Panel: Hack Your Growth - #LevelUP

SANS Institute · Advanced ·🔐 Cybersecurity ·4y ago

Key Takeaways

The panel discussion at the SANS Institute focuses on hacking growth in the cyber security industry, with experts sharing actionable ways to advance careers, join communities, and leverage resources. Key topics include career development, mentorship, leadership, and the importance of soft skills like communication and vulnerability.

Full Transcript

so there are a lot of different kinds of jobs in security but there's one thing that they all have in common so even once you've gotten one of them you can't really afford to coast a career in security and we've heard some of our speakers today talk about this is kind of like um a career of constant self-improvement and education and and new skill acquiring you'll always be learning new things absorbing new technologies uh maybe even more importantly for today's purposes even expanding your professional networks and finding way to ways to engage with and and and maybe contribute back to the security company so with that in mind i'd like to introduce the moderator for our next session which is a panel our moderator is going to be uh mansi takar she's the chief operating officer for the women's society of cyber jitsu and she's put together a great group of panelists who i will let her introduce i'm really looking forward to a great discussion on hacking your growth and leveling up your career so thanks for putting together this panel muncie yeah thanks so much david for the kind introduction so hi everyone we're very excited uh for this panel we have put together folks from just starting out so like grad student two csos and aspiring cso so i'll welcome them all on the stage or and ask them kindly to turn on their video cameras um and then well that will just get started uh so like david mentioned right so my daytime jobs have mostly been corporations but i spend my free time with smaller organizations that are at the intersection of diversity and tech during the summers you can find me in vegas at defcon pulling cables and securing what is referred to as the world's most hostile network i'll let the rest of the panelists introduce themselves mary do you want to go next oh you just put me out there hi my name is mary chaney um um it says uh on on my thing that i am the owner managing attorney at the cyber security law firm of texas i'm here representing my organization minorities in cyber security which is what you see in the background i am the chairwoman ceo and president of an organization i started almost two years ago thanks for that um gina hi yes my name is gina sharp i am the former ceo for the black cyber security association i've been within the industry cyber security and information technology for about 20 plus years i'm working in multiple roles and i'm literally here to empower individuals as they go about seeking entry into cyber security and last but not least hello everyone my name is aburu singh gotham so i am i'm currently doing my masters in cyber security uh but i have been in a security scene for a long time now and for the past three years i've been into threat intelligence more toward towards the dark website and i enjoy the work and yeah cool so as we can tell right from your experiences whether you're just like taking courses now or leading organizations or previously led organizations what in your way um can you share like what is the way that you've hacked your growth like what's something that you use to level up or be where you are you can make it an open forum so you're just gonna throw it out there not gonna give somebody come on now he's just like you know what i'm here like i want the actionable advice so let's just give it to them right now then let me go through all right so you know i started off as an information uh security i'm sorry information systems person i'm an engineer by trade that went to law school that became a special agent for the fbi investigating cyber crime that ultimately um started one business um then went into corporate america and then started another business now back in corporate america um i think that for those that are aspiring to get in the field it is very very very important to you once you start to figure out what it is you want to do to know how to hunt and i say this specifically because there's a lot of things that you can get involved in but you have to understand for the roles that you're looking for what is more likely that these organizations are involved in for instance if you are looking for entry-level security operation center role your best bet is to go after your large banks healthcare organizations that have training programs to bring people on if you're you know if you want to get into security tools you know there are there are you know service providers out there you can get into the sales side you just have to know where to look and then focus your attention on where to grow so you know what i'm done in my career is you know i've gone you know wherever the wind blew for me it was really whatever piqued my curiosity i just you know at least i would say that going from being an engineer to the law school to being a special agent those were just opportunities that presented themselves just by by me being involved in in those particular areas young kid coming from you know humble beginnings it as you as you continue to move up different things start to appear for you so i'll stop there and let the others chime in so this is gina so what i've done to actually try to navigate through [Music] this career is literally aligning myself with like-minded individuals um that has been very helpful because it allowed me to engage in conversations that i you know wouldn't normally have with individuals that i maybe meet in the classroom so it gave me an opportunity to literally um speak the language and so i literally sought out organizations where i could align myself with those type of individuals as a matter of fact my first organization was women's society of cyber jitsu that was the first organization where i was actually able to um hack my career hang align myself with individuals who were in the industry and they were learning just as much as i was learning and they were willing to help and give back um and provide the support that was needed and provide direction as