Vice President at Google Cloud, Head of Mandiant Intelligence

Original Interview in December 2022

This interview was conducted by Abby Sonnier, Policy Analyst at Consortium Networks.

As a Vice President at Google Cloud and Head of Mandiant Intelligence, Sandra Joyce oversees intelligence collection, research, analysis, and support services for threat intelligence customers and the Mandiant security product portfolio.

What brought you to cybersecurity?

I was focused on counterterrorism and I started to see that countries are beginning to use cyber as a plan A instead of a plan C. It struck me that as time went on, the cyber domain would be a major national security and economic focus area.

I am an Air Force intelligence officer in the reserves so intelligence has been my career since 1999. This has been a journey from an all-source approach to cyber threat intelligence.

What appeals to me about threat intelligence is the idea that you are trying to understand the tactics, motivations, and outcomes an adversary is trying to achieve– there’s a lot of creativity in that type of work. There’s also a sense of nobility in the mission because you put yourself between, whether figuratively or literally, the adversary and the victim.

Do you see cyber threat intelligence as fundamentally different or the same as traditional intelligence?

Cyber intelligence has the same fundamentals as any area of intelligence. What you’re focused on specifically is the threats and capabilities of actors in cyberspace. Within that, there are many different areas of focus: financial crime, espionage, physical, and regions (China, North Korea, Russia, etc.). You’re still using the fundamentals of good collection processing analysis and distribution of intelligence, your focus just shifts to those areas relevant to the cyber domain.

What is the most challenging part of your job?

Sometimes you can get into the mindset that it is an insurmountable problem, though those are just a few bad days in a sea of good days. Frankly, there are just more threats, different kinds of threats, more threat actors, and more countries developing offensive cyber capabilities. This is a problem that will be around forever. The way to mitigate that is not to think of it as a problem you will solve tomorrow, but more of a mission and state of mind to improve your defense posture for your organization or country.

Is there a person or problem that inspires you most in the space?

Victims of breaches inspire me the most. When we talk to people and look them in the eye after their networks were violated, their data was spilled, or they’re negotiating a ransom of patient data at a hospital, we start to understand that the people conducting these attacks may not understand the implications and the extent to which they are creating pain and destruction for their victims. The emotions are very raw when you find yourself in a position where somebody is taking something you thought was private and is threatening to expose it or otherwise extort you to compel you into paying. Those are some of the problems that inspire me to get up every day and ensure that my organization is doing everything we can to stop it.

Do you find it difficult to be a woman in a male-dominated field?

I think a person always has to make a decision when they are the only ‘them’ in the room. If you’re the only ‘you’ in the room, whether that be gender, orientation, nationality, or other characteristics, you have to make a decision. What has helped me in that is trying to wield that power. When I speak, if I am the only woman in the room, there is power in that. If I am going to be providing an opinion that is different from everybody else because of a difference in socioeconomic background or educational background, that makes me unique. If I go in with the mentality of that making me valuable, I can wield that power. There is a lot of pressure that comes with that, but mentally, it has helped me quite a bit.

How do you navigate challenges like imposter syndrome?

I try to remember that everybody has strengths and weaknesses. I have a certain set of strengths that can help certain parts and a set of weaknesses I am continually working to learn more about. One person cannot know or do everything and being comfortable with not knowing everything is the key to navigating the pressures that come with being the only ‘you’ in the room or carrying the expectations of other people.

Do you see a difference between cybersecurity and other traditional security industry spaces in the treatment of women?

I think it depends on the career field, the office, the company, and the organization you are in because there are some that really value diversity and inclusion. When you’re in an organization like there, there is psychological safety that is very empowering. I’ve been in situations where that wasn’t the case and had to power through that, which obviously was not an ideal situation. I think it has changed in that there is much more attention on the topic than there was before. 

For example, for years you could have a panel with all white men on it and that would have been completely acceptable. These days, that will be commented on and pointed out. It may be that those are simply the four people that should be speaking on the topic, but today it would be very hard to get away with only having one kind of person on a panel.

Things like that are indicative of a shift of at least where we are in the phase of awareness.

