WWCode Conversations #64: Lucy Kerner, Red Hat Director, Security, Strategy
Can you tell us a little bit more about your journey to your current position?
My journey started with my love for math and science. I loved it as a child and in high school. I excelled in it. I didn't know what kind of jobs I could get with that. I went to the career center junior year of high school and asked, "I like math and science. Do you know of any summer programs I can apply to, or are there internships you know of?" The career center person told me, "There is this program where they're selecting 25 women across high schools across all of the Washington DC metro areas to attend a three-month summer program at the University of Maryland College Park, and they pay for everything from your dorm and also all the intro level engineering classes there, and that exposes you to all the various engineering disciplines that University of Maryland college prep offers." I thought this was a really good opportunity for me. I got into that program and got exposure to chemical engineering, electrical engineering, mechanical engineering, etcetera. Through that program, I knew coming out that engineering is what I want to do. Specifically, I wanted to do electrical and computer engineering.
I applied, chose to go to Carnegie Mellon University, and got accepted into the Electrical and Computer Engineering program. I graduated with a master's and bachelors in electrical computer engineering. Every summer, I interned at various places because I wanted to know what company I wanted to work for and what work I wanted to do. I interned at MITRE, Lockheed Martin, and Apple. As my first job out of college, I knew I wanted to be a hardware engineer, so I worked at IBM as a hardware design engineer designing microprocessors.
That was my job for about five or six years out of college. Then there was an opportunity inside IBM for engineers to enter a customer-facing technical role, which they call solution architects for all their line of servers and mainframes. Then I got into one of the roles as a solutions architect for their IBM-based intel servers. They called them X-series. That was my first stepping stone into a customer-facing role where I was presenting and designing solutions for customers. I did that for several years and wanted to try something different. I wanted to go into the cloud space. I was interested in what Red Hat was doing in the Linux area.
I applied to Red Hat and became a cloud-focused solutions architect focused on cyber security. I've done cyber security at an engineering level and IBM from the mainframe server level. I also wanted to try it from the cloud security area as well. That's what I did at Red Hat as a cloud solutions architect for the US public sector, which has very strict requirements for security. I did that for several years and met people as I did that role.
Another important thing I learned is that it's important to network, especially with people you may want to look up to. I did a technical integration of Red Hat products to solve certain security-related challenges for public sector customers, and I presented that to customers. One of the senior-level people inside the public sector saw it.
A senior person at Red Hat in the public sector also saw it and said, "Lucy, you should present this externally. Maybe submit to our annual conference, Red Hat summit. Why don't you submit to some local public sector conferences." I was thinking, "There's no way. I'm not going to get into that." I got a lot of encouragement from people, especially the leadership team in the public sector at Red Hat. I said, "Okay, I'll give it a shot." My session was ranked one of the top ten sessions. I got a Red Hat top presenter from that. Red Hat leadership saw that. My presentations got the attention of several Red Hat leaders. Maybe a year later, a Red Hat leader contacted me, saying, "We're going to create this role focused on security. It's a global role, and it will focus on a go-to-market strategy for security across the entire Red Hat portfolio. It's a leadership role that will influence and work cross-functionally across Red Hat. We think you would be a great candidate. We would like you to apply." I was thinking to myself doubtingly, "Do I think I can do this? I've never done this type of role before." If you're interested in it and there is potential to grow, you should always give it a shot.
How does your hardware and software development background impact your current work in cyber security?
The key thing is that cyber security is a technical field, like cloud or Linux. My background in hardware and software development, engineering in general, allowed me to understand core cyber security concepts at a deep, technical level, such as cryptography which is core to cyber security. In my current role, I take that core technical cyber security knowledge. Then I have to apply it to our customers' specific cyber security challenges and tailor the solution. The customer solution and messaging of how we can help at Red Hat for different personas in enterprises such as the CISO.
It seems like security is quite complex and covers a vast field. What do you think about security? What does security mean to you?
Security is a vast field. That's one of the things I love about it. I love that it is constantly growing. In security, there's this famous diagram that says, here's the vast world of the security ecosystem and all these vendors. There are so many that you have to zoom in to see everything. The idea is there's everything from network security to endpoint security, incident response, compliance, identity access management, newer areas that people are exploring around containers, Kubernetes security, cloud security in general, and other emerging areas around how quantum computing is going to change cybersecurity and how we do cryptography as a whole. It's growing, it's vast, and there are a lot of opportunities. Security is not just about technology. To do security correctly, it involves people, processes, and technology. Most security breaches are due to human errors. Also, there's always a trade-off with security, a balance with delivering business applications quickly..
Is there anything about security that you want to share that you feel that sometimes people kind of forget or people should know more about?
If you're interested in pursuing a cybersecurity role, just remember that your foot in the door doesn't mean you have to start with a job with security in the title. Core skills are needed for security, but you may not have security in the title. For example, IT generalists have a solid foundation to contribute to an organization's cybersecurity practice. Skills that you might want to develop, and candidates who will always be successful in a cybersecurity role, would be everything from data security to Linux, hardening Linux systems, computer software development programming, cloud security, risk management, compliance, threat detection remediation, network security, monitoring, to troubleshooting. Again, it's a vast field. There are program managers, project managers, security compliance officers, auditors, roles inside sales for security in the sales or marketing organizations, and many other roles. Don't limit yourself. If you're interested in cybersecurity, there could be a role for you.
What are some of the projects you work on to promote thought leadership and evangelism for Red Hat?
I help lead many of the security, thought leadership, and evangelism efforts. For example, our external messaging of What is Red Hat's view on hybrid cloud security? You're like, what is Red Hat's take on it? We want that messaging externally, for example, on redhat.com. Maybe we want that messaging as thought leadership in an external-facing article. I write many articles in external magazines, whether TechBeacon, Security Boulevard, or Increment Magazines. I'm not the only one. Another big thing is our presence at not only our conferences for security, such as the Red Hat Security Symposium and Security Track at Red Hat Summit but also other security-related conferences around RSA at Black Hat. I help lead our security messaging there.
Do you have any advice for people in a similar role, for those having to interact with many types of people and teams daily?
At the end of the day, everyone you're interacting with is people. You want to have a relationship with them. If you've never worked with that person, a short intro call would be really helpful to get to know who they are, what they're working on, and where in the organization they fit. You're trying to get them to work with you and help you with things. Also, be very clear about the goal that you’re trying to achieve. Be clear about what you want them to do and when you want them to do it. Knowing who's who in the organization is key too. That is where networking comes into the picture. too,
What is it like to be a Red hatter, and what do you think is the most unique about being at Red Hat?
At Red Hat, everyone's voice matters. Our culture is very much an open culture, a collaborative culture. Everyone listens to each other's ideas, and we believe you can do more as a group than as an individual.
What are you passionate about outside of work?
I love dogs. My dog is sort of my therapy dog. Especially before COVID, we visited nursing homes, mental health institutes, and hospitals. The idea is to bring smiles to people's faces. I love volunteering and sharing that kind of experience with others.
Do you have a pro tip for women in tech or those interested in pursuing tech?
Take on things you've never done before. Don't doubt yourself. You'll be surprised what you can do. Know that growth and comfort don't coexist. It's okay to make mistakes. Don't be scared. Speak up. Don't be intimidated, and don't take things personally. You may be the only woman in the room, making you unique. Take that as an advantage. Don't ever stop learning. Be open to opportunities as they come to you because they may never come to you again.