tv Forum Explores Workforce Diversity in Cybersecurity Sector CSPAN August 15, 2017 12:57pm-2:33pm EDT
mandatory minimum sentencing. rebecca metzner won a prize of $750, with gender inequality and grace ♪ won an honorable mention prize of $250 for documentary on the relationship between the police and the media. thank you to all the students who participated in our student cam video documentary competition. to watch any of the videos go to studentcam.org and student cam 2018 starts in september with theme the constitution and you. asking students to choose any provision of the u.s. constitution and create a video illustrating why the provision is important. now to a discussion on ways to improve workforce diversity in the cyber security industry, cyber experts, business leaders
and former intelligence agency officials provide recommendations to attract women, minorities and foreign students to the fiber security industry, the discussion is 90 minutes. >> welcome and good morning. thank you. we are happy to see you, i work on workforce development issues at new america cyber security initiative was my pleasure to thank you for hearing it this morning. we are thrilled to see this level, it speaks for itself the level of interest in this topic and i want to say to palo alto, the idea for this event and provided the breakfast that is critical to success, here is new
america we spent time thinking of workforce development and how to increase the pipeline, workers coming into the industry. a critical part of that is expanding the number of people and types of people we think of who fit in the industry. the cyber security project we will find online that incorporate stories of people who work in the industry telling their stories and putting into evidence the fact there are a range of backgrounds and experiences. to that, we are thrilled to give the current panel, happy to introduce ian wallace, codirector of the cyber security initiative, to moderate. >> thank you very much. before i start, let me mention to you laura's work on workforce issues with elizabeth weingarten, i encourage you to go online.
i hope this event will potentially make a positive take for diversity innovation. things that are important, storytelling, making public policy and their experiences, also wants to point out cybersecurity, and emerging field for which many in and within, visiting stories here today, we also, a public policy think tank, and something to have a fantastic group of women
to dig into those issues. i am going to be brief and talk more about that. deborah -- deborah plunkett, in a past life was a director of information insurance at the national security agency and senior advisor on some of these issues we are talking about. >> randy keefer -- randi kieffer at capital one, fairly recently left the debarment of homeland security, she was deputy director of the communication
this center. the transportation -- don't do acronyms. it does extend. next to her, mihoko matsubara, chief security officer for japan healthy network, she has had a career, the japanese industry of defense. on the end, critical infrastructure protection, previous to that based on the national security council outside security or infrastructure protection and a tough career at the department. experience in the private sector and public sector and then a
range of different things. a series of questions for the panelists so move into a discussion, up to the floor. deborah, how do you get into cyber security? when you hear all of the advice, what is the one thing people should hear? >> thank you again, it is my pleasure. really the foundation of the national security agency, in the mid-1980s, working first as an intelligence analyst, no one was much talking about it including into the 90s when things like
y2k hit the airwaves and raise a lot of concerns nationwide or worldwide about security and functionality. from there, we did that y2k activity at the federal level and came back and ended up going to the white house doing cybersecurity and that was probably that period of time in 1998 and in 2001, was the time the i love you virus began to rear its head. viruses we began to worry about at the national level and i happen to be working at the national security council working on a transnational threat where it was happening. programs, got to stand up from the white house and bring that experience back from the nsa
which had a robust, one of the earliest robust cybermissions from a security perspective. through the rest of history we moved through that working on the exploitation side and ultimately my career on the security side serving information assurance director. the one piece of advice i would think when people think of cyber security, lots and lots of folks, asking what certifications do i need, what technical competence do i need, how do i gain experiences and critically important but cybersecurity we need lots of technical, lots of folks who can sing from a policy perspective
and we need folks who write policy and envision what the future looks like and forget about international norms and what we may need to do to contribute to the development of those norms in cyberspace, folks who can read, people in the organization who can read difficult and exciting challenging times. that is the biggest message, i would say. cyber has a lot of technical work to be done on the policy. >> how did you get to where you are now? >> i will pick up middle of where debbie was speaking. my story was one of timing. right place right time with the background that matched. i majored in criminal justice computer science with a minor from washington university and
it was an it executive, something in computer science. i made up my minor and gave me that technical foundation to be able to go after a brand-new field where cyber didn't even exist. it and information security, cyber wasn't in the lexicon. i was pursuing my masters degree, i approached the professor with a masters design for the working professional on the end and approached a professor about working part-time and got a job at fannie mae. which we will talk more about later. i truly believe cyber is all about risk management. the technical sense, the policy sense, every sense of it you have the underlying risk management business foundation that will take you far. understanding how to enable a
risky appropriate way without the mission of cyber so that is the lesson i learned along the way. from there i really thought areas i got in government right away working at the contractor after fannie mae and called me up and said would you be interested in my position and i encourage you to apply. what separated me on my path was always looking for the biggest challenge. every boss i had, the biggest challenge set me apart, also communication, the biggest advice i could have, technical credentials are necessary, policy piece of it is critically important, the ability to communicate in every way imaginable, up, down, across, many people are just not comfortable with it and i encourage if you are one of
those and that resonates with you, step out of your comfort zone, take a class, learn how to communicate what you are trying to say because you will become -- you will open up the rest of your subject you might not have known. >> outside the united states, in government, how you got the way you are and what advice is happening. >> so excited about talking about innovation. that is why i came to walk in, cybersecurity, walked on cybersecurity in the government and defense and got out to do my masters degree in washington dc, but back in 2009, cybersecurity
