Special Editions 11.19.23
Ep 56 | 11.19.23

Breaking Through: Securing the advancement of women in cybersecurity.


Dave Bittner: Hello, Dave here. We want to share a special conversation with you all that's part of N2K's "Women in Cyber" content series brought to you by Tulsa Innovation Labs. N2K is excited to host an engaging virtual panel discussion moderated by our president, Simone Petrella. The discussion features insights, experiences, and strategies for advancing more women into leadership roles within the field. We hope you enjoy.

Simone Petrella: Good afternoon, everyone. Thank you so much for joining us. I wanted to get kicked off today and welcome a guest of panels we have to talk about some really important issues around women in cyber security. So, in this dynamic field, it's been well-established that creating more opportunities for diversity, inclusion, it's essential for developing a highly skilled workforce. And as an industry, we're starting to see the first of that labor, but there is still a growing need for more diverse leadership to nurture continuous innovation and resilience in cybersecurity. So, I am so excited as part of N2K's 2023 "Women in Cyber" content series to host this engaging virtual panel discussion, featuring the insights, experience, and strategies for advancing more women in leadership roles within the field. So, I will let each of my panelists introduce themselves here. But before we dig in, I want to give a big thank you to Tulsa Innovation Labs for being our champion sponsor of this content and our "Women in Cybersecurity" content series this year. So, appreciate all the support. Thank you so much for everything you do. As a reminder to also anyone here, this discussion is being recorded, not only be available for access and listening after we record this discussion but will also be available as a special edition episode on the "CyberWire Daily" podcast and that will feature and run Sunday, November 19th. So, thank you all again for being here. We've talked about, you know, where I'd like to start things is around navigating the cybersecurity landscape and what types of opportunities and challenges that also presents for women navigating the space. So, if we can start it off and, Abisoye, I'd love to start with you, if you can start with an intro of yourself and a really brief summary of your journey into your current role.

Abisoye Ajayi: Thank you very much, Simone. My name is Abisoye Ajayi. I am the cyber analytics manager for Tulsa Innovation Labs. I am deeply committed to creating economic opportunities for underserved communities and have a strong passion for mobilizing technology to generate diverse economic prospects for underrepresented demographics. So, early in my career, I actually established one of the pioneering tech booth camps for girls in Lagos, Nigeria, and for approximately let's say a decade, I led this nonprofit organization called Girls Africa. The essential service is dedicated to empowering young girls and women from underserved communities with tech skills, mainly for the purpose of economic independence. And three years ago, I came to the US to pursue a Master's degree in public administration at the Harvard Kennedy School of Government in Cambridge, Massachusetts. And following that completion of the degree, I decided to follow my career and went on to pursue an MBA in cybersecurity at Ottawa University. So, upon finishing my second Master's degree, I got my current role. So, in my current position, I'm responsible for managing the cyber portfolio at Tulsa Innovation Labs where I help in designing and executing philanthropic initiatives aimed at fostering Tulsa cyber and data analytics ecosystem.

Simone Petrella: Amazing. Thank you so much for being here. Lauren, why don't we hop over to you?

Lauren Zabierek: All right. Well, thank you so much for having me. It's such a pleasure to be on with all of you and I just really want to say that I'm such a fan of Tulsa Innovation Labs so this is a real pleasure. And, Abisoye, I've heard you just mention the Harvard Kennedy School. I think we must have crossed paths at some point while we were both there. So, that's really exciting. So, my name is Lauren Zabierek. I am a senior advisor at the cybersecurity and infrastructure security agency where I get to work on a host of really hard problems for the security of our nation. I have a little over 20 years in national security between the military, my time as a civilian in the intelligence community, the private sector with a cybersecurity startup, and then into the Harvard Kennedy School where I was a student but then also ran the cyber project at the Belfer Center there. So, looking at national security for a number of different angles and, you know, just really excited to have this conversation today. So, thank you.

Simone Petrella: Koma, last but not least.

