Monday - Friday9AM - 5PM
Located inNew Jersey
Visit our social pages
HomePortfolio

Portfolio

Bring to the table win-win survival strategies to ensure proactive domination. At the end of the day, going forward, a new normal that has evolved from generation X is on the runway heading towards a streamlined cloud solution.
https://gatebreachers.org/wp-content/uploads/2021/01/No-picture.png

What do you do on a day to day basis?

I am an android developer intern and a full time student.

 

What attracted you to information security?

Two courses that I took in undergrad related to info sec.

 

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I am currently getting a degree that specializes in info sec and assurance. I don’t think they are necessary though, security is more about hands on practice and the hacker mindset, according to me. That can be achieved through personal projects too, not necessarily a degree.

 

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

My career is just getting started. My biggest challenge right now is getting my foot in the door.

 

How do you achieve a work life balance to avoid burnout?

I dedicate time for social life and myself every week. Being the organized person that I am, I map everything out on my calendar and make sure that I have some room left to breathe in it.

 

What is some advice that you would like provide to girls participating in STEM?

I’d advise them to take on opportunities outside of school work, be it personal projects or hackathons, etc to get more exposure and learn from experience and not just a book.

 

What resources do you recommend for women who are interested in breaking into your specialty area?

The wonderful world of internet. There are a lot of resources available online that are one google search away. I recently found out that the info sec community is actually very active on twitter. Following reliable sources introduces you to the quality content they post online.

https://gatebreachers.org/wp-content/uploads/2021/01/New-Project-1.png

What do you do on a day to day basis?

I am a cyber security analyst and student from Evolve Security Academy where I conduct vulnerability and network assessments for a local non-profit.  I also steer marketing initiatives at CyberSecurity Non-Profit, a national, chapter-based cyber security awareness and education company where we run events, hackathons, and networking opportunities.

 

What attracted you to information security?

I have always been interested in technology and got only seriously involved in cyber security after working directly with privacy, data management and compliance teams closely on email campaigns. It was around that time that the Facebook and Cambridge Analytica scandal came out and I started to read up various articles related to data collection and privacy. A few articles turned into a rabbit hole and eventually I was watching ethical hackers on YouTube and did a intro into ethical hacking course on Udemy! Once I learned how to do a ‘ping’ command, I knew I was hooked and wanted to get deeper into cyber security.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I have a Bachelor’s of Science in Business Management and Marketing but I am working towards my Security+ certification. I’ve been advised that the Security+ is a entry-level cert that showcases a serious interest in cyber security and strong foundational knowledge. I don’t think it’s necessary but since my background isn’t technical, I believe it will help me in the future.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

One of my biggest challenges wasn’t in cyber security (not just yet) but in my past marketing experience where I was responsible for managing a new enterprise feature. The project took 2 years to develop and we were at the final push. My project leader and I had to collect large amounts of data source codes that was becoming a huge challenge to manage. In order to make things easier for both of us, we decided to readjust the way we managed data by rethinking which  data source codes would work or be enabled in the new feature. Through working with our developers who sketched out a new POC and also conducting weekly 15 minute meetings with key stakeholders from the teams that I worked with, we were able to streamline and cut down the amount of source codes and also adjust our timelines better.

How do you achieve a work life balance to avoid burnout?

I don’t think there’s a ‘magic bullet’ to this but rather knowing your boundaries and being able to speak up but  kindly. Informing my colleagues when things are due and what you expect from them and at the same time enforcing transparency usually in my experience alleviates passive-aggressive behavior and back-biting. I also journal or write a recap at the end of the week of things I’ve worked on and what are a few important things to knock out the following week. This helps with focus and avoiding burnout since I’d try to stick by that journal as much as possible. Also, a weekend trip or maybe a vacation after a few months (in my case, twice a year) wouldn’t hurt!

What is some advice that you would like provide to girls participating in STEM?

Girls should definitely feel empowered to explore STEM. There’s tons of free resources and communities that are driven to help girls succeed. In addition, girls should not neglect exploring the ‘social sciences’ since human behavior and psychology is equally as important when it comes to creating new products i.e. product design and thinking of creative ways to exploit user behavior and databases in hacking.

What resources do you recommend for women who are interested in breaking into your specialty area?

