The tech sector in the 2010s was marked by a patchwork of both progress and regression in workplace equality and representation. In some places, hiring practices have become more equitable and inclusive, but significant room for progress remains. How will the 2020s unfold? Let’s highlight the work of some influential black leaders in cybersecurity according to rThreat in order to encourage others to take seriously the value of underrepresented experts. Here are 12 of the most influential black cybersecurity experts on our radar.
Camille Stewart
Head of Security Policy for Google Play and Android at Google
Camille Stewart is an attorney specializing in national security and technology. She is a fellow of the U.S. House of Representatives, the Internet Law & Policy Foundry, the Truman National Security Project, and New America. She was appointed Senior Policy Advisor for Cyber, Infrastructure & Resilience Policy at the U.S. Department of Homeland Security by former President Barack Obama.
Her current projects include preventing data exfiltration from courts. Most recently, Camille has addressed how foreign and domestic threat actors have hijacked racial tension in America to interfere with internal affairs and advance political goals by radicalizing majority groups and inciting violence.
Larry Whiteside Jr.
Founder and Chairman of Whiteside Security LLC. Co-Founder & President of the International Consortium of Minority Cybersecurity Professionals
With over 25 years of experience in IT management, security analysis, and risk assessment, Larry Whiteside Jr. has a towering resume, which begins with his service as a U.S. Air Force officer. In 2014, he co-founded the ICMCP with partners Devon Bryan, Julian Waits, and Carlos Edwards. The ICMCP’s impressive team of security professionals works to secure scholarships for minority students, promote cybersecurity career paths, and provide professional development and leadership training.
Devon Bryan
Managing Director and CISO of KPMG US & KPMG Americas Ltd. Co-Founder of the International Consortium of Minority Cybersecurity Professionals
Like his peer Mr. Whiteside, Devon Bryan’s career in cybersecurity began as a U.S. Air Force officer, coordinating counter-information operations and designing security strategy and policy at various assignments. He rose through various management and director positions at the IRS, Federal Reserve System, and ADP before becoming CISO at KPMG US and KPMG Americas. He holds an M.S. degree in Computer Science.
Julian Waits
General Manager of Devo Security Business Unit. Chairman of the Board Of Directors of the International Consortium of Minority Cybersecurity Professionals
Mr. Waits’ 30 years of experience cover almost every aspect of technology deployment, including software development, network engineering, field systems programming, security, management, and sales. By our count, he has held the title of CEO 5 times since 2004, including at ThreatTrack Security Inc., PivotPoint Risk Analytics, and SAIFE Inc. He advises early-stage technology companies in market growth, business strategy, and professional development.
Carlos Edwards
Program Director, Cyber Threat Fusion Center at Internal Revenue Service. Co-Founder and Vice President of Operations of the International Consortium of Minority Cybersecurity Professionals
Prior to co-founding the ICMCP, Mr. Edwards served in the U.S. Navy as a Network Monitoring Supervisor and worked at the IRS as an Associate Director of Computer Security Incident Response Capability, and later of IT Security Strategy & Performance. He is currently the Program Director of the Cyber Threat Fusion Center at the IRS.
Mari Galloway
Sr. Security Architect. CEO of Women’s Society of Cyberjutsu
Ms. Galloway worked as a network engineer and security analyst in the private sector for over 5 years before taking a similar role in the U.S. Department of Homeland Security. She is a founding board member and current CEO of the Women’s Society of Cyberjutsu, which provides education, training, and mentorship to women in cybersecurity.
Mari holds a BBA degree, a B.S. degree in Computer Information Systems, an M.S. degree in Information Systems, and a litany of technical and management certifications, including CompTIA Security+, Project+, and CySA+, and (ISC)2 CISSP.
