It is useful to have a background in IT to jumpstart your career in cybersecurity. However, there are other ways to get involved, Monica Rustogi Saxena, information security officer, told CyberNews. She is a rare gem as women account for 24% of positions in cybersecurity in the US.
Diversity in the workplace leads to better decision making, and the lack of women in the field also discourages other women from entering cybersecurity.
Luckily, the number of female professionals in the field has been growing. Women accounted for 24% of positions in cybersecurity in 2018, compared to 17% in 2017. That’s also a global trend - it is presumed that there were around 20% of women in cybersecurity worldwide in 2019.
Even though the situation is slightly improving, you can still call Monica a rare gem. We met her through the Women in CyberSecurity (WiCyS) organization that brings together women from academia, research and industry to share knowledge, experience, networking and mentoring. This year WiCyS had to organize the conference online due to COVID-19 pandemic.
“I think the most important thing to start a career in cybersecurity is to have a passion to keep learning everyday as there is always something new coming your way,” Monica told CyberNews.*
A survey from 2017 revealed that fewer than 50% of respondents entered the field via IT or Computer Science. The respondents are diverse in their backgrounds, coming from compliance, psychology, internal audit, entrepreneurship, sales, art, and more.
Monica, how did you become interested in the cybersecurity field in the first place?
I was part of the Networks team in GE Capital and loss of service was always a big risk for all of us and the business. At that time cybersecurity was usually a part of the IT Services team with blurred boundaries of responsibilities.
I got interested in the security field by seeing the sheer motivation of malicious actors and how easy it was for them to bring down a company or a country, as if it was a game of who has the power to control. There is never a dull moment in security!
At what age did you become interested and involved?
I was 26 years old then and was so eager to learn the whole new perspective of keeping ahead in the game.
What were you doing before?
I was working as a Network Engineer managing the connectivity of networks in terms of data, voice, calls, videos and wireless network services.
What is your job as a cybersecurity specialist?
I am an Information Security Officer and work as a strategist, advisor, guardian and technologist in the organization, working with senior management and focusing specifically on security needs and requirements of the business and helping them to meet their business objectives.
Have you ever regretted changing careers?
Never! I think it was a very good decision and I have come a long way from where I started and stand today.
Is your current job in any way similar to what you used to do?
I would say somewhat similar as in my previous role I built a network and ensured that they were secure and impossible to penetrate. Now, I am ensuring that my company and my clients' information is safe and secure from every perspective in its own lifecycle and in the whole stack of infrastructure. I understand my business better now to safeguard the trust of our clients and assure them that their money and information is safe with us.
Where do you suggest to start if someone wants to change careers and work in cybersecurity? Can you work without an IT background?
I think the most important thing to start a career in cybersecurity is to have a passion to keep learning everyday as there is always something new coming your way. Cybersecurity is a diverse field now and offers a wide variety of career options to choose from ranging from a technical specialist, security architect to not so technical risk management roles where risk and business understanding is key.
It is always beneficial to have prior IT knowledge to jumpstart your career; however, one can start with online courses and get involved where you can. Many companies offer secondment and they are a great way to change the direction of your career. The security field needs people with skills in business understanding and leadership as you do not need to always understand technical jargon to connect with business and understand their risks.
*Note: This was a written interview.