Koma Gandy: Hi, everyone. I'm Koma Gandy, Vice President of Leadership and Business Solutions at Skillsoft. And my entry into the cybersecurity landscape started a long time ago. I was an active-duty naval officer. When I left active duty, I started working in information security and cybersecurity. So, I really was fortunate to see one of the sort of evolutions of cybersecurity moving away from simply things that we thought about in let's say national security context but into how it started to permeate our everyday lives. Throughout my career, I have been sort of adjacent to cybersecurity, information security, putting together solutions in various landscapes like financial services, airspace, and defense where if it's not a primary concern, it is definitely a concern when we're thinking about how do we implement technology solutions that increase efficiency without exposing companies and organizations to operational and information security risks. And later in my career, I came to Codeacademy whose mission was to provide technical education to anybody who wants it and to almost democratize access to technological education. And I spearheaded our cybersecurity curriculum because we all recognize the gap in providing cybersecurity professionals who are equipped, and spearheaded that curriculum involvement at Codeacademy. And now as part of Skillsoft, I'm really excited to be part of an organization that offers, not just technical instruction but instruction in certifications that are relevant and necessary for cybersecurity professionals along with equipping cybersecurity leaders with the skills that they need to lead teams and organizations effectively. So, really excited to be part of this panel and really excited to learn from everybody and talk about all the ways that we can get a more diverse representation into the cybersecurity profession.

Simone Petrella: Great. Thank you so much. And it's so interesting to hear, you know, especially when I talk to folks who have been like yourselves in the industry for so long, I've been in the cybersecurity industry for over 15 years. And we talk about, you know, each of you share your kind of story and your career path, whether it's the military, intelligence community, through academia, nonprofits, they are so different and so diverse. And I think there is a perception today, especially for increasing diversity in the field that there is actually a singular path to get into cybersecurity. And we're an example of that there are actually many divergent paths to get in there. But I'm curious, just to throw this first question out to anyone who wants to kick off, you know, as that landscape is evolving for us in cybersecurity, what are some of the unique challenges it's presenting for women in the field and on the converse, are there any unique opportunities that are kind of in play as a result too?

Abisoye Ajayi: I believe there's a vicious cycle created by stereotypes whereby girls often avoid STEM subjects and this leads to fewer women in tech organizations which pretty much perpetuates this cycle. Despite this kind of underrepresentation of women and young girls in cyber, I believe this is poised to change because even cybersecurity is one of the career choices that allows remote work. And so, I believe this flexibility makes it more accessible to a broader demographic of women and young girls so I am optimistic that as cybersecurity continuously evolves and becomes even more conducive to remote work, more women will take advantage of this opportunity.

Simone Petrella: Lauren, what do you think?

Lauren Zabierek: Yeah, you know, I think there is -- you know, Abisoye was just mentioning this the challenge at the entry in junior levels and I think that's absolutely right. But then we also face issues later on, right? So, you mentioned this idea of remote work which is important. I work remotely. And to be quite honest, I don't know if I would be able to have such an impactful great job if I wasn't able to work remotely because, you know, I have a family and other considerations. And so, yeah, there are a lot of different challenges that I think in cybersecurity we can overcome. And certainly a lot of opportunities. You know, when Camille Stewart Gloster and I started ShareTheMicInCyber, we came to that with, you know, a mutual understanding and agreement that diversity is national security. And we have to do what we can in order to clear pathways and provide opportunities and, you know, shine a light on people who are doing this work, you know, who maybe haven't gotten that recognition before. But in doing so, you know, really highlight the workforce, again, challenges and the opportunities and I think, you know, as we were saying, there's a lot here that, you know, we can really make it conducive for a lot of different people.

Simone Petrella: Koma, I'm interested in your perspective given that you're looking at this from, you know, educating and training, inspiring people in the field. And so, what have you observed whether it be Codeacademy, your current work at Skillsoft that are kind of the challenges women face breaking into the field as the landscape changes as well as the opportunities?

Koma Gandy: For us, we wanted to make education as accessible and as welcoming as possible where we wanted to encourage anyone who wanted to pursue a career in cybersecurity and show them that this was possible, that it's not just for a special group of people, it's not just for former military people, that there are a lot of concepts, both technical and in terms of just how you think about solving problems that somebody can bring to the table and find opportunities to pursue exciting careers in the cybersecurity. So, we designed our curriculum when I was at Codecademy, we lead with interactivity. So, we wanted people to feel like they were engaging in the types of activities that they might actually hone and develop as a professional worker in the cybersecurity industry. So, we introduced them to basic tools, we introduced them to basic concepts, we get their hands on the keyboard, actually doing things and learning elements of what they need to be successful early on to build that confidence and to build that muscle that says, hey, I can actually do this. So, that was really the approach that we took, that we created an accessible curriculum for anyone, not just a former programmer or somebody who already knows Python or, you know, that we brought them into the environment and then encouraged them to explore so that they would immediately feel like this was something that they could do. And then expanded on that curriculum in different directions so that once they build that foundation, not necessarily technical foundation, but that feeling that, yes, I can do this, then we basically allow them to pursue different options. And now combined with Skillsoft, there are specific courses that can be taken and certifications that are, you know, industry-recognized. So, it really was how do we create a curriculum that is welcoming, inviting, and builds confidence on day one so that that person can see themselves in the role that they aspire to do.

