Foster relationships and the human connection. The first one may seem obvious, but I find that it’s easy for those of us with an “engineering brain” to let it slide and just focus on the work at hand. At the end of the day, no matter how technical our job is, we still work with people and that means working as a team. It’s so important to take the time to foster the professional relationships that emerge throughout your technical career and to keep them up! For example, after you’re done with a project, shoot your old colleague a LinkedIn “congratulations” or a quick text. Say “thank you” to colleagues if they’ve made an impact on you. It doesn’t have to be much, but it lets them know you’re still around. Cybersecurity is a small industry, after all, and you’d be surprised how old connections can circle back when you least expect it.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading Cybersecurity Industry,” we had the pleasure of interviewing Paris Stringfellow.
Paris Stringfellow is the Deputy Director for the Clemson University Center for Advanced Manufacturing and the VP TrustWorks-aaS for CyManII (a public-private partnership to drive cybersecurity in manufacturing). Stringfellow’s research focuses on investigating human error within socio-technical complex systems and cyber-physical-social systems with applications in cybersecurity, decision making under risk and advanced manufacturing. Her work with CyManII utilizes her knowledge base while addressing the cybersecurity needs of manufacturers, so workers and manufacturers alike have the skills and tools necessary to adopt secure, energy-efficient approaches to their business operations and supply chains.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
I grew up the oldest of four kids. And we were homeschooled before it was cool… or at least before it was prescribed as a national response to a global pandemic. My parents were very flexible and open to our learning experiences. They encouraged us to explore our interests and let us do what we wanted, as long as we got our core curriculum done. I took full advantage of this and worked hard to get my schoolwork done by 11 a.m. each day. This left the rest of the day for me to explore my interests. When I was around 14, I got really interested in aviation and aeronautics, so I joined the Civil Air Patrol. I got to fly small airplanes before I could drive a car, and it was where I first learned about the awesomeness of fluid dynamics, mechanics and the importance of serving your community. Now, I’m not going to lie, it was a bit of a boy’s club, but not exclusively. The community there actually became an amazing support system and really gave me the self-confidence to start thinking about a future in tech.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
I love to read! I enjoy authors that touch on issues around human psychology, applied sciences and technology in societies. So I spend a lot of my free time listening to folks like Adam Grant, who wrote the Originals and who now runs a fantastic podcast called WorkLife, Brian Green, who wrote the Fabric of the Cosmos, and reading the works of the great behaviorist Danial Kahneman who most people know for his book Thinking Fast and Slow.
But if there is a single piece of literature that really impacted me, it’s got to be the classic Laura Ingles Wilder series, Little House on the Prairie. As a child, I devoured those books again and again. I was always fascinated by her “low tech” life (ironically), her ingenuity, independence, and creativity. I loved the detailed explanations of how old systems worked. As a young kid, I saw myself in her. I saw all that she could do — a girl ahead of her time struggling with the expectations of a pioneer society. Silly as it may sound, I always felt that she was a modern spirit and could do whatever she put her mind to. I really believe that her life first planted the seed of what could be possible for me. If nothing else, this just reinforces how critical it is today to give our young girls a vision of what they can be. If you can imagine it, you can achieve it.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
So now you know I like to read… A while back, I stumbled upon a book written by former FBI technology leader Mark Goodman. His background sounded something like a real-life high-tech James Bond, so I was immediately interested. In his book, he started to outline a picture of where technology might be taking us in the next couple of decades. And his stories focused on uncovering devious ways that these technologies could be used for malicious purposes. For the first time, I really started to understand what was at risk as we moved toward our future as a connected society, highly dependent on increasingly sentient systems. The stories were terrifying.
Around that time, I was also highly involved in nuclear engineering and modernizing nuclear main control rooms. That is, we were moving away from the 1940s, Homer Simpson style analog control room to something more in line with what you might see in the Star Trek bridge. Super fun work, but that’s when it all started to come together for me — digitizing the systems not only meant increased efficiency and reduced opportunities for human error, but it also meant that we were creating an entirely new attack surface and a potential pathway straight to some of the most dangerous materials on planet earth.
