In the premiere episode of On Location With Marco and Sean at Infosecurity Europe in London, we dive into the significant roles women play in cybersecurity and explore the critical need for inclusivity within the industry. Join us as Stephanie Hare illuminates the key challenges and opportunities in this dynamic field.
Guest: Stephanie Hare, Researcher, Broadcaster, Author
On LinkedIn | https://www.linkedin.com/in/stephaniehare/
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
Unveiling Pre-Event Conversations: Women in Cybersecurity
Set against the vibrant backdrop of Infosecurity Europe in London, the initial episode of the Infosecurity Europe Coverage by On Location With Marco and Sean features a compelling dialogue with Stephanie Hare. A distinguished researcher and author, Stephanie navigates the intricate interplay of technology ethics within the cybersecurity sphere.
Navigating the Cyber World: Stephanie Hare's Journey
Stephanie Hare shares her insights, stressing the importance of expanding the cybersecurity talent pool. Her extensive involvement in research, broadcasting, and writing showcases the varied avenues through which one can significantly impact the industry.
Bridging the Diversity Gap: Challenges and Solutions
The discussion delves into the persistent diversity hurdles that the cybersecurity industry faces. Stephanie points out the essential role of inclusive perspectives in driving innovation and resilience against cybersecurity threats. The conversation emphasizes the strategic necessity for organizations to adopt inclusivity and diversity within their teams.
Empowering Through Knowledge: The Role of Education
Highlighting the power of education, Stephanie advocates for the dissemination of knowledge and empowerment, especially among the youth and those transitioning into cybersecurity from non-traditional backgrounds. Her vision promotes a more inclusive and dynamic sector.
Looking Ahead: Infosecurity Europe and Beyond
The episode transitions to the upcoming activities at Infosecurity Europe, focusing on women's contributions to cybersecurity and the importance of inclusivity in the sector. As the event approaches, participants look forward to engaging with transformative insights and discussions spearheaded by leaders like Stephanie Hare.
Conclusion
This blog post, through Stephanie Hare's expert perspectives, captures the essence of the crucial discussions at Infosecurity Europe, spotlighting the pivotal role of women in shaping a more inclusive and robust cybersecurity industry.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr
Be sure to share and subscribe!
____________________________
Resources
Women in Cybersecurity Keynote: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219367.women-in-cybersecurity.html
Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Women Empowering the Cybersecurity Industry - Insights from Infosecurity Europe with Keynote Stephanie Hare | An On Location Coverage Conversation with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Marco.
[00:00:02] Marco Ciappelli: Let's do it.
[00:00:03] Sean Martin: Do you have your wings on?
[00:00:04] Marco Ciappelli: My wings?
[00:00:07] Sean Martin: Not because you're an angel. We all know that's not the
[00:00:10] Marco Ciappelli: I'm Iron Man. I don't have really wings. It's just very powerful propulsion system.
[00:00:16] Sean Martin: You just shoot fire?
[00:00:19] Marco Ciappelli: Yep, that's how I travel lately actually. It's wonderful. Until I, I don't know, get shut down or something.
[00:00:29] Sean Martin: So, uh, so your, uh, computers compromised.
[00:00:32] Marco Ciappelli: You got me into a movie. So now I'm in a Marvel movie right now. So get me out of that. Tell me,
[00:00:39] Sean Martin: let's bring you back to, uh, closer to, to our own atmosphere here. And, uh, yeah, we're on our way to London. Infosecurity Europe.
[00:00:51] Marco Ciappelli: Very, very excited about that. I know. It's that time of the year.
[00:00:54] Sean Martin: It's that time of the year. Hopefully we'll get some sun in London. So we can enjoy some meals outside.
[00:01:01] Marco Ciappelli: Don't count on it.
[00:01:03] Stephanie Hare: If it happens, it's a nice surprise and a treat, but I wouldn't bank on it, even in the summer.
