my journey to cyber probably sounds a lot different than most of my panelists here, considering that I'm an HR
professional and not truly doing cyber work. But what is unique about the perspective that I have
and how I got here, so I've always done HR for government contracting.
So initially the focus was on information technology and other government agencies,
not so much cyber. But at a point in time, I worked for a company that purchased a cyber
organization and I had a compensation role. And as I started looking at what was going on within
cyber roles, certainly between men and women, it jumped out that there may be for some differences, some things we could work on. So I began to pivot into
compensation focused on the cyber market and that's how I began my journey into
the cyberspace as an HR professional. And I since then moved on into other roles
to support cyber. My core group is purely cyber, so as the HR director there I have
a unique lens to see the HR side, the talent acquisition side, what are managers facing, what do the people need, and what does that talent pool that we're looking for really have, and what do we need to find that may be difficult to get.
So I'm excited to share that perspective and hear from the others as well on all the things that we have to share here.
Thank you.
I also think it's really inspiring to come after all of my panelists because I'm
going to talk a little bit about 9-11 as well and I hope my daughter is as inspiring as you starting
out at 14 and isn't it wonderful that we're thinking about this systematically because we've
got some problems to fix. But my name is Amy and I started off in IT. I own my own consulting company that hooked folks up to then the first fiber optic educational network, Internet 3.
And one of my clients had an oopsie.
And at that point, we didn't know what a breach was.
But they were indeed attacked.
They were indeed attacked because they were a research institution.
indeed attacked because they were a research institution. And I couldn't find a lawyer to represent me at that point in time who understood technology and who also understood risk. So I made
it a mission and went to law school. And I have been working in cybersecurity since the 2000s.
And I have represented clients with hundreds of data breaches. So from data
to lost laptops to lockups, encryptions, and ransoms. So we talked in preparation, and I think
there's been so many panels and so many discussions on the, what's the problem with the talent
shortage? Why does it exist? And so I'm going to bypass all those questions and go straight to
kind of the opportunities that there are to increase representation of women in the field.
And Amy, I know this is something that we've discussed quite a bit. And so my first question,
just to throw it out for you to begin, is what are your thoughts on how we can bring more women
into some of these roles, both the technical and the non-technical roles in cybersecurity?
Yeah. I think one of the misnomers that we have as women in cyber is that
we're constantly encouraging people, don't worry. There are elements that are not technical.
What I try to do is publicize exactly the opposite. The technical information and that
what you have to learn in cyber is not rocket science. I largely learned it on the job. I am not a trained
engineer, but the fact that you just end up picking up this type of work as you're going
through the field. So I think the first is being okay to train on the job and being willing to dig
for people who are adaptable and who can learn, who may or may not be engineers, but you can still train them technically.
Jennifer or Davida, is that something that you guys see or embrace at Northrop and MindPoint?
I certainly do.
I think what I speak to women about is courage and confidence.
It is a technical world and a technical field.
And women so often basically self-select out from really stepping forward to take a shot at those jobs.
Whether it be train on the job, whether it is something that is deep technically that requires certain certifications, you know, it doesn't matter.
I find that women need to have more courage and confidence.
And when you have that, I've seen the women that I've mentored, brought into the field, they excel.
They soar. And it's so exciting to see them spread their wings when before, perhaps,
they just didn't feel that they
would be as strong as other candidates when in fact that really was never the case. So at North
York Grumman, we really embrace diversity. It's very important to us. We think that especially
in cyber, cyber is a sport as it relates to national security that you need diversity of thought and the third diversity
of thought comes from diversity of experience and background that's how you look at problems
differently you're never going to learn all of the technical background for cyber because it's
changing every day and that's what's what's so exciting is you can enter and stay keen and learn as you go.
And it's really important to us that we encourage that diversity to come into this field.
Davita, what about you?
Yeah, no, I agree with that 100%.
You know, in my point group, we look for people who have adaptability, who have the potential, right?
And we find what is the role that they express an
interest in, can we place them there? And then once they're here, how do we grow, develop, and
nurture them? So similar to what she said, that mentorship is key, you know, finding people that
they can connect with, not only formally in a mentorship capacity, but also informally, right?