Freecodecamp, Khan Academy, Udemy, Linux Academy, Peerlyst, Vulnhub, Daniel Miessler’s blog and the amazing world of YouTube! Outside of the digital realm, getting involved in a cybersecurity group (ahem, CyberSecurity Non-profit!) which is geared towards building community is always a good start. Other associations like WoSec, WiCyS or ISACA are also great if you’d like national and international contacts to network with.

 

https://gatebreachers.org/wp-content/uploads/2021/01/New-Project-4.png

What do you do on a day to day basis?

My day to day… is different every day!  I’m still a student, so I go to classes like everybody else.  But after the homework is done, I usually work on personal projects that are infosec related.  This summer, I was interested in database server security so I spent a weekend or two writing vulnerable webpages and working my way from SQL injection through a database server all the way to command execution on the server. I also work through CTF challenges or play around on HackTheBox in my spare time. I’ve been part of my university’s Mid-Atlantic Collegiate Cyber Defense Competition team for the last three years and captain for the last two years.  During competition season my focus shifts to learning windows incident response and active directory security and leading the team!

 

What attracted you to information security?

I was attracted to information security by the fact that the field is always changing, so I’ll be learning new and cool things for the rest of my career.  I’ve been a huge nerd my whole life, sooo… it’s a good fit!

 

Do you have a degree and/or certifications?

I don’t have a degree yet!  I’m a senior studying Computer Science with a “cognate” (basically half a minor) in Cyber Security.  I don’t have any certifications right now, but I plan to work towards certifications after I graduate to help keep my skills sharp!

 

Do you think that they are necessary to work in information security?

I don’t think that a degree in computer science or a related field is required to work in information security.  If you have enough passion to learn things yourself and are able to convey that to a potential employer, then you should be fine!  In some companies, you may start with a lower salary without a degree, but you can work your way up!  Certifications aren’t required for most positions, but they can help you demonstrate your level of knowledge and commitment to the field.  Some of the most technically competent infosec professionals either do not have degrees or have degrees in a different field of study.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

One of the biggest challenges I face in the workplace is knowing when to ask questions.  I’m a pretty persistent person, so it’s easy for me to work on a problem for two or three days when I could ask someone and get the problem resolved in a couple of hours.  Finding the balance between feeling like I’m always asking questions and trying everything I can think of is something I’m still working on!

 

How do you achieve a work life balance to avoid burnout?

I set aside time for hobbies and activities completely unrelated to infosec or cyber security.  I love reading, so sometimes I take an afternoon to read a cool new book instead of working on homework or personal projects.  One thing I’ve learned is that you don’t have to work on something with 100% of your free time to “prove” your passion for it.  It’s ok to take breaks, breathe, and enjoy other parts of your life!

What is some advice that you would like provide to girls participating in STEM?

Community is incredibly important for in the quickly evolving field of information security! Getting involved in a group of like-minded peers can help you grow your technical skills and maintain your interest! You should never feel obligated to change yourself, personality or otherwise, to fit in with a group of peers.  If you feel that you have to change to fit in or be accepted, odds are that they aren’t a super healthy group of people and you don’t want to spend time with them anyway.  Instead, go build a group of friends for yourself who will support you and accept you for who you are!

Also, it’s totally ok to be the only girl, don’t let that scare you away. You will bring valuable insights and perspective

 

What resources do you recommend for women who are interested in breaking into your specialty area?

I don’t have much of a specialty area, but here are my favorite resources.

For learning python or other programming languages:

https://www.codecademy.com/catalog/subject/all

https://www.codewars.com/

For learning the Linux command line in a CTF-like challenge-based manner:

https://overthewire.org/wargames/bandit/

For learning how to hack all the things:

https://www.hackthebox.eu/ and https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

https://www.vulnhub.com/

https://metasploit.help.rapid7.com/docs/metasploitable-2

 

https://gatebreachers.org/wp-content/uploads/2021/01/No-picture.png

What do you do on a day to day basis?

Background on me:  I run the Cyber Threat Intelligence Program for the Walt Disney Company.  This isn’t just for Disney, but all our business segments:  Lucas, Pixar, Marvel, National Geographic, ESPN, A&E, ABC, and most recently acquired, 21st Century Fox.

My job is to identify cyber threats to the company across a myriad of industry verticals.  We have Media & Entertainment, Cruise Lines, Retail, Publishing… you name it we have it.

The first part of my day is spend reading a variety of daily intel reports from at least 40 sources (I can read very fast and after years of experience I know what to look for).  The sources include private business reports from Federal and state agencies; Some others ArsTechnica, SC Magazine, Malwarebytes, Sophos, ThreatPost, and Crowdstrike, just to name a few.  Then I head over to Twitter.  I’m there several times a day looking for “breaking” cyber news.

