What do you do on a day to day basis?
I like to use the term, herding cats. I make sure analysts and administrators are abiding by policies and procedures.
I also put out lots of dumpster fires on a daily basis.
Change is my middle name at this point.
What attracted you to information security?
I have always been curious, much to my mother’s dismay (she still hates that I go through her mail when I visit). I was working a Health Information position in Release of Information which follows more along the lines of Privacy. I started getting curious about who had access to what and how is it authorized. It wasn’t until I went to a conference for Health Information Managers that I discovered that there is an entire world of Access and Authorization under Information Security. I was hooked ever since.
Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?
I am actually working on my Bachelor of Science, Business – Information Technology Management degree and I have the Certified Access Management Specialist credential from the Identity Management Institute. I also have several certifications from the electronic health record vendor Epic for Security and Access.
Do I think they are necessary? No. I got into the field without college or certifications. My certifications were something I wanted for myself, and I found a degree that fits me perfectly through WGU. I know this question is a hot topic with anybody in InfoSec. My advice is to find a hiring manager that will take a chance on you. If you cannot afford certifications or college, just keep trying because a manager will recognize you as a person and not as a statistic from HR.
What are some of the biggest challenges that you have faced in your career and how did you overcome them?
Some of my biggest challenges are being heard and recognized as a contributor. I am a consultant now and for example, I had an issue today where I pointed out a HUGE risk that our security team was skipping over. They ignored me and said it wasn’t that important. I feel like I’m constantly shouting into the void. It’s frustrating, and somedays I just want to throw my hat in. I found out all I can do at this point is report the risks I find, save a copy for future reference, let the pieces fall where they may. It seems to be working out so far (ask me in another month).
How do you achieve a work life balance to avoid burnout?
I work from home, so some days it’s plenty hard to step away from my desk especially when you can hear your computer making noises while you are trying to make lunch. I keep myself on a time limit, once my 8 hours are done I shut everything off (including my speakers) and walk away from the computer. I’ve been in an InfoSec position that had required me to be on-call, so you can imagine it’s pretty hard to keep work and personal life separate at that point (people paging you at 3 am because they need their access and they need it NOW [but they don’t]). My advice for those that are on-call: Take the call, do the fixes (if any), find something to punch or kick (a rolled up towel works just fine), and proceed to take out your frustrations in private. After you have sufficiently de-stressed, continue with your personal life. If you are in public, vigorously washing your hands in a restroom while muttering nonsense works well.
What is some advice that you would like provide to girls participating in STEM?
Be curious, stay curious. Always stay on the pursuit for knowledge, no matter what others try to convince you.
What resources do you recommend for women who are interested in breaking into your specialty area?
My specialty area is Identity & Access Management or Identity Governance with a dash of HealthIT shoved in there.
My recommendations for staying up to date with Identity & Access Management or Identity Governance are these:
- Become a member of the Identity Management Institute and subscribe to their newsletter.
- Join the Discord group: DIDecentral (The person who manages this page is a godsend for LOADS of IAM knowledge.)
- If you don’t have a Twitter, get a Twitter and follow everyone on my IdentityMates group.