was not as sexy as today. the word cybersecurity, so much to care about on safety for people because the foundation was all right on national security. one of my classmates asked me i am looking for somebody who can write about china and cybersecurity. i can do this. my piece of advice, to take the chance of doing something different. it was the first time for me to publish something in english
about cybersecurity. i didn't know if i wanted to do that. it wasn't there yet. actually afterwords, something in english, one of my classmates started -- a fiber security company in washington dc, kept being touched with east asia type of thing. he said you are interested in security, cybersecurity, maybe you want to talk to him. i had a coffee machine and on the icing chart, i was not able to get a job there but started to talk about cyber security and
whatever. for here. that commitment tells me, okay, she can do this. i wasn't able to walk into the united states after my degree here but it helped me to get a job in japan. my piece of advice, try to show people around you, a champion towards those and also to be a good communicator because cybersecurity is about everything. it touches on every single aspect of national security and management. you never know who wants to help
you. you have to be very accessible and very ambitious and try to be a great teammate for everybody else. >> all right, same question. how did you get the way you are? given what you think other people can learn. >> thank you for letting me participate on this panel. i will start with my first piece of advice, that brought me along. i was motivated by my coach to go into engineering, highly
interesting and that led me along the way, started out doing work in it and throughout my career and gone back and forth, the it field and the cyber security field, moved along in my years and realized doing work materially is the way we should be doing, not really the way to go, doing things the can enable some function for security as a means to itself. finishing college similar to your story, there wasn't a cybersecurity, information system and i got an internship in the late 90s where the
industry was starting to look at risk management and how computers can be manipulated to have a negative impact and that is where i got my feet wet and because it was still new i had so many opportunities to try different fields. there was no need to hold myself back because there were no experts in the field so my advice is to go for it, learn as you go but don't hold yourself back because you don't know. we all might as well go in towards the cars. and ask me to come up with it and i will try it for a little while and what i learned, turned
into ten years. i was willing to step out and hit a point, wonderful opportunities and a wonderful opportunity to serve as part of the national security council staff at the white house, decided to find a passion, a wonderful opportunity to, one of the largest energy providers and really enjoying being able to apply my technical skills within it insecurity, with that. >> this never stops. she will join us later. one thing i picked up at the
common theme, which you have come from different -- and yet if you look at the statistics, women and minorities, cybersecurity workforce, defining that, difficult, pretty terrible, double digits, two questions that relate to each other. in terms of people coming in, those people in schools and universities simply not getting the message, or employers seeing
benefits from highly qualified, going about change. >> i don't think it is the latter, that they are not seeing the benefit at all. that has never been my experience and i agree there are few women and minorities that cannot tell you how many tables i sat around, the black diversity in any way imaginable. i don't know there was an awareness of that until it comes up. every government agency and every corporation has. in government and private sector, i am seeing it much more prevalently than i do in the government, really great to see.
government and industry do a better job, can actually make a pitch to all, both genders, go after them and so there are government agencies that do this better that partner with the local universities here, george mason has a program for people in government, at the agencies for gw, and industry is starting to do this as well but that is absolutely critical in cyber, to build up what tomorrow is saying, our story generated in the 90s, i would argue that cyber is a continually new field and whatever skills you have ten
years ago did not apply today. and intellectual curiosity and targeting the new talent coming out, up to speed on today's skills is absolutely key. that is one of the things we can do to encourage university, the college for students and funnel that into the higher process. >> the discussion about lack of capacity for diversity and gender perspective and cyber security is not a lot different from the same discussion years ago, about women and computer science. what makes it more compelling today is we need so much more
capacity, traditional computer science. that makes -- simply look at demographic trends, doesn't take a smart person to see a lot more women available in the workplace and more people of color in a workplace, almost a no-brainer that we have to figure out how to leverage that capacity in this critical field where there is a significant deficit, we have got to work more closely with colleges and universities, and have capacity in areas of women and minorities. we have to go to that arena, kids who are in school today are better than many of us using these devices, very natural for them and not intimidating and
exciting, we have to hide them and excite demand make it such that it is not a regulatory, burdensome place to work but an exciting and challenging area of discovery to make place -- the world a place for all of us. we got a get into high school and elementary schools much more. we got to be targeted with colleges and universities that have the capacity. trying to increase diversity, the we would aim our recruiting efforts at a university that is not diverse. doesn't mean you don't, but if you are trying to get the population you also go to places where they are at risk.
>> speaking first, only 11% of the workforce is human. healthier than the minority. i still sees this sophos for example my company, first national credit advisers for girl scouts in the united states a couple months ago and we are so excited to host young girl scouts, people to raised cybersecurity awareness and teach about 0950 class and do you know why the ratio of women or minorities in cybersecurity is because ultimately minorities gave up learning about stem.
you have to make sure the output potential cybersecurity timeline, young girls or even before that, fascinating on so many opportunities, you can do anything about it, and then, i am sure, the change not only on women or minorities but we have to -- the leadership, the management because young girls and minorities need a little bit of encouragement. this is a chance to go for it and then we will see more women inclusiveness and diverse city. >> i would like to highlight the
same question, there is an existing workforce and i have repeatedly run into individuals who want to shift into cybersecurity to make it challenging so having an open mind, to not just develop the pipeline is important but also where opportunities to leverage prior experience that may not be in cybersecurity but related. i mentioned earlier understanding our business is important more now than ever. there is very little accomplished without technology or cybersecurity. if you understand the business, you can be key on helping to secure so there is opportunity to be innovative and find ways to leverage existing employees as well. >> fantastic point.