Anything like a major data breach, significant ransomware attack, any significant industry attack, like GPS spoofing for example that could affect our cruise lines, or vulnerability such as Meltdown/Spectre, I write up an advisory to leadership and our trusted security partners across the Company.  Afterwards, I work with our Anomaly (hunters) and Enhanced Detection teams to make sure we have the right alerting or other mitigations strategies in place to detect/prevent the same thing from happening to us.

Collaboration is an important part of my job.  I’m very involved in several security Slack channels where members share cyber threat intel and other incident related information on a regular basis.  “Street Creds” are important so get involved and in time, you will become trusted confidants to receive some of that type of information.

 

What attracted you to information security? 

I actually fell into it by chance.  I was working at an engineering firm as a temp doing some accounting and admin type work.  After the person I was filling in for came back from an extended leave of absence, my contract was over.  I like the company and they liked me so they hunted around for another position and the only one available was in IT.  The IT department was very small, so I was into everything.  I knew nothing about computers or security, but they started to teach me and I quickly realized this is the field I want to be in.  What really got me interested in security were two incidents that occurred very close together.

  • We got hit with the Anna Kournikova virus. It infected the entire company, from what I remember.  So I was asked to clean it up.  No one at the company had dealt with anything like this, so I really took the bull by the horns and remediated the damage and then worked to keep it from happening again…  e. starting with anti-virus on all the machines (gasp!)
  • We started running out of disk space on our servers at a rapid pace. We kept adding more and more storage as we assumed that being an engineering firm and working with CAD drawings that we knew took up huge amounts of space, we did not assume anything nefarious was going on.  Well, I eventually ran out of $$ in the budget, so I decided to look into it further.  Again, no one had dealt with this before, so I ran with it.  I discovered rather quickly, that someone or group of people were using our servers to store music, movies, etc.  After that was eradicated, I sought to find out how to keep that from happening as well.  Decided on a firewall.  This was back in 2000 and I don’t know if that is a valid excuse or not. 😊

 

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?  I have an MCSA, Security+, CEH, and CISM.  I have a Bachelor’s Degree in Computer Science.

I’m on the fence about certs.  If you are just starting your career, I look at it like you are wanting to know more about security, so you studied and passed an exam.  If you are further along in your career, I don’t think certs matter.  Can it get you in the door?  Absolutely… especially on the gov’t contractor side of the house.  They are often mandatory.

Same for degrees.  I think we all know people that have no degree and they are amazing and would hire them over a person with a ton of certs.  I read an article that shows major employers are not requiring college degrees for their staff.  I think that’s a great thing.

 

What are some of the biggest challenges that you have faced in your career and how did you overcome them? 

There are a ton of them!  I think one of the biggest for me, that I don’t really have control over and that is being married to an active duty service member.  That involves a lot of moving from duty station to duty station every one to two years and having to change jobs and start off at the bottom each time for the most part.  There are also challenges in finding work, since a lot of companies don’t want to hire military spouses because we aren’t going to be a long-term staff member.  Whenever that was brought up to me or suspected that is a reason that I may not be considered for a slot, I would say “Would you rather have a go-getter, hard worker, hit the ground running kind of person for two years or have a mediocre employee that does the bare minimum for 25 years?”  It seemed to help sway the hiring people most of the time.

 

How do you achieve a work life balance to avoid burnout? 

This is really difficult because I can confidently say I love my job.  I love what I do and would do it outside of the office even if I weren’t in the field.  Currently my leadership is very cognizant of burnout, and regularly encourages us to pay attention to signs of burnout.  Since I’m part of the Incident Response Team, we all know that we can’t just put an active security incident on hold until the next day, so we compensate for long days with a day off later or leaving early on a Friday or something.  In fact, this week, I took 3 work days off and went to a spa retreat with my sister.  I didn’t even look at my phone.  The first day was super hard.  It got easier pretty fast.  It helps to recharge your batteries.  My goal is to have zero vacation hours at the end of the calendar year or at least close.  So I monitor it every month.  This shows that I took the right amount of time off for myself.

 

What is some advice that you would like provide to girls participating in STEM? 

I would say a couple of things:  don’t let anyone tell you that you can’t do something or you won’t be able to figure something out.  You are just as fully capable as anyone else in this industry.  Right now there is a lack of diversity in our industry.  Hopefully, by the time you get into the work force, these numbers will have shifted.

