On July 7th, NightDragon hosted its latest monthly NightVision event with Colonel Candice E. Frost, the Commander of the Joint Intelligence Operations Center at US CYBERCOMMAND. In this important role, Col. Frost is responsible for producing intelligence that supports national cybersecurity efforts, securing Department of Defense infrastructure and deterring strategic threats to U.S. interests and infrastructure.
Our NightVision event was moderated by NightDragon’s Founder and Managing Director Dave DeWalt, who led a discussion on closing the cyber talent gap and increasing diversity in cybersecurity, as well as the current threat landscape and the cyber impacts of current geopolitical turmoil.
“We just have to work really well together and understand national security is everyone’s business. It’s not just someone like me who wears a uniform,” she said. Here are some takeaways from the conversation:
Gender Diversity in Cybersecurity Has Improved, But Room to Grow – The percentage of women in cybersecurity jobs has grown significantly over the past few years, from just 10% in 2013 to 25% in 2021. However, there is still room to grow, with only 17% of the Fortune 500 having female CISOs in 2021 and women still often underearning their male peers. Col. Frost said increasing diversity is a huge priority for her personally, and encouraged all cybersecurity leaders to help support this cause.
“If you don’t see someone that looks like you at all in any job, it’s hard to see yourself in a future role or a future position,” she said, adding that she’s proud to be part of the effort to “build the bench” of female leaders in the field.
Let’s Expand Our View of Who Can Take on Cyber Roles – While cybersecurity leaders have traditionally looked to engineering or mathematics talent to fill their cyber roles, Col. Frost urged leaders to open the aperture. Pointing to herself as an example, she said individuals from creative or other non-STEM fields can also be valuable additions to cyber teams, then providing them opportunities such as training or internships to further hone their skills.
One particular area of talent that can add immense value to cyber teams is veterans, she said. She said she has seen a lot of success with veterans transitioning from active duty or the National Guard to mission-driven roles in cybersecurity, often aided by government programs that will pay for training or salaried internships. “They have skills that we can’t necessarily train in the rest of the workforce… They understand mission and they understand security,” she said. “I think that’s one of the many advantages to hiring a veteran.”
Mentor the Next Generation – Finally, when it comes to building the next generation of cyber leaders. Col. Frost urged cybersecurity leaders to ensure they are mentoring a diverse set of individuals that can build a vibrant and innovative industry. “If the people you’re mentoring look like you, walk like you, talk like you, are from your school or from your neighborhood, we’re not necessarily broadening the table. We want to invite more people to this table because it’s an incredibly fun space to be in,” she said.
Expansion of Public-Private Partnership is Win for All – While the escalating threat landscape has caused significant damage, it also has brought the industry and government closer together in the spirit of public-private partnership to mitigate that increased risk. “Cybersecurity is so intermingled that we have a huge amount of inter-agency cooperation and partnerships and even with the businesses and tech companies out there as well. We have to constantly communicate back and forth for the good of the nation,” she said. “I have absolutely seen that change and I think it will impose a cost on malicious cyber actors and their activities.”
Fostering a Safe Space for Information Sharing – While there is some information that is confidential and cannot be shared, Col. Frost highlighted the benefits of increased information sharing between USCYBERCOM, other federal cyber agencies and the private sector. She said this is an area she has seen much improvement in recent years. However, she said it needs to go both ways. “Sometimes it’s just one little piece of information from somewhere in the private sector that could complete the puzzle. Suddenly you have a puzzle, you can see the picture and you can create action,” she said. “I encourage all the private sector to share and to communicate, even though it’s not always a lot of reciprocity on the sharing. It can’t always be that way, but sometimes you can do a lot of good by creating that one little puzzle piece that creates a picture of the whole.”
Closely Keeping an Eye on Russia and China – When asked how she thinks we are doing against some of our biggest adversaries, Col. Frost said she is focusing on “Russiafirst and China always.” She said the intelligence community is closely watching the different threat vectors that are coming from these nation states with regard to targeting the United States, including both cyber threats and disinformation. “We have to continue to really hone and understand the importance of what we do to try and preserve this democracy,” she said, highlighting partnerships with other nations as one key example of this. While those two nations represent the biggest pillars of risk, she said she is also closely watching threats from Iran and North Korea going forward.
Additionally, she said she is watching non-state actors. This is an area where public-private partnership can be especially effective, she said, with ransomware as a great example of how public and private organizations together were able to disrupt the ecosystem over the past year and efforts such as Shields Up continue to make an impact against a rapidly changing threat environment.
Ensuring Emerging Technology is an Advantage, Not a Risk – Emerging technologies have immense potential to advance the posture of organizations to collect, analyze and disseminate data in new and innovative ways. However, Col. Frost said we need to continue to “lean forward” in these areas, ensuring that the US remains a leader in artificial intelligence, automation and other areas.
“We just have to work really well together and understand national security is everyone’s business. It’s not just someone like me who wears a uniform,” she said.
A full recording of the event can be found above. Additionally, all recordings of previous NightVision events can be found on our Events page.