[00:54] A Dive Into the Cyber Workforce

Rachael: Please welcome back to the podcast Maria Roat, she's founder of MA Roat Consulting and a former US Deputy Federal Chief Information Officer. Maria, welcome back.
Maria: Oh, thank you so much Rachael and Petko. So happy to be here.
Rachael: Last time we caught up, unfortunately, we had a hard stop and we couldn't keep talking. So there was so much more that we wanted to talk with you about. And so I'm so glad you're back joining us and would love to really dive in a bit more on our conversation around cybersecurity and STEM and bringing folks into the industry. I was just reading this article with you, it's a Q&A, an acceleration economy. What I love about what you said was, "I tell people to get comfortable with being uncomfortable. It's okay not to know everything." I feel like that's a wonderful setup into having this conversation.
Maria: Oh yes, it's my tagline, if you will. I use that all the time because when you talk to women and others in different fields, I've had about every job in tech that you could have. And I tell people, "Look, it's okay to be uncomfortable and take on jobs where you don't know everything. If you know 10%, great. You know something, but you're not going to walk into a job and know everything."
And I think that's part of telling people to get comfortable being uncomfortable. And part of that is taking risks, right? Whether it's your career and your job or doing whatever it is that you're doing. Part of that being uncomfortable is when you take risk, you're going to be uncomfortable and you plan for the worst, hope for the best and move on.

 

The Women in the Cyber Workforce

Rachael: Exactly. I wonder, do you think that there's an intimidation factor maybe as it relates to the STEM? I was looking at some of these stats, it was at AAUW, so it was the American Association of University Women. They had 16.5% of women are in engineering and architect roles, which I thought, 16%? Still today? I mean, that just seems incredibly low. Why?
Maria: That's interesting because 16% isn't a lot.
Rachael: No.
Maria: It really isn't. You want much more than that in just more broadly in STEM fields. It's interesting when you go back. When I first started working in tech, data processing way back when, there were a lot of women and they were operators. But as moving forward and moving into the late '80s and into the '90s when PCs and networking and all that were coming around. All these women that I had worked with in operations, they were all retiring and the replacements weren't coming in, right? 
This is where I ended up oftentimes by myself. But that 16% today, fast-forward to today, having 16.5% in engineering and architecture, I really scratch my head at that and say, "Why aren't there more women that are out there?", right?
You see this big cycle coming through and it's like, "Why aren't there more women working in engineering and architecture?" The field is fascinating to me. And when I see the numbers, it's disappointing.
Rachael: Yes. I mean, Petko, do you have perspective perhaps? I mean, you've got a technical background. What have you observed? 

 

 

A Profession Dominated by Man

Petko: I think back on my career when I was in school even, and I do remember hearing statistics that there's more women graduating with college degrees than men. But yet I reflect on my engineering classes, it was like 1 out of 10 maybe or 1 out of 20 that were doing the traditional STEM degrees. But I still wonder, given how high of a degree we have in how many people are actually graduating, how many women we have graduating with college degrees, we definitely should have more than 16%.
It is interesting, but I think we definitely need more in the STEM specifically, I mean, I'm reflecting. Even my kids, I've got girls, some of them are not open to some of the traditional STEM like math and everything else. They're more interested in different types of arts. And maybe as a parent I kind of look at it and say, "Well, I don't want to force them into engineering. I want to let them find their own career." Or maybe I should force them. I don't know. You tell me, please. You guys educate me as a father of girls. What should I be doing?
Maria: You know what? I am a mother of three daughters, and I'll share with you in this STEM conversation, two of my daughters, so one of them, she got a masters in neuroscience and right now she's in PA school, Physician Assistant school. So she'll be going through the program and she'll start her residency stuff later in the summer. 