The U.S. nuclear regulatory commission was all over it, though. They had already started to outline specific requirements and guidelines for utilities around the cybersecurity of their nuclear energy systems. As our company stayed abreast of these emerging regulations and guidelines, I realized that there is still a long way to go. We can’t just manage cybersecurity with operational processes and cyber hygiene. We have got to bake security in from the beginning. That means our sensors, networks and even our processes for equipment design and system architectures all need to be developed in ways that are inherently safe and resilient.
Fast forward to 2018. The U.S. Department of Energy released a new funding opportunity to create a national institute to address this issue on behalf of the country’s manufacturers. Manufacturers are the economic backbone of America and by not giving them the tools they need to embed safety from the beginning, we’re putting the entire country at risk. Think about it, this backbone is connected via a neural network we call the supply chain. If the wrong node becomes compromised, the entire manufacturing infrastructure of our country could be put at risk. The recent SolarWinds attack is a good example of this. Just think of how embedded that technology was across industry. Just think of the damage that could’ve been done.
I was incredibly fortunate to have participated in the team that was selected to develop this Institute, the Cybersecurity Manufacturing Innovation Institute (CyManII). And now, I’m working with CyManII to help create a national solution for embedded cybersecurity in the nation’s intelligent manufacturing sector.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
I don’t have a traditional cybersecurity or computing background, so getting up to speed has required a bit of a learning curve. Since moving into cyber, the lingo has been something I’ve had to get used to. Last year, when I was first working with some of the industry’s leaders during the pandemic, we quickly moved to online collaboration tools like Slack for regular communication. Colleagues would be chatting with me and then I’d read something like, “for the sim environment we could cb and plant some easter eggs… afk.” I came to learn that many cyber-folks hail from a common background in gaming and the vernacular can be hard to break. It’s not something I’ve had much experience with, so it’s taken some getting used to. The previous statement is essentially translated to something like “for our simulation training environment we could test closed beta and embed some incentives for learners. I will be away from the keyboard.” So, while I’m definitely still learning, I have to admit that it’s fun to work in an industry where play is in the DNA of the job.
Are you working on any exciting new projects now? How do you think that will help people?
As I mentioned, I am working on a very exciting project as part of a new Department of Energy Initiative to help American manufacturers incorporate cybersecurity into their operations. Risk to our manufacturers is growing at a tremendous rate as they move toward intelligent technologies like smart sensors, cloud computing and artificial intelligence (AI). While these technologies certainly help them run cheaper, cleaner and more efficiently, they can also open companies up to vulnerabilities. Our institute, CyManII, is preparing new solutions that will help protect manufacturers and their supply chains. I am fortunate to be a part of the team by helping to build the education and workforce development programs around this initiative. Tomorrow’s manufacturing workforce will require a whole new set of skills and a keen awareness of cyber-related issues on the plant floor. It’s not your grandmother’s manufacturing job. To make a difference and ensure a resilient workforce economy, we will have to target and reach previously untapped markets, including women!
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
Cybersecurity has got to be one of the most exciting industries to be in right now. For one, it’s incredibly fast-paced and dynamic. If you’re responding to a known cyber threat today, you can bet that there’s already another one right around the corner. There is never a shortage of things to learn or projects to work on in this space.
Also, I have come to appreciate the diversity and ubiquity that this discipline brings. Cybersecurity is one of this century’s grand challenges as it touches everyone and everything. This means that there are thousands of opportunities to engage. If you’re interested in network architecture, there’s a space for you. If you’re interested in sensor design, there’s a space for you. If you’re interested in governance and policy, there’s a space for you. If you’re interested in psychology and human behavior, there’s a space for you. The list goes on. Like health care and safety, cybersecurity is everyone’s problem. It’s a social issue, which means to solve this problem we’re going to need all kinds of perspectives.
