‘Invest in Yourself,’ Female Federal CISOs Tell Women Seeking Cyber Jobs

Women looking to enter the cybersecurity field across the federal government need to focus on investing in themselves, according to top cybersecurity leaders from agencies across the federal government. 

Three female chief information security officers from the Defense Department, the National Institutes of Health and the Agriculture Department spoke Wednesday at a GovernmentCIO webinar addressing women in cyber leadership. They said they see the National Initiative for Cybersecurity Education, or NICE, Framework as a critical tool for women trying to figure out how to advance their careers in cyber. 

Women are underrepresented in cybersecurity generally speaking. According to a 2019 report, women make up just under a quarter of the cybersecurity workforce. The webinar during which the three CISOs spoke was part of a series of three panels; there were no female experts speaking during the other two dialogues. 

Venice Goodwine, CISO at the Agriculture Department, said she uses the NICE Framework in mentorship conversations with women looking to get into cyber. The guidelines can help women identify exactly what they want to do in the field, and as such tailor their development to specific goals. 

“This cybersecurity NICE Framework allows you to focus immediately,” Goodwine said. 

The guidelines can help women invest in their cyber skillset with purpose, rather than hoping they can develop specialities along the way. Goodwine said she “absolutely” agrees with the idea the NICE Framework helps women identify clear-cut paths for advancement. 

The NICE Framework was originally published in 2012. In July, NIST released a new draft revision to the document. The public comment period on the draft closed August 28, and the final version of the document will be released this fall, according to the NIST website. 

Jothi Dugar, CISO of the NIH Center for Information Technology, added that skills development for women looking to get into cybersecurity leadership necessarily looks different than it does for more technical positions. The road to greater equity for women in cybersecurity does not lie in focusing solely on hard skills, she said. 

Dugar said her personal experience at NIH shows her the importance of the ability to communicate with a wide range of stakeholders. Women looking to enter the cybersecurity field can’t limit themselves to only knowing how to speak in technical jargon—collaboration with partners outside of the cyber silo is key for actually securing enterprises.

“We can't just go to [doctors] and say: ‘Well, you’ve just got to give me your MRI scanner and I’ve got to patch this machine while there's a patient right there,’” Dugar said. “We have to really paint the picture for a variety of different stakeholders.”

During the coronavirus pandemic, Dugar said she and her team began having scrum meetings where they expanded the focus beyond work. She asked her team to share two words that represented how they felt on a personal level. 

The mostly male team was somewhat reticent at first, but Dugar said eventually the conversations began getting deeper. Moving forward in a working world that may be irrevocably altered due to the shift to mass telework, strong leaders will have to improve cybersecurity by developing relationships through technology, according to Dugar. 

“It’s almost like you have to set that example and you have to show your own vulnerability and authenticity which really then brings that out of others,” Dugar said.