And former Intelligence Agency officials provide recommendations to attract women, minorities and foreign students to the fiber security industry, the discussion is 90 minutes. Welcome and good morning. Thank you. We are happy to see you, i work on Workforce Development issues at new America CyberSecurity Initiative was my pleasure to thank you for hearing it this morning. We are thrilled to see this level, it speaks for itself the level of interest in this topic and i want to say to palo alto, the idea for this event and provided the breakfast that is critical to success, here is new america we spent time thinking of Workforce Development and how to increase the pipeline, workers coming into the industry. A critical part of that is expanding the number of people and types of people we think of who fit in the industry. The Cyber Security project we will find online that incorporate stories of people who work in the industry telling their stories and putting into evidence the fact there are a range of backgrounds and experiences. To that, we are thrilled to give the current panel, happy to introduce ian wallace, codirector of the Cyber Security initiative, to moderate. Thank you very much. Before i start, let me mention to you lauras work on workforce issues with elizabeth weingarten, i encourage you to go online. I hope this event will potentially make a positive take for diversity innovation. Things that are important, storytelling, making Public Policy and their experiences, also wants to point out cybersecurity, and emerging field for which many in and within, visiting stories here today, we also, a Public Policy think tank, and something to have a fantastic group of women to dig into those issues. I am going to be brief and talk more about that. Deborah deborah plunkett, in a past life was a director of information insurance at the National Security agency and Senior Advisor on some of these issues we are talking about. Randy keefer Randi Kieffer at capital one, fairly recently left the debarment of homeland security, she was Deputy Director of the communication this center. The transportation dont do acronyms. It does extend. Next to her, mihoko matsubara, chief Security Officer for japan healthy network, she has had a career, the japanese industry of defense. On the end, Critical Infrastructure protection, previous to that based on the National Security council outside security or Infrastructure Protection and a tough career at the department. Experience in the private sector and Public Sector and then a range of different things. A series of questions for the panelists so move into a discussion, up to the floor. Deborah, how do you get into Cyber Security . When you hear all of the advice, what is the one thing people should hear . Thank you again, it is my pleasure. Really the foundation of the National Security agency, in the mid1980s, working first as an intelligence analyst, no one was much talking about it including into the 90s when things like y2k hit the airwaves and raise a lot of concerns nationwide or worldwide about security and functionality. From there, we did that y2k activity at the federal level and came back and ended up going to the white house doing cybersecurity and that was probably that period of time in 1998 and in 2001, was the time the i love you virus began to rear its head. Viruses we began to worry about at the National Level and i happen to be working at the National SecurityCouncil Working on a transnational threat where it was happening. Programs, got to stand up from the white house and bring that experience back from the nsa which had a robust, one of the earliest robust cybermissions from a security perspective. Through the rest of history we moved through that working on the exploitation side and ultimately my career on the Security Side serving Information Assurance director. The one piece of advice i would think when people think of Cyber Security, lots and lots of folks, asking what certifications do i need, what technical competence do i need, how do i gain experiences and critically important but cybersecurity we need lots of technical, lots of folks who can sing from a policy perspective and we need folks who write policy and envision what the future looks like and forget about International Norms and what we may need to do to contribute to the development of those norms in cyberspace, folks who can read, people in the organization who can read difficult and exciting challenging times. That is the biggest message, i would say. Cyber has a lot of Technical Work to be done on the policy. How did you get to where you are now . I will pick up middle of where debbie was speaking. My story was one of timing. Right place right time with the background that matched. I majored in criminal justice Computer Science with a minor from Washington University and it was an it executive, something in Computer Science. I made up my minor and gave me that Technical Foundation to be able to go after a brandnew field where cyber didnt even exist. It and information security, cyber wasnt in the lexicon. I was pursuing my masters degree, i approached the professor with a masters design for the working professional on the end and approached a professor about working parttime and got a job at fannie mae. Which we will talk more about later. I truly believe cyber is all about Risk Management. The technical sense, the policy sense, every sense of it you have the underlying Risk ManagementBusiness Foundation that will take you far. Understanding how to enable a risky appropriate way without the mission of cyber so that is the lesson i learned along the way. From there i really thought areas i got in government right away working at the contractor after fannie mae and called me up and said would you be interested in my position and i encourage you to apply. What separated me on my path was always looking for the biggest challenge. Every boss i had, the biggest challenge set me apart, also communication, the biggest advice i could have, technical credentials are necessary, policy piece of it is critically important, the ability to communicate in every way imaginable, up, down, across, many people are just not comfortable with it and i encourage if you are one of those and that resonates with you, step out of your comfort zone, take a class, learn how to communicate what you are trying to say because you will become you will open up the rest of your subject you might not have known. Outside the United States, in government, how you got the way you are and what advice is happening. So excited about talking about innovation. That is why i came to walk in, cybersecurity, walked on cybersecurity in the government and defense and got out to do my masters degree in washington dc, but back in 2009, cybersecurity was not as sexy as today. The word cybersecurity, so much to care about on safety for people because the foundation was all right on National Security. One of my classmates asked me i am looking for somebody who can write about china and cybersecurity. I can do this. My piece of advice, to take the chance of doing something different. It was the first time for me to publish something in english about cybersecurity. I didnt know if i wanted to do that. It wasnt there yet. Actually afterwords, something in english, one of my classmates started a fiber Security Company in washington dc, kept being touched with east asia type of thing. He said you are interested in security, cybersecurity, maybe you want to talk to him. I had a coffee machine and on the icing chart, i was not able to get a job there but started to talk about Cyber Security and whatever. For here. That commitment tells me, okay, she can do this. I wasnt able to walk into the United States after my degree here but it helped me to get a job in japan. My piece of advice, try to show people around you, a champion towards those and also to be a good communicator because cybersecurity is about everything. It touches on every single aspect of National Security and management. You never know who wants to help you. You have to be very accessible and very ambitious and try to be a great teammate for everybody else. All right, same question. How did you get the way you are . Given what you think other people can learn. Thank you for letting me participate on this panel. I will start with my first piece of