Networking, connecting. We have an open-door policy where everyone knows, anyone here, if you have
questions, if you have needs, if you want to connect and express, we're all here open, and we encourage and, you know, we really, really encourage our people to do that.
Also, not locking them in to just one thing, right?
Like we know you may start with this job, but offer you? What else can we put you towards? How can we help you grow to the next thing so that you don't feel pigeonholed to do this one thing and that your
options as you progress and continue become bigger and better for you as you continue on? So it's
certainly something in my point of group that we champion very, very heavily in our organization.
Yeah. One thing that strikes me in all of your answers is, and I started in the national
security space as well, and I think, you know,
everyone's background here, no one started out by saying, I decided to go into cybersecurity
and got a cybersecurity degree. And we're all aging ourselves because cybersecurity degrees
didn't exist. But I think that there's a diversity of background that comes from not necessarily
being technical, but actually then choosing to pursue and learn technical skills as you go along.
And that doesn't always mean it's something that you obtain in a formal education setting.
And I think that that's part of the power here.
We'll talk about that more here in a second.
David, I want to go back to you, though, when you talk about that underrepresentation or misrepresentation of women and diversity in the field in particular.
under-representation or mis-representation of women and diversity in the field in particular.
From your perspective and the work that you do on the HR side, are there particular gaps in the skills or the knowledge that you're seeing in terms of what's most needed? And if that's the
case, like what can some women, what can women do or what can we as a industry do to help empower
more women to kind of gain those skills? Yeah. So I think that, you know, while in
cybersecurity, right, as she mentioned,
there's an array of opportunities,
different types of roles,
and so women can fit any and all of those very much.
What I see as an HR person that is not intentional,
but I think does hinder women
from finding some of those opportunities,
in particular when we think about entry and mid-level,
is, right, for those of us who are industry leaders managers we're writing jobs and we say
okay we're gonna put this job out and see who applies well what I find
sometimes is we know what we need but we often write what we want and there's a
disconnect between those two things when you separate the need for the job to be
successful to what you perceive as
perfection to do it, you will often find there's a big gap there. So if we take a step back and
revisit what does this job need, you'll generally find that you're looking at something very
different than what you're asking for. And like I said, it's not an intentional thing, but it
usually results in there's a big leap between entry to senior, and that middle level
is overlooked. So when we think about women who already, to some extent, have a comparative
disadvantage numerically compared to men, when we think about, right, women are only about 25%
in cyber, and when we look at those feeder roles, those feeder companies where people transition to
cyber, which, you know, maybe military or IT, still heavily male-dominated
industries, right? These things also hinder us when we're looking for everybody senior at all levels,
but we're not really needing that. So I think that's one thing that organizations can do to
become better at really publicizing opportunities that women who are still progressing can actually
get into. And to her point earlier,
you know, women are a little bit more common to say, that doesn't look like it fits me, so I'm
not going to try, right? So when everything looks like it's high, but we know we need something down
here, if you don't even try, like, you're already out of the game before it starts. So that's one
thing that I see that I think can be done differently. Also, it's just keeping up with
what's really needed and changes, right? Education, right? You mentioned cyber differently. Also, it's just keeping up with what's really needed
and changes, right?
Education, right?
You mentioned cyber degrees.
We know that's a thing,
but we also know that there are so many opportunities
where having a degree is nice,
but it's not necessarily a need, right?
There are other ways to get there.
There are non-traditional pathways
in from other experiences.
And I think as women, we should become more familiar
with what do those things look like, right?
They're not always gonna be something that you learn in in a classroom that someone says, if you do this,
you can do the next thing. You have to become a little bit more creative, connect with others to
say, here's what I have, here's what I bring to the table, help me understand how I can use that
in a cyber role. And that's where, again, we go back to the mentorship all the time, right? Having
a strong mentor, having people in your circle, or even connecting with organizations that cater to specific types of individuals, whether it's women or other
underrepresented groups, can help you understand what you already possess that may not jump out
at you as something that makes you a great candidate for a cyber role.
