Podcasts
Threat Vector
Ep 58
Threat Vector 3.13.25
Ep 58 | 3.13.25

Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge

Show Notes
Transcript

Tanya Shastri: I think we can pick, you know, certain situations where we either delivered some innovation and/or we solved a customer critical issue and things like that. But, you know, over time, I think it's, you know, I can't say it's me or I who have done it. It's really a team of people. And just working with incredible people like I am now at Palo Alto Networks is, I think, the most substantial way to make it happen. [ Music ]

David Moulton: Welcome to Threat Vector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights in the latest industry trends. I'm your host, David Moulton, Director of Thought Leadership for Unit 42. [ Music ] This episode is a special one. In honor of Women's History Month, we're highlighting the experiences, insights, and advice of four incredible women in cybersecurity, leaders here at Palo Alto Networks who are shaping the future of our industry. I spoke with Kristy Friedrichs, Chief Partnerships Officer at Palo Alto Networks; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42. These women come from diverse backgrounds, business, network, AI, digital forensics, but they all share something in common: a passion for problem-solving and making an impact. In this episode, we'll hear about their journeys into cybersecurity and what's kept them engaged and the advice that they have for the next generation of women in this field. Let's start with what brought them into cybersecurity and why they chose to stay.

Kristy Friedrichs: Kristy Friedrichs, Chief Partnerships Officer at Palo Alto Networks. Can we say I've pursued a career in cybersecurity when it's been about 14 months out of my career? I was inspired by a couple things. I have always been drawn to mission-driven organizations. When I was early in my career, I thought that meant nonprofits, and I spent a little bit of time both in public education as well as in nonprofits, and I realized that I believed that I could have a better impact in the for-profit sector. I started my career in consulting, having an impact on my clients and making sure their businesses were operating effectively so that they could have strong careers and add value to their customers. I moved into technology. My first operating role was in the observability space, and the mission of that company was to help software run and perform well. And when you think about how much of our day-to-day life is dependent on software, that felt like an important mission. But there's nothing that really beats keeping the digital way of life safe. So as I was working in observability and making sure software runs properly, you could see how much of an opportunity there was for bad actors to attack software and really impact people's livelihoods, people's experiences, and it just felt like a really important industry. And what better company to pursue than Palo Alto Networks?

Tanya Shastri: Tanya Shastri, Senior Vice President of Product Management at Palo. I lead our network security platform and product operation. In my early part of my career, I did a bunch of networking because I had studied telecommunications and networking and so on. I had also done some information theory in my master's, and that course had always been something I wanted to go back to. So I was very intentional at one point in my career to move to more of a data analytics insights, you know, machine learning, AI, all those kinds of things. And through that process, securing data became very important to understand. And I started working on what we call malicious fault tolerant systems, Byzantine fault tolerance, and so on. And that kind of segued my interest into security. And that's what actually brought me to Palo Alto through that interest in security. And, you know, it's been so interesting because when it all comes together, actually, security is a lot of analytics and AI, you know, as part of security.

Sama Manchanda: My name is Sama Manchanda. I'm a consultant at Unit 42. I think my main inspiration when it came to cybersecurity was the very first professor I actually had in cyber. I took a two-unit elective in cyber and I just kind of didn't really know what to expect. And lo and behold, a semester later, I was totally hooked. I credit it all to that professor of mine, Joe, from USC. He changed my outlook on so many different -- in so many different ways he challenged me to, like, think a different way and opened me up to a whole new world of possibilities. And when I decided that I wanted to pursue cybersecurity also, again, he was my mentor also during college. He really just was very, very encouraging in terms of, like, helping guide me through what classes to take, what kind of, you know, career opportunities there were. And so that whole program just totally changed my life in many different ways.

