Breaking Barriers: Empowering Women in Cybersecurity (part 2 of 2)

Potent Insights from Women in Cybersecurity
Over the past century, women have shattered the glass ceiling in many industries, from breaking through stereotypes in STEM to challenging the status quo by taking on leadership positions in traditionally male-dominated spaces. Now, one of the fastest-growing industries is finally catching up. Since computers came into consumer consciousness more than 50 years ago, the exponential increase of cybercrimes has necessitated the dominance of cybersecurity as an all-important, front-and-center field. The 2022-2023 projected annual growth rate for cybersecurity careers is 32%, according to the U.S. Bureau of Labor Statistics However, research by Cybersecurity Ventures shows that the percentage of women in the field has only grown 10% to 25% from 2013 to 2019.

It is no secret that increased diversity brings in different ways of thinking through cultural perspectives and worldviews. It also helps strengthen teams to form more holistic solutions. So why have women traditionally not entered the cybersecurity space, and what is the industry doing to help? One of the main reasons women do not commonly consider cybersecurity as a career choice is due to perpetuating misconceptions of the field and a lack of awareness of the opportunities within it. To overcome these challenges, organizations such as Women in Cybersecurity (WiCyS) provide networking events and educational resources.

One of the most cited ways to correct misconceptions is to hear from people already in the domain. Unfortunately, many women may not get the opportunity to grab coffee with industry heroes and hear about their experiences.

So, we are cutting the barrier tape and granting access to the minds of four successful women from AT&T Cybersecurity, one of the largest managed security service providers in the world. Each of these women who have developed careers in cybersecurity share their diverse path to director and C-suite positions at AT&T.

Now we present the second part of two exclusive interview series. During this series you will hear from two extraordinary women, Allison Clelan, the Assistant Vice President at AT&T Cybersecurity and Bindu Sundaresan, the Director at AT&T Cybersecurity.

Allison Clelan oversees the global security operations Centers for AT&T Cybersecurity, providing support for various products, including Managed Threat Detection and Response, DDoS, IDS/IPS, and FirstNet. Her extensive background includes more than 15 years of service at the National Security Agency (NSA), where she held diverse cybersecurity roles such as Operations Manager for Cybersecurity Operations, Director of Information Assurance Operations, Quality Assurance Engineer, and Technical Leader. She holds a Bachelor of Science degree in industrial engineering from Pennsylvania State University and an MBA from the University of South Carolina.

How did you get into Cybersecurity and end up where you are today?
My career started with a degree in industrial engineering, leading me to my first job at the National Security Agency (NSA) in nuclear engineering. After a few years, I found myself transitioning into information assurance and network operations. It was a time when the merging of offensive and defensive missions for networks was just beginning. Essentially, we leveraged intelligence to proactively defend our networks against potential attacks. The field’s pace and unpredictability drew me in; every day brought something new, and previously unthinkable attack vectors emerged regularly. Little did I know that we were laying the groundwork for what we now call cybersecurity.

Following 15 years of various cybersecurity roles in government, I made the leap to AT&T, shifting my focus toward the customer-facing side of cybersecurity. One striking difference I noticed was that while the NSA prioritized the bigger picture of cybersecurity, commercial business owners were primarily concerned with their security’s bottom line. In government cybersecurity, our teams aimed to uncover ‘who did it’ and gather intelligence on adversaries while defending our networks. On the commercial side, our business clients were predominantly focused on the business impact of cyber-attacks. However, a consistent factor that remained unchanged in both realms was what initially captivated me: the ever-evolving nature of the cybersecurity industry, continually presenting us with fresh challenges to tackle.

What is your top tip for career success?
Your unique talents are your greatest assets. Regardless of your background, if you’re considering a shift into cybersecurity, or any new field for that matter, focus on tapping into your existing skills and expertise.

In my early days at the NSA, as I ventured into cybersecurity, I harnessed the analytical and problem-solving abilities I had honed during my engineering undergraduate studies. Later, at AT&T, when I found myself in meetings where presenting bottom-line solutions to leadership was crucial, I drew upon a method of writing briefs that I had mastered during my time at the NSA. Over the course of my career, I’ve refined the art of bridging the gap between technical experts and leaders at various levels, deciphering what matters to each group.