Attention to the topic, maybe even through litigation, has brought light to pay inequities and other disparities that simply weren’t given attention before. 10 or 15 years ago, that would have remained unspoken.

What are some lessons you have learned about finding mentors and advocating for yourself in the workplace?

I have been very fortunate in this regard and have had incredible mentors and sponsors.

Mentors are the ones that are a bit more removed from what you’re doing who can offer an outsider’s perspective and advice. They can be junior, lateral, or senior to you and can take many shapes. I have had many great mentors but you can get mentors whether you perform or don’t, sponsors are much harder to get because people won’t advocate for you if you aren’t delivering.

Sponsors are where the rubber meets the road when it comes to your career. Those are the people who talk positively about you when you’re not in the room. I have had some of the most supporting sponsors in my career in cyber and they are likely the differentiating factor in my career.

Do you have advice for cultivating those relationships?

You should be very intentional about who you are spending time with and who has visibility into your work. I lead a small group of leaders and at every meeting, we take time to think intentionally about the women in our group and who may need more attention, training, or visibility for the work they’re doing. Through this, we can intentionally highlight the work of more junior women rising in the ranks and make sure they know that we see them and we support them. In that way, we can be their sponsors as women with power and authority in the organization.

Have you seen any major shifts in the general public’s attitudes toward cybersecurity in the years since you entered the space?

I haven’t seen as much in the general public, but there has been a shift with policymakers. We’re no longer in the business of convincing people that there is a problem– that has been asked and answered. Now, everybody is focused on solutions: what are we going to do about this threat? What are the processes and technology that we need? What are the positions in government that need to be enabled and the programs that need to be funded? There is much more intentional talk around outcomes than there was before.

One example is the cybersecurity reporting legislation that came out of Congress and is now in the rulemaking phase. There is a concerted effort to receive input from government and private sector critical infrastructure owners. This is the kind of collaboration that we need to see– that is the essence of where the solution is going to be. I think we’re going in a good direction now versus where we were five or ten years ago.

What is something that excited you in the space?

On many occasions, we have a good day because we blocked an attack whether through our technology or our intelligence. We were able to discover a new technique so that even though it penetrated the network of one person, now that we know the technique, we can defend the rest of the community. Those are the good days because we’re on the front lines of the cyber domain and because those are the days the bad guys don’t win.

Do you see the cybersecurity landscape improving or getting worse over the next five years?

I think it will get worse before it gets better. We are seeing an overall increase in the capabilities of the rest of the world in this space. It is no longer just the top four threat adversaries– everyone is gaining capability, both states and individuals. 

We’re still seeing ransomware, though at a slower rate. We’re seeing a shift in victims from North America to Europe. We see a lot of shifts and changes. 

The diplomatic situations we find ourselves in today tend to drive the quality of relationships in the cyber domain. Because of the conflicts we now find ourselves in geopolitically, we’re going to see more disruption and conflict in the cyber domain as well.

Going into the future, however, I think we’re starting to understand that better and will see improvements once we get on the other side of this.

If you could give one piece of advice to young women looking to enter this space, what would it be?

Lean into your strengths. We need leaders of all kinds and people of diverse backgrounds and perspectives. Don’t be scared off by the idea of a technically oriented job– lean into it. There are a lot of positions that don’t require you to reverse malware and you can do a lot of great analytical work with just enough technical know-how. 

Cybersecurity is a team sport. We have people doing deep technical work, people doing geopolitical analysis, language experts, strategic communicators, writers, and people who design new systems and automation. There are so many different types of positions and work and don’t be afraid of not fitting into the idea of what you think being in cyber is because every type of job is in the cybersecurity domain.

Final thoughts?

From my perspective, working in cybersecurity is a difficult but highly rewarding career field and there are estimates that there is a significant job deficit in this industry. For people just starting out, it presents a great opportunity for a career that has a wonderful mission attached to it and is highly compensated compared to many other industries. And, we will be in this fight for a long time so there is a bit of job security as well. Most of all, it is highly rewarding to defend against cyber threats on a daily basis– there’s not much like it.