Exclusive Interview: ICIT Executive Director Joyce Hunter on Today's Cybersecurity Challenges

September 28, 2020

DLT Solutions recently sat down for an interview with Joyce Hunter, executive director for strategy and process at the Institute for Critical Infrastructure and Technology (ICIT), the nation’s leading cybersecurity think tank. On the table for discussion was how ICIT is cultivating a “cybersecurity renaissance” – including promoting the role of women in cybersecurity. We also talked to Hunter about how government agencies can compete more effectively for cybersecurity talent and nurture the next generation of cyber warriors. 

Below is a quick summary of our chat! 

Q: What’s the role of ICIT in the cybersecurity ecosystem? 

Joyce Hunter: ICIT is a cybersecurity think tech. Our community of fellows are an elite group of nationally recognized cybersecurity and national security leaders who acutely understand the power of meaningful engagement and recognize the importance of the ICIT mission.  ICIT also publishes white papers, maintains a digital library, and provides webinars and podcasts on topics of interest. What makes us different is that we focus solely on cybersecurity. In fact, ICIT is the only cybersecurity think tank in the United States.

Q: How do you view yourself being a woman in cybersecurity, especially a woman that has held so many prominent posts and positions as you have?

Joyce Hunter: It's a little bit different because there are not a whole lot of us. In 2013, 11% of people in cybersecurity were women. By 2019 that number had grown to 24%. However, that 24% includes any woman that touched cybersecurity, even if they’re typing up a paper or copying some information – not just those in the trenches. So, it’s unclear how accurate that 24% number is.  Another important statistic is that women in cybersecurity, whether they are at a managerial level or an analyst level, earn approximately 17% less than their male counterparts. And then if you delve further into it, Black or African American people make up only 3% of cybersecurity analysts in the United States.

It's important that we let other women know, girls especially, that this isn't just for men only. It’s also multidisciplinary. I have a bachelor's degree in sociology and a master’s degree in marketing. And nothing says technology in there. You must be able to think through problems, creatively think through problems, and that's what's important in cybersecurity.

Q: What are the top challenges that you see cybersecurity people facing today?

Joyce Hunter: Finding the right people for the IT workforce, hiring them, and getting them to stay – particularly in the federal government. 

We need to shorten the time and recruit them early. I am a firm believer in getting them right out of high school, providing them with internships, paying for their college – just like the military. We give you one year of college, you give us one year of service to the federal government that would at least get a commitment from them for four years. Because we know that the market is tight. It’s estimated in the Washington, D.C. metro area that the cybersecurity workforce opportunities have increased about 145% over the last five years.

Q: Why do you think there's too little supply in the workforce? 

Joyce Hunter: I think it’s because we’re not looking at the entire workforce, we’re focusing on those with a degree or experience. We’re not going into high schools and giving students internships – there’s nothing that says they must have a degree anymore. That ability to be flexible and hire the people that you need when you need them, is going to be extremely important to getting that number down. If we can take somebody with a music degree or with a sociology degree and say: “How do you want to learn? Would you like to learn something new, different, exciting, and something that will constantly change?” Because the adversary is constantly changing, so it won't be boring, that's for sure.

I would add to that cybersecurity often is portrayed as a losing battle. In other words, no matter what you do, you can always be hacked. That can be an inhibition to a young talented person that wants to get into this field. Who wants to play for the losing team? I could go learn about artificial intelligence, or robotics or some other exciting field and be on the winning team. 

Q: We've talked about some of the challenges out there. But what are the solutions? How can we go about expanding the cybersecurity workforce? How can we draw more women in how can we draw more people of color? 

Joyce Hunter: We must go where they are. We must address more women's organizations, more women's groups, and more high school career fairs.

We need to be connected with those public school systems and offer to go in and talk about things like my summer camp for underserved and underrepresented youth. we have a whole section on cybersecurity in which Cisco ran a virtual lockout room. It was absolutely fascinating as students tried to figure out the problems and beat the clock. 

Get them young, at 13-14 years old, introduce them to the concepts of cybersecurity and why it's important, even scare them to death! Let them know that at that young age that whatever they put out on the web, however private, somebody is going to find it.

Q: ICIT has a briefing coming up on October 14-15th. Can you talk about that? 

It’s a virtual briefing that will focus on developing a secure roadmap for the future across the federal government, academic institutions, nonprofits, and industry – looking at where we’ve come from and where we need to go to make ourselves more secure. The format will imitate TV episodes with each episode leading to the other one. Where are we now? And how do we continue to move forward? How do we prepare for the next time? We have some of the top people in the federal government coming to talk to us based on their experience in those areas. Attendees aren’t going to sit there for six hours and listen to talking heads. You can register for the event here.