N2K logoNov 10, 2022

A panel was held at the CyberWire's 2022 Women in Cybersecurity event on October 20, 2022. The following is a transcript of the event.

Panel: The hidden impact of cybersecurity’s talent gap on the cyber-enabled community.

Jennifer Eiben: Hello, everyone. I'm Jennifer Eiben. I'm the senior producer at the CyberWire and one of the founders of this event. And I can't tell you how pleased I am to see all of you here. This is new for us. We've never had a panel before. So I'm going to introduce our panel moderator. Her name is Simone Petrella. She's the president and CEO at CyberVista. And I'm going to hand the baton over to you. Take it away.

(APPLAUSE) 

Simone Petrella: All right. Hi. Good evening, everyone. This is the most inspiring room to see. This is awesome to see it full of all of these women and all of the men who support them, so we can't leave it out. But - so thrilled to be here this evening with such an incredible panel of women. And I apologize that I'm doing this from a podium. It's very crammed. So we'll try and keep it conversational. Even though I look like I am interrogating you, I am not. 

(LAUGHTER) 

Simone Petrella: So part of what we wanted to discuss, especially given the focus of the need for more increased diversity and representation of women in the field of cybersecurity, is to talk about how does this actually apply to the cybersecurity talent shortage that we've been sort of, like, grappling for the last 15 years and certainly have been talking about for the last five. And this has sparked action across every community - universities, government agencies, corporations. And so what I think is so incredible about this room is that there is this overlooked, vital group of people who can fill critical cybersecurity roles. And how do we think about how we kind of leverage that population to support this mission and provide opportunity for people to get into the field? So I'm very, very honored tonight to have four panels, and I'd like to introduce them. I have Davida Gray, the director of human resources at MindPoint Group... 

(APPLAUSE) 

Simone Petrella: ...Kyla Guru - oh, you've got, like, a fan club. 

(LAUGHTER) 

Simone Petrella: Kyla Guru, founder and CEO at Bits N' Bytes Cybersecurity Education... 

(APPLAUSE) 

Simone Petrella: ...Amy Mushahwar, partner on the privacy, cyber and data strategy team at Alston & Bird Law Firm... 

(APPLAUSE) 

Simone Petrella: ...And Jennifer Walsmith, corporate vice president, cyber and information solutions at Northrop Grumman. Thank you for being here today. 

(APPLAUSE) 

Simone Petrella: All right. So to kick off the question - and I'm going to start, Jennifer, here with you, but then we'll go down the line. Instead of telling us just your resume, I would love for each of you to give a quick intro of your story of how you got into cybersecurity and what that looked like. So, Jennifer... 

Jennifer Walsmith: Wow. 

Jennifer Walsmith: ...Kick us off. 

Jennifer Walsmith: So I was thinking about this question, and how did I get into cybersecurity? Well, it really started because I worked for the National Security Agency, and I was in computer science. And many of you might not know what the National Security Agency is. It's a Department of Defense organization specializing in protecting our nation against signals - using signals intelligence. So fast-forward. I was in computer science. And, you know, it really was around 9/11 that we started really doing what was, before the overt cyber - you know, the cyber work that we talk about today was the journey, really, in the information highway of what today is known as offensive and defensive cyber as it relates to national security. So I've been in this business for a long time. I've watched it change a lot. I've watched it speed up a lot. I've watched innovation. I've watched threat. And it's been quite an adventure. 

Simone Petrella: Great. Thank you. Kyla. 

Kyla Guru: Amazing. I got to visit the NSA collaboration center this summer, and it was so cool. So definitely, everyone, NSA is a really cool place to be. But hi, everyone. I'm Kyla, and I'm 20 years old. I'm an undergraduate student at Stanford, and my journey into cyber was kind of nonconventional, too. I - when I was 14 years old was when I looked at the world, and I was realizing we were having a heck of a lot of cyberattacks. And most of them, if not all of them, were boiling down to human error or individuals not feeling empowered to build strong passwords or take care of their cyber hygiene. And I looked at the K-12 education system myself as a student, and I realized that we didn't have much education around digital citizenship or cybersecurity in general. 

