In this week’s episode (#137): Hewlett Packard Enterprise (HPE) Chief Information Security Officer Elizabeth Joyce joins us to talk about HPE’s collaboration with Girl Scouts of the USA* to bolster teenagers cyber security chops and encourage more young women to explore cyber security as a profession. Also: we talk with Vijay Ramanathan of Code42** about the evolving need for DLP.
This week’s episode of the podcast is sponsored by Code42. Tune in to our second segment for a conversation with Senior Vice President Vijay Ramanathan taped on the sidelines of the RSA Security Conference. Vijay and I talk about the need for a new generation of data leak prevention tools to protect de-permiterized networks and hybrid cloud environments from advanced and insider threats.
Girl Scouts to the Rescue on Cyber Talent Shortage
But first, if there was one theme that dominated the discussion at this year’s RSA Security Conference in San Francisco, it was the shortage of cyber security professionals across industries. That and the burden on those few professionals who are in the field, who struggle with burnout and stress. At the end of the day, cool security tools and services are great. But without any boots on the ground to run the tools or manage the services, they’re not of much good, are they?
RSA showed the cyber security industry wrestling with this intractable problem. There were many responses to this: companies were talking increasingly of managed security offerings. Artificial intelligence and machine learning were promoted as a way to do more – or at least to do no less – with fewer people.
But pretty much everyone agrees that the “big fix” for the cyber security skills shortage is to produce more information security professionals. Where will those people come from? Well, our first guest this week would argue that you may now find them going door to door in your neighborhood selling cookies.
Elizabeth Joyce is the Chief Information Security Officer of the firm Hewlett Packard Enterprise. She joined me in the Security Ledger Studios to talk about a program that HPE launched with Girl Scouts Nation’s Capital to empower young girls with crucial cybersecurity skills and knowledge. Scouts participating can earn a cybersecurity patch as part of the program.
The collaboration is part of the Girl Scouts’ push to reduce the gender gap in technology via bringing 2.5 million girls into the STEM pipeline by 2025. The Cybersecurity industry is a particularly egregious example of that gender disparity, with only 11% of women in the field.
In this conversation, Liz and I talk about the collaboration with Girl Scouts of the USA as well as the challenge of teaching technology and cyber literacy to children and the bigger challenge of cultivating diversity in the cyber security industry.
DLP’s Radical Makeover
The idea behind data leak prevention technology is pretty straight forward: tag the data that’s most important to your organization and then use policies and monitoring tools to keep it from accidentally slipping past your network perimeter – out of your control.
The reality, however, is much more messy, according to our next guest: Vijay Ramanathan of the firm Code42*. For one thing, Ramanathan points out, very few companies actually understand what data they possess or where it is stored.
Beyond that, the job of sorting “important data” from unimportant data is nearly impossible. For most companies, he argues, all data is likely to be important in some way and compliance is not the focus of defense so much as advanced attacks and insider threats.
In this conversation, Ramanathan and I talk about how the DLP space is changing and how the job of protecting data leaks is made more difficult by the advent of cloud computing and hybrid environments.
Correction: an earlier version of this story used an incorrect name for Girl Scouts of the USA. The story has been updated to use the correct name. – PFR 3/13/2019
Code42 is a sponsor of The Security Ledger. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.