Stephanie Regan: My name is Stephanie Regan, Principal Consultant on the IR team with Unit 42. Generally, I have always had a mission-driven desire to help others. So everything that we do day in, day out -- whether it's working a ransomware recovery case or building a better way to respond during crises or improving protections to prevent crises from happening in the future, the work that we do day in and day out is impactful to the other people that are on the other side of our services. I was really attracted to cybersecurity and even just the tech field in general based on the growth and opportunity that is presented in a rapidly evolving environment. So tech is changing every single day. We've seen the advent of AI. We've seen, gosh, so many different implementations of new technologies over the years that the hunger and desire to just keep learning and growing as the field evolves and change and pivot to the next technology or the next big thing is something that's really exciting. And I just hate stagnation. So I'm a person that gets very bored or upset if I'm sitting still and not moving forward in my career, in my life. So I was really attracted to cyber and tech, which, in its nature, is constantly evolving. And I get to be a lifelong learner and continue to grow as the field develops. [ Music ]

David Moulton: It's fascinating to see the different paths that led each of them into cybersecurity, whether it was through AI, partnerships, education, or forensic investigations. And yet, a common thread among them is that cybersecurity is a field that demands constant learning and problem-solving. So what keeps them engaged?

Kristy Friedrichs: It really brings it home when you have kids. And for me, actually, it was when the kids aged into the sort of grade school years where it's just such a special time and such an exciting time that all of the time that I have -- when people ask me what my hobbies are, that's my hobby, is raising children. Because that's what I do in my spare time. But anytime you're not with them, you want to have that time matter. And a great bonus is that you're creating a better place for them to eventually grow up, live, work, start their careers. And it's just a nice combination when you see, like, I love the time I spend at home, and I love the time I spend at work. And you realize how precious both of those things are, so they really need to matter.

Tanya Shastri: Just yesterday, in a hallway conversation, you know, there's a few of us who agreed that folks here, we actually get energy from those tough problems. So it isn't like we have to keep our energy up. It's kind of the other way around almost. And each one of us had our own story as to how we stay mission-oriented and continue to have the energy for what we do. Personally, on my end, I've, since I was a child, been kind of very interested in the defense forces, you know, the Army, Navy, Air Force. At one point, I wanted to be part of a cavalry somewhere because I did a lot of horse riding growing up. And I feel like what I'm doing today has brought me closest to that hope I had as an elementary school child, right? So it's very interesting how each one of us brings a different perspective and what drives us towards it. But at the end of the day, I think it comes back to the fact that we are actually energized by solving these hard problems. We want to do it.

Sama Manchanda: I think when I first got started, I was almost a little overwhelmed just because there's so many different parts of, you know, cyber, there's so many different avenues you can go down. And I really just didn't -- I kind of like froze and was like I have no idea what I want to do. I tend to explore some things and I get more interested and it's like, wait, no, it's like I can't decide between them. Like what am I more interested versus less? And that's one thing where I think Unit 42 was really great when I started working here. Nobody ever told me, "Yeah, don't go down this path," like, if you're interested in it, like, "Oh, sorry, you're stuck to only this one box." Like, you can only look into incident response. You can't, you know, explore other sides of cybersecurity. When I started here, I actually had a couple of really cool mentors who took me under their wing, let me watch, let me sort of shadow along, and let me explore. And I think that's really what kept me going.

Stephanie Regan: I basically always had a fascination with tinkering and making things faster, better, smoother. I'll take you back to the days where I was running a crime lab out in Hawaii. Kind of what made me probably most proud of my career out in Hawaii was the introduction of rapidDNA. So in rapidDNA is a very new technology in kind of the crime lab world. And we were really early adopters of it. That was a really proud moment of my career to see these tools that we implemented get utilized on a very large and impactful scale that just kind of continues and carries throughout my career, whether it be the X products that we have at Palo, or it's, you know, playing with the latest AI platforms and automations, or whether it's kind of just tinkering with anything random that we have within our toolkit of digital forensics and incident response. [ Music ]

David Moulton: Security isn't just a job for them. It's a mission. And that passion translates into real-world impact. I asked each of them to share a moment in their career where they felt that they made a meaningful difference.

