What do you do on a day to day basis?
I am a cyber security analyst and student from Evolve Security Academy where I conduct vulnerability and network assessments for a local non-profit. I also steer marketing initiatives at CyberSecurity Non-Profit, a national, chapter-based cyber security awareness and education company where we run events, hackathons, and networking opportunities.
What attracted you to information security?
I have always been interested in technology and got only seriously involved in cyber security after working directly with privacy, data management and compliance teams closely on email campaigns. It was around that time that the Facebook and Cambridge Analytica scandal came out and I started to read up various articles related to data collection and privacy. A few articles turned into a rabbit hole and eventually I was watching ethical hackers on YouTube and did a intro into ethical hacking course on Udemy! Once I learned how to do a ‘ping’ command, I knew I was hooked and wanted to get deeper into cyber security.
Do you have a degree and/or certifications? Do you think that they are necessary to work in information security?
I have a Bachelor’s of Science in Business Management and Marketing but I am working towards my Security+ certification. I’ve been advised that the Security+ is a entry-level cert that showcases a serious interest in cyber security and strong foundational knowledge. I don’t think it’s necessary but since my background isn’t technical, I believe it will help me in the future.
What are some of the biggest challenges that you have faced in your career and how did you overcome them?
One of my biggest challenges wasn’t in cyber security (not just yet) but in my past marketing experience where I was responsible for managing a new enterprise feature. The project took 2 years to develop and we were at the final push. My project leader and I had to collect large amounts of data source codes that was becoming a huge challenge to manage. In order to make things easier for both of us, we decided to readjust the way we managed data by rethinking which data source codes would work or be enabled in the new feature. Through working with our developers who sketched out a new POC and also conducting weekly 15 minute meetings with key stakeholders from the teams that I worked with, we were able to streamline and cut down the amount of source codes and also adjust our timelines better.
How do you achieve a work life balance to avoid burnout?
I don’t think there’s a ‘magic bullet’ to this but rather knowing your boundaries and being able to speak up but kindly. Informing my colleagues when things are due and what you expect from them and at the same time enforcing transparency usually in my experience alleviates passive-aggressive behavior and back-biting. I also journal or write a recap at the end of the week of things I’ve worked on and what are a few important things to knock out the following week. This helps with focus and avoiding burnout since I’d try to stick by that journal as much as possible. Also, a weekend trip or maybe a vacation after a few months (in my case, twice a year) wouldn’t hurt!
What is some advice that you would like provide to girls participating in STEM?
Girls should definitely feel empowered to explore STEM. There’s tons of free resources and communities that are driven to help girls succeed. In addition, girls should not neglect exploring the ‘social sciences’ since human behavior and psychology is equally as important when it comes to creating new products i.e. product design and thinking of creative ways to exploit user behavior and databases in hacking.
What resources do you recommend for women who are interested in breaking into your specialty area?
Freecodecamp, Khan Academy, Udemy, Linux Academy, Peerlyst, Vulnhub, Daniel Miessler’s blog and the amazing world of YouTube! Outside of the digital realm, getting involved in a cybersecurity group (ahem, CyberSecurity Non-profit!) which is geared towards building community is always a good start. Other associations like WoSec, WiCyS or ISACA are also great if you’d like national and international contacts to network with.