[00:01:08] Marco Ciappelli: Last year was amazing. It was a little bit too hot, actually, if I remember well. And that's, you know, that's weird to say that about London.
Yeah. I'll take that again.
[00:01:20] Sean Martin: I think we got, we got tons of steps in as well. I certainly didn't, but, uh, we're not here to talk about the steps and whether we're here to talk about, uh, bits and cyber, so all, all things infosecurity Europe, uh, this is essentially our kickoff for the coverage. We have a lot, a lot coming up for that.
A lot of great conversations plan there, which we'll, we'll talk to the organizers to get a, get a rundown and the lowdown of what's going on. So we won't try to recap that now. We're going to talk about Stephanie Hare and her session and the things that she's seeing in cybersecurity, some of the trends, what it's like to, uh, to be a professional in this space and how to succeed in that as well, uh, and maintain some, some credibility personally, and then hopefully extend that to the program through, uh, through ethical means of, of delivery of services to the, to your customers.
So, a lot in there.
[00:02:22] Stephanie Hare: What could go wrong? That's true. What could go wrong?
[00:02:27] Sean Martin: Ah, boy. Do we, do we want to go there? The food supply chain, I think was something we were talking about before, beforehand. Um, but before we get into what you're going to be presenting at InfoSecurity, uh, London, in Europe and London.
Uh, I know Marco and you had a chat before, but, uh, so people may have heard you on the show, but perhaps a few words about who Stephanie is and what you're up to, kick things off.
[00:02:54] Stephanie Hare: My name is Stephanie Hare. I am a researcher. I'm a broadcaster and I'm author of a book called technology is not neutral, a short guide to technology ethics.
Um, in terms of broadcasting, I'm fresh off of our very first 30 minute episode of AI decoded, which is a weekly television show that is airing on the BBC here in the UK, but also globally. And it is on YouTube. Of course, we have a playlist. So, we're looking at artificial intelligence, um, for a number of reasons, but one that will make a lot of sense to a cybersecurity audience, which is that old chestnut of, you are only as strong as your weakest link.
In cybersecurity, it really inspired the show. In a lot of ways, because as we all know, we often blame humans as being the weakest link. They're the kind of people who get tired and distracted. And so they click on a phishing link or a spear phishing link, or they can't tell if something's a deep fake or not.
They're all victims of fraud, um, and let people into their systems when they shouldn't. That thinking and training that I've had over the course of my career made me think that we could apply it to artificial intelligence because so much is It's happening now with AI. Some of it's a lot of hype and grift because there's people making money off of that, but there's also some real change and some of it's really exciting and some of it is genuinely terrifying.
If humans are the weakest link in cybersecurity, my question as a philosopher would be, you know, what are humans there for in the world of AI? And how AI and cybersecurity are going to interact both offensive and defensive creates yet more potential for humans to get things wrong and screw things up.
And I don't like that. And I also don't like that the public at large, I think is often left behind both in cybersecurity discussions and in AI discussions. So artificial intelligence decoded on the BBC exists as a sort of answer to that challenge of what if we had said humans aren't the weakest link?
What if we could build them up? Just like we would build up public health and get people sort of fighting fit. So we've got to get them informed. We've got to teach them what certain key concepts are. We've got a point where resources are if they wanted to go and take it deeper. Um, I get a lot of parents and teachers asking me what their children should be studying.
or what kind of careers are available to them. Everybody's trying to figure out how to make the most sense of it and also how to protect young people. So I think knowledge is power. So if we can put knowledge into the hands of people, um, it's why I wrote my book. It's why I do a lot of op eds that go into various newspapers.
It's why I'm doing a podcast like this. I'm very grateful to get to chat with you today. It's why I'm doing the keynote on the 5th of June. Um, and it's why I do a lot of television and radio is I'm trying to go where ordinary people are so that cybersecurity and AI aren't just for experts. They need, they really need to be for everybody because this is a society wide challenge.