Kyla Guru: So from there, I started my nonprofit, Bits N' Bytes Cybersecurity Education, which still works to empower young people to care about cybersecurity and understand, like, that you are a part of this bigger picture of national and global security. So that's sort of been my passion project and labor of love over the past few years. That kind of got me into women and children's safety, which brought me to trust and safety. So I've worked across Apple and CISA and consulted for different projects across the board. But really, truly, everything has sort of come back to, like, how do we empower humans and, especially my particular interest, how do we empower Generation Z in feeling like they are a part of this conversation that we are all here today to talk about? So, yeah, I'm excited to represent that sort of power on this panel today and, yeah, happy to hop into questions, too. 

Simone Petrella: Thanks. Davida. 

Davida Gray: Thank you. My name's Davida Gray. I'm the director of HR for MindPoint Group. So my journey into cyber probably sounds a lot different than most of my panelists here considering that I'm an HR professional and not truly doing cyber work. But what is unique about the perspective that I have and how I got here - so I've always done HR for government contracting. So initially, the focus was on information technology and other government agencies, not so much cyber. But at a point in time, I worked for a company that purchased a cyber organization, and I had a compensation role. And as I started looking at what was going on within cyber roles, certainly between men and women, it jumped out that there maybe were some differences, some things we could work on. So I began to pivot into compensation, focus on the cyber market. And that's how I began my journey into the cyber space as an HR professional. And I since then moved on into other roles to support cyber. My point group is purely cyber. So as HR director there, I have a unique lens to see the HR side, the talent acquisition side. What are managers facing? What do the people need? And what does that talent pool that we're looking for really have? And what do we need to find that may be difficult to get? So I'm excited to, you know, share that perspective and hear from the others, as well, on, you know, all the things that we have to share here. Thank you. 

Amy Mushahwar: I also think it's really inspiring to come after all of our panelists because I'm going to talk a little bit about 9/11, as well. And I hope my daughter is as inspiring as you starting out at 14. And isn't it wonderful that we're thinking about this systematically? Because we've got some problems to fix. But my name is Amy. And I started off in IT. I own my own consulting company that hooked folks up to then the first fiber optic educational network, Internet 3. And one of my clients had an oopsie. And at that point, we didn't know what a breach was, but they were indeed attacked. They were indeed attacked because they were a research institution. And I couldn't find a lawyer to represent me at that point in time who understood technology and who also understood risk. So I made it a mission and went to law school. And I have been working in cybersecurity since the 2000s, and I have represented clients with hundreds of data breaches. So from data to lost laptops to lockups, encryptions and ransoms. 

Simone Petrella: So we talked in preparation, and I think there's been so many panels and so many discussions on the, what's the problem with the talent shortage? Why does it exist? And so I'm going to bypass all those questions and go straight to kind of the opportunities that there are to increase representation of women in the field. And, Amy, I know this is something that we've discussed quite a bit. And so my first question, just to throw it out for you to begin, is, what are your thoughts on how we can bring more women into some of these roles, both the technical and the nontechnical roles in cybersecurity? 

Amy Mushahwar: Yeah. I think one of the misnomers that we have as women in cyber is that we're constantly encouraging people, don't worry. It's - there are elements that are not technical. What I try to do is publicize exactly the opposite, the technical information and that what you have to learn in cyber is not rocket science. You know, I largely learned it on the job. I am not a trained engineer. And - but the fact that you just end up picking up this type of work as you're going through the field. So I think the first is being OK to train on the job and being willing to dig for people who are adaptable and who can learn, who may or may not be engineers, but you can still train them technically. 

Simone Petrella: Jennifer or Davida, is that something that you guys see or embrace at Northrop and MindPoint? 

Jennifer Walsmith: I certainly do. I think what I speak to women about is courage and confidence. It is a technical world and a technical field. And women so often, you know, basically self-select out from really stepping forward to take a shot at those jobs, whether it be train on the job, whether it is something that is deep technically, that requires certain certifications. You know, it doesn't matter. I find that women need to have more courage and confidence. And when you have that, I've seen the women that I've mentored brought into the field. They excel. They soar. And it's so exciting to see them spread their wings, when before, perhaps they just didn't feel that they would be as strong as other candidates, when in fact, that really was never the case. 

Jennifer Walsmith: So at Northrop Grumman, we really embrace diversity. It's very important to us. We think that especially in cyber. Cyber is a sport as it relates to national security - that you need diversity of thought. And diversity of thought comes from diversity of experience and background. That's how you look at problems differently. You're never going to learn all of the technical background for cyber because it's changing every day. And that's what's so exciting, is you can enter and stay keen and learn as you go. And it's really important to us that we encourage that diversity to come into this field. 

Simone Petrella: Davida, what about you? 

