Name: Joyce Brocaglia
Title and company:
CEO, Alta Associates;
Founder of the Executive Women’s Forum on Information Security, Risk Management & Privacy;
Number of years in the information security industry: 25
RSAC: What was your first job in the infosec industry?
Brocaglia: I founded Alta Associates, an executive search firm in 1986. The Russians hacked into Citibank in 1994 and Steve Katz, their first ever CISO, reached out to me and engaged Alta Associates in building the first ever information security organization. Fast forward 25 years later, Alta Associates has placed over 100 CISOs, IT Risk Officers, technology leaders and the teams that support them. I’ve had the amazing opportunity to work with corporations throughout the U.S. as an industry insider assisting them in elevating the role of the CISO and creating innovative workforce solutions. Interacting with exceptional women in our field inspired me to found the Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF) in 2002. Today, we are the largest member organization dedicated to engaging, developing, and advancing women in our field. With over 45 Corporate Benefactors, we are positively impacting women at all levels through our executive, mentorship, and millennial programs, National Conference and regional meetings. Both Alta and the EWF allow me to follow my passion of building world class teams and developing women leaders in our field.
RSAC: If you weren’t working in the infosec world, what would you be doing?
Brocaglia: I am an entrepreneur, I like creating companies that are aligned to my passions. I am an advocate for those who are underrepresented and strongly believe that by increasing diversity, access and opportunities for everyone, we will create a better world. For that reason, the next company I’m launching in 2019 is BoardSuited, a comprehensive e-learning course for all professionals who aspire to be on board of directors. BoardSuited will increase the pipeline and the quality of diverse and underrepresented candidates for Board of Director roles by taking the mystery out of the workings of a Board and providing access to and insights from seated board members. Through BoardSuited, learners gain a clearer understanding, vision, and personal roadmap of the path to advisory, non-profit, or corporate board service. I’m excited by this opportunity to prepare a broader audience for their first seat at the table.
RSAC: What does the RSA Conference 2019 theme of “Better” mean to you?
Brocaglia: Given all of the chaos in the world right now, I firmly believe it is up to each and every one of us to make not only our workplace but also our world a better place. Communities like RSAC and EWF provide people with all that they need to fully step into their power and have a positive impact on society. At this year’s EWF National Conference, I asked this question of all the women attending: “If not us then who?”
If not us then who will reach out and lift the next generation of leaders as we rise in executive ranks?
If not us then who will not only speak up, but act out, on behalf of ALL women in the workforce and in our industry? If not us then who will ensure that we will continue to move positively forward in gaining equal access, equal opportunities, and equal pay for women in our field? As a leader in the cybersecurity field, regardless of our gender, I believe we have an obligation, a responsibility, and a duty to improve not only the security of our companies and our country, but to make our workplace better for everyone.
RSAC: What is the biggest challenge facing the infosec industry right now?
Brocaglia: In the world of people, process and technology there’s a reason why people come first. The biggest challenge in the infosec industry today is the workforce gap. All of the technology in the world doesn’t matter if there isn’t proper leadership to create strategies and solutions and teams to implement them. Diversity of all kinds -- gender, race, sexual orientation, age, skillsets and education -- is necessary to meet the complex challenges we face. That means all cybersecurity professionals have to take an active role in ending conscious and unconscious bias, considering candidates with broader skill sets, and experiences and working with internal and external recruiting organizations to actively recruit diverse candidates. Hiring managers need to take control of the process and require their internal recruiting teams to present a slate of diverse candidates for all openings and select executive search firms to partner with who have established a track record of placing qualified underrepresented candidates.
RSAC: Complete this sentence: 2025 will be the year of the millennials.
Brocaglia: In 2025 three quarters of the workforce will be millennials. I believe it’s important that we as leaders provide strong mentorship and development opportunities for today’s millennials who are our future leaders of industry and government. I am witnessing millennials rising in the ranks more quickly than the generations before them.
According to the 2018 Deloitte Millennial Survey, “Young workers are eager for business leaders to be proactive about making a positive impact in society—and to be responsive to employees’ needs. Our respondents are imploring business leaders to take the lead in solving the world’s problems, to shift organizations’ motives from inordinately focusing on making profit to balancing social concerns, and to be more diverse, flexible, nurturing of and generous with its employees. Those organizations that are able to deliver likely will attract and retain the best millennial and Gen Z employees and potentially strengthen their prospects for long-term success.” I believe that millennials’ common values and beliefs will have a positive impact on reshaping corporations in the future.
RSAC: You’ve been helping companies fill infosec jobs for three decades. What skills and/or capabilities are your clients looking for in candidates now that they weren’t when you founded Alta in 1986?
Brocaglia: In terms of leadership roles, organizations are searching for professionals who are not just technically competent but have more traditional executive skills. A common theme in CISO searches is that companies are prioritizing a candidate’s ability to articulate complex technology issues in business terms, have a holistic understanding of risk and the ability to utilize cybersecurity as a value add and business enabler. Another big difference is that companies increasingly looking for assistance in elevating the role of their CISO requiring candidates to have the ability to present to the board of directors.
RSAC: What piece of advice do you have for young women interested but hesitant to enter a career in cybersecurity?
Brocaglia: I would tell them if they would like a career that they can solve complex problems, collaborate with other smart people, and feel as though what they are doing is contributing to the good of many others, then they should consider a career in cybersecurity. As the world becomes more connected through the internet of things cybersecurity impacts the lives of everyone. Most people have a myopic view of the desired skill set of cybersecurity professionals. They don’t realize that sales, marketing, psychology, music and many other disciplines that require both creative and analytic thinking are a good foundation for a career in cybersecurity.
There are many brilliant women who are extremely technical both currently in and entering the field. It’s important for them to also understand the value of business acumen and becoming well-rounded. For those women with non-technical degrees, it’s important for them to understand that the technical skillsets of cybersecurity professionals are only crucial for certain roles. There are an enormous number of roles that are incredibly impactful and challenging in the field that don’t require technical expertise but still have an executive level career track.