Find Your Role in Cybersecurity

 

Dominic Vogel: Hello everyone. Welcome to another edition of the Cyber Security Matters podcast. I'm your host, Dominic Vogel. And joining me as always is the man who rode in on the horse with no name, Christian Redshaw. Christian, how are you doing today?

 

Christian Redshaw: I am doing very awesome. I'm particularly happy today about our guest today. And why don't you tell everyone who it is?

 

Dominic Vogel: Absolutely. We're really, really excited to have Cheryl McGrath. She's the area vice President and country general manager for Optiv Canada. Cheryl, just a wonderful human being. We're really, really looking forward to having her on the show. So Christian and I are gonna take a brief momentary pause here and we'll bring Cheryl aboard. Let's do it. Cheryl McGrath, welcome to the Cyber Security Matters podcast.

 

Cheryl McGrath: Thank you for very much for having me. I appreciate it.

 

Christian Redshaw: It's awesome. It's good to have you on. So tell us a little bit about your career journey so far. How did you get into cyber security in the first place and part B, what is your role now at Optiv?

 

Cheryl McGrath: Well, maybe I'll start with part B first if you don't mind. So I'm responsible for Optiv in Canada. So Optiv is a three billion dollar organization based in the US and I launched the Canadian business in Canada six years ago. And we operate in 65 countries. We've got about 7,000 customers across those countries. And so all we do is pure play cyber security. We are responsible for doing work for a lot of Canadian organizations, whether it's government, whether it's all sectors, financial services, et cetera. And we advise and deploy and then operate, run, manage services for many of those customers. So I've got a team, we've got up to about a hundred people now and everything from service delivery people to sales people to finance, et cetera. So that's what I'm currently doing. And then I'll go to your part A question is my background. So I'm from Calgary actually. I live in Toronto now. And when I graduated from university in Calgary I didn't have a tech background and I ended up my first job working in a technology company and became very interested in that and self-taught. So I think when you're in technology, really any part of an organization you have to be a self-learner and a continual learner. So I progressed through various organizations in the tech space. So at one point I was running a 1,200 person services group. And then each along the way, every time there was a new opportunity I had to learn something new. And of course in cyber now there's something new every hour nevermind that you have to learn every month or every every couple of months. So just continued to progress. I spent a lot of time making sure I put my hand up for rules and that's what I talk to people about now is just put your hand up. You can go learn what you need to know and be brave and put your hand up, especially women in the IT and cyber space. So various roles in commercial, private sector and public sector as well across the Canadian landscape.

 

Dominic Vogel: Thank you so much for sharing your narrative, Cheryl. That's wonderful to hear. And one of the bits that we really wanted to focus on today with you and we know you're a tremendous champion for diversity and inclusion and especially with women in cybersecurity. And for myself, having been in this industry for 15 years, I mean, it's been very, I remember one of the first conferences I went to, I thought, wow there's a lot of middle aged white guys here. and again, the irony's not lost. I mean, 15 years later here I am as a middle-aged white guy but where are we right now in the diversity journey in cyber security? I mean, it's been a very male dominated industry for many years, particularly IT male dominant industry. Where are we right now in terms of inclusion and retention for especially for women?

 

Cheryl McGrath: Yeah, well, so in Canada there's about 25% of the workforce in cyber that are female or identify as female. So 25%, which is higher than it was the year prior. I think it was 20% the year prior. We continue to keep growing and including more people on that, just the overall DE & I spectrum. Certainly we've got a ways to go on across the board but from a female perspective we're seeing more people put their hands up and learn more about cyber and IT in general to move into this space, absolutely. So it's getting better all the time. We look at the Fortune 500 companies and only 17% of CISOs are female. So I think that we've got work that we continue to do there. And in the Canadian space for sure, we're seeing a lot more women inside those senior roles as well which is great.

 

Dominic Vogel: What can leaders in this space do in terms of, you mentioned, there's progress is being made but there's still work that needs to be done. What are some practical things that cybersecurity leaders in this space can do to make the environment more equitable and not just attract the talent, but make sure that from a retention perspective as well that women stick around after a few years at least? One of the things that I've heard in industry and I've seen from many industry colleagues as well is that yes, they may get hired but the environment is not set up for them to succeed and they go into another field within two or three years. So where are we with that and what are some practical things that leaders can do?