Which brings me to my third area — this industry requires incredible creativity! The diversity of this problem entails deep technical understanding, but it’s also a very human issue. It really exists at the intersection of so many sectors and disciplines. Unfortunately, cyber attackers are inherently crafty people, so we need defenders with creativity to stay ahead.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
This is what keeps me up at night — one of the most troubling issues I’ve noticed is the overall lack of urgency when talking to manufacturers. It turns out that people are generally not so good when it comes to assessing risk, and manufacturers are no exception. They seem to have an “out of sight, out of mind” mentality. In psychology, we call this the ostrich effect, which is our tendency to ignore dangerous or negative information by burying our head in the sand. So, it’s not exactly unique to cyber or manufacturing, but the effects can mean that we’re not adequately preparing for a cyber event.
This idea is also related to another concerning issue that we’re seeing in the industry, which is the lack of ROI that is typically associated with cybersecurity prevention efforts. After all, it can be hard to place a cost on events that didn’t actually happen. For most small manufacturers and business owners, cyber preparedness takes effort and resources — especially if you want to go beyond cursory cyber-hygiene mitigation strategies. It can mean investing in security monitoring systems, reconfiguring existing or IT/OT networks, upgrading legacy software and operating systems and additional workforce training. These types of investments can be a heavy financial lift and seem overwhelming, especially for smaller companies who’ve sometimes operated for generations without advanced technology on their lines.
A third concern is more around the future of the industry itself and our ability to recruit the necessary workforce talent. Certainly, cyber is full of amazingly gifted and creative people right now, but the threat landscape is changing and we are going to need a lot more people in cybersecurity to defend our assets. Talking to younger folks, I feel like there is a bit of a “tech stigma” associated with cybersecurity. This connotation may be preventing some demographics from exploring the field as a career choice. But as I mentioned earlier, this is a wholly creative discipline that requires diversity of thought and perspectives from a variety of backgrounds and experiences.
This is a societal challenge. As a country, we’re going to have to address these issues. CyManII is working to tackle some of these in the manufacturing domain. Still, we will have to join forces with other professional organizations to move the needle. This is a case where all ships rise with the tide; everyone in the cybersecurity industry must do their part to address these concerns.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
I can speak a bit to the manufacturing industry in the United States. For a while, we’ve known that ransomware is the number one cybersecurity concern for most companies, and this is especially true for manufacturers. As these producers continue to digitize their production processes to keep up with global demand, their machines and systems become part of connected networks and open to vulnerabilities. Hackers specifically target industrial control systems that handle manufacturing operations. By arresting or modifying these control systems, hackers can hold up production or threaten to release intellectual property until payment is made.
Earlier this year, it was reported that Kia Motors America was attacked by hackers demanding 20 million dollars in Bitcoin. In 2019, an aluminum manufacturer, Norsk Hydro, was attacked with a particularly nasty ransomware virus. Here, the operational equipment on the plant floor was disrupted through an unsecured vulnerability in the company’s IT network. The network architecture allowed for a direct path between the IT and OT (operational technology) systems. Plant operators in facilities worldwide were forced to take everything offline and run the company in manual mode. It’s a great case study in industrial resiliency but is also a rare insight since most manufacturers keep such instances close to the vest. This single event cost Norsk Hydro around 100 million dollars since production was interrupted across the company for weeks.
The reason ransomware is so prevalent is due to the increasing vulnerability landscape in manufacturing. That is, as more industrial systems become connected through the use of smart sensors, connected devices and artificial intelligence, the more opportunities there are for a hacker to locate a weakness.
Looking ahead, companies and manufacturers will need to pay extra close attention to how they are modernizing their operations. Attackers are becoming wise to the rampant vulnerabilities of most industrial systems, especially in legacy systems that are slow to migrate or cycle out of production. It’s totally common for some production cells to still run old code and outdated operating platforms like Fortran and Windows XP.
What’s disturbing is that the real weaknesses aren’t even located on your own shop floor. Instead, it’s the hundreds of thousands of vulnerability instances that lie latent within your supply chain. From an operational standpoint, the control systems, software, sensors and equipment used in production come from outside vendors. With regard to quality control, the raw materials, components and designs also come from external suppliers. We assume that they all come to us free from defects, but there is certainly the possibility that these resources could have been victim to tampering, contain their own cyber vulnerability or, worse, be infected with latent malware. This unfortunately was the case in the recent SolarWinds attack, where third-party business software was infected with malicious code. The intended targets were, in fact, the federal government and the private organizations using the software, making this one of the largest supply chain attacks in U.S. history.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
I’ve not been directly involved in a breach, as my work these days focuses on preparing companies to mitigate vulnerabilities and respond to breaches. That means that we’re focused on providing information, training and skills to people in the workforce who find themselves on the frontlines of cybersecurity.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Many manufacturers, especially small- to medium-sized organizations that don’t have a dedicated cybersecurity staff, may feel overwhelmed or unsure about how to keep up with emerging threats to their systems. There’s good information available to help companies stay abreast of these weaknesses as they arise.