This is a very small field.  Everyone knows everyone or knows someone that knows them.  If you are a jerk, that reputation will follow you your entire career.  Don’t be that person.

From a career perspective, I would recommend being very careful of what you post on social media.  It can make or break a career opportunity and will be out there in cyberspace forever.  Employers will almost always check that out before even calling you for an interview.

 

What resources do you recommend for women who are interested in breaking into your specialty area?  Get plugged into women in tech/security type groups like Girls Who Code, Cyberjutsu, WISP.  Get yourself a mentor.  Don’t be afraid to ask someone you look up to.

If they are too busy or cannot for some reason, ask if they can recommend someone that might.  If you show enough passion and excitement for cyber security / cyber intel, I bet you’ll be able to latch onto a good one.

Attend security conferences.  There are a few free ones and those that don’t often have scholarships for those who cannot afford it.

Volunteer if you cannot land a position.  Churches, non-profits, and others often have opportunities available to help them with security or computer-related jobs.  This is a great way to get into the field if you don’t have direct experience.  Plus it makes you feel good 😊

 

 

https://gatebreachers.org/wp-content/uploads/2021/01/No-picture.png

What do you do on a day to day basis?

I like to use the term, herding cats. I make sure analysts and administrators are abiding by policies and procedures.

I also put out lots of dumpster fires on a daily basis.

Change is my middle name at this point.

What attracted you to information security?

I have always been curious, much to my mother’s dismay (she still hates that I go through her mail when I visit). I was working a Health Information position in Release of Information which follows more along the lines of Privacy. I started getting curious about who had access to what and how is it authorized. It wasn’t until I went to a conference for Health Information Managers that I discovered that there is an entire world of Access and Authorization under Information Security. I was hooked ever since.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I am actually working on my Bachelor of Science, Business – Information Technology Management degree and I have the Certified Access Management Specialist credential from the Identity Management Institute. I also have several certifications from the electronic health record vendor Epic for Security and Access.

Do I think they are necessary? No. I got into the field without college or certifications. My certifications were something I wanted for myself, and I found a degree that fits me perfectly through WGU. I know this question is a hot topic with anybody in InfoSec. My advice is to find a hiring manager that will take a chance on you. If you cannot afford certifications or college, just keep trying because a manager will recognize you as a person and not as a statistic from HR.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

Some of my biggest challenges are being heard and recognized as a contributor. I am a consultant now and for example, I had an issue today where I pointed out a HUGE risk that our security team was skipping over. They ignored me and said it wasn’t that important. I feel like I’m constantly shouting into the void. It’s frustrating, and somedays I just want to throw my hat in. I found out all I can do at this point is report the risks I find, save a copy for future reference, let the pieces fall where they may. It seems to be working out so far (ask me in another month).

How do you achieve a work life balance to avoid burnout?

I work from home, so some days it’s plenty hard to step away from my desk especially when you can hear your computer making noises while you are trying to make lunch. I keep myself on a time limit, once my 8 hours are done I shut everything off (including my speakers) and walk away from the computer. I’ve been in an InfoSec position that had required me to be on-call, so you can imagine it’s pretty hard to keep work and personal life separate at that point (people paging you at 3 am because they need their access and they need it NOW [but they don’t]). My advice for those that are on-call: Take the call, do the fixes (if any), find something to punch or kick (a rolled up towel works just fine), and proceed to take out your frustrations in private. After you have sufficiently de-stressed, continue with your personal life. If you are in public, vigorously washing your hands in a restroom while muttering nonsense works well.

What is some advice that you would like provide to girls participating in STEM?

Be curious, stay curious. Always stay on the pursuit for knowledge, no matter what others try to convince you.

What resources do you recommend for women who are interested in breaking into your specialty area?

My specialty area is Identity & Access Management or Identity Governance with a dash of HealthIT shoved in there.

My recommendations for staying up to date with Identity & Access Management or Identity Governance are these:

  1. Become a member of the Identity Management Institute and subscribe to their newsletter.
  2. Join the Discord group: DIDecentral (The person who manages this page is a godsend for LOADS of IAM knowledge.)
  3. If you don’t have a Twitter, get a Twitter and follow everyone on my IdentityMates group.

 

https://gatebreachers.org/wp-content/uploads/2021/01/No-picture.png

What do you do on a day to day basis?

