The AES Corporation owns and operates global sustainable energy and thermal and renewable facilities, expanding over four continents and 14 countries with more than 9,000 employees worldwide. As director of the Global Cybersecurity Program, Melody Balcet reports to the AES's Global Chief Information Security Officer to provide oversight of the company's global cybersecurity program.
At AES, she faces different challenges on a daily basis. She enjoys the blurred lines of reporting structure, responsibility and domain shared across her team and space. Traditionally, AES Corporation has in some ways operated much like a holding company, with responsibility shared across the globe; however, the company is undergoing some changes due to new technologies being introduced and renewable energy becoming the lowest cost energy source. As a result, Balcet's team is learning how to operate in a more centralized or federated model, especially in the IT and cybersecurity departments that have recently combined as one digital organization. Balcet is responsible for aligning the right people to ensure advantageous decisions are made to protect AES and its global operations when it comes to cybersecurity.
Balcet’s career path has taken different paths. She recalls finalizing school, with an International Studies degree and feeling uncertain of the path her degree would take her on. Working in and out of IT roles and getting her master's degree along the way finally led her to enterprise security, by joining a Network Operations Security Center (NOSC) for the Department of Veterans Affairs, which exposed her to the world of cybersecurity.
After that, she worked at IBM’s Public Sector Cybersecurity and Biometrics services area moving up the chain to serve as one of the eight leaders of the nearly 300-person organization. Balcet wore many different hats in support of various client engagements to include Chief Security Officer, Information Assurance Lead and as a Lead and Advisor on the Federal Information Security Modernization Act to the Department of Defense (DoD) CIO for Cybersecurity.
Throughout the myriad different roles she has taken on, she has performed vulnerability scanning and management to incident response to application security to managing and overseeing large security programs on behalf of the U.S. government.
Changes or No Changes?
As she has stepped into larger leadership roles, Balcet agrees there have been many changes in cybersecurity, but just as many have stayed the same.
She quotes maturity and understanding cybersecurity risk as a discipline area that continues to progress. “The conversation has evolved over the years; ultimately it is our job to help business leaders understand what cybersecurity risks the organization faces, which varies by organization. Not every organization goes through the same journey.”
One of the topics she discusses frequently with her peers is, while the threat continues to evolve and change, the tactics and defenses remain largely unchanged. The conversation needs to focus on, “What actions can be taken that will most effectively reduce the risk organizations face? Many professionals reinforce the need to focus on the basics and cyber hygiene. We were saying the same thing ten years ago,” she says.
She challenges herself to go deeper. It’s not a matter of just having cybersecurity hygiene, she notes. “When you are having a discussion with decision makers who are not experts on cybersecurity, words can sometimes fall flat. The mission of the organization can be impacted. Bridging the tactical discussion with the strategic is something organizations can improve on,” she says.
One issue that also needs discussion is how to further educate the cybersecurity workforce. Balcet sees this as an inter-disciplinary field. “There is a lot of needed focus on STEM education. But there exist many domains within cybersecurity that require more than just a scientific or technical degree. Coming from a liberal arts background myself, I understand how critical it is to have analytical skills for cybersecurity roles.”
She echoes many of her colleagues that discuss workforce challenges. It needs to start at a much younger age, she states. “There is a gap in understanding the types of careers that cybersecurity can encompass, the types of skills needed and the training that would appeal to a greater audience. One of the easiest things we can help resolve as leaders and as society is to help prepare the workforce.”
Minding the Gap
Balcet is passionate about reversing the lack of female leaders in the cybersecurity world. She sees the gap as a great opportunity to address the cyber skills shortage. “There lies a great opportunity to address the cyber skills shortage we are facing and will face just by targeting women,” she notes.
The value placed on employees, the tone set by the leadership and culture within the organization, she says, "are critical for women to succeed in the industry. Getting women in the industry means tackling some cultural norms head on. That can be challenging for many organizations, especially when it comes to cultural and managerial change as a whole.”
She is part of many organizations that are trying to solve the gap, including ISACA and SheLeadsTech™. Recently, Balcet finished her term as President of the ISACA Greater Washington, D.C. Chapter and presently serves as its Immediate Past President.
Diversity is another way to tackle the cyber skills gap, she believes. “Whether it’s gender, training, education, ethnicity or diversity of thought…They are all critical for obtaining a more balanced perspective on our customers, clients and stakeholders as a whole.”
Personally, Balcet tries to look beyond the resume when recruiting people for her team. She strongly believes in having the appropriate core skills for the position, but she advocates for having skills outside the limits of paper. “I look for cohesion within the existing team. It is important for the team to feel comfortable with the new person entering our space and vice-versa.”
She wants individuals who bring something new to the table, a skill that her team currently lacks or there is a need for. Two other questions to take into consideration are where the candidate can help accelerate progress in challenges that the team faces.
Balcet believes in mentorship as an opportunity to give back to the industry. “I never really thought too much about being a woman in this field. I just persisted and blended in where I could, but as the years have gone by and now raising two young daughters, I have better awareness and understanding of the challenges women face in the workplace. Being in a position where I know I can influence, I feel more compelled to and feel more responsibility to consciously advocate for diversity to help both my male and female peers.”