advice, that brought me along. I was motivated by my coach to go into engineering, highly interesting and that led me along the way, started out doing work in it and throughout my career and gone back and forth, the it field and the Cyber Security field, moved along in my years and realized doing work materially is the way we should be doing, not really the way to go, doing things the can enable some function for security as a means to itself. Finishing college similar to your story, there wasnt a cybersecurity, Information System and i got an internship in the late 90s where the industry was starting to look at Risk Management and how computers can be manipulated to have a negative impact and that is where i got my feet wet and because it was still new i had so many opportunities to try different fields. There was no need to hold myself back because there were no experts in the field so my advice is to go for it, learn as you go but dont hold yourself back because you dont know. We all might as well go in towards the cars. And ask me to come up with it and i will try it for a little while and what i learned, turned into ten years. I was willing to step out and hit a point, wonderful opportunities and a wonderful opportunity to serve as part of the National SecurityCouncil Staff at the white house, decided to find a passion, a wonderful opportunity to, one of the Largest Energy providers and really enjoying being able to apply my Technical Skills within it insecurity, with that. This never stops. She will join us later. One thing i picked up at the common theme, which you have come from different and yet if you look at the statistics, women and minorities, cyberSecurity Workforce, defining that, difficult, pretty terrible, double digits, two questions that relate to each other. In terms of people coming in, those people in schools and universities simply not getting the message, or employers seeing benefits from highly qualified, going about change. I dont think it is the latter, that they are not seeing the benefit at all. That has never been my experience and i agree there are few women and minorities that cannot tell you how many tables i sat around, the black diversity in any way imaginable. I dont know there was an awareness of that until it comes up. Every Government Agency and every corporation has. In government and private sector, i am seeing it much more prevalently than i do in the government, really great to see. Government and industry do a better job, can actually make a pitch to all, both genders, go after them and so there are Government Agencies that do this better that partner with the local universities here, george mason has a program for people in government, at the agencies for gw, and industry is starting to do this as well but that is absolutely critical in cyber, to build up what tomorrow is saying, our story generated in the 90s, i would argue that cyber is a continually new field and whatever skills you have ten years ago did not apply today. And intellectual curiosity and targeting the new talent coming out, up to speed on todays skills is absolutely key. That is one of the things we can do to encourage university, the college for students and funnel that into the higher process. The discussion about lack of capacity for diversity and gender perspective and Cyber Security is not a lot different from the same discussion years ago, about women and Computer Science. What makes it more compelling today is we need so much more capacity, traditional Computer Science. That makes simply look at demographic trends, doesnt take a smart person to see a lot more women available in the workplace and more people of color in a workplace, almost a nobrainer that we have to figure out how to leverage that capacity in this critical field where there is a significant deficit, we have got to work more closely with colleges and universities, and have capacity in areas of women and minorities. We have to go to that arena, kids who are in school today are better than many of us using these devices, very natural for them and not intimidating and exciting, we have to hide them and excite demand make it such that it is not a regulatory, burdensome place to work but an exciting and challenging area of discovery to make place the world a place for all of us. We got a get into high school and Elementary Schools much more. We got to be targeted with colleges and universities that have the capacity. Trying to increase diversity, the we would aim our recruiting efforts at a university that is not diverse. Doesnt mean you dont, but if you are trying to get the population you also go to places where they are at risk. Speaking first, only 11 of the workforce is human. Healthier than the minority. I still sees this sophos for example my company, First NationalCredit Advisers for girl scouts in the United States a couple months ago and we are so excited to host young girl scouts, people to raised Cybersecurity Awareness and teach about 0950 class and do you know why the ratio of women or minorities in cybersecurity is because ultimately minorities gave up learning about stem. You have to make sure the output potential cybersecurity timeline, young girls or even before that, fascinating on so many opportunities, you can do anything about it, and then, i am sure, the change not only on women or minorities but we have to the leadership, the management because young girls and minorities need a little bit of encouragement. This is a chance to go for it and then we will see more women inclusiveness and diverse city. I would like to highlight the same question, there is an existing workforce and i have repeatedly run into individuals who want to shift into cybersecurity to make it challenging so having an open mind, to not just develop the pipeline is important but also where opportunities to leverage Prior Experience that may not be in cybersecurity but related. I mentioned earlier understanding our business is important more now than ever. There is very little accomplished without technology or cybersecurity. If you understand the business, you can be key on helping to secure so there is opportunity to be innovative and find ways to leverage existing employees as well. Fantastic point. We have done some work in cybersecurity. Very capable people see those jobs but dont quite know how to get into them. What is your advice for those women and minorities, do we encourage them . Secondly, what do you think can be done . Do your part to get educated and understand, demonstrate how you can apply that. Book knowledge is important but understanding is all the better. When you show that you understand a different side, that is huge, powerful but to have a certification alone is challenging. Being able to apply, how do you get to that . It is connecting with people, signing what you are interested in learning, and take advantage of those opportunities to figure out how to make those connections to demonstrate. It is challenging. You brought up a good point. I teach in graduate school Cyber Security and many of us answer that exact point, advanced education, cybersecurity, how do i break in . How do i break in . It is a difficult challenge because at that level you really need an opportunity, to really take a risk, on a midcareer individual. The capacity to hire to take a risk, something that doesnt look like you. Give someone an opportunity, demonstrate academic accomplishment but has not had an opportunity to apply that in the workplace and give them an opportunity every single one of us call out somebody give us a hand, gave us an opportunity. What benefit to bring . Back to the beginning, we have a significant deficit of cybersecurity capacity in the United States, numbers in the billions worldwide but the deficit is expected so if you are not able to retain and recruit and retain from college, typically the top students are highly sought after and hard to get and hard to keep, why not invest in a student who has demonstrated capacity in a different career field successfully . But now is willing to make a change and applied themselves academically to learn what they need in order to do it . We gain a majority of a person who had a couple experiences and did a couple things. So some stability and the opportunity to invest. A couple of parts. What i am hearing a lot in my own experience as well is a lot of