Afternoon Cyber Tea with Ann Johnson 8.9.22
Ep 56 | 8.9.22

Addressing the Critical Cybersecurity Talent Shortage


Ann Johnson: Welcome to "Afternoon Cyber Tea," where we speak with some of the biggest security influencers in the industry about what is shaping the cyber landscape and what is top of mind for the C-suite and other key security decision-makers. I'm Ann Johnson, and today, we're going to talk about one of the most important challenges facing the cybersecurity industry - a shortage of talent. I am joined by M.K. Palmore, who is currently director Office of the CISO at Google Cloud. M.K. has extensive experience in cybersecurity, with leadership roles at Google, Palo Alto Networks and the U.S. federal government. He has taught graduate and undergraduate courses on cybersecurity at Baltimore University, and he is an active supporter of Cyversity, which is an organization focused on achieving consistent representation of women and underrepresented minorities in the cybersecurity industry. Welcome to "Afternoon Cyber Tea," M.K. I am just thrilled to have you on today.

M K Palmore: I'm excited to be on. Thanks for having me, Ann. 

Ann Johnson: So I'm always fascinated to hear what brought guests to this point in their career, how you ended up at, you know, the office of the CISO at Google Cloud. Can you tell us where you got your start in cyber and why you're so passionate about the industry? 

M K Palmore: Absolutely. My path to cyber was not necessarily a linear one. I am a retired FBI executive. I spent 22 years in the Federal Bureau of Investigation, and starting in the late '90s, worked and was assigned to a variety of investigative things that you might imagine FBI agents to be assigned to - counterterrorism issues, intelligence or counterintelligence, civil rights matters. And it wasn't until mid-career, about 10 or 12 years into my career, that I had a transfer and was assigned my first, quote-unquote, "cyber investigation." It was a cyberterrorism case where we were - at the time, the bureau was spending time looking at how terrorist organizations were using the internet to both communicate and plan potential attacks and activities. And it regenerated my interest in cybersecurity. And what it told me at the time, quite frankly, was that I had a lot that I needed to learn and a lot that I needed to do and subsequently undertook a cyber education, if you will, supported squarely by the Federal Bureau of Investigation. And they still do a fantastic job of making sure that agents and personnel who are interested in cyber get all the training that they need. 

M K Palmore: So my career continued to evolve, and luckily, towards the end of my career, I got the opportunity to lead a very extensive cybersecurity team based here in the Bay Area. So FBI, San Francisco, I was the leader of the cybersecurity investigative teams for the last six years of my career, and that was a deep dive into the industry, as you might imagine, as my teams responded to a variety of cyber intrusions and new things were generated and came on to the landscape. You know, at the time, the first appearance of ransomware and - or at least generally accepted or generally understood appearance of ransomware on the scene and things like that began to evolve. So I got exposure to training and education on a variety of cyber-related matters. So when I became eligible for retirement from the FBI, you know, I looked to the industry as a potential landing spot, and luckily, I had some existing networking contacts and potential mentors that pulled me into the industry. And that's where I started my work with Palo Alto Networks, and that evolved into where I am now at Google Cloud. 

Ann Johnson: OK. And it's fascinating to me to hear, you know, your background, right? Because we do meet folks in the cyber industry that came out of law enforcement or federal government, civilian or federal government military. And I think it's an incredibly relevant background because you're bringing investigative skills and your ability to see around corners - right? - or some of the things that you've learned in your career that aren't tangible. And I think that marriage with, you know, cyber skills is this incredible opportunity for us as far as even recruiting talent. I know we recruit a lot of transitioning military members into our incident response team because the belief is they know how to do an investigation. They know how to work under stress. They know how to work as part of a team, and we can teach them cyber skills. So it's wonderful to hear about your career path into, actually, the cyber tech industry. 

M K Palmore: Yeah, I think you just - you hit the nail on the head. I mean, all of those viable skills are transferable. There's a certain practicality, I think, that you get from tapping into former government and military personnel. We do tend to be, typically, rich in practical experience, and so there's lots of both educational opportunities to develop your skills, but there's also a lot of practical application of those skills as you're dealing with real-world events. And certainly, coming from the FBI and having seen both the national security side of the house and the - what I call the financially motivated or criminal aspects of cyber intrusions, you get to see a ton before, you know, bringing that skillset and experience into the private sector. 