Vulnerability advisories are regularly published by leading cybersecurity organizations like the Cybersecurity and Infrastructure Security Agency and software and equipment manufacturers. It’s essential that companies keep current with these advisories as they are published to keep their equipment safe.
Usually, a security advisory will contain a summary of the vulnerability itself. It will highlight the equipment affected, provide a general level of risk or urgency and provide suggested mitigation steps. How each company manages and monitors for these advisories is a little different, but there are some good practices that companies can adopt. Also, some of these mitigations do require a detailed understanding of remediation protocols.
The CyManII institute is working on this issue right now. We want to prepare all manufacturers for addressing these vulnerabilities within, so we’re creating some hands-on virtual training to help IT and OT specialists get the skills they need to keep up with these advisories and cyber vulnerabilities across their equipment.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
In manufacturing, companies talk about this a lot. Many of them don’t know that they’ve been targeted until it’s too late. That’s why it’s important for companies to incorporate automation as part of their cyber-defense strategy. Take SolarWinds, for example. That malware laid dormant for who knows how long before a third-party security application, FireEye, detected it. Manufacturers can implement targeted defense systems like advanced endpoint detection and response products, and they can adopt solutions that increase their ICS network visibility and monitoring capabilities.
But, in the case of operational technologies found in industrial settings, people are often the last line of defense. I’ve heard of operators noticing irregular behavior in the process variables themselves, like temperature readings that steadily increase across shifts or vibration readings that appear just above normal but not enough to trigger an alarm. In the Oldsmar Water Plant Attack earlier this year, where large quantities of lye were introduced into the public water source, it was a technician who noticed his computer mouse behaving oddly, but it was only after the second occurrence that he realized something was amiss. In industrial settings, using people to monitor and detect hacks relies on technical depth and familiarity with processes and equipment and at the very least, it assumes no room for human error.
At CyManII, we’re interested in baking cybersecurity in from the beginning so that we have to rely less on people to monitor and detect. We’re looking at how companies can use things like energy signatures to monitor their systems for anomalies. We’re also developing tools and techniques that designers and engineers can use to help track cyber footprints of their products. Having new ways to track and measure operational performance and quality across the cyber-physical and energy layers will give people and AI new ways to watch for cyber-attacks.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Every company will handle a security breach a little differently depending on their industry, the type of attack that occurred and what was compromised. In general, companies can defend themselves by adopting good practices like regular cyber risk assessments, risk mitigation policies and having a sound breach response plan in place.
However, when a breach does occur, and for most companies, it’s only a matter of time until that happens, it will have to be evaluated individually to determine the next steps. For manufacturing companies, the most draconian response is to shut down all operations and take them offline, but companies usually want to save that as a last resort because the cost of manual operations is felt in production efficiency and sometimes quality. The balance comes when companies have to mitigate damage and maintain operations and profitability. It’s the classic tug of war between risk and productivity. This tension highlights the importance of having a risk mitigation plan in place early on. An effective plan will force a company to really assess the conditions when manual operations are necessary and when other remediation efforts are acceptable.
That said, if a company does experience a breach, it might first respond to the immediate event itself and implement any urgent mitigation strategies. This is basically to stop the hemorrhaging and prevent additional damage from being done. At this time, it can also be beneficial to look at other areas in your business that might be indirectly affected. Once the threats have been mitigated and the dust is settled, it can be good to reflect on this situation and even conduct a business-wide postmortem of the event. Look at what failed in your technology, people and processes. What worked and what didn’t? A big part of this step is to be sure to document these lessons and share them with stakeholders inside and outside of your company, where appropriate. And now that you’ve had a chance to reflect, take the time to prepare and reinforce your protection. Consider addressing cybersecurity in some of your business processes themselves. Methods like the Secure Development Lifecycle, which are based on evolving industrial cybersecurity standards like IEC-62443, can be very helpful in baking security in from the beginning. This, of course, allows you to move from a reactive defense paradigm to a proactive one.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
In manufacturing, the worst thing we see companies do is simply ignore the problem or operate as if they are immune to cybersecurity issues.