It doesn't make sense not to develop the talent pool, which we all know there is a talent shortage. So that's, that's the approach that I'm taking. It's a wager. It may not be. May not work, but, um, nothing ventured, nothing gained, and already the feedback from the public has been beyond anything that I could have dreamt.
It's just been great. So ideas will be welcome, and I'm really looking forward to talking to everybody at the conference in June to get thoughts from you about what you wish the public knew about cybersecurity and about artificial intelligence, because we can then take that around, package it up and turn it into learnings for people, outputs and artifacts.
I think that's quite enough for that one question.
[00:06:42] Marco Ciappelli: But yeah, I don't know you open up another million questions here, but more than a question I want to make a comment, which is, you know, we don't trust the human or at least we'd like to say that we want Them though to use what we called artificial intelligence would always say it's the wrong name for it because it sounds very human And it is actually amplifying the human Uh, flaw on top of, you know, the, the intelligence that we have and, uh, and then, and then we have a problem with it.
Right? We don't teach people what to look for. But we tell them, Hey, you're already using it in the background anyway. And, uh, now we're going to put it on your phone. You're going to use it yourself and it's going to get your jobs and blah, blah. So we create this entire news circle that it's kind of, you need clarification.
So where I'm going is, I'm glad that people like you are trying to explain this, but what do you get from the industry and especially from. The cyber security industry, do you get that? Eh, people shouldn't worry about that. Let us take care of it. Or you get like, yeah, it is time to involve people, the users in the process.
[00:07:59] Stephanie Hare: I think everybody agrees that we have a talent shortage. Um, just in terms of sheer bodies with people going into the field, but we also have a diversity in the field shortage, which is fatal. Um, probably bad in any, any human endeavor, but particularly in one that's so creative, uh, in its problem and in its solutions suite, like cyber security and AI in both cases, you want the widest possible diversity.
Because you've got groupthink as a risk, you've got blind spots. So people are aware of that, but you know, the numbers really haven't shifted since I started working in cybersecurity many years ago. The number of women working in the field remains very, very low. Um, all sorts of, of diversity. It could be linguistic, you know, like what languages are we, what languages are we building the AI revolution in?
When you're looking at a large language model, what's it trained on? Right. Um, and, and who's English, even if it's English dominant, it's who's English because the English language is spoken very differently in different countries. None of these are neutral questions. Um, and that's not fair for people whose language, you know, the first language might not be English, but they're being forced to always go through an English language tool.
So all of that, um, racial, ethnic diversity experience of having tools used on you, who has power to use tools and who's on the receiving end of them. Thank you. These sound like social or political or philosophical or cultural questions, but they actually manifest technologically as well. And for a really good designer or really good strategist or problem solver, hopefully you're taking that stuff in to account at the very beginning.
So my understanding from talking to my many, many clients, um, and colleagues still who are working in this space is everybody knows we have a problem and a lot of money is actually spent trying to improve diversity. And I think we're not really getting a good return on investment for it. Um, GCHQ, which is the signals intelligence agency here in the United Kingdom, has done a lot to improve their diversity.
And I think that they've, they've got a lot that we could learn from. And I know the U. S. is trying to do the same at the government level. In the private sector, what's so weird is if you wanted to close the gender pay gap, for example, um, you could do a lot worse than to go into tech, right? You can make a decent living at this.
But when you go and talk to young girls here about why they're not signing up for computer science at. Um, the high school exams here are GCSE and A level, so it's been at 16 and 18, you know, and that's the path that will set you potentially towards studying these things at uni or other paths into the, into the sector.
They find it really boring. They find it really theoretical. Something's turning them off, which is so frustrating for anybody who works with young girls and like knows how absolutely brilliant they are and creative, um, and just born problem solvers and would be a great addition to any team. The idea that we're turning talent off is, um, is awful.
And that's just with the example of girls. I'm sure it's a true for all, all demographics, really. What do we do to turn kids off from going into a field? So I think, I think we know that there's a problem, really not impressive results for the field. You know, we had to mark ourselves as probably a C minus, uh, in terms of solving it.
