Kicking off Wolf Hill Group’s inaugural series of interviews with cybersecurity trailblazers, we present our exclusive conversation withKate Kuehn, the Senior Vice President of Alliances at vArmour. For the past two decades, Kate has been an active thought leader in security and advanced network technologies, leading early cybersecurity efforts in DDOS, Ethernet as a network (CPA), SaaS, and IaaS. Having executed multiple roles including VP, CISO and CEO at companies like Senseon, BT Group plc, Verizon, and Wandera, Kate brings expertise and often a fresh perspective on emerging trends within cybersecurity.
Take us on your personal journey from education, to entering the workforce, to moving up the cybersecurity ladder.
My journey in technology was never straightforward. I am driven by the simple goal to make the world a safer place and found that security is my passion. I assume the role necessary to do the best job I can for the organization I am representing. I love being on the forefront of new tech, amazing ideas, and helping businesses grow. Keeping that as my mainstay has allowed me an amazing career.
I went to college for politics, public relations and theater design. Following a critique on HotJobs.com, I suddenly found myself interviewing for a technology sales position at WorldCom, when women pursuing jobs at technology companies was in its true infancy.
Technology came roaring into my life by listening to visiting engineers presenting about emerging technologies during company "lunch-and-learns", and being fascinated by it all. I took every training available to me and pursued countless hours of online learning, because I loved gaining a deep understanding of the new trends and solutions to positively impact the way my clients did business.
Throughout my employment and over client projects, I was lucky to have been part of so many technology shifts and key trends, like the convergence of internet on private architecture, ethernet as a network, DDOS and IaaS, just to name a few. I was blessed to receive incredible hands-on experience without educational programs you see now. It amazes me that schools now offer masters in cybersecurity. I love seeing this "brave new world", where technology education is now everywhere you look, and somewhat thankful I don’t have to go back to school now and try to make the grades to pursue the career I am lucky enough to have.
A study has concluded that global cybercrime will cost the global economy $6 trillion annually by 2021, while cybersecurity spending over the past 5 years will total about 1/6th of that amount. Do these numbers eventually have to square up 1 to 1, or must the spending reach an inflection point to really contain the threats?
I don’t think the numbers will ever square up and be 1 to 1. We are in the middle of a cyber war, and the sad part is the enemies have multiple faces and tactics, so no one defense is adequate. This then causes the main issue as to why the numbers will never square up - which is, there is never enough money a company can spend to declare they are 100% safe and still participate in the digital economy. It’s just not possible. So, spending more is not the best strategy - it’s the combination of education and the minimization of risk which is key, and companies now recognize that simplification vs. overspending is the smartest course of action.
The daily machinations of Cybersecurity don’t generate headlines- they're only exposed as an issue when large retailers have data breaches, or when you hear about state-sponsored cyber espionage in the U.S. elections. In your experience as a CISO, what’s really happening behind the scenes on a daily basis with companies, industries and nations? Take us into the trenches.
For a CISO, the day-to-day work is not a glamorous life. Your biggest hope every morning is that today is not the day you uncover that headline-making breach or nation-state attack, because this usually means the end of your job. For most CISOs, the day-to-day is a mix of education, review and risk analysis. It involves education of emerging threats, and both internal and external opportunities for improvement or trends. Also, it’s vital to review with your teams the current state of the environment and assist in prioritization of key initiatives, as technology security is never static. Lastly, and arguably where today’s CISO spends the majority of their time, is evaluation of risk, and how to drive risk reduction across the estate that is meaningful to the board.
There’s a #WomenInCyber movement spreading around the industry, where the number of female cybersecurity executives and CISO’s remains in single digits. Is this a proportionate reflection that there aren’t enough qualified people in cybersecurity in general, or endemic of a deeper diversity problem in tech?
If you read Jane Frankland’s book, In Security, it highlights the fact that companies who employ equal amounts of women and men to their security teams are statistically more secure than those who do not. While the first thing I would point out is that there are significantly more women in cybersecurity than there was a decade ago, we still have a long way to go. I think this has less to do with the lack of qualification, but more to do with not writing requirements in a way that make the job appealing for a woman to apply. We need to realize that women and men evaluate, interview and assess the qualifications for employment in very different ways. We need to be more aware of how and why we want to attract more people to our positions, and realize that the overall lack of qualified candidates is not just a diversity issue but a security issue. The field has grown so fast, we simply do not have enough people for the jobs.
With stifling student debt such a hot-button social issue, and Tim Cook of Apple publicly stating that less than half of new Apple employees don't have 4 year degrees, a career in cybersecurity appears to be very attractive path to success for those without access to university-level tuition, but access to specialized vocational, technical and trade schools. What's your take on all this?
I fully support the fact that many candidates for cyber roles will not come from traditional education. Apprentice programs, technical programs, and even non-traditional on-the-job training programs are appropriate when thinking about all the roles needed in cyber security. Also, many times, people with special needs are a perfect for jobs in cyber, but they may not be able to pursue traditional education, which makes it all the more important to create avenues of learning for all people who want a career in our amazing world.
On December 3rd, Microsoft, a big enterprise, sponsored an event in Baltimore focusing on how to guide more women into cybersecurity, recruit more women at top companies, and nurture their careers once they get there, so that women have an equal and a fighting chance to become CTO’s and CISO’s. Are grassroots events like this key to attracting more women?
I was so happy to hear about this event and was very sad to not be able to attend. I love events like this, I love security, and I love when I see large corporations like Microsoft support both. With the job shortages we are facing, we always need to do more. For all ages and genders, we need to make cyber accessible and exciting. I think events like this are critical as they attract a diverse range of people to get information and job skills in a very focused, but non-intimidating way.
According to Cybersecurity Ventures, women comprise approximately 20% of the cybersecurity workforce. How does the cybersecurity industry attract more women into its ranks?
Job flexibility, training and recruitment awareness - those are the big three. How you appeal to women is very different from how to appeal to men. There is also a huge untapped potential in women who are looking for part-time work or are returning to the workforce after raising a family. Targeting these groups for some roles is a huge benefit to many organizations who need large security staff and are having difficulty with placement.
As an Advisory Board Member of Wolf Hill Group, what is the most compelling reason companies should retain outside cybersecurity executive search in this particular marketplace?
There are already not enough hours in the day when working insecurity. Finding amazing talent is not something many companies or hiring managers have time for, or have the depth of network to find quality candidates. Having a trusted advisor to assist with hiring is critical for success when working in security. With constant pressure for succession planning, in addition to open-role concerns, to be successful in an executive capacity in security, you need to have an advisor for hiring.
How do you spend your Sundays?
We always have family days on Sundays. Usually doing a few chores, wrapping up homework with the kids and then having a nice meal while watching a game - preferably The Green Bay Packers!