Toni Benson, a project manager at the government contractor Peraton and an Air Force veteran, has felt the divide between the slow, methodical progress of government and the rapid scaling of tech companies for most of her career.
Advances in innovation depend on both the public and private sectors, she said, but there are disconnects in how products are built and tools are used.
“There is a gap that obviously has to be bridged,” Benson told Technical.ly. “A lot of the infrastructure that is utilized by the government is owned by the private sector. How do we transfer that knowledge back and forth?”
“A lot of infrastructure [used] by government is owned by the private sector. How do we transfer knowledge back and forth?”
Toni Benson
She left her decade-long career at the Cybersecurity and Infrastructure Security Agency (CISA) with the goal to better connect the government and its contractors. It’s been a shift, Benson said, in focusing more on profit and less contributing to policy. But skills she picked up during her public service apply to this different route in her cyber career.
Now she helps mid-career women find transferable experiences, as well, that they can take to new cyber jobs as the chair of the RISE program at the McLean nonprofit Cyber Guild. Across the globe, only 22% of the cybersecurity workforce is women. Women are also rapidly leaving the workforce in the US, and Benson hopes to rein some of that in.
“How can we help fortify by putting a program in place … to help these people, primarily women, move through the minutia of what happens when you get into your mid-career status?” Benson, an Annapolis resident, told Technical.ly. “Or feel a little stagnant in your career, or really just don’t know how to get into cybersecurity.”
For this edition of How I Got Here, Benson outlined her time at CISA (which has been slashed under the Trump administration), advice for cyber professionals and her future plans.
This Q&A has been edited for length and clarity.
How did you get into cybersecurity?
The beginning of my career started in the United States Air Force. I was a communications officer. During that time, I had a wide range of responsibilities. When they say communication, they mean literally everything.
After I got out of the military, I spent a little time in the private sector, working for some government contractors. Then I spent a bulk of my career, the largest portion, in federal civilian service. I worked at the Cybersecurity and Infrastructure Security Agency (CISA) for 10 years.
Did a lot of roles there, as well, spent a lot of time in workforce development toward the latter part. Also did some engagement with the White House on policies around the cybersecurity workforce, how we can shape it and make it better, with the last administration. I think they’re even carrying some of that over in the new cybersecurity strategy.
I’m currently a government contractor program manager for a company called Peraton.
Why transition back into the private sector last year after working for the federal government for a decade?
It’s so funny. One of the things that the former director used to say over at CISA was that when we leave, we ‘forward deploy’ — we don’t really leave the government.
I think it was time for me to forward deploy, take some of the things that I learned from the government side of the house and utilize those things in the private sector.
There is a gap that obviously has to be bridged. A lot of the infrastructure that is utilized by the government is owned by the private sector. How do we transfer that knowledge back and forth? I felt like it was time for me to make a career change.
What are the differences between working for the public sector versus the private sector?
Obviously on the federal government side, I am not thinking about profit. On the contracting side, I get to wear both hats. I’m thinking about the mission and how to make it more efficient, and then leveraging some of the tools that the private sector doesn’t have.
On the government side of the house … you’re the ones who are truly influencing the change. I don’t need to drive policy in the same way anymore. That’s probably one of the biggest changes.
But there is a benefit to both sides of the house. Being able to scale and do things quickly from a contracting side of the house, but also being able to influence policy and seeing things from a holistic view, from a world view, when you’re talking about the federal side.
What brought you to the Cyber Guild?
Cyber circles are very small, so my former executive director is one of the board members at the Cyber Guild. There were some things that they were looking to do around the workforce, and I had done a lot of that work while I was in the federal government.
I landed that opportunity just based [on] relationships and networking, which is something that we push with some of our programs for people. I’ve been excited about the opportunity, and I’ve learned so much since then.
What can people expect if they want to be a part of RISE?
[It’s] a 10-month mentorship program for women professionals invested in advancing their career in cyber
We’ve had everything from women who were previously in the military … people that were former federal employees that may be looking to get into cybersecurity.
We don’t focus necessarily just on technical skills. We’re really trying to fortify some of those foundational skill sets, people say, ‘soft skill’ sets, where we can help people take where they are and reformat. Whether that be their resume, whether that be how to network in certain environments.
Have there been any challenges that you’ve dealt with or seen others face breaking into your career in cybersecurity?
I probably took one of the more routine paths. I do see, just through people that I’ve mentored and people in my community, that it can be challenging. There are a lot of different avenues.
How I Got herE
That’s something that we talk about in the RISE program. Don’t get overwhelmed by how many different tracks you can take. Figure out what are the things that you’re passionate about, figure out the things that you’re good at, and then take those things and figure out how those transfer into cybersecurity skills.
People get amazed when we [cover] transferable skills. There’s so many transferable skills that are applicable.
Some of the best cyber threat analysts I’ve ever come in contact with had psychology backgrounds. It makes sense, you’re doing profiling, so it allows them to really think more in the adversary’s mindset
What other advice do you have?
I also recommend that people constantly look at, where do you want to go next? Do you currently have those skill sets? If not, what are some things at your current job that you can do to gain those skill sets?
And then being a continuous learner. If you don’t know exactly what you want to do, look at how you can start to shape or take those little nuggets and carry those over to your next career.
Speaking of, what are your future plans?
I would like to see myself on a beach near the ocean with the waves crashing. However, if that’s not where I’m going to be, I think the next role for me would be elevating … to managing multiple programs.
Or looking at some of that policy-type work. How we can shape things as we move into an uncharted space with AI [and] quantum. The internet took off very fast and took off in ways where it wasn’t intended. Sometimes that’s why that security that we talk about wasn’t baked in from the foundation. How do we avoid going through those pitfalls with AI?
Let’s make sure we’re doing our due diligence, so we’re not running into the same problems that we ran into at the infancy of the internet.