networking is key. The field youre trying to break into, find that specific network and start to people. It will always be somebody who can give you that chance and if they get to know you a little bit outside an office setting, that is what you are looking for. The world works a lot so if you can find the right person, you can begin to establish a relationship with the level of trust, easier for someone to give you an opportunity. Tunity and someone who doesnt know you at all. I Second Thought goes back to the communication but also value proposition. If you are in a field that seems unrelated, i challenge you to figure out where the link is and what value you can bring. If youre in a Communications Field thats a nobrainer. Or what about a music field that could apply to cyber. We can go on. We could play with this in any field. Usines then demonstrate that business value, because to me from a hiring manager, the business side of its invaluable. I can bring in all the technical experts i want. If they dont understand how the business works, and its one of my aha moments having worked ont the i. T. Side several times and going out to visit field, thel users of the i. T. Systems, how much i didnt understand about their daytoday, what their challenges were with the system. I didnt really know what they did until i went out to visit them. So having that business perspective, to me, is invaluable, because i lived through that on the other side. And so then the willingness to learn the cyber, the technical part of it, great. Im willing to have you. But make that connection for them, because not everybody might have that experience. The a [inaudible] because as you say, having someone you can go to and ask for advice is extremely important for anyone in the web place, but particularly when youre feeling different, perhaps, than some of your colleagues. On the one hand, can any of you point to organizations or organized networks that can be helpful . And second, have you any advice both mentees looking for mentors or for mentors who feel that they have an opportunity to help and some advice how they should go about that. Lets start with the organized groups. Are there any networks that you can encourage people to tap into . Well, i know of one. Theres probably several but one ill call out immediately is the International Consortium of minority cybersecurity professionals. Fairly new, a couple years old. E great support from the hill, really focused on providing opportunities for minorities in cybersecurity from mentoring to providing the opportunity to work in, on campuses, to get handson experience many touching and manipulating in touching and manipulating and doing cyber in a realtime way,in to pointing folks to fellowships, providing fellowships and scholarships. So its ic, this cp. Org icncp. Org, and its a great organization. I know there are many, but ill mention two. One is the womens executive e executive womens forum. They work to develop women along their career. And its not just women helping women, its everyone helping women. Its a Diverse Group in itself. I actually went to one of their conferences a few years ago and was just blown away by the level of the quality of the presentations and sessions both on professional development as well as technical, technically. Another one is women in industry. I know that in energy, i know thats industryspecific, but thats another good networking. And it really has individuals involved that are all on the spectrum of their career. I can point [inaudible] Armed Forces Communications and electronics association. So do you know it . If youre working in the defense industry, you know this. So its a dodassociated nonprofit organization, and it has chapters all over the world. Especially it has some chapters in the d. C. Area. It focuses upon networking and also raising awareness on tech, defense, intelligence and cybersecurity, of course, these days. So they have a lot of events, seminars, workshops. If you go to those events and if you did homework enough, okay, so this speaker is really interesting. Her background or his background looks so relevant to me, then you should talk to her or talk to him right after the event. Dont just go there and come back right after the event. Yeah. Then because its going to be, its a challenge to get organized. You are young or trying to shift your career path, you have to have determination and ambition to take one step forward, to change your gear, to close a gap. Because the reason why you want to get into this field is because you see the gap, and you can help out to close it. So mine are the same. Ill do, ive participated in many events with the womenss forum, and i too speak highly of them. I think ill give you a little experience from my capital one side. They have a tremendous women in Technology Program that i found right when i started. Ive only been there about seven weeks, so this transition is still new to me. In this women in i. T. Group, theres a brother group, ill call it, called the male allies. And that comes to all the events with the women in i. T. And the fact that theyve actually named it is really fascinating to me. Because if i my own personal story, most of my mentors are male. And theyre the ones that have sort of guided me or given me opportunities along the way. And my guess is if we dig into your stories, theres some, theres men that took a chance, right . Vede that knew the value in diversitr and that were champions of minee to get me to that next level, wherever that was. So capital one, at least, has actually named it. And they have people from various places within the business so that theres somebody that you can go to if youre interested whos willing to at least help you along the way, potentially give you an opportunity whether its a w detail or, you know, a voluntary assignment. Whatever it may be. But thats still real while we work to solve this problem. Preempted my next question which is thats great. And its quite a personal question. Its like what is your advice to men, and particularly white men, who want to see the benefits of bringing people into a work force that needs talent but doesnt necessarily have the experience of mentoring particularly women and people of color in this space . And it might be that you do what you do with everyone else, but i would welcome your thoughts on that. So i would say that, well, when youre talking about diversity, sometimes the discussion only focuses on hitting the number. And i think its wrong, because diversity should be inclusion as well. To pay respect to different cultures, backgrounds, minorities and everything. Something different from you. Because they can bring values to your team or to yourself. So my advice to senior male leadership is like, okay, so try to think about what you want to see happening to your daughter or your wife or your sisters. Wi then because their minds totally change. Okay, i dont want this happening to my daughter or my mother or my sisters. They can okay, this is something i can offer to these women. You know, i think id say do a gut check. Think about those that you currently mentor, and maybe you dont even call it mentoring. But it probably is, right . Think of those that you might pull aside and give some advice to or send them an email to say, hey, i heard a job is opening up and think about what they look like. And then challenge yourself to get outside of your norm and too pick up someone who doesnt look like you. Someone who doesnt think like you. Someone who comes from a different background. And, you know, my greatest joy from a mentor perspective is that you gain so much from mentoring someone who doesnt look like you, doesnt have you background. But its going to take a significant number of people that look like you, ian, taking having that courage thats already been spoken of in order to more quickly and sufficiently advance the number of women and minorities in cyber. To anyone else . Ly well, i would just say, you know, there are many out there who are, so for those that are, i would say speak up to your peers. Challenge your peers to do the same. And when you see things going on around you that maybe you wouldnt have done and you dont approve of, dont be quiet, you know . Challenge the community to continue to move forward in this area. Just picking up something randi mentioned, this