a matter of fact um lisa lisa she actually became my mentor and so that's another part of hacking the career was having a mentor and not having a mentor to hold your hand but she you know pretty much we had the relationship but it was from afar and it wasn't something that said hey you're my mentor you're my mentee it was organically grown and so that was also um very helpful in being able to model myself after individuals who may have been in roles that i was actually interested in so those were some of the ways that i um you know hacked my career and then once you know i became that security professional um this whole term they coined unicorns it's going into these roles and not just saying okay well you are hired to do this and that's all you're going to do no so i was hired to perform a certain role but i allowed myself to grow um by actually taking on leadership roles being a mentor to other individuals asking for more responsibilities and not just becoming a security technologist but actually understanding policy you know because as a security technologist you're literally there to implement the technology but why and what does the policy say so those so i use those tactics to um hack my career by allowing myself to be so open to explore other avenues as opposed to what i was hired to do yeah i sense this common theme right between both you and mary is that like open to new opportunities whether that's coming from a good title or whether it's just having an expanding growth up you know and skill sets so that's the key for sure i know that the reason i got into the knock or being like a knock kun at defcon it's not because i have like years of networking experience or anything it's because i was like no this is something i'm really interested in i want to learn more about it i got the search required and then i yeah i kept on at it you know whether it was bugging the goons whether there was like just figure out like what is my way in sarah almost like i socially engineered myself in but that's that's it's just that right it's being open to hate not having those self-limiting beliefs upward what are your thoughts on this uh so for me it was uh basically deciding which domain i want to go in like going into cyber security that i decided uh way earlier but which particular domain because there are a lot of domains out there in security so it was more of connecting with others either on twitter linkedin and like in person also and who are already in different domains whether it's pen testing and like threat intel which i like which i'm in right now or some other domain and talk to them like how what's your day-to-day uh work life look like and how much time do you have to invest in your thing and how much did you learn before getting into the field and so on because like you can't work uh in every domain uh i mean you can but it will take a lot of time like you will do two months in this two months in that and so it was more of that and with time i talked to many people and then came to conclusion okay i like threat intel i started with it and i started enjoying it so i think connecting with others uh that's what helped me and basically surrounding myself with people from different domains not just one particular domain within security so that helped me a lot yeah that's really interesting right someone recently told me that like you should if you want to check out who your tribe or who you're surrounding yourself with uh just check who's you're on your like twitter feed you know like are they all talking about just this one thing then you know you're too narrow-minded and you need to kind of expand your growth and i checked that out really quick and after that no no here are all these new people i want to follow um but yeah so that was i again a comment thing between all three of you was to reach out and kind of develop some community tribe you know specifically mentioned women's society of cyber too what are some other communities and you know how can how can someone who's interested in cyber or someone who's already in this cyber field uh join them mary i know you have your own uh organizations if you want to share your bit about it oh no that's fine um my organization minorities in cyber security it's it's me it meets individuals where they are in their field so understanding my experience is unique i came out of the fbi going into director and above roles so i didn't have to figure out the domain i always had oversight over the entire domain even at the fbi as their information security officer i always had a broader view of information security and and and physical security as well and so you know that that you know when we're talking about what you guys can do to to get into this field and who what your tribe looks like you have to understand i've i've had mentors coaches sponsors advocates i've had all of them right and that that helped me because once i got out into private industry then there the executive level is still a whole different ballgame right and and so that right there means something different culture means something different being a leader and running teams means something different so if if i if i look at look at the advice that i give younger professionals it is understanding that one it can be overwhelming thinking you have to do every last single thing in order to get into this space the one thing you need is stamina period because you will be hired in an organization maybe for just one skill set but what you had what you need to do before you take that role is to see what kind of career development opportunities that that organization has for you once you get there so you have to look at it not as narrow-minded as i i want to be you know in vulnerability management this is what i'm going to do understanding that it if you get there and you could be there for a while doing that very same thing if they don't have a plan for you so you have to take responsibility for your own career and your own development and understand okay so i want to do vulnerability management but is this company going to allow me to go in and do a little pin testing is this company going to allow me to do a little threat intel so understanding those things right and you can be around people and you can you know get involved with other organizations to expose you to different things similar