And former Intelligence Agency officials provide recommendations to attract women, minorities and foreign students to the fiber security industry, the discussion is 90 minutes. Welcome and good morning. Thank you. We are happy to see you, i work on Workforce Development issues at new America CyberSecurity Initiative was my pleasure to thank you for hearing it this morning. We are thrilled to see this level, it speaks for itself the level of interest in this topic and i want to say to palo alto, the idea for this event and provided the breakfast that is critical to success, here is new america we spent time thinking of Workforce Development and how to increase the pipeline, workers coming into the industry. A critical part of that is expanding the number of people and types of people we think of who fit in the industry. The Cyber Security project we will find online that incorporate stories of people who work in the industry telling their stories and putting into evidence the fact there are a range of backgrounds and experiences. To that, we are thrilled to give the current panel, happy to introduce ian wallace, codirector of the Cyber Security initiative, to moderate. Thank you very much. Before i start, let me mention to you lauras work on workforce issues with elizabeth weingarten, i encourage you to go online. I hope this event will potentially make a positive take for diversity innovation. Things that are important, storytelling, making Public Policy and their experiences, also wants to point out cybersecurity, and emerging field for which many in and within, visiting stories here today, we also, a Public Policy think tank, and something to have a fantastic group of women to dig into those issues. I am going to be brief and talk more about that. Deborah deborah plunkett, in a past life was a director of information insurance at the National Security agency and Senior Advisor on some of these issues we are talking about. Randy keefer Randi Kieffer at capital one, fairly recently left the debarment of homeland security, she was Deputy Director of the communication this center. The transportation dont do acronyms. It does extend. Next to her, mihoko matsubara, chief Security Officer for japan healthy network, she has had a career, the japanese industry of defense. On the end, Critical Infrastructure protection, previous to that based on the National Security council outside security or Infrastructure Protection and a tough career at the department. Experience in the private sector and Public Sector and then a range of different things. A series of questions for the panelists so move into a discussion, up to the floor. Deborah, how do you get into Cyber Security . When you hear all of the advice, what is the one thing people should hear . Thank you again, it is my pleasure. Really the foundation of the National Security agency, in the mid1980s, working first as an intelligence analyst, no one was much talking about it including into the 90s when things like y2k hit the airwaves and raise a lot of concerns nationwide or worldwide about security and functionality. From there, we did that y2k activity at the federal level and came back and ended up going to the white house doing cybersecurity and that was probably that period of time in 1998 and in 2001, was the time the i love you virus began to rear its head. Viruses we began to worry about at the National Level and i happen to be working at the National SecurityCouncil Working on a transnational threat where it was happening. Programs, got to stand up from the white house and bring that experience back from the nsa which had a robust, one of the earliest robust cybermissions from a security perspective. Through the rest of history we moved through that working on the exploitation side and ultimately my career on the Security Side serving Information Assurance director. The one piece of advice i would think when people think of Cyber Security, lots and lots of folks, asking what certifications do i need, what technical competence do i need, how do i gain experiences and critically important but cybersecurity we need lots of technical, lots of folks who can sing from a policy perspective and we need folks who write policy and envision what the future looks like and forget about International Norms and what we may need to do to contribute to the development of those norms in cyberspace, folks who can read, people in the organization who can read difficult and exciting challenging times. That is the biggest message, i would say. Cyber has a lot of Technical Work to be done on the policy. How did you get to where you are now . I will pick up middle of where debbie was speaking. My story was one of timing. Right place right time with the background that matched. I majored in criminal justice Computer Science with a minor from Washington University and it was an it executive, something in Computer Science. I made up my minor and gave me that Technical Foundation to be able to go after a brandnew field where cyber didnt even exist. It and information security, cyber wasnt in the lexicon. I was pursuing my masters degree, i approached the professor with a masters design for the working professional on the end and approached a professor about working parttime and got a job at fannie mae. Which we will talk more about later. I truly believe cyber is all about Risk Management. The technical sense, the policy sense, every