Susan Peterson-Sturm has been with ABB for two years, and is inspiring digital innovation with the company’s oil and gas, chemicals, power generation and water businesses globally as digital lead, energy industries. Sturm met with Pumps & Systems Managing Editor Drew Champlin at ABB Customer World to speak about cybersecurity employment opportunities. Few women are choosing cybersecurity as a career path, yet many exciting jobs are available in the sector.
Sturm oversees the energy industries business unit at ABB, which partners with the energy and water, oil and gas, specialty chemicals and primary pharmaceutical industries for improved operations and sustainable progress worldwide. ABB is focused on supporting companies with achieving safe and sustainable operations, with cybersecurity as an integral piece to realizing the benefits of digitalization. Peterson-Sturm is passionate about cybersecurity, and recognizes it brings unique challenges.
“Power is a commodity you can’t store,” she says. “In cyber, what’s really compelling is you have a completely heterogeneous solution at every plant.”
P&S: Why are there not as many women in the field?
Peterson-Sturm: By and large, men dominate the cybersecurity job market. Women will make up only 20 percent of the cybersecurity workforce by the end of 2019. While that’s up from a mere 11 percent since 2013, there are more opportunities with cybersecurity careers. Cybersecurity has a real numbers problem right now, because there are so many empty jobs. Ultimately, it is detrimental for a factor like gender to narrow the pool of people pursuing the field.
For women, cybersecurity still has something of a perception problem. Women often don’t see security as a viable career path because of various points of view often ingrained young. Unfortunately, it is often reinforced when women who pursue tech careers turn out to be the only one in the room. When this happens, work culture can get stuck in a self-perpetuating cycle. These problems are difficult to fix because they’re subtle and pervasive: wrapped up in culture and education.
But I think it’s your feedstock. I think that’s probably a big piece of it. It’s not so much just about women. Fifty-eight percent of companies surveyed in Kaspersky’s recent The State of Industrial Cybersecurity 2018 report shared “hiring [industrial control systems] ICS cybersecurity employees with the right skills” is a major challenge when it comes to managing their organization’s ICT [information and communications technology]. This problem is not going away.
What many people don’t realize is that technical expertise can be learned. Many cybersecurity professionals came to the field from a nontechnical background, outside of traditional information technology paths. More and more, we are seeing the opportunities of choosing a vocational path. We’re seeing this in classical engineering, such as electrical engineering with Georgia Tech, Virginia Tech and Rice doing a lot with their university programs and starting to infuse more around security. As OEMs, we can give those programs equipment and use cases. In fact, at ABB we have a partnership with a university in Italy.
The more immediate way we can start thinking about supporting talent generation is by creating some good career paths around our own stakeholders who work in critical infrastructure companies or in technology companies. I think there’s a lot of interest to do this, but we have to create some ways to mentor and train people. As companies, we need to think: “How can we grow this talent, because we’re not going to hire it off the open market.”
P&S: So, it is not just a problem with a lack of women in cyber security?
Peterson-Sturm: There are millions of jobs that go unfilled in this space. That’s just cybersecurity, for which a lot has traditionally been in IT (information technology). You mix that with how many people have a background in an operational technology context, and it’s way, way narrower.
P&S: Is there an intimidation factor?
Peterson-Sturm: Sometimes, but often it is misperceptions. There can be a disconnect between hiring managers’ and candidates’ expectations. While many candidates may not feel qualified for a position for lack of technical skills, most hiring managers prioritize communications and analytical skills, understanding that new employees will rapidly acquire technical skills as they gain experience.
I really love it when people want to solve a big, hairy, audacious goal. I hire a lot for mindset. It’s not prescriptive like “follow these six things.” Especially when you’re talking about legacy technology that’s out there: you can’t even follow a secure design process, because you’re trying to retrofit in a context where something’s already operating. Ultimately, you have control over people and processes that can be applied. If people are comfortable being change agents, they’re very powerful, but it’s a different mindset.
P&S: What is the path to get into cybersecurity?
Peterson-Sturm: We’re seeing more security programs coming up, including in the electrical engineering path. Many programs are infusing a lot more security and digital content into the curriculum and getting interested people early on in their career development. For example, there are government agencies who do hack-a-thons. Idaho National Labs does some internship programs for high school students. I’m not saying we have it solved for younger folks, but there are some really nice entry paths out there. It’s sort of a blend type of approach, not as classical.