to the summit similar to you know many of the organizations that out there my like getting back to your original question my organization is focusing on building leaders right i'm i'm ultimately trying to keep as many minorities and women in the field as possible so as we matriculate up into the management level roles and above we see more diversity in those in those spaces because unfortunately we still tend to lose a lot of folks from from entry level and up until that first you know getting outside of individual contributor into management so i'm trying to assist with keeping that pipeline fed and so if we have 500 people coming into the field for lack of a better example three years later we have 500 people and 250 of them that want to go they can now mature into that space into a management type of role if that's what they're looking for the schools i'm going to piggyback on right so stamina is something that's needed and i think that goes with when you're trying to find your tribe in your community right like that's something you want to align with this other people also want to kind of level up themselves what do you do to avoid the burnout that comes with constantly trying to be like okay this is next this is next it's going a little bit off topic but i am oh oh i'm you you're asking me oh okay well the burnout is is is going to come if i i found that if you're not continuously challenging young professionals to learn something new they get burned out faster um because it can get tedious it can be it can get boring it can be repetitive so you know when i've ran teams i've had curriculum for them for them to follow just so they can you know once they they master a certain level then they're moving on to something else and i had a matriculation from my l1l to l3 to cyber intel to incident response maybe reverse engineering there's a baseline and then you know allow people to naturally progress but it it if you are a l1 stock analyst for more than 18 months you're probably going to get that burnt out because it's repetitive and it's it it's tedious and it's noise it's very very very noisy so it's it's challenging someone to you know go to that next level and providing them with that opportunity to now just oh no i'm not just handling incident tickets i'm not just saying you know go clean this virus off of mary's machine but now i'm now looking at it like well i have five different pcs in a certain area that have the same type of virus what's going on there and then now it's it's building on that foundation yeah speaking of like leadership and in the community right upper gina what are your thoughts in terms of finding whether wsc or which organization you're part of like how do you build your leadership in that tribe so mostly i don't have one particular uh what they call tribe or one particular organization in a mind it's like over the past years i've been part of so many uh different clubs organizations uh conferences so you get to be part of different uh things like whether it's some besides conference whether it's science or your local security meetup group so that's uh that that has been helping me like uh being part of that uh whether it's giving talks whether it's helping with something else or whether it's helping the speakers helping uh whether like whether they have some things like creating presentation or some other moderating kind of thing for that particular what you call speaking session so helping with them connecting with them or connecting with that entire club uh getting to know uh what different people have or what different people are doing uh that's been uh i think helping and also like taking up that initiative so uh if you are a part of a club and if they do speaking sessions and if you know our topic really well ask them whether i can give this particular i can give a talk on this particular topic or not so i think that that will help everyone i mean that's been helping me because i took that initiative and honestly i was very afraid of going on stage speaking in front of people but i like i was good at one topic and i asked the people who were in charge whether i can give or no and like i did it so like gradually you will be in that that you will be handling everything like in that spot so i think that will help yeah that's really cool and i love the fact you're talking about like volunteering right like giving back to the community that you yourself want to grow in and that's so huge um i know that there are upcoming conferences women's society of cyberjudso has an upcoming conference uh diana initiative is coming up right there are a bunch of b-sides also coming up these days and most of them are going to be remote so if you want to participate right whether as a attendee whether it's like something kind of volunteering and helping plan the ctf or being kind of that kind of reviewer all these opportunities are definitely uh available and open do you know what are your thoughts in tribe and succeeding in like you know that yeah so my tribe is women's society of cyber jitsu right so i was with them since the inception and so they remain my tribe anywhere i go any challenges or support that i need i'm always able to reach back to them a lot of times i'm either the only female in security on a program or the only black female on the security program and so then i need support not because i'm weak or anything it's because there are a lot of challenges that go on and i need to be able to communicate that to a support group so that we can collaborate and speak on it and then when i'm in certain situations where i'm literally by myself i know that i have my tribe even though they're not in my space but they're in my spirit when i walk in the door so those those individuals that are with wsc are part of my tribe i also belong to other organizations i'm a part of mary's group you know um i'm a part of icmcp i'm part of black cyber security association so i'm a big you know advocate for individuals you know seeking out other organizations that provide value to them not because of who's there but going somewhere where it provides value so in in regards to leadership pretty much you know i didn't become visible until kovic 19. basically because the customers who i support is one reason why i stayed visible however because of covet 19 i need to come out i need to meet