is a constantly evolving space. And one of the things that you know better than i do is going to change cybersecurity over the next decade is Artificial Intelligence and computers doing the work that people currently do or certainly used to do in the past. That, of course, provides an opportunity for those people who get ahead of that game. What advice are you giving both to sort of girls at school or women and other people in the work force who, about futureproofing their careers and making sure that theyre going to be in the best paying jobs of the next decade . Jobs in randi. [laughter] so i was just on the west coast last week through a cyber fellowship, actually, having this conversation about the future of cyber and Machine Learning and a. I. So to demystify, it is still math, right . We are still programming mathematically computers to do something better, more efficiently, optimizing something. However, even though it can learn and you can a machine is now so evolved with enough horsepower that it can learn onn its own, theres still nothing will replace human ingenuity and creativity, right . We have yet to teach a computer that or mathematically code that. So i caution against that everything is going away. I do think that the future of jobs is changing, and i after two days of talking about this, i have two daughters, theyre 1 and 3, and i had a conversation with my husband. How do we raise them to be successful in this next generation. Because its not going to look like what everyone in this room went through. And so i think that theres a few fields that are, i think the medical field is completely safe from this for a while. I think machines will help in operations and medicine, but i think thats still good, right . L and theres computers is one of them, right . So embracing this. Absolutely being able to understand the math and Science Behind what makes Machine Learning and a. I. Move. This is higherlevel thinking that will be necessary to steer this in a good direction, right . If were cyber professionals in this room, we sort of think about the risks involved in some of this, and a. I. And Machine Learning can be scary at the same time. So its going to take a generation of responsible thinking youth to move this in the right direction. But that being said, s. T. E. M. Now becomes imperative in a background and absolutely at the k12, right . You need that foundational understanding to be able to take these fields into wherever theyre going to go which i dont think we can even imagine what that looks like today. Anyone else . I just, i find the question interesting, because when you talk about, you know, how were advancing technology, all i see is opportunity. So i think for a cybersecurity field, security is ever and increasingly more important in innovative ways to do so. So the way we have done security the last 20, 30 years, may not and likely is not the way we need to do it into the future. So lets figure that out and be a part of that and ride along with this change. [inaudible] a project called the feature of work the future of work. And one of the things that were taking forward is cybersecurity as an opportunity within that context for, as some jobs disappear, potential to build new careers in this space. And that, one of the real opportunities that weve been exploring is the potential for careers not just in the federal government, but in local and state governments who are increasingly dealing with these challenges. Every one of you has spent some time in government and in the private sector even if its just a short amount of time. When people come to you and say where do i get my start, government, private sector, somewhere else . What advice are you giving them . And what do you think of the pros and cons of different places to start your career . [laughter] ill start with a consultant answer, right . It depends. [laughter] so there isnt a cookie cutter approach on where to go. Its about what are you interested in, where do you shine and then how do the opportunities match up with what youre looking to do now, or it may be how does this opportunity help you get to where you want to be in five years or in ten years. So its really weighing, weighing them. W but i dont know that i would easily say, oh, you must start in government, or you must start in industry. Its really about what aligns with your interests and your passion at that time. This is for everyone, whatkn are the pros and cons of either . Deborah. You know, id say that, first of all, times have changed. We will likely have very few like me with 31 years in government. That time is probably, you know, probably passed. And instead well have folks, especially technical folks, moving in and out of government. And i think that is a phenomenal scenario, because government gets the benefit of the experience that one would gain on the outside, and private sector gets the experience and coming back and forth. So when folks come to me and ask here are the pros of government stability and opportunity to work on some of the nations challenging, most challenging programs, problems, an opportunity to serve, not to be hokey, but an opportunity to serve the nation and not having to worry about billable hour, you know, bottom line. But you dont make the pay. And so that really is the balance, is on the private sector side you can make more money. As far as working hard, you know, i think both can challenge you significantly to work hard depending on where you might land. So i think you still get an opportunity to work as hard. You might have to work harder because youre billing on the side of private industry. The opportunity to travel, i think both can provide that as determined by where you go. And so, you know, its really easy to the say you get paid more in the private sector and less in government, but that its much deeper than that. I had, in government, i had midcareer folks come out of private sector into government because they were ready to have family. They needed lots of leave. They needed the stability that that provides. Thats a very legitimate reason to come in. And then after youve raised your family a bit, hen you can go, you know, go into maybe back into private sector where you have some more personal flexibility. Y. Yeah. I, ill tell you a little bit about my story and some of what i appreciated about the government. And i agree with everything you said. There is no answer for this. All experiences get you to where you are and, hopefully, build on that from where you want to go. What i appreciated about the government is a tremendous emphasis on leadership development. Theres opportunity and and training galore in this space, and its not just reading a book. Its like are, inperson training, its fellowships to network amongst groups and peers and really these people that you evolve with in your career that may diverge. And now you have a person in another agency or in the private sector that you can still call upon because you have some experience. Ive been through several of those fellowships, and i call people all the time. And they pick up the phone, and its like you pick up right where you left off. The other thing, there was a time in my career when i actually stepped out of cyber. So i had been doing compliance,n fisma compliance, and i started having nightmares in red, yellow, green stoplight charts. [laughter] so i really looked for a good leader in government. And, again, asked him what his biggest challenge was and let me try it. And it turned out to be a Law Enforcement technology initiative. And he needed help in communications and outreach. Sure, lets give it a go. Ee and i did that laterally, right . The government, i think, is one unique place where you can sort of change career fields and not have to start all the way back over, right . I didnt have to take a pay cut, i didnt have to go back to school. He was willing to leverage my confidence, the skills i had built and my Program Management skills to apply it to a new area. And again, that intellectual a curiosity of i can do this. And if it doesnt work out, then move me. From there, i became the chief of staff of that program and filled out by business portfolio, so i learned about acquisitions and budget and training and h. R. , and thats when cyber really started to take a boom, and i came back in. And now i have this