Davida Gray: Yeah, no, I agree with it 100%. You know, in MindPoint group, we look for people who have adaptability, who have the potential, right? And we find, what is the role that they express an interest in? Can we place them there? And then once they're here, how do we grow, develop and nurture them? So some of the - what she said, that mentorship is key. You know, finding people they can connect with not only formally in a mentorship capacity but also informally - right? - networking, connecting. We have an open door policy where everyone knows, anyone here, if you have questions, if you have needs, if you want to connect and express, we're all here, open. And we encourage - and, you know, we really, really encourage our people to do that. Also, not locking them into just one thing, right? Like, we know you may start with this job, but you want a diversity of experience, like you said. So now that you're here, what else can we offer you? What else can we put you towards? How can we help you grow to the next thing so that you don't feel pigeonholed to do this one thing and that your options as you progress or continue become bigger and better for you as you continue on? So it's certainly something in MindPoint group that we champion very, very heavily in our organization. 

Simone Petrella: Yeah, one thing that strikes me in all of your answers is - and I started in the national security space, as well. And I think, you know, everyone's background here - no one started out by saying, I decided to go into cybersecurity and got a cybersecurity degree. 

(LAUGHTER) 

Simone Petrella: And we're all aging ourselves because cybersecurity degrees didn't exist. 

(LAUGHTER) 

Simone Petrella: But I think that there is a diversity of background that comes from not necessarily being technical but actually then choosing to pursue and learn technical skills as you go along. And that doesn't always mean it's something that you obtain in a formal education setting. And I think that that's part of, like, the power here. We'll talk about that more here in a second. 

Simone Petrella: Davida, I want to go back to you, though. When you talk about that underrepresentation or misrepresentation of women and diversity in the field, in particular, from your perspective and the work that you do on the HR side, are there particular gaps in the skills or the knowledge that you're seeing in terms of what's most needed? And if that's the case, like, what can some women - what can women do or what can we as an industry do to help empower more women to kind of gain those skills? 

Davida Gray: Yeah. So I think that, you know, while in cybersecurity - right? - as she mentioned, there's an array of opportunities, different types of roles - and so women can fit any and all of those very much - what I see as an HR person that is not intentional but I think does hinder women from finding some of those opportunities, in particular, when we think about entry and mid-level is - right? - for those of us who are industry leaders, managers, we're writing jobs, and we say, OK, we're going to put this job out and see who applies. Well, what I find sometimes is we know what we need, but we often write what we want. And there's a disconnect between those two things. 

Davida Gray: When you separate the need for the job to be successful to what you perceive as perfection to do it, you will often find there is a big gap there. So if we take a step back and revisit, what does this job need, you'll generally find that you're looking at something very different than what you're asking for. And like I said, it's not an intentional thing, but it usually results in - there's a big leap between entry to senior, and that middle level is overlooked. 

Davida Gray: So when we think about women who already to some extent have a comparative disadvantage numerically compared to men, when we think about - right? - women are only about 25% and cyber, and when we look at those feeder roles, those feeder companies where people transition to cyber, which, you know, may be military or IT - still heavily male-dominated industries, right? - these things also hinder us when we're looking for everybody senior at all levels, but we're not really needing that. So I think that's one thing that organizations can do to become better at really publicizing opportunities that women who are still progressing can actually get into. 

Davida Gray: And to her point earlier, you know, women are a little bit more common to say, that doesn't look like it fits me, so I'm not going to try, right? So when everything looks like it's high, but we know we need something down here - if you don't even try, like you're already out of the game before it starts. So that's one thing that I see that I think can be done differently - also, us just keeping up with what's really needed in changes, right? - education, right? 

Davida Gray: You mentioned cyber degrees. We know that's the thing. But we also know that there are so many opportunities where having a degree is nice, but it's not necessarily a need, right? There are other ways to get there. There are nontraditional pathways in from other experiences. And I think, as women, we should, you know, become more familiar with, what do those things look like, right? They're not always going to be something that you learn in a classroom, that someone says, if you do this, you can do the next thing. You have to become a little bit more creative, connect with others to say, here's what I have. Here's what I bring to the table. Help me understand how I can use that in a cyber role. 

Davida Gray: And that's where, again - we go back to the mentorship all the time, right? - having a strong mentor, having people in your circle or even connecting with organizations that cater to specific types of individuals, whether it's women or other underrepresented groups, can help you understand what you already possess that may not jump out at you as something that makes you a great candidate for a cyber role. 