For example, a company may be looking to upfit a boiler with new temperature sensors that connect wirelessly to their local cloud. Maybe they are on a budget, so they find the cheapest sensors on the market to support the upgrade. It’s likely that the manufacturer of these sensors did not implement standardized security protocols, leaving the purchaser open to vulnerabilities upon install. Maybe the purchaser is not even aware of their new exposure, or if they are, they may think, “I’m just a small organization. Who would want to attack me? What could they even get from my company?”
To extend this illustration, there is often dis-communication between departments during these modifications. So maybe the engineering team purchased the sensor and the IT group is expected to integrate it. These two disciplines often approach security very differently, with IT typically focused on things like network architecture and regular updates, while engineering typically focuses on issues like operability and production. The confluence of these two paradigms — even within the same company — can sometimes lead to challenges when it comes to the security of physical equipment and end products.
Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?
I’ve had the opportunity to work in STEM fields my entire career. From traditional roles in engineering and manufacturing to nuclear energy and now cybersecurity. Before I comment on just how far we have to go to reflect a more equitable representation of women in STEM fields (because we do!), I want to acknowledge just how far we’ve come. You know, I’m a product of this changing culture and while all of my experiences have not been perfect, I’ve had a lot of people help me along in my career — both men and women. I’ve also been able to take advantage of many of the good programs that have been set up to address the gender disparity from the Civil Air Patrol to women-centric organizations like Women in Nuclear and even Girl Scouts of America. I have been fortunate to have been surrounded by such great support systems. I think they make a difference in providing not only access but also building confidence and helping women and girls see the art of what is possible.
Of course, we still have work to do. The gender pay gap in America is still significant and we continue to see a disproportionate ratio of males in tech fields like cyber. To address this, I would love to see a world where genders of all types are embraced for their diverse perspectives and abilities and not expected to homogenize or conform to something they’re not. In other words, let’s welcome nontraditional roles into the cybersecurity field and adapt the culture within to capitalize on the diversity of thought and problem-solving creativity that nontraditional roles can bring. This means both fostering potential among underrepresented communities and seeking out talent from nontraditional channels.
What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?
As I mentioned earlier, it’s vital for us to have diversity of thought in this field. The reality is that you don’t have to be a “tech geek“ or a computer scientist to contribute to cybersecurity. Cyber attackers are notoriously cunning individuals and it takes creativity and new perspectives to safeguard against misconduct.
Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)
The tech domain is an interesting industry and one like no other. By nature, change is part of its fabric and it happens at high velocity. To me, this means fantastic opportunities for social maturation like greater gender equality in the workplace. But that said, it doesn’t mean that it’s always easy. Over the past 20 years or so, there are a couple of key takeaways that have helped me succeed, and oddly enough, only a handful of them have much to do with tech itself!
- Foster relationships and the human connection. The first one may seem obvious, but I find that it’s easy for those of us with an “engineering brain” to let it slide and just focus on the work at hand. At the end of the day, no matter how technical our job is, we still work with people and that means working as a team. It’s so important to take the time to foster the professional relationships that emerge throughout your technical career and to keep them up! For example, after you’re done with a project, shoot your old colleague a LinkedIn “congratulations” or a quick text. Say “thank you” to colleagues if they’ve made an impact on you. It doesn’t have to be much, but it lets them know you’re still around. Cybersecurity is a small industry, after all, and you’d be surprised how old connections can circle back when you least expect it.
