I know for any friday morning but particularly a friday morning in the middle of the summer we are thrill today see this level of turnout. I want to say thank you to Palo Alto Networks and provided the breakfast which is critical to success which for a friday morning. We have our humans of Cyber Security project youll find online that incorporates stories from different individuals telling their stories and putting into evidence there are a range of backgrounds that we see. To that we are thrill today ged you this panel. Sheer ian. Thank you very much. First let me commend to you lauras work on diversity and general Cyber Security web force issues. The murp of this event so to potentially make a sort of positive case on Cyber Security. One of the things thats very important is making Public Policy through listening to peoples own stories. We also want to point out that particularly Cyber Security is an immerging field for which there are many parts both in and within. We also are a public and there are some policy issues behind some of these issues. Given that we have this fantastic group of women we will dig into some of those issues as well. To introduce the panel briefly and i will be brief. D deborah was district to of information insurance at the National Security agency and was Senior Adviser to director on some of the diversitytype issues well be talking about. Next to deborah is currently at capital one. She was chief Information Security officer for transportation security agency. Next to her is chief skurlt officer. She has had a career that has taken her into the Japanese Ministry of defense. On the end we have moore but served on the manational securi council and a past career at the department of energy. As you can tell we have people in the private sector and Public Sector but in a range of different security worlds. I will begin by asking a ser ri of questions to the panelists and move into a moderated discussion. Please have your questions ready. To kick us off how did you get into Cyber Security and when did all of the advice, what is the one thing you think people should hear . Thank you again for the invitation to be here. It is really my pleasure. I got into it because oaf a foundation at the National Security asi when i started my career when cyber was just a dream. No one was much talking about it. Moving into the 90s which is when things like y2k raised concerns worldwide about security and functionality of information systems. It was from there i did the representational activity at the federal level and then came back to nsa and ended up doing Cyber Security policy. I would say it was probably that period of time between 1998 and 2001 was really the time when things tli things like the i love you virus was beginning to rear its head. I happen to be working at National SecurityCouncil Working in transnational threats which is where Cyber Security was happening, was being born. So programs i got to stand up and run from the white house and then ultimately bring that experience back to nsa which has a robust and probably hit one of the earliest Cyber Missions both from a security perspective but also from an exploitation perspective. The rest is history. I moved through that system working on both the exploitation tide and then ultimately really wrapping up my career on the security side, serving as the information insurance director. The one piece of advice, when people think about Cyber Security, they asking what kind of certifications do need. How do i gain those experiences. I would say in Cyber Security we need lots of technical people and folks who can think from a policy perspective. Thats message i think i would leave, who can envision what the future looks like and what we might need to do to con try butte to the development of those in sieb are space, folks who can lead organizations, lead through difficult and some times exciting and challenging times. So it would be the biggest message i would say is that cyber is really a lot of Technical Work to be done on the policy and even on the legal side. How did you get to where you are now and whats your piece of add viesz . Sure. Ill bik up sort of in the middle of where she was speaking. Mine is more timing, right place right time with a back glund matched. And that was my fathers recruit m. He said do something in computer science. I wasnt really the best programmer so i made it my mi r minor. Back then cyber then wasnt then. While i was pursuing my masters degree i approach add professor. I approached him about working part time and i got a job as an intern in their Risk Management division. I truly believe that cyber is all about Risk Management from the technical sense, from the policy sense. You have that Risk Management it will take you far. Its understanding in a very risk appropriate way. Thats a big lesson i learned along the way. I worked with a contractor and my client called me up and said would you be interested in my position . Thats why i started in government. What separated me on my path was always looking for areas where the biggest challenge was. Every box i had, whats your billest challenge a how can i help . Communication would be the biggest piece of advice that i have. Technical credentials are necessary. The policy piece of it are important. The ability to communicate in every way imaginable. Will seep rate you from those that cant. Many are one of those, practice, step out of your comfort zone, take a class, learn how to speak and learn how to communicate. You will then become that goto person. You have built your career outside the United States but you have similarly can you tells us more about that . Sure. I am so exsighed about talking ant innovation so i happened to walk along add i got out to do my you masters p Cyber Security was not hot or sexy as today. Yeah. I on National Security or interthattal one of my classm e classmates says hey, will i didnt know that what he wanted to focus on. I said i think i can do this you have to train yourself take the chang. To do something different. Im a stoerch states attorneyer. It was the first time for me . It was back in and again, i didnt know if i wanted that. It wasnt there yet. It actually helped me a lot. He put me in touch. He said hey, i know that youre interested on security maybe you want to talk to him. I had another coffee with even though i would not be anyone to get a job there i started to second send angry summaries. And that commitment helped me to recognize that okay. So she can do this. So i was not working the unite. It helped me to get a job in japan. My peets of advice piece of advice is to try to show your talents to people around you and also to be a good commute kanic. You never know who wants to help you or who needs your help. You have to be very flexible, very ambitious and try to be a great teammate for everybody around you. Soim question, how did you get to where you are . Given that, what do you think other people can learn from your experience . Thank you as well for inviting me to par tis. I will start out with my first piece of m in high school i was motivated by my coach to go into engineeri engineering. That was mid90ed. You ids was interested, to i jufred i started with work throw the career. I every through the i. T. Field. I raefl doing work securely and looking at them separately is not really the way to go particularly now as we have already heard we do security so we can enable some capabilities, some business. So finishing and similar to your story there there wasnt a cybersecurity program. I actually have an undergrad in accounting and information systems. And i got an internship in the late 90s doing Enterprise Risk Services where the industry was really just starting to look at Risk Management