Ann Johnson: Yeah, absolutely. And before we get to talking about the talent shortage, I have a question because something you said spurred this thought in me, which is, you talked about cyberterrorism. Can you talk a little bit about the differences - the things, types of attacks we see? And I know people are used to the standard breaches or ransomware, but I don't think people are as well-educated on cyber-espionage and cyberterrorism. Would love to just get your perspective for the audience on what those actually mean. 

M K Palmore: Yeah, you bet. So when - in my time in the FBI, we typically categorized cyberactivity into four different categories. I mean, it was those that were national security-focused, and that's all of the both known and unknown advanced persistent threat activity related to nation-states, for which the FBI has the lion's share of those investigations. I know that may be a surprise to people, that the FBI takes the lead on national security, cyber investigations. And then you have, of course, the financially motivated criminal aspect, which is the vast majority of the cyber intrusions that you hear about annually. And the FBI gets a good portion of those in terms of investigations, but then you have hacktivists or socially motivated cyber intrusions. 

M K Palmore: And then the last thing, the area that probably gets the least attention but can have the widest impact, is anything related to insider threat. And that can be both, you know, insider threat related to just accidental cause. In other words, you know, things that internal employees, contractors and others may be doing in terms of misconfigurations or not appropriately placing controls in place that limit access to environments, and then you have the malicious ones that, you know, there's always different motivations behind those in terms of insiders that may use their appropriate access for unwarranted activity. 

Ann Johnson: Yeah, I think that we're starting to hear more and more about insider threat and people being even planted into organizations but also people who are desperate, right? I was - you know, the desperate people do desperate things, people that may be going through some type of financial issue and suddenly they see an opportunity to sell their company's data, or people who are just flat out angry with the company - right? - and they see an opportunity to destroy company data. So I think that's all of those things. 

M K Palmore: No - completely agree. And, you know, all the more reason, I think why we're now as an industry talking more about concepts like zero trust, which if deployed correctly, hopefully takes into account the possibility that an adversary is already within the network and limits the blast impact of the ability of folks to move inappropriately laterally from one location to the next in an environment. So, you know, concepts like zero trust, I think, become important and tangible when you start thinking about the potential for insider threat and other attack vectors on a large-scale enterprise. 

Ann Johnson: Completely agree. All right. Let's move into the talent shortage. You know, no matter what data you read, there are many, many, many, you know, in the millions of job openings of cybersecurity professionals globally. You can rationalize it in a lot of ways, as people do, but at the end of the day, there are some macro factors that are definitely at play. So why do you believe the cyber talent shortage is an issue, and why is the talent shortage becoming so acute, especially in the past few years? 

M K Palmore: Well - so there's a couple of things there. One, I think we've all noticed, both as a society and as business industry, our reliance on cyber, or I should say our reliance on technology, has increased significantly and I think will continue to increase. We saw during the pandemic, in fact, that, you know, our reliance on technology - technology was really the backbone of - sort of holding society together, our ability to communicate with one another, stay in touch with one another while we're all, you know, at least at the time, we're kind of locked in our homes with limited access to, you know, family, fellow employees and the like. And businesses, of course, you know, saw the need to rely on their technology in order to continue operations. And those businesses that did not have a technology component, I think, suffered in a significant way during the pandemic, as we realized that technology really kind of forms the core piece of a lot of what we do. 

M K Palmore: So you may agree. I don't think you can have conversations about technology without thinking about security, and so cybersecurity continues to become this really, really important factor, not just in terms of business operability or resiliency but maintaining, you know, our societal operations. And so the emphasis on the need for cybersecurity experts and for those that come into this pipeline to be available and to plug into the various aspects of how cyber impacts business become increasingly more important. And that's why I think you continue to see this pipeline shortage year over year in terms of getting folks into the industry. So it's rising in importance, and the number of folks that are currently aligned and pointed towards this industry is just not enough to fill that pipeline. 

Ann Johnson: Yeah, and I think that - and we'll talk about this a little bit, but are our expectations too high? And I'll just give you the example of me, right? I've been in tech 30 some-odd years. I've been in cyber 22 years. I have no - you know, when I went to join RSA Security in the year 2000, I had no background. I was in the storage business, and I had done networking before that, and I don't have a technical degree. And I look at that and I say, would I hire that person today, right? Or would our JD lend itself to hire - our job descriptions lend itself to hire that person today? And the answer is probably no, by the way. So could we talk a little bit about the barriers that we are putting up organizationally against getting folks into the industry? You know, do you think that's true? You know, if it's true, why do you think we put up these barriers? And then most importantly, how do we fix it? You know, how do we lower the barrier to entry and be more willing to train individuals? 

