Defining workplace diversity can be a Rorschach test with definitions colored by gender, ethnicity and cultural biases. That’s what gives Nandita Rao Narla, head of technical privacy and governance at DoorDash a refreshing perspective on not just women in IT security and privacy, but also diversity.
Her work at DoorDash includes leading the privacy, governance, assurance and operations teams. Her challenge is to fuse privacy into all products, services and initiatives.
Narla is being recognized by SC Media for her contributions to the larger IT privacy and security community. The list of accolades and number special interest groups she lends her voice to cannot be overstated. And for this, a panel of her peers identified Narla as a vital voice of advocacy for IT privacy and security, part of the 2023 Women in IT Security honorees program.
For Narla, defining privacy goes beyond the pedestrian definition that often stops at protecting personal identifiable information (PII). “My focus on privacy engineering includes making sure that we respect every user’s privacy not just some,” she said. “It helps to have a diverse perspective. And the prism which I see privacy as is a women immigrant and non-native English speaker.”
She is credited for being a humble behind-the-scenes power player elevating privacy issues tied to computer vision, identity access management, artificial intelligence and voice-user interfaces.
“If you look around the room and you are the only person who looks different, you may be the only one seeing the problem differently,” she said. She speaks up regularly on privacy issues such as the Transportation Security Administration push to expand its facial recognition program, machine learning and efforts such as the National Institute of Standards and Technology proposed business privacy framework.
“When you're building any technology, let's say a facial recognition platform for airports, the people who are building them are not always thinking about how refugees or minorities will be able to opt out,” she said. “If you have a diverse workforce building these products and doing the privacy and security evaluations then more privacy-first architecture will be foundational to the framework of the system design.”
While her focus is on privacy threat modeling, which entails analyzing and securing the flow of PII through systems and identifying weaknesses and weighing the likelihood of a privacy breach, Narla is a fierce advocate for diversity inside and outside her company.
Beyond her current fulltime role, Narla is a mentor for early career women via multiple mentorship programs affiliated with Carnegie Mellon, Women in Security and Privacy and Women in Privacy. Over the past six years she mentored over 70 women and minority early-career mentees.
With the support of her current employer, she has established a six-month-long privacy analyst program that cracks open the door to the privacy threat modeling world to junior staff. In its third year, participants upskill and earn a certificate in privacy threat modeling.
“It shouldn’t come as a big surprise to anyone that it is more challenging for women and people of diverse populations to pivot in their career to cybersecurity or privacy and find equal footing,” she said.
Narla is unique in that she does not just talk about leveling the playing field but is actively engineering change from within.