No, great, great points. And I think definitely underscores the need for industries, like the organizations as employers, we have a responsibility to kind of take a big first step. But then now let's pivot and look to the other end of the spectrum. On the student side, Kyla, you work with students all the time and being one yourself. What are some of the barriers to entry that you see when it comes to getting, you know, women and young girls into the field
interested in cybersecurity in the first place? Yeah, absolutely. This is such an important
question. But I think like to underscore what has been said before, you hear this common theme of
teaching girls to be brave, not perfect. And that's a big thing that Reshma Saujani talks
about too in her TED Talk, but I do see that reflected
in classrooms as well and even just talking to my peers. I think there has to be, number
one, just a general breakdown of that idea that you need to be a certain type of person
to be in cyber, that you need to be this person who codes in the dark with your hoodie on
in the basement of your mom and dad's house. There's this certain stereotype of who a cybersecurity
person is. And I see that still today with young people. So breaking down that barrier, and I tell
this story when I speak to groups, but the first time that I thought that I could be a woman in
cyber was when I saw Felicity Smoak on The Arrow. And she's a fictional character, right? Who codes
and saves the world by, like, she's a coder by day and then she saves the world with a superhero by night.
And that was just such a cool concept to me to see that and be like, I can be who I can see.
And so it really starts from the grassroots.
I would say I always recommend, like, grassroots solutions are so, so important and they're very easily overlooked.
recommend, like grassroots solutions are so, so important and they're very easily overlooked.
Things like Girls Who Code, Black Girls Code, these sort of programs that work inside of schools.
There's a statistic out there that says that if girls don't see themselves in this role,
or if they don't know about cybersecurity by the time they're in seventh grade, 75% of girls don't consider it a career for that reason, because we don't get to them early enough. So if we present
role models just like every one of you in the
room today to these young women
to show them like, okay, this is someone
I could be. This is someone from a similar
walk of life or a similar background.
Their parents are also immigrants.
To see themselves reflected
in this industry, I really think that
that will get us some solutions.
And I also work,
besides Bits and Bytes, I also started a conference, Girl Con Conference, that runs every single year
that empowers women to see, young women, high schoolers, to see that every single one of their
passions intersects with technology. That's another trend and theme that you see on this panel today,
is women saying, you don't need that cybersecurity or computer science degree
to be a cyber professional.
It's things like international relations.
We need those kinds of minds to understand
the international policy.
We need technical writing to get that legal expertise
and that understanding.
So all these girls have passions across the board,
whether that be in design, athletics, fashion, engineering,
but they bring that together and we teach them,
okay, this can be combined with technology to do good,
to make social impact.
So that's one thing.
And then another thing I think that I see in schools,
or I guess this is more in college with older kids,
but when we're applying to these roles,
a lot of times the role will be like
entry-level position in cybersecurity
and then requirement will be like five plus years of experience in cybersecurity.
So that's definitely one thing that we see quite often that kind of like is probably one of those pain points that just like keeps young people from recognizing that this is something that we can do.
And when we like go into these rooms and see that most of the people in the rooms have white or gray hair and look a certain type of way,
that's another reflection of that same,
that just affirms what we're seeing
on these job requirements.
So I think all in all, starting early,
breaking down the stereotype and picture
of who we think can work in cybersecurity,
opening up these pathways for people
who are passionate in all sorts of topics and skills, and then embedding these skills into the classroom from the earliest
of ages in the K-12 schools. I'll just share this one quick thing is one thing that one exercise I
run in schools that the kids love is I ask them, I show a big picture of a vending machine, and I
ask them, if you could hack this vending machine and get all the snacks in this vending machine and I ask them if you could hack this vending machine and get all the snacks
in this vending machine right now, what would you do? And I swear to God, these kids are like
throwing their ideas in the air. They're super excited to think like the attacker. So it's
embedding those kinds of skills. Like I obviously tell them don't try this in real life, but
it's embedding those kinds of conversations where they can see like,
oh, is this what this kind of job would be like on a day to day?
Is this how cool it is?
Like embedding those kinds of lessons in the classroom, I think is just one way to kick the first domino.
I can answer that though.
No, it's not that cool every day.
That's fair, but seeing those skills come to life.
Yeah.