M K Palmore: So I absolutely believe it's true. As an industry, we have to do a better job, I think, of really identifying what is it that we are looking for in terms of bringing onboard new skill and talent into our organizations? You've seen, I'm sure, as much as I have the running jokes around the JD's or job requirements that we put in terms of even new employees into the industry. We're asking for, many times, a minimum of five to 10 years experience, presence of certifications or degrees before we even look at someone to bring them into the field. And that does one of two things. One, it stops folks who may have the requisite, you know, the intelligence to flourish in the field and the level of curiosity. It prevents them from applying for these jobs. But as job seekers, it also gives them this idea that, well, I don't have those skills in hand. I wouldn't be good at this, so I'm not even going to apply. 

M K Palmore: We have to do a better job as an industry of identifying what are the core skills that we are looking for in new entrants into the field, and they may not necessarily fall into the typical buckets for which we normally assign those skills. And while, you know, I went to a STEM university, I'm not a STEM graduate. You know, I have a Bachelor of Science degree, but my degree is in political science. And I had to take all of those engineering courses as a component of graduating from the college that I went to school at. 

M K Palmore: But, you know, we have to broaden our optic as an industry and look for folks who have the potential to flourish in our industry, and then we have to be willing to train them and give them the opportunity and time to develop their skills on the job. And I think that, in and of itself, will help to increase the number of folks that we get pointed towards that field. And of course, I believe there is also a diversity and inclusion component to that in terms of widening that optic. We need to spend a little bit more time as an industry reaching out to diverse communities and saying to them that if you have an interest in this and you're teachable and that you go through these specific processes that are available via nonprofits - and I know Microsoft does some work in this realm, as does Google and lots of other tech industries, like, providing the kind of skills and training, there is a way to get more folks pointed in this direction and interested. But as an industry, we have to be more welcoming to folks who don't fit the typical mold of a cybersecurity professional that we, you know, are typically used to seeing. 

Ann Johnson: Yeah, I was - and there became this, and I don't know if it was true, but like, in cybersecurity, urban legend a couple of weeks ago that I was reading on the internet about a job description that asked for 10 years of Kubernetes security experience. And, you know, we're all looking at it and saying, I don't think Kubernetes has been around 10 years, but good luck. 

M K Palmore: Exactly. 

Ann Johnson: Yeah. 

M K Palmore: Exactly. 

Ann Johnson: Good luck finding that, right? So let's dig into the diversity piece because, you know, one of the things that we talk about a lot here and I know you talk about over at Google is that you don't get good decision-making with people in the groupthink, right? If you have the same educational background, the same socioeconomic background, the same demographic background, you think the same way. You look at problems the same way. And cybersecurity problems are really hard, so having people with really diverse backgrounds, diverse educational backgrounds, diverse socioeconomic backgrounds and demographic backgrounds makes for better decision-making. Study after study after study, by the way, has proven that, right? Having more diversity makes for better decision-making. Having more diversity in the industry will also pragmatically help us fill all of the opening roles. 

Ann Johnson: And I love to call out the industry on this because I've been, as I'm - you know, you heard, I've been in cyber since the year 2000, right? And I see leaders continually source talent from the same talent pool rather than investing in new approaches. They're going out to their networks. They're not even really trying. I was on a - I was invited to speak at an event - you'll - I think you'll appreciate this - where it was a panel. It was five white men and me. And I said, that's not diversity. And they said, well, we're including you. I said, that's still not diversity. And I declined it because I just said, you know, we have to do better, right? We will better serve the world when we better represent the world, and the world doesn't look like me exclusively. So all that being said, am I pontificating on my soapbox here? What do you think are some new approaches and strategies that you'd recommend to leaders that will help bring new talent to the table? 

M K Palmore: So wow - I mean, there's a lot to unpack there, to include - you know, kudos to you for turning down that opportunity to speak on a panel because it wasn't diverse enough. I am shocked oftentimes with our industry that it's not more apparent to people that we need to - that we need to be more diverse. Our users are diverse. In other words, the community that we're, you know, selling and presenting all of these wares and technology to is an extremely diverse community. So why shouldn't they have a hand in both building and learning to protect it? There's a lot of things that the industry can do to foster more diversity and inclusion, and it begins at the hiring manager level. It begins at the, you know, leadership levels of companies to make an intentional decision around building more diverse teams. That intentionality is so important that I think without it, you actually don't get the outcomes that you're looking for in terms of presenting a more diverse workforce. And, you know, plus one on your comments about decision-making. 

