-A Blog By: April Hubbard
B.S. IT, Walden University
AAB Cybersecurity Student, Lakeland Community College
april.driesse@gmail.com

My Time At WiCyS (Women in CyberSecurity) Cleveland 2022

From Thursday March 17^th, 2022, until Saturday March 19^th 2022, I attended my very first WiCyS (Women in CyberSecurity) conference, and let me just tell you in one word how this conference went — Phenomenal!

WiCyS (Women in CyberSecurity) was founded in 2012 by Dr. Ambareen Siraj through a National Science Foundation Grant. In less than ten years, the organization has managed to grow into a leading alliance between academics, government, and cybersecurity industries nationwide. (wicys.org)

For the last eight years, WiCyS has had a conference that has not only been the flagship conference for women in Cybersecurity but has been the largest cybersecurity conference with equal representation of professionals and students. This year, The WiCyS conference travelled to Cleveland, Ohio at the Huntington Convention Center.

When I saw that the conference was going to be not even forty-five minutes from me, and I had the chance at being a local representative for my college, Lakeland Community College, I had to jump on the chance and apply as a student to attend.

The application process was smooth. I applied as a student, and had my professor fill out a recommendation, and then was notified within a week or two later as to my attendee status.

Because we are living actively in a pandemic, I also was asked to submit proof of my vaccination status, since the conference was stating that everyone in attendance was fully vaccinated. WiCyS used a pre-verification process through a website known as Aura, who verifies your vaccination status ahead of time, ahead of the conference. This was a requirement in order to allow individuals the ability to safely learn, network and grow together in person, and many other organizations that have a large amount of people coming together have the same requirement, and so this was no big deal for me. I simply uploaded my vaccination card to their portal, and within days was approved.

This year’s ninth Women in CyberSecurity conference hosted 1700 attendees, of which 900 were students. The student body made up most of the attendees, but there were also industry attendees, and these industry attendees offered the ability to network with students, allowing students to gather information of potential careers within the Cybersecurity field.

This year’s goal? To bridge the gender gap in Cybersecurity.

As a student, and someone who has worked in the Information Technology field with various roles ranging from helpdesk to networking to programming, it was interesting to me to hear the shortage of roles within cybersecurity. I’ve always known that IT has been a male dominated field, but, with Cybersecurity, it was shocking to hear that only 20-24% of the individuals within the cybersecurity industry were women. It was even more shocking to learn that there was a 3.5 million worker shortage within Cybersecurity.

So, what exactly does Cybersecurity make up? Well, as I learned during my time at the conference this past weekend, there are several branches within Cybersecurity. These are:

1. Application Security
2. Network and Infrastructure Security
3. Intrusion Detection and Penetration Testing
4. Digital Forensics and Incidence Response
5. Endpoint Protection and Mobile Security
6. Data Governance, Risk and Compliance
7. Cloud Security
8. Internet of Things (IoT) Security
9. Critical Infrastructure Security

So, as you can see, there are several areas within Cybersecurity, and I am sure there are more that could be listed, especially as the internet grows.

This weekend’s course offerings at WiCyS ranged from “Getting Smarter about Dumb Protocols on our Networks” to Discussing the Internet of Things, to Various Hands-on Labs and Capture the Flag Events, Incidence Response, Breaking into Smart Homes, Security Weaknesses, and so much more.

I had the pleasure of meeting and discussing network technology with Terri Johnson and Keith Nabozny and really enjoyed their subnetting challenge during “Getting Smarter about Dumb Protocols and our Networks”

I also really enjoyed Atia Ibrahim’s (Optum) presentation on Security in the Cloud, and all the “aaS(es)” within the cloud. In addition to the educational aspect that WiCyS offers, Networking is a hugeeeeeee aspect of it.

My roommate was an international student from Tunisia. I had no idea that Cybersecurity was a big field in Africa, let alone what life was like there. We had a lot of discussion about her being an international student, and how life is different here in the US verses where she is from, and what her role in cybersecurity was like. We enjoyed discussion about cultural diversity, and differences. I am grateful for the ability to have gotten to know her briefly over a period of three days and look forward to seeing where Cybersecurity takes her as we stay in contact. I also got to meet the amazing Lynn Dohm, one of the amazing ladies behind WiCyS!

The ability to connect with other individuals who are also on the same path as you are, looking to grow within Cybersecurity is huge.