sense of it you have the underlying Risk ManagementBusiness Foundation that will take you far. Understanding how to enable a risky appropriate way without the mission of cyber so that is the lesson i learned along the way. From there i really thought areas i got in government right away working at the contractor after fannie mae and called me up and said would you be interested in my position and i encourage you to apply. What separated me on my path was always looking for the biggest challenge. Every boss i had, the biggest challenge set me apart, also communication, the biggest advice i could have, technical credentials are necessary, policy piece of it is critically important, the ability to communicate in every way imaginable, up, down, across, many people are just not comfortable with it and i encourage if you are one of those and that resonates with you, step out of your comfort zone, take a class, learn how to communicate what you are trying to say because you will become you will open up the rest of your subject you might not have known. Outside the United States, in government, how you got the way you are and what advice is happening. So excited about talking about innovation. That is why i came to walk in, cybersecurity, walked on cybersecurity in the government and defense and got out to do my masters degree in washington dc, but back in 2009, cybersecurity was not as sexy as today. The word cybersecurity, so much to care about on safety for people because the foundation was all right on National Security. One of my classmates asked me i am looking for somebody who can write about china and cybersecurity. I can do this. My piece of advice, to take the chance of doing something different. It was the first time for me to publish something in english about cybersecurity. I didnt know if i wanted to do that. It wasnt there yet. Actually afterwords, something in english, one of my classmates started a fiber Security Company in washington dc, kept being touched with east asia type of thing. He said you are interested in security, cybersecurity, maybe you want to talk to him. I had a coffee machine and on the icing chart, i was not able to get a job there but started to talk about Cyber Security and whatever. For here. That commitment tells me, okay, she can do this. I wasnt able to walk into the United States after my degree here but it helped me to get a job in japan. My piece of advice, try to show people around you, a champion towards those and also to be a good communicator because cybersecurity is about everything. It touches on every single aspect of National Security and management. You never know who wants to help you. You have to be very accessible and very ambitious and try to be a great teammate for everybody else. All right, same question. How did you get the way you are . Given what you think other people can learn. Thank you for letting me participate on this panel. I will start with my first piece of advice, that brought me along. I was motivated by my coach to go into engineering, highly interesting and that led me along the way, started out doing work in it and throughout my career and gone back and forth, the it field and the Cyber Security field, moved along in my years and realized doing work materially is the way we should be doing, not really the way to go, doing things the can enable some function for security as a means to itself. Finishing college similar to your story, there wasnt a cybersecurity, Information System and i got an internship in the late 90s where the industry was starting to look at Risk Management and how computers can be manipulated to have a negative impact and that is where i got my feet wet and because it was still new i had so many opportunities to try different fields. There was no need to hold myself back because there were no experts in the field so my advice is to go for it, learn as you go but dont hold yourself back because you dont know. We all might as well go in towards the cars. And ask me to come up with it and i will try it for a little while and what i learned, turned into ten years. I was willing to step out and hit a point, wonderful opportunities and a wonderful opportunity to serve as part of the National SecurityCouncil Staff at the white house, decided to find a passion, a wonderful opportunity to, one of the Largest Energy providers and really enjoying being able to apply my Technical Skills within it insecurity, with that. This never stops. She will join us later. One thing i picked up at the common theme, which you have come from different and yet if you look at the statistics, women and minorities, cyberSecurity Workforce, defining that, difficult, pretty terrible, double digits, two questions that relate to each other. In terms of people coming in, those people in schools and universities simply not getting the message, or employers seeing benefits from highly qualified, going about change. I dont think it is the latter, that they are not seeing the benefit at all. That has never been my experience and i agree there are few women and minorities that cannot tell you how many tables i sat around, the black diversity in any way imaginable. I dont know there was an awareness of that until it comes up. Every Government Agency and every corporation has. In government and private sector, i am seeing it much more prevalently than i do in the government, really great to see. Government and industry