In this episode, Nicole Scheffler from Cisco shares her journey through the hardcore engineering and network security space, and discusses what changes she’s seeing that can make it easier for women to participate in the tech sector.
Nicole, welcome to the show.
Thank you for having me, Jean.
I am so psyched to have you on the show today. Actually, I'm a big fan of your podcast, Diva Tech Talk, and perhaps even a bigger fan of how you actually embody woman in tech, so there you go. So can we just start from there? Can you just give us a little intro about your journey into the tech sector? Although we gave a little intro in the beginning, I think people will want to hear more directly from you.
Yeah, absolutely. You know, I'm honored to be here. I consider myself a nerd, but I guess a passionate nerd, sometimes I call myself a digital renaissance woman, because I feel like I've collected a body of technical knowledge throughout my 15 plus career as an engineer in technology for Cisco. I'll be happy to give you the high level view of where I come from, but I consider myself a technologist first, educator and teacher second, and a community leader third. I believe that all technology can be linked to the good of the world, whether it's through enabling businesses to do that good, or just directly doing the good.
So, that's kind of my brand, I guess, or my story, but I definitely started as a programmer. Born and raised in Texas, so you'll hear my y'alls come out, but I'm a programmer, and I started in the startup space, so I developed some various security solutions, some marketplace selling applications, that we tried to sell to Google back in, gosh, 2006, so really early in my time, I was doing things that were pretty progressive from a developer standpoint, using technology in different ways that I'm not even sure exists yet today.
I have a Master's in IT, so I really studied the art of things like innovation, knowledge management, having one foot in the why, why we do technology for business, and then the other foot in how we do it. So, getting into the technology that actually does it, and getting behind the wheel.
I started at Cisco in the Cisco sales associate program, it's an amazing opportunity, whether you're looking for the sales start. For me, it was the engineering start, where they bring you from the academia into Cisco, where I spent about six years working directly with customers, solving their problems, using technology, getting close to their business and having technology do it, and staying up with technology. It's really fast-paced. I did a little bit in learning and development at Cisco specifically, where I launched a few technical campaigns, but then just decided it'd be better to be back in sales, because one, that's where the money is, and two, I could do a lot of that teaching passion, that learning passion as an adjunct professor.
I've taught courses in biometric security, wireless security, obviously networking, in the Cisco Networking Academy, and really enjoyed that. And then that takes me to where I'm at today as a channel's a leader in engineering. I help with our strategy and planning, that serves where 90% of Cisco's business comes from. So, shout out to all the Cisco partners out there, but I love reverse engineering. What is the customer need, and how do our partners that handle a lot of this interaction, and especially the deployment and adoption of technology perform their best?
Then, my last thing is just being passionate about women in technology. As a female engineer for these 15 years, I've seen it in the classroom, I see it, and we need more diversity with women of course, and then diversity within diversity which is a big part of my mission. Not just looking at women, but all types of women, in all different levels, coming in to bring their best game to the world.
Absolutely awesome. Actually, you know what? I did my graduate study in an engineering school, RPI. But the thing is I started the wrong thing. I did a technology management MBA program, and this is back when woman in tech wasn't even a phrase.
That's why it is really inspiring to hear you speak, but I'm also curious about what progress you've been seeing lately, in terms of... I love data, so if you have some recent data that you want to share, go ahead, but I really would like you to tell us a little bit about what you're really feeling and seeing there.
Yeah, absolutely. In regards to the diversity numbers and I think this is true in data across all areas of the business, there's so much out there. I believe that we are at a point in time where we are collecting a lot of different data, and how we aggregate it and make it valuable for business changes, is really happening right now in the corporate world. That's something I find a little tricky, about getting to the data of women in tech. You'll read studies that vary between 10% and 25%, and if you look at women in tech data, if I'm a woman, say working at Cisco, that's a technical company. But am I a woman in tech?
So, I think there's definitely some screening that you have to do. Catalyst does some great studies around it, but it's like double-clicking and saying, "Okay, I'm actually an engineer, so I am a technical woman." I think there's a difference, because where you're getting the data. So, I would say regardless of what data you're looking at, ask those questions that really help validate it and that's the engineer in me. Where are we getting the data from? What lens is on it? We've seen, as you mentioned, a rise of women in tech efforts across the world, especially in corporate and I've been involved in the rise of women in tech resources through our employee resource organizations, and efforts in the community at Cisco for over eight years.