Add to that, connecting with individuals who have been within the field for years, and their ability to be mentors to you, and take away advice, and you have an experience of a lifetime.

Prior to my attending WiCyS, I was unsure where I needed to go, and the path that I needed to be on. I was unsure how many job opportunities and internships were there. I just felt “stuck” especially with the inability to move up and into my field at my current place of employment.

After attending WiCyS, I can say that I have a better understanding of where I need to go, and what needs to happen to be able to dive within the field.

Not only did WiCyS offer the ability to network, but they also offered a career fair, and a career village.

The Career Fair hosted many organizations – some local to Cleveland such as Progressive, MetroHealth and Cleveland Clinic, and some national. This allowed individuals the ability to speak with organizations – some major ones, including Google, Microsoft, and Amazon, and to learn about some companies that maybe were not so well known such as Sentinal One, and Raytheon, and some national agencies such as CISA – the Cybersecurity and Infrastructure Security Agency, NSA – the National Security Agency, and various other governmental agencies.

The Career Village allowed you to get updated professional headshots, along with meeting with someone one-on-one to discuss your career path and answer any questions that you may have. In addition, it allowed for resume coaching and assistance, which is really important especially for college students, because we have no idea how to tailor our resumes to Cybersecurity. I know that I especially appreciated this, because my current resume is two and a half pages, and I needed to shrink it down.

Capture the Flag experiences were also fun and were offered at the WiCyS 2022 event. Capture the Flags are one of the many types of computer security competitions, where teams of competitors or individuals are utilizing skills in various areas such as forensics, cryptography, web exploitation, reverse engineering, and binary exploitation and the goal is to utilize team building and competition and build upon skills.

The professional speakers, and the keynotes at WiCyS also were valuable. My two favorite speakers were Jen Easterly, and Lorna Mahlock.

Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency. She has easily been one of my favorite people for many years. She has been an advocate for women within the field of information technology and cybersecurity, and she also has focused on her role with raising awareness towards mental health.

At the conference, she spoke on her role to inspire more women and girls to see themselves in the field of cybersecurity. Jen took the stage to some rock music, which I got a kick out of, as a rock and metal fan myself, but also, Cleveland is home to the Rock and Roll Hall of Fame, so I was easily excited that she was representing that as she took the stage and got everyone excited.

Director Easterly took the stage and discussed women’s history month, sharing with everyone some of the most important people who were women, who pioneered cybersecurity. Ladies from Shirley Chisholm, Ada Lovelace, Rear Admiral Grace Hopper and Katherine Johnson. Some of these ladies were famous for their programming and development, and some pioneered computers and technology within government agencies such as NASA.

In addition, Director Easterly discussed the shortage within cybersecurity, and her goal to change this. She discussed that only about 25% of the global cybersecurity workforce is comprised of women, and that women make up 51% of the population.

She discussed that she wants to get to 50% of women in Cybersecurity by the year 2030, because without more women in our field, we’re missing out on an incredible talent. She then discussed that her goal is also more diversity within our field.

Director Easterly discussed “Shields Up” and Multi-Factor Authentication, two very important campaigns at CISA.

Multi-Factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.

She discussed “Joint Cyber Defense Collaborative” or JCDC, and featured an “ACDC” logo, but JCDC instead. Director Easterly really loves rock and roll! JCDC recognizes that cybersecurity is a shared responsibility among organizations and sectors. More information can be found here: https://www.cisa.gov/jcdc

She ended her keynote performance by putting up a QR Code and “rick rolling” everyone in attendance by convincing us to “submit our cyber resume” and it was probably the funniest ending in a keynote performance that I’ve seen. You can watch the key note here below.

Lorna Mahlock spoke as a part of the Keynote that was on Friday March 18^th 2022, led by Allison Miller.

Lorna Mahlock is a Brigadier General in the United States Marine Corps, and hearing her story was powerful. She serves as the Deputy Director for Combat Support of the National Security Agency’s Cybersecurity Directorate and is the first African American to lead as Brigadier General.

She started her speech thanking those currently serving with the National Security Agency. She stated that WiCys was the first conference she had spoken to with the amount of people in attendance in a long time and that the last time she spoke to a crowd this large was Marine’s pre-deployment with their game faces on in the defense of a national mission. She stated that given the threat and opportunities within the cybersecurity space, that leveraging the talent within the ballroom at WiCys is a national imperative.

