Cyber Crime Junkies
How To Measure Inclusion and Equality. Overcoming Bias in Cyber
How Equality Is Addressed in Cyber Security Field. We talk head-on about how equality is addressed in cyber security field. We address:, inequality in cyber security, ways to stop bias in cyber security, and the glass ceiling in cyber security. Lynn Dohm, head of Women in Cyber Security (WiCyS) and one of the top women in cyber security, joins us.
Come learn benefits of attending security conferences, best ways to keep up to date on security news, and ways to stop bias in cyber security.
Lynn DOHM https://www.linkedin.com/in/lynndohm/
Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.
Visit kiteworks.com to get started.
We're thrilled to introduce Season 5 Cyber Flash Points to show what latest tech news means to online safety with short stories helping spread security awareness and the importance of online privacy protection.
"Cyber Flash Points" β your go-to source for practical and concise summaries.
So, tune in and welcome to "Cyber Flash Pointsβ
π§ Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!
Follow Us:
π Website: https://cybercrimejunkies.com
π± X/Twitter: https://x.com/CybercrimeJunky
πΈ Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
ποΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
ποΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
ποΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: π¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
How Equality Is Addressed in Cyber Security Field. We talk head-on about how equality is addressed in cyber security field. We address:, inequality in cyber security, ways to stop bias in cyber security, and the glass ceiling in cyber security. Lynn Dohm, head of Women in Cyber Security (WiCyS) and one of the top women in cyber security, joins us.
Come learn benefits of attending security conferences, best ways to keep up to date on security news, and ways to stop bias in cyber security.
Lynn DOHM https://www.linkedin.com/in/lynndohm/
Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.
Visit kiteworks.com to get started.
We're thrilled to introduce Season 5 Cyber Flash Points to show what latest tech news means to online safety with short stories helping spread security awareness and the importance of online privacy protection.
"Cyber Flash Points" β your go-to source for practical and concise summaries.
So, tune in and welcome to "Cyber Flash Pointsβ
π§ Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!
Follow Us:
π Website: https://cybercrimejunkies.com
π± X/Twitter: https://x.com/CybercrimeJunky
πΈ Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
ποΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
ποΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
ποΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: π¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
How Equality Is Addressed in Cyber Security Field
We talk head-on about how equality is addressed in cyber security field. We address:, inequality in cyber security, ways to stop bias in cyber security, and the glass ceiling in cyber security. Lynn Dohm, head of Women in Cyber Security (WiCyS) and one of the top women in cyber security, joins us.
Come learn benefits of attending security conferences, best ways to keep up to date on security news, and ways to stop bias in cyber security.
Lynn DOHM https://www.linkedin.com/in/lynndohm/
Tags: WiCyS, top women in cyber security, gender inequality in cyber security, ways to stop bias in cyber security , challenges women face in cyber, glass ceiling in cyber security, approaches to enter cybersecurity, benefits of attending security conferences, best ways to keep up to date on security news, careers in insider threats, cybersecurity careers for military, gap in security job market, gender gap in cyber security, how partnerships help in cybersecurity, how to fix gender gap in cyber security, new approaches to enter cybersecurity, skills and gender gap in cybersecurity, ways women can break into security careers, ways women can create security careers, where to start cyber security career
Summary
Lynn Dohm, Executive Director for WSIS Women in Cybersecurity, joins the Cyber Crime Junkies podcast to discuss the state of inclusion for women in cybersecurity. The conversation covers the recent RSA event, the mission of WSIS, and the findings of their executive summary on the state of inclusion. The study revealed that women in cybersecurity experience exclusion at a higher rate than men, particularly in terms of career growth and advancement. The data also showed that organizations that were WSIS partners had significantly lower exclusion rates, highlighting the importance of community and collaboration in creating an inclusive environment. The conversation also touches on the use of AI in interviews and its potential to eliminate bias. The conversation covers various topics related to cybersecurity and diversity in the industry. Lynn Dohm shares stories and insights about increasing gender diversity in cybersecurity teams, the challenges of filling cybersecurity roles, the importance of mentorship, and the initiatives of the Women's Society of Cyberjutsu (WSC). They also discuss the book 'The Privacy Leader Compass' and upcoming programs and initiatives of WSC.
Keywords
cybersecurity, inclusion, women, career growth, advancement, community, collaboration, AI, bias, cybersecurity, diversity, gender diversity, cybersecurity workforce, mentorship, Women's Society of Cyberjutsu, WSC, book, The Privacy Leader Compass, programs, initiatives
Takeaways
Women in cybersecurity still face exclusion and a lack of career growth and advancement opportunities.
The state of inclusion in an organization can be measured by factors such as feelings of respect and career growth.
Community and collaboration play a crucial role in creating an inclusive environment for women in cybersecurity.
Partnerships with organizations like WSIS can significantly reduce exclusion rates and increase satisfaction.
The use of AI in interviews has the potential to eliminate bias and create greater opportunities for equality. Increasing gender diversity in cybersecurity teams requires intentional efforts, such as removing barriers in job postings and using gender-neutral tools.
Mentorship is crucial for career advancement in cybersecurity, and both mentors and mentees benefit from the relationship.
There is a significant shortage of cybersecurity talent globally, with millions of unfilled jobs.
The Women's Society of Cyberjutsu (WSC) offers various programs and initiatives to support and empower women in cybersecurity.
The importance of cybersecurity awareness and the need to focus on the fundamentals to prevent data breaches.
Titles
Partnerships for Inclusion
The Power of Community and Collaboration The Shortage of Cybersecurity Talent
The Power of Mentorship in Cybersecurity
Sound Bites
"The needle has moved ever so slightly."
"Diversity is really easy data to get."
"Culture is really the key here."
"If women weren't applying for his positions, if something was wrong, and instead of just accepting that women just aren't applying to these positions, he really started being intentional with looking at the postings himself and working with talent acquisition."