Simone Petrella: You know, great, great points - and I think definitely underscores the need for industries. Like, the organizations - as employers, we have a responsibility to kind of take a big first step. But then now let's pivot and look to the other end of the spectrum on the student side. Kyla, you work with students all the time. And being one yourself, what are some of the barriers to entry that you see when it comes to getting, you know, women and young girls into the field interested in cybersecurity in the first place? 

Kyla Guru: Yeah, absolutely. This is such an important question. But I think, like, to underscore what has been said before, you hear this common theme of teaching girls to be brave, not perfect. And that's a big thing that Reshma Saujani talks about too, in her TED Talk. But I do see that, like, reflected in classrooms as well and even just talking to my peers. I think there has to be, number one, just a general, like, breakdown of that idea that you need to be a certain type of person to be in cyber, that you need to be this, like, person who codes in the dark with your hoodie on in the basement of your, like, mom's - like, mom and dad's house. Like, there's this, like, certain stereotype of who a cybersecurity person is. And I see that still today with young people - so breaking down that barrier. 

Kyla Guru: And I tell this story when I speak to groups, but the first time that I thought that I could be a woman in cyber was when I saw Felicity Smoak on the "Arrow." And she's a fictional character - right? - who codes and saves the world by, like - she's a coder by day, and then she saves the world with a superhero by night. And that was just such a cool concept to me to see then be like, I can be who I can see. And so it really starts from the grassroots. I would say, I always recommend - like, grassroots solutions are so, so important, and they're very easily overlooked - things like Girls Who Code, Black Girls CODE, these sort of programs that work inside of schools. 

Kyla Guru: There's this statistic out there that says that if girls don't see themselves in this role or if they don't know about cybersecurity by the time they're in seventh grade, 75% of girls don't consider it a career for that reason because they don't - we don't get to them early enough. So if we present role models, just like everyone of you in the room today, to these young women to show them, like, OK, this is someone I could be. This is someone from similar walk of life or a similar background. Their parents are also immigrants - to see themselves reflected in this industry, I really think that that will get us some solutions. And I also work - besides Bits N’ Bytes, I also started a conference, GirlCon conference, that runs every single year that empowers women to see - young women, high schoolers - to see that every single one of their passions intersects with technology. That's another trend and theme that you see on this panel today - is women saying, you don't need that cybersecurity or computer science degree to be a cyber professional. It's things like international relations. We need those kind of minds to understand the international policy. We need technical writing to get that legal expertise and that understanding. So all these girls have passions across the board, whether that be in design, athletics, fashion, engineering. But they bring that together, and we teach them, OK, this can be combined with technology to do good, to make social impact. 

Kyla Guru: So that's one thing. And then another thing I think that I see in schools - or I guess this is more in college with older kids. But when we're applying to these roles, a lot of times, the role will be like, entry-level position in cybersecurity, and then requirement will be like, five-plus years of experience in cybersecurity. So that's definitely one thing that we see quite often that kind of, like, is probably one of those pain points that just, like, keeps young people from recognizing that this is something that we can do. 

Kyla Guru: And when we, like, go into these rooms and see that most of the people in the rooms have white or gray hair and look a certain type of way, that's another reflection of that same - like, that just affirms what we're seeing on these job requirements - so I think all in all, starting early, breaking down the stereotype and picture of who we think can work in cybersecurity, opening up these pathways for people who are passionate in all sorts of topics and skills and then embedding these skills into the classroom from the earliest of ages in the K-12 schools. 

Kyla Guru: I'll just share this one quick thing. It is one thing that - one exercise I run in schools that the kids love is I ask them - I show a big picture of a vending machine. And I ask them, if you could hack this vending machine and get all the snacks in this vending machine right now, what would you do? And I swear to God, these kids are - they're, like, throwing their ideas in the air. They're super-excited to think like the attacker. So it's embedding those kind of skills. Like, I obviously tell them, don't try this in real life. 

(LAUGHTER) 

Kyla Guru: But it's embedding those kinds of conversations where they can see, like, oh, is this what this kind of job would be like on a day-to-day? Is this how cool it is? Like, embedding those kinds of lessons in the classroom, I think, is just one way to kick the first domino. 

Amy Mushahwar: I can answer that, though. No, it's not that cool every day. 

(LAUGHTER) 

Kyla Guru: That's fair. But seeing those skills come to life - yeah. 