 

 

An Outlier in the Cyber Workforce

Maria: But when you think about it, one of my oldest daughter, she's not a college graduate, she's been to school. She does a massage therapy. But with the classes she's taken and her understanding of herbs and medicine and stuff like that. She knows more about the body and the workings because she's not doing massages that, I need a massage for the day to relax. She's doing it for more physical therapy or chiropractic type. She's doing those kind of massages. 
When I think about her in that STEM field, but she doesn't have a college degree. And again, she knows more about the body and the muscles and the ligaments. She also knows about medicines and herbal medicines and all this stuff. And I'm like, that's the sciences piece of it. How do you capture that population as part of the STEM because these folks aren't just giving a massage. She's very technical. She knows more about the body, it's just incredible.
Rachael: Well, do you think some of it's maybe how we categorize or characterize certain people. Do people even think that there's the soft skills that are attributable to STEM? I mean, does she think about that at all as being within that realm or we still kind of have these walls up?
Maria: Not at all. She doesn't think in that way. I guess a couple of years ago is when I had that aha moment that said, wow, really what she's doing, she's an outlier maybe when you look at the curve. She's probably an outlier. 

 

 

[8:18] Bringing Cyber Workforce Into the System of Education

Maria: But how many of those are there out there that we're not really counting when we think about traditional STEM or cybersecurity or engineering or those kind of fields? Or even like my other daughter who's in PA school, an informal education. She's all very much hands-on.
Rachael: Yes, it's fascinating.
Petko: That is fascinating because I do think about like, I was actually in the engineering classes, but yet I know there's so many women that do other sciences. Biology and others, that are still doing sciences. But when we start comparing cybersecurity, we get stuck on engineering and we don't actually say, "Well, hold, cybersecurity includes a lot more than just engineers." And maybe Rachael, you got a point, is we're not counting folks correctly or quantifying it. Maybe we're overcounting by just double-counting others. I don't know.
Maria: Yes, I don't know that there's a good answer to it. But I think having her in the family, you talked about having daughters, you've got this one, it's just interesting from that perspective that she's not counted as part of the STEM community.
Rachael: I wonder, is it earlier education, Maria? I mean, if we were to start bringing this into school curriculum and elementary. Or is it something related to that to kind of start changing views or attitudes of what are traditional, I guess, occupations versus the art of the possible today, which is quite wide open?

 

Cyber Workforce Introduces a Different Kind of Learning Experience

Maria: Yes, and it is wide open. I think whether it's talking to high school students, here's what's in the realm of possible. You might be a horrible high school student. You could be a horrible and non-traditional. I say that because high schools are very formal and very traditional learning. If you are a non-traditional learner, like my oldest daughter who's very hands-on and learns differently, you need to recognize that. And how do you nurture students in high school who are non-traditional learners that are very much hands-on that don't always follow that formal education, right?
 She struggled in high school because of the structure and the rigidity. Yet when she went out on her own, she's doing very well, and that whole biology piece of it. So in high school, thinking about those non-traditional learners and how do you bring that in. I think some of the technical education that many of the states have for high school students where they do have hands-on architecture. Traditionally it's been auto mechanics and cosmetology and there's been many things like that. But there's also many schools have coding classes and programming or networking and things like that. 
Some of those are much more practical than the traditional learning sense in a classroom for those that are non-traditional learners. I think to the extent, high school students, maybe they could take advantage of that or you could share that information from a guidance counselor perspective. But how do you queue up that somebody's non-traditional just because they're failing their classes all the time, right? How do you narrow in on that?

 

 

Hands-on Experience in Cyber Workforce

Petko: Maria, you've got an interesting point there because I do think universities, at least when you do engineering, the first two years are known as weed-out classes. They're always theory-based. You don't get to the practical in theory year three and four so you end up automatically saying, "Well, this isn't for me" in year one and two. So folks who are hands-on who want to just go learn and do versus just theoretical.
Maria: Yes. To follow on that, if you look at what I did in my career, everything I did was, right? I was on the 25-year plan to get my college degree. Now I had a lot of aptitude in math, in science, and I had developed an interest in computers. But if you look at everything I did when I joined the Navy, it was all hands-on, operations, networking, moving into network engineering, just continuing to move.
Everything I did was hands-on. I did get my degree and it took me 25 years from start to finish. But when I did the last eight classes, I was like, "Oh, easy-peasy because I've got all this hands-on experience and I could blow through some of the policy and some of those more formal learning." As you said, the first two years of college. So I blew through those pretty quickly because I had all this hands-on and thinking differently about that.
I think we've talked about veterans before, right? Talk about tons of hands-on experience with veterans. Now the military does pay for a lot of education, right? They send people to schools and things like that. But looking at veterans and having that ability for a lot of the hands-on, that is just so valuable.