I typically am reviewing policies, providing some type of security advise to the DevOps team or putting out some type of fire in the form of a vendor questionnaire or a client questionnaire.

What attracted you to information security?

Honestly, I think I just fated to be in this field. I didn’t intend to be in the field but a recruiter found me and I was hired. What keeps me in InfoSec is the fact that I love what I do. I love solving problems, talking to various people and learning about different projects.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I have a Master’s in Cybersecurity, ISO 27001 Lead Implementer and CISM. I think the certs are necessary for you to advance and sometimes for you to get in the door. The degree is not as important but you will be asked if you have a computer science background. I think it’s easier to have the degree and certs because the learning curve is shortened.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

I think my age and being a women have been challenges. Being in a male dominated room and fighting to have my voice heard. I also appear younger than my actual age, that causes a lot of people to think that I’m an intern. It’s a bit amusing when they see me and see that I’m actually the ISO managing the internal security of the entire company.

How do you achieve a work life balance to avoid burnout?

I typically don’t look at my work computer or my work phone after 5:30 pm. It’s well known that I don’t answer emails or calls unless it’s an incident or a disaster. It can wait until the morning. I also workout, I meditate and I like to decompress daily. I usually decompress by watching trash reality tv or anime. 🙂

What is some advice that you would like provide to girls participating in STEM?

I think you have to be strong but also keep the parts of you that make you, you. Be prepared for people to question what you say simply because it’s coming from you. Don’t internalize stressful situations and allow those things to change who you are. Take some you time, no job is worth your sanity or health.

What resources do you recommend for women who are interested in breaking into your specialty area?

I recommend Cybrary.it for learning. Cyberseek.org pathways for understanding the different cyber jobs and roles. It’s interactive and you can play with the different pathways. I also recommend you edx.org and Udemy.

https://gatebreachers.org/wp-content/uploads/2021/01/New-Project-2.png

What do you do on a day to day basis?

I am a Cyber Threat Intelligence Analyst. I collect information about cyber threats that are happening around the world, in the surface, deep, and dark web (criminal underground), and report it to my organization. I currently work for IntSights, a provider of cyber intelligence. We serve our customers real-time intelligence about how threat actors are targeting their organizations.

What attracted you to information security?

I left the US Army and the National Security Agency to move home to Dallas, Texas. When I arrived home, I realized the best way for me to use my experience as an intelligence analyst and Chinese Linguist is to apply it to cyber threats. Everyday there is a new threat, a new vulnerability, hack, tactic, or breach to analyze. Hackers are people too, so everyday is a new challenge. Some days it feels like a puzzle or a game, but we are dealing with real-life scenarios that cost companies and people a lot of money. This is what draws me to info sec–the challenge and the opportunity to serve others and protect them.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I have a Bachelors degree in International Studies and an Associates degree in Mandarin Chinese. In the past, I had taken Security+ and SANS Cyber Threat Intelligence courses (FOR578). I also have many Linguistic certs through the military.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

I have found that when you pursue what you love and you are good at it, you will become successful. When you become successful, there will be people around you that will try to hold you back (aka haters). Not everyone will be happy about your success and your achievements, and that is okay. I have overcome those sitations by focusing on what makes me happy, what helps me succeed, helps my company succeed, and I help others find what they love to do and what they are good at. I stay focused on my goals and don’t mind the people that try to tell me I’m not worthy of great opportunities. Personally, I have had to ignore the unnecessary criticism, and even leave negative job environments to pursue my dreams. I wish everyone well, but I cannot operate in an environment where people want to see me fail. Most often, it’s not personal–those people are just unhappy.

How do you achieve a work life balance to avoid burnout?

This is a constant struggle. I love what I do, but too much of one thing is never good. In order to avoid burnout, I have to plan self-care time into my schedule. Whether its a strict workout schedule, walking my dogs every morning, or planning a weekly movie night with my children, its worth it. We all need to switch to play mode to reduce stress. One of my favorite things is to schedule occasional travel (even if its for work). Getting out of my regular routine and visiting new places feeds my soul and gives me a much needed break from single parenting.

What is some advice that you would like provide to girls participating in STEM?

Its okay to not “get it” right now. When I was young, I struggled academically because of Attention Deficit Disorder. I thought I was not smart. I had no idea that I was just a “late bloomer”. Keep at it. If you can’t seem to understand coding, try something else. Explore less technical avenues like open source intelligence (OSINT), risk management, or cybersecurity journalism. If you love coding, go for it! Start a club, do a competition, create your own application or game. There is something for everyone in STEM, even if you aren’t super “technical”.