Simone Petrella: You know, one thing that sticks out to me is around this idea of, you know, when you think of the opportunities, we're creating access, we're creating more opportunities for women and more diverse people from different backgrounds to get into the field but there's that secondary component around what's the ecosystem that surrounds it and how do we think about the mentorship and allyship and what's that network of women who are, not only breaking into the field at the entry-level but are progressing and becoming leaders as well. How can we create that environment where everyone thrives? And, Lauren, I want to actually kind of start with you on this because you mentioned that you co-founded the social media movement ShareTheMicInCyber which I am a huge fan of and a huge fan of both you and Camille. I want to start actually by telling a story because it came up for me last night, and it's not related to cybersecurity but I was -- I had the opportunity to go totally out of my comfort realm, I was in a room with a dinner of women, all in the investor space which is apparently very similar to cyber in that there are not a lot of them. In fact, potentially even less representation of women who are investors and manage capital than we have in cybersecurity. And one woman shared the story about dealing with her daughter in college and asking about the different areas that her daughter was interested in going into, and specifically called out finance. And her daughter was like, "Oh, the finance bros. No." Like I don't have a Patagonia vest and I'm not going to be a finance bro and none of my friends are going to be finance bros, like that's only the finance bros. And her mom was like, "Oh, my God, like why?" Like what is the barrier to you wanting to do this as a field where you kind of have to get in there? And I think it led to a conversation around, well, if you don't see yourself because you don't see other people like you in the field, it becomes almost a deterrent. And so, Lauren, I kind of want to talk a little bit more about ShareTheMicInCyber and this idea of the impact that we can have and what we need to be doing to create an environment where women, not only thrive in cybersecurity but see themselves in cybersecurity, and progressing and leading in cybersecurity.

Lauren Zabierek: Yeah. No, thank you. And I appreciate that story. Yeah, I'm sure we've all found ourselves in rooms like that where -- or at least in places like that, in boardrooms or offices where we're kind of looking our hands and hm.

Simone Petrella: Yeah, it's just a hoodie. We have a hoodie. They have a Patagonia vest, we have hoodies.

Lauren Zabierek: Yeah. Let me kind of start, you know, by telling another story actually. So, when I was coming up through the military and the intelligence community, I didn't see a lot of mentorship, I didn't see a lot of community and outreach, and I distinctly remember the saying -- I don't know who said, I don't even remember the context but, you know, I had asked someone about this and they basically told me, you know, "Our generation pulled ourselves up by the bootstraps and you should too." And that threw me, honestly. Okay. That's, you know, understood, but when you take a step back and you think about this from a recruiting and retention standpoint, that is so damaging to the workforce. And so, at that point, I just remember thinking this is not the answer. We need to do better here. Now, at the same time, I had been in the counter-terrorism realm and saying you can probably imagine what kind of environment that is. I remember just always having like the skull on my face because, you know, if you're, you know, smiling or whatever, people might take that a certain way. And so, it just, you know, always kind of in this, you know, really hard mindset. And I also felt like I was banging my head against the wall. And then I took this class at Georgetown -- I had been going to Georgetown at the time, I only got halfway through the program because I kept pulling. But I took this class called Women in Leadership in National Security. And I'm not kidding you, it changed my life. And this class was taught by my now friend, I call her friend now, Diddy Hatfield when she was a colonel in the Air Force. And it just made me think about the things that we bring to the table and the connections that we can make. And that we shouldn't put ourselves sort of away, right, in a box just to be at the table, right, we should bring our full selves and it should be celebrated. And that truly just changed everything for me. And so, you know, in subsequent places, I tried to bring that with me, right, and I had also met someone in the army who she had started this sort of mentorship network thing that was kind of like this peer-to-peer sort of initiative. And so, I took those ideas with me at different locations to try to further those ideas, some, you know, readings and things like that. Because I just thought we have to do better, we have to come together, we have to help each other or else we're, you know, we're not going to have what we need in our -- or the representation that we need in these industries. And so, that ethos, you know, was really with me too when we did start ShareTheMicInCyber. But I think, you know, to your point about seeing each other or seeing yourself in these roles I think is super important and I think too in situations where others can see you as well is also so impactful. I look at some people who saw me when I didn't see myself, and I'll just call out -- obviously, I probably remember Eric Rosenbach, right, like without someone like him and, you know, I certainly wouldn't be where I am right now. So, like that concept of mentorship and connection I think is so critical.

