Dave Bittner (14:49)

Girl Security is working to advance girls and young women in the national security sector through skills based learning, mentorship and professional advancement. Central to our mission is an emphasis on educating girls about how technology is applied within the national security context. And in addition to that work, we also create outcomes and products for the entire security sector that can uplift the entire community as well.

Lauren Buetta (15:18)

Well, can you give us some examples here?

Dave Bittner (15:21)

So, for example, through an initiative that we launched about two years ago called the All Secure alliance, which is a group of industry leaders, we've honed in on a number of gaps within the security sector, specifically around building an intergenerational workforce where we see an opportunity for action. So for example, we created the first reverse mentorship toolkit that can be used within the security sector, but really by any industry. And the idea is to sort of flip the traditional mentorship model where you have junior people sort of mentoring up senior people. And we do that as a way to capture the sort of informal knowledge transfer that occurs between, among professionals in an intergenerational workforce. It's a really popular toolkit that we've had a lot of really positive feedback on. And then we're working on a second tool which is designed to capture knowledge primarily from senior security leaders that can help shape new decision making models for early entry career people.

Lauren Buetta (16:21)

Well, help me understand the intergenerational thing where you have, you know, mid level folks informing folks who may be higher up, what, what are the sorts of knowledge that they're looking to transfer there?

Dave Bittner (16:34)

Yeah, it's a great question. I mean, some of it, honestly, Dave, is just the technical knowledge that digital native generations bring into the workforce. You know, obviously using AI within the workplace is becoming increasingly popular. So there is that technical exchange of having younger people mentor up senior people on how to use those technologies. Also, younger people's educational experiences are different, perhaps more robust in certain sectors, certainly within cybersecurity, where they have a lot more training available, a lot more sort of formalized training, personalized training than other generations have had. So there's that sort of knowledge transfer that can occur as well between younger people in the workplace mentoring up, where they're actively sharing lessons around leadership, project management, communications that senior leaders just didn't have access to or don't have the bandwidth to continuously sort of upscale themselves in. And it's a efficient way of sort of building an ecosystem of mentorship and learning.

Lauren Buetta (17:33)

Well, give us a little status report here. I mean, These are challenging times for an organization such as yours, I would imagine. How's it going?

Dave Bittner (17:43)

I would say one of the benefits that we've really never taken for granted at Girl Security is that the demands for our programming have always been high. We have consistently held a wait list over the last six years. In theory, we would love to be an organization that says we're going to reach X number of girls by X year, but that's just not our model. We're really focused on supporting targeted communities of girls and young women and gender minority youth and showing through impact that securing pathways opportunities for them. And so the demand has always been high. The capacity is, you know, we always want to be bigger, we always want to be able to do more. And I think given the current moment, we're just seeing a further influx in interest and demand for the programs. So I think from a nonprofit perspective, our challenge, which is not necessarily new, is how do we leverage systems and the communities of people we serve to design for certain efficiencies? We may need to support as many people as we can.

Lauren Buetta (18:45)

And what is the on ramp like for the young women who are looking to take advantage of the program? First of all, what age do are you looking for?

Dave Bittner (18:55)

Yeah, absolutely. So our workforce training program starts as early as 16, 17 years old. We have two tracks. We have high school based after school national security clinics and we have a virtual access option. And that is a very robust 15 week workforce training program led by a diverse cohort of women and men and national security that touches on things like structured analytics, you know, economics and budgeting and finance with a balance of professional development skills around communications, networking, you know, job security, you know, job searching as well as, you know, basic things like building a LinkedIn profile and resume. So that program supports about 300 fellows every year. And that's primarily targeted with high school. We do have a small percentage of college students as well. And then our mentoring program is sort of what I describe as an overlay. It should catch as many people as we can because it's our flagship program and it's a low, like low operational output, high impact. And we're supporting about a thousand mentoring relationships every year, and that's ages 14 through 26. And those programs sort of work in concert with each other because we want to see participants come into the workforce training program and complete it. And then they can stay in the mentoring program until they're well into their career. And then if the model works as it has, they then pay back to the organization so it becomes this really dynamic, diffusive network of girls and women in security.

