I know for any friday morning but particularly a friday morning in the middle of the summer we are thrill today see this level of turnout. I want to say thank you to Palo Alto Networks and provided the breakfast which is critical to success which for a friday morning. We have our humans of Cyber Security project youll find online that incorporates stories from different individuals telling their stories and putting into evidence there are a range of backgrounds that we see. To that we are thrill today ged you this panel. Sheer ian. Thank you very much. First let me commend to you lauras work on diversity and general Cyber Security web force issues. The murp of this event so to potentially make a sort of positive case on Cyber Security. One of the things thats very important is making Public Policy through listening to peoples own stories. We also want to point out that particularly Cyber Security is an immerging field for which there are many parts both in and within. We also are a public and there are some policy issues behind some of these issues. Given that we have this fantastic group of women we will dig into some of those issues as well. To introduce the panel briefly and i will be brief. D deborah was district to of information insurance at the National Security agency and was Senior Adviser to director on some of the diversitytype issues well be talking about. Next to deborah is currently at capital one. She was chief Information Security officer for transportation security agency. Next to her is chief skurlt officer. She has had a career that has taken her into the Japanese Ministry of defense. On the end we have moore but served on the manational securi council and a past career at the department of energy. As you can tell we have people in the private sector and Public Sector but in a range of different security worlds. I will begin by asking a ser ri of questions to the panelists and move into a moderated discussion. Please have your questions ready. To kick us off how did you get into Cyber Security and when did all of the advice, what is the one thing you think people should hear . Thank you again for the invitation to be here. It is really my pleasure. I got into it because oaf a foundation at the National Security asi when i started my career when cyber was just a dream. No one was much talking about it. Moving into the 90s which is when things like y2k raised concerns worldwide about security and functionality of information systems. It was from there i did the representational activity at the federal level and then came back to nsa and ended up doing Cyber Security policy. I would say it was probably that period of time between 1998 and 2001 was really the time when things tli things like the i love you virus was beginning to rear its head. I happen to be working at National SecurityCouncil Working in transnational threats which is where Cyber Security was happening, was being born. So programs i got to stand up and run from the white house and then ultimately bring that experience back to nsa which has a robust and probably hit one of the earliest Cyber Missions both from a security perspective but also from an exploitation perspective. The rest is history. I moved through that system working on both the exploitation tide and then ultimately really wrapping up my career on the security side, serving as the information insurance director. The one piece of advice, when people think about Cyber Security, they asking what kind of certifications do need. How do i gain those experiences. I would say in Cyber Security we need lots of technical people and folks who can think from a policy perspective. Thats message i think i would leave, who can envision what the future looks like and what we might need to do to con try butte to the development of those in sieb are space, folks who can lead organizations, lead through difficult and some times exciting and challenging times. So it would be the biggest message i would say is that cyber is really a lot of Technical Work to be done on the policy and even on the legal side. How did you get to where you are now and whats your piece of add viesz . Sure. Ill bik up sort of in the middle of where she was speaking. Mine is more timing, right place right time with a back glund matched. And that was my fathers recruit m. He said do something in computer science. I wasnt really the best programmer so i made it my mi r minor. Back then cyber then wasnt then. While i was pursuing my masters degree i approach add professor. I approached him about working part time and i got a job as an intern in their Risk Management division. I truly believe that cyber is all about Risk Management from the technical sense, from the policy sense. You have that Risk Management it will take you far. Its understanding in a very risk appropriate way. Thats a big lesson i learned along the way. I worked with a contractor and my client called me up and said would you be interested in my position . Thats why i started in government. What separated me on my path was always looking for areas where the biggest challenge was. Every box i had, whats your billest challenge a how can i help . Communication would be the biggest piece of advice that i have. Technical credentials are necessary. The policy piece of it are important. The ability to communicate in every way imaginable. Will seep rate you from those that cant. Many are one of those, practice, step out of your comfort zone, take a class, learn how to speak and learn how to communicate. You will then become that goto person. You have built your career outside the United States but you have similarly can you tells us more about that . Sure. I am so exsighed about talking ant innovation so i happened to walk along add i got out to do my you masters p Cyber Security was not hot or sexy as today. Yeah. I on National Security or interthattal one of my classm e classmates says hey, will i didnt know that what he wanted to focus on. I said i think i can do this you have to train yourself take the chang. To do something different. Im a stoerch states attorneyer. It was the first time for me . It was back in and again, i didnt know if i wanted that. It wasnt there yet. It actually helped me a lot. He put me in touch. He said hey, i know that youre interested on security maybe you want to talk to him. I had another coffee with even though i would not be anyone to get a job there i started to second send angry summaries. And that commitment helped me to recognize that okay. So she can do this. So i was not working the unite. It helped me to get a job in japan. My peets of advice piece of advice is to try to show your talents to people around you and also to be a good commute kanic. You never know who wants to help you or who needs your help. You have to be very flexible, very ambitious and try to be a great teammate for everybody around you. Soim question, how did you get to where you are . Given that, what do you think other people can learn from your experience . Thank you as well for inviting me to par tis. I will start out with my first piece of m in high school i was motivated by my coach to go into engineeri engineering. That was mid90ed. You ids was interested, to i jufred i started with work throw the career. I every through the i. T. Field. I raefl doing work securely and looking at them separately is not really the way to go particularly now as we have already heard we do security so we can enable some capabilities, some business. So finishing and similar to your story there there wasnt a cybersecurity program. I actually have an undergrad in accounting and information systems. And i got an internship in the late 90s doing Enterprise Risk Services where the industry was really just starting to look at Risk Management and how computers and systems could be manipulated to have a negative impact on a company. And thats where i got my feet wet. Because it was so new, i had so many opportunities to try different fields. There was no need to hold myself back, because there really was no expert in the field. So my advice really is to go for it, learn as you go, be a continual learner. But dont hold yourself back from something because you dont know. Guess what, theres some other ambitious person out there whos going to go for it too. So we might as well all go in andcollectively work for a cause. What i learned in my experience was a little while turned into ten years. I absolutely loved my Government Service and got so much exposure and so much opportunity because i was willing to step out there. I hit a point, i had wonderful opportunities in multiple departments. I had a wonderful opportunity to serve as part of the National Security counsel staff at the white house. After that, decided to go into private sector. I found a passion for the Energy Industry and had a wonderful opportunity to go work for exxon, one of our nations Largest Energy providers. And im really enjoying now being able to apply my technical hands on skills as well as the policy and Program Management side. Dont be surprised if she steps off the stage. She will hopefully join us later when we have a conversation. One thing i pick up as a sort of common theme is there are some great jobs out there which you have come to from different places. But by all accounts come to love. And yet if you look at the statistics for women and minorities in the sort of Cybersecurity Work Force at large and defining that is pretty difficult, i know the figures are pretty terrible, low double digits. So two questions which kind of clearly relate to each other. In terms of the people coming in, is it just those people in schools and universities are simply not getting the advice, the message, the opportunities that you guys had . Or is it that employers arent seeing the benefits from having highly qualified women coming through . And how do we go about changing that . Ill jump in. I dont think its the latter, that theyre not seeing the benefit at all. Thats never been my experience. I agree. Theres very few women and minorities. I cannot tell you how many tables ive sat around that lack diversity in any way imaginable. I dont know that theres always an awareness of it until it comes up in terms of Diversity Inclusion efforts that nearly every Government Agency and every corporation has. Thats becoming a bigger and bigger field, both in government and private sector. Now that i have a smidge of experience in private sector, im seeing it much more than in the government, which is really great to see. I do think that both government and industry can do a better job in funneling to the universities where the Technical Expertise is coming. And then can actually make a pitch to all, both genders, all diverse cultures and backgrounds, and go after them. So i think there are some Government Agencies that do this better with others, that partner especially with some of the local universities here. I know george mason has a program that gets people in government. Gw recruits quite heavily in or some of the agencies recruit through gw. Industry is starting to do this as well. But i think thats absolutely critical, especially in cyber, to build off of what samara was saying, our stories sort of generate in the 90s when this was new. Id argue that cyber is a continually new field. Whatever skills you had