On December 8, CLTC and Cyversity convened a special end-of-year event at Berkeley’s David Brower Center to celebrate their partnership and shared commitment to promoting diversity in the cybersecurity field.
Cyversity has a mission “to achieve the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate, and empower.” The organization, which has chapters across the country, focuses its efforts on providing scholarship opportunities, developing a diverse workforce, connecting with communities through outreach, and providing mentoring for students and young professionals.
The event was emceed by MK Palmore, a member of the board of Cyversity and director of the Office of the CISO for Google Cloud. Invoking his past experience in the military, Palmore likened the event to “taking the pack off” during a long hike. “It’s an opportunity to relax a little bit,” Palmore said. “The real value of an opportunity like this is conversation with folks who share a passion for ensuring that we diversify not just cybersecurity, but technology more widely.”
Palmore reflected on Cyversity’s accomplishments from the past year, including convening regular events and a successful annual conference, as well as growing the Cyversity SANS Diversity Academy, which has placed dozens of diverse young people into cybersecurity careers. “That’s what we do, day in, day out,” Palmore said.
CLTC Executive Director Ann Cleaveland noted that CLTC is also working on multiple fronts to promote diversity in the field, including through the Citizen Clinic and the Consortium of Cybersecurity Clinics, and through the AI Policy Fellows program, which launched in 2022.
“CLTC is a research center very much focused on expanding who participates in cybersecurity, and acting as a translation belt between academia and practitioners who are grappling with cybersecurity problems in the field,” Cleaveland said “It’s a pleasure to be here with all of you to do that connection, and to celebrate the diverse leadership in cybersecurity that we’re trying to create.”
Kripa Krishnan, VP, Google Cloud Platform / Technical Infrastructure at Google, delivered an engaging keynote presentation on “Inclusive Leadership.” Krishnan, who has been at Google for almost 17 years and is renowned for her work on Google’s Site Reliability Engineering and Disaster Recovery, shared insights from her unique path in technology. She talked about the importance of mentorship in bringing members of underrepresented communities into the cybersecurity and technology fields.
In her talk, Krishnan explained that when she was a young child growing up in Southern India, she was “fascinated like a nerd” with technology, borrowing her dad’s engineering books to design electrical circuitry for the house and even “short-circuiting the house a few times.” She had access to an early-model computer that connected to a TV, and found ways to unlock codes needed to play video games without floppy disks. “If you’re a very motivated child, you will find ways around that system,” she said.
Despite her obvious proficiency with technology at an early age, Krishna said that becoming a computer scientist or engineer “was not even a career option for me. There was no door. I did not even know it was a thing I was good at. I did not make the connection that this could actually be a job.”
She said her interest in technology waned as she grew older for a variety of reasons, including the fact that she did not have role models. “There was not one woman I knew in engineering or tech,” she said.
She became increasingly shut out as boys in her class went down the path of computer science, often working together on assignments. “I felt myself getting farther and farther behind, and the gap became so big that I just decided tech was too hard,” she said.
Krishnan also talked about her family’s experience after moving to America, and how they were subjected to both overt and subtle racism, which further created a sense that her opportunities were limited. “If you hear day in and day out that you don’t belong, you start to believe it,” she said.
Ultimately, though, Krishnan was able to succeed thanks in large part to the support of others, including a professor who provided her with mentorship in computer science, and who even applied to Google on her behalf. She also expressed gratitude to managers in her career who have given her the flexibility to explore her own ideas. “Other people just need to do a tiny bit more to help you out when you don’t know what you’re doing,” she said. “You just need a handful of positive examples.”
“There are small things that every single person in this room can do right this moment,” she said. “To those of you who are in recruiting, I would ask that you expand your search, and go look where people are not where you usually find them. If you’re in the workforce, all you have to do is sponsor one person. They don’t even have to know you’re sponsoring them. Go teach them, mentor them, and train them.”
Following the keynote, TC Niedzialkowski, Chief Information Security Officer for Nextdoor, delivered a talk entitled “Cloud Native Zero Day Response: Lessons learned at Nextdoor responding to the Log4j vulnerability.” Niedzialkowski provided an overview of how his firm responded to the Log4j vulnerability, a serious security issue that was discovered in late 2021. (Niedzialkowski serves as a volunteer mentor for Cyversity, and participated in an online panel about Log4j that can be found here.)
“Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, said this is perhaps the most serious vulnerability she had seen in her decades-long career,” Niedzialkowski said. “There’s the scoring for vulnerabilities from one to 10. This was a 10.”
In his talk, Niedzialkowski walked through how his firm responded to the vulnerability, including how it benefited from the support of a dedicated security operations center. He also discussed how the cyber community shared information to address the challenge through tools like Twitter and Slack. “Luckily, we had the resources to patch it ourselves,” he said. “It was messy, but we did it.”
He explained that a wide range of roles were required to address the challenge, ranging from the researchers who initially found the vulnerability, to software engineers, to analysts who gather intelligence on various hacker groups, to vendors that provide support to firms. “As a mentor was Cyversity, it’s worth mentioning that if you want to get into cybersecurity, these vendors help people with their cybersecurity posture,” he said. “They have salespeople, they have support people, they have product management. So this is a pathway into information security as a career.”
To conclude the event, Sekhar Sarukkai, a technologist, entrepreneur, and investor, delivered a talk entitled “Growing a More Diverse Cybersecurity Workforce from an Entrepreneurs Perspective,” drawing on his own career, as well as examples from other organizations.
“The question to me is, what is it going to take to have more change makers to take that step forward and become successful?” Sarukkai said. “I think it requires five types of people.”
Sarukkai’s stressed that diversity depends on role models, mentors and educators, investors, and even customers, who hold power in their purchasing decisions. “You have a different voice at the table when customers make decisions about what companies to buy products from,” he said.
Ultimately, he noted, the field of cybersecurity will be stronger when members of the community come from different backgrounds. “Diversity of perspective, and differences in lived experiences, skills, and mindset are all very important,” he said. “There’s a lot of opportunity for all of us to make a difference.”