"According to the most recent data, there's about 3.9 million unfilled jobs in cybersecurity globally."
"Individuals that have a mentor are five times more likely to have a promotion. But what was really interesting to us is that individuals that are mentors are six times more likely to be promoted."
Chapters
00:00 Introduction and Background
03:03 The State of Inclusion for Women in Cybersecurity
06:22 Challenges in Career Growth and Advancement
10:03 The Power of Community and Collaboration
14:32 Partnerships for Inclusion
21:50 Increasing Gender Diversity in Cybersecurity Teams
27:37 The Shortage of Cybersecurity Talent
31:56 The Power of Mentorship in Cybersecurity
36:35 Empowering Women in Cybersecurity through WSC
39:24 The Importance of Cybersecurity Awareness
D. Mauro (00:01.671)
Well, welcome everybody to Cyber Crime Junkies. I am your host, David Mauro And today we are joined by Lynn Dohm executive director for Women in Cyber Security (WiCyS) And I am joined as well by my always positive, always enthusiastic co -host, Mark Mosher. Mark, how are you?
Mark Mosher (00:22.983)
wonderful, David. Hey, really excited to be in the studio today. This is going to be a great episode. Encourage everyone to look in the show notes, follow Lynn, support the cause and listen to what we're about to talk about next.
D. Mauro (00:37.415)
Yep, absolutely. So WyCis is a nonprofit organization dedicated to the recruitment, retention, and advancement of women in the cybersecurity field. And we'll get into your past history prior, but you've had a stellar history helping out organizations. And you were also a contributor to the book, The Privacy Leader Compass. And we're interested in hearing about that as well. Welcome, Lynn, to the studio.
Lynn Dohm (01:06.03)
Thank you. Thank you so much for having me here today. It's a pleasure.
D. Mauro (01:09.511)
Well, we're excited about it. So before we went live, we were just talking about the recent RSA event and changes that have happened in San Francisco and how the event was just a whirlwind for everybody, right?
Lynn Dohm (01:25.966)
It sure was. Yes. A typical RSA fashion just, you know, back to back meetings and you know, consolidating all your time to make the most out of syncing up with the individuals that you're interested in syncing up with and attending the sessions that you want to attend and of course, all the different social activities as well. So it was quite an experience.
D. Mauro (01:47.047)
Yep, absolutely. So, you know.
Mark Mosher (01:50.247)
And I understand you all put on an event, an after hours event, didn't you? And had a decent turnout.
D. Mauro (01:53.703)
Yeah.
Lynn Dohm (01:56.974)
Yeah, yeah, we really did. The Tuesday of RSA, we always rent out the district and we had a great event. 350 people registered and came through the door and you know, it started at 630 and we closed down the restaurant at around 1030, 11 o 'clock. And so.
D. Mauro (02:14.599)
Well, that is a good showing too. 350 is a strong showing.
Mark Mosher (02:17.607)
Yeah.
Lynn Dohm (02:20.014)
Yeah, yeah, it was wonderful. And what's great about the event at RSA is, I mean, you both know that we're not a woman's only organization. We're a community that's concerned about the critical workforce shortage. So our mission is to recruit, retain, and advance women in cybersecurity, but we're not doing this alone. We're a community of men, women, non -binary individuals, allies, and advocates that are all concerned about the workforce shortage. And so we create this ecosystem of individuals that are supporting our mission as one piece.
of creating more accessibility and opportunities for women to get into the workforce. And so the WyCis RSA Meetup is always like this big wonderful activity. That's where everyone just kind of comes together in this shared place of understanding of, hey, let's all network, connect and make these really thriving connections and how we're going to move and change the workforce moving forward. So.
D. Mauro (03:03.751)
Inclusive event, yeah.
Lynn Dohm (03:18.126)
It's a great social event and a great success.
D. Mauro (03:21.799)
That's fantastic. And you serve for WSIS, which is the Women in Cybersecurity, W -I -C -Y -S, for those that may not know. And you've been the executive director for what, five years or so now, I think, right? Or longer.
Lynn Dohm (03:37.358)
No, yeah, OB five years in October.
D. Mauro (03:39.751)
Yeah, that's what I thought. And then prior to that, you had helped the community college cyber summit. You would help create that forum.
Lynn Dohm (03:48.398)
Yeah, well, I was part of the original team that helped launch the Community College Cyber Summit as we're building, bridging the gap for community college educators to all get together and learn and grow in this space and help, you know, support that structure. Community colleges are very unique in that they have the very regional workforce way to be kind of more nimble and flexible for the regional needs. And
D. Mauro (04:10.695)
Right.
D. Mauro (04:16.487)
when some brilliant talent can come out of there and has come out of there, right? I mean, absolutely.
Lynn Dohm (04:21.006)
Yeah, absolutely. So that was great. And the Community College Cyber Summit started around the same time as WyCis. And so with that, I was working on many different activities with many different for -profits, non -for -profits.
Mark Mosher (04:21.671)
yeah.
D. Mauro (04:29.287)
Hmm.
Lynn Dohm (04:37.55)
government grants and the Community College Cyber Summit was a group that kind of came together from many different NSF funded grants that were cyber specific. And then they launched that activity. And around that same time, around 2015, I started working in a support capacity for the WSIS organization, but it wasn't until 2018 that I actually attended my first WSIS conference and then.
Mark Mosher (04:59.527)
Okay.
Lynn Dohm (05:04.846)
My career really advanced significantly after I formed that community and that camaraderie, what I got out of the WyCis conference. And then the following year, our founder, Dr. Anne Bering -Saraj, who was at Tennessee Tech University at the time, she asked me if I would consider applying for the position. And that's, and when one else in life, can you merge your passion in your career? I've been working on security. Right.
D. Mauro (05:26.279)
Right.
Mark Mosher (05:26.919)
That doesn't happen very often.