Kristy Friedrichs: When I'm in with our alliance partners, ideating and innovating on how we go to market together, I'll give a couple examples. Deloitte has an AI factory where they are building a scalable way to actually build, deploy, and run AI applications for their customers. Really important. It's the way businesses are going to be run. Nobody really knows how to do that. They want a trusted advisor. But none of the partners at Deloitte were really thinking, "Hey, we've got to be security first in this," except for some of our security colleagues at Deloitte. And the ability for our AI suite of products -- AI Runtime, AI Access, AI SPM -- to make sure that Deloitte can not only provide that service for their customers but see around corners and keep it secure, was eye-opening for the Deloitte partners that I was able to meet at their partner event in Las Vegas in December. And it really resonated as they thought about, "You know, it's not just about the new technology. It's about keeping the new technology secure." The initial reaction of the non-security partners was, you know, security would be nice to have. But then when you could articulate, actually, not only is it a need to have, it's a relatively straightforward thing to incorporate from the jump because of Palo Alto's suite of products. So the fact that I was able to be there alongside those partners as they were ideating on their AI factory, and we were able to bring together our technology, our technologists, and their salespeople and partners to create a whole new way of approaching AI was an experience I'll remember because it was one of those sort of pinch me moments of, how am I able to be a part of this innovation?

Tanya Shastri: I won't be shy to say I've had a long career. You know, it's been multiple decades now. So there's certainly been points in time, right? But I think overall, over time, essentially, driving to what's most important, being able to have the impact -- really, I would ultimately say, if I had to kind of really take a step back, it is being able to have the insights on where we have the best leverage that we can have, or kind of where can we be most impactful? And then bringing a team together of experts. I don't expect myself to know everything and to be able to bring all the answers together at any one point of time. But being able to have the insight of where we need to focus and bring the right people -- appreciating who can be the experts to solve those problems and bringing people together to drive to those solutions, I think, is probably what I'd say is the approach I've used that has created impact over time. I think we can pick, you know, certain situations where we either delivered some innovation and/or we solved a customer critical issue and things like that. But, you know, over time, I think it's essentially really, you know, I can't say it's me or I who have done it. It's really a team of people. And just working with incredible people like I am now at Palo Alto Networks is, I think, the most substantial way to make it happen.

Sama Manchanda: My most impactful moments are always when I'm able to sort of help and guide somebody else. I think my favorite way of thinking about it is that, you know, somebody did this for me, somebody opened a way up for me and sort of changed my whole thing and encouraged me in some way. So it's always really rewarding when I can kind of give back. And it's like, yeah, it's like some of the people who've done it for me. Obviously, I can't give it back to them specifically. But the idea of paying it forward, I think, really kind of always appeals to me, I guess. And so, yeah, I've had a couple of instances. Actually, one when I was still in school. I was actually -- I was a teaching assistant. And that was the very first time, I think, I kind of had this realization that what I've done is really cool just now. And I had a student who was struggling -- I was a TA for the internal cybersecurity class. And I remember at the beginning of the semester, she was really frustrated. She was really struggling and kind of was like, "I don't know this is a great fit." But she sort of stuck with it. And the whole semester, we worked together a lot. And we, you know -- and she just persisted, really. That was the thing. She worked really hard. And at the end of the semester, she actually wrote me a handwritten letter. I still have it, actually. And she wrote this card and said, "Thank you so much for all your help. Like, because you believed in me and because you said, you know, 'Just keep going. I fully believe in you.'" She ended up minoring in cybersecurity. And so I think that just was, like, one of my first, like, whoa, like, okay, what I've done is I've made an impact on somebody.

