October marks 20 years of Cybersecurity Awareness Month. During this annual observance, you’re most likely to come across information that’ll help you be “cybersmart.” But there’s so much more to Cybersecurity Awareness Month than just how to fend off the latest threats. It’s also about how to protect your future, and that starts with acknowledging an alarming reality: The gender gap in cybersecurity.
In the fifth edition of “A Journey to Gender Equity,” an F5 blog series dedicated to promoting gender diversity in cybersecurity, I’m excited to share a Q&A with Angel Grant, Vice President of Security for F5 Distributed Cloud Services. Angel’s reflections shed light on breaking barriers and forging a path toward a more secure digital future for all.
Angel has over 20 years of experience in the cybersecurity, e-commerce, and financial services industries. She’s influenced many industry initiatives and standards while serving on the FS-ISAC and PCI Council Board of Advisors, Federal Reserve Secure Payments Task Force, and Nacha’s Payments Innovation, Risk, Regulatory, and Security Advisory Committees. When Angel’s not developing and evangelizing cybersecurity solutions to help make our digital world a safer place, you’ll find her outside and living life vicariously through her kids’ activities.
Rachael: You’ve been immersed in cybersecurity for two decades. How’d you get to where you are today?
Angel: Cybersecurity wasn’t a career path I set out to pursue. I started my career at several financial institutions in a variety of different roles, then went to work for a startup where I was the product manager for one of the industry’s first online payments apps. At that time, I was going to financial institutions to educate them about this great new thing called online banking and payments. Most told me we were crazy and nobody was going to bank online. Clearly online payments took off, but so did cybercrime. Because of this, I started to integrate different security solutions into my payments app and RSA Security was one of them. When RSA started talking with me about a position at its company, I kept thinking, Why would they want to hire me? I’m not a “crypto guy” who hangs in a dark room with a black hoodie preaching it’s the year of PKI!
I realized I was looking at this completely the wrong way, though, when my hiring manager explained one of the biggest things the cybersecurity industry lacked were people who understood the real business problems that needed to get solved from a security perspective. My understanding of what we really need to protect got me to where I am today and remains as my north star.
Rachael: Like the financial sector, cybersecurity’s been considered a boys’ club. What was it like shifting into another male-dominated industry?
Angel: I've been fortunate to have incredible male and female mentors and champions that have advocated for me and challenged me to think differently to realize the potential they already saw in me. I’m grateful for that.
However, I’m often still the only woman in the room for meetings, industry associations, and the many conference panels I engage in. And I’ve had other challenges throughout my career such as one time when I was presenting at a cybersecurity conference. I went to the exhibit hall to play in the lock-picking pavilion. The guy who sat beside me looked at my badge, then said, “You don’t really work for a cybersecurity company, right? Did that vendor hire you for the conference to walk the exhibit hall?” I was totally taken aback and didn’t know how to respond. So, instead of saying something reactive or defending the fact that there are women in the cybersecurity field, I changed the conversation and asked him what presentation he was going to after the break. Ironically, it was mine! Which gave me a great way to respond to his original questions as I replied, “Excellent, I look forward to seeing you at my session.”
After that experience, I try to navigate these situations differently by addressing issues straight on when someone says something or does something because, oftentimes, they might not even realize the biased impact of their acts.
Rachael: Speaking of addressing things straight on, I’ve got to ask: Why F5? I’m sure you had the pick of the litter when it came to choosing where to work.
Angel: I chose F5 because of its culture and mission. Everything we do is about safeguarding digital experiences to strengthen customer trust and grow business value.
F5 wasn’t originally on my list of companies I was looking to work for until a friend convinced me to interview for an opportunity. I still had the legacy impression F5 was only a load balancing company. Wow, was I wrong! During my interview I was incredibly impressed with how F5 has pioneered the industry for over 25 years and continues to help organizations ensure their apps and APIs are secure, available, and performing. Plus, the level of investment F5 makes in community, STEM education, Tech for Good, and its true commitment to diversity shined brightly.
