From a background in cybersecurity to engineering to co-founding multiple startups, PacketFabric's Anna Claiborne has had a multi-faceted career in the telecommunications space.
As SVP of engineering and product, and co-founder of PacketFabric, Claiborne leads the product and engineering teams on the road from product development to deployment.
In part I of this series, Light Reading's Women in Comms spoke with Claiborne about the launch of PacketFabric, the importance of network automation and how to take calculated career risks. In part II, Claiborne explains the formula for successfully leading a diverse team, the top cybersecurity concerns facing the telecom industry, and her professional advice for other women in comms. Read on for more.
Women in Comms: What are some tools for successfully leading a diverse team?
Anna Claiborne: There's obviously a huge component of having diversity in leadership. It's really hard for women to imagine themselves in a leadership position without seeing that. It's hard to imagine yourself as anything that you don't see an example of. So having women in leadership roles is a really important component for that.
Also, there's this really great project that Google did called Project Aristotle about how to create the most effective working teams in an environment. A ton of information came out of it. One of the highest level key takeaways is that the teams that are most successful are the teams where everybody spends an equal amount of time talking, right? Doesn't necessarily even matter that what those people are saying is equal in contribution, just that everybody has equal input. Making sure that everyone at PacketFabric understands that as a core value and concept has definitely helped us in diversity – making sure that each and every person is heard and it's inclusive.
There are other little things that you can do – we run all of our job descriptions through a language filter to make sure that the language is neutral and not necessarily leaning more toward masculine so that the job descriptions read in a way that is attractive to both men and women, instead of just selecting for one or the other.
WiC: I've heard about approaches such as meeting quotas or removing people's names so that there's less of a bias when reviewing a résumé, for example. I didn't realize they were tools you could use to do a language filter.
AC: It's a free tool that will do this. The challenge has been getting enough women candidates in the door. Maybe for larger companies, it's less of an issue because they have their jobs advertised on every single possible job board. We obviously have real world constraints of budget and things like that. So, our biggest challenge has always been just getting women to apply and whatever we can do to lower the barrier of entry for that is good.
WiC: You also have an extensive cybersecurity background. Are there some big security challenges that service providers are facing right now? You were discussing the challenge in getting enough candidates in the door; is there a lack of security professionals in the hiring pool?
AC: The biggest security challenges facing the telecom industry are probably DDoS attacks, which I worked with extensively in the past. Those are threats in terms of possibly customer information being exploited.
Then probably the next biggest challenge, which has been a chronic concern for everyone is access and social engineering. Because much of telecommunications is a highly manual process world, social engineering is a real problem. Anyone can impersonate an employee of a company. That's one of the great things about automation, having a portal and having logins is that you're removing that social engineering aspect vector of attack.
As far as DDoS attacks, one of the great things about being a private network is that it is in fact a private network – it's not public. It's not susceptible to DDoS attacks like public infrastructure is because a private network knows exactly who is on it. If somebody were to misbehave, that person can easily be isolated and stopped. Whereas on a public infrastructure, it's much more difficult to do that and there are many layers of anonymization. So, the nice thing about private network infrastructure is it just takes DDoS attacks off the table.
WiC: Is it also easier to manage Shadow IT, for example, where employees might install unapproved applications? Is that easier on the private network as well?
AC: For the context that I'm talking about, it can definitely have an impact, but that's more of an upper layer type monitoring than necessarily just dependent on the network. That's really dependent on what sort of monitoring you have on the network or on people's laptops.
WiC: Are there any new security concerns with everyone working from home now due to the COVID-19 pandemic?
AC: For us? No, because we have been a globally distributed, remote-first, diverse group of people who have always lived and worked remotely around the globe. That being said, for other people and for the vast majority of companies out there I don't think that the transition to home necessarily changes the security. All the security problems are the same, but they're probably just amplified.
For example, what information are people storing on their laptop? Not being in a secured office environment it's important to know what people are taking outside of the company in terms of what information they have stored locally versus what's in the cloud. Is their remote access into company systems secured, and are all logins secured by multi-factor authentication?
That's one of the reasons why VPN has always been so popular ... everything wasn't necessarily multi-factor or encrypted. So if you have those two things, VPN sort of becomes this tertiary thing. If you are protecting information in the first place, you're protecting passwords, and if data going to and from applications is encrypted – while you don't really need a VPN layer on top of that to keep it encrypted as well, it doesn't hurt. It's just not as necessary.
Then probably the third security challenge would be physical access. For employees who are used to coming into an office and only having a desktop located at that location, do they know how to physically secure a laptop? Do they know that they should always log out when they walk away or put it on screensaver? Do they know that they should not leave it in their car in case their laptop is stolen?
If you use your phone for multi-factor authentication, you have to make sure that your phone is password protected, that it's always in your possession and that you're not leaving that in your car to get stolen. Or, leaving it on a table at the coffee shop – physical access has and will always be a huge vector of attack.
WiC: That's probably something we don't think about enough – the physical aspect of security where you leave your laptop in your car while you're at the gym or something like that, which I guess can't happen right now since gyms are closed...
AC: Thankfully, nobody can go to a coffee shop or gym.
It is one of those funny things because we tend to not think about physical access compromising something, but I've seen people who it would be shocking if you knew who it was to see them walk away from laptops without passwords securing it. Even if you're around a trusted group of people, how do you know that someone untrusted won't enter that scene?
WiC: I always love when someone at the airport asks me to watch their stuff for them. You don't know me from Adam.
AC: Unrelated, where's the closest pawn shop?
WiC: Ha! That's great. Also, in the vein of security, do you have any advice for the types of technical skills or soft skills that women should develop to be successful in this part of the industry?
AC: Security at any service provider, including a network-as-a-service provider is a jack-of-all-trades sort of position. The people who I've met that are good at security tend to know a little bit about a lot. They have skills in networking, they understand how networks function, how network protocols work, how the Internet functions, and have programming experience – they usually know a couple languages. They can alter and play around with open source programs as well as completely create their own scripts from scratch, if needed.
Third is actually knowing something about security. What's the philosophy behind security, and do you understand social engineering? Do you understand how poor programming can be exploited to give you access to things? It's not just security in isolation, all these skills are additive for security.
WiC: Any other professional advice for women in the industry?
AC: Never be afraid to take on new challenges. If you really want to step into a leadership role, the best way to step in there is to demonstrate it right. So take responsibility for things, delegate and really make sure that you know that your promises are fulfilled. Basically, deliver when you say you're going to deliver and showing those things is a lot more effective than talking about them or saying that you can do them. If you take the initiative and do it, chances are people will notice.
— Kelsey Kusterer Ziser, Senior Editor, Light Reading