March is Women’s History Month: here at Cybernews, we feel that nearly every female that enters the male-dominated cybersecurity field is making history. And so, we take time to celebrate their achievements.
Amy Napier, the lead information security engineer at a smart building company, Brivo, is passionate about protecting people's data, since she's seen how devastating losses from identity theft and scams can be.
She's also involved in the company's committee, which promotes a healthy hybrid workplace. By the way, women reluctant to join cybersecurity don't believe they can have it all – a decent salary and a good work-life balance.
Amy says she's a proud nerd and enjoys role-playing games such as Dungeons & Dragons, video games, and cinema, among other things. As a matter of fact, the same study I quote above uses the words “nerd” and “hacker” with negative connotations. Women with little cybersecurity knowledge seem to regard women in cyber as if those words were an insult.
I was curious to learn more about why Amy is so proud of and happy with the profession she chose, and the life she leads.
Do you feel that cybersecurity is a male-dominated specialty? If so, how does it manifest itself?
Yes, I think the technology field, in general, is male-dominated, because traditional gender roles encourage women to follow social-based skills and men to follow specific career-based skills. Even in the cybersecurity field, women tend to get more paperwork, training, or auditing roles, which rely more on communication skills instead of the more technical engineering roles.
However, I think traditional gender roles are becoming increasingly ignored by each generation, which means that our future should hold a more diverse workforce, leading to better productivity and creativity. Many women and non-binary folks are already in the field doing great work, so if anyone is reading this and thinks they may not belong, you do belong. We need you.
Can you briefly describe your journey to cybersecurity and, eventually, the more specific niche of information security? Were there any challenges that made you think about quitting the field altogether?
I have always had a passion for technology that stemmed from my love of games and interest in computers. I did not have the opportunity to pursue college right away, as I needed an income to support myself. I worked in food service, retail, and eventually a call center technical support role that had a tuition reimbursement benefit.
In 2016, I finally had the opportunity to pursue school in my mid-twenties. I chose cybersecurity because I wanted to combine my love for technology with protecting people from the cruelties of online account takeovers, scams, and identity theft. I started going to school as a half-time student and began my certification collection with CompTIA Security+. Two years later, my company had a role open up for an entry-level security analyst position. My knowledge of the technical support of the products, plus my education in security, enabled me to earn the role.
I still kept learning and improving myself to continue my career. I got the CompTIA Cybersecurity Analyst+ (CySA+) certification shortly after getting the role in 2018 and earned Associate of (ISC)2 status in 2021. As my company grew, more positions opened up. Since I had experience with the company security program and a more mature education in security, I was able to earn the lead information security engineer position in 2021 as well. I am continuing to take college courses, and I plan to earn my bachelor's in software development and security this year.
Filling my free time with studies was my biggest challenge. It was difficult to motivate myself when other people were relaxing or going out and having fun. Also, my studies were behind everyone else. I was often the oldest in the class, making me feel inferior. Now, I look back, and am proud of everything I accomplished. I’m planning more certifications to earn.
What excites you most about information security?
Information security is exciting, because I am constantly adapting and solving problems. Every day comes with new challenges, and with the proper research (and some trial and error), all of the challenges are possible to overcome, leaving me with a sense of accomplishment.
Also, I get excited knowing that the work we do is not only protecting the company's interest but also protecting the people who trust us with their data, which leaves me with a sense of fulfillment.
We here at Cybernews cover leaks and breaches every day. Many involve personal, sometimes sensitive information like home addresses and social security numbers. We somewhat believe that people have made peace with the fact that if they are online, and especially if they are using some services for free, privacy is something they must sacrifice. What's your take on this?
I agree that most free services are free because they collect and sell your data and use it for targeted advertising. But I will note that there are some free services or open-source projects that genuinely care about the privacy of their users. Also, the crackdowns from new privacy laws may help people in getting better control over the use of their data.
Savvy users are able to decide for their usage of these services, where they consider whether or not they care about losing the information they enter. They might not care about what happens to that data, or maybe they use the service but enter fake data, or don't use the service at all.
However, many users don't even consider the possibility that their data may be sold or breached until they are burned by it. It is our duty to teach people that any of these services could be breached or sell data, and how to consider the risks and act accordingly to risk appetite.
You are promoting a healthy culture in a hybrid work model. What is healthy? How do you prefer to work yourself?
A healthy culture in a hybrid model allows people to work the hours and locations best for their productivity and mental health. I prefer to work at home, as I feel I can focus the best, and the commute on top of work and school is exhausting.
As a co-chair of our employee engagement committee, I have learned that there is a struggle to connect between those who prefer to work in the office and those who prefer home – because of this barrier of not understanding each other. We do our best to organize events and activities for our offices and remote employees, to all engage together and feel connected despite their distance from each other.
The key to this is a strong understanding of our communication tools, such as chat and video conferencing, and listening to people in all situations to offer activities to connect for everyone.
I know you are a proud nerd, but what does that mean exactly, in your view?
Thanks for the lighthearted question! In my free time, I enjoy tabletop role-playing games such as Dungeons & Dragons (D&D), video games, comics, and films. I am the game master for our D&D group and post our recordings on YouTube. The videos don't get many views, but I only post them to remember our fun times and stories together.
I have tied my love for games to work, by leading incident-response training scenarios that play out like a game. The scenario is generated by a dice roll and presented to the participants as a story. A dice roll selects the first responder, complications are added according to [further] dice rolls. I also love adding games to our employee events like Jackbox Games, scavenger hunts, bingo, and so on. I am active on our gaming and movie channels at work, too.
Your email address will not be published. Required fields are markedmarked