we have done some work in cybersecurity. very capable people see those jobs but don't quite know how to get into them. what is your advice for those women and minorities, do we encourage them? secondly, what do you think can be done? >> do your part to get educated and understand, demonstrate how you can apply that. book knowledge is important but understanding is all the better. when you show that you understand a different side, that is huge, powerful but to
have a certification alone is challenging. being able to apply, how do you get to that? it is connecting with people, signing what you are interested in learning, and take advantage of those opportunities to figure out how to make those connections to demonstrate. it is challenging. >> you brought up a good point. i teach in graduate school cyber security and many of us answer that exact point, advanced education, cybersecurity, how do i break in? how do i break in? it is a difficult challenge because at that level you really need an opportunity, to really
take a risk, on a midcareer individual. the capacity to hire to take a risk, something that doesn't look like you. give someone an opportunity, demonstrate academic accomplishment but has not had an opportunity to apply that in the workplace and give them an opportunity every single one of us call out somebody give us a hand, gave us an opportunity. >> what benefit to bring? >> back to the beginning, we have a significant deficit of cybersecurity capacity in the united states, numbers in the billions worldwide but the deficit is expected so if you are not able to retain and
recruit and retain from college, typically the top students are highly sought after and hard to get and hard to keep, why not invest in a student who has demonstrated capacity in a different career field successfully? but now is willing to make a change and applied themselves academically to learn what they need in order to do it? we gain a majority of a person who had a couple experiences and did a couple things. so some stability and the opportunity to invest. >> a couple of parts. what i am hearing a lot in my own experience as well is a lot of networking is key. the field you're trying to break into, find that specific network and start to people. it will always be somebody who can give you that chance and if
they get to know you a little bit outside an office setting, that is what you are looking for. the world works a lot so if you can find the right person, you can begin to establish a relationship with the level of trust, easier for someone to give you an opportunity. ..tunity and someone who doesn't know you at all. i second thought goes back to the communication but also value proposition. if you are in a field that seems unrelated, i challenge you to figure out where the link is and what value you can bring. if you're in a communications field that's a no-brainer. or what about a music field that could apply to cyber. we can go on. we could play with this in any field. usines
>> then demonstrate that business value, because to me from a hiring manager, the business side of it's invaluable. i can bring in all the technical experts i want. if they don't understand how the business works, and it's one of my aha moments having worked ont the i.t. side several times and going out to visit field, thel users of the i.t. systems, how much i didn't understand about their day-to-day, what their challenges were with the system. i didn't really know what they did until i went out to visit them. so having that business perspective, to me, is invaluable, because i lived through that on the other side. and so then the willingness to learn the cyber, the technical part of it, great. i'm willing to have you. but make that connection for them, because not everybody might have that experience.the a >> [inaudible] because as you say, having someone you can go to and ask for advice is extremely important for anyone in the web
place, but particularly when you're feeling different, perhaps, than some of your colleagues. on the one hand, can any of you point to organizations or organized networks that can be helpful? and second, have you any advice both mentees looking for mentors or for mentors who feel that they have an opportunity to help and some advice how they should go about that. let's start with the organized groups. are there any networks that you can encourage people to tap into? >> well, i know of one. there's probably several but one i'll call out immediately is the international consortium of minority cybersecurity professionals. fairly new, a couple years old.e great support from the hill, really focused on providing opportunities for minorities in cybersecurity from mentoring to providing the opportunity to
work in, on campuses, to get hands-on experience many touching and manipulating -- in touching and manipulating and doing cyber in a realtime way,in to pointing folks to fellowships, providing fellowships and scholarships. so it's ic, this cp.org -- icncp.org, and it's a great organization. >> i know there are many, but i'll mention two. one is the women's executive --e executive women's forum. they work to develop women along their career. and it's not just women helping women, it's everyone helping women. it's a diverse group in itself. i actually went to one of their conferences a few years ago and was just blown away by the level of the quality of the presentations and sessions both on professional development as well as technical, technically. another one is women in industry.
i know that in energy, i know that's industry-specific, but that's another good networking. and it really has individuals involved that are all on the spectrum of their career. >> i can point -- [inaudible] armed forces communications and electronics association. so do you know it? if you're working in the defense industry, you know this. so it's a dod-associated nonprofit organization, and it has chapters all over the world. especially it has some chapters in the d.c. area. it focuses upon networking and also raising awareness on tech, defense, intelligence and cybersecurity, of course, these days. so they have a lot of events, seminars, workshops. if you go to those events and if you did homework enough, okay,
so this speaker is really interesting. her background or his background looks so relevant to me, then you should talk to her or talk to him right after the event. don't just go there and come back right after the event. yeah. then -- because it's going to be, it's a challenge to get organized. you are young or trying to shift your career path, you have to have determination and ambition to take one step forward, to change your gear, to close a gap. because the reason why you want to get into this field is because you see the gap, and you can help out to close it. >> so mine are the same. i'll do, i've participated in many events with the women's's forum, and i too speak highly of them. i think i'll give you a little experience from my capital one side.
they have a tremendous women in technology program that i found right when i started. i've only been there about seven weeks, so this transition is still new to me. in this women in i.t. group, there's a brother group, i'll call it, called the male allies. and that comes to all the events with the women in i.t. and the fact that they've actually named it is really fascinating to me. because if i -- my own personal story, most of my mentors are male. and they're the ones that have sort of guided me or given me opportunities along the way. and my guess is if we dig into your stories, there's some, there's men that took a chance, right?vede that knew the value in diversitr and that were champions of minee to get me to that next level, wherever that was. so capital one, at least, has actually named it. and they have people from various places within the business so that there's somebody that you can go to if you're interested who's willing to at least help you along the
way, potentially give you an opportunity whether it's a w detail or, you know, a voluntary assignment. whatever it may be. but that's still real while we work to solve this problem. >> preempted my next question which is -- that's great. and it's quite a personal question. it's like what is your advice to men, and particularly white men, who want to see the benefits of bringing people into a work force that needs talent but doesn't necessarily have the experience of mentoring particularly women and people of color in this space? and it might be that you do what you do with everyone else, but i would welcome your thoughts on that. >> so i would say that, well, when you're talking about diversity, sometimes the discussion only focuses on hitting the number. and i think it's wrong, because diversity should be inclusion as well.
to pay respect to different cultures, backgrounds, minorities and everything. something different from you. because they can bring values to your team or to yourself. so my advice to senior male leadership is like, okay, so try to think about what you want to see happening to your daughter or your wife or your sisters.wi then because their minds totally change. okay, i don't want this happening to my daughter or my mother or my sisters. they can -- okay, this is something i can offer to these women. >> you know, i think i'd say do a gut check. think about those that you currently mentor, and maybe you don't even call it mentoring. but it probably is, right? think of those that you might
pull aside and give some advice to or send them an e-mail to say, hey, i heard a job is opening up and think about what they look like. and then challenge yourself to get outside of your norm and too pick up someone who doesn't look like you. someone who doesn't think like you. someone who comes from a different background. and, you know, my greatest joy from a mentor perspective is that you gain so much from mentoring someone who doesn't look like you, doesn't have you background. but it's going to take a significant number of people that look like you, ian, taking -- having that courage that's already been spoken of in order to more quickly and sufficiently advance the number of women and minorities in cyber.to >> anyone else?ly >> well, i would just say, you know, there are many out there who are, so for those that are, i would say speak up to your peers. challenge your peers to do the same.