Dr. Crystal Williams
Cybersecurity, Compliance, and Risk Manager at Spathe Systems. Southeast Regional Director of the Women’s Society of Cyberjutsu
Dr. Williams’ career in technology began as a computer technician in the U.S. Marine Corps, where she served for 2 years following high school graduation. She held a number of administrator and engineering positions of increasing levels of seniority before being appointed Information Security Certification and Accreditation Manager and Information Assurance Lead at the U.S. Department of Defense contractor ARMA.
Crystal has taught as an adjunct instructor at Campbell University and Webster University and written IT courses for Western Governors University. She holds Master’s degrees in Management Informations Systems, Information Security Analysis, and Information Assurance. She holds a PhD in Information Assurance and Security.
Tomiko Evans
Founder and CEO of Aerial Footprint LLC. Rising Star winner at the 2019 Cyberjutsu Awards
Ms. Evans earned her B.S. degree in Computer Science from Clark Atlanta University, where she also worked as a computer technician. She held a number of engineering positions before advancing to system administration roles at Georgia Aquarium, Hettich America, and The Goal. Tomiko holds an M.S. degree in Cybersecurity Technology from her alma mater. She also holds the FFA Part 107 certification for piloting drones. Currently, she researches UAV systems security at her own company, Aerial Footprint.
Tyrone E. Wilson
Founder and President, Cover6 Solutions. Organizer, D.C. Cyber Security Professionals
After serving in the U.S. Army as a computer technician, Tyrone moved to an Army Reserve unit, the Northeast Information Operations Center, where he was deployed to respond to network intrusions in Iraq. After this period of accelerated learning, Tyrone worked at the U.S. Cyber Command, the FBI, and the U.S. Department of Energy.
In response to current security issues not being taken seriously, and widespread ignorance about digital security, Tyrone began to organize security professionals in Washington D.C. on meetup.com to combat these issues. With over 7,500 members, D.C. Cybersecurity Professionals is now the largest cybersecurity meetup group in the country.
Renee Forney
Senior Director of Cyber Assurance at Capital One. Board Advisor at Executive Women’s Forum
After earning her B.S. degree in Computer Information Systems and M.S. degree in Engineering Management, Renee Forney held a number of senior positions in the private sector, including as a Senior Information System Security Analyst. She worked for over 5 years in the U.S. Department of Homeland Security directing workforce development and analysis programs, including cybersecurity workforce training and retention.
Ms. Forney is currently the Senior Director of Cyber Assurance at Capital One, where she oversees risk management and threat intelligence. She was recognized as a Woman of Influence by SC Magazine in 2016 for her noteworthy contributions to the betterment of online security and data privacy. As an advisory board member at the Executive Women’s Forum, Renee has organized mentorship and leadership development programs and forged partnerships with public and private institutions to educate youth about online safety, security, and privacy.
Regine Bonneau
Founder and CEO of RB Advisory LLC. Co-Founder and CEO of SafeFirst Partners LLC. Co-founder of XR Safety Initiative
Before Ms. Bonneau’s career in risk management and cybersecurity, she earned her BBA degree, Master’s degree in Accounting and Financial Management, and M.S.degree in Law (JSM). Her path to cybersecurity began as a Quality Assurance and Risk Management agent at Digital Risk LLC. She later co-founded the XR Safety Initiative and became a Cyber Security Fellow at New America.
Regine presently advises South University, ECPI University, Florida Polytechnic University, and University of South Florida Muma College of Business on technology program design. She is the Vice President of the Information Systems Security Association (ISSA) Tampa Bay Chapter and the Chair of the ICMCP Internship Committee.
Dr. Stephanie Carter
CEO at JDC Unleashed. Minority Educator of the Year 2017 winner at the International Consortium of Minority Cybersecurity Professionals
Dr. Carter began her career in cybersecurity though the U.S. Army where she served for over 18 years. During this time, she advised multiple government agencies in matters of IT and security. She holds a B.S. degree in Software Engineering, an M.S. degree in Management Information Systems, and a Doctor of Computer Science degree. She also holds multiple technical certifications including CompTIA Security+ and Network+, (ISC)2 CISSP, and Microsoft MCTS, MCSA, and MCITP.