Simone Petrella: Yeah. Abisoye, I would love to get your perspective on this and where you see mentorship and this allyship and strong network, both of women and champions and men and the entire ecosystem in kind of propelling women into leadership roles in cybersecurity.

Abisoye Ajayi: Alluding to what Lauren said about representation, representation must start at the office and it's super important everywhere else. Most cyber-related organizations are male-dominated. I think, I believe it's the same with every STEM-related sector anyways. So, having a mentor will help anyone to understand the nuance of the new environment. So, for folks who are trying to get into cyberspace, for instance, I would say a mentor can actually help you build self-confidence, and having an ally will actually help you when it comes to advocacy. Women should look for two different kinds of mentors. If you ask me, I'll say you need people who are generally building your confidence, you need people who are probably giving you actionable guidance on specific career paths. You can find them -- again, you may not be able to find them in the same package actually. So, if you're looking for someone with a general form of mentorship, I'll say it can be a close personal connection or someone you have some form of shared history with. And then if you're looking for a specific career mentor, I will say this can actually show certain mentors in this category would actually prefer that you show a situation or you show traits in place that you want to invest in. And this can be that you've done a ton of certain work by yourself. And the potential mentor will just know that your ambition is enough to say my time is worth it and you're worth this kind of investment. So, get two different kind of mentors. Some you have a personal connection with, a person that you're still with who can actually help in building general confidence, help you build yourself at STEM, and is a specific point for career-related goals.

Simone Petrella: You know, one thing that strikes me when you mention that, and Lauren speaks to what you said earlier too, I have found, both in my own career but also with like women coming up who I mentor and talk to, we sometimes don't state our intentions of where we want to go in the table. And, you know, asking someone to be a mentor or a champion, if you don't kind of articulate where you want to go, then it's hard for someone to help you get there. And it just strikes me that that's something that we probably should all take away is, you know, we shouldn't be afraid to bring our whole selves to the table, but also be unapologetic in articulating, hey, this is where I want to go, help me get there. You know. And if someone says no, they're a pretty terrible person. Abisoye, the second thing that you said, which also I think is really critical in kind of this idea of closing the gender gap is there need to be actionable strategies. And those best practices and strategies often really fall to the organizations, right? We put a lot of burden on individuals to help themselves and that certainly I think is a distinctly American perspective, but organizations and agencies and companies all play a role in this too. What are some of the things that you see in organizations that are some of the obstacles women face when they're trying to kind of pursue these leadership roles within cybersecurity?

Abisoye Ajayi: This is going to be a continuation of my previous line of thoughts which is aspiring female leadership, build self-confidence, seek mentorship from experienced professionals. And then women should invest more in expanding professional network. Absorb as many women in your professional network. And even men, men can actually be great allies, if you ask me. And I probably share some part of that, you know, from my earlier career pathways. But, yes, when you get to the top, you will have internal and external allies supporting you because you've done a lot of work building your own network. Continuous learning and skill development are also crucial in gaining expertise and credibility in the field. To be honest with you, it is lonely at the top, it's not just a cliche. And especially when it comes to women in cyber when they rise to leadership, men can be your allies. So, women, we have to be -- when we get into a new environment, new organization, carefully study the men in the organization and seek out your allies. This way, when you get to the top, you will have a lot of people supporting you. And I mean, it's the same situation so I'm talking to all of us basically.

Simone Petrella: Yeah, no, great point. Koma, I'm curious from your perspective, what are some of the advice that you give to, you know, young women that you have worked with around, you know, they're looking to break into the field or aspiring to overcome those challenges and pursue leadership opportunities in cybersecurity? What advice do you give them?