One thing I would say though, is I think we have to be more creative about paths in. So again, Code First Girls here in the UK has been working with GCHQ and a number of companies here to offer mid career pivots to women. So like, say you've been working for 10, 20, 30 years. And now you want to get into cybersecurity.
How do you do that? Someone has created that on ramp. Yes, you have to do the work, but you know, people who are wanting to get into this, aren't afraid of the work. What they just need is the opportunity and someone to build the bridge from where they are to where they want to go. That I think is what we need a lot more of and making that, making people feel open and safe to come from different backgrounds and ways in.
And really valuing that experience that they're going to bring from something else. So that's, you know, that's again, part of my, my wager is. There's a lot that you can do. I've got some books here, uh, because this is a big part of my process. So I thought I'd share it with you, but just FYI, if you have not read Nicole Perlroth's book, ooh, look at my blurring.
This is what it does is here. It's sorry. It's called This is How They Tell Me the World Ends and it won the Financial Times Business Book of the Year. So my point is you do not need to be remotely in cybersecurity to enjoy, read, and find this book valuable. It's all about the cyber weapons arms race.
Like that's a great primer. Anyone can read this, really enjoy it and come out probably some cool questions. Then I'm reading something called offensive cyber operations, um, by a brilliant scholar and former colleague of mine, Dr. Daniel Moore, who is now at Meta and has a fascinating background. Um, Ridd, who's also very well known in the field.
So my point is. You could just read and educate yourself. The books are there. Like everything's out there. The tutorials are online. There's incredible forums you can follow. So coding is your way in where you actually want to be in the code. There are paths for that, but there's also the more strategic path, the just learning from case studies that have happened.
You know, if we're taking a historian's path of, well, what's, what's happened before? Who are the big players in this space? How is AI changing this? Again, as we mentioned, offense to defense, um, who are the And countries. And who's really vulnerable. You could map that out without knowing any code at all and still be able to have a very intelligent conversation if you wanted.
So I think it's that. That's really important to take to governments. It's really important to take to the C suites or even to mid career managers and be like, this isn't just something for your CISO to be thinking about. This is something for the whole organization to be thinking about, or the whole country.
And everybody has to work together because Um, that's one of the things that's amazing in Nicole Pearlroth's book is she shows you how attackers learn from each other. Like they're, they're doing this reading, you know, their, their version, their equivalent of doing the reading, they're learning from one another.
So you have to, you have to have the curiosity about the field. And that might be from a traditional engineering background, but it might just be, I am a resident of a borough in London called Hackney that had a cyber attack that shut down local governments for, you know, 15 months. And that might be the thing that like woke you up to that, right?
Or you're a doctor and you were working at the NHS when WannaCry hit and shut down most of our hospitals here. So you might never have been interested in cybersecurity until you, you got interested because it suddenly got interested in you, to misquote London terribly, right? So there's different ways to go about it.
And my goal is to, is to have a big tent. I want everybody to feel welcome if they're curious and interested, or at least to understand if they're not curious and interested, how it at least relates to them.
[00:15:11] Marco Ciappelli: It's not the first time, actually, I heard this many times about this, the fact that you don't really need to code or come from computer science or math or engineering to.
To understand all of that. And, um, I mean, I'm with you. I mean, my background obviously has nothing to do with that. It's sociology and political science. And, you know, I'm like you, I, I, I picked this weird book. I'm reading now the bottle for your brain by Nita Farahani, which is all about using this brain interface to, to operate computers, to operate things, but also to kind of do the show how meditation works and, uh, and at the same time as being a data.
That you put out there that is very, very valuable and it's a lot private. So it's kind of like the third police is coming and, uh, we probably need to think about it from a lot of different perspective. Um, so, uh, Sean, uh, I know I'm already doing the whole conversation myself, so I'm going to leave you some space.