and how computers and systems could be manipulated to have a negative impact on a company. And thats where i got my feet wet. Because it was so new, i had so many opportunities to try different fields. There was no need to hold myself back, because there really was no expert in the field. So my advice really is to go for it, learn as you go, be a continual learner. But dont hold yourself back from something because you dont know. Guess what, theres some other ambitious person out there whos going to go for it too. So we might as well all go in andcollectively work for a cause. What i learned in my experience was a little while turned into ten years. I absolutely loved my Government Service and got so much exposure and so much opportunity because i was willing to step out there. I hit a point, i had wonderful opportunities in multiple departments. I had a wonderful opportunity to serve as part of the National Security counsel staff at the white house. After that, decided to go into private sector. I found a passion for the Energy Industry and had a wonderful opportunity to go work for exxon, one of our nations Largest Energy providers. And im really enjoying now being able to apply my technical hands on skills as well as the policy and Program Management side. Dont be surprised if she steps off the stage. She will hopefully join us later when we have a conversation. One thing i pick up as a sort of common theme is there are some great jobs out there which you have come to from different places. But by all accounts come to love. And yet if you look at the statistics for women and minorities in the sort of Cybersecurity Work Force at large and defining that is pretty difficult, i know the figures are pretty terrible, low double digits. So two questions which kind of clearly relate to each other. In terms of the people coming in, is it just those people in schools and universities are simply not getting the advice, the message, the opportunities that you guys had . Or is it that employers arent seeing the benefits from having highly qualified women coming through . And how do we go about changing that . Ill jump in. I dont think its the latter, that theyre not seeing the benefit at all. Thats never been my experience. I agree. Theres very few women and minorities. I cannot tell you how many tables ive sat around that lack diversity in any way imaginable. I dont know that theres always an awareness of it until it comes up in terms of Diversity Inclusion efforts that nearly every Government Agency and every corporation has. Thats becoming a bigger and bigger field, both in government and private sector. Now that i have a smidge of experience in private sector, im seeing it much more than in the government, which is really great to see. I do think that both government and industry can do a better job in funneling to the universities where the Technical Expertise is coming. And then can actually make a pitch to all, both genders, all diverse cultures and backgrounds, and go after them. So i think there are some Government Agencies that do this better with others, that partner especially with some of the local universities here. I know george mason has a program that gets people in government. Gw recruits quite heavily in or some of the agencies recruit through gw. Industry is starting to do this as well. But i think thats absolutely critical, especially in cyber, to build off of what samara was saying, our stories sort of generate in the 90s when this was new. Id argue that cyber is a continually new field. Whatever skills you had ten years ago, do not apply today. Those Technical Skills evolve faster than imaginable. Targeting that new talent thats coming out thats up to speed on skills is absolutely key. I think thats one of the things we can do to both encourage the university, the college pursuit and then funnel that right into the hiring process. Id say the discussion about the lack of capacity from a diversity and gender perspective in cybersecurity is not a whole lot different from the same discussions we were having years ago about women in math and about women in computer science. What makes it so much more compelling today is that we need so much more capacity in cybersecurity than we have ever needed in math or in traditional computer science. That really makes the business case. And if we simply look at demographic trends, it doesnt take a really smart person to see that there are going to be a lot more women available in the workplace and a lot more people of color available in the workplace. Its almost a nobrainer that we need to figure out how to leverage that capacity in this field where we as a nation have a significant deficit. While its true, i agree with randy, weve got to work more closely with colleges and universities to recruit, targeting recruiting at universities that have capacity in the areas of women and minorities. It has to start so much earlier than that. We have to go into the k12 arena. The kids who are in school today are better than many of us in using their devices. This is going to be very natural for them and not intimidating and exciting even. But we have to entice them and excite them and make ut suit su that its not a regulatory burdensome place to work but an exciting and challenging area of discovery and using your Technical Expertise to make the world a better place for all of us. So id say weve got to get into the schools, high schools, middle schools, Elementary Schools much much earlier. Weve got to do targeted recruiting at colleges and universities. It just follows logic that if were trying to increase diversity that we would aim our recruiting efforts at a university thats not diverse. If youre trying to get a diverse population, you make sure you also go to places where there are diverse candidates. Thank you. Well, lets face it. I still see the silver lining. For example, my Company FirstNational Cybersecurity badges for girl scouts in the United States couple months ago. I mean, we are so excited to talk to young girl scouts k12 people to raise Cybersecurity Awareness and teach them about an online safety. Because the reason why the ratio of women or minorities are so low in cybersecurity today is that lots of minorities gave up to learning about before going to colleges. You have to make sure that you have to reach out to potential Cybersecurity Work Force pipelines to encourage young girls, k12 or even before that. Okay. So this is actually cool. There are so many opportunities and learning skills. You can do anything about it. And then im sure that things will start to change, not only just women or minorities, but also we have to talk to the leadership, the management. Because mentorship is so important, because young girls and minorities need a little bit encouragement. This is a chance. You should go for it. And then were going to see more women and inclusiveness and diversity in cybersecurity. Id like to highlight a different dimension to the same question. And that is, one, theres an existing work force out there and i have repeatedly run into individuals who are maybe mid into their career who want to shift into cybersecurity and find it really challenging. I think having an open mind to not just developing the pipeline, which is very important, but also opportunities to leverage Prior Experience that may not be directly in cybersecurity but really relate. As i mentioned earlier, understanding our business is important more now than ever. There is very little of a Company Mission that is accomplished without technology or cybersecurity. So if you understand the business, you can be key in helping to better secure how that is run and managed. So i think theres opportunities for us to be innovative and leverage existing employees as