Stephanie Regan: One of the areas that's been majorly impactful to our ability to respond and incident response engagements is some projects I was working on on automated eradication and containment. So being able to very rapidly ID what's going on in an environment and contain that immediately. So doing things like remediating IOCs, indicators of compromise on disk. So whether that be files, whether it be users, whether it be services that exist. Being able to identify those and remediate them right away and actually have that driven by the observation of the tool rather than waiting for analysts to observe particular issues and then actually do them. So that's one that's actually been able to really increase the rate at which we are able to get our clients back to that business as usual and has been a very impactful project for us here at Unit 42. [ Music ]

David Moulton: Each of these moments highlights the power of cybersecurity, not just in protecting organizations, but in shaping careers, driving innovation, and even changing lives. And as this industry grows, I ask what advice do they have for the next generation of women looking to break into cybersecurity.

Kristy Friedrichs: I didn't enter this industry until 25 years into my career. So by then, I had racked up a series of experiences and insights that I could bring to this business. So if you want to be like me, what you would do is start by just learning the fundamentals, whether it's engineering -- which is not what I did -- engineering, computer science, that way of thinking, problem-solving, breaking things down that can be applied in other fields. Or for me, it was business. I was always very passionate about business strategy, ended up getting my MBA. I was a consultant for many years. And that's a way of teaching you how to think that is really foundational and fundamental. So I think early in your career, it's just think about how much can I learn. And it's about learning, less so about learning, hey, I'm going to be the absolute expert in a particular technology that will, you know, develop and evolve over time. But it's learning how to think and it's learning how to lead people. And there's a lot of different disciplines that can help you do that.

Tanya Shastri: Like you said, I haven't been in the cybersecurity space for the entire duration of my career. And when I first joined Palo Alto Networks, in fact, within the first few days, I had 200 plus acronyms that were kind of specific to cybersecurity. I've had people talk to me about the cybersecurity space being like the gaming industry, for example. You know, you're either a gamer or you're not. You're either a cybersecurity person or you're not. And actually, when I look at it a little fundamentally, I think it really is related. Sometimes the perception is because of the language, right? The point I made about 200 acronyms in the first few days. Once you get over that and, you know, you understand what the core principles are or what those acronyms really mean, I think it's not like it's a different industry dramatically. You know, there's a lot of synergies between what happens here in the cybersecurity world and everywhere else. That perception that it is, you know, you're either a cybersecurity person or you're not I think is not accurate. And I'd love for people to be aware that it's just a matter of a language, really. And a lot of the language, it's like, you know, there's a term in the cybersecurity space. There is another term in another space, which means the same thing. You just have to map them. And then once you have the language figured out, I think everything else follows very quickly. And it is a very welcoming industry. I think, in a way, our CEO, Nikesh, will say, right? He was new to the cybersecurity space when he joined Palo Alto Networks. And the impact he's had is just phenomenal. So I think everyone should have the awareness that you can get into this industry. There is, you know, a lot of value to be generated. It's a good place to be. And with the right mindset, you know, no reason why someone shouldn't try.

Sama Manchanda: Finding, like, what you're interested in and sort of sticking with it is my big advice. I think there are certainly, like, a lot of challenges that come with being in a field like this. And certain subsets more than others, definitely. Especially, like, you know, some fields might feel more demanding. They might feel like, you know, there's a lot more on the line. And that, you know, you have to be around 24/7. Or that there's a lot more pressure in certain situations. So I think the fine line there is, again, finding something that you're genuinely interested in and making sure that it is something that you are passionate about. The field has been growing rapidly. And I think more and more doors are opening every single day.