Simone Petrella: Jennifer, I'd love your thoughts on this, too, because you have a unique challenge in that so much of the talent and the people that you need to service government clients require a security clearance as well. So what are some of the additional barriers, and what are some of the things that Northrop does to overcome those extra hurdles when it comes to diversity in clearances? 

Jennifer Walsmith: In clearances. Yes, indeed. I think there's a couple of things in that, while we do a lot of work predominantly within government contracting, they are opening more and more positions that are at a spectrum of security levels. So there are more and more unclassified work - vulnerability analysis, some work on how you can work applications that are unclassified. But then you do get through the clearances levels up to the TS SCI level. 

Jennifer Walsmith: And that's a little, you know, inhibiting to anyone to go through the clearance process. But I tell you there's really nothing to fear. The people that generally have some of the worst problems are those that are worried about that process. And if you just go into it with transparency and openness and recognize that you really probably don't have anything to hide, then generally, you will come through it just fine. But it is an additional, you know, barrier. It is something that - you know, some people don't want to take that on in their life. I would tell you a small story. I'm a third generation SIGander (ph), and second generation now, really, is my daughter in cyber. And she did her first poly at 16. It did not go well, OK? 

(LAUGHTER) 

Jennifer Walsmith: It did not go well. We're not going to tell you more about that. But I had this devastated 16-year-old crying, saying, you know, this is awful. And we sent her back in 'cause we knew that she hadn't really done anything wrong, and she was fine. It was all nerves. And so, you know, here is an example of how many people would opt out after that first time when it really was all nerves. Now, it's not to say there probably are some extreme circumstances that they do - there is a reason for all of those reviews and mechanisms. But for the majority of the people, you're just fine coming through that process. And I've been cleared since I was 17. And so, you know, the rules have changed, but they really haven't. You know, I'm loyal to my nation. You know, I don't try to break the law. I'm not saying that I haven't maybe made a mistake, you know, with something. But I was honest about it. 

Jennifer Walsmith: And, you know, a big one when we were moving through cellphones is you're not allowed to take cellphones into a secure computing environment. And so the most important thing when you carry it in mistakenly is just to raise your hand and say, hey; I carried it in. That's not a problem, OK? And - now, if you carried it in every single day, that might be a problem. Now, you all might have different experiences, and it might not have gone well. It is a barrier. And so it is something that comes back to giving it a try. But they are opening up more and more at varied security levels. And I think that's really exciting. Yeah. 

Simone Petrella: One of the things that we talked about when we were preparing for this panel was there are a lot of efforts. There's the grassroot efforts to bring out more students and young women into the field, and then there are these mentorship programs and things that are focusing on, you know, mid-career shifters or more advanced senior executive-level women who have kind of advanced in cybersecurity. And, Amy, you brought up a really good point in that conversation, which was there's this kind of chasm that we've unintentionally formed in the middle for these kind of early in career to mid career and what's available for them and how do we kind of address that population. And so I would actually kind of open this up to any and all of you to chime in. But what are you all doing, or what are some ways that you think we could start to address those kind of early-in-career populations, the ones that we're not focusing on because we're so focused on this - you know, these, like, get-into-the-field groups, and then let's have you stay and progress as you become more experienced. 

Amy Mushahwar: And I can tell you, for the legal industry, the problem is micro. Bad managers, particularly in cybersecurity, make - you know, make people leave their jobs. So, for example, you know, for a young woman with young kids going into a secure SCIF, where you can't have your cellphone, and you have a young child in day care, is a terrifying thing. But just walking them through what you can do, how you can orchestrate your life. I think for mid-career women, just like - I think it was Kayla that said young women need role models. Women in their young 20s and middle 30s need role models of how do you go through cybersecurity and not lose your mind while you're going through incidents, and it's always 24/7 work, and how do you orchestrate your life? 

Amy Mushahwar: I'm not going to use the word balance 'cause I don't believe in it. I think it's elusive. I'm going to use the word living through with some semblance of sanity but also a lot of joy. And eventually, you really love what you do. And, you know, being good at mentoring and showing women who are in that mid-career stage a path to really make sure that you can raise kids and run incidents at the same time, and in 20 years, you will not be in a nut house. Because I think that's when we're losing women, is that they don't feel like they can raise their families and be in a 24/7 response industry where - let's face it - a lot of guys have wives at home. I almost wish I had a wife at home. 