Koma Gandy: Well, first of all, don't be deterred in the sense that it's not going to be easy but if you believe in yourself just like Abisoye said about building your self-confidence, if you believe in yourself and you apply yourself, you will be able to find those opportunities. And also find those people who are going to support you in your career. A friend of mine who I worked several employers ago said something that was really interesting. Your work speaks for itself but it doesn't say your name. So, you need to be recognized for the hard work that you put in to have people that will support you and especially, not only allies and mentors but sponsors. Who is that person who is going to be in the room and when a problem comes up or a challenge or opportunity, they say, you know what, I know a perfect person that can work on this. That that person will be able to align you toward opportunities where you may not be in the room yourself but you build that relationship that they are your sponsor, and they're helping guide and propel your career in directions that you may not have access to because you're not in the conversations where those decisions are being made. And I know that is something that I personally struggle with in the sense that coming out of the armed forces and coming out of, you know, my experience in the navy, you're not really used to going out and doing that. And when I was on active duty, there were very few women in leadership roles, and it was few and far between to be able to find those women and those male allies to be able to build that sponsorship type of relationship. Now we're talking about it, there's lots of discussions about how important it is, it's top of mind for leaders. So, don't be bashful in figuring out and determining, not just who your allies are, those women and men in the organizations, but find those sponsors and articulate what your desires are. And, Lauren, I loved the fact that you met people who could see you before you could see yourself. And it's so important to have that mixture of people supporting your career because those are the folks that when you're surrounded by them will align, prepare, provide you the constructive feedback, identify those blind spots, and help you work on them so that when an obstacle shows up, you're able to knock it down and just keep it moving. So, it's just important to really build those networks and the richness of those networks will help you shape, define, and guide your career wherever you choose to direct it.

Simone Petrella: That's a great point. And I think, you know, we as women, it's actually one of the things we're so naturally skilled at is kind of building networks and collaborating and coming at problems from a different angle. And, you know, in some ways, we're uniquely in a position of strength to be successful in leadership roles in cybersecurity. And it's just a matter of kind of helping to grow it up. Lauren, what is the advice you would give, especially, you know, you've been in the military, in the intelligence community, in the private sector, how would you kind of approach someone who's looking to overcome some of these challenges as they pursue a career in cybersecurity and then moving into leadership?

Lauren Zabierek: Yeah, I've thought about this a lot and I come at this from a structural standpoint actually. So, as a mother of two young children, you know, once I kind of came into motherhood, you know, it sort of all hit me. Let me back up real quick and just say when I was a student at the Kennedy School, I did a paper looking at maternity leave in the intelligence community. It hadn't been a thing yet, we didn't have -- they didn't have leave yet and this was after I had left. And as I was doing that research, I saw that at the entry-level, the recruiting of men and women was basically on par. So, at the entry-level ranks, it was, you know, mostly equal. But as you got to the higher levels amid career, and of course, senior levels, there was a high amount of attrition of women. And, you know, to both Koma's and Abisoye's point and I started to think about, well, why is that? And a lot of this has to do with the policies whether it's an organization, a company, the country, for instance, and so, what we need to keep women in the workforce and progressing to more senior levels is this support, right, the parental leave or even if you're not a parent caregiver, access to childcare, high quality, low-cost child care, just health, right, maternal health, mental health, physical health, just access to high-quality healthcare. Those things are all so important. And I think in these conversations about, oh, well, you know, why aren't women in these, you know, ranks and why aren't they doing these things. Let's look at the structure. These things are matters of safety and national security, it's not just the nice to have, and yet, you know, our nation and our policies just don't -- you know, they just discount them.

Simone Petrella: Yeah. And that's a great point. And there actually was a question from one of our audience members that I think kind of hits on this because, Lauren, you point to, you know, there is -- it's maybe not so much an entry-level experience gap that we're experiencing but it's this squeeze in the middle, right? You get to the leaders, but it's those in the middle and that becomes a really tenuous time. For a lot of folks in the industry right now, there -- you know, we have been dealing with a very challenging market, there have been significant layoffs in technology and other sectors. And many women facing those layoffs are kind of coming to this realization that they need to pivot after having maybe a 10-, 15-, 20-year career in a related but non-cybersecurity field. So, as we think about, not only advice for those women but kind of some of those structural things that we can do, how can we help people who are looking to pivot mid-career? You know. And kind of break into cybersecurity, bring what is this wealth of knowledge from a whole career, you know, in these very industries that we want to find them. What can we do to kind of give them an opportunity to get into some of those cybersecurity roles that we so desperately need them in? I'm throwing you all a curveball so I don't have a particular person lined out.

