1. Title of Presentation
The Long Way Around – from Software Engineering to Cyber Security (How Choosing Wrong Turned out to be Right)
2. Presenter(s) Name(s)
A career in Cyber Security does not always follow a linear path. In some cases, a successful career in cyber security can result from breadth of experience in seemingly unrelated disciplines and roles, with security implications woven throughout. I will share how my varied roles and experiences over 15 years have ultimately led to a career in cyber security.
4. Detailed Outline
Who I Am/What I Do/Background
- Kathleen Smith, ARGON International. I serve as a security evangelist and am overseeing a security operations controls transformation program. (More on this later.) I was raised by a physicist/software engineer mom who influenced me to pursue all things STEM from an early age, and that I was capable of ANYTHING – a belief I instill in my own children. My educational background is a BS in Comp Sci with a focus in Software Engineering/SDLC. I did not set out to work for a large corporation nor in cyber security.
Three keys to working in Cyber Security (and examples of how I learned each)
- Know what we’re trying to protect
- Worked in roles that let me see a process from every viewpoint
- Customer data and banking activities
- Architecture design/documentation
- Performance Testing – application breaking point
- Database analysis – built data dictionaries, followed the bread crumbs
- Application Design Lead – Security and Fraud Alerts
- Technology Project Manager – people/processes
- Business Analyst Manager – data flow/business processes end to end
- Application Manager – Managing developers – Keeping the lights on – How to recover – How to implement change without impact
- Know why to protect it
- Responsibilities later included making those processes safer/securer/more compliant with policy – risk management
- Know how to protect it
- Learned from ever-evolving laundry list of possible security controls once you know the context of what and why.
The transition to Cyber Security – 11 years later
- The catalyst was having my eyes opened by speaker share about tradeoffs in cyber security – risk vs convenience of innovation, as well as the nature of identity. I walked away with goose bumps and realized I knew the beginnings of what and why – and took steps to evolve these.
What I Really Do
- Since the program’s inception, we’ve reviewed people and technology processes that make up the ecosystem of threat prevention operations in order to facilitate capacity increase via automation and process optimization, which then facilitates the ability to identify opportunities to shift further left in the Kill Chain to be more preventative and less reactive to events. This works also enables teams to quantitatively measure effectiveness and efficacy of controls over time and in the midst of change.
- This works draws upon a breadth of experience and skillsets gained in my non-cyber security career.
What all this means for the audience
- Any focus area one chooses is applicable to cybersecurity
- Whatever it is that you gain knowledge/experience in, know what it is, why it should be protected, and how to protect it (Ex: databases, system administration, programming)
- Just by having context of the what, why and how of one’s specific skillset or responsibilities, one can be effective at securing those components of technology.
- Regardless of experience/skillsets one gains, one shouldn’t worry whether or not the wrong choice has been made, or whether one has been pigeon-holed – one hasn’t.
What will work for you?
- Any domain within information technology and computer science has a cybersecurity dimension to it, even if you haven’t looked at it with that lens yet. Don’t fret! All paths lead back to cyber security.
Ability to project slides