As an African American woman in this field what challenges have you faced?
Did you see Hidden Figures? Minus the separate bathrooms, that has been the story of my life up until very recently. I am in a much better place now.
HOWEVER, you will face people who treat you like you do not belong in the workforce. People will try to impose their inferiority complex on you. Just smile and keep it moving. Cyber careers are meaningful and experienced cyber security professionals are commanding salaries of $105,000 – $192,000 according to the 2017 Salary Guide for IT Professionals by Robert Half. Let that keep you motivated during the thankless days and sleepless nights that might be topped off with days like the women faced in Hidden Figures.
How did you get started in the information security domain?
I did the work no one else would do. Technical people tend to like tools, but they do not always like creating/maintaining documentation, interacting with auditors, and working in cross-functional capacities that involve dealing with people. I happen to be technical and a people person, so I took on projects that required both. Basically, I created my own opportunities.
What do you wish you could have done differently starting off?
If I could do it all over again, I would work at product companies first (Tripwire, Splunk, Cisco, Palo Alto, etc.) and become a platform expert. They require travel, but they usually pay 100% of expenses while you’re travelling and place engineers onsite at large companies. This allows you to build relationships in many orgs and those orgs often hire talent directly from product companies.
Instead of having an apartment, car, and feeding myself, I would have used these employer funded living opportunities to bank my money. In the era of Airbnb & Uber, it is feasible and financially savvy for single people to do this.
I also wish I would have volunteered at conferences, started public speaking, and sought out mentors sooner. Relationships are the key differentiator in this field, and giving back is an excellent way to build mutually beneficial relationships.
LinkedIn is a tool for networking, but understand that you are competing with 400 million people on that site. When you volunteer or speak at conferences, you establish trust and the relationships needed to gain access to job opportunities. Speaking at conferences also gives you the opportunity to interview in front of a room full of people instead of just one employer. You never know who is looking for your skill set. College students present research at conferences all the time, myself included.
What was your mindset in the beginning of your career and what is your current mindset now?
I was not very confident in the beginning of my career. I was also intimidated by the people who seemed to always be ahead of me in terms of skills. Then I learned that they all have labs set up at home and set up my own. Now I have the top credentials in the field, experience under my belt, and an amazing support network. Therefore, I’ve overcome (most of) the insecurities that existed in the earlier phases of my career.
What do employers look for in their potential candidates in this field?
Passion, security product skills, tech skills (python, regex, powershell), continuous learning, and they are especially fond of skills that are self taught. Communication skills are essential too, both written and verbal. If you have an employer or role in mind, look at the tools on the job req. Then go download the free version of the tools + the user guides. Teach yourself the tools, then you can add them to your resume and have intelligent conversations about use cases in interviews. Since you are a college student, employers are receptive to knowledge gained through educational projects. What matters is your ability to articulate how you can use those tools to add value to their team.
What should I familiarize myself with as far as reading materials and hands on material?
Get your Security+ to validate your foundational knowledge and get past resume filters. Then look at GIAC certifications that are taught through SANS or security product certs. Pick the one that fits your career interest or track, then go for it.
Also join local security community professional associations. I am a member of ISSA, and they have a women’s special interest group. ISC2, ISACA, and OWASP also have local chapter groups, so get involved in the one(s) near you. They also look for volunteers for chapter meetings and presentations. Smaller more intimate groups are a great way to get to know the community.
What advice would you give someone looking to study for the CISSP exam? Follow the advice in the “Pass the CISSP” post on this blog.
Why are the comments turned off on this blog? I work FT and go to graduate school FT in addition to managing this blog. My husband also works FT & teaches. We also have kids and volunteer commitments. We will turn the comments on when I finish graduate school and have more time to manage them!
What would you like to know? Tweet your questions to Keirsten @KeirstenBrager or Paul at @ProfBrager
You can also email us via the Contact Form in the side bar or connect with us on LinkedIn.