Jennifer, I'd love your thoughts on this too, because you have a unique challenge in that so much of the talent and the people that you need to service government clients require a security clearance as well.
So what are some of the additional barriers and what are some of the things that Northam does to overcome those extra hurdles when it comes to diversity and clearances?
And clearances. Yes, indeed. I think there's a couple of things
in that while we do a lot of work, we're predominantly within
government contracting, they are opening more and more positions
that are at a spectrum of security levels. So
there are more and more unclassified work, vulnerability analysis, some work on how you can work applications that are unclassified.
But then you do get through the clearances levels up to the TSEI level, and that's a little, you know, inhibiting to anyone to go through the clearance process.
But I tell you, there's
really nothing to fear. The people that generally have some of the worst problems are those that
are worried about that process. And if you just go into it with transparency and openness and
recognize that you really probably don't have anything to hide, then generally you will come through it just fine.
But it is an additional barrier.
It is something that some people don't want to take that on in their life.
I would tell you a small story.
I'm a third-generation SIGGNR, and second-generation now really is my daughter in cyber.
And she did her first poly at 16.
And it did not go well.
It did not go well.
We're not going to tell you more about that.
But I had this devastated 16-year-old crying, saying, you know, this is awful.
And we sent her back in because we knew that she hadn't really done
anything wrong. And she was fine. It was all nerves. And so, you know, here is an example
of how many people would opt out after that first time when it really was all nerves.
Now, it's not to say there probably are some extreme circumstances that they do.
There is a reason for all of those reviews and mechanisms.
But for the majority of the people, you're just fine coming through that process.
And I've been cleared since I was 17.
And so, you know, the rules have changed, but they really haven't.
You know, I'm loyal to my nation. I, you know,
I don't, I don't try to break the law. I'm not saying that I haven't maybe made a mistake,
you know, with something, but, but I was honest about it. And, you know, a big one when we were moving through cell phones is you're not allowed to take cell phones into a secure computing
environment. And so the most important thing when you carry it in, mistakenly, is just to raise your hand and say,
hey, I carried it in. That's not a problem. Okay? And now, if you carried it in every single day,
that might be a problem. Now, you all might have different experiences and it might not have gone well it is a barrier and and so it is something that comes back to giving it a try but they are opening
up more and more at varied security levels and I think that's really
exciting yeah one of the things that we talked about when we were preparing for
this panel was there are a lot of efforts there's the grassroots efforts
to bring up more students and young women into the field. And then there are these
mentorship programs and things that are focusing on, you know, mid-career shifters or more advanced
senior executive level women who have kind of advanced in cybersecurity. And Amy, you brought
up a really good point in that conversation, which was there's this kind of chasm that we've unintentionally formed in the middle for these kind of early in career to mid career and what's
available for them and how do we kind of address that population. And so I would actually kind of
open this up to any and all of you to chime in, but what are you all doing or what are some ways
that you think we could start to address those kind of early in career populations, the ones that we're not focusing on because we're so focused on these get-into-the-field groups
and then the let's-have-you-stay and progress as you become more experienced?
And I can tell you for the legal industry, the problem is micro.
Bad managers, particularly in cybersecurity, make people leave their jobs. So for example,
for a young woman with young kids, going into a secure skiff where you can't have your cell phone
and you have a young child in daycare is a terrifying thing. But just walking them through
what you can do, how you can orchestrate your life.
I think for mid-career women,
just like I think it was Kayla that said
young women need role models.
Women in their young 20s and middle 30s
need role models of how do you go through cybersecurity
and not lose your mind while you're going through incidents
and it's always 24-7 work.
And how do you orchestrate your life?
I'm not going to use the word balance because I don't believe in it.
I think it's elusive.
I'm going to use the word living through with some semblance of sanity,
but also a lot of joy.
And eventually, you really love what you do.
And being good at mentoring and showing women
who are in that mid-career stage a path to really make sure that you can raise kids
and run incidents at the same time and in 20 years you will not be in a nut house
because i think that's when we're losing women, is that
they don't feel like they can raise their families and be in a 24-7 response industry where,
let's face it, a lot of guys have wives at home. I almost wish I had a wife at home.
