Here’s the deal with the information security industry in the United States: our country doesn’t have nearly the number of information security professionals that it needs. According to an estimate from Cybersecurity Ventures, the shortage of US cyber security workers could reach 500,000 people in 2021. The other point worth noting is that the information security professionals we do have are overwhelmingly white and male.  ISC2 data show that just 24% of cybersecurity workers are women. Just 9% of workers self-identified as African American or Black, compared with 13%of the population at large. Just 4% identified as Hispanic, compared with 18% of the overall population. 

Camille Stewart is the Head of Security Policy for Google Play and Android at Google.
Camille Stewart is the Head of Security Policy for Google Play and Android at Google

We know that the shortage of infosec pros poses a cybersecurity risk. Companies across industries struggle to find and then retain information security professionals to staff security operations centers (SOCs) and manage the security of networks in sectors like government, healthcare and retail. 

Episode 148: Joseph Menn on Cult of the Dead Cow also Veracode CEO Sam King on InfoSec’s Leaky Talent Pipeline

But what about the lack of diversity? Do infosec’s racial and gender imbalances create their own kind of security risks? Does a homogenous population of security pros potentially blind the organizations they work for  – and our society – to cyber risks? Does it shut off exploration of potentially beneficial programs, solutions or avenues of inquiry that might help solve the epidemic of cyber security threats and attacks plaguing our society? 

You and your teams are not as effective and as able to address the threat without a diverse lens. 

Camille Stewart, Google

Episode 85: Supply Chain Attacks and Hacking Diversity with Leon Johnson

According to our guest this week: it just might. Camille Stewart is the Head of Security Policy for Google Play and Android at Google. She is also a Cyber Fellow at Harvard University’s Belfer Center for Science and International Affairs. Camille is the author of the essay “Systemic Racism is a Cybersecurity Threat” which ran on the Council of Foreign Relations website back in June of 2020.

In it, Camille argues that understanding how systemic racism influences cyber security is integral to protecting the American people and defending the country from cyber adversaries. 

In this conversation, Camille and I talk about her own journey to information security as a black woman and about the barriers that men and women of color face as they seek to enter information security.

We also discuss her theory on how the information security industry’s struggles to diversify might increase cyber security risks. Camille notes that the country’s history of systemic racism and the different lived experiences of black and white Americans bears on everything from the effectiveness of public information campaigns to hiring and recruiting within the field, to the U.S.’s efforts to foster international agreement on cybersecurity norms.

“We do a disservice to ourselves as practitioners to ignore race and gender,” Camille told me. “They are a direct impediment to the work we’re doing.”

In this episode of the Security Ledger Podcast (#202) we do a deep dive on President Biden’s cyber agenda with three experts on federal cyber policy and the challenges facing the new administration.


Well, it almost didn’t happen, but on January 20, Joseph Robinette Biden Jr. was sworn in as the 46th President of the United States. More than any president since Franklin Roosevelt, Biden inherited a country in the throws of a crisis. By the time of his inauguration, the COVID virus had killed upwards of 400,000 U.S. residents and tanked the  national economy. As the incidents of January 6 indicated, right wing militant groups are stirring and threatening to topple democratic institutions.

Enter Solar Storm

And, as if that wasn’t enough, the weeks between the November Election and Biden’s January inauguration brought to light evidence of what is perhaps the biggest cyber intrusion by a foreign adversary into US government networks, the so called Solar Storm hack, which has been widely attributed to the government of Russia. 

Even before Solar Storm, Biden made clear as a candidate that a cyber security reset was needed and that cyber would be a top priority of his administration. The wide ranging hack of the US Treasury, Departments, of State, Justice, Defense and Homeland Security – among others – just added fuel to the roaring dumpster fire of Federal IT security. 

But what will that reset look like? To understand a bit better what might be in store in the months ahead we devoted this episode of the podcast to interviewing three experts on federal IT security and cyber defense. 

Rebuilding Blocks

But first, before you can do a reset you need to understand what went wrong the first time around. In the case of federal cyber security, that’s not a short list.

Spotlight Podcast: Taking a Risk-Based Approach to Election Security

In our fist segment, we’re joined by two experts on cyber policy about the US governments struggles to get cyber security right, culminating with the problems seen during the Trump administration.

Lauren Zabierek is the Executive Director of Cyber Project at Belfer Center For Science and International Affairs at Harvard’s Kennedy School of Government. She’s joined by Paul Kolbe, the Director of the Intelligence Project at Belfer Center. The two joined me in the Security Ledger studios to talk about how the Biden Administration might rebuild the US government’s cyber function and who might populate key positions in the new administration. 

Spotlight Podcast: QOMPLX CISO Andy Jaquith on COVID, Ransomware and Resilience

To start off, I asked them what the biggest challenges are out of the gate for the new administration. 

The Byte Stops Here: What Cyber Leadership Looks Like

As Harry Truman famously said: the “Buck stops” at the President’s desk. That wasn’t a phrase that was heard much during the Trump years. But with a new President sworn in, what does real leadership look like on federal cyber security?

Mark Weatherford is the Chief Strategy Officer at the National Cyber Security Center.

To find out, we invited Mark Weatherford into the studio to talk. Mark is the Chief Strategy Officer at the national cyber security center. a former CISO for the State of California and Deputy Under Secretary for Cyber Security at the DHS. In this conversation, Mark and I talk about the importance of presidential leadership on cyber security and what – if anything – the Trump administration got right on cyber policy in its four years in power. 


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.