well. Lateraling into cybersecurity jobs and people who are capable who sort of see those jobs but dont know how to quite get into them. Two questions. One is whats your advice to particularly those women and minorities to encourage them to come into those jobs . And secondly, what do you think can be done to your point to make that easier . Sonch to do your part to get educated in the field and understand but then demonstrate how you can apply. Book knowledge is important and good, but really understanding and being able to apply it is all the better. When you show that you understand the business and can apply security to that, that is huge. That is powerful. But to have a certification alone without the experience is challenging. And so really become able to apply so then how do you get to that. Its really connecting with people, taking the initiative, really finding someone who may be doing what youre interested in and learning from them and taking advantage from those opportunities to figure out how do i make those connections. But it is challenging. So my i guess my advice really is more for those who have the capacity and authority to hire is to take a risk, be willing to pick somebody who doesnt look like you, be willing to give someone an opportunity who has demonstrated perhaps academic accomplishment but has not had an opportunity to apply that in the workplace. Every single one of us could probably call out that somebody reached down and gave us a hand. They gave us an opportunity. Why should employers take a risk . What benefit does it bring to the organization . Go back to the beginning which was we have a significant deficit of cybersecurity capacity in the United States. You know, numbers in the billions even world wide. From a deficit perspective. And so if youre not able to retain and recruit, recruit and retain from college, because the top students are highly sought after and hard to get and hard to keep. Then why not invest in a student who has perhaps demonstrated capacity maybe even in a different career field but successfully but now is willing to make a change and has applied themselves academically to learn what they need in order to do it. Give them an opportunity. What you gain is the maturity of a person whos been through a couple of things and had some experiences. So some stability. And then the opportunity to invest. I think i have a couple of thoughts. It just kind of combines everything. What im hearing a lot from the women on stage and in my own experience as well is its a lot of who you know. Networking is key. If its a field that youre trying to break into, go find that specific network and talk to people. Its going to be somebody whos going to give you that chance. If they get to know you a little bit even outside of an office setting, thats what youre looking for, right. This world still works a lot in who you know. If you can begin to establish a relationship and some level of trust, its easier for someone to give you an opportunity. If youre in a field that seems unrelated, id challenge you to figure out where that link is and what value you can bring. If youre in a communications field, to me that ones a nobrainer. But we could pick a music field. Theres mathematics in music. Be able to demonstrate what that is and learn if youre within a company and you know the business side and now you want to break into cyber because its a pretty lucrative field, then demonstrate that business value. Because to me, from a hiring manager the business side of its invaluable. I can bring in all the technical experts i want. If they dont understand how the business works its one of my aha moments,having worked in the i. T. Side several times and then going out to visit the field, how much i didnt understand about their day to day, what their challenges were with the system. I didnt really know what they did until i went out to visit them. Having that business perspective to me is invaluable because i lived through that on the other side. Then the willingness to learn the cyber, the technical part of it, great. Im willing to have you. But make that connection for them because not everybody might have that experience. As you say, having someone you can go to and ask for advice is extremely important for anyone in the workplace, but particularly when youre feeling youre different perhaps to some of your colleagues. On the one hand, can any of you point to sort of organizations or organized networks that can be helpful . And second, have you any advice both for mentees looking for mentors or mentors who feel they have an opportunity to help and some advice on how they should go about that . Lets start with the organized groups. Are there any networks that you can encourage people to tap into . I know of one. The International Consortium of minority cybersecurity professionals. Fairly new, couple of years old, great support from the hill, really focused on providing opportunities for minorities in cybersecurity from mentoring to providing an opportunity to work on campuses to get hands on experience in touching and manipulating and doing cyber in a realtime way, to pointing folks to fellowships, providing fellowships and scholarships. So its icncp. Org and its a great organization. Thank you. Ill mention two. One is the executive womens forum. And its not just at the executive level. They work to develop women along their career and its not just women helping women. Its everyone helping women. Its a Diverse Group in itself. I actually went to one of their conferences a few years ago and was blown away by the level of the quality of the presentations and sessions both on professional development as well as technically. Another one is women in industry. I know that in energy i know thats industry individuals involved that are all along the spectrum of their career. Ampled for armed forces i working in the defense industry, you know this. Its a d. O. D. Associated nonprofit organization. It has chapters all over the world. Especially it has some chapters in the d. C. Area. It focuses upon networking and also raising awareness on tech, defense, intelligence and cybersecurity of course these days. So they have a lot of events, seminars, workshops. If you go to those events and if you do homework enough, okay, so this speaker is really interesting. His or her background looks relative to me. Then you should talk to him or her right after the event. Because its going to be a challenge to get recognized. Say you are young or you are trying to shift your career path, you have to have the combination of ambition and courage to take a one step forward to change your gear, to close the gap, because the reason why you want to get into this field is because you see the gap and you can help out to close it. So mine are the same. I participated in many events as well as the womens forum and i do speak highly of them. Ill give you a little experience from my capital one side. They have a tremendous women in Technology Program when i started there. Ive only been there about seven weeks so this transition is new to me. But one thing im fascinated with this women in i. T. Group is theres a Brother Group called the male allies and that comes to all the events with the women in i. T. And the fact that theyve actually named it is really fascinating to me. My own personal story, most of my mentors are male. And theyre the ones that have sort of guided me or given me opportunities along the way. And my guess is if we dig into your stories, theres men that took a chance, right, that knew the value in diversity and that were champions of mine to get me to that next level, wherever that was. Capital one at least has actually named it. They have people from various places within the business so