Cybersecurity is critical to how our society functions. It is also evolving as quickly as it’s growing, and in this industry dominated by white men, Diana Burley is making sure her unique voice is helping to shape the future.
By Stephania Varalli
Diana Burley is a globally recognized cybersecurity expert. She has consulted with corporations and government agencies, conducted international cybersecurity awareness training on behalf of the U.S. State Department, testified before the US congress, co-authored a textbook and written nearly 80 publications on cybersecurity, information sharing, and IT-enabled change, to name a few of her accomplishments. She is the current executive director and chair of the Institute for Information Infrastructure Protection (know as I3P, it’s a research consortium of 26 different institutions), and a full professor of human & organizational learning at The George Washington University (GW).
While her impressive resume is enough to set her apart in her field, there’s something else that makes Diana stand out from the majority of her colleagues. She is a woman. “And I’m not just a woman, I’m a woman of colour,” she adds.
The resulting discrimination has been both overt and subtle, and present through all stages of her career. “I can still remember the first class that I taught as a young professor in I.T.,” says Diana, “and having to walk into the room and run down my credentials just to make sure that the students would be respectful of me as the professor.”
It’s not fair, she acknowledges, but it’s also not something she dwells on. She credits her mentors for helping her deal with the discrimination and loneliness she’s encountered. “Mentors that were both male and female, and who helped to toughen me up, helped to instil in me a confidence in my own value — because one of the best defences against being isolated or discriminated against, or even having the perception of being discriminated against, is to have a great deal of confidence in your ability.”
That confidence has also helped Diana to recognize that the attributes that set her apart from her colleagues also provide her with a unique perspective — one that needs to be heard. “At a certain point I started to look at my role and responsibility in the room as one of critical importance,” she explains, “because I was the lone voice.”
“One of the best defenses against being isolated or discriminated against, or even having the perception of being discriminated against, is to have a great deal of confidence in your ability.”
Diana understands better than most how the people in charge of creating the technology have an impact on the technology that’s created. After taking programming classes during her undergraduate degree in Economics, she started to realize that her interest in technology was associated with its interaction with people — not only how technology influences their behaviour, but also how their behaviour, in turn, influences the way that technology develops. When she got into graduate school she discovered it was something she could actually study. Continuing on this path, Diana earned a PhD in Organization Science and Information Technology from Carnegie Mellon University.
It was this focus that eventually led her towards cybersecurity. “I was in graduate school at a time when there was a considerable movement towards paperless government,” she explains. “I became very interested in the notion of government providing resources through technology, and how that influenced citizen’s behaviour.” This inevitably led her to questions related to cybersecurity. “How do people access services? How do we ensure that their data is safe? How do we get thinking about privacy issues? Overtime those questions became the bigger part of what I did. It was a natural evolution. It wasn’t purposeful. It was just a steady march towards understanding this interface between people and technology, and the path led me into the cybersecurity space.”
The evolution hasn’t stopped. Cybersecurity is a constantly changing landscape, and it takes hard work and dedication to just keep pace — let alone stay ahead of the curve. You have to be a continuous learner in order to be successful, Diana says, aware of new threats that emerge in the environment, and new ways of addressing those threats.
“It’s extremely challenging just trying to maintain the level of currency and knowledge needed,” she says, but for Diana, this is a positive aspect of her chosen career. “I think that it is the notion of a very dynamic field that has kept my interest. There is always something new to learn, something new to explore.”
This constant change also creates a problem, however: the academic institutions trying to develop programs for this new discipline must balance fundamentals with flexibility. Add to that a limited pipeline of high school graduates ready for a STEM career, and an industry that’s growing exponentially — and it leads to a global shortage of two million cybersecurity professionals by 2019 (according to ISACA, an international professional association focused on IT governance).
“We are actually seeing the gap between supply and demand growing,” says Diane, “despite the fact that there are people around the world who are working very hard to fill those needs,”
Not surprisingly, Diana is one of those people. She currently co-chairs the Joint Task Force on Cybersecurity Education, which has undertaken the project of producing the first set of global cybersecurity curricular guidelines. The aim is to enable institutions to develop programs that meet a set global standard, producing graduates that have a common knowledge base and set of skills. It not only helps government and industry to have a sense of what they’ll be getting in a new hire, but also helps to guarantee students that they’ll be receiving a practical education.
“At a certain point I started to look at my role and responsibility in the room as one of critical importance, because I was the lone voice.”
And what is Dian’s advice to all those students — especially the girls — that hope to follow her into this “very tiresome and rewarding a nerve-wracking and exciting” field?
“While all of the other things are important, the most important thing is to do your work. When you get a break, and when you get a mentor, and when you get to the table, you want to have something of value to contribute,” says Diana. “The second thing is to begin to develop a tough skin that allows you to put setbacks in perspective. As a scientist, failure is not a negative. Failure is simply a notation that says ‘this experiment does not work, and so I will try this next one.’”
She’s also quick to point out how rewarding a career in cybersecurity can be, as a field that has an impact on how society operates. “We really have to develop the human resources, the technical resources, to ensure our collective ability to function as we get more hyper-connected,” Diana points out. It’s a sentiment she believes she shares with her colleagues.
“One thing that I have found in this field is that most of the people that you interact with are all doing this because they really believe in the mission,” says Diana, “That mission might be securing a system, that mission might be developing a workforce, or that mission might be simply being someone that someone else behind me might look to know that if I can do it, they can do it too.”