EWF USA 2014: DHS looks to Women and a New Cyber-Talent Workforce

“Best and brightest.” “Dream team.” These are the guiding principles behind crafting a twenty-first century cyber-workforce within government—and a big part of that involves the recruitment of women.

Speaking at the Executive Women’s Forum (EWF), Dr. Phyllis A Schneck, deputy under-secretary for cybersecurity and communications for the National Protection and Programs Directorate (NPPD) and the chief cybersecurity official for the Department of Homeland Security (DHS), laid out her mission to support more career choices for women and young talent in cybersecurity.

Referring to her niece, she said:“She wanted to be a fireman, a police officer and then a doctor. Now it’s a spy. She told grandma, I don’t want a desk job.”

Joking aside, Schneck, who has been in her role a year, said that she has taken the lessons from her parents—who created a gender-blind set of expectations for her—and applied them to building up a fresh talent pool for government security that can best meet the next generation of threats. In this, she feels that her path has been “transformational.”

“One of the biggest things that I have learned, when I talk about why we’re doing this, is that it’s not about [convincing people to work] in government,” she explained during the keynote. “It’s not just about a career [with us] vs. at companies that can offer five times the salary that the government can. It’s also about looking at career choices, and thinking about where one can best apply their knowledge and use it.”

She added, “It’s about building a new organization, and my goal is to build a dream team that brings all of the intelligence [and talent] together.”

To that end, she added that, contrary to what’s often highlighted, having a core area outside of cybersecurity itself can be invaluable—such as a background in engineering or even politics. In the realm of information-sharing for instance, it takes talent to coordinate private enterprises, state and local organizations, different agencies, and different stakeholders—let alone actually analyze all of the Big Data sources for trends and appropriate alarms, in real time, about what’s happening both inside and outside of the government’s networks.

“Cybersecurity is not about writing code; it’s really managing people and managing systems,” Schneck said. “We have intelligence [to analyze] but you also have to make sure that information is rolled out the right way, and shared the right way [with the right people]. It’s very important to get that right.”

By way of illustration, she noted that in her own role of being a deputy at the DHS, she has about 1,000 people under her. But, crucially, she must focus on reporting upwards too.

“I make sure my boss is never caught unaware, is never surprised and is never uninformed,” she said. “She walks into every meeting knowing that she knows what’s going on, even if I’ve been up all night.

You don’t want to be surprised by headlines the next morning.”

When it comes to recruiting women, she said that DHS is interested in attracting the “typical security geeks,” but also strong and powerful women in general. “Sometimes these women don’t think they can be strong and powerful, but at the end we work as part of a team and we all grow strong together,” she said. “[This sector] has the ability to enable women. We need to band together, and support each other.

“Besides,” she added, “It’s really cool to understand cybersecurity.”

Given the ever-changing threat landscape, DHS certainly has its work cut out for it, which means that it’s thinking about the next generation workforce too. Gone are the days when one’s recruitment pool consisted of the annual crop of college IT graduates. Now, early education is a boon, and cybersecurity will require those who have learned to be flexible in their approaches and thinking on network resiliency.

“We have to change the mold,” Schneck said. “Cybercriminals execute plans very quickly—they don’t have meetings, or information-sharing proposals, and they don’t need to go get approval from supervisors.”

Therefore, the ability to quickly change tactics or adapt to never-before-seen approaches on the fly is an increasing reality. Simply put, we don’t know what we don’t know, until we know that we didn’t know it. Culturally and from a cyber-education perspective, that’s a sea change.

“We need our best and brightest on this,” Schneck said. “And right now, that’s today’s four-year-olds,” she added.

What’s hot on Infosecurity Magazine?