And I've watched that corporate approach grow, and we've started to see more people in roles like diversity and inclusion officer. We have the Office of Inclusion and Collaboration at Cisco. So, it's definitely good work that's happening. When we recently did a segment on diversity leadership specifically, I found that the biggest thing is distilling the reality from the story. The tough thing is getting that HR data. For example, what is the percent of women engineers at Cisco? You would think like that should be easy, like they look at engineers, and then they run the numbers, and they give it, but there's definitely security and privacy concerns that we see in the HR space and giving access to that data, and how we look at it.
So, I think we have some work to do, and there's definitely some systems. I interviewed Shuchi Sharma from SAP, and she talks about some of the tools that they use. But I think we have some work to do, but there is some good numbers there, and it's good to ask your company, and look at the room, and try to quantify it. Look at panels, and see if there's women on it. Look at the movement over the several years.
I've had a lot of success at Grace Hopper, meeting different women leading diversity, but in the field and growing it. So I think you just have to see what we're doing as corporate citizens or as individuals to provide that lens, but it's also small things. Like, when I am on an interview panel, I try to remove the sex of the person out of it and say, "All right, I came up with two or three traits of this person. Here's the five candidates. Which set of traits do you think is a better fit?" Without telling them who it is. So, there's all these little tips and tricks, but there's the basics. There's table stakes, like employee resource organizations, and efforts to be inclusive, and things like that, but then there's the second one that we're on today, is using data to make better decisions, to pivot where you need to, and to provide the most value for where you invest those efforts within your company, and within the community.
Well, it is really reality, I think not just you, that a lot of us share. I can see not giving out easy number and I totally get that, but you do see the changes happening in the environment though, right? Whether it's a specific technology that making it easier for woman to join, or whatever. So, what do you think that is happening to speed things up a little bit, make it easier for women to participate, whether that’s cloud access, and what have you?
Yeah, this is really where I love the conversation. Two things I'm passionate about, women and technology, literally both. So, the efforts we just talked about are great but the exciting part on the technology front, and I know that you're a mobile-focused podcast, so I really wanted to think, okay, where's the marriage of where technology can help this effort? What's the intersection of say, mobile technologies and empowering more women in this space? So I think one of the key ones ... There's three key areas where I see mobile coming into the world of networking and Cisco, which is my jam when it comes to technology.
And the first one that really unlocks the flexibility of women in tech, I believe is collaboration. At Cisco, we have an amazing female collaboration leader, Amy Chang, and I think it's an exciting way and I see a lot of women getting involved as collaboration experts. Some of my favorite leaders have actually spent time as engineers in collaboration, so it unlocks some of the connection aspects that women love, connecting with people, having video calls, being in touch via an app.
So, we are seeing an improvement within Cisco Technologies with teams but unifying the experience, so that when you collaborate with people it's personal, it's responsive, and you can do it on the go.
I feel like we're so connected 24/7 to our phones, and to the internet, and to the world. We're almost accessible all the time. As a woman, and as a human, you need to be able to have balance, to be there to walk your dog, to be there for your child's soccer game, or for those things. So, I believe that, by having powerful technologies like collaboration, that put people one touch away on a mobile app, and bring together the ease of communicating, and the ease of getting business done, because we're so connected you get the flexibility to be connected in a way, where you can be on a run and then check your watch and see that someone needs something from you, stop, send them the link from your phone, and move on.
That speed also allowed me, as a young working mom, when I had my daughter... There are challenges that you face as a woman, and as a mother, that maybe a male wouldn't have to have. I doubt they're figuring out how to breastfeed from a conference. So, there's collaboration tools that allow us to have the flexibility to be a working mom, and I think that that's really important, that we have technologies that unlock it.
There's other areas though. That's one of the main areas I think is collab. The user experience being a big focus of that, and really a communication culture that we're building. I see it every day at Cisco, but in the world, making it corporate. People may say, "Oh, I communicate with SnapChat to my friends," which I'm guilty of doing at times, but in the corporate world, having it be secure and consistent and usable, no matter where you're at is really key.
The other two would be around, like you said, cloud. When we put things in the cloud, we're able to access them from wherever. So, I think the second piece is network management from the cloud and from a mobile app. So again, I was trying to pivot on how does mobile technology come into play? Well, if you're managing a network, and you have an investment in something like Cisco Meraki, we have that dashboard available in a mobile app. Literally, you can get a notification and understand what's going on with your network. It could be a huge company from your phone. I think that's really powerful for everybody, whether you're, again, male or female, but being able to have that access from your phone is super powerful.
And then the last piece is obviously security, we just acquired a company that does dual authentication here in Michigan Duo, but we see more and more authentication methods to make things more secure. Who you are, what you know, what you have, things like that. And I think that's another power of both mobile and technology that give us the capability to work from anywhere, and I think that, that could be the balance. The ability to be there for your family, your friends, and for your life, with the use of the right technology.