and when you see things going on around you that maybe you wouldn't have done and you don't approve of, don't be quiet, you know? challenge the community to continue to move forward in this area. >> just picking up something randi mentioned, this is a constantly evolving space. and one of the things that you know better than i do is going to change cybersecurity over the next decade is artificial intelligence and computers doing the work that people currently do or certainly used to do in the past. that, of course, provides an opportunity for those people who get ahead of that game. what advice are you giving both to sort of girls at school or women and other people in the work force who, about future-proofing their careers and making sure that they're going to be in the best paying jobs of the next decade? jobs in randi. [laughter]
>> so i was just on the west coast last week through a cyber fellowship, actually, having this conversation about the future of cyber and machine learning and a.i.. so to demystify, it is still math, right? we are still programming mathematically computers to do something better, more efficiently, optimizing something. however, even though it can learn and you can -- a machine is now so evolved with enough horsepower that it can learn onn its own, there's still nothing will replace human ingenuity and creativity, right? we have yet to teach a computer that or mathematically code that. so i caution against that everything is going away. i do think that the future of jobs is changing, and i -- after two days of talking about this, i have two daughters, they're 1 and 3, and i had a conversation with my husband. how do we raise them to be successful in this next generation.
because it's not going to look like what everyone in this room went through. and so i think that there's a few fields that are, i think the medical field is completely safe from this for a while. i think machines will help in operations and medicine, but i think that's still good, right?l and there's -- computers is one of them, right? so embracing this. absolutely being able to understand the math and science behind what makes machine learning and a.i. move. this is higher-level thinking that will be necessary to steer this in a good direction, right? if we're cyber professionals in this room, we sort of think about the risks involved in some of this, and a.i. and machine learning can be scary at the same time. so it's going to take a generation of responsible thinking youth to move this in the right direction. but that being said, s.t.e.m. now becomes imperative in a background and absolutely at the k-12, right? you need that foundational understanding to be able to take
these fields into wherever they're going to go which i don't think we can even imagine what that looks like today. >> anyone else? >> i just, i find the question interesting, because when you talk about, you know, how we're advancing technology, all i see is opportunity. so i think for a cybersecurity field, security is ever and increasingly more important in innovative ways to do so. so the way we have done security the last 20, 30 years, may not and likely is not the way we need to do it into the future. so let's figure that out and be a part of that and ride along with this change. >> [inaudible] a project called the feature of work -- the future of work. and one of the things that we're taking forward is cybersecurity as an opportunity within that context for, as some jobs
disappear, potential to build new careers in this space. and that, one of the real opportunities that we've been exploring is the potential for careers not just in the federal government, but in local and state governments who are increasingly dealing with these challenges. every one of you has spent some time in government and in the private sector even if it's just a short amount of time. when people come to you and say where do i get my start, government, private sector, somewhere else? what advice are you giving them? and what do you think of the pros and cons of different places to start your career? [laughter] >> i'll start with a consultant answer, right? it depends. [laughter] so there isn't a cookie cutter approach on where to go. it's about what are you interested in, where do you shine and then how do the opportunities match up with what you're looking to do now, or it
may be how does this opportunity help you get to where you want to be in five years or in ten years. so it's really weighing, weighing them. w but i don't know that i would easily say, oh, you must start in government, or you must start in industry. it's really about what aligns with your interests and your passion at that time. >> this is for everyone, whatkn are the pros and cons of either? deborah. >> you know, i'd say that, first of all, times have changed. we will likely have very few like me with 31 years in government. that time is probably, you know, probably passed. and instead we'll have folks, especially technical folks, moving in and out of government. and i think that is a phenomenal scenario, because government gets the benefit of the experience that one would gain on the outside, and private sector gets the experience and coming back and forth. so when folks come to me and ask here are the pros of government -- stability and opportunity to work on some of
the nation's challenging, most challenging programs, problems, an opportunity to serve, not to be hokey, but an opportunity to serve the nation and not having to worry about billable hour, you know, bottom line. but you don't make the pay. and so that really is the balance, is on the private sector side you can make more money. as far as working hard, you know, i think both can challenge you significantly to work hard depending on where you might land. so i think you still get an opportunity to work as hard. you might have to work harder because you're billing on the side of private industry. the opportunity to travel, i think both can provide that as determined by where you go.. and so, you know, it's really easy to the say you get paid more in the private sector and less in government, but that -- it's much deeper than that.
i had, in government, i had mid-career folks come out of private sector into government because they were ready to have family. they needed lots of leave. they needed the stability that that provides. that's a very legitimate reason to come in. and then after you've raised your family a bit, hen you can go, you know, go into maybe back into private sector where you have some more personal flexibility.y. >> yeah. i, i'll tell you a little bit about my story and some of what i appreciated about the government. and i agree with everything you said. there is no answer for this. all experiences get you to where you are and, hopefully, build on that from where you want to go. what i appreciated about the government is a tremendous emphasis on leadership development. there's opportunity and and training galore in this space, and it's not just reading a book. it's like are, in-person training, it's fellowships to network amongst groups and peers and really these people that you
evolve with in your career that may diverge. and now you have a person in another agency or in the private sector that you can still call upon because you have some experience. i've been through several of those fellowships, and i call people all the time. and they pick up the phone, and it's like you pick up right where you left off. the other thing, there was a time in my career when i actually stepped out of cyber. so i had been doing compliance,n fisma compliance, and i started having nightmares in red, yellow, green stoplight charts. [laughter] so i really looked for a good leader in government. and, again, asked him what his biggest challenge was and let me try it. and it turned out to be a law enforcement technology initiative. and he needed help in communications and outreach. sure, let's give it a go.ee and i did that laterally, right? the government, i think, is one unique place where you can sort of change career fields and not have to start all the way back over, right? i didn't have to take a pay cut,
i didn't have to go back to school. he was willing to leverage my confidence, the skills i had built and my program management skills to apply it to a new area. and again, that intellectual a curiosity of i can do this. and if it doesn't work out, then move me. from there, i became the chief of staff of that program and filled out by business portfolio, so i learned about acquisitions and budget and training and h.r., and that's when cyber really started to take a boom, and i came back in. and now i have this really nice, robust portfolio of not just a technical background, but now r all the business elements as well which is when i stepped in the role that created a functioning organization that included all of those pieces. but that was a risk. it was a risk to step out. somebody had to give me a chance. i had to prove myself, but it was knowing where i needed toa fill out my portfolio to really be successful at a higher level which is where i wanted to be. b
the government afforded me that opportunity. maybe the private sector would too, i simply don't know. now, on the private sector they move way faster, right? so government, it takes a while to implement a system. private sector i've now, even in seven weeks there, i've seen one stand up in a week, right? we need this, we've identified the need, we have the money for it, let's do it. and they did.. and so that's like, wow, right? that's kind of energizing that that would have taken at least six months to a year in the government. and i know cloud and agile, we're doing better and going faster, but it's still difficult in the government. so that's exciting and really can be energizing to know that everything you learn about project management from, like, cost management scope, triple constraint, you can do it in a week too and it still works. >> so is, well, so i have an experience working in the japanese government, american think tanks, japanese industry and american industry.