M K Palmore: It's been proven time and again that diverse teams make better decisions, and that's because you're bringing into, you know, the opinion cycle or decision cycle a variety of backgrounds and experiences that actually enrich your ability to come to better conclusions. Even if you look at this mathematically, if you're sourcing all of your beginning with a very similar sourcing point, you know, the outcome of that is going to look like that sourcing point. So in terms of creating better decisions, I would think businesses would be all over the idea of trying to get to better outcomes by creating more diverse workforces. And I think that, you know, at a variety of levels - hiring manager, leadership levels - there's a lot of work to be done. 

M K Palmore: And organizations like Cyversity, which I belong to, are part of the answer. They're not the whole answer, but there's a litany of solutions, from nonprofits to colleges and universities introducing the subject of cybersecurity much earlier in the learning cycle for our society, maybe even at the high school level, just giving some basic exposure to it and what it presents in terms of opportunities. And then explaining to folks, quite frankly, what just an enormous job opportunity it is. Of all of the variety and domains within cybersecurity, all of the different things that you can do, it's such an immersive and expansive career choice for people that, oftentimes, I think we don't do enough getting people excited about the potential to be into cybersecurity. 

Ann Johnson: Yeah. And I think there's something - to pull the thread on that, I also think that - so we do a reasonably decent job - right? - because we make it intentional and deliberate in every day of recruiting diverse talent. But there's a retention piece of that, right? And I think we're also failing as an industry to retain diverse talent because, you know, I watch, like, female - and I'm just - I'll talk about women 'cause it's my point of reference, right? I watch females in the industry just get really inspected, I would say, for their technical skills in not a constructive way, right? The assumption is, oh, you're a woman. You're not technical. And some of these women are some of the, you know, deepest technical people. Not that that's the only skill we need, but there's this automatic assumption that you're a woman, so you can't possibly be technical. And it's - and it turns people off, right? They're like, why do I want to - you know, I'm not going to get up every day and go work in an industry that clearly doesn't want me, and it's hard every day. And I think there's something we have to do from a cultural standpoint not just in recruiting but also retaining the talent. 

M K Palmore: No, yeah. And this is an important piece, and I think, you know, second to the idea of getting folks in the door, you're absolutely right. The retention piece is high on the list of things that need to be fixed and/or addressed. I think that similar to women, people of color also feel that sort of invisible presence of a heightened bar for them in terms of performance once they do get into the industry. And I think that unless there are encouraging pathways to show folks that there is an opportunity for them to advance, expand their opportunities and not automatically feel like that, you know, your - that your ideas are immediately being questioned, I think there's a lot to be done there. And retention, I think, is a - it's a difficult piece, though, for most large-scale enterprises. And my limited experience on the private sector is that nearly every private sector entity that I've seen or touched upon has a challenge and a difficulty in this arena in terms of, once getting diverse talent on board, retaining them. It - I don't know where, you know - I don't know what the broadest and most usable answer is there, but it's clearly an area that needs attention. 

Ann Johnson: So let's, then, talk about a little bit about what individuals can do, right? I'm a big believer in the participate in your own rescue philosophy. So what resources are out there for people to build their networks or skill sets, find sponsorships to get started? And then talk a little more about Cyversity, its mission, what its goals are, and how people can get involved. 

M K Palmore: Yeah. So I think the networking piece that you highlight is extremely important. I think that as folks realize that this is an industry that they'd like to be a part of, that they have an interest in, I think the idea of expanding and building a network towards that end should be the goal of everyone both in the industry and anyone that wants to be a part of it. It was essentially the motivation for me to join Cyversity when I did. And so Cyversity, for those who are not familiar with it, is a organization started around 2014 by several African American CISOs. These are, you know, at the time, gentlemen who had deep experience in cyber. Many came from government backgrounds, and so they had both practical experience and exposure to the industry. 