theres somebody you can go to the youre interested whos willing to at least help you along the way, potentially give you an opportunity whether its a detail or voluntary assignment, whatever it may be. But thats still real while we work to solve this problem. You preempted my next question. What is your advice to men and particularly white men who want to see the benefits of bringing people into a work force that needs talent but dont necessarily have the experience mentoring particularly women and people of color. It might be that the advice is just do what you do with everyone else. But i would welcome your thoughts on this. I would say that when were talking about diversity, sometimes the discussion only progresses to hitting the number. I think its wrong, because diversity should be inclusion as well. To pay respect to different cultures, backgrounds, minorities and everything. They can bring value to your team or to yourself. So my advice to senior male leadership is, okay, so try to think about what you want to see to happen to your daughter or your wife or your sisters. Then their mindset will totally change. Okay, i dont want this happening to my daughter or my mother or my sisters. Then they can compartmentalize, okay, this is something i can offer to these women. I think id say do a gut check. Think about those that you currently mentor and maybe you dont even call it mentoring, but it probably is. Think of those that you might pull aside and give some advice to or send them an email to say, hey, i heard a job is opening up. And think about what they look like and then challenge yourself to get outside of your norm and to pick up someone who doesnt look like you, someone who doesnt think like you, someone who comes from a different background. You know, the greatest joy from a mentors perspective is that you gain so much from mentoring someone who doesnt look like you, who doesnt have your background. But its going to take a significant number of people that look like you, ian, having that courage thats already been spoken of in order to more quickly and sufficiently advance the number of women and minorities in cyber. I would just say there are many out there who are. And for those who are, i would say speak up to your peers, challenge your peers to do the same. And when you see things going on around you that maybe you wouldnt have done and you dont approve of, dont be quiet. You know, challenge the community to continue to move forward in this area. This is a constantly evolving space, and one of the things that you know better than i do is going to change cybersecurity over the next decade is Artificial Intelligence and computers doing the work that people currently do or certainly used to do in the past. That of course provides an opportunity for those people to get ahead of that game. What advice are you giving both to sort of girls with school or women and other people in the work force who about future proofing their careers and making sure theyre going to be in the best paying jobs of the next decade . I was just on the west coast last week through a cyber fellowship, actually, having this conversation about the future of cyber and Machine Learning and a. I. To demystify some of Machine Learning and a. I. , it is still math. We are still programming mathematically computers to do something better, more efficiently, optimizing something. However, even though it can learn and a machine is now so evolved with enough horse power that it can learn on its own, still nothing will replace e ingenuity and creativity. I do think that the future of jobs is changing. And after two days of talking about this, i have two daughters. Theyre 1 and 3. I had a conversation with my husband. How do we raise them to be successful in this next generation . Pause its n because its not going to look like what everyone in this room went through. I think theres a few fields. I think the medical field is completely safe for a while. I think machines will help in medicine. Computers is one of them, though. So embracing this, absolutely being able to understand the math and Science Behind what makes Machine Learning and a. I. Move. This is higher level thinking. That will be necessary to steer this in a good direction. If were cyber professionals in this room, we sort of think about the risks involved in some of this. A. I. And Machine Learning can be scary at the same time. Its going to take a generation of responsible thinking youth to move this in the right direction. That being said, stem now becomes imperative in a background and absolutely up to k12. You need that foundational understanding to be able to take these fields into wherever theyre going to go, which i dont think we can even imagine what that looks like today. I find the question interesting, because when you talk about how were advancing technology, all i see is opportunity. So i think for cybersecurity field, security is ever and increasingly more important and innovative ways to do so. The way we have done security the last 20, 30 years likely is not the way we need to do security into the future. So lets figure that out and lets be a part of that and ride along with this change. One of the things taking forward is cybersecurity as an opportunity within that context for some jobs disappear, the potential to build new careers in this space. And that one of the real opportunities that weve been exploring is the potential for careers not just in the federal government but in local and state governments who are increasingly dealing with these challenges. Every one of you has spent some time in government and in the private sector even if its just a short amount of time. When people come to you and say, where do i get my staff, government, private sector, somewhere else, what advice are you giving them, and what do you think of the pros and cons of different places to start your career . Ill start with the consultant answer. It depends. There isnt a cookie cutter approach on where to go. Its about what are you interested in, where do you shine and how do the opportunities match up with what youre looking to do now. Or it may be, how does this opportunity help you get to where you want to be in five years or in ten years. So its really weighing them. But i dont know that i would easily say, oh, you must start in government or you must start in industry. Its really about what aligns with your interests and your passion at that time. What are the pros and cons of either . Id say first of all that times have changed, that we will likely have very few like me with 31 years in government. That time is probably past. Instead well have folks, especially technical folks, moving in and out of government. I think that is a phenomenal scenario because government gets the benefits of experience one would gain on the outside and private sector gets the experience of coming back and forth. Here are the pros of government, stability and opportunity to work on some of the nations most challenging problems, and opportunity to serve the nation. And not having to worry about billable hours, you know, bottom lines. But you dont make the pay. So that really is the balance on the private sector side, you can make more money. As far as working hard, you know, i think both with challenge you significantly to work hard depending on where you might land. I still think you get an opportunity to work as hard. You might have to work harder because youre billing on the side of private industry. The opportunity to travel, i think both can provide that as determined by where you go. Its really easy to say you get paid more in private sector and less in government. Its much deeper than that. In government i had mid career folks come out of private sector into government