Interview with DarkOwl’s Alison Halland and Jennifer Ewbank
August 26, 2025
For the fourth year in a row, in honor of Women’s Equality Day today, August 26th, the DarkOwl marketing team highlights the women in our workforce. This year, our DarkOwl Chief Business Officer, Alison Halland, interviews a member of our Board of Directors, Jennifer Ewbank. DarkOwl is very proud of our women leadership and workforce and strives to continue to build a balanced workforce with the most talented and effective team possible.
Interview: Thoughts on Being a Women in Cybersecurity from Two Members of DarkOwl’s Team
To commemorate Women’s Equality Day, we sat down for a candid interview about working in the cybersecurity industry with two women from our team.
Editors Note: Some content has been edited for length and clarity.
Intro
In a world increasingly reliant on digital infrastructure, the need for robust cybersecurity has never been more critical. Yet, as the threats evolve, so too must our approach to building the defenses. One of the most promising avenues for strengthening our digital shield lies in fostering a more diverse and inclusive cybersecurity workforce, particularly by empowering women in this vital field.
While challenges remain, the landscape is shifting. Just a few years ago in 2019, women constituted only about 20% of the global cybersecurity workforce. Today, that number has modestly, yet significantly, climbed to around 25%, with projections aiming for 30% by 2025 and potentially 35% by 2031. This upward trend is a testament to the incredible talent and dedication of women who are stepping up to fill a critical void, especially given that an estimated 3.5 million cybersecurity roles remain unfilled globally between 2022 and 2025.
Over half of all cybersecurity professionals, regardless of gender, entered the field from non-IT backgrounds. This includes 17% who transitioned from entirely unrelated careers, 15% who leveraged formal education, and another 15% who are self-taught or independently explored the space. This highlights that a passion for problem-solving and a dedication to digital safety are far more crucial than a traditional tech background.
Beyond professional strides, the statistics also underscore the importance of fostering safer online spaces. While not directly about careers, it’s telling that only 23-24% of women feel comfortable expressing political opinions online, compared to around 40% of men. The significantly higher fear of online harm, from misogyny to cyberstalking, and its heavier psychological impact, leads women to use more “safety tools” and engage less in online participation. By championing women in cybersecurity, we’re not just building a stronger defense for everyone, but also fostering a more equitable and secure digital world where all voices can thrive without fear.
Join us as we celebrate the trailblazing women who are shaping the future of cybersecurity, inspiring the next generation, and proving that diversity is our greatest strength in the digital age.
Alison: Thank you so much, Jennifer, for taking this time. I always enjoy speaking with you. And for those of you that don’t know, Jennifer Ewbank served as the Deputy Director of the CIA for Digital Innovation. And you were there from 2019, having recently retired in January of 2024. Did I get those dates right?
Jennifer: I was in that role from 2019 to January 2024, and then I retired from CIA a couple months after that. Yes.
Alison: And then Jennifer joined the DarkOwl board in 2024, and she’s been instrumental in helping us navigate the government landscape and providing us with so much feedback. So thank you for that, Jennifer. Thank you.
I wanted to do something a little bit different and dig into some of your background. Women’s Equality Day is coming up August 26th, and this is celebrated every year to commemorate the anniversary of the 19th Amendment to the Constitution, which granted all of us women the right to vote. I wanted to ask some questions geared both at your background, how you got into the CIA, and focus a little bit on women in that field.
As we know, there’s a huge gap globally right now in that field. There’s an estimated 3.5 million cybersecurity roles that were unfilled in the last three years. So there’s a talent gap. And, according to some of the statistics I was looking at, women only represent about a quarter of the global cybersecurity workforce, which is up from 20% in 2019. But I think that’s a pretty modest increase.
To kick things off, I am curious what it was like coming up through the CIA – specifically as a woman and if you ever faced any kind of imposter syndrome, or just speak a little about what it was like to be a female within the CIA organization.
