Developing Superwomen in Cybersecurity

Hi! My name is Ryan Kovar. You might have read my blogs on splunk.com, played a Boss of the SOC event or even have seen me present around the world at conferences. If you follow me on Twitter, you may know that I love wire data, hunting APT actors, and my two Bernese Mountain Dogs.

What you may not know, though, is that I'm a passionate advocate for diversity and inclusion in tech. My journey to becoming an advocate and ally of WiT and underrepresented people in tech has developed over the 20+ years of my career. However, I've recently made it a priority to use my position as a leader in Splunk to open doors that might otherwise be closed for women and minorities in the cybersecurity world.

Why have I become more active and vocal about my beliefs of diversity in tech? One word: Splunk.

We might have just wrapped up Women’s History Month, but we can’t fit everything into the scant 31 days that March holds. A 2017 (ISC)² report showed that women made up only 11% of the global security workforce^[2], and Splunk has been very open on reporting its diversity & inclusion numbers publicly. Since I joined 4+ years ago, Splunk has run many internal education events, awareness campaigns, and social events to raise awareness of the lack of women in technology, while also being open and transparent about our attempts to improve our diversity numbers as a company.

Now some might ask, “Do these awareness campaigns and education courses work?” Anecdotally, I can say that they absolutely do. They opened my eyes to how it shouldn't be normal that everyone I worked with looked exactly like me. It made me realize that in my entire career, I've only ever had 5 women on my direct team (and two of them at Splunk). These brown bag lunches taught me that having everyone with the same experience does not provide the full breadth of knowledge that is needed to excel in a team or a company.

This path to becoming a vocal ally was crystalized for me at a Women in Tech social event held by Splunk just over a year ago. While chatting with my colleague Kelly Kitagawa, I mentioned that I would love to “help more” but didn’t want to impose on a group of women with yet another man’s opinions. She immediately brought me to task and pointed out that if I didn’t “open the door for us, who will.” Kelly showed me I had the agency to make the changes that I believe need to happen.

This was literally a career-changing conversation. Since then I have made active efforts to learn, become an ally and mentor, and use my influence at Splunk and in the cyber community to bring change at a local level the best ways I know how. I depend on a group of women like Katie Nickels, Lily Lee, and Jade Catalano to act as my mentors in WiT as I champion changes I believe in. Many of those ideas culminated in an event we call the "Developing Superwomen in Cybersecurity" lecture series and Boss of the SOC Capture the Flag (CTF) exercise.

The "Developing Superwomen in Cybersecurity" is an event to normalize women in cybersecurity. The format is simple: A morning of talks by women who are doing awesome stuff in cybersecurity. We encourage them to talk about what they are passionate about. If that's reversing malware, then talk about RE work! If the speaker is passionate about mentoring young people, go for it! We intersperse networking breaks and then have lunch. Afterward, we run a collaborative and educationally-focused blue team CTF (Boss of the SOC). Our speakers are badass women who do everything from running global incident response teams with over 30 people to individual contributors who excel at threat intelligence. Each event has been different and awesome.

Washington, DC

Our very first event was run in Washington, DC at the Splunk Tysons Corner office. We had four speakers: Amy Parde (Sony), Katie Chase (MITRE), Lillian Teng (OATH), and Katie Brown (SONY) who each spoke for 30-40 minutes about their work or career in cybersecurity. Our audience was a mix of age, sexes, and gender—just like the real world. This was one of the most rewarding experiences I've ever been privileged to participate in. 

San Francisco

Quickly following DC, we held an event at the Splunk HQ in San Francisco! Our own Haiyan Song, Amanda Rousseau (Endgame/now Facebook), Rita Kozlov (Cloudflare), and Laura Louthan (Angel Cyber Security) provided the content of morning sessions before pivoting into an afternoon of intense CTF.

Phoenix

Most recently, we worked with ISACA, SecureNation, and TEKsystems (who hosted the whole event) to run a "Developing Superwomen in Cybersecurity" in Phoenix. Dea Ann Farley (TerraVerde), Lily Lee (Splunk), and Lisa Kachold (IT Clowns) gave talks, and an Arizonan-hot BOTS took place in the afternoon.

Future Events

Sure, we've had over 150+ people attend these sessions, but that's the past—what are we doing in the future? We're hoping to take this event global! We're currently working on finding a location in London to run the next "Developing Superwomen in Cybersecurity" event and already have some tentative speakers lined up, while in America, we're looking at Chicago and/or Dallas for our next event.

For each occurrence, we try and find local speakers to highlight. If you're interested in speaking or attending, please feel free to send us an email at bots@splunk.com and we'll keep in touch.

I'm so excited to share what we are doing here at Splunk. In my experience, it's rare that you can work somewhere and feel like you're helping to make a change. Being a part of the large ^[1] team that helps run these events has been a life-changing experience that I'm so proud of. Change isn't fast, but if a short conversation over a glass of champagne can change my world view, maybe a couple hundred words in a blog post can affect yours. Cheers! 🥂

<sup>[1] SOO many people at Splunk help these events go on. Special mentions to Lily Lee, Jade Catalano, Sabrina Lea, Dave Herrald, Kelly Kitagawa, James Brodsky, Sarah Moir, Matt Valites, Suzanne Campell, Grace Balancio, Ivonne Tirado, Brittany Wood, Kristi Liesegang and Erika Strano AND many more (who I am missing) that helped run and facilitate the ”Developing Superwomen in Cybersecurity” days in Washington DC, San Francisco, and Phoenix!

[2] https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf</sup>