Stories

Palo Alto Networks' Rinki Sethi on increasing diversity in cybersecurity

Rebecca Zisser / Axios

Rinki Sethi, senior director of security operations and strategy for Palo Alto Networks, spends a lot of time thinking about how to attract a more diverse workforce in the cybersecurity field, where only 11% of workers are women. To that end, she's helping the company create a curriculum for 18 cybersecurity badges for the Girl Scouts, which will launch next year.

Why it matters: While the gender gap is pervasive throughout the tech industry, it's even more pronounced in the highly technical security sector. Sethi has held security operations roles at Wal-mart.com, eBay, and Intuit, and she says hiring managers need to focus on doing one simple thing: looking for candidates who are different than themselves.

Here are some highlights from Sethi's recent chat with Axios:

You've written about the importance of taking risks in your career. How has that played out for you?

A lot of people have fear of taking the risk and actually asking for the position they want. When I was at eBay, I wanted to be chief of staff of the cyber organization there and my boss said "no, you're not ready." Sometimes you get the yes and sometimes you get the no. At that point it was no, but it turned around quickly. I've taken so many risks since then, but that was a game changer for me.

How does taking risks translate to hiring for diversity?

Hiring managers need to be more selfish. It's not taking a risk to find the best person for the job. But that that also means you need to broaden the scope and bring in thought diversity to your team. I want to find someone to compliment the team but the only way to do that is to go outside of what I'm comfortable with.

Thought diversity goes beyond gender. [In India], I was talking to someone whose employee built a security operations center —and that employee was completely blind. I was blown away. The way that person is going to solve a problem is going to be so different. It's about removing my own biases, understanding where I've come from, and then looking at how I can complement that in a different way, That goes beyond [hiring] women.

What's your biggest focus when it comes to security threats these days?

We're pounding the pavement about prevention. In the security industry, it used to be about detection and containment. People use to believe that breaches and attacks were going to happen — that you can't prevent them, you just have to be ready to respond to them. That's changing. It's now about designing networks, infrastructure, applications to prevent those attacks in the first place.

What does that mean for the skills the industry is looking for?

Our customers are having trouble finding talent. So they're looking at using automation... to reduce the surface area for attacks, so they are not having their employees do the same things every day. They're trying to move to threat hunting — looking at how something happening on one part of the network correlates to what's happening to on another part of the network — which requires a lot of data analysis. It's easier to recruit talent into jobs focused on threat hunting because those are the fun roles in security... It's less about the technology than it is about having the right people who know how to use that technology.