Let me ask you this. I mean, even within the tech community, and I think networking and security are highly specialized domains, but you're dealing with both. You have this whole network management and then the security aspect of it. So because of that, I'm going to ask you a very dumb, stupid, simple question.
There's no dumb question.
Basically, let's say as an average consumer, if there is such thing, what can they expect to see, in terms of them feeling more comfortable with doing more stuff, whether that is like access to an enterprise, like collaboration, or actually making transactions, whether that's personal or business, just doing more of those transactions in general on a mobile device.
Because it's not everybody that has the same comfort level and rightly so, we do hear a lot of issues.
What can they expect to see moving forward? Near future let's say, I don't need to be too futuristic here.
I love a good futurist conversation I'm a Michio Kaku fan. But you know, you're asking really what consumers can do around trust and security working now with everything, mobile banking, buying, you know, business, daycares, there's so much stuff is mobile. And I kind of compare it to this, I talked a lot on internet of things. There's two camps of internet of things. What people use at home, like an Alexa or a thermostat that's on unloading, or knowing if your garage is up or down. That's very consumer based IOT.
And then we have corporate IOT. Corporate IOT is the plant floor. How are we improving manufacturing by putting sensors on the plant floor? How do we improve healthcare by locating wheelchairs? So you kind of have the divide between consumer-based IOT and corporate IOT. So how does that relate to your question? It's the same thing in my eyes, we have consumer concerns for security and trust and then we have corporate concerns for security and trust.
So let's tackle it like that. So for the consumer, I think there's an evolution of compliance, and this is going to sound kind of weird, but I think it starts with understanding privacy laws and getting engaged in politics for privacy. Watching this over the 15 or 20 years of my career, it's been something, anytime I could talk about, I will continue to preach about getting engaged with what our politicians are doing around laws and legal ramifications of security that protect the consumer.
Because as long as you have a voice. So it kind of starts there because that's what's going to shape our compliance, which will trickle down to what the consumer can have trust on them. I think as a consumer you can ask questions around what a company does to be secure, but most of the time they're going to have like a canned answer, right?
So you really have to think, "Is it worth it?" And you know, as a mobile tech podcast, is it worth it for me to have an app where my cat can sing and perhaps have my entire address book exposed to hackers? So I think you have to look at what you're using devices for and what you're allowing on that device.
And I'm an analogy person, so I'll say, it's almost like if you had an open party at your house, if you invite every single person that you see in the entire world to that, you're going to get someone who just takes all of the free candy and puts it in their person runs away. But you're going to also have someone with a really good conversation that you may create a business deal with or something. So it's almost like if you're opening the party and you're having a party on your phone, who are you invited to that party and why?
And then having some due diligence as a consumer. What's your gut feel? Does it seem shady? It's almost like fishing, right? If the link has a... an alphabet soup at the end, it's probably not a secure link. And having more due diligence as consumers to stop and think about those things, whether it's an email that you're clicking on or an app you're installing on your phone, it may seem good but is it really going to be worth it? Or is it something that you can do through an existing way or something that doesn't download into your device? How deep are they getting into your device?
So I'm kind of like a Mr. Robot fan, so I kind of expect the worst because I'm in security, so I see everything. But sometimes it's also things you may not think about, right? People go on vacation, "Oh, I'm excited. I'm checking in Sarasota." Well, what does that say for someone who might be driving by your house looking to take your TV, right? So just doing some due diligence and having email accounts that perhaps you use for the fun stuff. Maybe your Pokémon GO account is associated to maybe a separate Gmail account, so things like that.
But at the end of the day, hackers will break in if they want to, just like a thief in your house, right? If they want to, they know that there's valuable things in there. They know that you're a corporate executive or they know that you're a celebrity or they know that you're accessing a lot of CAD files for a big manufacturer, they're going to want to get in. So it's really creating a layered security for you as a consumer. And then not to go too crazy but obviously my specialty is on the corporate side where we really have layered security and we're starting to see an increase in identity and really thinking, "Okay, is Nicole accessing cisco.com from her phone?"
Great. "But is Nicole accessing cisco.com from her phone in China at 4:00 AM when she just had a video on the US." So it's again, using data and the collection on machine learning, and that's where we get into like using things like Stealthwatch that we have where we basically baseline and we say, "Hey, here's what a network usually looks like. This is crazy. There's a mass amount of data coming out of this person's account." So there's a lot we can do on the corporate side to take care of it, but I digress and I think there's basics you can do following compliance, having strong passwords, asking questions around security as a consumer, and then asking that of your company, what's our policy? What's our social media policy? I mean those things. Social engineering and people are often the weakest thing in any security chain.