Lauren Buetta (20:28)

And how do you measure success?

Dave Bittner (20:30)

Oh, through all sorts of different tools and tricks that we've created. We do a lot of surveying and analysis through all across all of our programs, we're surveying people constantly. We're always evaluating just the programs themselves through for the workforce, program skills and core competencies, measuring levels of proficiency before and after, getting dynamic feedback from employers and other partners who end up supporting participants in our program retention and RE engagement rates, which are very high. We just had our annual survey, and both our satisfaction, referral, retention, re engagement is all above 90%. Actually, probably closer to 97%. And then in terms of placement into pathways for both programs, we're at about 87%. So that means that someone who's gone through our program has secured an opportunity in the security space. I mean, we'd always love to get that up into the 90s as well, but, you know, we're happy with those numbers.

Lauren Buetta (21:30)

Yeah. So it's a passing grade, right?

Dave Bittner (21:33)

Yes, I guess so. I don't know. My son tells me all kinds of things about grades, score, you know, scoring now, and I'm. I feel like I'm in the dark on purpose.

Lauren Buetta (21:40)

No, I'm with you.

Dave Bittner (21:41)

I'm with you.

Lauren Buetta (21:42)

In terms of the mentors themselves, I mean, what's an ideal candidate for someone who wants to give back here?

Dave Bittner (21:49)

Oh, I love that question. Because our mentors represent all ages, and in fact, we usually try to pair the youngest mentees with a younger mentor just because their experiences and education and culture will just be closer. You know, they'll. They'll. They'll identify more closely together. But our mentors are across the public and private sectors. Academia, national labs, stem, civil society. We're really just looking for people who have an understanding of what the security sector looks like, believes in the power of engaging young people in the sector and the promise of their contributions, and really someone who's a great listener, because I feel like mentorship is oftentimes less about talking and more about listening and trying to give really targeted responses to questions that young people encounter on a regular basis. So we just have such a fantastic mentoring community, and we're very fortunate.

Lauren Buetta (22:46)

Well, before I let you go, forgive me for perhaps putting you on the spot here, but is there a particular story that you'd like to share, a success story about a young woman who came through the program and has seen some success?

Dave Bittner (22:59)

Yeah, I'd love to. There's one young woman from one of our Chicago clinics a young woman by the name of Araya who overcame a lot of obstacles and showed up at one of our summer fellowships. So our summer fellowships are sort of a multi day sort of awareness raising before the full on intensive workforce Fellowship program. And Araya came one summer and then she came the next summer and then she ended up enrolling in our workforce training program and completed that 15 week program. And then she decided to specialize in cybersecurity and received a scholarship to the University of Chicago where she is currently studying cybersecurity and is engaged in the program. Still, she helped us design and implement the first White House global convening of girls and women in cyber. She stays involved in the mentoring program as an alumni and is just off doing remarkable things. So she's a more recent but really powerful success story.

Lauren Buetta (24:00)

Well Lauren, best wishes for all of your efforts here. My personal take is that the things that you're doing here are needed more than ever and I really appreciate you taking the time for us here today.

Dave Bittner (24:12)

Thank you for having me and creating the space for this. I appreciate it.

Lauren Buetta (24:16)

That's Lauren Buetta, founder and CEO at Girl Security. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,8000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for a thousand dollars off. And finally, imagine if the key to your front door was published in the installation manual and no one bothered to change it. That's basically what's happening with Hirsch's enterphone mesh door access system. A security researcher, Eric Daigle, discovered that dozens of buildings across the US and Canada are still using the default unchangeable by design password. And yes, it's right there in the manual for anyone to find. Hersh's response. That's not a bug, it's a feature. The company insists that customers should have read the instructions and changed the password themselves. Many didn't. As a result, elevators office doors and even entire residential buildings are just a login away from unauthorized access. The flaw now officially has a CVE number, and It's a perfect 10 on the oh no scale. But Hirsch says they're not going to fix it. Instead, they emailed customers a polite reminder to read the manual. Rtfm, my friends. Rtfm. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carouse. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with BlackCloak. Learn more at BlackCloak IO.