Editor’s note: Women of color were noticeably absent from most of the top women in cyber and top security bloggers lists in 2016. I applaud the work of those who were celebrated because the recognition is certainly well-deserved.
However, I want to expose students in my demographic to women who look like them. They need to know that we are out here ready to help them navigate the complexities of this field.
I also want to create our own “Top Lists” to celebrate our accomplishments just in case future lists exclude us, inadvertently or otherwise.
We are not waiting any longer to be chosen. We are choosing ourselves as of February 2017 because gender diversity is not enough.
Meet Glenise Moore, Senior Associate at Schellman & Company, the second feature of our #WeCyberToo Talent Spotlight.
She recently started a new position as a Senior Associate for Schellman and Company, where she performs PCI, SOC and ISO audits.
How did you end up in the security industry?
I have an interesting story. I started out in PR and Marketing right out of college. I worked for myself for about 4.5 years. I closed my business and started working on a career change. I worked in healthcare operations for about 3 years, in which, this was the first time I was introduced to IT security and compliance. After working in healthcare, I had an awesome opportunity to showcase my compliance skills and started working for a third-party audit and assessor firm, in which I was introduced to PCI, SOC and HIPAA. It’s been an awesome road up the ladder since.
What is the most difficult challenge you have faced as a woman in a male dominated field?
Always being questioned and second guessed.
How did you overcome said challenge?
I always work to set the tone for the environment that I am in by making sure that I provide a clear understanding of my knowledge base, abilities and skills. It’s all about direct but warm communication and assurance.
A reader of Danyetta Magana’s #WeCyberToo Talent Spotlight suggested asking future interviewees to share failures because those have a bigger impact than just feel good stories. Do you have a failure that you would like to share?
Absolutely. It’s through failure that I have achieved some of my best accomplishments. A lot of my failures have come due to having of mindset that I must be perfect always. Even though I may be the subject matter expert in the room, I would always think that I had to know every single answer to every possible question. This of course would lead to a ball of nervousness and coming across as timid, which does not help when you are the only woman in the room.
How did you turn that failure into an opportunity?
I learned to give myself a break though and be more assertive. If I didn’t know something, I would simply say that I am not sure right now, but I will know before the end of the day. It helped me improve my communication skills and my ability to be assertive and truly stand tall.
What advice would you give someone looking to enter the information security field?
I would say, do not get caught up in thinking that security equals all tough technical work. So many times, I hear people say, I can’t do that, I barely know how to turn on my computer. Yes, you need to know how to turn on your computer, but once you turn it on your job could be to only go to Microsoft Word because you are responsible for writing processes and procedures because you are a part of the governance team of your organization. This kind of role is just as important and plays a huge role in the cybersecurity stature of organizations these days. I say this to say don’t sike yourself out. Find your space within the realm of cyber security and go after it.
You do not have to start out in cyber to end up in the field. Here are 80+ Back Doors Into Cyber Careers.
What formal education, skillsets, and/certifications do you recommend that people start with to stand out among other candidates in the cyber security field?
Depending on your knowledge level, if you have had some type of technology experience, I would say start with Security+ and then work your way through some of the offerings from SANS, and ultimately make it a goal to obtain the CISSP.
Can you provide a high-level overview (5 bullet points) of your career path if someone wanted to pursue a similar route?
It’s not traditional at all.
- Worked in PR and Marketing for 4.5 years
- Worked in healthcare operations for 3 years
- Now working in security and compliance for the last 5 years
- I have obtained 2 certifications thus far. I will be sitting for the CISA in May of this year and I plan to follow that with the CISSP early 2018.
Are you planning to pursue your CISSP?
Though I have not obtained my CISSP yet, I am in pursuit of this certification because it is the only certification that displays your full circle understanding of all things IT and Cyber security. It covers audit, governance, network security, software security and much more. It’s definitely a great achievement and proof that you are a part of the upper class of professionals in the IT and Cyber Security.
What project(s) are you most proud of?
I’m working on a personal project right now that I am very proud of, it’s called the Women of Tech Coalition. It is an organization created to help women who want to make a career change transition into the world of technology. The idea is to match candidates with resources, whether it’s a job or mentor. My goal is to have everything up and running by Summer 2017.
Unfortunately, due to contractual obligations I can’t speak about specific professional projects that I have worked on, but I will say this. I have made it a point to be efficient, effective and always of value at every organization I have had the privilege to work in my career.
I work diligently to always be a strong resource by keeping up to date on the latest trends, threats, vulnerabilities and solutions that are need to know items for my clients. I will go out on a limb and say that I do believe, based on feedback from former employers, that I have left enough of an impact at each organization to the point that if I ever needed or desired to go back, the option would be there at each company. I am truly proud to be able to safely say that in public, lol.
Thank you so much for taking the time to provide your insights to our community! How do you want readers to contact you?
Twitter: @glenisemoore
LinkedIn: https://www.linkedin.com/in/glenise-j-moore-pci-qsa-pcip-922a2b77/
About Glenise Moore, QSA, PCIP:
Glenise Moore is a driven and Innovative leader with expertise in information systems security analysis and management. She is seasoned in internal and external audit, risk mitigation and enterprise security posture. She has a keen understanding of IT and non-IT integrated issues and adept at bridging the gap between IT and business constituents. Glenise has a proven ability to quickly understand key business drivers, and develop strategies to leverage and streamline continuous organizational development and growth, while delivering tangible results for all stakeholders.
Career Focus and Mission: To utilize the intelligence and sophistication of technology in an effort to improve the consumer experience while enhancing better business security practices.
* Internal and External IT Audit and Assurance
* Continuous Compliance
* Application and Operating Systems Security
* Network Infrastructure Security
* Risk Analysis
* Business Continuity
* Disaster Recovery
* Risk Assessments
Core Competencies and Experience:
IS Security Governing Standards and Compliance:
* PCI DSS
* AICPA- SOC 1 and SOC 2
* HIPAA/HITRUST
* NIST 800-53 Rev 2
* ISO 27001 and 27002
Healthcare Operations and Management:
* Joint Commission Regulations
* Industry-Standard Process Methodologies:
Certified Six Sigma Yellow Belt, LEAN Professional
* Project Management Principles and Methodologies
* New System Implementation
* Business Analysis
* Research and Development
* Budget Development and Adherence
* Internal & External Client Relations
* Revenue and Denials Cycle Management
* Clinical and Front-Office Workflow
* Practice Management
* Healthcare Systems
* Meaningful Use
* EHR Systems: Epic Systems, GEMMS, STAR, EClinical Works