Lynn Dohm (05:29.71)
Exactly. And when someone believes in you before you even really realize how you could believe in yourself, you realize what an incredible amount of opportunity that lies ahead for you to really help drive that change that's needed for so many. So it's been a whirlwind of four and a half years. I can't believe it's coming up on five years, but we've been making a lot of progress and impacting a lot of lives.
D. Mauro (05:52.967)
Well, yeah. And, you know, each year you guys put out the the executive summary, kind of the state of inclusion of women in cybersecurity. At least I know that you put one out in 2023 toward the end of last year. And I'd like to just can you share with us some of the findings so that because people here, you know, there's there's a million jobs open in cybersecurity, yet there's so many people struggling to break in and
Mark Mosher (06:10.503)
Yeah.
D. Mauro (06:22.023)
none of that stuff adds up. So, and, you know, the struggle that women have for equality in the workplace transcends far beyond cybersecurity for sure. But it is something that is very prevalent in a clearly male dominated field like cybersecurity.
Lynn Dohm (06:41.326)
Yes, yes. And so we know that there's always been a lot of studies and research on what is the percentage of women in the cybersecurity workforce. And we've leaned in on ISE2 studies that women represent roughly 20 % to 24 % of the workforce. Now, when we started in 2014, we were at 11%. So the needle has moved ever so slightly.
D. Mauro (06:51.847)
Mm -hmm.
D. Mauro (07:02.855)
so it's doubled. Yeah, so it's doubled. That's great.
Mark Mosher (07:03.975)
wow.
Lynn Dohm (07:06.286)
Yeah, I mean, that was, you know, through the the effort of everyone involved, not just this organization, many nonprofits are working out there to drive that, that, you know, to to increase that percentage of women in the workforce. So we were really happy with that. But for us, we know that the lack of diversity is the symptom of the lack of inclusion. And since our mission is to recruit, retain and advance women in cybersecurity, we wanted to peel back the layers and say, what is the state?
D. Mauro (07:11.015)
Mm -hmm.
Lynn Dohm (07:35.598)
of women. We know we could recruit all we want, but can we retain and what does advancement truly look like for women in the cybersecurity workforce? So that's we started exploring this conversation in 2022 and in 2023 we piloted a study and we put out an executive summary and we had some really interesting findings. But at the end of 2023 we did a benchmark report. So we had over a thousand participants come in and what we did is we
D. Mauro (07:35.879)
Mm -hmm.
Lynn Dohm (08:03.63)
quantified the experiences of exclusion to identify the state of inclusion for women in cybersecurity.
D. Mauro (08:08.775)
Yeah, I was going to ask you about that. Like, how do you measure that? Right? Like, how do you measure whether an organization is inclusive enough? Right. And I mean, at what point do you just kind of get rid of all the white males and just have everybody of of of mixed race or color be be in leadership roles? But at some point, it's kind of like there has to be a measurement, right? There has to be fairness. There has to be, you know, the right person.
Mark Mosher (08:09.703)
Yeah.
Lynn Dohm (08:17.742)
Right?
D. Mauro (08:37.831)
with the right skills in the right job, regardless of orientation, gender, et cetera. So you guys went through and you had like a whole set of metrics, as I recall.
Lynn Dohm (08:50.638)
Yeah, yeah, yeah, we partnered with Elyria Research, and they were able to do an assessment. And it was an hour -long assessment where people shared their experiences of exclusion. We had 35 % men participate, 65 % women. And so we, you know, they produced the aggregate average. And it was enabled us to have this conversation of what is the state of inclusion? Because now we have data. You know, diversity is really easy data to get.
D. Mauro (08:55.079)
Great.
D. Mauro (09:06.919)
That's great.
Mark Mosher (09:15.143)
Mm -hmm.
Lynn Dohm (09:19.566)
And it's very easy. It's like low hanging fruit. You could take that metric and do something with it and, you know, put in some early career initiatives. And if it grows so slightly, everyone could be happy. But inclusion is not often talked about because it's a feeling and it's only felt when you're excluded. So we kind of struggled with how are we going to bring awareness to leaders about inclusion when we know that the higher that leaders rise, lessens their experiences of exclusion.
D. Mauro (09:19.783)
Right.
Right.
Lynn Dohm (09:47.502)
So they're not even experiencing it themselves. So that's why we partnered, came up with the data. And there were some interesting findings. I mean, first of all, we weren't surprised that women experienced exclusion two times higher than men do. That was like, we expected that. Like.
D. Mauro (09:48.487)
Right.
D. Mauro (10:01.671)
No. Because I think that transcends cybersecurity as well. Right. I mean, it's. Yeah. But I saw you were measuring like feelings of respect, career and growth. And I thought that was really good trying to quantify kind of respect and things. I mean, I saw that that those metrics and I'm like, those could be metrics for any company, for any culture, really. Like it would be a great mechanism to.
Mark Mosher (10:01.735)
bright.
Lynn Dohm (10:06.638)
Yeah, I mean, there's no surprise. I mean, we were.
Lynn Dohm (10:12.846)
Yes.
Mark Mosher (10:14.023)
Hmm.
Mark Mosher (10:27.047)
Right.
D. Mauro (10:31.335)
to evaluate an organization's culture.
Lynn Dohm (10:35.15)
And that's the point is that culture is really the key here. And so what was interesting is that the second area of sources of exclusion for women in cybersecurity stem from career growth and advancement. Now, Elyria that does this inclusion assessments across all sorts of industries, they haven't seen that for any other industry besides cybersecurity. So.
D. Mauro (10:58.567)
So what does that mean? It means in general females are able to start in the field but not move up.
Lynn Dohm (11:05.614)
Yeah, it does. And it also came up with the report on aligns with women experience a glass ceiling at around six to 10 years within their career. So now we have actual areas where we could pinpoint some pain points. So now we could have a conversation with if we're bridging, if we're bridging those gaps.
D. Mauro (11:07.527)
Hmm.