Well,
[00:16:12] Sean Martin: no, I was following, uh, your train of thought as well with it. It's the age old problem where the technology takes center stage. And we forget about the outcome. And the ultimate outcome is our own personal well being in a healthy society, right? And within a culture that we help define and feel comfortable within.
And yet we still get caught up in Well, how does the technology work? How, where is it failing? And we were talking before recording Stephanie about whether impacting food supply, perhaps, and your sense of, uh, what do I do with this information? If we, if it's presented in a way that's, that's compelling and interesting, that gives you hope and a view for how to solve the problem.
Then perhaps you'd want to get involved and help solve the problem. I'm not, I'm talking to you specifically, but in general, if it's presented in a way that seems obtruse or burdensome or scary or whatever, not welcoming, then I don't want to be part of the solution to the problem and therefore the problem exacerbates and less people.
And only those who have, to your point on, on AI hype making money. Only those who have money to invest to exploit those who don't and, and exploit the fears that they have and the lack of understanding they have. It just creates this further divide, I think. And so I don't know how we change that, the conversation there specifically around cybersecurity, but I keep finding that we, we often go back to the tech and the tech is not where we should be focusing.
It should be on the people and the outcome.
[00:18:04] Stephanie Hare: Yeah. And you know, what does good look like and how do you plan for failure? So what's your resilience? What's your business continuity? Um, how do you distribute risk? Who needs to know what, you know, are you collecting too much data? Like do you, you know, the more attack services you have, the more vulnerable you are.
So why are you collecting so much? What are you doing with it? How empowered are your customers? How empowered are your users? Um, and also like what's the trail? You know, so how do you tell who's looking at what? And it's, you know, I do not pretend for a second, by the way, that any of this is easy. Uh, if it were easy, you know, I can't even imagine that world.
Uh, it isn't easy. It is complex. I'm just saying that, you know, human beings are incredible. We can put a man on the moon. We can go down and explore the sea. Uh, people can learn languages that they did not grow up speaking. Like we don't, it's not, it's challenging, but it's not impossible. So. At that point, I just get into sort of teacher mode, which is like, okay, if I've got someone who's here and I want to get them to here to solve a problem or, you know, take on a challenge, what are the building blocks that I need?
And what's the pace that I'm going to need to take them through that in a way that gets them like strong confidence, you know, ready to go out there. Um, and eventually, you know, they can, they can go off and start teaching themselves, teaching others, et cetera. Like the fearlessness factor of, yeah, this is hard, but I can do it.
Um, is good. And again, people do, you can't, I don't think you can work in cybersecurity, um, certainly for very long or in certain roles and not code. Like I wouldn't want to sort of be like, Oh, you don't need to code. You do. A lot of people do who are working in it, but there are some people who won't, who are doing other stuff that is complimentary.
And also coding is like quite cool. It's quite fun. Um, and again, it doesn't have to be the maths physics way that we often are told. It can also be people who are really good at language. It can also be people really good at design, um, or psychology. So again, that's what I mean by like broadening it out to get away from what I think are probably media tropes, you know, just sort of shorthand, um, I am wearing an obligatory hoodie for this conversation, but you don't have to wear a hoodie to work at tech, uh, wear whatever you like, just be comfortable.
Cause you're probably going to be sitting on a laptop for a long time. Um, it's more than that. It's the problem solving nature. So I still weirdly remain optimistic about it. It's more where I just think there are no quick fixes. It's continual learning. Again, if you're like smart and interested in the world, you kind of like that.
You wouldn't want to be working on the same thing that you were working on five years ago. You'd want to, it's evolved. So it's an incredibly rewarding field. I do think market incentives are a bit skewed on it because In so many other things, you get judged and paid, remunerated, and promoted based on what you've done.
And so often with cybersecurity, it's counterintuitive. It's your success is based on what has not happened. You protected something from being stolen. You protected yourself from having a breach. That's really difficult to measure because most networks that get penetrated, people don't even know it's happened for, I think it's It's like an average of sort of 18 months, but it could be years, you know, um, and why is somebody in there?