Koma Gandy: I think part of it has to do with helping people understand what cybersecurity is. The variety of different types of skill sets that can be brought to the table. So, it's not just technical skills and certifications but what are the things that a person can marry from their career align with the technical understanding certifications and knowledge, and then point them toward rewarding careers because people don't necessarily understand that there is a variety of opportunities that don't just line up specifically with what they might perceive to be the job role or the job families that sit within the cybersecurity industry. So, I think part of it is just being able to help educate and help give resources to women so that they can discover, oh, I didn't realize that this was an opportunity or I didn't realize that people did this in the cybersecurity industry. So, I think that really starts -- that's part of it that from people who might have excellent skill sets and aptitude, it's not what they think it might be, there's a wealth of opportunities available to them but they just have to get the opportunity to understand the different types of job functions that are available within the broad space of the cybersecurity industry.

Simone Petrella: Lauren, what are your thoughts?

Lauren Zabierek: Yeah, I think I definitely echo what Komo was saying and I'll just provide a couple of concrete examples. I mean, for myself, I came from intelligence, I came from counterterrorism and a lot of, you know, the lessons learned from all of those experiences have also, you know, shaped some of my thoughts in cybersecurity. There's also, you know, a number of roles. You know, even in CISA, right, I know some people who are in, you know, user experience, right, customer experience and, you know, here that's not just based on a product, right, it's based on like how we're doing our work. You know, people who have an extensive background in say journalism or writing, right, there's all kinds of roles in cyber that you can bring your perspective, you can bring your expertise from another place to then bring to bear to this very vast, very complex set of issues.

Simone Petrella: Abisoye, I want to point out because I know just I believe about two weeks ago, President Biden announced that Tulsa, Oklahoma will be designated as a tech hub. And that's a designation offered to it by the US Economic Development Administration. So, first of all, congratulations to Tulsa, that's very exciting. How do you think that will kind of open opportunities to elevate gender diversity in the Tulsa community and beyond?

Abisoye Ajayi: Let's start with the fact that at the core of everything we do in the Tulsa ecosystem is tied into development. At the heart of this is actually diversity and inclusion. So, the tech hub designation will open up opportunities to cut short a significant share of the global markets resulting in substantial job creation. Now, these jobs will specifically target women and underrepresented groups. Adding more diversity to the workforce and offering wages higher than the regional average. And currently, we are working toward phase two of the tech hub. We should be submitting this in February next year.

Simone Petrella: That's fantastic. And I think between, you know, pointing out what opportunities being a tech hub can -- Lauren, your comments and Koma's on switching from mid-career, one of the things I've always noticed for us in the industry, and I've been in this space for the last 15, 20 years as well is as an industry, we sometimes miss the boat on the fact that we care sometimes about institutional knowledge more than we do about the pure technical skills of cybersecurity. And the one thing that you can't teach someone off the bat is all the experience required of understanding an organization, its risk profile, what its ultimate business objectives are. And so, for women in particular who are pivoting in from other fields, that doesn't leave you. Like that's not experience that is not irrelevant, in fact, it's actually incredibly valuable to pivot into a cybersecurity position. I mean, my sense is sometimes that maybe as employers we sometimes are collectively kind of missing the value of that institutional experience over that technical skills. Is that something you guys agree with? Do you see that as well? Or are we actually kind of turning the corner and people get that now?

Lauren Zabierek: I mean, I haven't necessarily worked in, you know, the outside industry very much but from what I've heard from, you know, lots of different people is that job descriptions are still really prioritizing those very hard skills or very technical skills and, you know, certifications and, you know, certain years of experience. And I think -- but there's also this conversation that, you know, don't need a four-year degree, you don't need excellency, that entry-level jobs don't require all, you know, this laundry list of things, right, that we have to sort of optimize toward pulling in people and then you can teach them, you can teach those skills later on. So, I think there has to be more of those opportunities to pull people in, you know, based on curiosity and aptitude and, you know, leadership and, you know, desire to do this while giving them the experience and the skill set needed and continue to build on that.

Simone Petrella: Koma, you look like you want to add something to that so I wanted to give you a chance.