D. Mauro (11:17.287)
Hmm.
Lynn Dohm (11:31.022)
What are employers responsibility to that? And what is WSIS's responsibility as a nonprofit? And so now we're very intentional on, okay, we have that six to 10 years. So an employer that's listening to this will be like, all right, I see that there's individuals on my team, they're at around five year mark, if they're of the underrepresented population, we might want to start paying attention to what their career growth and advancement opportunities are. And do we have a clear...
D. Mauro (11:36.839)
Right.
D. Mauro (11:57.767)
And those can be micro steps to those could be some of that could be asking them, sitting down with them. Like, what is it that you want to do? What is it that the opportunities that because a business only has the the the ability to promote based on what opportunities exist? Right. But if if you because sometimes I am still convinced that so much of this post hunt of just terrible communication. Right. Like it's we're just terrible.
Mark Mosher (12:00.647)
All right.
Lynn Dohm (12:05.742)
Yes.
D. Mauro (12:27.303)
humans are. We're just horrible at it, and men in particular. And if we can just listen and ask the questions open -ended and hear what people really want, we might be surprised from what we hear. And it oftentimes will be directly aligned to what's in the best interest of the organization.
Lynn Dohm (12:47.982)
That's it. You hit the nail on the head, David.
Mark Mosher (12:51.495)
Hehehehe
D. Mauro (12:51.623)
Well, I've been head of WSIS now for four minutes and I've made an impact. So no, I mean, I really found the findings, I wasn't surprised by them. I mean, I guess I'm not surprised. I mean, cybersecurity is a broad term and there's a lot of different facets, but there's, you know, technology in general is predominantly a male field in my experience so far. But,
Lynn Dohm (12:54.798)
No.
Mark Mosher (12:55.191)
Hahaha.
D. Mauro (13:21.319)
but you still see certain segments. And whenever there's a brilliant, hardworking female, I've always seen them rise up and rise. But it's always those subtle things like the glass ceiling and other things that make it very complicated.
Lynn Dohm (13:40.718)
Yeah, yeah. And it's also hard to be what you cannot see. And so when you're in an organization, if you're not seeing and witnessing women in leadership, it's also very challenging because you're not seeing a way up for yourself. So you would layer some other areas into that and it could be just, you know.
D. Mauro (13:45.287)
Right.
D. Mauro (13:55.431)
Right.
Lynn Dohm (14:02.67)
eventually you get bored in a position or you're not getting the stretch assignments or you're getting assumed that you're accepting the status quo of where you're at and and you're seeing some colleagues getting promoted and all those things add up. It's not just women, it's underrepresented individuals. But for us, we did the study based on women in cybersecurity and there's a lot of other data that we could parse out and we eventually will get to it. But we definitely wanted to roll out that benchmark report to continue this conversation, you know, aligned with the priority
D. Mauro (14:19.078)
Right.
Lynn Dohm (14:32.624)
of our mission.
D. Mauro (14:34.311)
Yeah, and I noticed that toward the end of the last executive summary, there was a finding of organizations that were WSIS partners, right, had a lower, a significantly lower exclusion rate than those that weren't. What significance did that have for you? Like, what does that mean?
Lynn Dohm (14:57.166)
Yeah, and you know, we weren't even looking for that. That data kind of bubbled up to the top. Yeah. And we were so interested in that our researcher actually called the meeting like you would not believe what we've discovered here. And so part of the assessment included asking if they were a part of if they were participating as an employee of part of a particular.
D. Mauro (15:00.135)
No, it just came out, right?
Lynn Dohm (15:19.15)
organization. And we looked at if there were strategic partners of ours, we have close to 65 or maybe we're even at 65 right now strategic partners that fund us year round. And what we came up with in the state of inclusion assessment is that if participants were employees of WSIS strategic partners, they had 49 % less experiences of exclusion, and 64 % higher levels of satisfaction.
Mark Mosher (15:47.207)
Wow.
Lynn Dohm (15:47.342)
And so we were thinking, is it because they're a strategic partner? So they're automatically a little more inclusive. That's why they're partnering with a nonprofit organization like WSIS. And they really have that culture infused in what they are. Or is it because of their partnership with WSIS that they created a more inclusive state because they have more awareness? And so Elyria looked at that data even further. And what they realized is those individuals that participated in the assessment identified as employees of WSIS strategic partners.
D. Mauro (15:47.783)
Hmm.
Lynn Dohm (16:16.717)
They had a very broad understanding of WSIS and they were actively a part of the community. And they either participated in webinars, they hosted webinars, they did presentations at the WSIS conference. They were a mentor, they were a mentee, they were building programming efforts. They were part of a cybersecurity team that was building out custom programming for WSIS. Like they weren't siloed.
D. Mauro (16:22.855)
Hmm.
Mark Mosher (16:22.919)
Huh. Okay.
Lynn Dohm (16:43.214)
they were part of something outside of just themselves that they were making a bigger impact in some bigger way with a broader community. And so it boils down to us realizing the community effort works. Working in silos and not often having many other women on your team is very challenging. And when you bring individuals all together, you are creating an automatically more inclusive, more belonging state. And so when your employer respects that and you have that supported,
Mark Mosher (16:43.527)
Mm -hmm.
Lynn Dohm (17:12.462)
within your job role, then you're going to feel that. And it's all about feeling and having that really kind of mission focused. So it was really great data for us to find. I mean, we were looking for it and it came up and it was a big difference there.
D. Mauro (17:26.215)
Yeah.
Mark Mosher (17:31.239)
Right.
D. Mauro (17:34.727)
yeah, I mean, it was in when I saw some of the examples, like when they some of the people that had participated, they had some some really odd stories of being excluded, right? And some things that were just, you know, not very sensitive or or you can tell the people that had offended them like clearly hadn't read the room. They weren't really paying attention.