Davida, what about you? What are some ways MindPoint's supporting this type of population?
Yeah, so we have a very solid and strong mentorship program.
So we're really fortunate to have a woman-led organization.
So our president is a female.
I send her condolences for her not being here today.
Her name's Patty Chanthafone.
But, you know, we have a woman at the top and strong women all the way through the organization.
But, you know, we have a woman at the top and strong women all the way through the organization.
And so we have a very consistent mentorship program where we have cohorts.
We gather, you know, our leaders.
We have lots of women as well as men who are allies. Thank you all for being here.
That participate in that.
But in particular for women, you know, we really encourage and want them to connect with someone of their choice.
really encourage and want them to connect with someone of their choice, so you get to select who you want to be mentored by, so that you have that opportunity to have transparent conversations,
similar to what you were describing, not only about how do I do this job, how do I make my
career path, how do I do the next thing, but also how do I do that knowing that some of the
perceptions for me as a woman entering in are going to come a certain way. How can you help me understand these things as I progress through?
So from my point of view, our mentorship program is one of our key elements that we offer
and that we champion very heavily so that women in particular can see themselves
just like we have these key leaders in our organization.
In addition to that, I would say having some resources available to allow people to have an opportunity to develop themselves, right? Having professional
development, having certification is another key element so that people understand where they can
go. And I would say when you combine that with a strong mentor, those things together are very
powerful. And what I mean by that is, like from HR recruiting, we see the alphabet super certifications a lot, and it's not negative. But where there is a disconnect a lot is the
perception a lot of people have is if I get all these certifications, I know I can do one of these
jobs, right? Maybe. But what's better is to understand what is the path that you want.
And if you want these certifications,
what's the experience that we can give you today to put you on a path to get there
so that when you arrive or you get that cert,
there isn't this disjointed situation
where you're thinking, okay, I can do this now,
and you're not getting the opportunities
so that you're not discouraged along the way,
you know, if that's the ultimate outcome that you see.
So our professional development
combined with our mentorship
is one of the things that we really, really go after in our organization to strengthen and empower people to remain.
And again, giving them the opportunity to move around, see new things, try new things. Right.
Why not get your feet wet where you know the people? Right.
Instead of stepping out the door, taking a chance someplace else.
And then, you know, if you don't do so well, they may judge you a certain way.
When you have that safe space where you know one another, you can learn and get your hands wet and continue on from
there it's so it's so it's so refreshing to hear when representatives from organizations talk about
their internal development and their emphasis on internal development and it strikes me especially
in the context of this conversation like that's good for it's great for women but it's also great
for business.
You know, because one of the things that I see
with a lot of the companies that we work with
or we talk to or have been in,
like having been in the industry for the last 15 years
is that the most critical skill that you can't hire
and you can't teach in time
is that institutional knowledge, right?
So when you give people that opportunity to sort of find new paths
and explore and kind of use the knowledge they got in one role
but apply it to another in the organization,
they understand the risk profile.
They understand the business.
Like, that's just good business sense.
If I could add one thing,
I think one thing you're hearing across the panel is role models,
but I think that also comes with a really important caveat.
And I remember, like, I was at this NSA event actually this past summer,
and we had this one speaker, this really powerful woman who came in the room,
and she said, I do not want to be your role model.
And we were like, what?
Like, excuse me, ma'am.
And then, but we asked her why. And she said, she said, because
I feel like when girls like find role models, they think that they have to mirror their career
path after a certain women and they have to like specifically follow the path and make the same
decisions that they made. Whereas I feel like our generation, Gen Z and Gen Alpha are primarily
defined by this like creative liberty and freedom of thought that
we don't want to take the same path that someone else took and maybe we want to do something
different. So I do see how like mentorship can be critical in terms of providing that institutional
knowledge of how do I like manage, how do I like navigate this company. I know for me this past
summer having done my first internship in federal government like it was super interesting
having mentors who are my age like let's not put past like look past peer mentors right mentors who
are our age who tell us like here's how early you have to start the process here's what you have to
do here's how you navigate this in comparison to like private industry interviews and private
industry offers so it's really helpful having that sort of knowledge but at the same time it's important to know that the young people today, the people in this room who
are young and in their professional career do not want to take the same path that other women have
before us. And that's a good thing. We want to change things up and we want to shift up the kind
of like norms that are put in today. So I want to, I want to stay on that for a second. So what are
some of the ways that you see or encourage younger generations to build up those skills or identify ways to break in?
the secret clearance and all that.
