Diana L. Burley, Ph.D. is an award-winning workplace cybersecurity professor, researcher and consultant who currently serves as a full professor in the Graduate School of Education and Human Development at the George Washington University in Washington, DC. She is a co-author of the well-received Enterprise Software Security: A Confluence of Disciplines (Addison Wesley, 2014).
Dr. Burley is a sought after international speaker and the author of more than 60 academic and trade publications. For nearly 20 years, she has acted as a consultant to corporations and government agencies in navigating issues related to IT-enabled change, cybersecurity workforce development and knowledge management. Her board service includes two terms on the Advisory Committee of the Virginia General Assembly Joint Commission on Technology and Science (JCOTS) Cyber Security and Goodwill Industries International. A graduate of Carnegie Mellon, Dr. Burley has been quoted in many top-tier media outlets, including Bloomberg Politics and MarketWatch Radio Network.
How has your life experience made you the leader you are today?
I have been blessed in my life to have had many opportunities to observe good leaders across a variety of environments. Although different in many ways, what has been consistent across each of them is a genuine commitment to the people -- understanding and respecting their essence; and to the mission -- working toward a collective goal. I can remember early experiences of going to work with my mother. She was a senior level college administrator for many years. She never entered the office with a flourish -- never announced, "The boss is here!" Instead, she opted to enter quietly; letting people continue their work and fostering an open and comfortable work environment. She was firm (you had to perform), but she always exhibited a genuine concern for people. Every year she invited two young women to join us for dinner and the Ebony Fashion Fair ( a haute couture show that almost seemed like a rite of passage for young Black women in my hometown of Pittsburgh, PA). There was no lecture or lesson; just an opportunity to connect. I learned, through her, that leading is about understanding people -- breaking down barriers between you and meeting them where they are so that you can walk forward together. My father taught me to focus on the mission, to set a goal and get it done. He was the epitome of "actions speak louder than words" and from him I learned to exhibit the type of selfless dedication to the collective mission that I want to see from those around me.
How has your previous employment experience aided your tenure as a cybersecurity expert?
As a college professor, my career has been all about exploration and pushing boundaries. Everyday I get to dissect ideas, produce new knowledge, and examine persistent questions with new perspective. This is the perfect background for a cybersecurity professional. The field is dynamic and it requires agility, drive and curiosity -- all skills I that have had an opportunity to hone over the years. Throughout my career, I have had the opportunity to work in many different environments. As an academic, I have moved from public policy to business to IT to education. I have worked in the federal government and in the private sector. This breadth of experiences has solidified in me an interdisciplinary approach to solving complex problems. Given the nature of the evolving cyber threat environment, this problem-based perspective serves me well. It is exciting to address new challenges (or new components to standing challenges) every day, and to be at the forefront of the discussion that has direct implications for securing our nation.
What have the highlights and challenges been during your tenure as a cybersecurity expert?
2014 was an exciting year. I was humbled to be named the Cybersecurity Educator of the Year by the Colloquium for Information Systems Security Education (CISSE). This award made me the only person to receive recognition as both the educator of the year and the government leader of the year (which I received in 2008) from CISSE. Because CISSE is the premier national consortium of cybersecurity leaders across academia, government and industry, this acknowledgement is particularly gratifying because it means my work is making a consistent and broad national impact.
Another highlight of 2014 was the publication of my co-authored book Enterprise Software Security: A Confluence of Disciplines as part of the industry-leading Addison Wesley Software Security Series. I was honored to work alongside my colleagues, Ken van Wyk, Mark Graff and Dan Peters (all global cybersecurity experts), to argue for a holistic approach to enterprise security - one that links software developers and security experts. It is a big picture book with actionable advice and we have received high praise from both academia and industry.
Although I tend not to focus on them, my career has certainly seen its share of challenges. In a male dominated field like cybersecurity, women face a constant battle to prove that they deserve to be in the room, and in many cases at the front of the room. This challenge is exacerbated as a woman of color. What I will say about the field of cybersecurity, however, is that the nature of our business requires that most people continuously prove their worth -- the environment demands it and I am up to the challenge.
What advice can you offer to women who want a career in cybersecurity?
The field of cybersecurity is dynamic and challenging. The landscape is constantly evolving; which means you have to be agile. It is exciting to address new challenges (or new components to standing challenges) every day and to know that your efforts are helping to secure the societal infrastructure. Learn everything you can. Read constantly. Ask questions and attend gatherings of women in the field such as the Grace Hopper Celebration of Women in Computing and the Annual Women in Cyber Security Conference. Speak up. Your voice (your ideas, your perspective) is unique and that makes you incredibly valuable. Don't be afraid to challenge the status quo. Push the boundaries of what is 'real' today because tomorrow comes faster than you think.
How do you maintain a work/life balance?
I'm fortunate to have the kind of job that affords me flexibility in my workday. I structure my days to ensure that I have family time. Of course, this means that I often start my workday early in the morning and end it very late at night. When possible, I include my family in my work. My son can explain the concepts of confidentiality, integrity and availability as well as I can and we discuss adversarial tactics at dinner. My daughter helps me prepare cybersecurity awareness campaigns for kids and she often provides me with statistics and stories for my seminars. For us, cybersecurity is a family activity.
What do you think is the biggest issue for women in the workplace?
The biggest issue regarding women in the cybersecurity workforce -- numbers. Women in cybersecurity are few and despite targeted efforts to increase the number of women entering the field, we are still fighting an uphill battle. A related but often overlooked problem is in retaining the women who do enter the field. Unfortunately, statistics suggest that we have a sieve problem in cybersecurity where many of those who enter the field choose to leave. Workforce development efforts must address both the recruitment and the retention of a diverse cybersecurity workforce.
How has mentorship made a difference in your professional and personal life?
I would not be where I am today without many tremendous mentors who have and continue to provide guidance in my life. I am very grateful that so many individuals have willingly given of their time and talents to help advise me along my journey. And I often gain even more when I mentor others. I have found that even a small gesture -- a 15-minute telephone call, cup of coffee, or a brief email response -- can have a significant impact. Sometimes we just need a little push. I was surprised recently when after giving a speech, a young woman approached and thanked me for encouraging her to enter the cybersecurity field during a brief conversation nearly eight years prior. Although I am certain that my role was small, her comments did cause me to reflect on all of the brief conversations and words of encouragement that have propelled me through uncertain times and encouraged me to persevere.
Which other female leaders do you admire and why?
There are so many. Rather than naming a few, I would like to highlight the group of women who are leading national efforts to develop a global cybersecurity workforce of sufficient size, quality and diversity. I truly admire their dedication and their collaborative approach to securing our societal infrastructure. I am proud to work along side this group of remarkable educators, industry experts, government leaders and policymakers.
What do you want to accomplish in the next year?
My goals are big. I want to drive the national dialogue on cybersecurity workforce development to a place that allows us (cybersecurity educators, policymakers, employers and all stakeholders) to think beyond current educational structures and shortsighted fixes based on anecdotal evidence alone. And instead, resolve to develop a resilient and agile cybersecurity educational system - one that is designed to adapt to the dynamic and volatile environment. I am striving to develop a holistic system that incorporates both evidence-based, short-term interventions that address immediate needs; and strategic long-term initiatives that address the entire ecosystem of educational, professional and environmental demands. I have high hopes for 2015.