people i have no other way to meet people now except for zoom so it allowed me to come out and become more visible so becoming more visible i became the ceo for black cyber security association i took that on as a project i volunteered to do that so we always say hey you know go out and volunteer and do certain things so that you can showcase your work and show individuals that you are here and that you are engaged and that you can actually perform so i took that on as a as a volunteer as their ciso so that i could literally showcase and not only showcase but become the change that i wanted to see because i didn't really see a lot of black women in cecil rose so i wanted to become the change that i wanted to see as well and taking on their role allowed me to um advance into leadership on a whole nother scale because there was a platform where i literally grew my presence which was clubhouse and created a room called welcome to the voice of the seesaw where i literally had seats global cesos thought leaders um individuals just from around the world literally participating in this room engaging i'm engaging with individuals that i would have never thought to engage with and not only that it was the leadership aspect was having these individuals to enter this room and engage and then with the bca members giving them access to individuals that they might not come in contact with giving them the opportunity to literally ask questions and get responses you know from thought leaders and seasoned individuals who have been in this industry for years so that was the reason why welcome to the voice of the cso was created was to create that platform to give and aspiring cyber security individuals access to individuals that they would never have access to but it it just blew up my visibility there as well so it helped me to understand um the presence that we all provide when we are on these platforms and so i'm humbled by it because again i'm an individual who would rather just put my head down and just do my work but i also love to empower inspire and engage you know individuals that speak to me i like to be of value i don't want to just talk and i don't want people to look at me and say oh she's this and she's that no it's like i want you to walk away knowing that you were empowered by what it was that i provided to you so that you can go about your day-to-day and improve yourself and then pass that information along to someone else because that's the value in having the knowledge and being on these platforms is literally giving back to others so i enjoy being of service so that's a part of my leadership is being of service to others and that's how i carry about my day-to-day even on my my job yeah and i i still resonate with that right which is why like the first question was like okay like share a hack that you did in your career let's just get right to it right like let's give the audience the message again here's something that's going to be slightly off the thing but as someone who would want to enter the field right obviously if you're going to be overwhelmed with all these like different opportunities different um domains right like there's just so much of information so many people right um what about being vulnerable right in security we don't have to talk about like over abilities and products oh that's a bad thing like ah but be you know being vulnerable and like having vulnerabilities ourself or showcasing like hey i need help or you know how how have you can you guys hear an example where you have maybe have had to be vulnerable or you know kind of open and be like i need help with xyz like how does how does that work in infosec um so this is gina just simply ask the question right and engage um i know with my mentees one of the things that i teach them is to engage no question is off the table um we're all learning i'm a continuous learner i don't care how long i've been in this industry i'm continuously learning i'm sure everybody on this platform are continuous learners so no question is off the table we should just literally just engage and feel comfortable knowing that i have a question and someone's you know available to answer my question and i shouldn't feel that my question doesn't matter because apparently it's relevant to where i want to go or it's answering something that will help me to propel where i want to go so i i'm just you know i'm always a person that just says engage engage engage that's important i'll i'll jump in there so you know women and minorities specifically have an issue with this whole idea of being an imposter right for some reason or another we get into our head that somebody else knows more than what we do just because they're in a particular role and because a lot of times we may be the only one in the room we don't have the confidence to ask and so unfortunately when when those types of situations um are happening especially within the work environment it you know having a mentor to actually bounce those ideas off becomes important but also finding your own voice and your own courage because all what i need you guys to understand if you leave here with nothing else is everybody else has the same insecurities that you have and silence is it it's not a sign of strength it you know it's actually a sign of weaknesses if you have questions and you don't if you don't ask that question i i understand that you know you you feel oh well maybe this person won't respect me or maybe they feel like i should know this or because you have especially those that are new you know you have those individual insecurities but you're if you don't know you don't know and honestly especially there's just so much out there that you can be listening to um and you know with all these channels all these platforms i'm here to tell you right now mary cheney does not do all of that i have my volunteer my time and my non-profit i'm suspect on twitter i'll i'll do some stuff on linkedin but in regards to trying to manage all of that it can honestly be as just as stressful to try to stay up on things as it is to try to focus in on what it is that you're trying to learn so don't it it takes a level of security and if and if you don't feel confident to talk about it with you know the individuals that you work with take it to another platform and find your trust you have to build your