(LAUGHTER) 

Simone Petrella: Davida, what about you? What are some ways MindPoint's supporting this type of population? 

Davida Gray: Yeah. So we have a very solid and strong mentorship program. So we're really fortunate to have a woman-led organization. So our president is a female. I send her condolences for her not being here today. Her name's Patti Chanthaphone. But, you know, we have a woman at the top and strong women all the way through the organization. And so we have a very consistent mentorship program where we have cohorts. We gather, you know, our leaders. We have lots of women, as well as men who are our allies - thank you all for being here - that participate in that. But in particular for women, you know, we really encourage and want them to connect with someone of their choice - so you get to select who you want to be mentored by - so that you have that opportunity to have transparent conversations similar to what you were describing, not only about how do I do this job, how do I make my career path, how do I do the next thing, but also, how do I do that knowing that some of the perception is for me, as a woman, entering in are going to come a certain way? How can you help me understand these things as I progress through? So for MindPoint Group, our mentorship program is one of our key elements that we offer and that we, you know, champion very heavily so that women in particular can see themselves just like we have these key leaders in our organization. 

Davida Gray: In addition to that, I would say, you know, having some resources available to allow people to have an opportunity to develop themselves, right? Having professional development, having certification is another key element so that people understand where they can go. And I would say when you combine that with a strong mentor, those things together are very powerful. And what I mean by that is, like, from HR recruiting, we see the alphabet soup of certifications a lot, and it's not negative, but where there is a disconnect a lot is - the perception a lot of people have is, if I get all these certifications, I know I can do one of these jobs, right? Maybe. But what's better is to understand, what is the path that you want? And if you want these certifications, what's the experience that we can give you today to put you on a path to get there so that when you arrive or you get that cert, there isn't this disjointed situation where you're thinking, OK, I can do this now, and you're not getting the opportunities, so that you're not discouraged along the way, you know, if that's the ultimate outcome that you see? 

Davida Gray: So our professional development combined with our mentorship is one of the things that we really, really go after in our organization to strengthen and empower people to remain and, again, giving them an opportunity to move around, see new things, try new things, right? Why not get your feet wet where you know the people - right? - instead of stepping out the door, taking a chance someplace else, and then, you know, if you don't do so well, they may judge you a certain way. But when you have that safe space where you know one another, you can learn to get your hands wet and continue on from there. 

Simone Petrella: It's so refreshing to hear when representatives from organizations talk about their internal development and their emphasis on internal development. And it strikes me, especially in the context of this conversation, like, that's good for - it's great for women, but it's also great for business, you know? 'Cause one of the things that I see with a lot of the companies that we work with or we talk to or have been - like, having been in the industry for the last 15 years, is that the most critical skill that you can't hire and you can't teach in time is that institutional knowledge, right? So when you give people that opportunity to sort of find new paths and explore and kind of use the knowledge they got in one role but apply it to another in the organization, they understand the risk profile. They understand the business. Like, that's just good business sense. 

Kyla Guru: If I could add one thing, I think one thing you're hearing across the panel is role models, but I think that also comes with a really important caveat. And I remember, like, I was at this NSA event, actually, this past summer, and we had this one speaker, this really powerful woman who came in the room, and she said, I do not want to be your role model. And we were like, what? Like, excuse me, ma'am. And then - but we asked her why. And she said, because I feel like when girls, like, find role models, they think that they have to mirror their career path after a certain woman. And they have to, like, specifically follow the path and make the same decisions that they made, whereas I feel like our generation, Gen Z and Gen Alpha, are primarily defined by this, like, creative liberty and freedom of thought that - we don't want to take the same path that someone else took and maybe we want to do something different. 

Kyla Guru: So I do see how, like, mentorship can be critical in terms of providing that institutional knowledge of how do I, like, manage - how do I, like, navigate this company? I know for me, this past summer, having done my first internship in federal government, like, it was super-interesting having mentors who were my age. Like, let's not put past, like - look past peer mentors - right? - mentors who are our age who tell us, like, here's how early you have to start the process. Here's what you have to do. Here's how you navigate this in comparison to, like, private industry interviews and private industry offers. So it's really helpful having that sort of knowledge. But at the same time, it's important to know that the young people today, the people in this room who are young and in their professional career, do not want to take the same path that other women have before us. And that's a good thing. We want to change things up. And we want to shift up the kind of, like, norms that are put in today. So... 