Jennifer: Thank you. So a bit of this is going to be like archaeology for young people, right? Because, you know, I joined the CIA long, long, long ago. I didn’t join in a technical field, I joined in the operational world. Hollywood would have you think that that’s James Bond, which is obviously glamorized and dramatized. But, there’s some truth to the fundamental tasks that one has to perform in operations. So that is collecting secrets about what your adversaries around the world want to do to harm the United States and our allies. So that’s terrorist plots, it’s plans to proliferate weapons of mass destruction, it’s plans to penetrate our government with espionage, lots and lots of plans for a coup, plans for international narcotics trafficking. And the job was to go out and find those things and thwart the threats.
Alison: How old were you when you stepped into the operation?
Jennifer: I was young. So, I was in the State Department first, joined in my late 20s, and then a few years later, now people are going to do their math because you have a lot of smart people at DarkOwl. A few years later, the Cold War ended and our mission really changed at the State Department. I had joined thinking I was going to fight international communism through diplomacy, which was, you know, kind of corny, I think people would think today, but that’s how I grew up – a child of the 60s and the space race. And those things really mattered to me. And so the mission changed. I had a great experience, but I thought, hey, I want to do something else. And I wanted to do something a bit, I don’t know, let’s say bold. So I went off and did something that most rational people don’t do, which is join the CIA and become an operations officer. So I was still young at that point.
I spent decades moving around the world to different countries every couple of years, learning a different language, meeting new people, tackling new issues, and then climbing the ladder at the CIA in the operational world to become a chief of station, which is their senior most role in each country, that is responsible for everything CIA does, but also is kind of a coordinator, integrator of everything the broader intelligence community does.
I served in that role four times. As I tell people, it was small, medium, large mega stations all the way through the stack. And then after that last experience, I was invited to take this Digital Tech Deputy Director role by our Director.
Alison: Had any females served in those roles?
Jennifer: It’s a good question because when I joined, there were very, very few women in operations. It had a certain stereotype of who a “successful” officer was, and that stereotype was a very outgoing, extroverted, sociable guy. And there was a reason for that stereotype because that’s what the world was and those were the people who were successful. And somehow I thought, well, I can do that. And all those things I just described, I am not a single one of those things: not a guy, not an extrovert. I’ll phrase it this way, it’s an extreme career. If I wanted to be an astronaut, which I wanted to be when I was a child, or a fighter pilot, or a firefighter, it’s an extreme career, it’s all consuming, and it demands a lot of people. It demands everything of you. It’s full commitment. I thought, you know, I’m going to try that.
The challenge, back to our theme, was that there really were very few women. I didn’t work for a woman directly for, oh, I don’t know, 15 years. And I didn’t really have in my orbit people who would be role models or sponsors or mentors who happened to be women. The good news, in a way, and of course, like any large organization, the CIA has had its issues over the years, but, in some ways, the CIA is the ultimate meritocracy. It is all about outcomes. And so you deliver, and now that’s not to say that there aren’t individual cases where people experience discrimination of one kind or another, because of course, they’re human just like any other place. And so, good is balanced with people who aren’t so great. But more or less, it is a meritocracy and that’s how you kind of succeed. And so luckily for me, I worked for bosses who were keen to just get great results.