so it all depends on what kind of -- you see and what kind of values you want to bring in. and it's all about timing too. and so, because the benefits of working in a think tank or academia, i can share a little bit about my experiences. so i think the beauty to working many academia, a think tank is you can hold neutral positions. you also have greater freedom of speech.al so you can progress a lot, and you can also hold events like this to reach out to the larger population you would never think of in the government or in the industry. because if you work for a
private sector, you will focus on the specialty of your company or your specialty of the government sector. but if you're in a think tank, you can be more creative. i'm not saying that the government or the private sector are not creative, but you have more freedom to come up projects to reach out to -- for instance, this is about innovation and also diversity in cybersecurityi it's easier for think tanks to do this rather than theeit government. >> i'm going to open this up to the floor, because there are a lot of people here who have, i'm sure, some really great questions. but i'm going to preempt that with one final question from myself. this conversation doesn't happen enough, but when it does, sometimes it goes well and sometimes it doesn't. so my final question is whatsn really bothers you about the sort of diversity in
cybersecurity conversations? what are we getting wrong and how can we address that? >> it bothers me that it's a thing, right? just in general. and maybe it's because i'm a woman, and so i come with a different perspective that i just want the best person forr the job. and i'm going to cast a wide net to find that, whatever the job may be. and, yeah, i'm going to be deliberate in making a diverse group. because in my experience, diverse groups are more successful. it's -- and let me be clear when i say that. when i look for diversity, i'm not always looking for certain jobs that need technical skills, and that's kind of a no-brainer but what makes a good organization is the people. period, right? if you take care of your people, if you put together a high functioning team where you have
an introvert and an extrovert that can pair up and bring the best out of each other, bring the introvert out, tamp the extrovert down, you have people that can -- but it's true, right, i mean, you need to balance a whole team. is when i speak about diversity, i'm looking for skills both technically and those soft skills that i want to balance out my team so that i know if i need a new perspective, we'veca tried something and it's notot working, i'm going to bring in someone who i know thinks differently than me because i'm missing something. again though, i've had a lot of leadership training to not be afraid of that. that's sort of been my experience, is that the teams that, you know, the environments that i've been in that didn't work that way had some lack of leadership at the top that wasn't willing to take that chance. and it's why i made it my personal mission to continue to go up that rank so that i can demonstrate it to others and start breaking down some of those barriers.
that's not a golden answer that you're looking for, but it's my experience. >> [inaudible] one of the things that we want to get to in this kind of conversation is how do we improve the quality of the dialogue so that we contribute to a better work force at the end of the day.it anyone else want to chip in before we open it up? >> sure. so i sometimes feel frustrated when some people try to define really narrowly about cybersecurity jobs or cybersecurity careers because some people only think, okay, cybersecurity's just about technology or solutions. yes, technology and solutions are important and crucial to solve problems, but we also need soft skills, strategists, policymakers, lawyers and also like national security intelligence or soft builders.
so because, as i said, because every single aspect of our daily lives in national security are touched upon, touches upon i.t. and also cybersecurity these days, you have to understand that everything around you -- [inaudible] to cybersecurity. and maybe your job title currently doesn't say cybersecurity or something or i.t., you can take advantage of your background from the past and the current ones to say, okay, so i've been helping this to close a gap between this and this. so i'm confident that i can get into this field to take a job at a cybersecurity analyst or strategist or policymaker. then because it is also helpful for your potential employers because then you can say, okay, i never thought about it, but actually you are right. this is relevant to cybersecurity.
