Lauren Zabierek, co-founder of #ShareTheMicInCyber, is the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center. She comes to this role as a 2019 graduate of the Kennedy School’s mid-career MPA program. Zabierek served as an intelligence officer in the United States Air Force at the beginning of her career. Later, as a civilian intelligence analyst with the National Geospatial Intelligence Agency (NGA) assigned to the Office of Counterterrorism, she completed three war zone deployments. Throughout her six years at NGA, she became a subject matter expert on Activity Based Intelligence (ABI) and served as an adjunct professor in ABI at the NGA college.
In the second part of our “Sharing the Mic” series, we spoke with Zabierek about how she came to pursue a career in cyber, what stands out about the field, and challenges that need to be addressed.
Getting the Education and Landing that First Job in Cyber
Despite her role at Harvard Kennedy School’s Belfer Center, Lauren Zabierek jokingly admits that her path towards her career in cyber was anything but the ordinary, linear route.
“It’s not just that I studied economics and international relations and ended up in cyber, but that I struggled in my computer science class in college–keep in mind this was in 2001. So it’s pretty ironic that fast forward, here I am. That said, I knew that I wanted to serve our country and protect people, and 9/11 had just happened, so when I commissioned into the Air Force in 2003, it was in that landscape that I started my career.”
In the Air Force, Zabierek started to learn about cyber-enabled intellectual property theft, while pursuing her Masters degree in International Relations. The idea that this was becoming a major economic and security issue began to form in the back of her mind–but she still had little concept of cybersecurity. After leaving the Air Force Zabierek did a short stint in federal consulting, then transitioned into a career as an intelligence analyst in the government. She began pursuing a second Masters degree in security studies at Georgetown University. However, after pursuing this degree for over three years – and doing so around her night shift work and deployments with NGA – a move to Boston with her family made her change course yet again.
“I was so close, but because of our move to Boston, I had to rethink my degree options. And so, I began looking for shorter programs and found this really interesting one-year program at the Harvard Kennedy School: the Mid-Career Masters of Public Administration. And I said, alright, I’m going to apply for this, never thinking I’d get in, as I don’t hail from an Ivy League background”
At the same time she applied to Harvard, she had to leave the government to move to Boston (that’s a whole other story, she says) – and she applied to a cybersecurity startup called Recorded Future, when the company was less than 60 people. She started as a Solutions Architect, working with salespeople to demo the software and teach prospective customers. She then transitioned to the Customer Success side of the house, and built and managed the Public Sector team, wearing Product Management, Training, and even Marketing hats. It was a challenge, but one that she loved. At the advice of her CEO, she deferred her acceptance to HKS to help build the business. When she went to school and later stepped into her current role, Christopher gave her his blessing and she is incredibly grateful to him for giving her that opportunity. “Recently I was thinking about my transition from government to a cyber startup and I think it just kind of underscores how you don’t need to fit into a traditional box to be a great fit for the cyber industry. When I joined Recorded Future I had zero cyber experience. The person who hired me knew that, but he recognized that as an analyst I would be able to learn, but more than that, he recognized the core traits that I have, such as curiosity, drive, and the ability to work with people that are important for working on hard problems. That story should be more common in cybersecurity.”
Dealing with Misperceptions and Finding Success
Zabierek noted that debunking the misperceptions around who is, or isn’t, a fit for the cybersecurity industry is a must to attract diverse talent.
“I do think there are misperceptions and challenges when it comes to seeking a cybersecurity career, but that shouldn’t stop people from pursuing a job they are interested in. From my experience in the military and in the intelligence community and growing up in those environments that are obviously very male-dominated, there was a time in my life where I thought I had to be a certain way – really hard and alpha-type. But there was a moment where I started to realize that no, I can actually just be myself – and that’s even better. And the same thing is true in cybersecurity–but that truth and the reality of the industry can sometimes be at odds with each other, so we have a lot of work to do in changing those perceptions. Cybersecurity is a multidisciplinary field, not just a one-size-fits-all industry. It’s so important to have diverse opinions and perspectives and there is a place for people from all backgrounds, ages, skills, abilities,, ethnicities, demographics, genders, etc – in fact it’s vital to security and resilience.”
