Here’s the deal with the information security industry in the United States: our country doesn’t have nearly the number of information security professionals that it needs. According to an estimate from Cybersecurity Ventures, the shortage of US cyber security workers could reach 500,000 people in 2021. The other point worth noting is that the information security professionals we do have are overwhelmingly white and male.  ISC2 data show that just 24% of cybersecurity workers are women. Just 9% of workers self-identified as African American or Black, compared with 13%of the population at large. Just 4% identified as Hispanic, compared with 18% of the overall population. 

Camille Stewart is the Head of Security Policy for Google Play and Android at Google.
Camille Stewart is the Head of Security Policy for Google Play and Android at Google

We know that the shortage of infosec pros poses a cybersecurity risk. Companies across industries struggle to find and then retain information security professionals to staff security operations centers (SOCs) and manage the security of networks in sectors like government, healthcare and retail. 

Episode 148: Joseph Menn on Cult of the Dead Cow also Veracode CEO Sam King on InfoSec’s Leaky Talent Pipeline

But what about the lack of diversity? Do infosec’s racial and gender imbalances create their own kind of security risks? Does a homogenous population of security pros potentially blind the organizations they work for  – and our society – to cyber risks? Does it shut off exploration of potentially beneficial programs, solutions or avenues of inquiry that might help solve the epidemic of cyber security threats and attacks plaguing our society? 

You and your teams are not as effective and as able to address the threat without a diverse lens. 

Camille Stewart, Google

Episode 85: Supply Chain Attacks and Hacking Diversity with Leon Johnson

According to our guest this week: it just might. Camille Stewart is the Head of Security Policy for Google Play and Android at Google. She is also a Cyber Fellow at Harvard University’s Belfer Center for Science and International Affairs. Camille is the author of the essay “Systemic Racism is a Cybersecurity Threat” which ran on the Council of Foreign Relations website back in June of 2020.

In it, Camille argues that understanding how systemic racism influences cyber security is integral to protecting the American people and defending the country from cyber adversaries. 

In this conversation, Camille and I talk about her own journey to information security as a black woman and about the barriers that men and women of color face as they seek to enter information security.

We also discuss her theory on how the information security industry’s struggles to diversify might increase cyber security risks. Camille notes that the country’s history of systemic racism and the different lived experiences of black and white Americans bears on everything from the effectiveness of public information campaigns to hiring and recruiting within the field, to the U.S.’s efforts to foster international agreement on cybersecurity norms.

“We do a disservice to ourselves as practitioners to ignore race and gender,” Camille told me. “They are a direct impediment to the work we’re doing.”

Binary Check Ad Blocker Security News

In this Spotlight Podcast, sponsored by RSA, we take on the question of securing the 2020 Presidential election. Given the magnitude of the problem, could taking a more risk-based approach to security pay off? We’re joined by two information security professionals: Rob Carey is the Vice President and General Manager of Global Public Sector Solutions at RSA. Also joining us: Sam Curry, the CSO of Cybereason.


With just over two months until the 2020 presidential election in the United States, campaigns are entering the final stretch as states and local governments prepare for the novel challenge of holding a national election amidst a global pandemic. 

As Election Threats Mount, Voting Machine Hacks are a Distraction

Lurking in the background: the specter of interference and manipulation of the election by targeted, disinformation campaigns like those Russia used during the 2016 campaign – or by outright attacks on election infrastructure. A report by the Senate Intelligence Committee warns that the Russian government is preparing to try to influence the 2020 vote, as well.

A Risk Eye on the Election Guy

Securing an election that takes place over weeks or even months across tens of thousands cities and towns – each using a different mix of technology and process – may be an impossible task. But that’s not necessarily what’s called for either.

Robert Carey RSA Security
Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Like large organizations who must contend with a myriad of threats, security experts say that elections officials would do well to adopt a risk-based approach to election security: focusing staff and resources in the communities and on the systems that are most critical to the outcome of the election. 

What does such an approach look like? To find out, we invited two, seasoned security professionals with deep experience in cyber threats targeting the public sector. 

Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Rob retired from the Department of Defense in 2014 after over 31 years of distinguished public service after serving a 3½ years as DoD Principal Deputy Chief Information Officer.

Sam Curry, CISO Cybereason
Sam Curry is the CISO at Cybereason

Also with us is this week is Sam Curry, Chief Security Officer of the firm Cybereason. Sam has a long career in information security including work as CTO and CISO for Arbor Networks (NetScout)  CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. 

Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON

To start off our conversation: with a November election staring us in the face,  I asked Rob and Sam what they imagined the next few weeks would bring us in terms of election security. 

Like Last Time – But Worse

Both Rob and Sam said that the window has closed for major new voting security initiatives ahead of the 2020 vote. “This election…we’re rounding third base. Whatever we’ve done, we have to put the final touches on,” said Carey.

Like any other security program, election security needs baselines, said Curry. Elections officials need to “game out” various threat, hacking scenarios and contingencies. Election officials need to figure out how they would respond and how communications with the public will be handled in the event of a disruption, Curry said.

“The result we need is an election with integrity and the notion that the people have been heard. So let’s make that happen,” Curry said.

Spotlight Podcast: As Attacks Mount, ERP Security Still Lags

Carey said that – despite concerns – little progress had been made on election security. “The elections process has not really moved forward much. We had hanging chads and then we went to digital voting and then cyber came out and now we’re back to paper,” he said.

Going forward into the future, both agree that there is ample room for improvement in election security – whether that is through digital voting or more secure processes and technologies for in person voting. Carey said that the government does a good job securing classified networks and a similar level of seriousness needs to be brought to securing voting sessions.

“Is there something that enables a secure digital vote?” Carey said. “I’m pretty sure our classified networks are tight. I know we’re not in that space here, but I know we need that kind of confidence in that result to make this evidence of democracy stick,” he said.  


(*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.