Susan Peterson-Sturm has been with ABB for two years, and is inspiring digital innovation with the company’s oil and gas, chemicals, power generation and water businesses globally as digital lead, energy industries. Sturm met with Pumps & Systems Managing Editor Drew Champlin at ABB Customer World to speak about cybersecurity employment opportunities. Few women are choosing cybersecurity as a career path, yet many exciting jobs are available in the sector.
Sturm oversees the energy industries business unit at ABB, which partners with the energy and water, oil and gas, specialty chemicals and primary pharmaceutical industries for improved operations and sustainable progress worldwide. ABB is focused on supporting companies with achieving safe and sustainable operations, with cybersecurity as an integral piece to realizing the benefits of digitalization. Peterson-Sturm is passionate about cybersecurity, and recognizes it brings unique challenges.
“Power is a commodity you can’t store,” she says. “In cyber, what’s really compelling is you have a completely heterogeneous solution at every plant.”
P&S: Why are there not as many women in the field?
Peterson-Sturm: By and large, men dominate the cybersecurity job market. Women will make up only 20 percent of the cybersecurity workforce by the end of 2019. While that’s up from a mere 11 percent since 2013, there are more opportunities with cybersecurity careers. Cybersecurity has a real numbers problem right now, because there are so many empty jobs. Ultimately, it is detrimental for a factor like gender to narrow the pool of people pursuing the field.
For women, cybersecurity still has something of a perception problem. Women often don’t see security as a viable career path because of various points of view often ingrained young. Unfortunately, it is often reinforced when women who pursue tech careers turn out to be the only one in the room. When this happens, work culture can get stuck in a self-perpetuating cycle. These problems are difficult to fix because they’re subtle and pervasive: wrapped up in culture and education.
But I think it’s your feedstock. I think that’s probably a big piece of it. It’s not so much just about women. Fifty-eight percent of companies surveyed in Kaspersky’s recent The State of Industrial Cybersecurity 2018 report shared “hiring [industrial control systems] ICS cybersecurity employees with the right skills” is a major challenge when it comes to managing their organization’s ICT [information and communications technology]. This problem is not going away.
What many people don’t realize is that technical expertise can be learned. Many cybersecurity professionals came to the field from a nontechnical background, outside of traditional information technology paths. More and more, we are seeing the opportunities of choosing a vocational path. We’re seeing this in classical engineering, such as electrical engineering with Georgia Tech, Virginia Tech and Rice doing a lot with their university programs and starting to infuse more around security. As OEMs, we can give those programs equipment and use cases. In fact, at ABB we have a partnership with a university in Italy.
The more immediate way we can start thinking about supporting talent generation is by creating some good career paths around our own stakeholders who work in critical infrastructure companies or in technology companies. I think there’s a lot of interest to do this, but we have to create some ways to mentor and train people. As companies, we need to think: “How can we grow this talent, because we’re not going to hire it off the open market.”
P&S: So, it is not just a problem with a lack of women in cyber security?
Peterson-Sturm: There are millions of jobs that go unfilled in this space. That’s just cybersecurity, for which a lot has traditionally been in IT (information technology). You mix that with how many people have a background in an operational technology context, and it’s way, way narrower.
P&S: Is there an intimidation factor?
Peterson-Sturm: Sometimes, but often it is misperceptions. There can be a disconnect between hiring managers’ and candidates’ expectations. While many candidates may not feel qualified for a position for lack of technical skills, most hiring managers prioritize communications and analytical skills, understanding that new employees will rapidly acquire technical skills as they gain experience.
I really love it when people want to solve a big, hairy, audacious goal. I hire a lot for mindset. It’s not prescriptive like “follow these six things.” Especially when you’re talking about legacy technology that’s out there: you can’t even follow a secure design process, because you’re trying to retrofit in a context where something’s already operating. Ultimately, you have control over people and processes that can be applied. If people are comfortable being change agents, they’re very powerful, but it’s a different mindset.
P&S: What is the path to get into cybersecurity?
Peterson-Sturm: We’re seeing more security programs coming up, including in the electrical engineering path. Many programs are infusing a lot more security and digital content into the curriculum and getting interested people early on in their career development. For example, there are government agencies who do hack-a-thons. Idaho National Labs does some internship programs for high school students. I’m not saying we have it solved for younger folks, but there are some really nice entry paths out there. It’s sort of a blend type of approach, not as classical.
