Women in Cybersecurity: My Journey to InfoSec

A version of this article originally appeared on the Stroz Friedberg blog in celebration of International Women’s Day.

I am the Senior Director of Security Operations and Strategy at Palo Alto Networks, where I am leading the team that is building out our security operations center, which includes threat management, threat intelligence, security monitoring, and incident response functions. I also drive our red team/blue team practice – our attack and defend capabilities – and security education and awareness for the company.

Upon graduating from UC Davis with a degree in computer science engineering, I wasn’t necessarily planning to go into information security, but when speaking with a hiring manager at PG&E on campus about my favorite course in cryptography, it turned out that they had an interesting role in information protection. Later, in my roles in security engineering at Walmart.com and eBay, I learned more about the field and really found my passion for pursuing a career in information security. Getting my master’s degree in the subject enabled me to dive deeper into it and sparked my interest even more.

To anyone beginning their career, I think it’s so important not to automatically go for the big name brands, but to look at the person they will be reporting to and what they’re going teach you, in addition to finding your passion. At certain points in my career, I found myself in teams in which men were being promoted over women, regardless of performance, and women were not given the same opportunities to grow. In certain corporate environments, it seemed there was a ceiling for women that didn’t exist for men. Luckily, at other points, I had some great mentors, sponsors, and reported to some inspirational leaders. For example, the CISO at eBay at the time was not tolerant of that kind of behavior, and the experience of seeing someone in the workplace challenging these types of issues boosted my own confidence and helped shape me into the leader I am today. I hope to pay this goodwill forward in my own career.

To empower more women to go into these types of technical roles like information security, I think we have to go back to the schools and encourage young female students to explore careers in technical fields. I have an eight-year-old daughter and I do think things have improved for girls in terms of having more women technology leaders to look up to. While the younger generation has seen more female role models in science and technology than I remember seeing as a kid, I still think there is more encouragement that can be done and more we can do to inspire young female students to enter these career fields. Making kids feel that these jobs are “cool” and impactful is going to improve the number of women that enter science, technology and cybersecurity in general.

In terms of what companies can do to create environments that support gender equality, I am interested in the topic of unconscious bias and the thinking behind that. People at all levels of leadership need to understand that men and women operate differently and they are responsible for bringing out the best in both, including bringing equal visibility into what both men and women are doing. Women who have a good experience at their company are going to talk about it to others, and that builds the pipeline to bring in more women and create balance in the company.

For women pursuing a career in information security, I would advise them to find a sponsor and ideally a mentor, someone you can bounce ideas off of and will be your advocate. If you can find both a mentor and sponsor in a manager, fantastic; otherwise, look for it outside of your management chain. The other thing I would recommend is to ask for what you want – the worst that’s going to happen is that someone might say no, but if they say yes, it could be a real game-changer. Risk-taking is something that women especially don’t do enough and it is really important for women to ask for what they want so they can achieve their career goals. That is something that will bring that fire for women to be able to make change.

Ignite '17 Security Conference: Vancouver, BC June 12–15, 2017

Ignite '17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.