really nice, robust portfolio of not just a technical background, but now r all the business elements as well which is when i stepped in the role that created a functioning organization that included all of those pieces. But that was a risk. It was a risk to step out. Somebody had to give me a chance. I had to prove myself, but it was knowing where i needed toa fill out my portfolio to really be successful at a higher level which is where i wanted to be. B the government afforded me that opportunity. Maybe the private sector would too, i simply dont know. Now, on the private sector they move way faster, right . So government, it takes a while to implement a system. Private sector ive now, even in seven weeks there, ive seen one stand up in a week, right . We need this, weve identified the need, we have the money for it, lets do it. And they did. And so thats like, wow, right . Thats kind of energizing that that would have taken at least six months to a year in the government. And i know cloud and agile, were doing better and going faster, but its still difficult in the government. So thats exciting and really can be energizing to know that everything you learn about project management from, like, Cost Management scope, triple constraint, you can do it in a week too and it still works. So is, well, so i have an experience working in the japanese government, american think tanks, japanese industry and american industry. So it all depends on what kind of you see and what kind of values you want to bring in. And its all about timing too. And so, because the benefits of working in a think tank or academia, i can share a little bit about my experiences. So i think the beauty to working many academia, a think tank is you can hold neutral positions. You also have greater freedom of speech. Al so you can progress a lot, and you can also hold events like this to reach out to the Larger Population you would never think of in the government or in the industry. Because if you work for a private sector, you will focus on the specialty of your company or your specialty of the government sector. But if youre in a think tank, you can be more creative. Im not saying that the government or the private sector are not creative, but you have more freedom to come up projects to reach out to for instance, this is about innovation and also diversity in cybersecurityi its easier for think tanks to do this rather than theeit government. Im going to open this up to the floor, because there are a lot of people here who have, im sure, some really great questions. But im going to preempt that with one final question from myself. This conversation doesnt happen enough, but when it does, sometimes it goes well and sometimes it doesnt. So my final question is whatsn really bothers you about the sort of diversity in cybersecurity conversations . What are we getting wrong and how can we address that . It bothers me that its a thing, right . Just in general. And maybe its because im a woman, and so i come with a different perspective that i just want the best person forr the job. And im going to cast a wide net to find that, whatever the job may be. And, yeah, im going to be deliberate in making a Diverse Group. Because in my experience, Diverse Groups are more successful. Its and let me be clear when i say that. When i look for diversity, im not always looking for certain jobs that need Technical Skills, and thats kind of a nobrainer but what makes a Good Organization is the people. Period, right . If you take care of your people, if you put together a high functioning team where you have an introvert and an extrovert that can pair up and bring the best out of each other, bring the introvert out, tamp the extrovert down, you have people that can but its true, right, i mean, you need to balance a whole team. Is when i speak about diversity, im looking for skills both technically and those soft skills that i want to balance out my team so that i know if i need a new perspective, weveca tried something and its notot working, im going to bring in someone who i know thinks differently than me because im missing something. Again though, ive had a lot of leadership training to not be afraid of that. Thats sort of been my experience, is that the teams that, you know, the environments that ive been in that didnt work that way had some lack of leadership at the top that wasnt willing to take that chance. And its why i made it my personal mission to continue to go up that rank so that i can demonstrate it to others and start breaking down some of those barriers. Thats not a golden answer that youre looking for, but its my experience. [inaudible] one of the things that we want to get to in this kind of conversation is how do we improve the quality of the dialogue so that we contribute to a better work force at the end of the day. It anyone else want to chip in before we open it up . Sure. So i sometimes feel frustrated when some people try to define really narrowly about cybersecurity jobs or cybersecurity careers because some people only think, okay, cybersecuritys just about technology or solutions. Yes, technology and solutions are important and crucial to solve problems, but we also need soft skills, strategists, policymakers, lawyers and also like National Security intelligence or soft builders. So because, as i said, because every single aspect of our daily lives in National Security are touched upon, touches upon i. T. And also cybersecurity these days, you have to understand that everything around you [inaudible] to cybersecurity. And maybe your job title currently doesnt say cybersecurity or something or i. T. , you can take advantage of your background from the past and the current ones to say, okay, so ive been helping this to close a gap between this and this. So im confident that i can get into this field to take a job at a cybersecurity analyst or strategist or policymaker. Then because it is also helpful for your potential employers because then you can say, okay, i never thought about it, but actually you are right. This is relevant to cybersecurity. I need you. So this is all about closing the gap and Team Building andp winning the champions to endorse you. You know youre in deep [inaudible] when the recommendations need to be more supportive of think tankers and the like. [laughter] if you have a question, please stick up your hand, tell us who you are, where youre from anduo your question wednesday with a question question ends with a question mark. And my colleague has the microphone. So for the benefit of people in line, please speak into the microphone. Thank you. Hi, im kathy and im with [inaudible] network. My question is one of the things i have found about Palo Alto Network, i have worked basically my entire career for the government basically until ive came into Palo Alto Network, and the past two summers weve had amazing interns. I have nieces and nephews, and i was talking to the interns what it was they did that set them apart from other people that got them internships at Palo Alto Networks, and i actually made my nephew come in and meet them so they could talk about what is it that makes you somebody we want to have within our organization. So my question is what can we do to help these kids understand in im super excited about the girl scouts of the usa and the work were going to be doing with them. Im a girl scout, and my niece got her gold award. That helped her get into college. My nephews, they both have gotten, what is it, the eagle award, their eagle scout from boy scouts. That also helped them get into college. What is it we can do from an organizational perspective to help these young kids what is it that i need to do to9 set myself aside or so that im more noticeable in this community so i can get these types of internship opportunities . Most of the interns that weed had we found them we found them, they didnt find us. How do we grow them . To build on that more generally, what role can the private sector may to help people enter into the Cybersecurity Community . Well, i mean, private sector has resources. Got hot and lots of dollar, right . [laughter] you know, Public Schools, local schools particularly Public Schools would welcome mentoring, sponsorship of programs. I mean, i know, ive done it since ive been retired. And they, with open arms, welcome you in. So look at how you might