Mentorships, scholarships and incentives aimed at attracting and promoting opportunities in the industry do a good job for those already working, but better messaging is also needed to attract recruits.
As demand is far outpacing supply in the sector and cyberattacks aren’t going away anytime in the foreseeable future, job security in this sector is strong. Thanks in part to an extreme drought in cybersecurity talent, salaries are, generally, good. A fast way to deal with this problem is to look at people already working in our companies and add to their skill sets. A blended type of approach is required.
P&S: Why is it important for women to be represented in this career field?
Peterson-Sturm: It is not just about men versus women: diversity in perspectives, leadership and experience is good for business. This is critical in the cybersecurity space because we need people with disparate backgrounds. The people we are pursuing also have a wide variety of backgrounds and experiences. The wider a variety of people and experiences we have defending our networks, the better our chances of success.
The power of having a reference or a role model in any field that you can identify with at some level is very important. I have lots of really important mentors who are men and coaches. As a corollary, my father grew up on welfare in New York City, and he believed his two career paths were being a priest and being a factory worker. He was incredibly talented and skipped two grades and got a full ride to Cornell to be an engineer, but prior to that experience, he had no contacts.
For everyone, that’s what inclusion really means. IT could be something as simple as, “I’m an instrumentation and controls engineer, so how do I pivot into a path around security?” and providing some sponsors. I think those references are super important at a psychology level.
P&S: How do you recruit women and younger people for the cybersecurity field?
Peterson-Sturm: We’ve done some really good work to bring people in. We’ve got a gentleman from the U.K. who brought in a recent college grad with more of an IT type of background and they gave him some of our industrial products and said, “Go to work on these, and try to hack into them.” That’s one path, certainly. We’ve done some specific work trying to sponsor that type of engagement.
Since 2012, ABB has partnered with the Women’s Forum, which brings together leading members from government and business sectors to share new perspectives on current commercial, political and social questions. The goal is to internationally create a powerful network to strengthen the influence of women and to draw up innovative and concrete action plans to encourage women’s contributions to society.
Recently, we were a sponsor for an event called “Day of Shecurity,” where there was a lot of technical training and best practices sharing. Our global product manager for cybersecurity participated in a panel talking about her career path in OT security. OT (operational technology) security has not been around for 12 years, so it’s not like, “Here’s a degree I’m going to take.” She was able to share how she broke her way into the space. Seeing some people’s paths is really important and creating some networks is really important as well.
ABB has also joined forces with global leaders such as AXA, DHL, EY, Facebook, Google, Nestlé, Salesforce and Twitter to mobilize the business community through The Global Alliance for YOUth, which is a business-driven movement of like-minded organizations passionate about helping young people around the globe get the necessary skills to thrive in the world of work, today and tomorrow.
P&S: What kind of opportunity is there?
Peterson-Sturm: In security, there are so many jobs that have gone unfilled. Part of the problem is that we don’t have a ton of maturity in how we’re positioning security roles. If I put it to a corollary in medical, it might be, “I’d like a cardiologist, who is also a child pediatrician, who also is good in geriatric nutrition, osteopathic medicine and good at occupational therapy.” You’re unlikely to find an employee with many years of experience. The responsibility is on us as companies to think about how we structure sustainable teams and how we give people really strong career paths to move in those directions.
P&S: If this was not a thing 25 years ago, will more jobs be filled in the near future?
Peterson-Sturm: I think we’re seeing it. If you were to Google “cybersecurity master and undergraduate programs” and how they have trended, those didn’t exist five years ago. The woman who cuts my hair, for example, her husband is transitioning from the Armed Forces and using his GI Bill to study cybersecurity. The gentleman who is my husband’s personal trainer is studying that as well. Those are really anecdotal, but if we’re seeing a trend that common, then people are seeing it is a viable career growth and sector. It’s growing super quickly.
P&S: Is there anything else our readers should know about?
Peterson-Sturm: It’s an incredibly important issue for our colleagues working in the industry. We care a lot about maintaining the critical infrastructure. There’s a massive amount of turnover in people who work in security. I read a statistic that said the average tenure of a chief information security officer was 24 months. I worry about burnout in people. Well-intended people think to themselves, “Are we doing enough?” I see a problem. How do we address this? My call to action is, as companies, to really think about supporting people who have an interest and are taking on challenges to create new career paths, so expertise can grow in an organization. The workforce will come, but it’s not going to happen overnight. We can’t hire fast enough, so how do we grow our people and really support them? This is a priority.