#Women in CyberSecurity

My biggest career challenge has been learning to get comfortable taking risk. I’ve always been a little shy, a little conflict averse, and really uncomfortable with any sort of public speaking. There have been so many times in my career where I kept quiet and later regretted it, or when I didn’t fully agree or even understand something and just did not speak up. That wasn’t good for me but it also did a disservice to the teams I worked with.

The good news is that I’ve had the benefit of candid feedback (and support!) from leaders I trust, who helped me identify and understand what was holding me back and who have provided coaching, mentorship, and opportunities that helped me grow. I’ve also put in a lot of hard work to get comfortable putting myself out there and that’s ongoing.

My academic and professional background is in analysis and research and I get really excited about taking interesting data and bringing it to life to solve real problems. The idea of using data and analytics to solve one of the biggest challenges of our time is what drew me to cybersecurity and to Bitsight. Bitsight’s mission and technology really center around this notion that objective, outside-in data can help businesses and governments and other organizations across the globe make meaningful progress toward understanding and managing cybersecurity risk at an unprecedented scale and with real, positive outcomes. It’s exciting to be a part of that!

There are so many reasons why diversity matters in cybersecurity and tech more broadly and we have such a long way to go. One of the things I think about a lot is the benefit of diverse perspectives. When everyone around the table has roughly the same background or roughly the same experiences, it’s likely that they’ll also have roughly the same biases built-in. With different backgrounds and perspectives and voices at the table and in an environment where their contributions are really valued, you benefit from a much more expansive conversation and one that’s much more likely to uncover the full range of possibilities and solutions. I think that encourages fresh ideas and novel approaches to innovation or problem solving that you might miss out on if you’re all looking at something from the same angle.

Just do it – we need you! The cybersecurity landscape is so dynamic and so fast-paced, which means the challenges are significant but the opportunities are endless. Now is a great time to get started in cybersecurity as we build toward a safer digital world. There are so many different disciplines within cybersecurity and they all require different skill sets. If you find one that you’re excited about, just go for it.

My greatest career challenge has been embracing failure. When you are afraid to fail, you are afraid to take risks and do hard things - and having a successful career is all about taking risks and doing hard things. As someone who leans towards being a perfectionist, I have a vision of what success looks like, and I strive to achieve success in everything that I do. However, success is not always possible, oftentimes for reasons that are out of our control. Some of the best lessons come from when things don’t work out, as it gives you the opportunity to reflect on what could have been done differently, or better. Failure forces you to build a new muscle, and reminds you to look at challenges with a beginner's mind. I’ve learned through experience that failure will happen, but it is learning from it that makes all the difference.

Cyber insurance was a new product around the year 2000, and it seemed interesting and different. At that point, no one really knew if it would be successful as an insurance product in the long term. I like to think that I was working on cyber insurance long before it was cool. As I’ve continued my career, I’ve worked to grow my knowledge about cyber risk and cybersecurity, and how it relates back to cyber insurance as a product. I still think cyber is the best insurance line out there - and it has a long way to go, especially with the benefit of Bitsight’s data and insights.

Diversity is critical to bring different perspectives and ideas together to obtain the best possible results.

There is so much opportunity in cybersecurity, and it is only going to grow exponentially, as the digital economy grows exponentially. The spectrum of jobs in cybersecurity runs the gamut from cyber insurance to data science, and from breach response to cyber risk quantification - and all of the colors in between. To find success in the cybersecurity field, decide what aspect of it most interests you, and find people doing those jobs and talk to them about what they do. Networking is a great way to learn about opportunities and leverage those relationships to build a cybersecurity career.

The greatest challenge has to be overcoming my shyness and being more assertive. I am naturally an introvert and my rooted Chinese culture taught me to be very respectful and self-censored. As I progressed through my career, I was fortunate enough to receive constructive feedback from my mentors that in order for me to get to the next level, I have to be more assertive and speak up. Being assertive at work doesn’t mean I have to be rude, nor do I have to become an extrovert. Instead, it means building up my confidence by leaning on my strengths, looking for every single opportunity to demonstrate what I can do, and standing up for my point of view while still being caring and respectful for others. What really helps me is that I always over-prepare myself, I always go to the meeting with at least one question and practice what I want to say before the meeting. The meeting is really where you get seen and evaluated so hold yourself accountable for that.

I got into the cybersecurity field accidentally by a co-op job post at school, but I stay in this field because of all the great people and mentors around me. They make me feel I belong here and motivate me to be better every day. I didn’t have any cybersecurity experience before but since I joined Bitsight, I am learning something new every day. I am surrounded by a lot of great people working on even greater initiatives, one of the teams I am working with focuses on the cyber insurance business, and we are providing the insurance carriers, brokers, and reinsurers better data for their better underwriting decisions. This makes me excited and motivated because I know what I am working on makes a real impact!

I truly believe that women can bring in a different style of leadership but still be highly effective. Being nurturing while being decisive is hard, but women leaders usually do this very well by focusing on the action, clarifying what is needed, and still being collaborative and taking other people’s view into consideration.