The initial challenges and barriers to entry into a cyber career can be intimidating and even limiting, but Zabierek hopes that new entrants in the space won’t be deterred . There are free or low-cost resources to help people get started (Coursera, LinkedIn Learning, Cybrary.it, local cyber meetups, community college courses) and organizations that exist to help–Girl Security, Girls Who Code, Raices Cyber, Black Girls Hack, to name just a few–and there is so much need for security personnel, so many open roles. From her experience, being willing to dive in and immerse yourself can pay huge dividends in overcoming these fears and uncertainty.
“The first year I spent in cyber was really hard. I had come from being an analyst in the government, and suddenly, there I was, at a startup in Boston, in the dead of winter,, after having left all my friends–the people I went to war with– back in D.C. I was demonstrating software and talking about things I had never really talked about before. But I didn’t want to be the person in the meeting who didn’t know what they were talking about. So I forced myself to get very serious, and learn everything I could about the landscape. It was a huge growth moment for me. I remember thinking, I don’t know if this is right for me, that this is so different from what I had been doing. I felt like a complete fish out of water…But now that I look back on it, I think, thank goodness that happened to me, because it forced me to learn about cybersecurity. Looking back on that experience, it was so transformational, I’m incredibly grateful.”
Starting out as a solutions engineer and then later transitioning to Customer Success gave her the opportunity to understand the private sector cybersecurity landscape–to understand the challenges that small, medium, and large businesses were dealing with. And that got her to thinking “I feel like we (as a country) can do this better” …which led her to the realization that she wanted to someday work in cyber policy. And so when she finally made it to the Kennedy School (with a three-month-old baby no less), she was very excited to take (former Pentagon Chief of Staff) Eric Rosenbach’s Cyber Policy class. She called herself “that nerd in the front row always raising her hand to answer his questions” but noted that he must have seen something in her that she didn’t, because he asked her to apply for the role she’s in now–and she knew that it would be life-changing.
“With cybersecurity, there’s a whole spectrum of things that you could get into, whether it’s on the more technical side, policy, consulting, sales or customer success, or threat intelligence. For those trying to figure it out, I would say, whatever piques your interest, I would try to go down that rabbit hole and learn what you can. Leverage free and low-cost resources. Then you can try reaching out to people, doing an internship, or job shadow. Also, when you’re looking for a cybersecurity firm to work at, people automatically just think of these big threat intelligence companies, but it’s important not to forget your state and local governments as well. Those organizations need help too, and they may be a good place to get your foot in the door.”
You Belong in Cybersecurity
On her first day at Harvard, exhausted from being up with the baby and flustered at being late to the first class forum, she remembers looking up in the auditorium and seeing all the flags from all over the world–among those flags was a sign: “You Belong.” Those words gave her comfort and strength at a time when she doubted herself. And she hopes that those words offer comfort to others thinking about making a transition. Ultimately, if you want to be in this industry in some way, you belong here.
“The cybersecurity space is so diverse that anyone should be able to find success in it. Certainly the industry has a lot of work to ensure that it is welcoming and inclusive to all. But know that even if you don’t have a technical background or can’t code to save your life, there is still a place for you. We have to recognize that fundamental traits like curiosity, grit, an interest in research, and people skills are just as important as the ability to reverse engineer malware samples. Oh, and don’t forget creativity. That’s a big one. For example, I love music. I think it is always so transcendent. One thing that has always stayed with me since high school was this desire to be a drummer in a rock band. Now, I never achieved that – even though I did get a drum kit a couple years ago that I play in my basement – but having creative passions and bringing them into your life can be really important to your professional growth. And that is certainly true in cybersecurity.”
In the next chapter of our Sharing the Mic series, we explore diversity, equality and inclusion in cyber, and further delve into why initiatives like #ShareTheMicInCyber shine a much needed light on some of the biggest challenges in the cybersecurity industry today.