board of directors right you have to build people around you that you trust when you are in those spaces that you may not be or may not feel secure about and i you know i have my board of directors i was on the phone two hours with one of my members on saturday morning talking about some of the things that you know i'm going through or i want to go through or what i'm trying to achieve in this space so finding those trust partners that you you're actually being able to take those things to uh with is important i mean i you know i'm i'm on the older part of this this aspect i've been in the field for 25 years so the way you know the younger generation does it is different than the way i would go about doing it but you know you really the insecurities are the same right it doesn't matter whether you're young or you you're you're older i'm not gonna say oh and i'm not old but if you're older the insecurities are still there because you're because you are a minority at times if you're a person of color or a woman in these fields you naturally have a tendency to feel insecure but reach out you the engage i agree with gina engage in a trusting environment right that you're gonna be uplifted and you're gonna feel like okay yeah it's okay that you know i may not know this but understand that you know build you know building building that that you know group of folks high-end you know folks at your level and higher really to be able to say it's okay right i don't want to put you in a spotlight here but i'm curious to know from your perspective right like as a grad student seeing like all these professionals and you said you connect with them on linkedin and twitter and so on so forth like do you have you ever experienced where you had to like be vulnerable and kind of be like hey like ah or that yeah so i mean uh there there have been times where i feel uh like i should not ask this question or this question to some uh professional on linkedin or on twitter uh but uh and i did made mistakes like i didn't reach out to people that i should have reached out to because they could have helped me uh but yeah like i overcome i first of all like created i made friends so because you can talk freely with friends right and like you meet people you become good friends and you can tell them okay i don't know about this or if you have some doubts okay should i switch from this domain to this domain and what do you think about this domain so they can help there like they can freely talk to you like what you need what is right for you if they are really good friends the another thing is talking to professional uh like everyone for people who are just starting uh they will feel uh not confident enough to talk to but i would say just go and message them like they're there will be many time on linkedin like i message someone i don't get a reply and it's it's okay like there will be people who don't uh reply you back or who who will not help you but you have to keep trying uh to ask uh because uh getting no getting something out of uh people who have experience is really good uh because they can tell you based on their experience right and that's the best advice you can get like for for someone having that years of experience working in the same thing and if they give you some advice uh that is really good so i think asking two professionals is really important and yeah like try messaging on linkedin or twitter or i mean uh nowadays we can't do in person thing but uh yeah when everything is open go to conferences try to talk with others and yeah like make friends and i i want to add here um because i'm i'm doing a poor job promoting my nonprofit at this point there's a safe space in the mike community right every month the third friday of every month we have a community call which is open to the public and i never get the i never get by cyber security people to ask questions um but last last week was last week right uh we had male feminists on so we were discussing how women deal with some issues that they may face from unwanted attention and how these men feel empowered to help women so we take on different topics and if you if you want to go out there and listen to some of our recordings you can but coming coming to that call it's 5 p.m eastern time at the third friday of every month it's been that way for almost two years now getting out there getting on that call and and bringing to the community uh those types of questions because you will i try to bring in um really good speakers that are that you may or may not have access to in in that regard so you know getting that's what i mean by engagement there are opportunities out there that may not feel as as superficial or you know un you know as just sending out a linkedin message and not getting a reply you know you if if nothing else mary's on the call um every the third friday of every single month because it's my call so that's part of what we're doing to to give back to the community so i would advise you guys to to join that and if you have questions that's a safe space for you to bring those questions you know i want to echo that right that there is there is some i guess adventure and trying to go out and reach out to people on your own and maybe it's required on some part too but there are so many groups and organizations and communities and tribes within infosec that provide that safe space right if nothing else you can always look at someone the group's code of conduct and be like is this some place that i want to go try it out more than likely it's going to be a place like you know let's talk because i think in vulnerable and i think all of all three of you've mentioned like you want to obviously go and share your thoughts people but identifying who that person is right whether it is a friend but my friends like none of them are in intersex if i talk anything about influenza they're just like okay mozzie like do you have any guy troubles like what can you talk about that you can you know um so but identifying who is whether it's coming from like a mentor role or coming from some sort of group i think that's key um so now going in going along that line right so if we're talking from someone who's new to cyber apart from the vulnerability and finding communities right what kind of skill sets um apart from what it says in the job description which is like