So although we think it's these fancy encryptions and technologies, sometimes it's the people, it's someone coming in, you're holding the door for someone and they ride in with you or shoulder surfing or things that you wouldn't think of. So I think we have a responsibility to take our game to the next level, to ask questions and to think twice about things that we can control, and do business with companies that we feel are having that due diligence as well.
Well let me connect that a little bit. I think you mentioned Cisco's acquisition of Duo, and I believe they're in the user authentication industry. So I mean is there something specifically that you feel needs to be addressed, whether that's you know, employees from the corporate side, or you know average consumer trying to do more banking. How do you see this user authentication part?
Yeah, I think you need to go to the experts. So I think we need to start relying on people that do it every day and using a combination of assessing the situation, like having pen testing for example, or a real audit of where you're at today and where you're trying to go in security and working with the companies that do it right.
So I would trust some of my strong security driven partners that understand what's out there and can go into a company and say, "Here, let's take a look at it, we can assess your network and we can see here your weaknesses and here's the biggest things that we need to fix and having a layered security approach." So that includes a mix of firewalls and authentication, multi-factor authentication from your phone, like the Duo acquisition, but also like protecting resources in the cloud.
So I think it's holistic, you have to look at from the user, sitting at their desk all the way back into the data center and take pit stops along the way to understand how are we securing these things and using professionals to say, "Here's what's wrong and here's our top recommendations. And by the way, you're not compliant and this could cost you even a lot in compliance."
So I think it's, and a lot of times companies don't want to know what's wrong, it's almost like if you have like a weird bump on your body and you're like, you know you need to go to the doctor but maybe you don't go because you're not ready to face the reality of what it could be. That is kind of an analogy for business and for security. If you thinks, you know there's a weakness, go in and get it fixed and get it taken care of because that's what technology can do and use the amount of intelligence.
I just see like for example, what we use here at Cisco is Talos and this comes in many shapes and sizes from many other security companies. But for us, I believe we have an exceptional body of knowledge of data that shows valid senders users, destinations, companies and invalid, and taking that into your company in whatever way you can be a feed to leverage existing information like that, so that you can automatically say, "Okay, we know this is a bad URL, so let's just share that with the world." And that's what we do with Talos so that our customers that subscribe to that set of data that is oftentimes free part of our offering can leverage that as well.
So I think it's looking at layered security. It's looking at authentication. I love biometric solutions. In fact, my child's daycare, I have to like scan my hand and know a code to even get in the door. So it was funny, as a security nerd, shopping daycares, it was like a total plus for me that they had all this versus the other daycare where you just walk in a gate and there's nothing and someone buzzes a door. So I think it's going to start to infiltrate all of our lives. So we need to take responsibility to know what does it mean to be secure.
And the last thing I'll say is some success that I've seen with some awesome women leading this that I know like Apple Jones here at some local companies, they take security awareness training. So they're, they're teaching people through a corporate structure, they have someone dedicated to running phishing attacks within the company and seeing if they're successful and having education around don't click, don't let people walk in with you, don't leave sensitive data out, don't download these apps.
And we have like mobile device management through like Meraki, where we can actually see the apps from like anyone who has a corporate owned resource or phone. And I think those are really powerful too because then you can say, "Hey, this certain version of this app is really vulnerable and you can actually segment that user onto a different part of the network and things like that."
So there's definitely some nerd knobs you can turn, but that's just kind of a high level of some thoughts if that answers your question. But we also see things like secure supply chain. So security is just becoming a must-have for everyone.
I love that daycare example because I see a lot of companies actually start talking about security as their differentiator. I mean, and earlier you talked about compliance and try to really understand privacy laws and things like that. But in certain areas it's going beyond just merely complying to abide by the law, it becomes like things that attract certain people like yourself and it's like, "Okay I want these type of people and they start enabling certain security features."
So like I said, you embody the whole women in tech on many fronts there. But one more thing that you mentioned that really sound interesting is that the problems you are laying out, using the data smartly and you know, you've got to get those data from some place and you're going to have to process those data some place and you're going to have to work with some of your compliance requirements and all that. It is a very big global issue, and I had a previous talk with somebody that we delve into more GDPR issues, things of that nature.
And so let's just face it, it's a global problem requiring a global solution. And I think you are at your career where you start initiating and working with the partners to solve these problems together. And it sounds not as simple, so how do you do it?