in your local community have an impact by investing in mentoring, in programs, in camps, in summer opportunities, in internship opportunities, in exposure opportunities to give kids, High Schoolers and even College Students a chance. Right. I think my advice is similar. I think theres many companies, capital one is an example, that really values involvement in the local community. So were headquartered here in mcclain, and we are involved a lot with the schools. And not just the colleges, especially the high schools and the Elementary Schools. We have big offices in richmond, same thing there. Anywhere you see capital one, theyre involved in the local community. So as youre raising children, right, find where those local companies are that may have some program that you can get involved in. Capital one also has an associate rotation program, i think. So its students fresh out of school that literally rotate around to try to hit that more millennial mentality of lets try a few things so you can figure out what you want ass opposed to committing to something and then jumping around very quickly to try to figure it out kind of the harder way. So thats the way that im f watching where a company is actually adjusting to the new kind of mentality that comes out, and they are they do rotate through cyber, and sometimes we keep them, and sometimes we let them go. But the girls who code those programs, thats an area to target also for hiring. Ive done some events with them as well. I mean, theres just great opportunities now at that younger level to really get involved and really set yourself apart. Mihoko, what are the things that you when youre looking for interns to pick up kathys point you say, ah, thats an example of someone i want to bring in . If young people are thinking how can they get ahead, what sort of opportunities should they be looking for . So internships are one thing, but the challenges young people often encounter is lack of experience and lack of recognition. And also they sometimes dont know what kind of job will be doing for them in the future. So trying to go to cybersecurity conferences or events in your local community as much as possible and also talking tomm people who are sitting right next to you or people who are speaking. Hey, so i found your story really fascinating. How can i be like you or Something Like that. Then you can start a conversation, and maybe he or she doesnt have good advice, but they should have some contacts to share with you to help them to be a mentor in the future. Okay. T i think we have another question in the middle. I should mention, bringing the microphone is one of our fantastic interns. [laughter] hi. I recently graduated from American University with a masters degree focusing on cybersecurity, internet policy. Im currently on the job hunt which is, as you know, a lot of fun. So my question to you, i guess, is while on my job hunt, i found a lot of jobs that are super technical, penetration testing, information security, etc. Is there really a capacity deficit on the policy side of things . And as hiring managers and [inaudible] what would persuade you to hire someone off, you know, a student or someone whos not american in this field . I believe there is a deficit on the policy side, for sure, particularly with because most, be many of the folks who are in policy space today, you know, grew up particularly if youre talking about government, you know, grew up in the government, had a career maybean in other places and transitioneo transitioned. What policy can benefit from is fresh thinking, and that comes from experiences outside of government whether its in academia or think tanks or private sector. And so there absolutely, i believe, is a need for more capacity on the policy side. What would make you, what would make you pick someone for such an opportunity, i think having demonstrated obviously, wherever you came from having demonstrated success in it. Whatever your story, that youve had some success in it. That youved had some opportunities to learn and youre youve had some opportunities to learn and youre able to articulate that. I have to foot stomp randis comments about communication. Youve got to be able to represent yourself, tell your story succinctly, because many times youll only have a couple of minutes with someone to make an impression. Always have something ready toe hand because, again, a couple minutes might be all you have. And take advantage of those Networking Opportunities to include big conferences likene rsa, you know . 40,000 people, its toughfo because theres so many people. H its overwhelming. But so many great opportunities are there to meet with professionals, to make contacts, to schedule followone opportunities, to discussat potentials. So i dont know, so i used to be a nonamerican student in washington, d. C. Between 2009 and 2011. I can totally relate. As a foreigner here, its so challenging to get into the security field because, well, you have some deficits here. But at the same time, so i was working really hard to think about, okay, how can i get a job . I was a job risk when i was a student here. I have to find a job when i go back to japan. So i was thinking really hard like, okay, so i really need to get a job [laughter] after this. And then im like, okay, so i have to go i have to be, i have to be recognized. So i went to many conferences, and i was sitting in the back because, of course, i was a student. I cannot be a speaker. But i did my home work. Homework. I tried to understand the agenda and also about the speakers, and i raised my hand every single q and a session and tried to come up Smart Questions [laughter] as much as possible to try to be remembered. Because if youre just sitting in the back, you are nobody. But if you can speak up, just like you did, you have to have courage to do that. Im so impressed with it. And if you do that, then somebody may talk to you afterwards. Hey, so you asked a really good question. Then you might have, start a conversation with her or with him or their colleagues or mentors. And this doesnt mean, this may not be able to give you a job right now in, like, the next month, but maybe in the future you can get a better opportunity to get hired. Randi . The only additional advice i would offer is certainly be the if youre interested in getting in the policy world is get out there and write and talk. And one of the advantages of modern technology is there are lots of avenues to get your writing out there. And given the sort of immaturity of this this space, theres plenty of sort of white space where there are opportunities to provide your voice and quickly build yourself into the only person whos really writing in that space. And certainly speaking for someone who recruits into a think tank, im relatively confident that people can learn their subject. Learning how to write well ande to speak well is much more challenging. Wr if you can prove that, youre halfway will. If you can build your personal brand by sort of, basically, have name recognition even be youre relatively junior, youre halfway to getting a job. And thats, you know, some wayst if youre coming from a slightly different background, you have an opportunity. Some of the best sort of new cybersecurityrelated policy work is cyberrer security and something cybersecurity and something. Cybersecurity and states, cybersecurity and International Development is something were doing here. And if you come in with that extra expertise, may even be geographic, you can be different from everyone else in the space. More questions going up. Were going to come over to this side, to the front here. And were going to start grouping up some questions to try and get through everyone, if we can. Hi. My name is hi, my name is megan, im with a nonprofit based here in d. C. , internews, im working for the Global Technology team. So my question really is on how to combat some stereotypes. Ive similarly been in many cases or rooms where im the only woman or conferences where we break out in a security group, again, im the only woman. And in the open source developer world, the sort of imbalance is even worse. So any advice that you are guys have on how to deal with that. I know it becomes increasingly frustrating when it happens so often. So any advice you guys have. [inaudible] i mean, so we, and apologies to the