What resources do you recommend for women who are interested in breaking into your specialty area?

If you have a knack for finding information on the internet, you could have a future in Cyber Threat Intelligence! I recommend finding role models who do that job, follow them on Twitter or LinkedIn, attend local meetup groups related to the subject, and learn as much as you can from free resources. Cybrary is a great resource for studying, and most CTI companies have blogs and free resources on their websites. I publish my work on intsights.com and LinkedIn.com/cwillhoite.

https://gatebreachers.org/wp-content/uploads/2021/01/New-Project-3.png

What do you do on a day to day basis?

Every day is different, which is one of the reasons why I love the field.  At a high level, my core role is to assess the risks to our organization and to work with our leaders and care givers in treating those risks to acceptable levels.  A key component of this is to understand the organization’s strategy and to position the information security strategy to enable our mission and vision.  In doing so, I lead a team of information security professionals that occupy roles from leadership (Director, Program Managers) to architects, engineers and analysts.  My role is to enable them to do their roles effectively by providing them with the tools, resources and support to carry out their daily functions.  More often than not, I’m in meetings with various areas of the organization partnering with them to deliver on their goals without introducing unacceptable levels of risk.  At times, I’m reviewing contracts, doing budgets, working through system selections for our security tools, developing and communicating policies, generating awareness and working to create a culture of information security across the organization.  At a micro level, I’m working with all areas of the organization to ensure that our people, process and technologies are working effectively.  Outside of the day to day, I also spend a lot of time keeping up with the news, the emergent threat landscape, new regulations, etc so as to keep pace with the times.  I also work closely with industry peers in collaboration to assist each other in problem solving and moving the maturity needle forward for the industry as a whole.  I do so by volunteering for working groups, serving on collegiate and industry advisory boards and networking.

What attracted you to information security?

I was lucky enough to progress into a role as a project manager for large, international, infrastructure jobs for a large global organization.  I was a pretty hands on project manager and got to experience a wide array of areas of information technology.  Each project had an information security component to it and I found myself gravitating towards the field.  When it was time to move on, I had made the decision that my next role would be focused on information security.  At that time, the HIPAA Security Rule was a few months from coming law.  A large local  hospital was hiring for an Information Security Officer and I got the job.  The rest is history.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

I have a BS in Electrical and Computer Engineering as well as an Executive MBA.  I also have the Certified Information Security Manager (CISM) certification.  I will most likely seek cloud certifications in the near future.  I don’t think that certifications or degrees in this area are necessary to work in information security but I also don’t think that they can’t hurt.  I would not rule out someone without a cert or degree for a job or promotion if the individual can demonstrate competency, skill and the knowledge to do the job.  What I do tell people who are starting in infosec without a comparable degree is that working towards or having a certification, demonstrates a desire and commitment to the discipline and a willingness to work for it.  It may be the differentiator for an entry level role.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

My challenges came early.  I had to change from full time to part time after my second year in college and had to pay for college on my own.  For many years, I worked as a full time intern and had 2 bartending jobs.  I took classes at night as I could afford them.  I watched all of my friends graduate and begin their careers.  It frustrated and discouraged me at the time to watch everyone else succeed while I struggled to move forward.  It took me 9 years to graduate but I kept pushing.  What I didn’t realize at the time, is that my challenges helped to develop and mature me into the professional that I would someday become.  Once I graduated, I hit the ground running.  I was hired into the company that I had interned for, got several promotions and after 5 years from graduation, left the company to become an Information Security Officer for a large healthcare system in Philadelphia.  Just 5 years after graduation!  The adversity that I experienced, prepared me for a high stakes, high pressure role that I have since fulfilled.   Since then, most of the challenges have been around being able to balance my passion for information security with the constraints that most organizations have in making the resources and finances available to build a strong program.  In my current role, the biggest challenge I face is keeping up with the threat landscape and moving at a pace that is achievable without putting the organization at risk.  In terms of overcoming existing challenges, I believe being a good communicator and a strong partner to the organization has enabled me to gain the trust of our leaders and caregivers and to build the necessary relationships to move forward.

How do you achieve a work life balance to avoid burnout?