i need you. so this is all about closing the gap and team building andp winning the champions to endorse you. >> you know you're in deep -- [inaudible] when the recommendations need to be more supportive of think tankers and the like. [laughter] if you have a question, please stick up your hand, tell us who you are, where you're from anduo your question wednesday with a question -- question ends with a question mark. and my colleague has the microphone. so for the benefit of people in line, please speak into the microphone. >> thank you. hi, i'm kathy and i'm with -- [inaudible] network. my question is one of the things i have found about palo alto network, i have worked basically my entire career for the government basically until ive came into palo alto network, and the past two summers we've had amazing interns. i have nieces and nephews, and i
was talking to the interns what it was they did that set them apart from other people that got them internships at palo alto networks, and i actually made my nephew come in and meet them so they could talk about what is it that makes you somebody we want to have within our organization. so my question is what can we do to help these kids understand in i'm super excited about the girl scouts of the usa and the work we're going to be doing with them. i'm a girl scout, and my niece got her gold award. that helped her get into college. my nephews, they both have gotten, what is it, the eagle award, their eagle scout from boy scouts. that also helped them get into college. what is it we can do from an organizational perspective to help these young kids what is it that i need to do to9 set myself aside or so that i'm more noticeable in this community so i can get these types of internship opportunities? most of the interns that weed had we found them -- we found
them, they didn't find us. how do we grow them? >> to build on that more generally, what role can the private sector may to help people enter into the cybersecurity community? >> well, i mean, private sector has resources. got hot and lots of dollar, right? [laughter] you know, public schools, local schools -- particularly public schools -- would welcome mentoring, sponsorship of programs. i mean, i know, i've done it since i've been retired. and they, with open arms, welcome you in. so look at how you might in your local community have an impact by investing in mentoring, in programs, in camps, in summer opportunities, in internship opportunities, in exposure opportunities to give kids, high
schoolers and even college students a chance. >> right. i think my advice is similar. i think there's many companies, capital one is an example, that really values involvement in the local community. so we're headquartered here in mcclain, and we are involved a lot with the schools. and not just the colleges, especially the high schools and the elementary schools. we have big offices in richmond, same thing there. anywhere you see capital one, they're involved in the local community. so as you're raising children, right, find where those local companies are that may have some program that you can get involved in. capital one also has an associate rotation program, i think. so it's students fresh out of school that literally rotate around to try to hit that more millennial mentality of let's try a few things so you can figure out what you want ass opposed to committing to something and then jumping around very quickly to try to
figure it out kind of the harder way. so that's the way that i'm f watching where a company is actually adjusting to the new kind of mentality that comes out, and they are -- they do rotate through cyber, and sometimes we keep them, and sometimes we let them go. but the girls who code those programs, that's an area to target also for hiring. i've done some events with them as well. i mean, there's just great opportunities now at that younger level to really get involved and really set yourself apart. >> mihoko, what are the things that you when you're looking for interns to pick up kathy's point you say, ah, that's an example of someone i want to bring in? if young people are thinking how can they get ahead, what sort of opportunities should they be looking for? >> so internships are one thing, but the challenges young people often encounter is lack of
experience and lack of recognition. and also they sometimes don't know what kind of job will be doing for them in the future. so trying to go to cybersecurity conferences or events in your local community as much as possible and also talking tomm people who are sitting right next to you or people who are speaking. hey, so i found your story really fascinating. how can i be like you or something like that. then you can start a conversation, and maybe he or she doesn't have good advice, but they should have some contacts to share with you to help them to be a mentor in the future. >> okay. t i think we have another question in the middle. i should mention, bringing the microphone is one of our fantastic interns. [laughter] >> hi.
i recently graduated from american university with a master's degree focusing on cybersecurity, internet policy. i'm currently on the job hunt which is, as you know, a lot of fun. so my question to you, i guess, is while on my job hunt, i found a lot of jobs that are super technical, penetration testing, information security, etc. is there really a capacity deficit on the policy side of things? and as hiring managers and -- [inaudible] what would persuade you to hire someone off, you know, a student or someone who's not american in this field? >> i believe there is a deficit on the policy side, for sure, particularly with -- because most, be many of the folks who are in policy space today, you know, grew up particularly if you're talking about government, you know, grew up in the government, had a career maybean in other places and transitioneo
transitioned. what policy can benefit from is fresh thinking, and that comes from experiences outside of government whether it's in academia or think tanks or private sector. and so there absolutely, i believe, is a need for more capacity on the policy side. what would make you, what would make you pick someone for such an opportunity, i think having demonstrated -- obviously, wherever you came from having demonstrated success in it. whatever your story, that you've had some success in it. that you'ved had some opportunities to learn and you're -- you've had some opportunities to learn and you're able to articulate that. i have to foot stomp randi's comments about communication. you've got to be able to represent yourself, tell your story succinctly, because many times you'll only have a couple of minutes with someone to make an impression. always have something ready toe hand because, again, a couple
minutes might be all you have. and take advantage of those networking opportunities to include big conferences likene rsa, you know? 40,000 people, it's toughfo because there's so many people.h it's overwhelming. but so many great opportunities are there to meet with professionals, to make contacts, to schedule follow-one opportunities, to discussat potentials. >> so i don't know, so i used to be a non-american student in washington, d.c. between 2009 and 2011. i can totally relate. as a foreigner here, it's so challenging to get into the security field because, well, you have some deficits here. but at the same time, so i was working really hard to think about, okay, how can i get a job? i was a job risk when i was a student here. i have to find a job when i go back to japan. so i was thinking really hard
like, okay, so i really need to get a job -- [laughter] after this. and then i'm like, okay, so i have to go -- i have to be, i have to be recognized. so i went to many conferences, and i was sitting in the back because, of course, i was a student. i cannot be a speaker. but i did my home work. homework. i tried to understand the agenda and also about the speakers, and i raised my hand every single q and a session and tried to come up smart questions -- [laughter] as much as possible to try to be remembered. because if you're just sitting in the back, you are nobody. but if you can speak up, just like you did, you have to have courage to do that. i'm so impressed with it. and if you do that, then somebody may talk to you afterwards.
hey, so you asked a really good question. then you might have, start a conversation with her or with him or their colleagues or mentors. and this doesn't mean, this may not be able to give you a job right now in, like, the next month, but maybe in the future you can get a better opportunity to get hired. >> randi? the only additional advice i would offer is certainly be the if you're interested in getting in the policy world is get out there and write and talk. and one of the advantages of modern technology is there are lots of avenues to get your writing out there. and given the sort of immaturity of this this space, there's plenty of sort of white space where there are opportunities to provide your voice and quickly build yourself into the only
person who's really writing in that space. and certainly speaking for someone who recruits into a think tank, i'm relatively confident that people can learn their subject. learning how to write well ande to speak well is much more challenging.wr if you can prove that, you're halfway will. if you can build your personal brand by sort of, basically, have name recognition even be you're relatively junior, you're halfway to getting a job. and that's, you know, some wayst if you're coming from a slightly different background, you have an opportunity. some of the best sort of new cybersecurity-related policy work is cyberrer security and something -- cybersecurity and something. cybersecurity and states, cybersecurity and international development is something we're doing here. and if you come in with that
extra expertise, may even be geographic, you can be different from everyone else in the space. more questions going up. we're going to come over to this side, to the front here. and we're going to start grouping up some questions to try and get through everyone, if we can. >> hi. my name is -- hi, my name is megan, i'm with a nonprofit based here in d.c., internews, i'm working for the global technology team. so my question really is on how to combat some stereotypes. i've similarly been in many cases or rooms where i'm the only woman or conferences where we break out in a security group, again, i'm the only woman. and in the open source developer world, the sort of imbalance is even worse. so any advice that you are guys have on how to deal with that. i know it becomes increasingly frustrating when it happens so often. so any advice you guys have.