M K Palmore: You know, they were at an annual security conference and realized that - you know, that there weren't a ton of people in that conference that look like them. Representation absolutely matters, and so they started this organization with the idea that, hey, there are in pockets women and underrepresented minorities in this industry, and we should create a venue that both enhances their ability to thrive in the industry and also creates an environment where folks can exchange ideas and be a part of a network that can essentially help one another gain traction in this industry. 

M K Palmore: So I got exposure to Cyversity around 2017 at a West Coast conference by Cyversity, attended the conference. There were some phenomenal speakers, some representatives from underrepresented communities who were already in tech present at the conference. And it was like any other security conference. We talked about security topics, but there was also an opportunity to then network with folks who look like me and were part of the same communities. And it was interesting, you know, as I got an opportunity to see folks who had, you know, spent a ton of time in this industry. And the topic, again, resonated with me because my experience had been, at the time, you know, I was in an executive position for the FBI and spent a good majority of my time providing briefings to the private sector at the CISO and board level, and I noticed every time I went into a company to talk about cybersecurity that there was rarely anyone that looked like me, not to mention, you know, the absence of women, also, at that level in terms of high-level security executives and as board members of these companies for whom they were now espousing security to be a top priority for their business. And so it really motivated me to get involved in the organization. 

M K Palmore: And when I retired from the FBI and came into the private sector - at the time, I was at Palo Alto Networks - I advocated for standing up a West Coast chapter of Cyversity. And at the time, it was called ICMCP. And I got some tremendous support, corporate support, from Palo Alto Networks at the time, which really helped to provide momentum to get that chapter off the ground, and it's still one of the most vibrant chapters for the Cyversity network. So it's a national organization that eventually is looking to go global in terms of its presence. We're always looking for opportunities to expand because these same limitations and same barriers in terms of barriers to entry into the field are felt in global markets. And we have a number of chapters and places like the Bay Area, like Atlanta, New York. We're standing up a D.C. chapter here shortly. We have a chapter in the Twin Cities. We have a chapter in Texas. 

M K Palmore: And the idea there is to give women, people of color opportunities to not only enhance their cyber skills and so there are scholarships and other opportunities that are available for new entrants into the field - but also an opportunity to network, provide and be exposed to security training, things that will enhance your skill set - all the same types of things that people are looking for, you know, with a, you know, a variety of security conferences that we all attend on an annual basis. But Cyversity has been an asset to me, and I like to operate from the mindset that, you know, I've benefited from exposure to this group, and I like to bring it to others - both as an evangelist, but also as an opportunity to help people get into this field. And there's a lot of work that's still yet to be done, but you got to go all-in somewhere, and this is the organization where I've decided to go all-in in terms of my time outside of my day job with Google Cloud. 

Ann Johnson: Yeah. And you - I mean, you and I first met at the - at a Security Advisor Alliance event, actually, when you were at Palo Alto, which is, as you know, an organization that's trying to bring cyber awareness into high schools and junior high in the U.S. So I know you have a lot that you do for the community - that you've done a lot for the community since you've been in cyber tech, and I'm always impressed - right? - by it. I see your name, and I hear your name in so many places. What - other than Cyversity and your day job, is there anything else you're working on right now that you'd like to share with us? 

M K Palmore: It's in conjunction with Cyversity. We have a fantastic scholarship opportunity that we are about to launch, which is essentially a version 2.0 of something that we did here localized in California last year. So Cyversity partnered with the SANS organization. And SANS is - you know, for anyone that's in security or has been around security knows that they are an institution in terms of cybersecurity training, but they also have a commitment to increase providing cybersecurity training to diverse populations. And we partnered with them in a scholarship opportunity that provided cybersecurity training within the state of California for women and underrepresented minorities, and we took about 80 folks through a certification program and then subsequently a smaller group of 30 through three SANS cybersecurity training courses that ultimately resulted in them graduating from those courses, and the vast majority of them all have jobs now in cybersecurity. 

M K Palmore: So the takeaway point there - and I think you know this as well - it's been proven and shown that cybersecurity skills training is the most productive path to getting new folks into the industry. In other words, that if you provide people with substantive baseline cybersecurity training, it typically prepares them for and can get them rolling in their first jobs in the industry. And so version 2.0 of that particular iteration is a much broader program - that we currently now have sponsors from both Google Cloud and Palo Alto Networks - a much more expansive program, where we're going to, one, increase the pipeline of individuals that we're going to train, and we're going to include vendor-specific training in the first phase of this. In other words, both Palo Alto and Google Cloud have volunteered to provide free training at the initial phase. And the idea here is that we wanted to touch each of the individuals that came through this pipeline and give them an opportunity to get started on their cybersecurity journey and then subsequently provide them again with that core three courses with certifications in the SANS pipeline. 