men in the boom. From a whimper spective, ec from a whimper spective women perspective, we can be our best allies. Introduce women, pass their resumes around. As a federal hiring manager, i hired women. I was proud of that, right . So one day at a time, right . And well change it by one hire at a time, and you can begin to change the shape of that room and what it looks like. But, yeah, its going to be frustrating, and were not there yet. Theres a lot of room for improvement, but we absolutely have ownership of that space. And [inaudible] so that happens. Dont be marginalized. As the woman in the room. Dont allow yourself to be. Be an equal player, demand it,mt contribute and demand the same level of respect and attention and opportunity to contribute as every other person in the room. Were going to group up some questions, so stick your hand out, well take three questions at a time, and then well start to get into a slightly t rapidfire session. So one here, one on the second row and one in the back on this side, and then well come over here for the next round. Thank you. Monty with the state department. I work on communications around cyber issues. So my question is really about kind of the current, your assessment of the current brandr around cybersecurity and whether or not that is inhibiting or helping to attract students that would not otherwise go into Computer Science, i. T. To cybersecurity, right . Because, you know, when you think about some of the efforts underway with n. I. C. E. , you know, these are things that youre already getting kind of the current pipeline, but how do you get additional students who might not otherwise think about that . And mission to that and in addition to that, what role the government could play in supporting that and specifically this model of apprenticeships that has recently come out in the executive order. Is that helpful, or is that something that you think industry may not immediately kind of jump on . Ately thank you all very much. My names [inaudible] im currently at the world bank doing things for agriculture project. My question kind of builds upon from one to of questions already raised. Coming from professional and economic training, international relations, International Policy background, what kind of, like, what would be your piece of advice to build Technical Skills as a woman whos a little too old for girl scouts or a girls coding programs to, you know, really apply my policy and International Development interests to leverage cybersecurity, importance of cybersecurity in the field. [inaudible] hi. My name is anne, and im an assistant professor of media studies at the university of virginia. And i do research on u. S. china media and technology relations. But this is actually related to my students. In media studies, we have predominantly female students who understand technical systems really, really well, and i teach a class on media and cybersecurity, and by the time they finish, theyre like how can i work in this field of cybersecurity. And i would love to be able to give them better advice on specifically how they could leverage their experiences in media studies to kind of specific entrylevel types of positions within the government. Or barring that, like, different ways to kind of get Technical Training at kind of not necessarily at the level of engineering, but at the level that leverages their experience and understanding to be able to kind of move forward in that career field. Because its, like, rooms full of women who are like how can i also be a technical professional, and i feel like theres more i could be doingch there, so thank you. [inaudible] encouraging to hear. It does raise a link to our second question. A lot of people particularly, i guess, in d. C. Come out with degrees but recognize that they these to have technical smartsco to get ahead. Outside of, you know, joining the girl scouts or getting a degree, what opportunities are available . And then picking up the question about sort of culture and other different ways of learning apprenticeships. [inaudible] so i [inaudible] right . Because i think cybersecurity gets a wad rap today, and we need to change that, right . So cybersecurity people walk in the room and theyre like, no, what are you going to tell me i cant do today . [laughter] thats wrong, and we have to change that. I think that was where the field started, right . As we were bottoming it on, right . Bolting it on, we werent baking it in. We came in and said youve got to stop that bad behavior that we consider in cyber and to something different. We should be involved enough evolved enough so we enable the mission from the beginning. I think to your point earlier, if we move a more securityaware and privacyaware generation, this will be demanded so we can get out of this mentality. Cyber should be a mission enabler, absolutely. And i think if you do it that way and then you talk about some of, like, the protection and the defense side of it, it could be really fun and exciting. And its a way to sell this field where people may be interested that dont know it, thats my opinion on that. From the technical side, theres you dont need to be an expert, right . I think you need to know enough of the fundamentals of the technical to know how it applies to whatever youre talking about in international or policy. Theres so much open Source Training out there right now. Certified ethical hackers, thats the fundamental of how a Computer System works, how it could be attacked, how it could be defended. D. Id kind of start there, and im not even saying pursuing that certification, but learning how to go get that certification will give you some of that technical background that gives you some of those creds where you can at least speak it. Ca and then from the media perspective, i think thats fascinating. So what comes to mind immediately for that is training, right . So, because thats kind of an outreach thing. We need way more people that can go and speak about cyber. So its related to media a little bit. But the general awareness training, userbased training, how we go out and speak to people from that technical perspective in a way that they can understand it which media people, like, are kind of taught to do, to think differently about it. So thats an area that both federal and private, ive seen both. I mean, everybody has a fairly Robust Training Program or theyre certainly building it up. And thats just what comes to mind first. I just need to think about it a little bit. On that media side, almost every large federal organization, Public Affairs office told is going to have somebody who can talk cyber. I mean, just someone is going to be able to speak technically. Thats one source. Then in major publications, newspapers, everybody now has got a cyber or a tech lead. And, you know, look for apprenticeship opportunities with the newspapers and printti media as well as online media opportunities. A those are two that come to mind for me. Yep. Lets move across to this side of the room. Well work from the back. Right at the back, right at the back of the room, then the lady in the back room and then the lady in the second to back row, third back row. Hi. Good afternoon, im from dhs. Hi, randi. [laughter] hi. The question i have being that theres so many students inside the actual room or young people that are coming into the actual cybersecurity field, how do we teach them to be secure internally . We secure systems from a confidentiality and integrity as well as an availability ofnt information, but once they get inside the actual profession, how do we teach them to bee secure and confident within it . Because women, just as much as we want women to come into thefi field, just as quick theyre leaving the field because they dont see people that look like them. Or when theyre actually having the actual cyber discussions, the diversity in the field. What recommendations can you give to a lot of the young people in the world to teach them how to in the world to teach them how to face or deal with adversity and be able to maintain themselves in the field. Great question. N you against the back wall. Behind you. [laughter] yes. Sean [inaudible] im a reporter with the scoop news group. Thanks very much for holding this event. I wanted to ask a question about Government Service in the current administration. I