shamla-naidoosml
Shamla Naidoo speaks at the opening of IBM's new security headquarters in November 2016. She is flanked by Andrew Tannenbaum, senior counsel, Cyber Security, IBM (right) and Jeff Talley, VP, Global Public Sector & Global Fellow, IBM Center for The Business of Government.
As chief information security officer for IBM, Shamla Naidoo protects the company's digital assets. They include intellectual property systems, data, images, multi-media, and text content files for over 400,000 employees in more than 170 countries. The cyber security sector is booming. Yet women make up only 10 percent of the global workforce.
Contributing to the lack of diversity is that Hispanics, African Americans, and Asian Americans make up only 12 percent of the cybersecurity workforce, which outpaces the general tech sector in its lack of women.
Companies like IBM can't find enough workers to keep up with demand. By 2020, an estimated 1.5 million positions will be open and unfilled.
Here's what IBM's CISO is doing to extend opportunity and encourage participation.
"With that kind of number (1.5 million open jobs) it's hugely challenging to go to the traditional places where we source talent," Naidoo said. "So our objective is to look at different ways of recruiting, retention, and ways of motivating people into this field from other fields," she said.
IBM Initiatives
- Internal programs to motivate IBM employees - Programs targeting women coming through the ranks in academic institutions
Naidoo recently took over the co-leadership of Women in Science and Engineering (WiSE), which helps her mission to reach women of different backgrounds, and to grow the cyber security portion of an individual's skills.
"Our objective is to showcase what we do in the field to motivate others to join the field. We also do programs in middle schools and high schools to make cyber security a more visible career path," she said.
What you need to know
1. Think about how you protect, say, a retail organization. Understanding the area, subject matter, and transactions are key to cyber security.
"You have to understand how people are driven into the retail organization, how they pack shelves and how people might put goods in their pocket and walk out," she said.
Some time ago Naidoo hired an IBM application developer, who'd been sitting at a desk writing millions and millions of lines of code for years.
"What if I leverage your skills? She asked. "Teach you to separate your code, which would make you an applications security expert?"
Once the programmer was up to speed, Naidoo put him in a team to teach others.
"He understood his subject matter, he knew how developers think, he knew how they construct their code, and he knew how they deploy their code," Naidoo said. "All he needed to know was how to make that secure out of the gate."
2. The security industry has room for different types of roles. There are opportunities everywhere.
"In the cybersecurity industry, you need people in the workflow to do project management, incident responders, analysts, developers, programmers, and other skills like strategy, marketing, and finance and not specifically technical roles to make that work," she said.
"People need to be exposed to how cyber security experts think. How do hackers think? How do the white hackers think?"
3. Be more aware of the processes that go with credit card transactions. Look at how your data is stored, question where the potential is for exposure.
4. There's a lot of digitization that goes with every interaction with digital assets and you will find it in the most unexpected places. That's how you learn.
Naidoo started her own learning in an entry-level information technology job.
Just out of high school, she saw an ad for a position that needed no experience. It was a computer operator opening supporting processing and retailing of drugs for a pharmaceutical wholesaler that ran a distribution organization.
Naidoo quickly realized that there was a lot more to the job than inputting orders and sending them on their way. She observed the total operations, the different jobs involved and what it took to get the pharmaceuticals out the door.
"There was a programmer who would come in every week, treat the programs on my computer and then reload it with the programs I used to do my job," she said. "I decided I wanted to do that too."
There is a huge value in understanding how your company makes money.
Thirty years ago, she worked for a company that got its passwords from factory manuals. "No one changed passwords back then because it was a shared resource," she recalled. "So when somebody logged into the system, my job was to find out how they logged in and how to stop it from happening again."
"When you learn the business it makes the security job a whole lot easier," she said.
After a management information systems diploma, Naidoo got a double bachelor's degree in economics and information systems.
Armed with her qualifications, she immigrated to America in the mid-80s gaining experience in managing networks, developing applications, and building firewalls.
Naidoo learned early in her career to do everything through a security lens. Her mantra was "I know how to build it. How can somebody else figure out how to break it?"
"If everyone brings their strengths to the table in this field and shares that with others, you eventually end up with all the strength you need. The need to learn has to combine with the urge to teach."
Naidoo also adds that teams with equal numbers of women and men are more likely to experiment and be more productive and innovative.
"The differences are what make them powerful," she said.
"Collaboration is critical to success. People who want to build walls have to be careful because teamwork makes us way more powerful against the global cyber security problem" Naidoo said.
"Be willing to learn, be willing to learn from others, be willing to teach," she said.