In the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for QA, a specialist technology provider of learning and talent services. Because your success is important to me, I only align myself with brands or initiatives I believe in, and QA is one of them.
Jackson was known for being sarcastic, and when I first met him at my friend’s party, to say he irritated me was an understatement. Like most people, he asked me what I did for a living. Expecting to hear that I was in marketing, PR, education, accounting, or law, he was shocked when he heard my reply. Now, these are all fine jobs, don’t get me wrong, and maybe once upon a time I’d have considered them as professions to pursue. Maybe my parents or career advisers would even have pushed me to. But, it’s not what I do. I work in cybersecurity and every time I tell someone like Jackson this, it brings a smile to my face. You see, I like to surprise, bust stereotypes, and know that it’s almost certainly the last thing they expect. I also know that being a woman in cybersecurity is cooler than ever right now.
People often ask me how I started in cybersecurity, and I always tell them it wasn’t the traditional way. Like many people in the field, I didn’t come from a STEM (science, technology, engineering and maths) background. Those subjects weren’t my forte. However, I was a high achiever, good problem solver, had a flair for languages and was interested in people. So, after following my passion for art and design, becoming a single parent in my early twenties, and broke, I accepted I needed to change my career.
At first, I enrolled on a high tech secretarial course, in the hope of getting an office job and working out what I actually wanted to do. But fate intervened. I got spotted by a recruitment agency and took on a hard core sales job – something that was well and truly outside my comfort zone. But even as an introvert, I recognised an opportunity. Then, after about a year, I sought a bigger challenge.
That was tech. It appealed to me, despite being a bit of a luddite. Knowing myself better now, I’m pretty sure it’s because I like innovation, learning new skills, dynamic environments, people and challenges.
At school, I’d been one of the few girls who’d been interested in tech. Most of the time my friend and I would just sit around playing games. It’s how a lot of girls get hooked on tech. In fact, today, in gaming, adult women outnumber men, and according to a Pew survey, ‘Teens, Technology and Friendship’, with additional investigation by Kotaku, 60% of all teen girls play games – and a wide variety online, socially and by themselves.
Anyway, when I looked at furthering my career in art, it was the colleges with advanced tech that attracted me the most. Just as Steve Jobs said in his famous Stanford commencement speech,
“you can't connect the dots looking forward; you can only connect them looking backwards.”
So, what’s it like working in cybersecurity?
Well, cybersecurity is different today than it was when I started. Back in 1997, it was really a pure tech domain where you were mainly focused on protecting an organisation from hacks, website defacements, IP theft, and subsequent lawsuits. Nowadays it’s so much more exciting, for cyber isn’t just a target; it’s a weapon and attack vector. Attacks are transforming too. They’re not only capable of disruption but are now destructive and life threatening. The stakes are so much higher, and everyone is aware – even pop artists like Taylor Swift!
With advancing threats, more connectivity, regulation and workforce mobilisation, and a future that’s still having to rely on the technologies of the past – operating systems, computing languages, software environments – those who work in cyber are having to deal with all sorts of challenges, where hackers aren’t governed by the same restrictions as them.
Cybersecurity is incredibly diverse. It’s not only made up of defence (protecting) and offence (attacking), but where you’ll find both a technology and business side to it. The technology side is out to solve tech problems and is comprised of things like security assessments, ethical hacking, secure coding, threat intelligence, endpoint security, security architecture, encryption, fraud, and forensics. The business side is focused on human problems and where you’ll find governance, risk, and compliance (GRC), security training and awareness, incident response, privacy, law, programme management, strategy and operations.
With both sides, the skills required are varied and attract:
- Problem solvers – people who can think creatively and innovatively,
- Analysts – people who have good attention to detail, enjoy investigating and can spot irregularities,
- Performers – people who have a skill for acting and who can take on personas, hack their way into organisations via social engineering exercises, or who can communicate effectively to others in an organisation, so they get buy in, and enable projects to move forward in a timely manner,
- Leaders – people who can inspire and get the best results from their team.
Requiring people with a flair for acting or languages is often one of the biggest surprises, but if you watch how this cybersecurity professional breaks into a mobile phone in under 2-minutes you’ll understand why. Using social engineering, which is essentially hacking without using code, Jessica Clark, a cybersecurity expert, demonstrates just how easily it can be done with a vishing call. She uses her voice as solicitation. You can watch it here.