Through her company JDC Unleashed, Dr. Carter provides subject matter expertise and management to various companies and institutions, including the U.S. Department of Justice. She volunteers as a mentor to new business owners and prospective college students.
A note from the author: This list is by no means comprehensive, and is necessarily incomplete, as many more black cybersecurity leaders and experts are sure to rise to prominence in the future. If you know someone who you think should have made it onto this list, please connect with me on LinkedIn and tell me about them.
Each February, the United States, Canada, the United Kingdom, and other countries observe Black History Month. It’s a month-long celebration of the generations of black people who have elevated society by the way in which they’ve lived their lives. It’s also an opportunity for us to recognize that there’s still plenty of work to do in the name of promoting diversity and inclusion.
This moment reaches into every sector—including cybersecurity. Indeed, (ISC)2 found that minority representation in the cybersecurity profession was just 26%. Fewer than a quarter (23%) of those individuals held leadership positions in their places of work. That’s despite the fact that 62% of minorities in cybersecurity held a master’s degree or higher, (ISC)2 learned.
Camille Stewart, Google’s head of security policy for Google Play and Android, explained that such a lack of minority representation—especially in leadership positions—ultimately holds back the cybersecurity industry. She used the example of a critical infrastructure company to demonstrate this reality to Dark Reading:
If you are contemplating how to build resilient systems internally that will then affect a diverse consumer base – your critical infrastructure, whether it’s water or electricity – how that [then] affects the daily lives of people who live in predominantly white suburbia versus a black suburban area, versus an inner city with a diverse array of socioeconomic folks, [these] things will be different: The city’s ability to respond. The city’s ability to mobilize around whatever your mitigation is. The impact it will have on how the children in the home are able to connect to school. The ability for the family to have a generator to back them up should the electricity go out. The ability to combat food insecurity if you’ve lost water, or electricity, etc. All of those things change based on things like race and socioeconomic status. And if your mitigations don’t contemplate for the diversity of your consumer base, you have a problem.
Clearly, diversity is instrumental in creating a more secure world. But that raises an important question: how do we foster diversity in cybersecurity?
The State of Security reached out to me along with several other minority cybersecurity experts to ask us about our experiences in the industry. Together, our responses provide a roadmap with which we can honor Black History Month and make the cybersecurity industry a more inclusive place for all.
On the Importance of Mentors
Question 1: Mentorship is extremely important in the world of cybersecurity. During your career, who has helped open doors for you? Who has had a positive impact on your life and how?
Raymond Kirk, @Raymond_The_PM
When it comes to mentors and positive impacts I believe it’s important to have these interactions early in life.
For me, I’ve been fortunate enough to have an extremely talented and impactful mentor from the time I was in high school: Charlton Hudnell, an economics and social studies teacher at the time, who had a way of encouraging me and my peers to strive to be positive members of society, understand the landscape which we would need to navigate and learn the importance of leadership through service.
These values have translated directly into my professional career. In practice, this meant doing work you can be proud of, staying hungry to excel, knowing your value, and giving back. I trace all my success back to Charlton Hudnell and the potential he saw in me as a young man.
There is also De Cranford, a Program Director/Guru whom I admire. She has truly shown me how to take large organizational and life challenges and then break them down and execute them! She is restless in holding me accountable for my continuous improvement both personally and professionally.
Then there’s Danyell Johnson, my former manager during my Technical Consultant role at Hewlett Packard. He was a great mentor; he encouraged me to get as much training and knowledge about as many products and technologies as I could get my head around. He saw potential in me that created the space and time for professional development from data center experiences to pursue my path to a PM.
Finally, I had the pleasure of working with Roderick Thornton, a project manager, during our time implementing one of the largest global implementations of Salesforce that had ever been done at the time. He showed me how to communicate and gain executive buy-in, manage multiple stakeholders and deadlines and make it all look easy.