If I can just make a little bit of a detour, I’ll share with you. So my first tour, as we call our assignments overseas, my first tour as a case officer with operations, I would say the first year, I really did flail about a little bit trying to figure out how I’m going to do this. Because, again, there was a certain stereotype for how the job was done. And I’ll oversimplify, but it’s, you know, roll into a diplomatic reception, lots of glad handing and, you know, whiskey in one hand and a cigar in the other hand. And, inviting everybody, invite guys out to play golf and late-night drinking. Socially, it was a certain stereotype. And I wasn’t any of those things. And in the country where I was serving, it was not usual for young women to come rolling into a reception alone and chat up men. And so it wasn’t structured for my success and I wasn’t really designed for that. And so I had, at the end of about my first year, I won’t call it a crisis, but a real moment where I had to dig deep and I thought if I’m going to succeed I have to figure out a different way to do this and I’m not ever going to succeed if I play this game by the rules that exist today. I had to – this is going to sound a little strange perhaps – sit back and really analyze who these people were who were succeeding in a traditional model: those who were out in our environment had access to secrets that we really needed to collect for the agency and for our country. And then what were my comparative advantages in this environment? What were the things that I could do that other people couldn’t do? And there were some things. And I had, I’ll say modestly, I had exceptional foreign language skills in this very difficult language. None of the men in my office did. So that gave me a leg up. I had, therefore, a deeper connection to culture and history of that country than others did. I was very good at what we called handling things – our assets, our sources, really maximizing the collection of intelligence, handling the cases well with good tradecraft, securely. There were things that I did well and that I could handle a large volume of work. And so I could just continue – continue to pump out more and more and more and more. And so, I found a way to take those things that I did well and turn them into my special way of doing the job and delivered results. As I was saying, it’s a meritocracy. And so, at the end of that second year, I sat down with my supervisor and we had an annual performance review. He was a great guy, very candid. He said, look, I’m struggling with how I evaluate you. And I said, okay, talk to me about that. And he said, you’re producing a lot, but I don’t see the classic approach and skills being honed. I said, okay, that’s fair enough. But is the challenge to produce or is the challenge to be like everybody else? And to his credit, he said, you’re right. And we had a narrative section, then we had numbers, we scored on various skills. And so he struggled with the scores. He’s like, you know what, you’re right. And he gave me the top numerical score for all those categories because of the delivery. So that’s a really long way of saying that meritocracy did matter. But that’s not to say it was easy, not at all.
Alison: Was there scrutiny over your different approach? Sounds like there was.
Jennifer: There’s a lot. That’s an interesting question, actually, because in the CIA, particularly in the operational world, there’s a lot of autonomy. You are trained, you are vetted, you are trusted to do things appropriately without supervision because the job is alone. You’re out doing your job alone. And so you go out and do your thing, come back and report. You’re expected to report fully and with integrity in detail on everything you’ve done. And so I did not encounter resistance along the way. So it’s really a long way of saying that it’s a really hard job. It’s a really hard job and it takes everything out of you.
I wrote a book review recently. Somebody had written a book about being a woman in the CIA, and I said something about it being a career guided by the goddess Kali, you know, both destruction and creation simultaneously – a job you love, even as it’s basically ripping you apart. And it’s just, all-consuming, and it was. So I will say that’s a long description of the job, but I came up through that world in a career that tracked the development of digital tech and its application to this very specialized, challenging mission.
And so when I, in 2019, was returning from one of these big posts, our largest place overseas, our director invited me to become one of her deputy directors for digital innovation, as you mentioned, which is all the digital tech stuff. So IT, global secure communications, cybersecurity, cyber collection, open source intelligence, data science, artificial intelligence, a bunch of policy and legal stuff and then training and education, et cetera. Lots of other things hanging off of that directorate, but a big job. And her intent in doing that was to bring somebody with a field perspective, a practitioner, to come partner with amazing technologists to serve as a bit of a catalyst. And that was a great experience for me. I hope people who worked with me would say the same. I think it was overall quite successful. But that was my, let’s say, non-traditional path into digital tech.
I wasn’t completely ignorant of it all. I had some background and I’d certainly been on the user end of every new technology that we had created. And by nature of the teams that I led overseas, we were actually right in the mix innovating with technologists to solve tough problems in tough places. And so it gave me, I would say, a complimentary perspective on what we needed to do in digital tech to succeed.
Alison: Do you feel like you garnered more respect in that role because you had already been in an operational role and actually been boots on the ground, as they like to say?
Jennifer: Well, you know fair question – so the CIA is a large organization and like any large organization you have your different tribes and cultures and so coming into digital tech, I would suggest there were probably a few senior officers there, officials who thought that they should be in my job. Right? Why do we need this outsider? And so there was a bit of skepticism. It did help in two different ways, initially it helped in terms of credibility with folks in the operational world and the analytic world – kind of more directly mission facing roles – recruiting spies, producing analysis for the president, doing the things that the CIA was created to do. And so with them, I think it gave me direct credibility. And there was a lot of engagement around what they needed? What were we doing well? What could we do better in the future, etc. So I think that was helpful for what was a relatively new organization at the time, this directorate.