One of the lines that stuck out the most to me in her speech was when she said “You’re Titans. You’re fierce, fearsome, and fearless” and when she continued on to state “Ordinary People can do Extraordinary things, when they bring their best efforts and are a part of a powerful team” These statements really resonated with me.

BGen Mahlocks speech was about creating ladders and giving others the opportunity to be extraordinary. She asked us to not think about ladders in the vertical sense, but in the horizontal sense. These ladders create paths and outcomes that are so different then we could ever imagine. She finished her speech by explaining that there is diversity within problem solving, and that problem solving takes people from all walks of life and all experiences in life and she challenged us to expand our thinking of diversity. You can watch the keynote below.

The conference also featured speakers from Cleveland State University and the Mayor of Cleveland, and was Segmented on local news, which you can see here: https://www.wkyc.com/article/tech/importance-cybersecurity-highlighted-womens-conference-cleveland/95-79b6d3dc-6538-40d0-9825-f52986799c1d

As someone pointed out, I was also discretely featured, walking in the background with one of the wonderful ladies I networked with at Career Village, who works for MIT Labs. We enjoyed discussing “back home” as I am originally from New Hampshire and talked about the falls. Part of that networking was that we looked for each other at lunch and dinner, during the key notes, and she introduced me to her team as well, and I networked with other individuals based on that.

Prior to my attendance at WiCyS 2022, I had no idea what direction to take my career path, or where I wanted to learn more. I just knew I wanted to do “network security”. I had no idea what that entailed, or where business’ needed people. One of the most valuable things I learned in discussion with others during my attendance, was that “Cloud Based” and “Automation” is where the future is.

I think one of the other things that shocked me, was when I attended Remi Cohen and Meghan Jacquot’s presentation of “Methodologies and Investigations of Cloud Security, Practices in the Healthcare Industry” I learned that EPIC/MyChart is Cloud based and is based off of Microsoft Azure’s Cloud.  I also really loved that the two who ran this presentation had networked at a previous WiCyS event, and then formed their presentation based on the research they performed.

The healthcare industry desperately needs us cybersecurity folks because we’re responsible for securing medical records and managing their networks to ensure they’re secure from the outside world, and we’re responsible for the cloud database management. This is a field that I’m going to be looking more into as well, as a potential for cybersecurity. Remi and Meghan helped me realize that after hearing them speak.

I knew based off of the discussions with several employers at Career Fair, and discussion with others I networked with from “Cruise” “Amazon” and even “Microsoft” that I needed to become proficient in all things Cloud based, and that I needed to also make sure I mastered my Scripting language in Python, and another language known as “Golang” or in the shorter form “Go” because there was a lot of automation based programming and business’ loved this.

As a Woman in CyberSecurity, I can honestly say that I look forward to “bridging the gap” in not only diversity in Cybersecurity, but also women in Cybersecurity.

Speaking of Diversity — Friday evening, I networked with the group of LGBTQ+ within WiCys, and what a group of wonderful diverse ladies. I had so much fun laughing and spending time with them. In addition, Saturday evening, after the conference had ended, I went out to a Cleveland Cavaliers game with some of the wonderful women who flew out on Sunday.

Thank you, WiCyS, Lynn Dohm, Dr. Ambareen Siraj and Janell Straach for the ability to attend as a student scholar this year. The experience I took away from my attendance at WiCyS 2022 was like nothing I had ever experienced. The ability to network with women who have similar goals to me – working in cybersecurity, and raising that standard that we, as women can and will continue to rise in cybersecurity and the field of IT was very empowering.

There is so much that I could cover in my experience at WiCyS 2022, but the one thing I can say for sure is that I look forward to helping Jen Easterly reach her goal of 50% or more of women in cybersecurity by 2030, and I look forward to the day when I can say there is finally an equal balance of diverse women within information technology and cybersecurity, and the field is no longer male dominated.

See you WiCyS, in 2023, in Denver!

P.S. Please do check out WiCyS if you have not heard about this phenomenal organization that tailors to women within the cybersecurity industry. https://www.wicys.org/ This organization offers so much to women.

Currently, they are in the middle of their Fast Track Cybersecurity Cohort, and they currently have applications for the Cyber Defense Challenge made possible by Target, along with their Security Training Scholarship made possible by Google, Bloomberg and Facebook. They have a few other really phenomenal training programs, and they have an amazing Mentee-Mentor program that I was a part of in 2020, that really helped me understand my goals within the industry and gave me something to look forward to once a month, along with where my next goal is.