M K Palmore: And so this three-phased program - that will include a cyber assessment at the beginning, vendor training in the second phase and then SANS-specific training at the end - we hope to launch here in the early fall and then subsequently get an opportunity again to get potentially north of 100 individuals through this pipeline in this first cohort, get them cyber-specific training and then help them launch their careers. And I don't know about you, but I get the biggest bang - the stuff that gets me up in the morning is hearing about someone that we've helped in that regard, you know, provide us - even if it's a two-sentence feedback - hey, thank you for the opportunity to train. 

M K Palmore: I'm working in cybersecurity now. And I can't tell you the number of times I've actually seen folks get on the other end of this and get jobs. It's exciting to be able to help people do that, and to the extent that I can, again, with my quote-unquote, "free time" - I don't have an issue focusing on that just so that we can help other people get into this industry. And that's one of the projects that we have underway. So it's a global cybersecurity training program by Cyversity and the SANS organization, and they've just been tremendous partners in helping us build this and put this together. And then again, our sponsor - our current sponsors for this current cohort, Google Cloud and Palo Alto Networks - they've just been phenomenal as well. 

Ann Johnson: Well, thank you to Google Cloud, Palo Alto and to SANS for pulling this together. We need it. Look, the industry as a whole just needs more and more of these type of events. And I think we need a Cyversity chapter up in Seattle, also, so I will talk to you offline about how we get that started. 

Ann Johnson: Last thing - we try to send our listeners off with one or two key takeaways about how you think we can overcome trends or things that are just top of mind for the industry, but something they can take action on. What would you like our listeners to know? 

M K Palmore: I think that, you know, key takeaways for me are - in this industry, you can learn this material. You can learn to become a functioning and value-add member of this industry. And so for folks who hear this podcast, if you haven't already gotten this takeaway, if you're interested in this field, there are avenues of approach, and there are organizations out there that can help you on that journey. And while I've been talking about my membership in one particular organization, and that's Cyversity, I'm a big fan of other organizations out there, like WiCyS, SANS, you know, which we've mentioned already. There's just - there's a lot of different ways for folks to get into this industry. And so for those who look at it and say, well, I can't do that. I'm not a STEM major. Please don't let that be the barrier for entry for you to gain interest in this organization. 

M K Palmore: And so please, whether it's Cyversity or another organization out there, join these organizations. Support them and build that network. Look for opportunities to get engaged because I think, you know, while cybersecurity is going to be around as a very healthy industry from a job prospect for a good many years to come, and I can't think of a better place when folks think about contributing to not just, you know, business operations, but how about society overall? It's such a fascinating place to be right now. Big problems - you know, big problems as it relates to security being tackled and challenges being undertaken - it's just an amazing field to be in right now, and I just want to encourage anyone that's within earshot that there are opportunities to get into this field, and people should, you know, do what they can in order to raise their hand and say, hey, I'm interested. And there are organizations out there like Cyversity that will help walk you through this process. 

Ann Johnson: Thank you so much. I couldn't agree more, right? Don't be your barrier. Don't let your own headset about whether you could be successful be a barrier. Join these organizations. Learn about the industry. Overcome whatever barriers you think there are because there is a huge opportunity. And I love this industry because we're mission-driven. We're working for a purpose - keeping the world safe. It's a wonderful thing to get up every day and think about. M.K., thank you so much. I know you're incredibly busy, so thank you for making the time to join "Afternoon Cyber Tea" today. 

M K Palmore: You bet, and thanks for having me. Thanks for giving me the opportunity to talk about all that I'm engaged in. And I love what you're doing here with this podcast, and keep it up. Thanks for having me. 

Ann Johnson: Thank you. And many thanks to our audience for listening. Join us next time on "Afternoon Cyber Tea." 

Ann Johnson: I invited M.K. to join me on "Afternoon Cyber Tea" because he has such a depth and breadth of experience in the industry - 22 years in the FBI. He's been at Palo Alto Networks. He's been at Google Cloud. He's been a huge champion of diversity in the industry, and it's really incredible to have people like him in the industry, and I knew he'd be an exceptional guest on the show.