do a better job, can actually make a pitch to all, both genders, go after them and so there are Government Agencies that do this better that partner with the local universities here, george mason has a program for people in government, at the agencies for gw, and industry is starting to do this as well but that is absolutely critical in cyber, to build up what tomorrow is saying, our story generated in the 90s, i would argue that cyber is a continually new field and whatever skills you have ten years ago did not apply today. And intellectual curiosity and targeting the new talent coming out, up to speed on todays skills is absolutely key. That is one of the things we can do to encourage university, the college for students and funnel that into the higher process. The discussion about lack of capacity for diversity and gender perspective and Cyber Security is not a lot different from the same discussion years ago, about women and Computer Science. What makes it more compelling today is we need so much more capacity, traditional Computer Science. That makes simply look at demographic trends, doesnt take a smart person to see a lot more women available in the workplace and more people of color in a workplace, almost a nobrainer that we have to figure out how to leverage that capacity in this critical field where there is a significant deficit, we have got to work more closely with colleges and universities, and have capacity in areas of women and minorities. We have to go to that arena, kids who are in school today are better than many of us using these devices, very natural for them and not intimidating and exciting, we have to hide them and excite demand make it such that it is not a regulatory, burdensome place to work but an exciting and challenging area of discovery to make place the world a place for all of us. We got a get into high school and Elementary Schools much more. We got to be targeted with colleges and universities that have the capacity. Trying to increase diversity, the we would aim our recruiting efforts at a university that is not diverse. Doesnt mean you dont, but if you are trying to get the population you also go to places where they are at risk. Speaking first, only 11 of the workforce is human. Healthier than the minority. I still sees this sophos for example my company, First NationalCredit Advisers for girl scouts in the United States a couple months ago and we are so excited to host young girl scouts, people to raised Cybersecurity Awareness and teach about 0950 class and do you know why the ratio of women or minorities in cybersecurity is because ultimately minorities gave up learning about stem. You have to make sure the output potential cybersecurity timeline, young girls or even before that, fascinating on so many opportunities, you can do anything about it, and then, i am sure, the change not only on women or minorities but we have to the leadership, the management because young girls and minorities need a little bit of encouragement. This is a chance to go for it and then we will see more women inclusiveness and diverse city. I would like to highlight the same question, there is an existing workforce and i have repeatedly run into individuals who want to shift into cybersecurity to make it challenging so having an open mind, to not just develop the pipeline is important but also where opportunities to leverage Prior Experience that may not be in cybersecurity but related. I mentioned earlier understanding our business is important more now than ever. There is very little accomplished without technology or cybersecurity. If you understand the business, you can be key on helping to secure so there is opportunity to be innovative and find ways to leverage existing employees as well. Fantastic point. We have done some work in cybersecurity. Very capable people see those jobs but dont quite know how to get into them. What is your advice for those women and minorities, do we encourage them . Secondly, what do you think can be done . Do your part to get educated and understand, demonstrate how you can apply that. Book knowledge is important but understanding is all the better. When you show that you understand a different side, that is huge, powerful but to have a certification alone is challenging. Being able to apply, how do you get to that . It is connecting with people, signing what you are interested in learning, and take advantage of those opportunities to figure out how to make those connections to demonstrate. It is challenging. You brought up a good point. I teach in graduate school Cyber Security and many of us answer that exact point, advanced education, cybersecurity, how do i break in . How do i break in . It is a difficult challenge because at that level you really need an opportunity, to really take a risk, on a midcareer individual. The capacity to hire to take a risk, something that doesnt look like you. Give someone an opportunity, demonstrate academic accomplishment but has not had an opportunity to apply that in the workplace and give them an opportunity every single one of us call out somebody give us a hand, gave us an opportunity. What benefit to bring . Back to the beginning, we have a significant deficit of cybersecurity capacity in the United States, numbers in the billions worldwide but the deficit is expected so if you are not able to retain and recruit and retain from college, typically the top students are h