Whether you come from a project management, creative writing, or engineering background, there are numerous transferable skills like these that you can bring into the industry. The specific skills you leverage will depend on which facet of the business you aspire to work in.

What is one potential trapping to avoid?
Being a minority in the cybersecurity field can often trigger imposter syndrome. To combat this, I’ve learned that the most effective approach is to establish credibility through your actions, not just your words.

In moments of self-doubt, some individuals tend to swing to the opposite extreme by overly emphasizing their qualifications. However, this strategy can backfire, coming across as arrogance. After all, anyone who claims to know everything about cybersecurity is likely only fooling themselves.

Cybersecurity is an ever-evolving and humbling domain. New threats constantly emerge, along with evolving technologies to combat cybercrime. Rather than trying to convince others of your competence, use your actions to showcase your capabilities and strengths.

My advice is not merely to “be more assertive” for the sake of it. Instead, embrace humility about what you don’t know, maintain confidence in your capacity to dive into challenges, and put in the effort and let your results speak for themselves.

Why are there fewer women in cybersecurity and how can we encourage women to join the field?
Four years ago, as we embarked on the journey to assemble our first team of cybersecurity analysts, we faced the task of filling six critical positions. Our goal was clear: we needed independent thinkers and top-notch talent to lay a robust foundation for our team. However, we encountered a significant challenge—our pool of qualified applicants was overwhelmingly male.

I distinctly remember our dilemma: if we didn’t begin with women in our initial team of analysts, diversifying later would be an uphill battle. The pivotal moment came when we made our fifth or sixth hire, a woman with no prior cybersecurity experience. It was a risk, but we selected her for her mindset and attitude. She didn’t pretend to possess more knowledge than she did, and her character shone through. Remarkably, she turned out to be an exceptional addition and has since grown into a pivotal role on our team.

Over time, as our team expanded, so did the representation of women. Two years ago, I recalled Mother’s Day passing by without anyone on our team to celebrate. However, this past year, I was thrilled to distribute cards to the mothers among us.

Ultimately, for entry-level hires, attitude and character hold more weight than initial certifications. To foster diversity in the field, companies should actively recruit a diverse array of individuals for entry-level positions and invest in training them. This approach has proven successful in our experience, and we’re witnessing an increasing number of qualified women entering the field. I eagerly anticipate further growth in this direction in the coming year.

As we look into a rapidly changing environment where cybersecurity is more critical than it ever has been, what should your customers be thinking about?
The cybersecurity world is abuzz with talk of game-changing technologies like Artificial Intelligence (AI). These innovations certainly alter the playing field for both defenders and attackers. However, amidst the excitement, it’s imperative to remember one essential truth—fundamental cybersecurity principles remain constant.

As long as human beings are at the helm of networks, vulnerabilities will persist. Take, for instance, spearfishing attacks, the timeless tactic of coaxing individuals into divulging sensitive information. It’s among the oldest tricks in the book, and remarkably, it’s still one of the most common pathways for breaches. The fact remains that people often constitute the weakest links in the security chain, and classic attack methods are still effective.

Amid the ever-evolving tech landscape, a key tenet of cybersecurity remains crystal clear—be brilliant in the basics.

The following is an exclusive interview with Bindu Sundaresan, the Director at AT&T Cybersecurity. During this interview, she offers valuable career advice to women as well as insights into how she started her cybersecurity career.

Bindu Sundaresan is the director AT&T’s Cybersecurity Consulting business, and she is responsible for growing the security consulting competencies and integration with AT&T services and product offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.

How did you get into Cybersecurity and end up where you are today?
My affinity for problem-solving and STEM drew me toward a career in engineering. Following my undergraduate studies, I aspired to delve deeper into networking and operations. Unfortunately, opportunities in these fields were limited in India at that time. To pursue my goals, I opted for a Fulbright scholarship, enabling me to earn a master’s in information networking from SUNY in the United States. In an era where female representation in these technical domains was scant, I encountered skepticism along the lines of, “Is this a suitable path for women?”

