Nov 1, 2021
WashingTECH Policy Podcast was started largely because of the impact of tech, AI and cybersecurity on communities of color, working class and immigrants, and none of the big players in the industry have it on their radar.
Our conversation today is on this very topic and there is no one more knowledgeable on the topic than Camille Stewart.
Camille Stewart is an attorney and executive whose crosscutting perspective on complex technology, cyber, and national security, and foreign policy issues has landed her in significant roles at leading government and private sector companies like the Department of Homeland Security, Deloitte, and Google. Camille builds global cybersecurity, privacy, and election security/integrity programs in complex environments for large companies and government agencies.
Camille is the Global Head of Product Security Strategy at Google advising Google’s product leads on federated security and risk. Previously, Camille was the Head of Security Policy for Google Play and Android at Google where she leads security, privacy, election integrity, and dis/mis-information. Prior to Google, Camille was a manager in Deloitte’s Cyber Risk practice working on cybersecurity, election security, tech innovation, and risk issues for DHS, DOD, and other federal agencies.
We have long ignored the fact that addressing issues of diversity is more than just the right thing to do, as it is actually a mission imperative in cybersecurity. And as technology underpins pretty much everything that we do, how systemic racism is amplified, or cured by technology implementation, is something that we have to be thinking about.
And the policy decisions that we've made in the past, and the ones that we make moving forward, are all impacted by a society built on systemic racism, our investments are all impacted by legacy and current day systemic racism, informed decision making policies and bodies.
The Aspen Institute came to Camille seeing this moment where we needed to kind of dive in and talk about how diversity, equity and inclusion is impacting the work and convened a large group of folks across diverse backgrounds, leaders in cybersecurity, academia, industry government, to come together for a closed door, Chatham House rules, discussion on how we could move the needle on this.
How can we come together to identify what the issues are around diversity and cybersecurity and then come up with some solutions. And the thing that was really appreciated is, as Aspen and Camille worked through this, they were very clear that it needed to be action oriented. And so the discussion was really rooted in that how can we actually do work, take action, to drive diversity and inclusion in cybersecurity, for the betterment of not only the people who will and may participate in this industry, but also for the work.
Let's think about the large scale cyber incidents we've seen recently. The attack on Colonial Pipeline then cascaded into you, not being able to get gas. The attack on JBS foods that meant you probably couldn't get your lunch meat for your kids, means that you should be concerned about cybersecurity as an individual.
And there are so many other reasons beyond that, but those very large scale incidents are very attached to the individual and how they impact your ability to access services and operate, or because you as an individual could take an action that could lead to one of those breaches.
So diversity, as a part of cybersecurity as a part of the industry is important because you can identify things based on your lived experiences and how technology shows up in your life that other people cannot.
A lot of the diversity issues in cybersecurity are systemic. There are issues with hiring; there are issues with retention; issues of education.
So many people don't even recognize the fact that working in technology, and cybersecurity is an option for them - access to the industry, building a network, etc. And so we created some buckets that kind of address those things divided up the practitioners that were participating.
They put their brain power behind thinking about what are some solutions to the educational barriers. Certifications are a common tool in cybersecurity. But that's really tough, because most certifications require some years of experience. And you're seeing a lot of entry level jobs that require those certifications. How can it be an entry level job if you need five years of experience to get the certification that is required to get the job?
Connect with Camille on Twitter or Instagram @Camilleesq