In general, I think government is incredibly difficult to break into as a young person.
And I know even from personal experience,
it takes a lot of effort to be like,
okay, I want to serve my country.
How do I even go about doing that?
I know even coming from a school
which primarily is recruited heavily by tech companies,
those offers come in early
and the recruiting process looks so entirely different
than in government.
So I think there's just a lot of mentorship and gaps
that I think we can bridge there
in terms of communicating that to young people.
But in terms of how we can get more young people involved,
again, I think that goes back to starting early,
engaging them early,
starting with these grassroots efforts, putting these role models in front of them, and then also getting to the
platforms where they are existing already, either their K-12 school system or social media. I know a
lot of organizations now are doing these sort of campaigns that show like here are all the women
in cyber security and here are people, different faces in cyber, and I think that's a really cool
thing that they're getting to the platforms where Gen Z and Gen Alpha already exist, right? We don't have to
do anything or go out of our way, but they're already filling up our feeds. So that's another
thing. But I do invite and like encourage all of you in the room today to get involved with some
of these grassroots efforts, whether that be the conferences that I'm involved with or other cool
efforts that you see in your communities.
And also, if you see a career day in your community,
go out there and show them, like, this is what I do every day and volunteer for that career day
because you could change one person's life,
maybe 10 young women's lives.
So that's what I'd say.
So I wanted to add a little bit about Northrop Grumman
and our view on, you know, what we believe is the flexibility that we offer in the workspace.
And I think that's so important in your career as women because there are times maybe you need to go part-time.
Maybe you need to take a break and come back.
Maybe you want to move to a different part of the country.
We're in almost every state in the country.
And so there's so many different ways we're now working so much telecommuting or hybrid.
Maybe you like to be in the office.
Maybe you don't.
And so there's so much flexibility.
And I would say for all of us talking about hiring, we're on fire to hire.
I'm joined here by my talent acquisition team because we need women to join
us. And so, you know, I just say that there are jobs out there. You just have to take that step
and have that courage to do that. I think you just told everyone who's looking for a job to
come see you after the panel.
Last question, and I'm going to start with Amy, but then we can kind of go down the line.
And if we have any time left over, Jen, I'll defer to you if you want to do some questions.
But what shifts in opportunities are you seeing in your respective fields?
Right, so Amy, for you in legal and in the tech industry or in government contracting,
what shifts are you seeing as far as the opportunities that are available for women in the field? And are there certain departments
or roles that you think are particularly fruitful right now or some that are lagging? And
what's that look like? Yeah. Particularly for the legal field, if I have any aspiring lawyers in
the room, if I do, I'm sorry. I know it's tough. But there is an entire field of privacy in addition to cybersecurity.
I would say the majority of chief privacy officers that I meet are women.
It's a wonderful thing.
And learning adjacent risk skills, there are a lot of women who are in IT and security audit. In addition to
the static incident responder who you need, you know, you need to call in Mandy and her
CrowdStrike when everything comes down. But that's not the only area or in the government of cyber
success. There is a vast amount of corporations who need risk management,
who need data management, and all of those multitasking skills where you're helping to
evaluate, govern, and execute the minimization of risk, those are great roles for women.
Because we are excellent multitaskers. So I would just encourage you to know that the incident responder or the military route is not the only route.
And there are so many fruitful careers that are excellent careers that are also flexible in privacy, cybersecurity, adjacent risk, risk management, and compliance.
Davida, what are you saying?
I agree with what she said.
From my point of view, I wouldn't say there's any specific areas that are maybe better or
more fruitful options for women.
I think that for the roles that we have across the board, I think that women would be great
candidates for just about all things at many different levels that we have.
