I’m going to write a book called Organic Cyber Security. A career in this continually evolving field must be just that: organic. It has to become part of your daily practice! You need the right spark to get interested, learn the basics, and you’re off! That’s an especially important notion for women who may be thinking about cyber as a profession.

Growing up, my engineer father taught me the value of learning math and science; my mother enriched that point of view by encouraging my creative side. I was able to apply those combined skills when I started my career working at Novell, a pioneer in Local Area Networks. While we didn’t know it then, in connecting one computer to another we were forming the foundation of the commercial internet; the need for security naturally evolved. It was interesting and exciting. I was off to a great start.

Since then, my eighteen years at Cisco have brought me to unexpected and fulfilling cyber-related opportunities. I’m grateful for the good managers who supported my growth and creativity. After starting in engineering, I’ve been able to leverage my interest in business to attain various managerial positions, and now serve as a senior manager leading security policy enforcement for the Cisco Security and Trust Organization. It’s an unprecedented role in the company. Wow!

One of the things I’m most proud of from my Cisco tenure is having co-founded our Women in Cybersecurity (WiCys) group along with Michele Guel. When I started working on the Cisco Secure Development Lifecycle, I was the only woman in a group of over fifty men. That perplexed and frustrated me, so I began looking for other women in the company who knew and worked in security. When I met Michele at a charity event, we found we shared that same sentiment. We started WiCys to create a forum for Cisco women to network and learn – those already involved in cyber, and those who need encouragement to enter the field. We’re now up to 425 members, with chapters in the U.S, Europe and Asia. The company is behind us 100%.

Also while working on Cisco Secure Development Lifecycle, I started the Security Advocates program to embed security processes across all Business Units. After starting with a successful proof of concept in the Catalyst 2000 and 3000 products, SVP Greg Akers tasked me with getting the Cisco Secure Development Lifecycle process deployed across Cisco.  It was a tall order for my small team of five, so we had to get smart about how to scale. We developed the Security Advocate role to cultivate a security champion within the business units, who would partner with us and help them apply its security process and best practices and aligned to corporate policy. Our goal was for fifty volunteers — we now have over 300!

My newest role is to drive security policy enforcement and measurement across the organization. Cisco’s Board is demanding this accountability, and we need a reliable operational model to ensure it. This challenging but necessary step will also keep the organization at the forefront of cyber leading practices.

The jobs I’ve had along my cyber journey were not any I could have anticipated, proving the breadth and evolution of opportunities in this domain. It comes back to that idea of organic. You must learn the basics then integrate continual learning into your personal daily best practice, even if it’s just one new thing a day.

If you’re really inspired, there are plenty of formal courses and other materials available for the asking. The bigger question is—where do you want to go? You can be a strategic or a hacker-level technical contributor.  There is a need for many specializations – a program manager, a finance professional, a process specialist, an analyst and more. Start with the skills you already have. For example, one of the panelists at the recent Women of Impact conference had no security background, but was very good at debugging tools. With the right determination and training, she’s now a security architect.

Cyber is everyone’s challenge. Every impact matters. At the industry, corporate and individual level, we need to step up our action and accountability, because inaction has unacceptable consequences. There are so many technologies available today. Both bad and good people can use them. Let’s be the good people and pick up our game.

There’s much work to do and the bad guys are moving faster. I call on the women of Cisco and industry to apply your creativity and other inherently qualities toward solving the cyber challenge. We need you!

To learn more: www.cisco.com/go/bridgethegap



Cypriane Palma

Sr. Manager, Business Integration

Security & Trust Organization