Emanuel Ghebreyesus, @etg71
I think mentoring is more than just the work you do in your cyber security job/world. What you do in your work is defined by who you are as a person, how you have gotten there, what drives you to excel, your principles, your work ethics, your ambitions, what self-challenges you take on to enhance your ability to get you committed to a cause, what you are trying to achieve and for what or whom you are driving yourself.
With this in mind, I would like to honor a few mentors:
- My Father and Father-in-law are and will always be my greatest mentors. It would be impossible to cover all I have learnt, continue to learn and their achievements here, as I would need to write a book each for them; however, I have included a summary below.
My father and father-in-law are both entrepreneurs with extensive experiences, who have taught me the world of business and how to be a successful businessperson by always knowing what you are talking about, always being prepared, being flexible to adapt to any situation, and daring to dream the impossible. My father’s commitment to progress, to his family and to self-sacrifice to pay for and provide me with the education I had in UK boarding schools and tutorial colleges was something very few Eritreans have ever achieved. Please note that in the 1980’s the average earning for Eritreans was ~£75/month.
It is not often, where you would find a family as complicated and/or as diverse as mine. Out of the 19 siblings, my wife and I have, only the two youngest are not married or in a long relationship. We are a diverse family because we are married to and have children with people from multiple backgrounds (Eritrean, Ethiopian, Caucasian English, Black American, Moroccan, Caribbean, Mexican, Canarian, Spanish, Venezuelan, Kenyan, and French, who are accepted and are equal. Our children speak 12 languages between them.
- VPs and Directors (Richard Parkinson, James Stirk, Mike Dalton, and Ross Allen), who had different impacts on me.
- Richard and Mike saw the potential I had coming from an IBM background, when I first started in Cyber Security at Network Associates. They continued to drive me to keep getting trained on the solutions and kept providing me with bespoke Spiff incentives ($5K-10K/month). They committed to me, and I gave my word to never let them down when they needed me to bring in more business when they needed it most.
- Ross Allen (aka “The Bull” and “Rossweiler”) built like a wall and scary as hell, but who drove me to excel with his carrot and stick approach
- James Stirk: He ran the Government team at Oracle for over 20 years before he joined Intel Security/McAfee at the same time as my second term. He knew everything about government business and drove me to learn something that didn’t about the UK Government. He recommended people to be my mentors, but I didn’t want anyone else because no one else knew more than he did.
- Paul Rutland: My SE at McAfee, who took time to personally and continuously train me on all things that had to do with firewalls, IPS and IDS systems. This became my main business generators during my time at Intel Security/McAfee. I drove the business from $200K to $4.5 million a year.
Fareedah Shaheed, @CyberFareedah
I would not be where I am today without mentorship and coaching along the way. A couple of people that have been pivotal in my journey are Dr. Jessica Barker, Jane Frankland, Crystal Ro and Aprille Franks. There have been so many others; if I forget to name them, please charge that to my mind and not my heart. Each one of these people has opened countless doors for me and given me phenomenal advice for my life and career. Every single achievement the public sees can be traced back to my mentors’ and coaches’ continuous support.
Gabriel Gumbs, @GabrielGumbs
There is no shortage of people who have opened doors for me in this industry and throughout my career. A couple of those examples have been in unexpected ways, however. If I have to mention any one of them by name, it would be the person who hired me for my very first infosec job: Richard Shuemaker.
I had a very strong interest in security and had been involved in the local security community in New York City, however, at the time, I was a network engineer. Richard took a chance on a scrappy propeller head and helped me navigate not only the bits and bytes of the professional security world but also the business side. He was my first mentor; we became friends over the years, and since then, I have always felt a calling for paying it forward.
Ambler T. Jackson, LinkedIn
During my career, I’ve worked with several supportive men and women who have helped open doors for me and shape my career. I’ve been fortunate to work with people in leadership at various organizations who believed in me, provided an opportunity to grow as well as gave sound guidance and invaluable feedback based on their own experiences.
The feedback that I received always came at the right time, and it oftentimes allowed me to plan the next steps for my career. My peers and colleagues have also shared information and opportunities with me and encouraged me along the way.