Simone Petrella: Kyla, I want to stay on that for a second. So what are some of the ways that you see or encourage younger generations to build up those skills or identify ways to, like, break in? 

Kyla Guru: Yeah. So I think - first of all, I think for younger generations, it's - like, I know we talked about how hard it is to get into government in terms of, like, the secret clearance and all that. In general, I think government is incredibly difficult to break into as a young person. And I know even from personal experience, it takes, like, a lot of effort to be like, OK, I want to serve my country. Like, how do I even go about doing that? Like, I know even coming from a school which primarily, like, is recruited by - heavily by tech companies, those offers come in so - like, they come in early. And the recruiting process looks so entirely different than in government. So I think, like, there's just a lot of mentorship and, like, gaps that I think we can bridge there in terms of communicating that to young people. 

Kyla Guru: But in terms of how we can get, like, more young people involved, again, I think that goes back to starting early, engaging them early, starting with these grassroots efforts, putting these role models in front of them and then also getting to the platforms where they are existing already, either their K-12 school system or social media. I know a lot of organizations now are doing these sort of campaigns that show, like, here are all the women in cybersecurity, and here are people - different faces in cyber. And I think that's a really cool thing that they're getting to the platforms where Gen Z and Gen Alpha already exist, right? We don't have to do anything or go out of our way, but they're already filling up our feeds. 

Kyla Guru: So that's another thing. But I do invite and, like, encourage all of you in the room today to get involved with some of these grassroots efforts, whether that be the conferences that I'm involved with or other cool efforts that you see in your communities. And also, if you see a career day in your community, go out there, and show them, like, this is what I do every day. And volunteer for that career day because you could change one person's life, maybe 10 young women's life. So that's what I'd say. 

Jennifer Walsmith: So I wanted to add a little bit about Northrop Grumman and our view on, you know, what we believe is the flexibility that we offer in the work space. And I think that's so important in your career as women because there are times - maybe you need to go part-time. Maybe you need to take a break and come back. Maybe you want to move to a different part of the country. We are in almost every state in the country. And so there's so many different ways - we're now working so much telecommuting or hybrid. Maybe you like to be in the office. Maybe you don't. And so there's so much flexibility. And I would say for all of us talking about hiring, we're on fire to hire. I'm joined here by my talent acquisition team because we need women to join us. And so, you know, I would just say that there are jobs out there. You just have to take that step and have that courage to do that. 

Simone Petrella: I think you just told everyone who is looking for a job to come see you after the panel. 

(LAUGHTER) 

Simone Petrella: Last question. And I'm going to start with Amy, but then we can kind of go down the line. And if we have any time left over, Jen, I'll defer to you if you want to do some questions. But what shifts in opportunities are you seeing in your respective fields, right? So, Amy, for you in legal and in the tech industry or in government contracting, what shifts are you seeing as far as the opportunities that are available for women in the field, and are there certain departments or roles that you think are particularly fruitful right now or some that are lagging? And what's that look like? 

Amy Mushahwar: Yeah. Particularly for the legal field - if I have any aspiring lawyers in the room, if I do, I'm sorry. I know it's tough. But, you know, there is an entire field of privacy in addition to cybersecurity. I would say the majority of chief privacy officers that I meet are women. It's a wonderful thing. And learning adjacent risk skills - there are a lot of women who are in IT and security audit in addition to the static incident responder who you need. You know, you need to call in Mandiant or CrowdStrike when everything comes down. But that's not the only area or in the government of cyber success. There is a vast amount of corporations who need risk management, who need data management. And all of those multitasking skills where you're helping to evaluate, govern and execute the minimization of risk - these are great roles for women because we are excellent multitaskers. So I would just encourage you to know that the incident responder or the military route is not the only route. And there are so many fruitful careers that are excellent careers that are also flexible in privacy, cybersecurity, adjacent risk, risk management and compliance. 

Simone Petrella: Davida, what are you seeing? 

Davida Gray: I agree with what she said. You know, for MindPoint Group, I wouldn't say there's any specific areas that are, you know, maybe better or more fruitful options for women. I think that for the roles that we have, across the board, I think that women would be great candidates for just about all things at many different levels that we have. But to her point, as well, you know, paying attention to the flexibility - right? - where can you perform the work? Having open conversations about, you know, what your needs are up front, about - you know, hey, I'm interested in this role, and I want to understand it. But also being open and, you know, not afraid to share what you need - right? - being open about that in the beginning, I think, is really, really important so that you can understand, too, what flexibility we really have to offer, which you may find, surprisingly, is a lot - right? - for a lot of the positions. And I think that people, you know, go in with a lot of preconceived notions or assumptions about what it is or what it isn't based on just what's written. And we need to be a little bit more brave and bold to just ask the questions and not be afraid that it's going to be looked at negatively if we take those opportunities to speak up in the beginning. 