Be brave, confident, and resilient, your ceiling is sky-high. Take every single task as an opportunity to build your career foundation blocks and you will gain respect by delivering good work. Always be willing to take on new tasks or roles even if they are outside your comfort zone, even if it fails, see it as an opportunity to learn and be better.

I had been Assistant General Counsel for Intellectual Property and Technology at Moody’s for about 5 years when my son was diagnosed with autism. At that point it became very challenging to do what I felt was necessary for him to thrive and balance a demanding career. I stepped off the career ladder twice to do freelance work, once when he was being “mainstreamed” into elementary school, and once before his junior year in high school, in both cases to be present for him and try to achieve a better outcome. He is now an engineering major in college (with extensive tailored supports), and I really believe without my time and attention he would not be where he is today. Despite these “pauses,” I was able to achieve a high degree of success and have a fulfilling career. Even now, despite the best intentions of good employers, women are often put in difficult situations where they feel forced to choose between family and career. Sometimes you need to tilt one way or the other in achieving work life “balance,” and think hard about your future self to make sure you can live with your choices.

I could call myself an “accidental” cybersecurity lawyer. Throughout my career, I enjoyed exploring the legal issues at the cutting edge of technology. While serving as Associate General Counsel and then Managing Director in Moody’s legal department, even though I was responsible for a wide breadth of intellectual property and technology related matters, I was consistently drawn to cybersecurity as the most intellectually interesting as well as the most fun. I loved helping facilitate red team exercises, learning about new techniques to avert nation-state hacks, and assisting with elaborate tabletop exercises that informed and motivated executives. I even negotiated an agreement with Bitsight back in 2015! Part of my interest in cybersecurity definitely stemmed from working with Derek Vadala when he was CISO for Moody’s, who brought enthusiasm and strategic thinking to the role. When I left Moody’s the second time for family reasons, Derek asked me to do “a little” legal work for VisibleRisk. “A little” became more, more became a lot, and I eventually joined VisibleRisk full time as General Counsel.

Diversity matters not just because increasing representation of minorities and women in a fast growing and critical field is the right thing to do, but because a variety of viewpoints are key to solving hard problems. If everyone you work with has the same background and similar experiences, your perspective becomes one-dimensional. Effective teams need different voices and different views. I’m optimistic that as more women join cybersecurity, it will become an even more effective discipline, the same way that some research has shown that companies with women on their boards have better financial performance. In addition to race and gender, neurodiversity can make the industry stronger. Non neurotypical people who think differently can successfully navigate cybersecurity challenges from a unique and valuable perspective.

In my experience, cybersecurity is a field that values what you know more than who you know, and substance over style, which is refreshing and empowering. At Moody’s, Derek Vadala did a great job maintaining gender equity in the InfoSec department, and I got to work with some fantastic, authentic women who went on to be CISO’s and senior executives in large organizations. I would advise women in cybersecurity to build their network early, and join organizations that match up to their particular focus within the field. For me that’s been the International Association of Privacy Professionals (IAPP) which focuses on legal issues around data privacy and security, but there are lots of other options for cybersecurity professionals. Finally, as a woman in cybersecurity, just by the numbers, you will often find yourself as the only woman in the “room.” Try to see that as an invitation to find your voice and distinguish yourself. In this era, others notice the gender imbalance too, and you can use that to your advantage rather than feeling outnumbered.

Early in my career, my biggest challenge was deciding what I wanted to be when I grew up. I knew I liked working at the intersection of technology and people, and I had experience with a lot of different roles: technical writing, training, QA, support, consulting, product management, and managing teams. Ultimately I went into user experience design because I wanted to help people by making technology easier to use. A second big challenge was being laid off during the "dot bomb" of the early 2000's. That led me to go back for a master's degree in human factors, which helped me gain expertise and a great network for my chosen career!

It was the team that interviewed me for my job at Bitsight. I had resisted going into cybersecurity earlier in my career, because security requirements are often at odds with creating a simple user experience. But the folks who interviewed me were so smart, enthusiastic, and motivated to make the world a safer place that I happily said yes when I got the job offer. I was also drawn to the type of creative problem-solving that's needed when dealing with massive amounts of data.

We often say in the user experience field that if you don't get to know your users, you'll design products for yourself, resulting in a narrow concept that is more likely to fail in the market. So creating and empowering diverse teams isn't just the right thing to do; it will also lead to more successful products because you included more diverse perspectives in their design. By the way, we need to ensure that our concept of diversity also includes age and disability, if we want our products to reach the widest possible audience.

Believe in yourself. There's an expression that you should carry yourself with the confidence of a mediocre white man... I often find women candidates are very well educated, experienced, and prepared for job interviews. Most companies are looking to improve their diversity, so they will welcome you. I'm proud that our current product team at Bitsight is 50% women, including several in senior management positions. If we can do it, so can you!