With RSA Conference 2023 just around the corner (come see F5 at booth N-5435), it seems like a good time to highlight the need for more women in cybersecurity. In this “A Journey to Gender Parity” series, I’m focusing the spotlight on women who work in cybersecurity at F5—how they got to where they are, their experiences in a male-dominated field, and their advice for other women.
For my second interview, I sat down with Erin Verna, principal product marketing manager at F5, who focuses on access control and authorization.
Erin’s been in the app security space for nearly eight years and in tech for more than 15. Away from work, she’s outdoors with her pup, Stella, running the mountain trails. Her passion for music has kept her playing with community symphonies over the years, and Erin’s love of exploring new countries keeps her traveling with some outdoor adventure, amazing street art, or delicious cuisine at the heart of each trip.
Rachael: All my family and friends knew what career path they wanted to follow from the get-go, but I was the opposite. How’d you begin your career in cybersecurity? What drew you in?
Erin: I fell into tech, really. But I made a concerted effort to focus on cybersecurity once I’d been in the field for some time. It’s an endlessly fascinating space. I studied journalism in college with the hope that I’d always be learning and writing about new, interesting topics. When I graduated, my first job offer was with a small software company writing copy. Through a series of job opportunities, I ended up writing about cloud computing and eventually specialized in security messaging and positioning at larger tech companies. There’s a lot at stake when it comes to securing apps, and it’s great to be part of an industry where you can help drive better outcomes for people. Plus, the security community is a fascinating group of people in and of itself.
Rachael: So true, and in many ways. CISA recently announced a partnership with Women in CyberSecurity to bridge the gender gap in cybersecurity, and they’ve set a goal to achieve 50% women and underrepresented minorities in the field within the next seven years. What’s it been like for you to be a woman in cybersecurity?
Erin: I’d be lying if I said there haven't been challenges. Where I sit today, compared to when I started over a decade ago, I’ve seen a lot of improvement. I see more women leaders. And there’s also greater emphasis on diversity and inclusion. I’d say we’re striving to head in a better direction when it comes to equity. But of course, there’s room for improvement. I recently read an article from The Register called, Where are the women in cyber security? On the dark side, study suggests. It highlighted a study claiming at least 30%, and likely more, of cybercriminal forum users are women—suggesting the black hat world may be more “meritocratic,” as they put it in the article.
Rachael: Fascinating, and it definitely sheds a different light on women and security. Why do you think diversity, especially equity for women, is so important to the industry?
Erin: One of the things I love most about the tech space is that it takes all kinds of backgrounds to innovate. Some may have an engineering background, or some may have a writing background, like me. Others may have served in the military before working in security. The avenues to cybersecurity are many. This diversity of life experience, it’s all so valuable.
We need these varying perspectives because tech has such far-reaching implications for users and our community at large. It can’t be just one frame of reference. How can you successfully address problems or improve circumstances for large, diverse populations unless the solutions are developed from an equally diverse perspective?
Rachael: That’s so well said. It paints a great picture. Everybody wins when we diversify cybersecurity. If we look at where security’s headed, what cybersecurity trends are going to have impact on a large scale?
Erin: Recently, I had a very interesting conversation with a couple thought leaders here at F5 around the future of zero trust. So often what we hear about zero trust in the market is centered around “access.” And there’s so much focus by organizations on preventing bad actors from “getting in” to the network. However, zero trust extends far beyond access. We see that with the zero trust principle of “assume breach.” A zero trust security model assumes that a breach is inevitable or has likely already occurred. This principle is so important because, no matter what we do to prevent bad actors from “getting in,” they still manage to get in. Again, access is fundamentally key, but it's not the whole story when it comes to zero trust. And zero trust security models need to be designed with “assume breach” in mind. If not, there is a much higher probability of negative impact, and that impact can be more severe.
It’ll also be interesting to see the security challenges AI will create. Everyone’s talking a lot about ChatGPT, and it’ll certainly impact how cybercriminals formulate their attacks in addition to how we’ll detect and respond to them. It’ll be a fascinating space to keep a close eye on.
Photo: Erin trail running with her adventure buddy, Stella
Rachael: As a woman in cybersecurity myself, I think it’s valuable we have role models–especially ones that are representative. What powerful women do you admire?
Erin: I admire those driven to discover, like Amelia Earhart and Marie Curie. Toni Morrison is another woman I admire. One of her notable quotes I’ve always loved is, “As you enter positions of trust and power, dream a little before you think.” I share this because it seems so fitting for our topic here. This notion of not limiting oneself, that instead we should set big goals because we can achieve them. Jacinda Arden, former prime minister of New Zealand, is a great example of this in my mind. I find her to be inspiring and a trailblazer—I especially love how she encourages people to be leaders and embrace who they truly are while doing so. She’s also a great representation of balancing a successful career with family life.
Rachael: Such bold women, and all inspiring in their own way. How can the community better support women in cybersecurity?
Erin: We all have a role in eliminating the disparities. It can be as simple as advocating for a coworker who’s being repeatedly talked over during a meeting. It can be as big as advocating for pay equality, getting involved with D&I programs within an organization, or supporting nonprofits like Women Who Code. I’d also say to my fellow women colleagues, don’t take a backseat. Surround yourself with advocates, but always advocate for yourself. Self-advocating was something I needed to improve upon over time—it didn’t always come naturally. But practice makes perfect and with a general growing awareness of the disparities people face, we have much more opportunity to effect change for the better.
Other Q&A in this Four-Part Blog Series
A Journey to Gender Parity: Q&A with Navpreet Gill on Empowering Women in Cybersecurity