Women Cyber Leaders Share Business, Career Lessons at RSA

Claire Trimble is the chief marketing officer at Synack.

The RSA cybersecurity conference this week drew tens of thousands of security practitioners and business leaders to San Francisco. In the jumble of talks and vendors buzzing about AI, it was hard to pick out the other trends set to shape the cybersecurity industry for the year to come.

In all the commotion, it was refreshing to hear a panel of women cybersecurity leaders share insights pulled from decades of career experience spanning the world’s biggest technology companies and the U.S. defense community. Synack and Nasdaq co-hosted a breakfast event Tuesday morning aimed at elevating underrepresented voices in the cybersecurity field, where men still outnumber women by three to one.

Here are some top business and career takeaways from the discussion moderated by Axios cybersecurity reporter Sam Sabin:

Elevating the cybersecurity conversation

Panelist Vasu Jakkal, Corporate Vice President for Security, Compliance, Identity and Management at Microsoft, pointed out that cybersecurity has moved from a “backroom” topic to take its rightful place at in the boardroom given the urgent nature of the threat. If cybercrime were a country, it would be the third largest GDP in the world.

“We’re dealing with an unprecedented threat landscape,” she said, pointing to sophisticated attacks from nation states like Russia and China.

AI technology has proven to be a double-edged sword, unlocking greater potential for defenders while being misused by attackers.

“We are seeing this elevated conversation around cyber, around AI in the boardroom with CEOs,” Jakkal said. “Then as teams, I think we are really trying to figure out: How do we use every technology in our portfolio to address these challenges?”

Cybersecurity is “a top five enterprise risk in any industry,” said Kirsten Davies, CISO of multinational consumer goods company Unilever. “If not, they have their heads in the ground.”

For panelist Melissa Vice, director of the Vulnerability Disclosure Program at the Department of Defense’s Cyber Crime Center, the highest-stakes cybersecurity conversations have taken place with generals and members of Congress rather than CEOs. Vice’s work supporting U.S. Cyber Command includes interacting with cybersecurity researchers submitting reports of potential software vulnerabilities in DOD networks. 

“Everything that we do from a risk analysis is about: How can we protect the warfighter… How do we keep our nation safe?” she said. “The way that we have to go about that is very strategic: We certainly need to look at: What is our adversary doing with AI/ML? What do we project forward that will be coming our way, and how do we defend against that?”

Closing the cyber talent gap

For years, the cybersecurity industry has consistently experienced “negative unemployment” – more jobs available than people to fill them.

Bringing more women and individuals from diverse backgrounds into the fold has been a business imperative for many organizations hoping to keep up with fast-moving threats. I’ve written in the past about the need to secure more board seats for women, work that I’m proud Synack and Nasdaq are contributing to in conjunction with the Firstboard.io curated collective of female tech leaders.

DEI investments can’t stop at the education or recruiting stages, as Swathi Joshi, vice president of SaaS Cloud Security at Oracle, pointed out during the panel.

“Diversity and your recruiting tactics will get people into your door. Inclusion and belonging will make them stay, and that’s a much harder problem to solve,” Joshi said.

She said a combination of factors – including offering safe spaces for feedback, providing empathetic leadership and building a principled company culture – can keep diverse talent thriving in the long term.

Finding a “North Star”

Jakkal at Microsoft stressed that modeling empathetic leadership is a far cry from weakness.

“Sometimes we feel compassion and strength are at odds with each other. We say, well, if you're compassionate, then you can't make tough decisions,” she said. “Actually, they’re completely mutually inclusive. When you are compassionate, you can be really strong. How do you lead through that?”

She encouraged attendees in the audience to find their “North Star” – that feeling that you’re contributing to something meaningful or serve a higher purpose.

It’s a philosophy that led Davies at Unilever to leave one past job when she said she felt decision-making didn’t align with her own principles (or the best interests of the company).

“I take that as a compliment when I have a manager that says, ‘whoa, you’ve got a very strong North Star,’” Davies said. “Yes, you need the CISO to have that!”

She encouraged attendees to develop their own North Star over time based on what’s important to them as individuals and be willing to step away from opportunities that fall outside those guardrails.

Success in the cybersecurity arena can also mean sticking up for yourself and your own expertise, as Vice discovered when she got into a “big to-do” with a fighter pilot in her last class at Air Command and Staff College.

They were debating about which was more important: Air superiority or cyber and space superiority. After a few rounds of back-and-forth, Melissa’s professor praised her for sticking to her guns when going toe-to-toe with the pilot.

“I thought, ‘I do have a voice,’” Vice recalled. “I have a unique perspective, and everything that has happened in 77 years of the Air Force is changing, and we have to embrace cyber and we have to embrace space.

“And I just happen to have a history that will help do that,” she added.

Taking roads less traveled

Davies switched into the cybersecurity field from a career as a rock singer/songwriter. Joshi stepped into the security world from her work as a Java developer. Jakkal started her journey into cyber as an electrical engineer (and sci-fi fan), while Vice previously worked in advertising and design in New York.

The panelists each emphasized that there’s no “right” way to enter the cyber field – and the challenge is complex enough to need support from individuals with varied backgrounds and expertise.

“Basically, you can come from about anything,” said Vice. “You just have to be curious. You want to be a lifelong learner.”

Jakkal said she was the first woman in her family to have a job outside the house and feels immensely grateful to be in such a rewarding – if sometimes challenging – line of work.

“All of us have bad days,” Jakkal said. “Personally, I anchor in gratitude because I think sometimes you forget how lucky and how privileged we are to be where we are, to get to do what we do.”

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.