 

Cherly McGrath: Well, so, there's the hiring and then the retention, kind of two different areas of focus. On the hiring side I would kind of step back prior to that and just say, how do we get more people interested, females interested in cyber and IT in general, right? Cyber being kind of a subset. I always explain it's like a doctor, right? There's specializations inside medical profession, there's specializations inside IT, cyber is one of them. But I really believe we need to get to people much younger. So girls in elementary school and junior high and high school, that's really important. One of the things that I was very happy to see are examples such as girl guides now which I think is age five or six to kind of early teens offering badges in coding in STEM. The Ontario government, I'm in Ontario now, just launched coding for grade one students starting this past September. So I think that's critical, you need to understand what coding is and what the marketplace is like to even be interested in. If you see someone that is doing it now you're more likely to model that behavior and that interest. I also think from a hiring perspective we always talk about STEM inside and those kind of skills and attributes inside cyber and IT in general. And I've talked a lot about STEAM so adding an A in there. So it's, yeah, the arts inside that, when we look at what we've done and Dominic, you've been doing this for a long time as well. So as this field expands there's certainly a requirement to have very good communication skills and analytics skills and business skills, which certainly STEM individuals have, but it just adds one more layer of A, the arts, people that have that kind of background which is what I have. And so if I can go and learn all the the technical side of it, so can other people, but I would say that we need to do as organizations spend more time trying to nurture and bring people in that don't have that STEM background. So I know many people, women that start as project managers or inside organizations in various roles that then get their certifications and move up. So I'm a big advocate of let's get some people starting and interested early and then also adding the A into STEM, so STEAM. So I think that's really important on the hiring side. On the retention side, most women I know and men too, they're continual learners. So how do we continue to feed that for those individuals and provide opportunities? Remote work is important. I know some colleagues I've got that have insisted people come back into the office and have lost employees as a result of that. I think again, regardless of industry we're in we need to be mindful of that. So I think that's important. And also I think again, men, women, a lot of people in tech and cyber are pretty overworked right now. I think there's 3,500 open jobs in Canada alone in cyber not just IT, but just the cyber part of it. And so with that gap in resources the people that are there are overworked. So we need to be very cognizant of ensuring that people get time to have breaks, take time off with their family. And I think that that work life balance, I'm not sure that that exists, but just a recognition that people need some time away is important.

 

Dominic Vogel: That's really interesting, Cheryl, and I find that interesting about STEAM. STEM, I've heard that acronym many, many times but that STEAM I find to be really interesting 'cause at least for me, I mean, when I started my career I was much more focused on the technical piece. But as my career has evolved, I'd say I'm much more focusing on that broader art side. I spend much more of my day talking than I do actually being in the technical weeds. I think that's really interesting. I also appreciate as well that you mentioned there about getting kids started early on especially trying to remove the, I guess the gender bias. A lot of you kids will still see I can even think of my own kids, 'cause as daughter was getting older when she started coding and she said, well, isn't that for boys? And they're like, no, it's not, it's not for boys, right? It's for everyone, right? Regardless of gender. So I think that's really interesting, like you saying there to get them started early, right. And then to really do what we can to remove those biases. Another thing I wanted to ask you about, and I know it's something that we have talked about previously in the show. It's been, gosh, I wanna say it was probably at least two seasons ago when we had Lisa Kearney on the show, just wanted to know about women and cyber day and sort of what that means and how that's observed in Canada.

 

Cheryl McGrath: So yeah, so, certainly there's a lot of interest around that. More so in the last couple, last for while I would say there's International Women's Day of course in March and then Women's Cyber Day in September. And so we do a number of events around that to celebrate women. There's women in defense and security. I'm sure you're familiar with that, that that does some work as well. So it's a small community, so we try and raise up and recognize women that are in this field for sure. There were a lot of articles that were written as well how to attract and retain women inside the cyberspace for that as well.

 

Dominic Vogel: Thank you for sharing that, Cheryl. And one last question before we let you on with the rest of what I'm sure is a very, very busy day. So I wanna, because-

 

Cheryl McGrath: Bad guys never sleep. They never sleep.