 

[13:28] The Impact of Cyber Workforce on the Government

Rachael: Absolutely. I do want to point to your time in the government, and I look kind of across the government today and all the female leaders in these technology roles, right? A chief information officer or CXO, or whatever. I feel like in some ways the government fleeting the way of it here on the art of the possible and getting more female leaders in STEM. I think that's kind of the first part to get more people interested.
Maria: Yes. If you go back probably about six years, five or six years, the federal CIOs in government, almost half of them were women. I'm seeing a lot of women coming up through the ranks in federal government. And so there's a lot of women that are deputies. I don't know how many are CTOs right now, but there were quite a few CTOs that were women. But you're seeing more and more of that. And chief information security officers, CISOs, right? So you've got a lot of technical expertise. The federal government gives you the opportunities on this. 
Because being able to advance and get into these positions if you want to and to go after and chase them down and apply for them and go get those jobs. And when you think about it, I know there's a lot of bashing in the federal government. But when you look at the federal government and how much the government leans in on technology, you just don't hear about it. A lot of times you hear about the bad stuff in tech, but there is so much good stuff going on, right?

 

Cyber Workforce Makes Things Easier for the Government

Maria: For example, at NASA, it took I think 130 hours of inspecting an astronaut's glove to make sure of all the data, right? 130 hours to inspect the data. People were doing all of this. Well, they took the data and took on an initiative and put it up in the cloud and it took less than five seconds to inspect the data. This is a real-world application. These are astronauts that are going in space, right? 
So they put them in the cloud, leveraged AI, put all that together, and it took less than five seconds, which allows for those experts to focus in on other things, right? They're not going to lose their jobs, they're going to focus in on other things. But that's where the federal government's really leaning in and really driving in on the mission. You see it across zero trust capabilities across the federal government. Tell me who in the industry is doing all of that, right? 
The executive order came out a couple years ago, right? The federal government is going to do this thing and they're going on a zero trust journey, right? It's not a one-and-done thing. It's a multi-year initiative and continuing to build it in and building in security from the very beginning. There are so many women out there that are a part of this. Part of that federal government's mission in supporting is really leaning in on tech and you just don't hear the good stories around that.

 

 

 

Utilizing Soft Skills in the Cyber Workforce

Rachael: Right. So try to think of how do we open the door wider, Maria. I think when you were here last time, you were talking about how there's such a great connection with all of the federal CI, CXO leaders, particularly the women. A lot of people as they exit, be it the military or government, and they're trying to figure out how to navigate the industry. What advice do you give them on how to move out of these very structured roles into what could be the wild west for some?
Maria: Yes. Wow, that's a great question because when you're coming out of the military very structured and all that. A lot of things that people bring to the table that they really don't highlight are some of their soft skills. When you think about all the soft skills that people learn, how to be a part of a team, anybody in the military. They know how to be a part of a team, right? And so looking for those and really touting those soft skills. Presentations, talking to people, being able to do the outreach, right?
It might not be public speaking, but it might be the ability to have presentations and knowing when to reach out to people, collaboration, and all of that. I think people need to lean in on those soft skills too, not just their technical skills. As they're moving in and out of government or as a veteran leaving the service or moving into industry, really pay attention to those soft skills because they bring so much to the table. 