- Seek a mentor and take on a mentee. This lesson is probably applicable to any profession — in or out of tech. But I find it especially useful in this unique domain of cybersecurity. Now, ideally, a mentor represents a future vision of yourself — someone that can show you the ropes, share the rules that aren’t written down, critique your technical and professional work and generally help you “up your game.” For us females, it’s always a special win when we can find another female who’s done it and with whom we can learn from. But, in cyber, at least, these ladies can be few and far between, so finding a female mentor is not critical. Rather, find someone with whom you can feel comfortable. This will open the pathway for those organic conversations that make the difference.
For me, my career path has taken some jumps and turns and hasn’t been entirely conventional, but I’ve managed to encounter what I consider some amazing mentors over the years. Admittedly, many of them have been men, but I’ve always found them to be exceptionally aware of any potential disparities due to my role as a minority in a technical field. I’ve always felt that they were rooting for me and were keen to take the extra time to address any questions I had. At the end of the day, mentorship comes in many shapes and sizes and it’s important to make the most of these relationships. On the other side, it’s also essential to give back and seek out mentees as you become more established. The reality is, mentorship is a two-way street and working with young ladies new to cyber will likely up your game too!
- Come to every meeting prepared. Know your facts. This is a behavior I pocketed from Justice Ruth Bader Ginsburg, as it was said that she spent copious amounts of time making sure that she understood the facts and background before she entered any meeting. I have found that this applies in tech fields as well. It can be easy to get over-talked, especially if you’re new to the organization or a junior employee. But nothing outshines “noise” like well-thought-out, solid facts and logic. Make sure you understand the technical challenge first and then think about other stakeholders that might be impacted. So, this may take a little extra time, but the reward is confidence in yourself and respect from your colleagues.
- Promote yourself because no one is going to do it for you. This lesson was reminded to me by a senior female professor just the other day. When we talked about the evolving student base and the shift toward familiarity, especially during the age of zoom classrooms when you might be teaching someone in their bedroom, we discussed why some students referred to us as “Doctor” or “Professor” and some didn’t. I commented that I didn’t mind the omission as my focus was on their learning and not the formalization of respect. She reminded me that we’ve worked hard for our titles and protecting this formality is still part of this journey as women in science. She referenced that most of her students, male and female, have no hesitancy with assuming the doctorate title for their male professors, but the tendency is to insert a Mrs. or Ms. prefix to ours. Until this assumption changes, we still have work to do.
Sometimes mentorship comes when you least expect it, and I was thankful for this gentle reframing. It also reminded me that we, as women, need to embrace the personal responsibility that we each have to ourselves. We must promote our self-brand, improve our skills and protect our time. This means asking for training, participating in professional working groups and making sure to ask for raises and promotions when warranted. As women, we sometimes like to focus on finding harmony and just getting the job done. The potential for conflict can be a more significant deterrent than we may like to admit. We don’t want to complain, and we’ll just keep taking on more responsibilities because we don’t want to appear “weak” — especially compared to our male colleagues. Whether this position is externally implied or internally imposed, we’re still subject to it. So, it’s essential to be aware of the fallacy and take intentional steps to mitigate it.
- Ask for help if you need it. This brings me to my last suggestion, which is to be aware of our capacities relative to our demands and to ask for help when we need it. There still seems to be such a formidable connotation associated with asking for help, but this simple acknowledgment of one’s own limitations and the recognition that others may be able to fulfill these disparities is a fundamental sign of true leadership to me. Sometimes, we, as women, can be our own worst enemies. Expecting more of ourselves than we do of others. Not wanting to impose on others. Not wanting to “make a fuss.” But this is the reason we need to surround ourselves with great people and teammates. To do this well, we need to be specific and actionable in our requests for support. Also, hold your leadership accountable and urge them to address your requests. After all, their job is to enable you to succeed.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂
Condoleezza Rice! To me, she’s one of our Country’s great female leaders, so groundbreaking and before her time. She has impressive experience — serving as U.S. National Security Advisor under President George H.W. Bush, Secretary of State and now as a professor at Stanford. I also loved her book, Democracy: Stories from the Long Road to Freedom — I’ve read it twice and plan to read it again. Not to mention her expertise in Russian history and Soviet policy — which is now so important in this field. All of this balanced with her love of the arts and music, I genuinely think she is an extraordinary woman and person. She is one of the most under-celebrated women of our time!
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!