Securing Diversity in Cybersecurity

Last month, Palo Alto Networks collaborated with the New America Foundation’s Cybersecurity Initiative to develop a panel session focused on discussing the cybersecurity workforce gap by building an inclusive and diverse pipeline of talent. The event, hosted at New America’s headquarters in D.C., was aimed at students and recent graduates looking for ways to break into the cybersecurity field as well as seasoned professionals who are eager to take their careers to the next level or mentor the next generation of cybersecurity talent.

It’s been widely reported that women make up just 11 percent of the current cybersecurity workforce. The panel speakers acknowledged this numbers problem, but predominately focused on ways to reverse it and attract talent with different career experiences, thought perspectives and backgrounds to pursue careers in cybersecurity. Long story short, we require much more talent in this critical field, and we need to figure out how to spread the word about the opportunities the field presents for people across a huge range of skills and backgrounds.

In this vein, Debora Plunkett, former director of information assurance at the National Security Agency, noted the immense need not only for cybersecurity technical experts, but also experts in policy development and law. Cybersecurity underpins much of the global digital infrastructure, and is a top concern and priority for governments (and industries) worldwide. Debora emphasized the need for a talent pipeline of professionals who can develop and communicate effective policy. She gave as an example the challenge of developing global cyber norms in a constantly evolving, international space.

Strong communication skills and an understanding of how a business works in relation to cybersecurity are also extremely valuable, noted Randi Kieffer, vice president of cybersecurity audit at Capital One and former deputy director of the National Cybersecurity Communications and Integration Center at the Department of Homeland Security. People who can bridge the gap between the technical side of cybersecurity and the business side of a company seeking to boost its security are invaluable, underpinning why people currently working in another industry and looking to break into the cybersecurity field should jump in. Randi stressed that, when trying to make such a career shift, it’s important to explain to potential employers how your skill set and past experiences relate to cybersecurity and can add business value.

That point was echoed by Samara Moore, director of cyber strategy and engagement at Exelon Corporation and former director for cybersecurity critical infrastructure for the White House National Security Staff. She noted that very little of a company’s mission is accomplished without technology and cybersecurity, and if you understand the business, you can be key in helping shape how the company’s cybersecurity operations are run and managed.

Mihoko Matsubara, Palo Alto Networks chief security officer for the Asia-Pacific region, talked about her experience as a Fulbright scholar studying in Washington, and how a combination of networking and publishing an English-language piece on cybersecurity helped her secure a job when she returned to Japan. She recommended that job candidates and students also try to write on the topic, and find champions who will advocate for and support them throughout their careers.

The Q&A session of the panel was just as insightful. There were many thoughtful discussions and questions, but one struck me in particular. A recent graduate from a local university asked for advice on how she could break into the cybersecurity policy arena, noting some similarities between her background and Miho’s. Among other points, Miho encouraged her to go to as many cybersecurity events as she could and always ask questions during an event’s Q&A. This would help her become recognized and increase her chances of being approached following the panel by potential mentors or employers. Miho lauded the graduate for having the courage to raise her hand and said someone would likely approach her after the panel to learn more about her job hunt and experience.

It was a coincidence that Miho mentioned that, because the moment this graduate raised her hand and spoke, I decided to introduce myself and offer my assistance. Getting students interested in the policy field is very important to me. We subsequently had coffee, and I hope the advice I gave and introductions I facilitated with my peers are helpful to her. I love being in the cybersecurity policy field. I’ve spent the majority of my career working on technology policy issues in government (U.S. Commerce Department and U.S. International Trade Commission) and industry, including at a trade association and consulting firm before joining Palo Alto Networks as senior director of global policy. In my current role, I travel frequently to Europe and Asia and counsel foreign governments that are working to develop cybersecurity policy, and I’m acutely aware of the need for more people in this field both inside and outside government.

Making these connections with young talent will help increase the diversity of backgrounds and thought perspectives represented in the cybersecurity workforce. I know from first-hand experience how exciting working in cybersecurity is, and I feel it is important to mentor the next generation of talent and ignite their interest in pursuing careers in this dynamic field. It’s also key for cybersecurity professionals like myself to share the broad range of career paths in cybersecurity, which touches every aspect of our lives, industry sectors and national security. Programming is an important piece of the field, but it is just one aspect of it. On a personal level, I try to be available to talk to students and recent grads, including from my former master’s program at Georgetown University. From my company’s perspective, Palo Alto Networks recently announced a collaboration with the Girl Scouts of the USA to launch cybersecurity badges for K-12 girls in a program intended to spark their interest in the field even before they get to college.

I look forward to future discussions, like the one at New America, that focus on actionable ways we can expand cybersecurity pipeline so it is filled with talent as diverse as the range of positions within the field. Not only is this good for innovation, but it is critical to preserving our way of life in the digital age.