ten years ago, do not apply today. Those Technical Skills evolve faster than imaginable. Targeting that new talent thats coming out thats up to speed on skills is absolutely key. I think thats one of the things we can do to both encourage the university, the college pursuit and then funnel that right into the hiring process. Id say the discussion about the lack of capacity from a diversity and gender perspective in cybersecurity is not a whole lot different from the same discussions we were having years ago about women in math and about women in computer science. What makes it so much more compelling today is that we need so much more capacity in cybersecurity than we have ever needed in math or in traditional computer science. That really makes the business case. And if we simply look at demographic trends, it doesnt take a really smart person to see that there are going to be a lot more women available in the workplace and a lot more people of color available in the workplace. Its almost a nobrainer that we need to figure out how to leverage that capacity in this field where we as a nation have a significant deficit. While its true, i agree with randy, weve got to work more closely with colleges and universities to recruit, targeting recruiting at universities that have capacity in the areas of women and minorities. It has to start so much earlier than that. We have to go into the k12 arena. The kids who are in school today are better than many of us in using their devices. This is going to be very natural for them and not intimidating and exciting even. But we have to entice them and excite them and make ut suit su that its not a regulatory burdensome place to work but an exciting and challenging area of discovery and using your Technical Expertise to make the world a better place for all of us. So id say weve got to get into the schools, high schools, middle schools, Elementary Schools much much earlier. Weve got to do targeted recruiting at colleges and universities. It just follows logic that if were trying to increase diversity that we would aim our recruiting efforts at a university thats not diverse. If youre trying to get a diverse population, you make sure you also go to places where there are diverse candidates. Thank you. Well, lets face it. I still see the silver lining. For example, my Company FirstNational Cybersecurity badges for girl scouts in the United States couple months ago. I mean, we are so excited to talk to young girl scouts k12 people to raise Cybersecurity Awareness and teach them about an online safety. Because the reason why the ratio of women or minorities are so low in cybersecurity today is that lots of minorities gave up to learning about before going to colleges. You have to make sure that you have to reach out to potential Cybersecurity Work Force pipelines to encourage young girls, k12 or even before that. Okay. So this is actually cool. There are so many opportunities and learning skills. You can do anything about it. And then im sure that things will start to change, not only just women or minorities, but also we have to talk to the leadership, the management. Because mentorship is so important, because young girls and minorities need a little bit encouragement. This is a chance. You should go for it. And then were going to see more women and inclusiveness and diversity in cybersecurity. Id like to highlight a different dimension to the same question. And that is, one, theres an existing work force out there and i have repeatedly run into individuals who are maybe mid into their career who want to shift into cybersecurity and find it really challenging. I think having an open mind to not just developing the pipeline, which is very important, but also opportunities to leverage Prior Experience that may not be directly in cybersecurity but really relate. As i mentioned earlier, understanding our business is important more now than ever. There is very little of a Company Mission that is accomplished without technology or cybersecurity. So if you understand the business, you can be key in helping to better secure how that is run and managed. So i think theres opportunities for us to be innovative and leverage existing employees as well. Lateraling into cybersecurity jobs and people who are capable who sort of see those jobs but dont know how to quite get into them. Two questions. One is whats your advice to particularly those women and minorities to encourage them to come into those jobs . And secondly, what do you think can be done to your point to make that easier . Sonch to do your part to get educated in the field and understand but then demonstrate how you can apply. Book knowledge is important and good, but really understanding and being able to apply it is all the better. When you show that you understand the business and can apply security to that, that is huge. That is powerful. But to have a certification alone without the experience is challenging. And so really become able to apply so then how do you get to that. Its really connecting with people, taking the initiative, really finding someone who may be doing what youre interested in and learning from them and taking advantage from those opportunities to figure out how do i make those connections. But it is challenging. So my i guess my advice really is more for those who have the capacity and authority to hire is to take a risk, be willing to pick somebody who doesnt look like you, be willing to give someone an opportunity who has demonstrated perhaps academic accomplishment but has not had an opportunity to apply that in the workplace. Every single one of us could probably call out that somebody reached d