 

Dominic Vogel: I wanted to know if you could tell us a bit more about some of the diversity programs, especially with with Optiv's annual $40,000 scholarship, particularly for people who are in marginalized groups or groups where there is barriers that they're preventing them from furthering themselves and furthering their career. I'm wondering if you could share a bit more about those diversity programs.

 

Cheryl McGrath: Yes, absolutely. So we launched a diversity program with a scholarship a couple of years ago, and it's focused on giving recognition and a scholarship. It's $40,000. So, and it's for Optiv in North America, well US and Canada. So if it's $40,000, that'll probably pay for a few years of Canadian college, but in the US maybe one year. And what we do is we wanna recognize students that are the people that have won so far are STEM students. Maybe we'll add the A, and an arts person will be a part of that. So there's an application process and which closes in January in 2023 and you can go to Optiv.com if anybody sees this and would like to apply for the scholarship. But what we do is we focus on women for sure, where can we offer it to women and then also some of the other groups such as African Canadians, African Americans as well, that we're really trying to target for ensuring that they get recognized and help them pay for their studies.

 

Dominic Vogel: That is just wonderful. And again, given how many barriers there are to get into this industry and how much gate-keeping there is I think it's absolutely wonderful to see organizations like Optiv stepping up to do what they can, to remove those barriers and empower people in marginalized groups to get into this wonderful field too. Cheryl, we're very, very grateful to you for joining us on the Cyber Security Matters podcast today. That was just a wonderful conversation and you're welcome back anytime. Please come back anytime, Cheryl. We'd love to have another conversation with you.

 

Cheryl McGrath: Well, thank you very much. I'll just leave you with this kind of my mantra which is you can't take the elevator up you gotta take the stairs, so, please, for the women that are listening and just always put your hand up and ask for these rules and just keep on going and we'll increase that 25% number very soon, I hope, so, thank you. Thanks for your time.

 

Dominic Vogel: Thank you, Cheryl, amazing empowering energy from Cheryl McGrath, the area VP and country general manager for Optiv Canada. Cheryl, thank you again and Christian and I will be right back to wrap up today's episode.

 

[Narrator]: Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy, and operate complete cybersecurity programs from strategy and manage security services to risk integration and technology solutions. At Optiv, we manage cyber risk so you can secure your full potential. For more information visit Optiv.com.

 

Dominic Vogel: This week's episode of Cybersecurity Matters is brought to you by Tellus Business. The 2022 Telus Canadian ransomware study highlights and busts some common myths about ransomware. One of the more common myths is that robust backups are a reliable way to recover from an incident. The study data shares a different story. Threat actors are increasingly using multiple extortion with 63% of ransomware victims experiencing a multiple extortion attack, meaning their data was encrypted, exfiltrated, and held for ransom. In this new reality backups can only solve half the problem, restoring your systems but that cannot help recover any exfiltrated data. So while backups can be a useful tool within your overall recovery plan, proactively investing in ransomware controls to prevent and minimize the impact of an incident is a much more effective way to manage your risk. To learn more about how ransomware is impacting organizations like yours, visit tells.com/ransomwarestudy to get your free copy today. Telus business, cybersecurity that works for you.

 

Dominic Vogel: That was a very empowering conversation with Cheryl McGrath there.

 

Christian Redshaw: For sure.

 

Dominic Vogel: Really, really appreciated her sharing her insights in terms of where the cybersecurity industry is right now in terms of diversity and inclusion and what steps need to be taken to drive the industry forward in 2022 and moving onward. What were some of your key takeaways?

 

Christian Redshaw: Yeah, I think changing the STEM to STEAM, putting the A in there for arts and talking about things that are non-technical that are important for candidates to have in the cybersecurity field, like communication, for example which I think definitely you can resonate with.

 

Dominic Vogel: Absolutely. And I think it was, really it was a very empowering and high energy conversation with Cheryl McGrath and we're very, very grateful to her for joining us on the show today. And as always, we wanna extend a special thank you to our sponsors for today's podcast, Optiv as well as Telus Business. And again, a special thank you to our loyal listeners and viewers who join us each and every week on the Cyber Security Matters podcast. And if you did happen to miss a previous episode do check out the Cyber Security Matters YouTube page and or on your favorite podcasting platform. But until next time, be well, be safe and we'll see you again at some point in the near future on the Cyber Security Matters podcast.