because they were ready to have a family. They needed lots of leave. They needed the stability that that provides. Thats a very legitimate reason to come in. After youve raised your family a bit, then you can go maybe back into private sector where you have some more personal flexibility. Ill tell you a little bit about my story and some of what i appreciated about the government. I agree with everything you said. Theres no answer for this. All experiences get you to where you are and hopefully build on that where where you want to go. What i appreciated about the government is a tremendous emphasis on leadership development. Theres opportunity in training galore in this space and its not just reading a book. Its like inperson training, its fellowships to network amongst groups and peers. Ive been through several of those fellowships and i call people all the time and they pick up the phone. You just pick up right where you left off. The other thing, there was a time in my career where i actually stepped out of cyber. I had been doing compliance and i started having nightmares in red, yellow green stoplight charts. I really looked for a good leader in government and again asked him what his biggest challenge was and let me try it. It turned out to be a Law EnforcementTechnology Initiative and he needed help in communications and out reach. Sure, lets give it a go. I did that laterally. The government i think is one unique place where you can sort of change career fields and not have to start all the way back over. I didnt have to take a pay cut, i didnt have to go back to school. He was willing to leverage my competence, the skills that i had built and my project and Program Management skills to apply it in a new area. And again that intellectual curiosity of i can do this. From there i then became the chief of staff of that program and filled out my business portfolio. I learned all about acquisitions and budget and training and hr. Thats when cyber really started to take a boom and i came back in. Now i had this really nice robust portfolio of not just the technical background but all of the business elements as well. But that was a risk. It was a risk to step out. Somebody had to give me a chance. I had to prove myself. But it was knowing where i needed to fill out my portfolio to really be successful at a higher level which is where i wanted to be. The government afforded me that opportunity. Maybe the private sector would too. I simply dont know. Now in the private sector, they move way faster. Government takes a while to implement a system. Private sector, even now seven weeks ive seen one stand up in a week. Weve identified this, we have the money for this, lets do it. That would have taken at least six months to a year in the government. And i know were doing better and going faster and all this, but its still difficult in the government. Thats exciting and it really can be energizing to know that everything you learn about project management, you can do it in a week too and it still works. So i have an experience of walking in. The japanese government, japanese industry and american industry. So it depends on what kind of opportunities you see and what kind of values you want to bring in. Its all about timing too. The benefits of working in a think tank or academia, i can share a little bit about my experiences. I think the beauty to work in academia or think tank is you can hold mutual positions and you also have a greater freedom of speech. So you can publish a lot and you can also hold events like this to reach out to the Larger Population you would never think of in the government or in the industry. If you work for private sector because you will focus on the specialty of your company or the government sector. But in a think tank you can be more creative. Im not saying the government is not colliereative, but you have freedom. This is about innovation and also diversity in cybersecurity. Its easier for think tanks to do this than the government. Im going to open this up to the floor because there are a lot of people here who have some really great questions. Im going to preempt that with one final question from myself. This conversation doesnt happen enough, but when it does, sometimes it goes well and sometimes it doesnt. My final question is what really bothers you about the sort of diversity in cybersecurity conversations . What are we getting wrong and how can we address that . It bothers me that its a thing, right, just in general. And maybe its because im a woman and so i come with a different perspective that i just want the best person for the job and im going to cast a wide net to find that, whatever the job may be. And yeah, im going to be deliberate in making a Diverse Group, because in my experience Diverse Groups are more successful. Let me be clear. When i say that, when i look for diversity, im not always looking for certain jobs that need Technical Skills. Thats kind of a nobrainer. But what makes a Good Organization is the people, period. If you take care of your people, if you put together a high functioning team where you have and introvert and an extrovert that can pair up and bring the best out of each other, bring the introvert out, tamp the extrovert down. Its true, right . You need to balance a whole team. When i speak about diversity, im looking for skills both technically and those soft skills, that i want to balance out my team. So i know if we need a new perspective, im going to bring in someone who i know thinks differently than me because im missing something. Again, though, ive had a lot of leadership training to not be afraid of that. Thats sort of been my experience is that the environments ive been in that didnt work that way had some lack of leadership at the top that wasnt willing to take that chance. Its why i made it my personal mission to continue to go up that rank so i can demonstrate it to others and start breaking down some of those barriers. One of the things that we want to get to in this conversation is how do we improve the quality of the dialogue so we contribute to a better work force at the end of the day. Anyone else want to chip in before we open it up . Sure. I sometimes feel frustrated when some people try to define really narrowly about cybersecurity jobs or cybersecurity careers because some people only think, okay, so cybersecurity is just about technologies or solutions. Its technologies and solutions are important and crucial to programs but we also need strategists, policy makers, lawyers. Every single aspect of our daily lives and security touches upon i. T. And also skicybersecurity these days. You have to understand that everything around you are relevant to cybersecurity. Maybe your title currently doesnt say cybersecurity or i. T. You can take advantage of your background from the past and the current ones to ive been helping this to close the gap between this and this. So im confident that i can get into this field, to take a job on a cybersecurity analyst or strategist or policy makers. Then because it is also helpful. This is relevant to cybersecurity. I need you. So this is all about closing the gap and team building. You know youre in d. C. When the recommendations are that you need to be more supportive of think tankers and lawyers. If you have a question, please stick up your hand, tell us who you are, where youre from and your question with a question mark. Start over here. My colleague has the microphone. For the benefit of people online, please speak into the microphone. My question is one of the things i found about Palo Alto Networks, i have worked my entire career basically as a contractor to the government. Weve had some amazing interns working for us. I have nieces and nephews. I dont have