And then over time, and it didn’t take that long, I figured out what my complementary skill set would be to lead that organization and part of it was really all around that connection to mission – the connection to the big “why,” a sense of purpose around what we are here to do and then rallying that organization around a common understanding of what our key challenges were, which were in the form of a particular very aggressive and capable adversary. I think that helped a lot because I didn’t try to pretend that I was going to be the best data scientist or that I was an expert at cybersecurity more so than the CISO, none of that. I always approached those discussions with humility in terms of the technical expertise, but confidence in terms of what I understood we needed to accomplish and I think that balance worked.
Alison: Did that skepticism motivate you or intimidate you?
Jennifer: You know, it did not surprise me. It did not intimidate me. I mean, I’m kind of driven anyways. So I guess motivation? Sure, sure. It pushed me to dig deep and figure out what I was going to do? Again, back to that story from my first assignment last year. What were my strategic or comparative advantages? How was I going to play to my strengths and not focus on trying to polish up any perceived weakness, right? I think a lot of people waste time on weaknesses. Of course, you know, you want continuing education, you want to keep learning, you want to keep developing, all of that’s great. But if I spend all my time thinking about my relative deficiencies in, you know, coding Python, that’s a waste of my time and energy. And that’s not how you win. You win by playing to, I believe, your comparative strengths. And so I cataloged those. I looked across this organization with thousands and thousands and thousands of people and billions of dollars in budget all around the world. And yes, I can say there were a handful of things that I brought that nobody else did. And that’s what I tried to focus on.
Alison: Did you go through the activity of actually writing those down, pen to paper?
Jennifer: I would say it was a mental list in that instance. But over time, sure, I did kind of articulate those things. But I think that does go back to that first, that very first, very difficult assignment with the CIA, doing an impossible job. I mean, most people would consider it an impossible job. And trying to figure out how on earth I was going to succeed if what I had learned in training and the model that I saw all around me was not the model that would work for me. So very much the same approach.
Alison: Well, I love it. That’s a good segue. I’m curious if you were in a room right now with a bunch of high school girls that wanted to go into cybersecurity or more specifically into the CIA, it sounds like one piece of advice would be to figure out your comparative advantages, potentially. What else would you share in terms of advice?
Jennifer: It’s a good question. I actually had the opportunity a few months back. I spoke at an unusual cybersecurity conference and unusual in the sense that it was at a university and they invited a really large number of high school seniors to come explore careers in cybersecurity. And what I would try to tell people is to spend a little time and think about the broader issues at play in cybersecurity. There could be those who just like the technical challenge and that’s fantastic, right? I love that. That only takes you so far. And I think going back to something I’ve already said, figuring out what you want to accomplish in life. I don’t mean you have to know everything when you’re 18 years old, not that, but what matters to you? What’s important? How do you find a sense of purpose in what you do? Because of course you need a job, and of course you want to be paid for that job, but the thing that keeps you coming back every day, I mean it is work and there can be bad days and good days. There’s going to be challenges. The thing that keeps you coming back is if you are connected to some broader purpose. In my corny example, I really did grow up in a family where we valued service to our country, where we thought it was important to defend the United States, where you wanted to fight communism, all that kind of stuff. And without over-dramatizing it, there is a similar dynamic at play today between digital tech in open societies and digital tech in digital authoritarian countries. And there’s this whole competition playing out that is going to determine the future of humanity. And if one can stop for a moment and just think about that, most people, I think, in the United States would think: “oh, yeah, I can really get behind that”. That’s really important. I need to defend. If you’re interested in cybersecurity, fantastic. Then you’re on the front lines of that battle.
And so I would encourage people to think about what that purpose might be. I would encourage young people, women, young girls, to be a little bold. Be unconventional. Don’t worry. Of course, I grew up like every other teenage girl that wanted to be like other people. But if I look back, the people, the heroes, the heroines who really resonated with me were completely unconventional. They were bold, resilient, a little audacious, maybe a little controversial even. And those were the people, those were the women I thought about.