Stephanie Regan: One thing that I would say as far as the advice to the next generation, or even the current generation of people is -- actually comes from another podcast that I was listening to recently, which was "We Can Do Hard Things" with Glennon, Abbey, and Reese Witherspoon, actually. That we're talking about, basically, that most people, and especially women, always have this subconscious that we're either doing too much or not enough. And we're never quite in that sweet spot of where we want to be in our careers. You know, they went into a lot of reasons on why that is. But generally, I think the kind of takeaway there was that you can be successful. And I feel like, you know, I've been able to be successful in my career. And I've actually been able to bring my authentic self and my passion to that career and be successful. I definitely fall into that sometimes, thinking, "You know, I need to do more than everybody else just to get to the same level. But that is not necessarily the reality of things. And know that usually, you have a seat at the table for a reason. And that you bring the tools that you need to be able to be successful, as long as you bring that passion. [ Music ]

David Moulton: Their advice is clear -- be curious, find mentors, keep learning, and most importantly, know that you belong in cyber security. But before we wrap up, I wanted to ask them one final question: What's the one thing they wanted you, the listeners, to take away from this conversation?

Kristy Friedrichs: Throughout your career, stay open-minded to how you can apply those different ways of thinking. So I've been in a number of different functions, but I started with being a consultant for 17 years, where you jump from problem to problem. And you bring the same toolkit of sort of first principle thinking, problem-solving, breaking things down into their components, doing a whole bunch of analysis. And that served me well in a bunch of different fields and will continue to serve me well.

Tanya Shastri: I have had the amazing opportunity to work with so many wonderful women here at Palo Alto Networks. I can rattle off many names. We have PJ in our -- who does our red teaming stuff, who's just awesome. We have May Wang, who's our CTO for IoT and has done a bunch of fascinating things with AI and ML. Of course, Wendi, such an amazing leader who led all of Unit 42. We have Meera, who's leading all our IT. So I just think it's just a phenomenal place to be. There are a lot of very, you know, impressive people doing impressive stuff. And like I said, it's a welcoming industry. And I'd love to see more women just enjoy the work that is available to all of us to do here.

Sama Manchanda: When you're able to give back to your own community and say, okay, yeah, the cyber community has given me so much. And I really hope that, yeah, like, I'm able to serve as an example and show that this is very possible. It's very doable. And it's a great, you know, career to get into and it's a great place to be.

Stephanie Regan: Look around you, and, you know, especially to the women already in the field, you know, be able to actually reach that hand back. So for people coming up in the next generation, really being able to say, "Hey, I can go reach out to Stephanie. I can go reach out to the women in the fields already to really grab support and kind of see how they became successful in the field." The other thing is for women that are already in the field to reach back, to actually lend a hand to the next generation of women in tech and really utilize that to be able to further women's footprint within the cyber security and in the digital forensics incident response field and in the tech field in general. [ Music ]

David Moulton: I want to thank Kristy, Tanya, Sama, and Stephanie for joining me on this special Women's History Month episode of Threat Vector. Their stories and insights remind us that cyber security isn't just about technology; it's about people, connections, and making a real impact. If you're listening and thinking about a career in cyber security, know that there is a place for you here. Keep learning, stay curious, and surround yourself with people who challenge and inspire you. That's it for today. If you like what you've heard, please subscribe wherever you listen and leave us a review on Apple Podcasts or Spotify. Your reviews and feedback really do help us understand what you want to hear about. If you want to reach out to me about the show, email me at threatvector@paloaltonetworks. com. I want to thank our executive producer, Michael Heller; our content and production teams, which include Kenny Miller, Joe Benco, and Virginia Tran. Elliot Peltzman edits the show and mixes the audio. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now. [ Music ]

Threat Vector
Podcast Info
HOST(S):
Sherrod DeGrippo

Meet David Moulton, the voice for Threat Vector, the Palo Alto Networks podcast dedicated to sharing knowledge, know-how, and groundbreaking research to safeguard our digital world.

Moulton, leads Thought Leadership for Palo Alto Networks, draws on a rich background of experience, including roles in design, strategy, marketing, and sales, to connect with experts from across the globe.

Schedule: Biweekly, Thursdays
Credits: Executive Producer is Michael Heller, Show production by Kenne Miller, Joe Bettencourt, Virginia Tran and David Moulton. Editing and audio engineering by Elliott Peltzman.
Creator: Palo Alto Unit 42
Threat Vector