My question periods with women and non-males in cybersecurity here on The State of Security partake of been very popular. Last month, when I looked for causes for the third “Women in Information Security” series, I got an overwhelming response!The at the outset person I interviewed for this next wave of interviews was security swing Keirsten Brager. We had an excellent chat.Kim Crawley: What do you do in cybersecurity?Keirsten Brager: I increase you extending this opportunity. I am a security engineer at a major power utility coterie. As a member of the security technology team, my primary focuses are delivering industrial solutions to reduce enterprise risk and outfitting the business with automated capacities contained within their toolsets. My role is cross-functional and requires interaction with numberless levels in the company, so I am constantly looking for ways to provide value to commerce groups. Security continues to be a service that must be sold. That character of the job is much easier to do when you add value to business groups who then in favour of for you.KC: Excellent! So, how did you get into the cybersecurity industry?KB: I did the work no one else would do. Polytechnic people tend to like tools, but they do not always like spawning/maintaining documentation, interacting with auditors, and working in cross-functional places that involve dealing with people of who are not technical and/or in unrelated proprietorship groups. I happen to be technical and a people person, so I took on projects that be short of both.During difficult audits, I also learned the importance of structure trust and finding allies. When you do the difficult work that moves the society forward, people notice. Stepping out of my comfort zone and doing toil that others avoided allowed me to create my own opportunities. I cried a lot while I was universal through it, but I’m a better security professional because of all the stretch assignments I killed on that ultimately led to the awesome team I’m on today.KC: Is maintaining documentation as dry-as-dust as everyone tells me it is?KB: It depends on the size of the company, security program consummation level and business drivers (SOX, PCI, NERC-CIP, etc). Those factors will decide the tools deployed, processes, frequency, and level of documentation required. The circulation is also not always related to it being tedious. Rather, developing/persevere ining documentation involves engaging different areas of the business to ensure it solves business requirements. Security professionals don’t just document how apps are demonstrated, tools are deployed, or systems are protected and monitored. Documentation often has to be scoped to proper to audit requirements and other stakeholders who may have different objectives – this is the people detail of it that a lot of technical people struggle with. I wrote a Tripwire article connected with the importance of communication and how it can take careers further than tech dexterities alone.KC: What misconceptions do other cybersecurity professionals have just about the security engineer role, especially as it pertains to large organizations?KB: Two falses that I frequently see: engineers work alone and only computer sphere grads are suitable for these roles. Both couldn’t be further from the accuracy. Although pop culture makes it appear that security professionals accommodate wheedle alone in dark rooms, that is not the reality for anyone that I identify in the industry. Being a people person is an asset, not a liability.Regarding formal information, my Bachelor’s is in business management, and I just finished my Master’s in cybersecurity a few weeks ago. I paucity other women to know that lack of a Comp Sci degree did not bar me from having a great career and that it does not have to refrain from them, either. Large orgs will hire you if you have the vindicate skills (not to be confused with education), passion, and the ability to articulate how fastness enables the business to function. An often-overlooked path into large orgs is via surety product companies such as Tripwire, Splunk, Cisco and others. Do not limit yourself to tending to just large orgs because they do hire from tech casts if the need exists.KC: Congratulations on your Master’s degree! Pardon my unenlightenment, but are there purely cybersecurity post-graduate paths now? I’m only aware of habitual computer science programs with cybersecurity electives.KB: Thank you! Yes, there are now undergraduate- and Authority’s-level cybersecurity programs. Academia has been slow to catch up, but I’m starting to see multifarious schools offering cyber degrees, even here in Houston.Some fashions are even offering specialized tracks. For example, I just completed UMUC’s M.S. in Cybersecurity legacy program. The program changed ultimately year, and they now offer Cybersecurity Technology, Management/Policy and Digital Forensics wake traces. As you know, the discipline has many domains and subdomains. I expect to see more academic institutions offering specialized tracks as the industry matures and demands it.KC: Either in activity roles, in academia, or both, has