So if anybody’s looking for great books that they didn’t read when they were at school, one of them that really stayed with me was “West with the Night” by Beryl Markham. And Beryl Markham was the first person to fly westward across the Atlantic successfully. A lot of people tried and some had died in the process. Everyone thinks of Amelia Earhart, very intrepid, intelligent, compelling figure and she flew across the Atlantic East right, but West is much harder much, much harder. Earhart had had a team but Beryl Markham did it alone and westward and she was the first ever and she wrote about it in this book – that I should go back and read – but what I remember of it was just so compelling and I just thought man, what a badass, right? And something in me clicked. I’m like, yeah, you know, that’s what I want. That’s what I want. I didn’t end up doing that, but in my own way, I landed in a career that was unconventional and a little bold and on days maybe even a little bit dangerous.
And I would just challenge young women in a society that wants to cocoon them in bubble wrap to just take some chances and be bold and try something that you think might make you nervous, might be hard. That’s okay. Just get out there and do it.
Alison: I think that’s great advice for high school seniors that are contemplating what they want to be when they grow up, or at least where do I want to put some of my energy? Do you think organizations should encourage more participation from non-traditional groups?
Jennifer: I think there are a lot of things that can be done. And the CIA, for whatever its reputation may be, and we’re a democracy, people are going to have different views on it, and that’s fine. There are a lot of people in the United States who might not say that they support an intelligence service. It’s just a reality of the world that every country has one, and you need to know what your adversaries are trying to do to you. So there may be people out there who think they don’t really like the idea of an intelligence service and that’s okay. But I will say that despite the reputation, it is mostly about merit. And I started at a time when there were very, very few women. And then fast forward, and when I became Deputy Director for Digital Innovation, without going down a rabbit hole here, there are five directorates. Each one is headed by a deputy director. The five deputy directors basically run the CIA, and then you have a director. And so when I became deputy director of digital innovation, all five directorates were headed by women and the director was a woman. In fact, six of the top eight positions in the CIA were women.
And so, you know, it didn’t take me long to just pause and think, you know what? Wow, things change. Things can change. They do change. And I’ve always felt it’s my responsibility to, if I walked through a door, I need to keep it open and help others. But I never felt it was my job to give somebody a particular advantage. I wanted people to have the opportunity to compete.
And so a couple things I’m going to say about that. I saw moments when I felt that there should have been more women in, say, some group of leadership positions. And I was also in a position years ago where I oversaw selections for key leadership positions and found myself very disappointed a few times by how few women put themselves out there for the roles. And it’s a bit of a stereotype, I understand this, but it seems to hold true. If I have a job vacancy that says you must have these 10 skills and a man has two and a woman has eight, the woman won’t apply and the man will. And I know that’s a stereotype and I’m generalizing, but there’s something to that.
So I had to do the selection of some of the most coveted senior leadership roles and I was heading a panel to do so. I was in charge of that entire process. And one year, the deadline was passed and all the applications were in. And I looked around, I thought, wait a second, we have 10% of the applications for women for these key roles that are catalysts for something more in the future that are great jobs and they give you a leg up, right? And so the next year, when the same process came around, like I said, I never wanted to give anyone special advantage, it’s not about that, but I did start calling a bunch of people and just saying, did you see these vacancies? Have you ever thought of yourself as, in this case, a chief of station? Have you ever thought about applying? And by the way, I’m not calling to tell you that you would get a job. I’m just telling you that I’d love to see your name on the list. And just trying to encourage people to apply, it really does make a difference. It can make a big difference.
The other two things I will say, we did really, really well, as I used to put it, as an organization that represents the United States. I would love our organization to be representative of the United States. But, you know, we’re in digital tech, so we have to also deal with demographics in the US. What percentage of college graduates with technical degrees are, you know, various demographics? And we were very careful not to measure and hire by any of those demographics because you can’t in government. It’s not lawful. But I wanted to make sure that the pipeline had a really rich representation. And so, honestly giving applicants the opportunity in the interviews, in the recruiting fairs, and all of that to actually see that diversity in action, to see a group of recruiters who look like America, that actually made a difference. There’s a psychology in that where people walk into a room, it’s a job fair, and you come to a table and you’ve got say five or six people, and you look across the five or six people and you’re like, oh, I do kind of fit here. Right? That has an impact.