Rachael: The latest Women in the Workplace report from McKinsey and LeanIn.Org highlights how women are still dramatically underrepresented in leadership roles. Any advice for underrepresented individuals aspiring to lead in cybersecurity?
Angel: The only way to have experience is to get experience. Start with creating your own playbook and stop measuring yourself against existing legacy-prescribed societal playbooks. There are many things you can do to easily start building your own customized playbook and grow your cybersecurity knowledge and career such as join local industry groups. Or increase your knowledge with the 100 best cybersecurity blogs and by exploring free cybersecurity courses. And remember, don’t be afraid to rewrite your playbook as your priorities and what makes you happy changes throughout the stages of your life.
Rachael: Did you have an “Aha! moment” where you knew being a cybersecurity professional was meant for you?
Angel: I was at my son’s Cub Scouts meeting helping them work on the signals and codes merit badge. We taught them how to write a secret message, then decrypt it. During the meeting I overheard one of his friends ask how I knew about cryptography, and he said, “Because my mom helps protect us online against bad guys.” That moment made me realize being in the cybersecurity industry was much more than a job. Everything we do dramatically impacts people’s lives every day!
Rachael: I can picture how proud of you your son was. And I’m sure he’s just as proud now. You’re an entrepreneurial leader. A prominent cybersecurity and diversity evangelist. An active spokesperson and blogger. And CISSP certified. What’s a career moment you’re proud of?
Angel: This might sound bizarre, but one of the moments I often reflect upon that makes me feel proud to be part of was when I was working for a company that had a cybersecurity breach and the way we handled it. This was the ultimate humbling learning experience because it impacted millions of users in government and military agencies, banks, healthcare providers, and many organizations across the globe. This breach helped act as a massive wake-up call that everyone’s a target, and attack surface vulnerabilities will continue to become more pervasive due to the immense interconnected third-party supply chain ecosystems most organizations function in today.
I took away two key lessons from the breach. For one, the importance of clear communications to internal and external stakeholders is the key to leadership in the time of crisis. An example was the CEO, who was adamant we disclose as much detail as legally possible and take a customer-first mindset, immediately rallying our team to contact every customer to ensure they knew how to protect themselves.
Secondly, cybersecurity takes a real community. There really is a true community mindset in this industry, driven by purpose. It was incredible to see former employees, global organizations, and agencies come together to help their peers hunt the adversary and ultimately change the mindset of treating the breached organization as a victim instead of a villain.
Rachael: The attack surface is jaw dropping. Making greater strides bridging the gender gap in cybersecurity is crucial in the fight against the dynamic landscape. What’s one threat that keeps you up at night more than others?
Angel: Two decades of fighting cybercrime has taught me it’s more psychology and economics than technology. Criminals’ motives are typically driven by similar psychological triggers, which will cause them to explore what their opportunity and means to conduct are. Because of this, the biggest threat keeping me up at night now is how generative AI is dramatically lowering the barrier to entry to conduct cybercrime.
Criminals are using AI as an accelerator to reduce the economic barriers to commit crime. For example, we’ve seen ChatGPT 4 prove intelligent enough to be used to socially engineer a person pretending to be “blind” to bypass CAPTCHA and conduct account takeover. We’ve seen AI used to conduct sophisticated phishing attacks to impersonate individuals in writing and deep fake speech form to harvest personal and financial information, as well as AI-enabled bots accessing websites and apps. And we should anticipate AI to be heavily used by criminals to generate polymorphic malware.
AI-powered cyberattacks create the ability for criminals to quickly probe and exploit vulnerabilities and learn from how we respond to each attack to quickly adjust tactics—all at a speed much faster than any traditional human attacker. The cybersecurity industry must also continue to proactively adopt AI to fight AI-initiated cybercrime. F5 has embraced AI in its defense strategy for several years, helping organizations do things like defend against bots with Distributed Cloud Bot Defense by separating unwanted automated malicious traffic from legitimate good human traffic and helping customers retool their defenses as quickly as criminals retool their tactics.
Other Q&A in this Blog Series