Jihana Barrett, @iamjihana
I can honestly say that different people have poured into my success in this industry. I did not have any direct, streamlined mentorship. When it was time to study for a certification, I sought help from a particular group or individual when I needed to hone my knowledge and my skillset. When I needed more confidence. I turned to another group for leadership and I guess guidance in that way.
So, it was not one particular person, but there has been guidance and mentorship throughout this entire process because there was no way it wasn’t going to happen.
Also, I think another reason why I didn’t have streamlined mentorship was that I didn’t see anyone that was my gender or my ethnicity doing what I was doing. They were engineers, or they did something else, but they didn’t specifically do cybersecurity.
And I remember at one point in my career really seeking that out. And then I realized I just had to create it for myself and then take up that charge, take on that charge to do it for the next generation.
So, that’s why I do career days at my high school. And when people want to talk about how to get into the industry, I offer consultation on that because I know what it felt like to not feel like there was anyone doing what I wanted to do or anyone to ask those questions from. Because of that, my life and how it’s impacted me have just been phenomenal.
Honestly, I know that cybersecurity is my calling, and it’s my purpose. How I present it and package it to others is how I have the most positive impact.
How to Become a Better Ally
Raymond Kirk
Being an ally means truly understanding that Black Lives Matter, being brave enough to articulate that, and looking for ways to be a part of the solution against racism and inequality. African Americans have been oppressed for hundreds of years. I think it’s important to understand that not all Americans get the same starting line on their path to success; decision-makers will need to reach earlier in the pipeline to groom and attract diverse talent in the infosec community.
Emanuel Ghebreyesus
The advice is very simple but complex. It is also impossible for anyone to say they can’t find information about this elsewhere. Anyone who has the wish and states they can’t find information on this is in denial and purposefully avoiding this internally.
Without the below, nothing can start.
- Care enough to make a difference as well as take action to follow what history has wrongly taught and how you may have been raised.
- Don’t look at anyone based on color, gender, race or age.
- Everyone is unique, so don’t try to put them into a category you have created in your mind.
- Practice respect, humanity, generosity, understanding and pure desire to treat everyone as a human being first.
- Google “Black Lives Matter” and look at https://www.livescience.com/difference-between-race-ethnicity.html, Cultural Diversity, Difference Between Culture and Society, 10 Ways to Be a Better Human Being, Diversity and inclusion strategy 2019 to 2023, Useful organisations for diversity and inclusion, to name a few.
Fareedah Shaheed
I would say to find a way to make a positive impact in the life of someone who doesn’t look like you. This positive impact can come in many forms:
- Recommending them as speakers.
- Sharing job opportunities.
- Mentoring.
- Sharing resources.
- Endorsing them.
- Giving them a testimonial.
- Introducing them to your network.
- Supporting their work and/or initiatives.
- Asking them what support they need and then following through.
And one of the best things allies can do is work on themselves internally by reading books, watching documentaries and having meaningful conversations with themselves and friends on self-awareness and change.
Gabriel Gumbs
Black History Month is larger than the community from which it derives its name from. Civil rights are human rights. The reflection of the contributions made by African Americans throughout history in every aspect of daily life in the face of inequality should be driven by all because it is a universal story of struggle.
For those that may not know where to start, but desire championing Black History Month, I would suggest they begin by exploring the lived experiences of others and looking for opportunities to understand those experiences when compared to their own lived experiences. That happens through conversation; it happens through genuine interactions fueled by curiosity.
Ambler T. Jackson
For allies who want to do more to improve awareness, inclusion, and opportunities in the infosec community, I suggest being comfortable with providing feedback to those who may need a gentle push in the right direction and sharing information and opportunities broadly! Post it on social media, share it at work, share it with your local public library and share it with your book club members. You never know how sharing information and opportunities both inside and outside of your network could change the trajectory of an individual’s career.
