Inside the High-Stakes World of Cyber Defense with AlixPartners' Beth Musumeci

Samad Masood: Welcome to The Professionals, where we discuss how to survive and thrive as a professional services executive. I'm Samad Masood from the Infosys Knowledge Institute, and today I'm here with Beth Musumeci, Global Cyber Security Practice Lead at AlixPartners, a strategic consulting firm with almost 3,000 professionals around the world. Beth, thanks for joining us.

Beth Musumeci: Thanks for having me, Samad. Great to be here.

Samad Masood: Great. So let's start with what do you do? Explain to our audience what you do now, and I'd also like to hear how you got here.

Beth Musumeci: Sure. So, I lead our cybersecurity practice here at AlixPartners, and bottom line is truly helping clients through traversing cyber crisis, helping them prevent cyber crisis, transforming their environments to help them to be more resilient and improve their cybersecurity posture.

So, in essence, it's truly about helping clients protect their business, empower their business, and have cybersecurity just as a means to help them be more confident in their ability to do their core mission.

Samad Masood: So, tell us, how did you get into this role?

Beth Musumeci: I had a rather unorthodox path in my career journey. It probably all started back at the DuPont company. I was young, I was in an administrative role at DuPont. I was really fortunate to have some incredible leaders in sponsorship and mentorship, and was able to join a program at DuPont that helped me build and train and learn to become part of their professional track and to truly be able to move into more of a career track in IT. So that's where I started.

And quickly, those things that I was performing in one of my first assignments was in support of the internal audit organization at DuPont. So learned quite a bit, that was sort of the birthplace of sorts of cybersecurity back then. So, a lot of my roles even after that in the IT realm really centered around those things that are now traditional cybersecurity functions. So, I was really fortunate to start there. DuPont was very progressive, and I was really fortunate to have some incredible role models.

From there, DuPont outsourced their IT to computer sciences corporations, an incredible career opportunity for me since I was really serving in a lot of capacities that were cybersecurity focus. I moved into the cybersecurity practice at CSC, served both public and private sectors, learning some really incredible techniques and solutions from some of the industry bests and serving public sector clients, and pulled a lot of that capability, service offerings and such, and offered them into the commercial private sector.

So, after a number of years with CSC, I eventually led their global commercial practice as GM of their global cybersecurity services organization. And that was really a fun run, served hundreds of clients and learned so much on that career path.

So left theirs, was a consultant for ICF, moved into GE Healthcare where I led their product security, organization helping, making sure that we were instilling good cybersecurity practices in medical device manufacturing. Moved to IBM where I led healthcare and life sciences for their cybersecurity practice globally, and now here at AlixPartners as the cybersecurity practice lead. So really fortunate to be here and have had an amazing run, just so many people to learn from and helped influence my career.

Samad Masood: It sounds you've really kind of gone between what we'd say professional services from the client side into the over the fence, the consulting side and then back again. So was in DuPont, in CSC, in GE, and in IBM. The span of your career is impressive. What are some of the big moments that you remember that really kind of helped form your approach to how you work and how you thrive and succeed in this industry?

Beth Musumeci: So many honestly, both from having just inspiring leaders, mentorship, sponsorship, learning from some of the best, really fortunate, to just things that happen in the industry.

So, I would probably say when it really sealed for me that I felt like I was where I needed to be when I was an early leader of our security operations center, we had managed security services at CSC, it was one of the early formations of that instance at CSC.

Early 2000s, we had the SQL Slammer event occur and it was a quite pervasive computer worm that created denial service for many of the clients that we served. And just inspiring working with such industry experts on the team, just very mission-driven to solve for, help clients recover, prevent, understand the malicious activity and how to help our clients.

So, we worked tirelessly, I would say for days on end without sleep, and that was because the team was just driven to help clients in the solve for the problem. But when we had a minute to take a breath after the fact and reflect, it was just, it really felt rewarding to be able to have such a positive impact. And it just sort of sealed the deal for me that this was really where I wanted to spend the rest of my career.

Samad Masood: That's really interesting. And at the risk of sounding really nerdy, it does sound, most people when they hear a virus or a worm, they're going to run away from that and be scared, but without sounding too nerdy, it's almost like you're a first responder running into the building to fix it in a cyber sense.

And you mentioned there's very much the drive to help your clients to help fix things. What do you think brings that out or is that something that is shared across your sort of practice with your peers?

Beth Musumeci: Yeah, I think that it's just amazing, and it is, it's a shared trait, and I find it's a shared trait in many cybersecurity professionals. I mean, there's a lot of work that goes into the research and the understanding and the development of technologies, and then there's a lot of discipline and work and planning that goes into the response side.

And I think it's just amazing and it can be really quite magical when those come together and you can really work to make a difference, especially when there's a crisis for clients. And I think you start finding out where you are on that side of the equation when there is real crisis, your desire to just help solve it and to help get the client to a better place.

Samad Masood: You mentioned the shared trait and such. I mean, one thing that we discussed is the fact that there aren't very many women in the cyber area, they're not many in IT, but you've done very well, you've succeeded and leading large global teams. And what could you share with us about that experience, I suppose that we can learn to try and see how we can make this sort of work either more diverse or more inclusive or easier for women to kind of succeed in it?

Beth Musumeci: Well, I think, and I learned this early in my career role, in IT I was really fortunate, at the time I had some role models that I could look up to that were very progressive, some amazing strong women in roles that to me were role models, so I could see myself in them.

And then obviously as I moved more into the domain of cybersecurity, for many years I was almost many times the only woman in the room, and for decades probably in my career. So there just weren't enough.