>> [inaudible] i mean, so we, and apologies to the men in the boom. from a whimper spective, ec -- from a whimper spective -- women perspective, we can be our best allies. introduce women, pass their resumés around. as a federal hiring manager, i hired women. i was proud of that, right? so one day at a time, right? and we'll change it by one hire at a time, and you can begin to change the shape of that room and what it looks like. but, yeah, it's going to be frustrating, and we're not there yet. there's a lot of room for improvement, but we absolutely have ownership of that space. >> and -- [inaudible] so that happens. don't be marginalized. as the woman in the room. don't allow yourself to be. be an equal player, demand it,mt contribute and demand the same level of respect and attention and opportunity to contribute as every other person in the room. >> we're going to group up some questions, so stick your hand
out, we'll take three questions at a time, and then we'll start to get into a slightly t rapid-fire session. so one here, one on the second row and one in the back on this side, and then we'll come over here for the next round. >> thank you. monty with the state department. i work on communications around cyber issues. so my question is really about kind of the current, your assessment of the current brandr around cybersecurity and whether or not that is inhibiting or helping to attract students that would not otherwise go into computer science, i.t. to cybersecurity, right? because, you know, when you think about some of the efforts underway with n.i.c.e., you know, these are things that you're already getting kind of the current pipeline, but how do you get additional students who might not otherwise think about that? and mission to that -- and in addition to that, what role the government could play in
supporting that and specifically this model of apprenticeships that has recently come out in the executive order. is that helpful, or is that something that you think industry may not immediately kind of jump on?ately >> thank you all very much. my name's -- [inaudible] i'm currently at the world bank doing things for agriculture project. my question kind of builds upon from one to of questions already raised. coming from professional and economic training, international relations, international policy background, what kind of, like, what would be your piece of advice to build technical skills as a woman who's a little too old for girl scouts or a girls' coding programs to, you know, really apply my policy and international development interests to leverage cybersecurity, importance of cybersecurity in the field.
>> [inaudible] >> hi. my name is anne, and i'm an assistant professor of media studies at the university of virginia. and i do research on u.s./china media and technology relations. but this is actually related to my students. in media studies, we have predominantly female students who understand technical systems really, really well, and i teach a class on media and cybersecurity, and by the time they finish, they're like how can i work in this field of cybersecurity. and i would love to be able to give them better advice on specifically how they could leverage their experiences in media studies to kind of specific entry-level types of positions within the government. or barring that, like, different ways to kind of get technical training at kind of -- not necessarily at the level of engineering, but at the level that leverages their experience and understanding to be able to kind of move forward in that
career field. because it's, like, rooms full of women who are like how can i also be a technical professional, and i feel like there's more i could be doingch there, so thank you. >> [inaudible] encouraging to hear. it does raise a link to our second question. a lot of people particularly, i guess, in d.c. come out with -- degrees but recognize that they these to have technical smartsco to get ahead. outside of, you know, joining the girl scouts or getting a degree, what opportunities are available? and then picking up the question about sort of -- culture and other different ways of learning apprenticeships. [inaudible] >> so i -- [inaudible] right? because i think cybersecurity gets a wad rap today, and we need to change that, right? so cybersecurity people walk in
the room and they're like, no, what are you going to tell me i can't do today? [laughter] that's wrong, and we have to change that. i think that was where the field started, right? as we were bottoming it on, right? -- bolting it on, we weren't baking it in. we came in and said you've got to stop that bad behavior that we consider in cyber and to something different. we should be involved enough -- evolved enough so we enable the mission from the beginning. i think to your point earlier, if we move a more security-aware and privacy-aware generation, this will be demanded so we can get out of this mentality. cyber should be a mission enabler, absolutely. and i think if you do it that way and then you talk about some of, like, the protection and the defense side of it, it could be really fun and exciting. and it's a way to sell this field where people may be interested that don't know it, that's my opinion on that. from the technical side, there's -- you don't need to be an expert, right? i think you need to know enough
of the fundamentals of the technical to know how it applies to whatever you're talking about in international or policy. there's so much open source training out there right now. certified ethical hackers, that's the fundamental of how a computer system works, how it could be attacked, how it could be defended.d. i'd kind of start there, and i'm not even saying pursuing that certification, but learning how to go get that certification will give you some of that technical background that gives you some of those creds where you can at least speak it.ca and then from the media perspective, i think that's fascinating. so what comes to mind immediately for that is training, right? so, because that's kind of an outreach thing. we need way more people that can go and speak about cyber. so it's related to media a little bit. but the general awareness training, user-based training, how we go out and speak to people from that technical perspective in a way that they can understand it which media people, like, are kind of taught to do, to think differently about it.
so that's an area that both federal and private, i've seen both. i mean, everybody has a fairly robust training program or they're certainly building it up. and that's just what comes to mind first. i just need to think about it a little bit. >> on that media side, almost every large federal organization, public affairs office told is going to have somebody who can talk cyber. i mean, just -- someone is going to be able to speak technically. that's one source. then in major publications, newspapers, everybody now has got a cyber or a tech lead. and, you know, look for apprenticeship opportunities with the newspapers and printti media as well as online media opportunities. a those are two that come to mind for me. yep. >> let's move across to this side of the room.. we'll work from the back. right at the back, right at the
back of the room, then the lady in the back room and then the lady in the second to back row, third back row. >> hi. good afternoon, i'm from dhs. hi, randi. [laughter] hi. the question i have being that there's so many students inside the actual room or young people that are coming into the actual cybersecurity field, how do we teach them to be secure internally? we secure systems from a confidentiality and integrity as well as an availability ofnt information, but once they get inside the actual profession, how do we teach them to bee secure and confident within it? because women, just as much as we want women to come into thefi field, just as quick they're leaving the field because they don't see people that look like them. or when they're actually having the actual cyber discussions, the diversity in the field. what recommendations can you give to a lot of the young people in the world to teach them how to -- in the world to teach them how to face or deal with adversity and be able to maintain themselves in the
field. >> great question.n you against the back wall. behind you. [laughter] >> yes. sean -- [inaudible] i'm a reporter with the scoop news group. thanks very much for holding this event. i wanted to ask a question about government service in the current administration. i mean, we have a white house where, you know, there are some senior officials who are clearly ambivalent, at least, about the prospect of large scale, non-anglo immigration into the united states. we have, we have a president who has boasted about sexual assault is that an issue for, you know, work -- government work force, cyber recruitment right now? >> and one more, i think in the second or third row. yes. >> hello.