But little things too, like when decisions were being made, they were made by groups of guys over lunch when the women weren't there. And it's like, how easy is that to fix? Like, just don't make the decisions until everybody's in the room or invite them to lunch. Like some of the stuff is it can be solved with just better collaboration, I think. Yeah.
Lynn Dohm (18:28.302)
paying attention. Yeah, yeah. Well, at the WSIS conference.
Mark Mosher (18:29.639)
Yep. Yep.
D. Mauro (18:32.967)
Yeah, Mark and I are like the poster child of guys that haven't in the past. So that's why we're open to this. Like we want to learn. That's that's the whole point of this. Yes, we're like this is things we have to learn to listen. So yeah, this is really good.
Mark Mosher (18:36.551)
Hehehehehe
It was like day two of my therapy. We went over that, yeah.
Lynn Dohm (18:49.294)
Yeah, there's lots of stories that we hear all the time. And people, when they look at an inclusion assessment, these are not old stories. These are very new stories. And when we have editors and reporters that are reporting on this data, I've received so many DMs and private messages of individuals saying, it was a pleasure to report on this because in these modern times, the fact that these different scenarios are still playing out, we have to bring more awareness of how we change this.
D. Mauro (18:56.839)
Mm -mm. Mm -hmm.
D. Mauro (19:15.879)
Yeah, because some of them were pretty egregious. Like when I was reading through it, I'm like, some people were like, like doing things that were completely inappropriate by 1950s standards. And the fact that it was going on in 2023, I'm like, wow, that's not good. So and as guys, you know, Mark and I don't see that, right? Like we don't see that people don't do that in front of us and stuff. So,
Lynn Dohm (19:18.894)
Yes.
D. Mauro (19:43.623)
actually hearing about it is really good because that makes us more aware.
Lynn Dohm (19:49.262)
Yeah. Yeah.
Mark Mosher (19:51.111)
What about with the use of AI? And maybe this is a different kind of question. And I asked this because I read an article. I know, I know. But I thought it was really unique, right? It was an article that it was written from human resource perspective that AI is now being used for initial interviews. Like they're conducting, AI is conducting the interview and will lead the conversation and measure them.
D. Mauro (19:51.143)
That's.
D. Mauro (19:59.079)
You always have to weave AI into everything, don't you Mosher? But it's kinda...
D. Mauro (20:09.607)
Hmm.
Mark Mosher (20:20.391)
not just based on their skill set when it comes to like cybersecurity. Do you have this cert? Do you know how to, you know, subset IP address, things like that. But it, it, they have to look into the camera the whole time. It reads like their facial movements, the changes in their pupil and all this stuff. And then it gives the recommendation on whether or not they should be hired. And they said, on the one hand, what if AI gets it wrong and doesn't read the person right? But two,
D. Mauro (20:34.567)
Hmm.
D. Mauro (20:46.887)
All right.
Mark Mosher (20:49.255)
Does this eliminate like all social biases that individuals may have themselves when interviewing an individual that they may not like that particular person or whatever country that they're from or? Yeah, yeah. So it was really unique. And that's, I just wonder if maybe that creates greater opportunities for equality for everybody if we start leveraging something like that. I don't know. I just thought it was a unique take.
D. Mauro (21:02.343)
because of their own personal bias, right? It could eliminate that.
Lynn Dohm (21:17.742)
That is a really interesting article. I'd love to read more about it. And you're absolutely right. Maybe it's eliminating those biases that we, I mean, we all have unconscious bias. It's about paying attention of understanding what could potentially be harmful with that unconscious bias that we are not even aware of at the time until you're really looking into it further. And perhaps that is a solution is the AI interview removing bias, but.
D. Mauro (21:28.711)
Right.
Lynn Dohm (21:47.246)
there's still so much unknown with that.
Mark Mosher (21:49.831)
Yeah.
D. Mauro (21:50.119)
Yeah, it's all about the programming of the program, right? Because how much bias is inputted into the program in the beginning? You know?
Mark Mosher (21:53.255)
Mm -hmm.
Lynn Dohm (21:57.486)
Yeah, exactly, exactly. You know, one of my favorite stories.
D. Mauro (22:00.839)
Like I would hear the southern drawl of Mosher and nix him right away. I would nix him right away.
Mark Mosher (22:04.487)
Well, see, yeah, I couldn't pull one over on the AI, right? Like I couldn't con them into giving me a job. That'd be total loss there.
D. Mauro (22:10.711)
Ha ha ha ha.
Lynn Dohm (22:13.646)
You know, one of my one of my favorite stories is when I was at in a summit in Cleveland, I was sitting at a table with CISOs. And one of the CISOs was really excited to share with me that he is 35 % women on his team, and he's not going to stop until he was at 50%. Now, this is like two years ago. And I was really interested because it was right around the time that you know, ISC2 started saying that we're at 20 to 24%, depending on what you know, studied with many different
D. Mauro (22:32.007)
Great. Yeah.
Lynn Dohm (22:42.83)
researchers. And so I asked him what he was doing different and he very thoughtfully was considering it like thinking what is he like, he's like, what am I doing different? And he realized a few years ago that he started paying attention. And he realized that if women weren't applying for his positions, if something was wrong, and instead of just accepting that women just aren't applying to these positions, he really started being intentional with looking at the postings himself and working with talent acquisition.
D. Mauro (22:52.775)
Yeah.
Lynn Dohm (23:12.878)
and removing like the outrageous wish list that David and Mark you all are aware of. Like there's more, you know, job wrecks out there that have a CISSP requirement than there are CISSP holding certified individuals.
Mark Mosher (23:25.223)
Yes.
D. Mauro (23:26.567)
Right. Yeah. And it's like entry level job. Just CISSP, five years of managing a sock. You're like, that is not an entry level job. So.
Mark Mosher (23:30.343)
Yeah.