Koma Gandy: You know, I think you raise a lot of interesting points because the mindset from working in an industry that might not be specifically cybersecurity, that institutional knowledge is beneficial to shorten the distance between helping a business or an organization understand where its vulnerabilities are because you understand the ecosystem and the industry in which they operate. And I've been just thinking about aspects of having that information security and cybersecurity training later on when I was working for financial services when we were doing let's say evaluations of software, having an understanding of why certain questions are being asked, or what questionnaires are being presented that help teams who are supposed to be evaluating the security profiles, security risks, being able to have better quality conversations about why they need information or how to connect the dots more easily rather than somebody who may not have had an info set background and/or understand the industry that they're working in and may not understand why certain questions are being asked or why they need to understand specific aspects of architecture or planned deployment, or where data is going to be residing. Things like that, that those basics that you retain don't leave you. And I think that it's really important that we recognize that there is something to be said for being able to bring both together. And you can acquire the technical skills, there's a lot of opportunities to educate yourself but we shouldn't discount the value of that institutional knowledge and the ability to shorten the distance between information gathering and being able to communicate effectively with senior leaders in an organization who need to understand the implications of certain things that are or could happen.

Lauren Zabierek: And if I can make a quick call-out because to the point on job descriptions, I know that's something that we see very, very frequently is just how poorly written job descriptions are, even if they're over-indexed for technical skills or they are under-indexed and the things that are actually critical for someone to be successful in the role, that whole issue is compounded for women because we have studies that show that women will not apply for a job unless they meet almost 100% of the criteria. I think structurally and institutionally we can kind of keep the charge going to change those job descriptions. But my kind of quick highlight here is that if you are a woman looking to pivot or choose some of those jobs, apply, apply, apply, apply whether you think you meet the criteria or not.

Simone Petrella: Agree. Definitely agree. So, I want to kind of the last topic I'd like to cover before we wrap for the afternoon is really around the future of cybersecurity leadership and how can we look at this evolving role that women can play in shaping the future here. So, I throw this out, Abisoye, maybe we can start this one with you. How do you see the role of women evolving, specifically in cybersecurity leadership? Are there any emerging trends or new technologies that you think will help play a role in this evolution? Where are we going?

Abisoye Ajayi: I'd say the role of women in cyber leadership is evolving positively. And this is probably driven by increased representation, educational initiatives, and the formation of supporting networks. So, for instance, I belong to like two, three different WhatsApp groups whereby maybe each of them have about 400 people trying to get into cybersecurity. I mean, I don't even do anything in the group besides just watching and listening to conversations, and whenever folks need, you know, some form of assistance, I pop in, you know, recommending courses, certifications, or training opportunities. So, I believe the general drive for inclusion will also help to get more women in cyber. There are so many initiatives across the US right now encouraging women to join the cyber workforce. And when it comes to trends, I believe the shift to remote work really offers greater flexibilities, especially for mothers.

Simone Petrella: Lauren, what's your take? Do you see, you know, as you've kind of done all of the initiatives you've done in Recorded Future, with ShareTheMic, where do you see women going in cybersecurity leadership positions?

Lauren Zabierek: You know, I look to the women now who are in cybersecurity leadership, and I'm looking more government-wise because that's, you know, where I am and that's kind of where I've been focused for the last few years. But like, you know, we've got Kemba who's acting National Cyber Director. We've got Anne Neuberger at the NSC running cyber, you've got, you know, my boss, my ultimate boss Dr. Jen Easterly at CISA, and you've got all these women underneath them, right, Val Caulfield, our chief officer at CISA, Camille Stewart Gloster the Deputy National Cyber Director for Tech and Ecosystem Security. And the women who work with her, Uma Unlay, Angena Roujan, Aeon Islam. You can see the imprint or their imprint upon the strategic vision documents that have come out of the White House. You know, when the national cybersecurity strategy came out and the cyber workforce strategy came out, you could see the difference in the perspectives that shaped those particular documents. And I think it was fantastic. It was amazing to see. And I'm just -- I'm so proud of Camille and like just everything she's done and everyone at the National Cyber Directorate. And then, of course, to be able to work with all these women at CISA from the director down to the women I work with every day. So, we're here, right? We're doing stuff. So, I'm not necessarily worried about, you know, where we might be going, right, we're filling these top roles. It's the sustainment, right, to, you know -- I'm busy pulling, you know, former students in and, you know, pushing them to apply to things and get out for talks and, you know, go for different roles. So, I'm so proud of all the students that have done that. And so, I'm kind of focused on that like how do we get young women who are really interested in this, who want to, you know, to serve in some way to get these experiences, and then keep them here. And not necessarily just stay in government. I think there's a huge value to come in and go out and get lots of different experiences. But I mean, to stay, you know, in the workforce and feel supported. Again, I just go back to those policies, right? You know, obviously, you mentioned working remotely. And again, I literally could not do this job if I had to be in the office every day because my family, you know, we are saddled up in the Boston area. And so, I just -- I literally cannot pick them up and move them, you know, to DC right now. And so, I'm so grateful for Jen Easterly and, you know, all CISA saying, yeah, that's totally fine. Like we want to hire talent where it is. And so, I think looking to policies like that and, of course, leave and childcare and, you know, all of those things are so important for creating this environment where women can succeed.