mean, we have a white house where, you know, there are some senior officials who are clearly ambivalent, at least, about the prospect of large scale, nonanglo immigration into the United States. We have, we have a president who has boasted about Sexual Assault is that an issue for, you know, work government work force, cyber recruitment right now . And one more, i think in the second or third row. Yes. Hello. Im from [inaudible] formerly fulbright scholar but practice at pcv, so preventing and countering violent extremism. So absolutely in terms of defense security, right . Soft background with zero cybersecurity background which is super important for pcv. My question is actually two fold. First, when you talk about policy people, how popular among your networks are policy background with zero cybersecurity background people . And second is what is the, how popular is the investment into those who come with zeroinvest cybersecurity into cybersecurity to gain certain training while doing cybersecurity . Thank you. Three questions, one about retention, one about the state of federal private Security Work force and one about how to get those sort of policy smarts if youre coming from, sorry, from outside the cybersecurity area. So great to see another fulbrighter in this room. So, well, ive within talking to several Young Students to [inaudible] who have a policy background. And who do not necessarily have a background on cybersecurity on their resume at this stage, but theyre interested in getting into cybersecurity field. So from my own observation, i would say that the cybersecurity is getting really popular among policy people. So the next question is how to get into this field. Because i dont have anything on cybersecurity on my resume atyo this stage. But good news is these days all of the organizations or government, academia or nonprofit organizations does cybersecurity a little bit these days. So you can relate your background a little bit to cybersecurity saying, hey, so because ive been doing this, and its relevant to cybersecurity. So i have an amazing colleague who has an International Trade background. And she did International Trade policy in the government. She also helped trade associations. And she was able to take advantage to the bring her knowledge and contacts to our company to help us and to get smart about to look at cybersecurity from International Trade perspective. So im sure that everybody in this policy field can bring to this field. So on that, i think ians advice is spot on. Publish something. Demonstrate your ability to take what you are an expert in and apply it to cyber, right . So first, if youre sending resumes in or if youre especially applying online, there are some keyword search, right is . Because cyber has to show up somewhere. Put it there. Put it in the title of an article you have done so you can at least get it through an automated check. But then show the capacity youve learned in this area. A. Thatll take you a long way in establishing that youre ready to enter this field. I can only speak to my be government experience where ive seen many policy people with no technical background move into this field because it was so new and it needed to be filled. So i think its quite possible. I dont know how that looks outside of government. Sean, for your question, i believe that cyber is a nonpartisan issue. Do i think that the administration is having an impact on the ability to recruit and hire . I dont know. I think the field is exciting enough and there is a lot of opportunity that its an area where i can just say from from a federal hiring perspective we did not have a shortness in applications. So we did not see any decline in that. We do have we did, sorry. Not we anymore, but dhs had special hiring authorities that enabled us to hire better, faster, quicker. And i never saw a dropoff since the change in administration. And that final question, i encourage people to go seek out, right, to build a network either whether its an official mentor, whether its a buddy, whether its somebody that they can just talk to about what theyre seeing and then maybe find a leader that can help them navigate through it. It can be frustrating. I think its still frustrating for all of us in this field, but it doesnt have to be so overwhelming that were losing people because of it. But just to name it and actuallm begin that conversation, i think people will find that theres many that feel the same way, and theres safety in the numbers that way. [inaudible] i was just going to comment, i think youre probably said almost everything i was going to say, which is great, perfect. This notion of securing yourself if you are the one and only and feeling like a lonely one in a group, in a crowd is first making sure you have a good sense of what your personal values are are and that you stick with them no matter what. U absolutely no matter what. And then you surround yourself outside of that environment with people who can support you, who can give you criticalt assessments of you, who can help you to develop and grow and be confident in where you are but stick with your values. And i think thats a great note on which to end. To i know there are other people who wanted to ask questions, but our panelists have agreed to hang around for a little while. So please and ask someil questions, get some advice, get guidance, and well be hanging around for a little while. I just want to finish by saying a number of things. Firstly, thank you very much if to our panelists who were fantastic. And i can confidently predict this wont be the last time you see any of them on this stage. [laughter] so we, we will be returning to these issues. We have just, incident aally, concluded incident aally, concluded a partnership with Florida International university, a university who is very, very focused on diversity and increasingly interested in cybersecurity. So i think were going to be returning to these issues. And for those of you who are not aware of it, please check out our humans of cybersecurity blog on medium. Com which is very much focused around providing a platform for women and minorities and others who come from diverse backgrounds in the Cybersecurity Community. Some fantastic articles apart from everything else, but well worth reading. And finally, thank you to Palo Alto Network who paid for our breakfast and helped bring this event. And finally, thank you very much for all of you. Its important, i think, to the Cybersecurity Community to have these conversations. Theyre much better conversations if we have really great people engaged in them, so thank you very much. [applause]ions] [inaudible conversations] and a live look again in the lobby of trump tower in new york city where today President Trump is expected to sign an executive order on Infrastructure Projects while campaigning, he proposed spending money on projects to repair bridges, roads and waterways. The president today holding a meeting on the issue and then making a statement from this lobby position. You can see the podium there in trump tower. We expect that about 3 45 eastern, and well have it live for you on cspan when mr. Trump comes out. Lets watch the lobby for a couple of minutes, see who comes and goes as were doing throughout the day with the president in residence there. [inaudible conversations] [inaudible conversations] [inaudible conversations] several States Holding elections today including utah. Republican voters there are hitting the holes polls were special election to choose a seat for the house less vacant by jason jason shay this. Democrats nominated physician kathy allen at the Party Convention in june. Three republicans are running in todays primary in utah. A businessman and some of the Boston Celtics general manager. Chris harris and john curtis, the mayor of provo, utah. Every month the tv on cspan2 features an indepth conversation with a Nonfiction Author about their writing career appeared to the september 3, when our guest is eric, latest book if you can to the keep it in other book includes amazing grace. October 1, author and New York Times column this morning that dowd will discuss her book and the year of voting dangerously. November a member fish, november 5, the big short and new new thing. Join us for indepth, the first sunday of the month at noon each are noon eastern