Well, I think you have to look at where technology's going. So the increased challenge of security and the change of daily tools by hackers is also correlated to the daily change and improvement of our tools to do so. So for example, Cisco was 30-year-old networking company we've been around a long time and we just recently opened up our whole network direction to be API driven.
So I think the key thing is having more data analysts who sit there and look at what do we have to work with, what's most meaningful and how do we put it in a picture that can make an impact on the security decisions, make an impact on network buying decisions, make an impact on application, deployments, storage. I mean it's really creating a global view of the right data at the right time that helps direct those, so that you're spending your time securing the right things.
You know, back to my breaking in the house example. Do you lock your doors? Is it as simple as locking your doors or do you really need to throw nails on the floor. So if someone there to, is it like home alone or you need to set up this intricate internal system or is it just simple things like locking your doors? So start from the things that you know you can do table stakes, work with people that are knowledgeable about doing it and take the steps to go from where you're at to inch into security and don't leave it as a last thing.
This is not an option. You have to have it. It's time the hackers are out there and they will get your data, so keep it safe.
And I lied, that wasn't my last question because you said something interesting. So you say you go through more API led approach. Does that actually, I mean, you can drink the Kool-Aid where API management vendors are selling. Some will go as far to say it's a API led economy. So does that actually change how you do things as you move towards more API driven kind of collaboration? Do you see it happening?
Yes, so from the CIO mentality, I think you're going to start to see like you said, the API boom, let's play API Bingo and everybody's got it. But I think you have to start to look at the ecosystem of technology solutions that you have and how you can leverage it for more.
So for example, Cisco, we sell networks, we sell wireless networks, we sell secure wireless networks. But what if those secure wireless networks could give you more rich data about what people are doing in your store? So it's really like peeling back the onion to be cliche, but like peeling it back to say, "All right, well then now because of APIs, because we can take this API and open it for innovation." And I think that's where the power is.
When we have APIs, we opened the door for more people to innovate using developer tools, putting one plus one equals two, right? So for example, a company could come in and say, "Well Cisco can tell me where people are in a store via the wireless and it's secure and we say have a store where we have a loyalty program." So we could see that a coal buys diapers, right? But say they can now tell that I spent 10 minutes looking at organic diapers, but then organic diapers or greed diapers, I don't even know if organic diapers is a thing. But I spent so much time in this section, but yet I went bought the cheapest.
So is that an opportunity to go pair something like location data to a loyalty program to understand why, or endcap, like say you're designing an endcap of an aisle at a store. Well, if they're spending 20 minutes on the new design but they only spent two minutes before, then you know your new marketing design of the endcap is more successful and you prepare it to time. So it's like that's the power of it, I think is innovation and that's why APIs are exciting, but we have a lot of work to do across all of the tech sector to improve what are we able to see with APIs for debugging and what are we able to see for configuration, and what are we able to see for valuable data, how do we exchange it and how do we make it the most for the business?
Absolutely. Super. And I felt like I used up the time but I do want to ask you a fun little question before I let you go, and that is what we are calling what's on your phone. So now, Nicole, what are the three things you use the most on your phone?
Well, definitely I have to say Cisco teams because I've loved the move out of email and into this chatty tight interactive click to call video file sharing and in a secure, so it meets that requirement. So of course, because I'm operating daily, I'm a working mom and I am cross-functional across the business. That's the primary one that I use. And it's funny because your phone will bring up the most, I am a Pokémon GO player and a huge nerd, so I'll say that. And then lately it's that child care app Tadpoles, right? It's an app that allows me to see when my daughter went to the bathroom at the school, it might be TMI.
But I also can also see her moments of the day, so I cannot only know what she's learning, so I can ask her about what was the lesson today or share the same song that they played. But I know her health and welfare and I see pictures. So it makes me feel like a little bit more connected to that experience, which is hard for anyone because of course, if we can all just hang out with our kids all day and not have to work and go to the beach and have fun, we'd want to do something like that.
But you know, those are some of the top three, but I just have so many apps that you rely so much on them. I also have an app that's called SendOutCards that I use in really putting gratitude to practice. And I think that that's a really important one because it's something I could do from my phone.
So I've sent over a thousand cards from my phone in a digital world that makes a difference when people get something personal with a picture of them, and I use that to show gratitude and to connect with people for their life experiences and professional experiences and moments that matter.
Now with that, I want to thank you again for talking with us and have a wonderful, wonderful weekend with your daughter.
Yes, thank you, Jean, for the opportunity and I hope this encourages people to look up some of these cool technologies we talked about. Stay secure and have fun in the world of technology. So thank you.