i'm from -- [inaudible] formerly fulbright scholar but practice at pcv, so preventing and countering violent extremism. so absolutely in terms of defense security, right? soft background with zero cybersecurity background which is super important for pcv. my question is actually two fold. first, when you talk about policy people, how popular among your networks are policy background with zero cybersecurity background people? and second is what is the, how popular is the investment into those who come with zeroinvest cybersecurity into cybersecurity to gain certain training while doing cybersecurity? thank you. >> three questions, one about retention, one about the state of federal/private security work force and one about how to get those sort of policy smarts if
you're coming from, sorry, from outside the cybersecurity area. >> so great to see another fulbrighter in this room. so, well, i've within talking to several young students to -- [inaudible] who have a policy background. and who do not necessarily have a background on cybersecurity on their resumé at this stage, but they're interested in getting into cybersecurity field. so from my own observation, i would say that the cybersecurity is getting really popular among policy people. so the next question is how to get into this field. because i don't have anything on cybersecurity on my resumé atyo this stage. but good news is these days all of the organizations or government, academia or nonprofit organizations does
cybersecurity a little bit these days. so you can relate your background a little bit to cybersecurity saying, hey, so because i've been doing this, and it's relevant to cybersecurity. so i have an amazing colleague who has an international trade background. and she did international trade policy in the government. she also helped trade associations. and she was able to take advantage to the bring her knowledge and contacts to our company to help us and to get smart about -- to look at cybersecurity from international trade perspective. so i'm sure that everybody in this policy field can bring -- to this field. >> so on that, i think ian's advice is spot on. publish something. demonstrate your ability to take what you are an expert in and apply it to cyber, right? so first, if you're sending
resumés in or if you're especially applying online, there are some keyword search, right is? because cyber has to show up somewhere. put it there. put it in the title of an article you have done so you can at least get it through an automated check. but then show the capacity you've learned in this area.a. that'll take you a long way in establishing that you're ready to enter this field. i can only speak to my be government experience where i've seen many policy people with no technical background move into this field because it was so new and it needed to be filled. so i think it's quite possible. i don't know how that looks outside of government. sean, for your question, i believe that cyber is a nonpartisan issue. do i think that the administration is having an impact on the ability to recruit and hire? i don't know. i think the field is exciting enough and there is a lot of opportunity that it's an area where -- i can just say from
from a federal hiring perspective we did not have a shortness in applications. so we did not see any decline in that. we do have -- we did, sorry. not we anymore, but dhs had special hiring authorities that enabled us to hire better, faster, quicker. and i never saw a dropoff since the change in administration. and that final question, i encourage people to go seek out, right, to build a network either whether it's an official mentor, whether it's a buddy, whether it's somebody that they can just talk to about what they're seeing and then maybe find a leader that can help them navigate through it. it can be frustrating. i think it's still frustrating for all of us in this field, but it doesn't have to be so overwhelming that we're losing people because of it. but just to name it and actuallm begin that conversation, i think people will find that there's many that feel the same way, and there's safety in the numbers that way. >> [inaudible] >> i was just going to comment,
i think you're probably said almost everything i was going to say, which is great, perfect. this notion of securing yourself if you are the one and only and feeling like a lonely one in a group, in a crowd is first making sure you have a good sense of what your personal values are are and that you stick with them no matter what.u absolutely no matter what. and then you surround yourself outside of that environment with people who can support you, who can give you criticalt assessments of you, who can help you to develop and grow and be confident in where you are but stick with your values. >> and i think that's a great note on which to end.to i know there are other people who wanted to ask questions, but our panelists have agreed to hang around for a little while. so please and ask someil questions, get some advice, get guidance, and we'll be hanging around for a little while. i just want to finish by saying a number of things. firstly, thank you very much if to our panelists who were
fantastic. and i can confidently predict this won't be the last time you see any of them on this stage. [laughter] so we, we will be returning to these issues. we have just, incident aally, concluded -- incident aally, concluded a partnership with florida international university, a university who is very, very focused on diversity and increasingly interested in cybersecurity. so i think we're going to be returning to these issues. and for those of you who are not aware of it, please check out our humans of cybersecurity blog on medium.com which is very much focused around providing a platform for women and minorities and others who come from diverse backgrounds in the cybersecurity community. some fantastic articles apart from everything else, but well worth reading. and finally, thank you to palo alto network who paid for our breakfast and helped bring this
>> and a live look again in the lobby of trump tower in new york city where today president trump is expected to sign an executive order on infrastructure projects while campaigning, he proposed spending money on projects to repair bridges, roads and waterways. the president today holding a meeting on the issue and then making a statement from this lobby position. you can see the podium there in trump tower. we expect that about 3:45 eastern, and we'll have it live for you on c-span when mr. trump comes out. let's watch the lobby for a couple of minutes, see who comes and goes as we're doing throughout the day with the president in residence there. [inaudible conversations]
>> several states holding elections today including utah. republican voters there are hitting the holes-- polls were special election to choose a seat for the house less vacant by jason-- jason shay this. democrats nominated physician kathy allen at the party convention in june. three republicans are running in today's primary in utah. a businessman and some of the boston celtics general manager. chris harris and john curtis,
the mayor of provo, utah. >> every month the tv on c-span2 features an in-depth conversation with a nonfiction author about their writing career appeared to the september 3, when our guest is eric, latest book if you can to the-- keep it in other book includes amazing grace. october 1, author and "new york times" column this morning that dowd will discuss her book and the year of voting dangerously. november-- a member fish,-- november 5, "the big short" and new new thing. join us for in-depth, the first sunday of the month at noon each are-- noon eastern.
IN COLLECTIONSCSPAN2 Television Archive Television Archive News Search Service
Uploaded by TV Archive on