The other thing I will say though, because I’ve always had a bit of a difficult relationship with what we used to call agency resource groups, the groups representing the interests of certain demographics. And lots of large organizations have these. So maybe it may be based on a gender issue or race or something else. And at the same time, I always felt, like I said before, I wanted to open the door behind me and bring people. And so I had many opportunities to serve, as what we used to call, executive champion for these organizations. People would ask me, would you please serve as executive champion for this resource group? And I did. I served as an executive champion for three particular resource groups. I had the same conversation each time, which was that, you know, I’d love to, but I just have two requests. First is that whatever programming you offer, you know, if it’s a seminar or it’s a webinar or if it’s a job, it’s a career fair, whatever it is, it needs to be open to everyone in the organization and needs to uplift everyone.
And then two is, I will never say or do or tolerate, in any session, somebody suggesting that people in this group are victims in any way. I just don’t think that’s productive. And I said, if that’s okay with you, then I’m all in. I’ll do everything I can. And it was. So, and I know that may sound a little tough, but just growing up in CIA early in my career, of course there were women’s groups, it didn’t have the positive impact that I would have hoped and I was glad to see over the years that changed and it was really about providing resources and uplifting everyone. So I’ve always had this slightly, not difficult, but nuanced relationship with those efforts. And for me, what worked best was to try to uplift everyone, ensure that the programming was for everyone and to avoid falling into a pit where discussions were around how, all the different ways that I’m a victim as a woman.
Alison: That resonates with me too, because I feel like I’m oftentimes the only female in the room when we have external meetings. The other day I looked around and it was seven guys and me. And I always, I always want the opportunity to be in that room, but I 100% want to be in that room because I’m qualified, not just because I am the token female.
Jennifer: I had lots of unique experiences like that. Most of my career, I was the only woman in the room and one of my last assignments as a chief of station was in a country with a military junta so everyone was a general. They were all men. And in the 75 years that the CIA had a presence there, there had never been a woman in the role. And so it was just a fun experience for me. I just took it as my own challenge to convince them through my own actions and professionalism that, hey, guess what? A woman can do this. And by the way, when I leave, you’re gonna think that I’m better than any of them were. That was my goal.
Alison: Any final thoughts, closing remarks, tying back to Women’s Equality Day or words of wisdom or even a fun story? Because I know you’re full of them.
Jennifer: Oh, no, I don’t want to bore people with more stories. I just think for anyone who’s considering cybersecurity, if we want to go back to that in particular, I just think it’s a fantastic time, right? Because A, there’s such a need, and B, there’s so many different pathways to cybersecurity. And yes, there’s a more traditional one where I’m going to go to university, I’m going to get a degree in a relevant field, and then I’m going to study and get a certification. That’s great. Fantastic. And that’s today the typical way, and it’s a really wonderful one. I also know people who’ve come through many other different paths. So one of my friends who’s quite well known in cybersecurity circles has her own company. She came up through the intelligence world, working on insider threat issues and then built her own company and built her own skills. And I’m sort of in a perpetual state of self-education on all of these issues and I try my best. My sweet spot is sort of cyber security for the C-suite, so not the deeply technical piece, but really thinking about the strategy and the rest of it. But there’s so much out there, there’s so much opportunity. I would suggest for anyone who’s really interested, I guarantee wherever you are today, you can map a path. And it can be through self-study, it can be through online certifications, it can be through a traditional education process, it could be on the job training, it could be lots of different things. And maybe if I’m thinking about the future and building a really successful cybersecurity career for the future, somebody is eager to do that, I would invest a little extra time to develop some level of data fluency, to really start thinking about what is coming, it’s already here in some respects, but what’s coming is really that confluence of data science and cybersecurity, where the two are gonna have to be working hand in hand. And the people who will have the superpowers in the not-differentiated future and who’ll be leading in this field are gonna be those who understand data, AI, and cybersecurity. That’s the sweet spot, I think, for the future where women, men, anyone can really carve out an exciting and successful career.