What are they doing? Are they stealing? Are they just sniffing around? Are they doing malware, ransomware? Like what's going on? Figuring that all out is really difficult to have this conversation to your corporate overlords. So I think chief information security officers often can find that really challenging because they don't know how to, you They're not measured in the same way as their peers a lot of the time.
And so that's a conversation as well. I guess there's probably good analogies again with the public health or even like the defense sector. How do you decide somebody is a good secretary of defense? Is it because they take us to war or because they keep us in peace? You know, how diplomats defuse.
[00:22:08] Marco Ciappelli: Yeah. I
[00:22:08] Stephanie Hare: know they touched on the number of conflicts that they, they calmed down or, or what.
So it's probably, it's probably that. And again, just taking all of that to the public and making that part of organizational conversations and the like. Um, it would be great if we could get away from some of the stuff around the Terminator or again, the image of somebody who's a hacker working in his parents basement or garage.
Probably need some new new television programs and narrative tropes with a bit more inclusive imagery just just for people can see themselves because it does. It does matter. You know, if you're like, I think that's not great. So the field can do maybe a bit more, but I think all of us can also do a lot more.
We must love our nerds.
[00:22:51] Marco Ciappelli: I agree. And I am glad that you have an entire TV show to bring this to the table because I'm afraid that the keynote time. That you're going to have an infosecurity is not going to be quite enough for all of this for the big picture But I think you also touched on certain point Uh that you will bring up to the keynote and I want to remember this is part of the women in cybersecurity Event, which was very successful in the past years and they're bringing it back in your keynote in that so How about we end this?
First chats on the road or fly on the whatever conversation on the airplane, whatever we decide to call it With you getting in a minute of invitation for people to come and, uh, and participate to. I was hoping
[00:23:40] Stephanie Hare: you were going to invite me to burn a bra on camera and be like, woo, women in cyber, let's do it.
Uh, no, I mean, my, my invitation is this, this talk is open to everyone. Um, because I'm sure everybody, men included, would be very interested to hear about women in cybersecurity. But it's particularly open to, um, women who are curious. So, I'm really excited to hear what women have actually been doing the whole way through as this field has developed.
What some of the top women in cybersecurity are doing now and how you can make a place for yourself, whatever place it is that you want in this fascinating and rewarding field. So come, it won't be boring.
[00:24:18] Marco Ciappelli: And of course, men should come too, even, even more, I think, because, hey, you can't be inclusive and understanding if you just don't.
Don't listen. That's a good way to good point. Start a good starting point. Sean, you're going to go.
[00:24:37] Sean Martin: I'm going to be there for certain for certain. I think, uh, well, not just because of supporting, but I think the conversations will also lead to some of the things we just talked about, which is diversely.
Come together to solve these common problems that we share and it's going to take all of us, uh, to do that. ,
[00:25:03] Stephanie Hare: Yeah, and a really quick way that we can solve that talent shortage and cyber security that plagues us as a worldwide problem would be if we stopped turning off 50 percent of the population.
[00:25:15] Marco Ciappelli: Yep, that would be a good start. That would help for sure.
[00:25:17] Sean Martin: Absolutely. A lot of good conversation and no question. And, uh, yes, Mark, I'll be there.
[00:25:23] Marco Ciappelli: Yep. So we will be there. Stephanie will be there. There is the Excel in London. And there will be notes and links to the session, to the event, to the whole event.
So you can see who is speaking, who is answering. The company that are gonna be there, uh, exposing all the new ideas and innovation. And of course we will be there with our coverage. A lot of conversation on location before, during, and after. So stay tuned and, uh, I'm excited. Hope you everybody's going to follow us on this journey.
Stephanie, thank you so much. It was great to see you again.
[00:26:01] Sean Martin: Thank you, Stephanie.
[00:26:03] Stephanie Hare: Thank you both. See you soon. Bye Bye. See you soon. See you in June. Oh
[00:26:07] Marco Ciappelli: yeah.