Lynn Dohm (23:35.15)
Yes, exactly. And so those were all the things. And then he also was very intentional knowing of the different tools and the policies, procedures, and everything that his team was going to train the individual on too. And so reducing that massive wish list. Everyone has a wish list. Everyone's looking for the unicorn. It's a big thing in cybersecurity, always looking for the unicorn. And then putting it through gender neutral tools, having the...
D. Mauro (23:47.815)
that's great.
D. Mauro (23:52.327)
Mm -hmm.
Lynn Dohm (24:01.87)
other women in cybersecurity professionals there on his team looking at the job rack and then submitting it from there and really paying attention to the interviewing process. And lo and behold, he was able to increase the amount of women on his team and have that powerful diversity of thought that women also bring and are able to leverage to those cybersecurity teams. And so it is about paying attention. It is being very intentional and it's looking at if something isn't attracting,
women to apply for, then something's not working there. So what are you going to do? You know, meeting the community where the community is really another area of focus for us too.
D. Mauro (24:42.503)
Absolutely. So how did you, you know, we always ask about the origin story. How did you get into the the cyber watch center, the cyber fed, you know, being interested in cybersecurity and in in general, were you interested curious in technology as a when you were younger, like what what what was it that that that's burned you into the field in general?
Lynn Dohm (25:12.878)
So I started working with an NSF -funded grant on cybersecurity, different skill -based trainings and programming efforts and kind of overcoming the cybersecurity educational solutions. And with that, I started working and getting contracted with many other different NSF.
of funding type grants. And I was working more like in the communications area of reiterating and explaining to others what exactly cybersecurity is all about and the many different career pathways and way to get into it. But I was often struck so quickly when I started working on these is why is there this workforce shortage? It was fascinating to me because the minute I started working in cybersecurity, it was
D. Mauro (25:57.191)
Right.
Lynn Dohm (26:01.71)
was fascinating to me. It was fast paced, it was ever changing, it was problem solving, it brought a lot of curiosity. There was so much that it has to offer a lucrative career, career advancement, financial freedom.
Mark Mosher (26:14.503)
Mm -hmm.
D. Mauro (26:15.143)
Well, it's a bigger cause too. It's not just technology for digital transformation purposes. It's technology to protect organizations, right? So there's there's like a right. It's mission focused. Yeah. and for the listeners, NSF does not mean insufficient funds, which is what I'm sure Mark thought. It's the National Science Foundation grants. No, yeah, I just want to clear that up. So.
Lynn Dohm (26:24.686)
Mission Focus.
Mark Mosher (26:26.023)
Yep.
Lynn Dohm (26:27.854)
And so it was, it was cool.
Mark Mosher (26:34.023)
okay, that one totally went over my head then. I was like, she gets those too? Man, glad it's not just me. Glad it's not just me.
Lynn Dohm (26:46.318)
of that. Thank you for clarifying that.
D. Mauro (26:48.359)
That's because you pay your bills on time. That's okay.
Mark Mosher (26:50.439)
Me, not so much.
D. Mauro (26:53.639)
Hehehehe.
Lynn Dohm (26:53.798)
So, so it was so I started working on, I really just started honing in on cybersecurity workforce initiatives and that's what led me on my journey of how how could we make this a more inclusive strong gender diverse workforce and.
D. Mauro (27:03.175)
Yeah.
D. Mauro (27:12.519)
So let me ask you this, is there a general shortage in cybersecurity talent, male and female in general in the United States? Because we always hear that there is, but then tech industries lay people off and people are out searching for work. So I'm just curious what the reality is. Like, what are you seeing?
Lynn Dohm (27:37.358)
Well.
We're seeing that there is a lot of unfilled jobs out there. We're also seeing, of course, that tech industries are laying individuals off. And so it's challenging, according to the most recent data, that there's about 3 .9 million unfilled jobs in cybersecurity globally. I don't know what the step is. It's amazing.
D. Mauro (27:54.791)
Mm -hmm.
D. Mauro (28:00.743)
I mean, isn't that amazing? Doesn't that just amaze you? Like, how is that possible? These are organizations that want to hire cybersecurity talent and can't fill the roles.
Lynn Dohm (28:13.486)
It's that three to five years experience, David.
D. Mauro (28:16.135)
Yeah.
Mark Mosher (28:16.711)
Yeah.
Lynn Dohm (28:16.75)
It's a tough one. It's a tough one. And as a nonprofit, we're actually meeting, you know, we have all our strategic partners that are this ecosystem that are investing in the cybersecurity workforce initiatives. And we're meeting with them to talk about like, how can we overcome this challenge? What could us as a nonprofit, what would it take for us? You know, we build out internship programs, we build out apprenticeship programs. It's just we need to do more. And we need to utilize ourselves, knowing that we're this great bridge between
D. Mauro (28:42.599)
Mm -hmm.
Lynn Dohm (28:46.704)
between the employers and the community as a catalyst to be this collective space. Like, let's create this think tank and how can we give those individuals the three to five, or else it's just going to be perpetuating the problem. If we don't get these individuals three to five years of experience, get them in the door, get the jobs filled, then, you know, when we start and when we started in 2014, women represented 11 % of the cybersecurity workforce, but there was 1 million unfilled jobs.
D. Mauro (28:48.775)
Right. Yes.
Mark Mosher (28:49.831)
Mm -hmm.
D. Mauro (28:59.431)
Right, absolutely.
D. Mauro (29:12.295)
Right. Right.
Lynn Dohm (29:14.318)
Now we represent 20 to 24 % of the cybersecurity workforce, but there's close to 4 million unfilled jobs. So the demand is just more and we have to continue to work. So there's a lot more work that we have to do. We've done a lot. We've built an incredible community. We have a lot of incredible initiatives, programming efforts. We have 1 ,600 enrolled in our mentor mentee program. All our programs far exceed our expectations. Like when we open up,
D. Mauro (29:23.303)
Mm -hmm.
D. Mauro (29:36.743)
That's great.