pages long on some parts that i don't understand why but what kind of skill sets are transferable across domains right because as a new person i may not know and have not identified the exact domain that i want to be part of or if i'm pivoting right um from like a life science field from a tech field from something completely different what would be like two or three if you guys could share that's key so i want to say soft skills are always transferable communication written research great listening skills um those are transferable skills regardless of where you are written skills everyone wants to you know i want to be a hacker i want to be a pen tester but at the end of the day they don't understand they have to write these reports and the reports they have to write they have to write reports in such a way that you know a manager or an executive needs to understand what risk looks like you know so written written skills it's really high on the board that's one thing that i really push um you know if you're in college right now think about actually taking a some sort of technical writing course um it's really relevant to security and i think that that is not you know spoken about enough that you need to be able to write you know in in technical writing in particular um communication again another soft skill because you have to understand first one your audience you know you have to be able to translate and communicate if you're speaking to a technical audience you have to be able to speak the language if you're speaking to an executive you have to be able to speak the language but these are again a basics of one-on-one in communication understand your audience these are again it's nothing new but sometimes we sometimes forget when we're engaged um a lot of times based upon the topic and we just literally lose sight but again it always comes back to the basics know your audience and communication um listening you have to be able to listen to understand first of all you know there's an issue am i actually hearing what this person is saying to me or have i already formulated a response and they haven't completing completed what they're trying to translate to me so having great listening skills is helpful um so i want to say those soft skills are transferable wherever you go research again cyber security is about research we don't know everything so we've got to go and conduct research you know so those so i would look at that organizational skills being able to um you know formulate what you find and then organize it in such a way that you can now communicate it um that's really good if you're a sock analyst you're out there you're conducting all of this intelligence how do you organize this intelligence to communicate it you know to some your stock manager or the stakeholder where they are impacted so those are my um skills that i will look at being transferable um in any field within cyber and i'll jump in here um i would like to tell you guys one your own personal level of resilience is going to get you much further um because they're going to tell you and because i'll give you the perfect example they told me when i came out of the fbi and i started interviewing in private industry that i wasn't qualified because the government didn't understand private industry now you can barely get a cecil role without having some type of government experience right um so don't don't believe the hype your mental resiliency is very very important uh i am the director of information security and and privacy for a life sciences company right so every every field that you have ever thought about being in and you want to transition into cyber security whatever that subject matter expertise is whether it's life sciences i've done life sciences i've done banking you know health care media uh every every job has a cyber security every vertical has a cyber security element to it so don't let them make you bully i mean i even know a a a ballerina that transferred into cyber security right and so so don't allow them to tell you that your skills are not transferable it's trying to now articulate how those skills for a particular job description right and there are organizations out there there are apprenticeships programs out there uh that that uh safal partners is is a partner of minorities in cyber security they have a a you know a program by which they they you know they have apprenticeships i was struggling with that work they have apprenticeships that you could actually if you're transitioning into cyber you go to one of these apprenticeships programs and then you can get a job so there are ways to hack it you just have to not let them tell you it's not transferable because everything that you do in every field that you've ever been in in life there's not one thing that does not you i could tell you about family law there is a cyber security element to that because i've had cases in family law so understand that it's just a matter of figuring out what you love to do because if you're over insurance you probably don't want to do you know security for it as your company you may want to but it's just figuring out how you now utilize your business knowledge because business knowledge is 100 important to understanding risk and cyber security and privacy requirements that that that will go a long way for you to be transferable so let me um um piggyback off of this because my background right while i'm in cyber i am also a licensed cosmetologist and a poet right so i have a creative nature and that's the other side to you know working with individuals who are looking to get into cyber because they always think you have to come from an i.t background or some sort of technical background well yeah i'm a licensed cosmetologist and i'm still licensed and i still write poetry and so that nature alone that creative nature allows me to think out the box so it's unnatural for me because when we are looking at individuals coming into cyber the first thing we say is you know we need for you to think out of the box you know and sometimes it's easy for others and sometimes it's not and so those who have a creative nature it's a natural for them and so the one thing that i say because of having that creative nature is that i bring diverse solutions to problems because i'm all over the place thinking on how to resolve it because