Simone Petrella: Kyla, what about on the student side? 

Kyla Guru: Yeah. I think I'll take this opportunity to kind of talk about, like, what would happen if we reimagined a safer internet for women. And I think about that a lot, like, on the student side, like, having seen my closest friends, like, go through experiences of cyberbullying or harassment online. And that's not, like, an uncommon thing. With this whole room of women, I'm sure, like, if you looked left and right, odds are one or two of the people sitting next to you have experienced something like that online. In fact, I think 26 - women are 26% more likely to experience cybercrime online. So I think a lot about how we can redesign the platforms that we're already using to be safer experiences for all the users on there. 

Kyla Guru: I think a lot of products nowadays are built for men. We were talking about this when we were putting on our little, like, name tag things. And, like, in general, I find that name tags, microphones, all these things were built for men and that, like, platforms are not excluded from that, platforms meaning things - spaces that we are on online, whether that be, like, the Facebooks or the Instagrams of the world. Like - so I really do think that if we get more women in the spaces that are making design decisions and platform policy decisions - because these are the spaces that we fundamentally exist and share our most intimate details of our lives on - then that will make the platform more accessible and safer for everyone. So I think a lot about, like, the trust and safety space as it is and how we can rebuild and redesign these platforms to be really, truly used by all. 

Simone Petrella: Great. Thank you. Jennifer - last word. 

Jennifer Walsmith: So I'm going to take it a totally different direction. And I'm going to speak about, you know, where - a particular change relative to cyber in the world that I work in, and that's cyber in space. And so when I mean space, I mean satellites. You know, that's been a very dynamic change that's occurred with space becoming so accessible, so important in our day-to-day lives and certainly very important in our national security. And so that's a big change. Today, we actually launched our Hack-A-Sat team competing nationally. We were in the national finalists, and I would say I was really pleased. I was looking at my phone when I came in to see a picture of the 14 Northrop team members competing this weekend. And there were three women, OK? So I wanted to see that as seven women. But, you know, it's a start. And it was really good to see those smiling faces. 

Jennifer Walsmith: But it's - again, it's a whole new world that we're pioneering with cyber in space and how vulnerable - you know, how many people think that if there were a cyberattack in space - you know, would our day-to-day lives be affected? And the answer is yes. You know, my STARLINK that I used to navigate to get down here tonight might not work. And that's my navigation in my Subaru. And so, you know, I just think we don't think about how much it touches all of our lives nowadays, but it really does. So that's been a big difference that has taken place in the last five years in my world. Thank you. 

Simone Petrella: Yeah. Well, I want to first and foremost thank each and every one of you for sharing your insights and experiences this evening with this whole room. I know I certainly learned a lot. And if everyone takes one thing away, it's that there is pretty much not a job role or opportunity out there that you can't somehow turn into a security, privacy, trust role because our entire ecosystem has become so interwoven that from the design to the things we use to then how they get audited, it's all connected. So hopefully, you are all leaving as inspired as I am. And I realize I am the one thing that is between you and cocktails and hors d'oeuvres. 

(LAUGHTER) 

Simone Petrella: So I will wrap up. And just please join me in giving our panelists a round of applause. 

(APPLAUSE) 

Jennifer Eiben: I just wanted to echo Simone's thank you to all of you. This was very enlightening. Thank you so much. 

Kyla Guru: Thank you, Jen, for putting this all together. 

Jennifer Eiben: Thank you. 

(APPLAUSE) 

Jennifer Eiben: I can't even tell you how excited I am. This room is so full, and it just - it makes my heart so happy. So anyway, as Simone mentioned, we do have cocktails and some hors d'oeuvres in there for you. So if you want to, you would make your way out of the back and then go around to the next room. There is a door here, but it's probably better if you go around the back. It's probably safer because of the doors - because of the chairs. But anyway, yeah, if you wouldn't mind, just go ahead and join us over there. We're going to have some brief announcements around 6:30, so - and we have a toast. So at some point between now and 6:30, make sure you get yourself a glass of champagne and save it for the toast. Thank you. 

(APPLAUSE)