Lynn Dohm (29:40.334)
our registrations for all our programming efforts. It takes in a tremendous amount of staffing to kind of go through and make that selection process on who's moving in or coming into the program, who's moving through it, and then how else can we support our community. And so there's a lot more work that we need to be doing in that space and building out the programming efforts and looking at what is that three to five years experience and how, why are we still here? Why are we still here?
Mark Mosher (30:09.095)
Yep.
Lynn Dohm (30:09.646)
conversations is a big conversation we're still having.
D. Mauro (30:13.959)
Yeah. Well, we thank you guys for all that you're doing. Let me ask you about this. The book, The Privacy Leader Compass, share with us about the experience of helping that and what's the mission of the book, the message of the book.
Mark Mosher (30:16.903)
absolutely.
Lynn Dohm (30:30.638)
The message of the book is, you know, just a privacy leader, all the different experiences and how many different individuals in the space are overcoming the challenges and identifying some of the barriers and what what they're working on moving forward. And so it was a great pleasure to be for Valerie and Todd to reach out to me and ask me to be a contributor. And so I was able to share just a little bit of our experience on the purpose of the Mentor Mentee program. And, you know,
for the sake of the listeners, when we built out our mentor mentee program, we looked at our programming efforts that weren't working. We thought we're going to match mentors with mentees and they were going to develop a relationship and people are going to advance in their careers because of it. And what we realized is that there's a lot more involved in the relationship building and really identifying the pain points for individuals for overcoming career advancement challenges. And so,
D. Mauro (31:08.231)
Right.
Lynn Dohm (31:28.302)
what we started doing some research and we realized that individuals that have a mentor are five times more likely to have a promotion. But what was really interesting to us is that individuals that are mentors are six times more likely to be promoted. Yes. And so we kind of flipped the script and looked at the narrative of what we need is more mentors. Mentoring is a leadership skill set. It takes...
Mark Mosher (31:38.919)
Wow.
Mark Mosher (31:44.871)
Really? That's interesting. Yeah, yeah.
Lynn Dohm (31:56.782)
a tremendous amount of knowledge and effort to navigate through those really crucial conversations. And so we built out a curriculum designed to mentor the mentor, so then we could set them up in a mentoring cohort group. So now they have a community, and then everyone could go into the shared place of understanding to learn and grow together. And that mentor can facilitate that conversation.
Mark Mosher (32:00.455)
Yep. Yep.
Mark Mosher (32:10.087)
Really?
Mark Mosher (32:21.159)
Wow.
Lynn Dohm (32:24.718)
And that's been working out extremely well for our mentors, for our mentees. We have so many male allies that are in the mentoring program and they even share with us a year later that they would never be able to be a part of some of the more difficult and uncomfortable conversations that they're a part of now if they themselves didn't go through the programming effort. So there's, you know, it was an opportunity for us to build up this need.
Mark Mosher (32:35.719)
Okay.
Lynn Dohm (32:54.638)
that we still so strongly have for mentors in this space.
Mark Mosher (32:58.183)
Now that's great, that's really good.
D. Mauro (33:00.359)
Well, the importance of mentorship, I mean, I think those findings are fantastic because it not only bolsters the career of the mentors, I mean, of the mentees, which one would think, right? That's kind of logical. But of the mentors themselves and building that cohort and that and that community around the mentors, because nobody really teaches you how to be a mentor. Right. You know. Right.
Lynn Dohm (33:12.302)
Right.
Mark Mosher (33:14.407)
Mm -hmm.
Lynn Dohm (33:22.702)
We just assume it. We assumed if someone signed up to be a mentor, they know how to mentor until you're in the mentoring sphere yourself and you're like, gosh, how am I going to start this conversation? So the resource.
D. Mauro (33:28.167)
Right. Exactly.
Mark Mosher (33:31.971)
Yeah
D. Mauro (33:35.687)
Well, you see that across across all lines of organization, somebody does really well on a job, they promote them. And then all of a sudden they're in charge of a team. And it's like, wait, they were good at the job. They're not necessarily good at coaching others to be good at the job. You need to train them. Right. And so that's that's one of the one of the main challenges that we see across all.
Mark Mosher (33:51.143)
Right, right.
Lynn Dohm (33:59.534)
Yeah, yeah, it is. And that was, I mean, by identifying that challenge and looking at what's worked, what hasn't worked, what have been successful program efforts, we were able to build out the set of resources to kind of overcome that uncomfortable state of growth within your professional development. So yeah.
D. Mauro (34:16.903)
That's fantastic. Well, we'll have a link to the book, The Privacy Leader Compass, and we'll also have a link to the executive summary and a link to your contact info as well as WSIS. That's fantastic. So you just came back from RSA. What's on the horizon for you guys next?
Lynn Dohm (34:25.87)
Thank you.
D. Mauro (34:39.911)
I'm sure you have some things set up or planned or are you just still unpacking from our saying going, let's figure out what we're going to do next. I just care.
Mark Mosher (34:46.599)
decompressing from RSA.
Lynn Dohm (34:49.71)
We have a lot going on. We have our Target Cyber Defense Challenge that opened up the registration, opened up for that today. So that's very exciting. And that came from Target's cybersecurity team just being interested in a programming effort for the WSIS organization. So they develop it. They develop the whole program, the scenario, the whole team comes together. So it's really a creative, you know,
D. Mauro (35:06.607)
that's great.
Mark Mosher (35:07.527)
Yeah.
Lynn Dohm (35:16.046)
It's just a wonderful space for the target team to be working on together and then they mentor our WSIS members through the program in its tier.
D. Mauro (35:22.727)
yeah. And they have had, you know, historically, they have such a strong cybersecurity stance, like Target has always done very, very well. And I know there was the big Target breach, and it's always cited in cybersecurity awareness trainings. But let's not forget, it wasn't Target, it was the HVAC vendor, right, that that kind of brought that. But it's a good lesson to think about vendor risk, right, because so many organizations really struggle with that.