But to her point as well,
you know, paying attention to the flexibility, right? Where can you perform the work? Having open conversations about, you know, what your needs are up front about, you know, hey, I'm
interested in this role and I want to understand it. But also being open and, you know, not afraid
to share what you need, right? Being open about that in the beginning, I think is really, really
important so that you can understand too what flexibility we really have to offer,
which you may find surprisingly is a lot, right? For a lot of the positions. And I think that
people, you know, go in with a lot of preconceived notions or assumptions about what it is or what
it isn't, basically just what's written. And we need to be a little bit more brave and bold to
just ask the questions and not
be afraid that it's going to be looked at negatively if we take those opportunities to
speak up in the beginning. Kyla, what about on the student side? Yeah, I think I'll take this
opportunity to kind of talk about like what would happen if we reimagined a safer internet for women
and I think about that a lot on the student side,
having seen my closest friends go through experiences
of cyberbullying or harassment online,
and that's not an uncommon thing with this whole room of women,
I'm sure.
If you looked left and right, odds are one or two of the people
sitting next to you have experienced something like that online.
In fact, I think women are 26% more likely
to experience cybercrime online.
So I think a lot about how we can redesign
the platforms that we're already using
to be safer experiences for all the users on there.
I think a lot of products nowadays are built for men.
We were talking about this
when we were putting on our little name tag things.
In general, I find that name tags, tags microphones all these things are built for men and that like platforms are not
excluded from that platforms meaning things spaces that we are on online whether that be like the
Facebooks or the Instagrams of the world like so I really do think that if we get more women in the
spaces that are making design decisions and platform policy decisions,
because these are the spaces that we fundamentally exist and share our most intimate details
of our lives on, then that will make the platform more accessible and safer for everyone.
So I think a lot about the trust and safety space as it is and how we can rebuild and
redesign these platforms to be really truly used by all.
Thank you. Jennifer, last word. rebuild and redesign these platforms to be really, truly used by all.
Thank you.
Jennifer, last word.
So I'm going to take it a totally different direction,
and I'm going to speak about where a particular change relative to cyber in the world that I work in,
and that's cyber in space.
And so when I mean space, I mean satellites.
That's been a very dynamic change that's occurred with space becoming so accessible, so important in our day-to-day lives, and certainly very important in our national
security. And so that's a big change. Today, we actually launched our HACASAT team competing
nationally. We were in the national finalists. And I would say I was really pleased.
I was looking at my phone when I came in to see a picture of the 14 Northrop team members competing
this weekend. And there were three women. Okay. So I wanted to see that as seven women. But,
you know, it's a start. And it was really good to see those smiling faces. But again, it's a whole new world that we're pioneering with cyber in space
and how vulnerable, how many people think that if there were a cyber attack in space,
would our day-to-day lives be affected?
And the answer is yes.
My Starlink that I use to navigate to get down here tonight might not work.
And that's my navigation in my Subaru.
And so, you know, I just think we don't think about how much it touches all of our lives nowadays, but it really does.
So it's been a big difference that has taken place in the last five years in my world.
Thank you.
Well, I want to first and foremost thank each and every one of you for sharing your insights and experiences this evening with this whole room. I know I certainly learned a lot. And
if everyone takes one thing away, it's that there is pretty much not a job role or opportunity out
there that you can't somehow turn into a security, privacy, trust role
because our entire ecosystem has become so interwoven
that from the design to the things we use to then how they get audited,
it's all connected.
So hopefully you are all leaving as inspired as I am,
and I realize I am the one thing that is between you and cocktails and hors d'oeuvres.
So I will wrap up, and just please join me
in giving our panelists a round of applause.
I just wanted to echo Simone's thank you to all of you.
This was very enlightening. Thank you so much.
Thank you, Jen, for putting this all together. I can't even tell you how excited I am. This room is so full and it makes my heart so happy. So if you want to, you would make your way out of the back and then go around to the next room. There is a door here.
It's probably better if you go around the back.
It's probably safer because of the doors, because of the chairs.
But anyway, yeah, if you wouldn't mind, just go ahead and join us over there.
We're going to have some brief announcements around 630.
And we have a toast.
So at some point between now and 630, make sure you get yourself a glass of champagne and save it for the toast.
Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.