I think work life balance is essential to good performance at every level.  Although I work extremely hard, I also find the time to do things that I love outside of work.  I used to work 15 hour days and found that the work never stopped.  When I went for my EMBA, I was forced to stop working after hours so that I could tackle my course work.  What I soon realized is that no one noticed that I wasn’t working as hard.  No one complained about my productivity.  Once I graduated, I made a commitment to myself to avoid going back to working as much.  As for what I do to avoid burning out, I do non security related things to strike that balance.  I am an extreme extrovert.  Being around people is important to me and I enjoy spending time with my family and friends (this includes my strong CISO community).  I love to travel and do so regularly with my husband.  (I could do a better job of disconnecting when away) I’m a huge sports fan and spend a lot of time going to games.  Lastly, I am a long distance runner and enjoy doing half and full marathons which is actually a stress reliever.

What is some advice that you would like provide to girls participating in STEM?

STEM opens up a world of opportunities.  As technology becomes more integral to everyone’s lives, we are going to need talented professionals to keep pace with advancements and to foster innovation.   There are not enough women in STEM.  The unique skillsets and perspectives that we bring to the table can add an incredible amount of value.  In information security specifically, there are not enough people to fill open jobs currently.  That void is expected to grow exponentially in the future.  As far as advice, some folks believe STEM field are difficult or intimidating.  I think STEM fields are challenging and push us to be better versions of ourselves.  Additionally, folks think that information security is super technical.  The field is vast and includes a variety of non-technical areas such as risk management, education and awareness, strategy and communication to name a few.  For those that choose STEM, I suggest you embrace the fields, be bold and confident in your abilities.  Never listen to anyone that tells you that you may not have the ability to do something.  I strongly believe that if we set our minds to do something, each one of us has the ability to do so.  We just have to want it and work for it.  Surround yourself with champions, find a mentor who wants to help and invest in you.  Lastly, have fun learning, it’s the best part.

What resources do you recommend for women who are interested in breaking into your specialty area?

Sites:  SANS.org, ISC2, cybersecurityeducation.org,

Blogs:  Krebs on Security, Schneier on Security

Women specifically:  WiCys.org, womenscyberjutsu.orghttps://cybersecurityventures.com/list-of-women-in-cybersecurity-associations-in-the-u-s-and-internationally/

 

 

https://gatebreachers.org/wp-content/uploads/2021/01/Lizzy-Higgins-1280x640.jpg

What do you do on a day to day basis?

– soc analyst (currently unemployed) also a post graduate student in Psychology looking at human behaviour and cyber security. Want to specialise in human threat intelligence, social engineering and counter terrorism/fighting toxic content online.

What attracted you to information security?

always been interested in computers since I was little and always been very curious by nature – I have a knack for ending up in places/situations I shouldn’t be in and being able to essentially “blag” my way out of a sticky situation or get into somewhere I shouldn’t be. Going into computer security seemed like an obvious choice for me as I am a firm believer of infosec as a social science with a technical element, not a technical area with a social sciences element.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?

BSc (Hons) Cyber Security

MSc (conversion) Psychology – soon to graduate

Security +

studying towards GIAC threat intel courses

– find they help but they are not the be all and end all – sometimes you can have all the degrees/certs in the world and still be shit at your job, or have none of them and be ace at it as 99% of the battle is about your willingness to learn.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?

– not being taken seriously for being a woman

– being told repeatedly that I am not technical enough, yet I have a technical CV

– turned down for jobs repeatedly due to it being a bit of a “bro club”

honestly I am still trying to overcome these but each day I am on step closer to hitting my goals and smashing them

How do you achieve a work life balance to avoid burnout?

As someone who’s struggled with MH problems and burning out a couple of times, I have now learnt my triggers, and to find balance. As I am usually sat on my butt for up to 12 hours a day when working (on shift) I find walking to and from work helps a lot, and going running on my dinner break (thank god for showers at the office I used to work at) and also if I have had a pretty shitty day, calling a friend on the walk home and having a mega bitch. Also I find kickboxing, swimming and yoga really helps too and reading something that is non infosec related and putting down my tech helps too 🙂

What is some advice that you would like provide to girls participating in STEM?

don’t be afriad to get involved. Show up, get involved, and so what if you make mistakes?! It’s learning from the mistakes that makes you good at what you do. And don’t beat yourself up if you find you’re not “technical enough” – there are plenty of tech jobs where you don’t have to be sitting in a dark room, writing lines of code and drinking energy drinks until you black out.