I mean, hey, we're still trying to get people to always use the MFA, let alone worry about what their vendors are doing. Right. So when we think about the maturity level of cybersecurity here in the United States, there's a lot of a lot of work to be done.
Lynn Dohm (36:06.222)
a lot of work to be done. So that's another thing we're also working on is the student chapter pilot program. We're piloting the program. So as we're building up, we have 270 student chapters right now. And so we're building a program.
D. Mauro (36:12.679)
fantastic.
D. Mauro (36:19.303)
Are they located in higher ed in universities, at community colleges, or just independently? How are they structured? Like, how would somebody get involved if somebody was a student and want to get involved?
Lynn Dohm (36:35.182)
they could just form one, they could reach out to WSIS. And if they were a high school student, a technical institution, community college, college, university, they would be able to go through the application process and to be able to launch their own student chapter. And so as a nonprofit, we're able to fund that student chapter. What we want to do is...
build all that awareness throughout not only their college or institution, but we want them to also bring cybersecurity awareness to so many on the campus. And so Student Chapter presidents receive a WSIS Conference Scholarship. So they come to our own conference so that they can learn and grow and bring that back to their institution or their high school.
D. Mauro (37:09.287)
That's great.
D. Mauro (37:14.343)
Lynn Dohm (37:21.71)
and continue to grow that community. And again, it boils down to it's hard to be what you cannot see. And so we want individuals at the high school, the college and university level to be able to have that community create that inclusive space for others to get into cybersecurity. So the student chapter.
D. Mauro (37:40.135)
I think that's fantastic. I mean, that is just fantastic. I mean, that is just when when students are, you know, students are struggling financially, right. And whenever they get any little bit of help, you earn a customer or loyalty fan for life. Right. Like when I was in college, I got some assistance through United Way. And now throughout my adult life, I've been helping the United Way. Like, it's just one of those things. I'm like, man, when I had nothing,
Mark Mosher (37:41.415)
Yeah, that's great.
D. Mauro (38:09.543)
Right. And I was able to get a little bit of help like you never forget that. It's a it's that's a wonderful, wonderful approach. That's great.
Lynn Dohm (38:19.342)
Yeah, so that's our pilot program is working on our cybersecurity awareness month toolkit. And then educating on how we're going to mobilize our student chapters to go down to high schools to not only educate on cybersecurity awareness, the basics like the multifactor authentication and.
D. Mauro (38:38.631)
I love those toolkits. I loved your toolkit last year. We did a first cybersecurity awareness month last year. Mark, remember that? We did an episode. We gathered up our past episodes and then new episodes and we launched an episode a day just to just to really raise awareness during that month. And it's just in we we gathered up resources, all the toolkits. He says a toolkit, you know, like the vendors do know before and.
Mark Mosher (38:39.719)
That's cool, yeah.
D. Mauro (39:06.823)
wiser and they'll have the toolkits. Those toolkits are just chock full of great resources to help raise awareness in an organization. Right. I think that's in the WSIS toolkit was fantastic. So I think that's excellent. That's great. Yeah.
Lynn Dohm (39:24.078)
Thank you. So we're looking at how are we going to revamp that and make it better. That was the first year we've done it like that. And so we're looking at how can we make that.
D. Mauro (39:28.263)
Yeah. Yeah.
Lynn Dohm (39:34.19)
a little stronger. And then our MentorMentee program, we're also working on that. And then our biggest security training scholarship program, that's one of our most signature programs, security training scholarship. And so that those applications will be opening up in July. So there's a lot of work that needs to be done right now. And with that,
also includes going out and bringing the employers together for funding a lot of that work. And so that's part of where we're at with our programming efforts.
Mark Mosher (40:04.359)
right.
D. Mauro (40:10.343)
No, that's fantastic. Well, we wish you guys the very best and we will have links in the show notes and we encourage everybody to not only be inclusive, but to listen more. And I'm still convinced the more and more I speak with national leaders like you and global security leaders, like so much of it is subtle, right? So much of it is is just, you know,
Mark Mosher (40:13.927)
Yeah.
D. Mauro (40:37.959)
some of these large data breaches occur when somebody's just distracted and they do it's the fundamentals like what they're beating us on the fundamentals and if we could just take time and just be more aware of our surroundings, we'll not only be more inclusive, but we'll be able to reduce the number of breaches and that's really where it's got to happen. Well, thank you so much for your time. We really appreciate all the work that you're doing. You guys are doing great.
Lynn Dohm (41:00.302)
Well, I really appreciate it.
Mark Mosher (41:02.247)
Yes, thank you, Lynn.
D. Mauro (41:06.471)
And any way we can help support you, we absolutely will. So.
Lynn Dohm (41:09.902)
Well, we appreciate you elevating the voices of so many within our RISC community just by bringing awareness to the organization through your podcast. So it's a great pleasure to have this conversation with you both. And thanks so much for having me.
D. Mauro (41:23.463)
No, absolutely. And maybe Mark can at your barber college, Mark, maybe you can start a start a student chapter. Right. Barbers have to worry about cybersecurity, too. They take cash, they take credit cards or PCI compliant. Come on. And now I've just alienated all the barbers. So it's OK. I just lost a whole segment of our listeners. They were 42 percent of our listeners, by the way. So.
Mark Mosher (41:29.063)
Start a local chapter. I think that's a wonderful idea. That's exactly right. That's exactly right. We just lost a whole segment of our listeners.
Lynn Dohm (41:43.926)
Don't be a p -
Lynn Dohm (41:49.358)
No.
Mark Mosher (41:49.799)
I'm going to go to bed.
D. Mauro (41:51.687)
I'm just teasing. Well, thank you so much. We really appreciate it.
Mark Mosher (41:52.903)
All right, thanks, Lynn.
Lynn Dohm (41:54.509)
Thank you. Yeah, take care.