Simone Petrella: Koma, I want to direct this last question specifically at you. You know, we just talked about outside of seeing the actual number of women in some of these positions go up, what metrics or indicators could organizations use to track their progress in kind of advancing gender diversity in their cybersecurity leadership teams. And most importantly, how do we hold ourselves accountable for achieving that change?

Koma Gandy: Well, leaders have to be held accountable. Leaders have to be held accountable for the types of teams that they are expected to create and expected to support. So, it is not good enough if you have a group of extremely bright talented people who are women or from underrepresented backgrounds who will exit at a certain point. You have to understand why, why are they leaving? Is it a structural issue where the maternity leave was not suitable for what that person needed for their family? Were they a primary caregiver and have an older mother or father who requires more care than the leave policy is allowing them to be able to do that? Is it they don't have the access to new roles, new jobs, they don't have mentorship and sponsorship? You've got to figure out what those situations are. And then hold leaders accountable for implementing policies or implementing changes in the organizations so we don't have people exiting at a particular level. That's critically important that if you don't measure it, you're not going to be able to understand it. And we have to hold leaders accountable all the way up to the CEO to be able to understand what is happening in the organization because if we're losing talent, not only is that expensive to the organization to find, recruit, hire, onboard, and train that person but you are basically truncating what could have been a brilliant career by not investing in small things or big things that can make the difference between keeping top talent in the organization that is happy and motivated and feels like they can bring their best selves to work, or a talent that feels burned out, unsupported, upset, and feels like they can only bring one dimension of themselves to work and has to hide the rest of it. So, I think that now, especially with the changes in the workforce that aren't going anywhere where before the pandemic remote work in many industries was unthinkable, now it's something that many people expect or require to keep themselves and their families healthy and secure. That if we're not going to go back to this pre-pandemic five days in the office sort of face-showing type of environment, we need leaders to equip themselves with the tools and understanding to be able to lead these diverse organizations and meet people where they are. So, it's a combination of sort of I would say metric measurement to figure out where are these people going if they exit the organization. Is it really they had an amazing opportunity somewhere else or did their manager not support them when they needed help? Or did the manager not listen to them when they said, "I need an extra day remote because I have to take care of my sick mom or my husband who has cancer, or my child that gets out of daycare at a certain time." So, really is thinking about that because the cybersecurity industry isn't immune to those sorts of things, and if we don't recognize them, both as people who are participating in the industry and emerging and current leaders, we are going to lose a lot of talent, and not only is that an issue in the private sector with preparedness and managing risk, but it is a national security issue if we are not preparing and equipping our best and most talented people to pursue and remain in the cybersecurity industry.

Lauren Zabierek: Koma, I'm like keeping my arms down right now but I want to like raise them up. I'm like oh, yeah, girl. Well done!

Simone Petrella: I say, go for it, Lauren, like if you want to do it, we can do it. There, I love it. I think that's a fantastic note to end on and a great call to action that, you know, it's also not just because it's accountability of leadership, it just makes good leadership sense. Like why would we want to have organizations that aren't as secure and resilient as possible? And you do that by having really good invested long-term talent, you know, wherever they go. So, a huge thank you to all of you, Lauren, Koma, Abisoye, for joining today. This was such a really just pleasure, a really dynamic discussion. And I want to give one last big thank you to Tulsa Innovation Labs for sponsoring our "Women in Cybersecurity" content series. And a reminder don't miss it. If you did not catch us today, that this conversation will be available as a special edition on the CyberWire Daily feed on Sunday, November 19th. Thank you all.

Koma Gandy: Thank you.

Abisoye Ajayi: Thank you.

Lauren Zabierek: Thank you. [ Music ]