Tonya Drummonds has worked for Dell for 25 years. As a leader and a Culture, Diversity & Inclusion (CD&I) Champion, Tonya has invested heavily in connection and education in her own organization. 

Over the past two years, Tonya hosted monthly cultural events in which team members learn all about new regions and traditions. She also facilitated training that goes well beyond the foundational requirements, inviting experts to share best practices. 

What was your educational journey?

Life was my education after school. I skipped a couple of grades and graduated high school at 16. I loved learning. But graduating at 16 made my parents worry about sending me to college with older students. So, going to college at that time was out of the question. They asked me what things I wanted to do. I decided to do some volunteer work and travel until I turned 18.  

Going back to my senior year of high school, I actually attended to two schools. The main one I attended in Brooklyn, New York was a school of the arts, but I wanted to learn computer graphics. Because I had most of my credits, my school day ended early. I was able to get on a bus and train and attend an afternoon computer graphics class at another school. So, learning graphics was in addition to doing well in typing and word processing classes.  At 18, my parents were willing to let me work and I jumped at the chance to find a job doing what I learned in school.  

I chose a couple of contracting agencies because I knew that I would get a chance to work at different places until I found one I liked. So, wanting to use the skills I learned in high school, I asked them to find specific positions in word processing and using computers for those companies that had them and computer graphics. They did just that.  

I worked part time and loved it. Within a year, I was mentored and befriended by someone who ensured that I worked in her department. When she changed roles to one with GE Capital, she called me up and gave me an opportunity to work there. That role was perfect for me. They kept me on as their permanent floater for years, which allowed me to continue with my volunteer work. I also had an interior design business and worked with my husband in his home repair and construction business!  

What attracted you to cybersecurity? 

Well, I applied to Dell Technologies because I needed a full-time job a few years after moving to Austin from New York. My husband and I had just bought a home and I decided not to establish my interior design business after moving. At the time, I was not attracted to cybersecurity or any other department at Dell, but I landed a role in the IT department.  

IT is applications and infrastructure which requires security, and I quickly saw the value of security to our organization and our customers. As a program and portfolio manager in my early days at Dell, I was willing to accept any challenge given to me. I’m curious, want to learn and always asking, ‘what’s that?’ It was taking on a new program and challenge that led me to cybersecurity. 

How did you get your first job in cybersecurity? 

I was part of a program office that rolled out disaster recovery at Dell, ensuring there was a dual location for data centers to be able to recover if something were to happen, like a natural disaster.  

I managed the recovery documentation and planning of the program. I interviewed all the application and infrastructure engineers to understand what recovery steps were needed, based on their priority.  

So that was the start! I enjoyed the technical conversation and really learned how we develop applications and infrastructure and what is required to protect it. We had hundreds of applications that required documentation for recovery. During this process, I talked to so many developers and engineers who worked on the very applications that global workers used and depended on daily. Resiliency is so important and what I was doing was key to ensuring that. I realized then that I wanted to be a part of cybersecurity. 

Describe the path between your first position and your current career path. 

My first position at Dell was as an executive admin. Then I became part of a large project management office. After working on disaster recovery, I began a portfolio role that also included reporting. I created scorecards and dashboards, specifically for executive management. I learned how to take a lot of information and show it in a concise and impactful way. It’s kind of like a visual story....and I love storytelling.  I also started taking on portfolio work, which involved me seeing all the programs of my business unit. My role morphed into marketing the value of those programs and their status. That work was pivotal for executive strategy. 

When I was asked to investigate something called data classification that was going to help us protect our data, I accepted. The goal was to identify and label all our data for sensitivity. Guess who I would have to talk to again? Developers and engineers. I learned details of encryption at rest, encryption in transport, logging and alerting of financial data, access management, data obfuscation, etc. 

That then led to my role as the project manager for enterprise data management and then to my role as a strategist. I focused on the lifecycle management of global electronic data, protecting employees, customers and vendors. That led to the role I had before my current position, the Director of Enterprise Information Security Governance. 

What are you working on right now?

While I held my data governance director role, I also inherited a team from our acquisition of EMC. The customers of EMC had a rigorous vendor risk management process of validating their security activities and protocol. The integration with Dell increased that work with customer requests growing steadily. As I started realizing the impact of this work and explained it to my leadership, they suggested I focus on it exclusively and Security & Customer Trust team was created. 

We represent all of Security & Resiliency (cyber, physical, supply chain, product & application security, and governance, risk & compliance), some of IT and Privacy. We build and maintain the trust of potential and existing customers – assisting with the sales motion and contributing to revenue. It is my most interesting and fulfilling job to date. It is a pleasure to verify we have good policies, standards, procedures and controls to increase revenue. I love what I am doing! 

What would you say to the upcoming generation of cyber workers? 

Don't limit yourself and what you think you could do in cybersecurity. When most people hear STEM, they think of science, technology, engineering and math – kids who love all of those areas. We see them as future coders, innovators and technical engineers. But that is not all cybersecurity roles. The technical workers are surrounded by workers like me that like creating processes, developing metrics, marketing security, program management, security awareness, strategy, and analyzing data. When I say that I work in cybersecurity, people often say, "Oh, you must be geeky." That is not exactly true.  

Cybersecurity is an orchestra of roles, and we all have different instruments. We play them and it is a perfect melody. So don't limit yourself. Recognize that it takes a lot of different people doing a lot of different things – some technical, some non-technical, some innovative – and all are important. But if you're curious and you just allow yourself to get into it and roll with it, like I did – from one project to another – you can really enjoy your career.  

Also, avoid saying ‘No’ to a challenge. The future generation of cyber workers are a diverse group of skillsets that love challenges! They work together to do amazing things that protect innovators and technology. 

Thank you so much for sharing your wisdom with us today!