children of my own. I was talking to the interns to try to figure out what they did that set them apart from others. I made my nephew come in and meet all of the interns so they could talk to him about what is it that makes you somebody that we want to be in our organizations. Im super kpieexcited about thel scouts and the work were going to be doing with them. Im a girl scout. What is it that we can do from an organizational perspective to help kids understand what it is that i need to do to set myself aside or so that im more noticeable in this community so i can get these type of internship opportunities. Most of the interns that we had, we found them. They didnt find us. How do we find these kids, how do we work with these kids and how do we grow them . What role can the private sector play to help people into the Cybersecurity Community . Well, i mean, private sector has resources, got lots and lots of dollars, right. You know, Public Schools, local schools, particularly Public Schools would welcome mentoring, sponsorship of programs. I mean, i know. Ive done it since ive been retired. They with open arms welcome you in. Look at how you might in your local community have an impact by investing in mentoring, in programs, in camps, in summer opportunities, in internship opportunities and exposure opportunities to give kids and High Schoolers and even College Students a chance. Right. I think my advice is similar. I think theres many companies. Capital one is an example, that really values involvement in the local community. So were headquarters here in mclean and we are involved a lot with the schools and not just the colleges, especially the high schools and Elementary Schools. We have big offices in richmond, same thing there. Anywhere you see capital one, theyre involved in the local community. As youre raising children, find where those local companies are that may have some programs that you can get involved in. Capital one also has an associate rotation program, i think. So its students fresh out of school that literally rotate around to try to hit that more millennial mentality of lets try a few things so you can figure out what you want as opposed to committing to something and then jumping around very quickly to try to figure it out kind of the harder way. Thats the way im watching where a company is actually adjusting to the new kind of mentality that comes out. And they do rotate through cyber and sometimes we keep them and sometimes we let them go. The girls who code those programs, thats an area to target, also for hiring, ive done some events with them as well. Theres great opportunities now at that younger level to get involved and really set yourself apart. What are the things that you, when youre looking for interns, youd say, thats an example of someone i want to bring in . If young people are thinking how they can get ahead, what sort of opportunities should they be looking for . So internships are one thing, but the challenge is young people often encounter is the lack of experience and lack of recognition. Also they sometimes dont know what kind of job will be dream for them in the future. I would advise them to try to go into cybersecurity conferences or events in your local community as much as possible and also talking to people who are sitting right next to you. Hey, i found your story really fascinating. Then you can start a conversation. And maybe he or she doesnt have advice, but they should have some contacts to share with you to help them to be a mentor in the future. Okay. I think we had another question in the middle. I should mention bringing the microphone is one of our fantastic interns. I recently graduated from American University with a masters degree focusing on cybersecurity internet policy. Im currently on the job hunt. While on my job hunt, i found a lot of jobs that are super technical for penetration testing, Information Security, et cetera. Is there really a capacity deficit on the policy side of things . And as hiring managers, what would persuade you to hire someone whos not american in this field . I believe there is a deficit on the policy side for sure too, particularly with because many of the folks who are in policy space today, you know, grew up in the government, had a career neighbor other places in transition. What policy could benefit from is fresh thinking. And that fresh thinking comes from experiences outside of government, whether its in academia or think tanks or private sector. So there absolutely, i believe, is a need for more capacity on the policy side. What would make you pick someone for such an opportunity . I think obviously wherever you came from, having demonstrated success in whatever your story, that youve had some success in it, that youve had some opportunities to learn and youre able to articulate that. I have to foot stomp randys comments about communication. Youve got to be able to communicate. Youve got to be able to represent yourself. Youve got to be able to tell your story succinctly. Always have something ready to hand, again, a couple minutes might be all you have. Take advantage of those Networks Opportunities to include big conferences like rsa. 40,000 people, its tough because theres so many people. Its overwhelming. But so many great opportunities there to meet with professionals, to make contacts, to schedule opportunities to discuss potential. I used to be a nonamerican student in washington, d. C. Between 2009 and 2011. I can totally relate. As a foreigner here, its so challenging to get into the security field. You have some differences here. I was so like working really hard to think about how could i get a job. I knew that i have to find a job when i go back to japan. So i was thinking really hard. Okay, so i need to get a job after this. And then im like, okay, so i have to be recognized. So i went to many conferences. And i was sitting in the back, of course, because i was a student i cannot be a speaker. But i did my homework. I tried to understand the agent and also about speakers. I raised my hand every single q a session and tried to come up with Smart Questions as much as possible to be try to be remembered. Because if you are just sitting in the back, you are nobody. But if you can speak up just like you did, you have a courage to do that. Im so impressed with it. And if you do that, then somebody may talk to you after and say, hey, you asked really good questions. Then you might have start a conversation with her or with him or they are colleagues or mentors. This may not be able to give you a job right now like next month, but maybe in the future you can get a better opportunity to get hired. The only additional advice i would offer is if youre interested in getting into the policy world is get out there and write and talk. One of the advantages of modern technology is there are lots of avenues to get your writing out there. Given the sort of immaturity of this space, theres plenty of white space where there are opportunities to provide your voice and quickly build yourself into the only person whos really writing in that space. Speaking for someone who recruits into a think tank, im relatively confident people can learn their subject. Learning how to write well and speak well is much more challenging. If you can prove that, youre halfway there. If you can build your personal brand and basically have name recognition even if youre relatively junior, then youre halfway to getting a job. In some ways if youre coming from a slightly different background, you have an opportunity. Some of the best sort of new cybersecurity related policy work is cybersecurity and something. Cybersecurity and states, cybersecurity and work force issues, cybersecurity and international development. And if