 

 

 

Making Use of One’s Collective Experience in the Cyber Workforce

Maria: I know when I reviewed resumes of veterans in particular, I knew that anybody who was a veteran, every time they got promoted, went to a leadership class, right? It's commensurate with their grade. They went to a leadership class. So even if you were a junior, you went to some kind of leadership class. And as you got more senior, it was much more executive leadership and those kind of programs. Knowing that, when I paid attention to resumes that had veteran's experience in it, because as a veteran I knew what they were bringing to the table in terms of soft skills, the leadership. 
Oftentimes, sometimes they might have been picking a job that has nothing to do with tech or cybersecurity but they had the potential of the aptitude. So when you start talking to them, the potential and the aptitudes are there, and I think people forget that, that capability's there. I have a friend of mine's son, I've known him since he was a baby. He's getting out of the army right now and he's a drone pilot. He is a qualified drone pilot. He has his wings, right? All the qualifications. 
The army has spent tens of thousands of dollars on him. He's been deployed, he's been in overseas in Afghanistan. This is the UAVs, the big ones that he's flying. So here he is getting out of the army. While he's got all of these skill sets around the UAVs, he would like to get into the cybersecurity field. But how do you take the capabilities that he has with the drones in teaching because he's teaching others more junior people? How do you translate that into an industry job? I've been working with him on that.

 

 

[20:10] The Value of Cyber Workforce Experience

Maria: About a week ago, he said, "Well, so far all I can find is a help desk job." And I'm like, "Oh my God, you've got almost about six years of experience flying drones, and you're going to take on a help desk job." I'm like, "Where are the people who need the drones?" So this is firsthand some of the struggles.
Petko: Maria, just to share. In the industry, we don't have many drones. I don't have a drone that I fly regularly.
Maria: Yes, but you've got folks who do inspections. Think about the power companies. They're using drones to inspect their power lines, right? You've got the Department of Labor with OSHA, they're out there all the time. You've got just industries all over the place that are driving, they're flying drones. You can see.
Petko: Yes, absolutely. I will tell you though, having worked with UAVs before, I think it is you do get that mission side and that in some of those individuals that fly those UAVs are literally doing for 12, 15 hours straight. If you can imagine being from a screen focused because if you're not, you literally could have crashed an airplane for 12 hours. I don't think many of us could do that, you know?
Maria: Yes. Well, I know. For him, I think it comes from all his video gaming in high school.
Petko: But there is definitely some valuable skill sets there. Having the mission experience, I think, is one of those areas that people underestimate and they focus on the technical.

 

A Valuable Experience

Petko: I do want to share something. We were talking about women earlier in CISOs, I think back of all the CISOs I've worked with. What I kind of found is you kind of always mentally put things in two buckets. You have the technical CISO who gets really technical and focused on just the technical side. And then you have the business side CISOs who says, "Well, what's the outcome we're trying to achieve?" I don't want to tell you what to go use. I'm not going to tell you to go use Linux, Mac, Windows. "I want this outcome. You figure out what's the best solution."
And I'll tell you, looking back on it, I think I found more women lined up with the outcome focus than men. Men get stuck in the weeds, but the women say, "Look, I want this outcome. You figure out how to get me there." They're very good about focusing on what's important. I think we forget about the outcome focus. We get stuck in the, "Oh, he flies an airplane. How does that translate technically?" But yet the outcome is he saved lives, he has amazing focus, he's able to lead others to do the same thing and execute and complete tasks, which is extremely important.
Rachael: Great point, Petko. Honestly, I can't think of a better place for us to insert a cliffhanger in today's podcast.
I'm having so much fun speaking with Maria Roat. I know you are too, Petko. Let's make this a two-part conversation. So to all our listeners out there, be sure to join us next Tuesday as we catch up again with Maria Roat because this is just too much fun. So until next week, please be safe.

 

About Our Guest

 

Maria Roat is currently retired from federal service after more than 40 years in the industry. She started her own consulting firm called MA Roat Consulting LLC, which takes up most of her time. However, she is also on the Board of Directors for On Mission IT, AFCEA Bethesda, and Aquia Inc. She also works closely with VETSports Inc. as a member of the Board of Directors.

Maria Roat served as the Deputy Federal Chief Information Officer for two years after starting the role in May 2020 with over 35 years of professional experience in information technology.

Previously, Ms. Roat served as the Small Business Administration Chief Information Officer October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat also served more than two years as the U.S. Department of Transportation Chief Technology Officer and was responsible for establishing and leading DOTs technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Additionally, she served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program.

Prior to joining DHS in 2004, Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.