And I remember being promoted in a leadership capacity and one of the women in the organization, really eye-opening to me, and I didn't really see it this way until she shared, said, "Now you have a responsibility. You're the only woman and we all look up to you and you've got to be that role model and go out there and make change for us." And it really struck me, and it's true.

We need to see more women, and we are now. I think we're still, sadly there's not enough women or diversity in our space in cybersecurity, but it is improving, I think. Where we were near zero for a very long time, we're hedging towards 30%, not enough, but we just need to go out and be that role model, be that voice, and that's as women and men in this community to sponsor.

I wouldn't have been here without the incredible sponsorship and mentorship I had from both women and men in the field. But we need to go out, and I think people need to see themselves in the leadership of these roles. And so just being an advocate and being evangelists really to bring that talent in. And starting early in the supply chain. So we have to get to students that are in middle school, high school, getting ready to make their college major selections, try to influence there and advocate.

Samad Masood: Thinking about the shared traits you mentioned in your field and in cybersecurity, what are the other elements that you think make a good candidate for getting involved in this work? Because it is kind of a very, very important niche, which is very specialist, highly important, a lot of money in the industry spent on it, but you don't come across lots of cybersecurity specialists all the time. It seems to be something that's quite difficult and challenging. Is that true? Is it accessible? Do you need to be a certain type of person or?

Beth Musumeci: It's very accessible. And I think being innovative, being able to adapt and agile is really important in our field. The environment changes real-time, so you may have an idea of what problem you're going to solve today, but it could be very different and there could be a zero-day event, and you have to really study up and understand how to solve for that problem, how to protect clients.

So, I think that if you have a diverse team, diverse backgrounds on your team, you get more innovative solutions and more innovative problem-solving. And so, to me, it's critical to have that diversity in your cybersecurity teams. And I would encourage anyone who has an interest in problem-solving in change, not being afraid of change, to go seize a career in cybersecurity. I think they would find it very rewarding.

Samad Masood: It's exciting. And just as some of the descriptions you've given already make me either really paint it as you are at the front line of a quite high-risk area.

So, tell me, your job involves meeting clients, as a professional services professional, your job involves meeting with clients at their most challenging times when they're really, really facing a difficult problem. How do you turn that round into something positive for them, for your team? I mean, it must be incredibly pressured. What sort of tips and tricks do you think of to try and ensure that that's still a positive experience for everyone?

Beth Musumeci: I think over time you get better and better at this, but the bottom line is to be empathetic, to understand that, yes, especially in cybersecurity, you're sometimes meeting folks, you're meeting them for the first time, it may be the worst point of their career, and in some cases it could be what they perceive as the worst point of their life.

I've worked with CEOs who have spent their entire lifetime building businesses to only have them threatened by a cybersecurity event or an attack, and they're terrified and they have so much to lose.

So being empathetic, understanding, be in their shoes, understand where they are, help them through that, being the calm, be a good listener. Let them get that out. Let them share that with you. I think that helps you also forge a bond with them, but instill confidence that, "Listen, you've overcome a lot in your career or your business lifetime with this business. This isn't insurmountable, and we have a good plan for how to solve this and how to work through this." And enlist them to be part of that solution, because that's critical.

But it's really important to gain confidence and be that calm, and then execute the plan with their support, because it takes everyone to solve for problems like this.

Samad Masood: That's great. And I think when you picture a cybersecurity expert, it seems obvious now you say it, but I typically imagine someone being very detail-oriented, very technical, but actually what you're talking about is very human traits that need to be there to kind of ensure that things go smoothly. And like you say, you can't have a solution unless you enrol your client in that as well. So yeah, it's interesting.

Now, obviously artificial intelligence is a big theme now in technology. I think elements of AI and machine learning have been used in cybersecurity for a while now. But tell me, how do you see AI disrupting the sort of work you do or changing it? Maybe disrupting is too strong a word, but how do you see AI changing the way you work in cybersecurity and your peers and colleagues work?

Beth Musumeci: Obviously, it's an incredible opportunity, especially in helping clients grow their businesses that can offer time and effort savings. It's just it can be an incredible change. And the use of information from disparate sources to real-time, be able to help you make decisions or operate your business or even produce products, all great things.

But at the same time, the flip side of that, it's also quite terrifying to protect against some of that. But as you stated, machine learning and AI, now moving into AI, has been used for decades in the cybersecurity industry in thwarting attacks, detecting and deterring, and continues that way.

So, as it's funny, I just hosted a panel with some really incredible industry leaders, all women by the way, so that was quite exciting to be able to do that but talking about the use of AI even in cybersecurity solutions, and the theme really sort of emerged that it was an arms race in a sense.

You just have to stay ahead of it. You have to use those same technologies to deter, detect, to build resilience in your solutions, and they continued to press to use those technologies.

But yes, absolutely, those techniques are used today quite effectively by bad actors, and so it's always going to be that balance of using the technological advances for good as well and staying ahead of that curve. And we have some really brilliant minds doing that.

Samad Masood: Beth, thank you so much for this great chance to talk to you and learn a bit about your journey and learn a bit about being a cybersecurity professional and dealing with those really challenging times with that calm that you so clearly bring. Thank you so much for your time, Beth. I look forward to speaking to you again soon.

Beth Musumeci: Thank you for having me. It's been a pleasure.

Samad Masood: Thanks for listening to this episode of The Professionals. It was produced by Yulia De Bari and Christine Calhoun. Dode Bigley is our audio engineer. If you want to hear more episodes, please like and subscribe. See you next time.