you come in with that extra expertise, may even be geographic, you can be different from everyone else in the space. Were going to come over to this side to the front here. Were going to start grouping up some questions. Ill try and get through every one if we can. Hi. My name is megan. Im with a nonprofit here in d. C. Working for the Global Technology team. My question is really how to combat some stereotypes. Ive been in many rooms or conferences where im the only woman. In the open source developer world, sort of the imbalance is even worse. Any advice that you guys have on how to deal with that i know it becomes increasingly fraus tra frustrating when it happens so often. So any advice that you guys have. So from a women perspective, we can be our best allies. Go and recruit and go and talk to other women and get them interested and introduce them to people and pass their resumes around. As a federal hiring manager, i hired women. I was proud of that. One day at a time, right . Well change it by one hire at a time and well begin to change the shape of that room and what it looks like. Yeah, were not there yet. But there is improvement and we actually have ownership of that space. Until that happens dont be marginalized. As a woman, be an equal player, demand it, contribute and demand the same level of respect and attention and opportunity to contribute as every other person in the room. Were going to group up some questions. Stick your hand out. Well take three questions at a time and start to get into a slightly rapid fire session. One here, one on the second row and one at the back on this side. Thank you. I work on communications around cyber issues. My question is really about kind of your assessment of the current brand around cybersecurity and whether or not that is inhibiting or helping to attract students that would not otherwise go into computer science, i. T. To cybersecurity. When you think about some of the efforts underway, these are things that youre already getting kind of the current pipeline but how do you get additional students who might not otherwise think about that . In addition to that, just what role the government could play in supporting that and specifically this model of apprenticeships that have recently come out in the executive order. Is that helpful or is that something you think the industry may not immediately jump on . My question kind of builds upon from one of the questions already raised. Coming from professional academic training in International Relations and International Policy background, what would be your piece of advice to build Technical Skills as a woman whos a little too old for girl scouts, to really apply my interests to the importance of cybersecurity in the field. Im an assistant professor of media studies at the university of virginia. In media studies we have predominantly female students who understand systems really well. I teach a class called media and cybersecurity. By the time we finish, theyre like how can i work in this field of cybersecurity . I would love to be able to give them better advice on specific live how they could leverage their experience in media studies to kind of specific entry level types of positions within the government. Or barring that, different ways to kind of get technical training, not necessarily at the level of engineering but at the level that leverages their experience and understanding to be able to kind of move forward in that career field. Its like rooms full of women who were like how can i also be a technical professional. Thats encouraging to hear, but it does link to our second question. A lot of people, particularly i guess in d. C. , come out and recognize that they need to have technical smarts to get ahead. Outside of joining the girl scouts and doing a masters degree, what other changes are available . And then taking out the question about sort of bro culture and other different ways of learnin different ways of learning apprenticeships . Dig into anything. I think Cyber Security gets a bad rap and we need to change that. Cyber security people walk in the room like no, what are you going to tell me i cant do today and thats wrong. We have to change that. I think that was where the field started, right, as we were bulking it out, not baking it in, we came in and said you have to stop that sort of bad bae hiver we consider in cyber and do something different. We should be evolved enough where we enable the mission from the beginning. I think to your point earlier if we raise a more security aware and privacy aware generation, this will be demanded so we can get out of this mentality. Cyber should be a mission enabler. Absolutely. And i think if you do it that way, and then you talk about some of the protection and the defense side of it, it will be really fun and exciting and a way to sell this field where people may be interested that dont know it. Thats my opinion on that. From the technical side, theres you dont need to be an expert, right. You need to know enough of the fundamentals of the technical to know how it applies to whatever youre talking about in international or policy. Theres so much open Source Training out there right now. Certified ethical hackers, thats the fundamental of how a Computer System works, how it could be attacked and defended. I kind of start there. Im not even saying pursuing that certification, but learning how to get that certification will give you some of the technical background to give you the creds to at least speak it. From the media perspective what comes to mind for that is training. Right. Thats kind of an outreach thing. We need way more people that can go and speak about cyber and so its related to media a little bit, but the general awareness training, userbased training, how we go out and speak to people from that technical perspective, in a way that they can understand it, which media people like are kind of taught to do, to think differently about it, so thats an area that both federal and private ive seen both. I mean everybody has a fairly Robust Training Program or building it up. And that is just what comes to mind first. Probably more there. I need to think about it a little bit. Lynette, on that media side, almost every large federal organization or Public Affairs office today will have somebody that can talk cyber. Just everybody. Someone who is going to be able to speak technically. Thats one source. Then, in major pub ply kagsz, newspapers, everybody now has got a cyber or a tech lead and, you know, look for apprenticeship opportunities with the newspapers or print media as well as online media opportunities. Those are two that come to mind for me, yeah. This side of the room. Well work from the back. Right at the back, sorry right at the back of the room and then the lady in the back row and then the lady in the fifth back row. Good afternoon. Dhs. Hi, randy. Hi. The question that i have being theres so many Young Students inside the room or young people coming into the Cyber Security field, how do we teach them to be secure internally . We secure systems from a confidentiality integrity as well as an availability of information, but once they get inside the actual profession, how do we teach them to be secure and confident within it . Women, just as much as we want women to come into the field just as quick theyre leaving the field because they dont see people that look like them or actually having the actual cyber discussions the diversity in the field. What recommendations you can give to a lot of the young people in the room to teach them how to secure themselves first before coming into the field so that they can face or deal with adversity once they get into the field and be able to maintain themselves in the field . Great question. Against the back wall behind you. Shawn waterman, im a reporter with the scoop news group. Thanks very much for holding this event. I wanted to ask a question about Government Service in the current administration. I mean we have a white house where, you know, there is some senior officials who have clearly ambivalent at least about the prospect of largescale nonan angelo immigration into the United States. We have a president who has boasted about sexual assault, is that an issue for, you know, work government work force cyber recruitment right now . One more. In the seconds or third row . Yes. Hello. Im from [ inaudible ] formerly fullbright scholar but practice at pcv, preventing and countering violent extremism. Absolutely in terms of defense security, right, soft background with zero Cyber Security background which is super important for pcv. My question is actually twofolded. When you talk about policy people, how popular among your networks of policy background with zero Cyber Security background people and second is, what is the how popular is the investment into those who come with zero Cyber Security background into Cyber Security to gain certain training while doing Cyber Security . Thank you. Three questions. One about retention, one about the state of your federal Cyber Security work force and one about how to get those sort of policy smarts if youre coming from from a outside Cyber Security area . Great to see another in this room. So, i have been talking to several Young Students to meet career women who have [ inaudible ] background who do not necessarily have background of Cyber Security on their resume at this stage but they are interested in getting to Cyber Security field. So, from my own observation, i would say that the Cyber Security is getting very popular among policy people. So the next question is, how to get into this field. Because i dont have anything on Cyber Security on my resume at this stage. But good news is that because these days all of the governments or academia or nonprofit organizations do Cyber Security a little bit these days. So you can [ inaudible ] your background to Cyber Security because ive been doing this and [ inaudible ] Cyber Security. I have an amazing colleague to have International Trade background she did in the cyber she did internship trade policy in the government and she also helped trade association and she was able to take advantage to bring her knowledge on contact to our company to help us to get smart, to look at Cyber Security from International Trade and international perspective. Im sure that everybody in this policy field can bring value to the field. So, on that, i think ians advice is spot on. Publish something, demonstrate your ability to take what you are an expert in, and apply it to cyber. Right. So first, if youre sending resumes in or especially applying online there are keyword searches. Cyber has to show up somewhere. Put it in the title of an article youve done so you can at least get through the automated check. Demonstrate that you have the capacity to go learn, done research in this area, so maybe you dont have any professional accomplishments yet but that will take you a long way in establishing youre ready to enter this field. I can only speak to my government experience, move into this field where it was new and needed to be filled. Its quite possible i dont know how that looks outside of government. Shawn for your question, i believe that cyber is a nonpartisan issue. Do i think that administration is having an impact on the ability to recruit and hire, i dont know. I think the field is exciting enough and a lot of opportunity that its an area where i can say from a federal hiring perspective we did not have an shortness in applications and did not see decline in that. Not we anymore but dhs had special hiring authorities that enabled us to higher better, faster quicker and never saw a dropoff since the change in administration. That final question, i encourage people to seek out to build a network whether an official mentor or a buddy or somebody that they can just talk to about what theyre seeing and maybe find a leader to help them navigate through it. It can be frustrated, its frustrated in this field but doesnt have to be so overwhelming were losing people because of it. To name it and begin that conversation i think people will find many will see it the same way and safety in numbers that way. I was going to comment and you said almost everything i was going to say, which is great. Perfect. This notion of securing yourself if you are the one and only and feeling like a lonely one in a group in a crowd, first making sure you have a good sense of what your personal values are and stick with them no matter what. Absolutely no matter what. You surround yourself outside of that environment with people who can support you and give you critical assessments of you to develop and grow and be competent where you are. Stick with your values. Thats a great note on which to end. Other people wanted to ask questions but were fortunate our panelists have agreed to hang around for a little while. Please come and ask them questions, get some advice, get guidance. Well be hanging around a little while. I want to finish by saying, a number of things, firstly, thank you very much to our panelists who are fantastic and ike confidently predict this wont be the last time you see any of them on this stage. We will be returning to these issues and just concluded a partnership with Florida International university, who university who have very, very focused on diversity and interested in Cyber Security. Were going to be returning to these issues and for those of you not aware of it, please check out our human Cyber Security blog on medium. Com which is very much focused around providing a platform for women and minorities and others who come from diverse backgrounds in the Cyber Security community. Fantastic articles. Well worth your reading. Finally, thank you for the network who paid for our breakfast and helped bring this event. And finally, thank you very much for all of you, its important the Cyber Security community to have these conversations and better conversations if we have really great people engaged in them. Thank you very much. [ applause ] American History tv in prime time on cspan 3 continues tonight with our original series landmark cases. At 8 00 eastern miranda versus arizona the 1966 Supreme Court decision requiring police to inform criminal suspects of their rights before being questioned. Next week at 8 00 p. M. Eastern on cspan 3, a civil war special, featuring American History tv highlights. On monday were at the emerging civil war blog symposium where we look at the great defenses of the civil war including gettysburg and tee tum and the siege of vicksburg. Tuesday we focus on civil war leadership at the Longwood University civil war seminar with talks on general robert e. Lee, ulysses s. Grant and colonel john mosby. Wednesday through friday, were at the Gettysburg CollegeCivil War Institute conference. Wednesday featuring lincoln scholar harold holzer, thursday speakers include john marzlack and on friday we conclude the conference with author t. J. Stiles. Civil war special, all next week, beginning at 8 00 p. M. Eastern on cspan 3. The 1967 Supreme Court ruling in the case loving versus virginia, struck down laws prohibiting interracial marriage. At the time 16 Southern States had laws banning interracial marriage. Up next here on American History tv on cspan 3, a conversation on the case from the Virginia Historical society. Jeter was not a white woman. Richard loving all agreed was a white man. So Virginia State law not only rendered their 1958 marriage illegal but also reqd