being a female cybersecurity professional on any occasion been a challenge?KB: It has been a challenge in both environments. The industry is male-dominated, so unnecessary to say, the academic programs are male-dominated, as well. Often left out of the conversation is that the James Damores (Google Manifesto prime mover) and Richard Spencers (Alt-right leader) of the world are in academia, on hiring panels, CFP cabinets, and everywhere in between. Those people have a bigger influence on the be deficient in of diversity than this being merely a vague “pipeline circulation” or “women just are not interested” in this type of work.In my graduate program, it did not stuff that I already had three security certifications and was gainfully employed in the commerce. People bring their biases everywhere they go, try to impose their worthlessness complexes on you, and treat you like an “other” even if you have receipts accord you’re just as capable. Despite the challenges, I remained dedicated to the discipline and landed on a band that is both supportive and inclusive. That made it all worth it.“I be other women to know that yes, you will encounter people along your abstract and professional journey who will make you want to quit. Those state of affairs are temporary. Whatever you do, just keep going.”KC: So, what advice intention you have for a young girl who’s fascinated by hackers and might be discouraged to up a cybersecurity career?KB: The first thing I’d tell her is that security is not all fro hacking and that she should conduct research to learn about all the cybersecurity hurtle options available to those willing to put in the work. I have the utmost pay attention to for pen testers, but pop culture and even some people I admire tend to romanticize and sanctify hackers. I believe this can lead some young people to put ones trust in that hacking is the entire discipline. It is not. There will always be a extraordinary demand for people who defend organizations than those who hunt for/exploit vulnerabilities.If you look at all the brain maps and other visual representations of security programs, it is clear how scads different career paths exist that are not related to hacking. I’m not troublesome to discourage anyone from pursuing a pen testing career path, but I intend it’s important that we encourage young people to open their give someone hells to the myriad of career possibilities that exist in cybersecurity. If they do that, then they’ll see lassies who look like them thriving as engineers, architects, specialists, analysts, administrators, doctors, and many other variations of these titles depending on the org. Some of these jobs can also prepare you to be a better hacker if that is the end goal.Finally, do not be dissuaded by the stereotypes because some of us are actively working to create new ones.KC: How do you believe the cybersecurity field can encourage greater diversity? Not just with gender, but dialect mayhap race and disability, as well?KB: The best way to encourage diversity is for people of heterogeneous backgrounds to make themselves more visible in the places it matters scad: schools and online. Young people consume the bulk of their casts from the media and are encouraged or discouraged by what they see. Unfortunately, they prolong to see the mostly stereotypical images of white men dominating movies, TV shows, photos, and talks from infosec seminars.Therefore, it is important for us to volunteer our time in schools and have publicly convenient content to refer them to, so they can see themselves through our stories. This is the to the fullest extent way to plant those “Hey, if she can do it, then I can do it, too” seeds.I also believe it is important for discussions to do a better job of ensuring that speaker lineups and panels reflect an embodying culture. That part will be harder to change, though.KC: That’s integrity advice. Is there anything else you’d like to say before we go?KB: Yes, relationships are crucial in this industry. Develop relationships in your LOCAL security community, take ining local chapters of OWASP, ISSA, (ISC)2, ISACA, etc. Many surveillance product companies have user group meetups, as well. Throw out back as often as you can before you need a job. Stay humble.
About the Founder: Kim Crawley spent years working in general tier two consumer tech take, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets double-dealed her, and her knowledge grew from fixing malware problems on thousands of shopper PCs. Her curiosity led her to research malware as a hobby, which grew into an concerned in all things information security related. By 2011, she was already ghostwriting lucubrate material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Till the cows come home since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Armoury, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a well-known Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her firstly talk at an infosec convention, a penetration testing presentation at BSides Toronto.Managing editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not certainly reflect those of Tripwire, Inc.