Advice for Getting Involved
Question 3: Can you recommend any communities that people looking to join the industry, or those looking to grow their networks, should look to be involved in? Where they can find new opportunities to learn and grow?
Raymond Kirk
One of my favorite communities I always recommend to young adults is yearup.org. They have a phenomenal workforce development program that includes several tracks into the IT and cybersecurity field.
Outside of that, I would look at meetup.com for local IT/cyber security events to network and even General Assembly for training and events.
Emanuel Ghebreyesus
The same as what I said before. Care first and be a human being that refuses to judge at sight but who wants to understand and get involved.
Fareedah Shaheed
The most helpful opportunities to learn and grow come from meeting new people. And these people may turn out to be mentors or job opportunities.
I would also start to be active on Twitter and LinkedIn. Start having conversations with people from the industry. This will lead you into the communities and opportunities you want.
Gabriel Gumbs
The International Consortium of Minority Cybersecurity Professionals is a great community for those looking to grow their networks and join the industry. However, I would also highly suggest ISACA, SANS, OWASP and local B-Sides communities.
There is no one right answer, and in fact, digital communities have been thriving during the pandemic. I would look into the Slack and Discord communities that align with your technology and security interests.
Ambler T. Jackson
Both Women in Security and Privacy (WISP) and the International Association of Privacy Professionals (IAPP) are great organizations for people to join and to tap into a network of like-minded individuals.
I belong to both, and I enjoy utilizing their resources and network as I continue to learn and grow in my career.
5 years old article
According to data from the United States Department of Labor which publishes the Bureau of Labor Statistics (BLS), ‘Black or African-American’ people make up only 3% of the information security analysts in the U.S.
There’s either a typo in the Bureau’s figures — or there’s something wrong. BLS updates the employment numbers every other year, and their latest for the ten-year period 2014-2024 was published on the BIS.gov website in December of 2015.
BLS states information security analysts’ jobs are expected to grow 18% through 2024. The position is involved with combating hackers who break into corporate networks. In 2015, Lloyds of London estimated that cybercrimes were costing businesses globally as much as $400 billion. Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. The latest cybercrime forecasts – which came out after BLS’ employment data, may indicate even more growth for the information security occupation.
According to BLS, the 2014 median pay for information security analysts was $88,890 per year. The position usually requires a four-year college degree. There’s lots of upward mobility from there. Cybersecurity has one million job openings in 2016. The top five IT security salaries range from $175,000+ to $230,000+ per year. At the top of the profession, some chief information security officers (CISOs) earn $400,000+ per year.
Exposing teenagers to cybersecurity is a gateway to college programs and ultimately information security analysts and other careers in the field. There’s a growing number of programs that help high schoolers learn about cybersecurity. Teachers, guidance counselors, and parents need to take the lead and tell students about these programs.
The International Consortium of Minority Cybersecurity Professionals (ICMCP) and the International Colloquium for Minorities In Cyber Security (MICS) are two organizations devoted to promoting career opportunities for African Americans and other minorities in Cybersecurity. They provide technical training, scholarship opportunities, community outreach, mentoring programs, and job listings.
In early 2015, Vice President Joe Biden announced $25 million in funding for cybersecurity education at 13 historically black colleges and universities, two national labs and a K-12 district. The White House stated that demand for cybersecurity workers is growing by as much as 12 times faster than the U.S. job market, and is creating well-paying jobs.
President Obama’s 2017 cybersecurity budget is $19 billion – which is a 35% increase over 2016. The budget includes student loan forgiveness programs for cybersecurity experts who go to work for the U.S. government. To help young people get there, the President announced the Computer Science For All Initiative earlier this year. The program is designed to increase access to tech skills training in K-12 schools throughout the nation. This is mandatory reading for all educators and parents who want to advocate for their high school kids – and get them on a track for future tech and cyber careers.
African Americans should be properly represented in the cybersecurity field. Hopefully by the end of the BLS’s forecasted period — in the year 2024 — the information security analyst employment figures will include many more minorities.