Experts Panels On Security And Privacy At ISSA-LA Summit #9

SANS Connect: A Women In Security and Technology Panel

L-R:  Shea McHugh, Diane Delaney,   Max Shuftan, Andrea Hoy, My-Ngoc Nguyen

L-R: Shea McHugh, Diane Delaney, Max Shuftan, Andrea Hoy, My-Ngoc Nguyen


  • Max Shuftan


  • My-Ngoc Nguyen (CEO/Principal Consultant for Secured IT Solutions)
  • Diane Delaney (Worldwide Talent Manager for IBM Security)
  • Shea McHugh (Information Technology Professional for Intermax Networks)
  • Andrea Hoy (CISO of A. Hoy & Associates)

Day one of Summit 9 (“Training Day”) ended with this Women in Security panel, in which these four women discussed their positive and negative experiences working in IT and InfoSec and imparted their insights with personal stories about being female in a male-dominated industry.

With Max Shuftan’s succinct questions, the panel touched upon information security, IT, privacy and other technology-oriented positions as they related to attracting, recruiting, hiring and on-boarding diverse talent in the cybersecurity space. Shea McHugh, an IT professional who specializes in cybersecurity and network administration, shared her unique experience of not facing gender discrimination in her career (hear Shea speak more about this on our DiverseIT podcast).

ISSA doesn’t just talk the talk in presenting diversity-oriented sessions – they walk it, too. Of the 22 breakout sessions, there were seven panels, which included eight male speakers and seven female speakers. And while the word “woman” is baked right into the title of this session, the audience contained quite a few men.

Curious to know what would attract men to a panel by and for women, I spoke with a male attendee at the close of this panel who summed it up perfectly: these panelists may have been speaking from a female point of view, but by explaining the specific steps (not to mention obstacles and insights) needed to get into an InfoSec or IT career, they actually made it universal – for men, women, old, young, neurodivergent, neurotypical.

Such key steps offered were asking the right questions (“How do I get into InfoSec?” will likely get you an exasperated sigh followed by “What exactly are you interested in?”), certification and networking –  which everybody did at the cocktail reception right after this panel.



Women In Security Panel


  • Suedy Renner


  • Chenxi Wang (Board Member at Cyber Diversity Foundation)
  • Debra Farber (Founder and CEO of Orinoco Privacy)
  • Jennifer Granick (Director of Civil Liberties)
  • Erin Richards (Director of Risk Management at Oracle Corporation)


On day two of Summit 9, a second Women In Security panel kicked off the sessions. As I was wondering whether this one would offer different information – panels about women in tech/security tend to draw from the same pool of statistics and experiences – moderator Suedy Renner explained that these women would not, in fact, focus on the female experience, but rather on the security, privacy and legal aspect of this industry.

I was pleased to hear that the topic of diversity within the homogeneous field of IT and security wove through a different kind of inclusion. The panelists included a security technologist, a lawyer, an operations expert and a Chief Privacy Officer, and they discussed the kinds of bias that they’ve seen in their own careers.

For instance, no technologist thinks that backdoor encryption is a good idea. Not only would that be intentionally making technology vulnerable, but lawyers would abuse it (not to mention criminals). When you replace technologist and lawyer with man and woman, it’s not hard to identify unconscious bias.

The panel discussed GDPR (General Data Protection Regulation), which is intended to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” This new regulation is meant to deal with the export of data outside the European Union in order to give people back control of their personal information. The GDPR takes effect on May 25, 2018.

Security and privacy professionals have thus far worked autonomously, and yet they each affect the other, but the experts on this panel believe that security and privacy working together can enable and achieve their goals more efficiently. Between the GDPR and the cloud, compliance is much more complex, and Jennifer Granick, the lawyer, added that getting legal advice in the early stages (rather than after the fact) is immensely helpful.

But Debra Farber, a data privacy and information security expert, believes that within the next five or ten years, privacy, security and compliance will converge (hear Debra speak more about this subject on our DiverseIT podcast).

And finally, on the topic of diversity and inclusion, ISSA-LA was offering free admission to all military veterans who are interested in cybersecurity as a career.