Tatyana Bolton’s passion for national security and defending her country drew her into cybersecurity, and she says the U.S. needs more who follow that path: The industry is facing a critical labor shortage.
“There’s just not enough folks doing cybersecurity work either in policy or in threat analysis, vulnerability disclosure, critical infrastructure protection, all of these different areas,” said Bolton, an alumna of the Department of Defense (DOD) and the Cybersecurity and Infrastructure Security Agency (CISA) who currently works for Google as a security policy manager.
“It’s a fascinating field, and I think of cybersecurity as a part of national security,” Bolton said in a recent interview with The Hill. “I found it very interesting and a new challenge.”
“And just like there’s certain people who focus just on nuclear weapons, I focus on cyber,” she added.
The U.S. has nearly 700,000 job vacancies in cybersecurity, which members of a House Homeland Security Committee subpanel said they find troubling in a hearing last month.
“We need not only enough people, but the right people with the right skills in the right jobs to meet the growing cyber threat,” Rep. Andrew Garbarino (R-N.Y.) said.
“In April, the FBI director testified to Congress that even if all FBI cyber agents and analysts focused on the China threat, Chinese hackers would still outnumber our FBI cyber personnel at least 50 to 1. That is extremely concerning,” Garbarino added.
Former National Cyber Director Chris Inglis, who had been pushing for the government to hire more tech and cyber workers, said last year that the administration had “been successful in filling two-thirds of the jobs that have the word cyber and IT in it, and that’s the good news.”
He added, however, that there is still a long way to go.
Bolton, who previously worked for CISA as a cyber policy lead, said the agency has been struggling to fill its roster but has put a concerted effort into addressing the underlying issues, including expanding its candidate pool and reaching out to diverse communities with different backgrounds, knowledge and expertise.
“I think right now in cyber particularly, we’re not tapping into the communities that have such wealth of knowledge and the diversity of thought and experience that can improve our defenses,” Bolton said.
“During my time at DOD, and honestly, even probably before that, I always spoke up about things that I saw as inequitable, like, for example, under representation of women and people of color on the board of the organization where I worked in the Navy,” she added.
While at CISA, Bolton worked on cyber workforce strategy, including advocating for diversity, an effort she also pursues at her current role with Google.
She began working for the tech giant last year as a security policy manager. She helps lead the company’s cyber policy agenda on a wide range of issues, including artificial intelligence security, connected devices and cyber workforce. And she handles cyber matters tied to the Asia-Pacific region.
Bolton was also involved in Google’s recently announced $20 million investment in cybersecurity clinics with various universities across the country.
“It’s a very exciting program because clinics, kind of like legal or medical clinics, give hands-on training for students that are in school,” she said.
Bolton got her bachelor’s degree in political science and theatre at Ohio State University before earning a master’s in security studies from Georgetown University. A native of Russia, her family moved to the U.S. when she was 7.
Bolton said she will continue to push forward policies that address the labor shortage, which affects the private sector as well as the public one, adding that the industry should work harder at demystifying cybersecurity and defining exactly what the field is about and the different career paths people can take.
“I think it’s not that the field is uninteresting or that people don’t want to go into cybersecurity. I think some of the biggest challenges we face is that people are not quite sure how to get into the field because it’s not as defined a field right now as medicine or law or health care, where you have very defined pathways into those fields,” she said.
“I think people still see it as a very mysterious and technical and confusing field, and that’s certainly one of the reasons that I think we have fewer professionals than we otherwise could have,” she added.
“Demystifying cybersecurity is going to be at the root of encouraging a wide array of Americans to apply, and we want to make it feel like an accessible and possible career path for anyone.”