What resources do you recommend for women who are interested in breaking into your specialty area?

podcasts – going to tweet a few of my favourites soon

Twitter infosec – get involved in the woman in stem/tech/cyber intititives

Find your local hack spaces, confrences, etc

DON’T be scared to ask stupid questions – as honestly, there is no such thing as a stupid question.

 

https://gatebreachers.org/wp-content/uploads/2020/01/New-Project.png

What do you do on a day to day basis?
I work on an cyber incident response team in a higher education environment. It is hard to say what exactly I do each day because higher education is an extremely volatile environment with an insane amount of variables. On a daily basis I do alert triage, incident response, threat hunting, security administrative tasks, and I spend a portion of each day learning or training on topics in information security that interest me or I need to be more knowledgeable about for my job. Additionally, I deal with securing and protecting research, building out our team’s SIEM and other logging tools, handling phishing emails, and determining what unique behavior seen in our environment is actually anomalous and concerning not just unique behavior.

What attracted you to information security?
Information Security struck me as an extremely important field where I could have real tangible impact with the state of security in my environment. I was also attracted to the fact that it was a continuous learning environment, and I do really learn something new on a daily basis.

Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?
I have a degree from Texas A&M University. I also obtained CompTia’s Security+ certification prior to graduation. I do not think anything is particularly necessary to work in information security besides the desire and drive to learn. In my opinion, certifications are good ways to show that willingness and desire to learn on your own. Lastly, as cybersecurity degree programs are more accessible I presume that a degree will be expected and required for entry level positions.

What are some of the biggest challenges that you have faced in your career and how did you overcome them?
I am relatively new to the industry and to my career so I don’t believe I’ve faced a major challenge to my career at this point.

How do you achieve a work life balance to avoid burnout?
Achieving a healthy work life balance in Information Security is a perpetual work in progress. I can’t say I have achieved it yet, but I try to regularly exercise and make sure at least once a week take a few hour hours for myself and make sure I’m unplugged for that time. Reading fiction (for fun), playing musical instruments, building legos, or doing artsy things are some of the ways I try and give my brain a break at least once a week.

What is some advice that you would like provide to girls participating in STEM?
The best advice I can give, even if it’s a cliché, is to not give up and to stand up for yourself. STEM is hard, no matter what you are doing. It will generally require more work and a bigger drive to learn and to put in extra time on your own than careers in other fields. If a girl wants to do this, she will have to put in the effort and she will have to be willing to stand up for herself and be confident. Imposter syndrome is real, people you work with, both men and women, will discourage you from continuing, in the end it’s up to you if you want to do this. Speaking from experience, I’ve had to learn to be more assertive with my ideas, I had to convince myself that I needed to negotiate a higher salary than what I was offered and that I was capable of actually negotiating for said higher salary, and I’ve had to work extremely hard because unfortunately gender norms do exist and despite my best efforts I am still given more of the tasks designed “for women”, like coordinating team lunch, than my coworkers are. Work hard and stand up for yourself in your personal and professional life and you will make it in STEM.

What resources do you recommend for women who are interested in breaking into your specialty area?

For women interested in being a SOC analyst or incident response analyst, I recommend an introductory certification to prove baseline knowledge in Information Security, I did Security+. I recommend keeping up with cybersecurity  news because a lot of my job is driven by trends seen in the industry. For example, we deal with the APT’s that are active, recent vulnerability disclosures, and ongoing phishing campaigns that other organizations are facing. Additionally, participating in CTFs (Capture the flag hacking competitions) are a great way to expand your cybersecurity knowledge. A lot of the competitions have reverse engineering and network packet capture analysis portions (and other relevant categories) that have direct applicability to what I see on a daily basis in incident response.

AvantageHeadquarters
Organically grow the holistic world view of disruptive innovation via empowerment.
Our locationsWhere to find us?
https://gatebreachers.org/wp-content/uploads/2019/03/img-footer-map.png
Get in touchAvantage Social links
Taking seamless key performance indicators offline to maximise the long tail.
AvantageHeadquarters
Organically grow the holistic world view of disruptive innovation via empowerment.
Our locationsWhere to find us?
https://gatebreachers.org/wp-content/uploads/2019/03/img-footer-map.png
Get in touchAvantage Social links
Taking seamless key performance indicators offline to maximise the long tail.

Copyright by BoldThemes. All rights reserved.

Website built by Lunar Digital Group. All rights reserved.

Website built by Lunar Digital Group. All rights reserved.