After finishing my studies, I began my career at KPMG and found my way into cybersecurity through a project related to Criminal Justice Information Sharing. I realized that connectivity was crucial for businesses, and cybersecurity was about managing risks and protecting businesses. My educational background in engineering and information networking equipped me with technical skills, but what truly got me into the field was the ability to explain cybersecurity in terms of safety.

Think about it like airline safety instructions – we don’t question putting on seatbelts when we’re on a plane. Similarly, in our digital age, cybersecurity is about ensuring our safety as we rely more on technology. Many people might think cybersecurity is too technical or hard to break into, but it’s more than that. It’s a societal issue, and we need a diverse workforce to tackle these challenges.

What is your top tip for career success?
Seventeen years ago, I held a consulting position that demanded extensive travel. However, when I welcomed my first child into the world that same year, I found myself facing a conundrum. Traveling was going to be challenging, and cultural expectations around motherhood added to the dilemma. Filled with self-doubt, I believed I had no choice but to give up my career, even though it was at its peak. It was at this critical juncture that I approached my boss with my resignation.

To my surprise, my boss offered an alternative solution. He proposed a temporary role that wouldn’t require frequent travel. It was a customer-facing position that pushed me out of my comfort zone. My boss provided unwavering support throughout this transition, offering the tools and resources I needed to succeed in this new role.

Throughout my career, I’ve encountered individuals who emphasize the difficulty of a task or tell you what you can’t achieve. But I’ve also been fortunate to have leaders who not only encouraged me to embrace challenges but also provided the necessary resources and support to ensure my success. Today, as a woman in a leadership position, I’m dedicated to helping others realize their full potential.

What is one potential trapping to avoid?
In the cybersecurity arena today, just 24% of professionals are women, indicating a significant gender gap. This underrepresentation highlights a missed opportunity for the industry to benefit from the unique perspectives and skills that women can bring to the table.

One striking statistic reveals that women are often hesitant to apply for roles when they don’t meet every single requirement listed in job postings. However, it’s important to recognize that job descriptions are more akin to wish lists than rigid prerequisites. In life, we rarely achieve everything we wish for, and the same holds true for qualifications aligning perfectly with a job posting.

My message to women contemplating a cybersecurity career is straightforward: Don’t be the one to count yourself out. Instead of fixating on what you may lack, view skill requirements as opportunities for growth and development. If there are areas where you lack experience, embrace them as chances to learn and expand your expertise. Simultaneously, leverage the unique skills and strengths you already possess to bridge any gaps.

Remember, in the realm of opportunities, if you don’t ask, the answer is always ‘no’; Embrace challenges, seize opportunities, and don't let a checklist deter you from pursuing a fulfilling career in cybersecurity.

Why are there fewer women in cybersecurity and how can we encourage women to join the field?
From an outsider’s perspective, cybersecurity can often be a misunderstood field. There’s a prevalent belief that it exclusively caters to individuals with exceptional technical acumen, creating an image of a non-glamorous, ‘geeky’; profession. Additionally, there’s a longstanding stereotype that women are inherently more creative and less inclined toward traditional STEM subjects. While this stereotype is gradually evolving, it still casts a shadow, particularly in the realm of cybersecurity.

In reality, cybersecurity is a remarkably diverse field that transcends technical expertise. Beyond the need for technical professionals who understand our products, we highly value individuals who can creatively communicate our solutions to the public, regardless of gender. Soft skills, such as effective teamwork, problem-solving, adaptability, and openness to change, are equally indispensable in our industry. For those entering at an entry-level, while certifications hold significance, what truly distinguishes candidates are these essential attributes. We actively seek individuals who embody the spirit of continuous learning as a fundamental trait.

As we look into a rapidly changing environment where cybersecurity is more critical than it ever has been, what should your customers be thinking about?
Cybersecurity has evolved beyond a mere compliance checkbox. With cybersecurity attacks projected to surge by 15% over the next three years, business owners must acknowledge that cyberattacks have become an inevitable part of the landscape. In response to this persistent threat, they can fortify their resilience by implementing robust protection and response plans. In 2023, it’s imperative to recognize that cybersecurity should be perceived as an investment in the business, rather than an expense. A robust cybersecurity posture can distinguish businesses by the way they safeguard customer information, ultimately becoming a competitive advantage.

The first part of this exclusive series can be found by clicking HERE.