of my creative nature so i i want to piggyback off of mary because again you know you have you know different backgrounds and they're all not the same and while we may be in these careers you have no idea what we've done i've worked as a medical a certified nursing assistant right and you wonder where empathy comes from it comes from working with the elderly and the sick so we have these backgrounds that we bring that don't actually get introduced on the job because we are sometimes afraid to say what my background really is you know because we think that that may hinder us but i'm here to empower you and say hey i'm a licensed cosmetologist and a poet i bring diverse solutions to your problems because i naturally think out of the box so that's a way to empower people that's awesome this is kind of piggyback and someone asked this um on our q a as well right so when we're talking about these transferable skills but now in your own rules right what i'm gonna what's the most challenging aspect of what it is that you do and i know that i believe each of you actually play multiple roles so i guess you can like tell us which rule you're going to tell us about um and then the most challenging aspect of it i'll go first so you guys are thinking about it so my role in the corporate space is to do with this threat intelligence team and most i think the most challenging aspect of it is how to socialize new ideas right when you're trying to improve the processes or the systems how to make it and get that buy-in from the team members and like the other business units that's so those are the soft skills communication building relations building friendships um i think each of you have covered that is all very much key and i guess that's what i struggle with but yeah at my level um as i think across my career the most challenging aspects of being an executive in private industry is the politics right um that has derailed me more often than not i love cyber security and privacy i love building teams um and i i usually because i'm a protector i'm a fighter you know i'm you know i wish you would come confrontational type of thing i've i always place myself in between my team and the politics but the politics of it and trying to get things accomplished and you know getting people motivated because nothing that we do in this space cyber security and privacy ha can be done in in a vacuum so you have to coordinate you you actually have to have those skills that you get have to play nice with others and you know trying to you know lead by example you know those have been my most challenging times have been working with my peers and trying to get them to move on something that's important to uh the security team itself we can't do it without you and then they're dragging their feet so that has been one of the things that has always irritated me because my thought process is i'm here that this person doesn't pay my paycheck the company pays my paycheck i'm here to do what's in the best interest of this organization we can disagree on the right what what is or is not however something needs to get done so that that that that's what happens when you you know when you become a people leader and you're you know you're dealing with executive level stuff and it gets worse the higher you go as far as the policy [Laughter] gina so sure i'll agree with mary and also to be um [Music] just not being seen or heard you know you provide value you're literally there for the mission and however a lot of times people are on some personal level stuff way beyond the mission and i'm not sure if it's because you know you know we're women possibly in this industry that they're that they think we're all there for that well i'm not you know i've spent most of my career um working with men and so i'm pretty much you know i'm going in for the mission and the impact and you know let what can we do you know to be of value to be of service how can we protect and defend so i'm in this world of living this i've been trained for cyber war let's come in and let's do this thing and then everybody else is on something personal and so that's a challenge for me because you know at the end of the day you know the goal here is to make an impact and to really help someone with the mission because the mission is greater than one person in any of the personal issues that people have and it's like i just wish they would just leave that at home and understand that they're literally here for the mission and that's it and don't take anything personal right because constructive criticism improves us all we all could stand for improvement you know but yeah that that personal side in and then just you know having individuals to see you but don't see you you know so then you have to be more assertive than the next person coming through the door or more assertive and then if you're more assertive then you get a label and it's like wow so i can't win for losing so since i can't win for losing i come in at full sting because what do i have to lose at this point it's i can't win it's i'm getting ready yes i and i i don't i don't think it's just a gender thing some sometimes i get like based on my age or how young or so you know like and then be like oh well we just know more i'm like okay but here is what i said again that soft skills those communication skills are so so much needed and such uh because those are the challenges that we see what are your thoughts on this uh so the challenge is so on my level uh i'm more of a technical uh background and when uh creating something like on the coding level or scripting level uh it's the uh that people that want you to create something and who don't understand technical stuff so explaining them uh sometimes it's hard so you have to know like both aspects whether like you have to be in their shoes also and ideally they should be in your shoes also like they should understand how things work but it's hard for them because learning non-technical stuff i would say it's relatively easy than learning coding and technical stuff i think that's what i think but yeah like this bridge between technical and non-technical thing i think i faced this uh once or twice and not many but yeah okay i'm gonna do secrets easier than technical we'll keep that to myself but the last minute that we have left just a quick if you could go around the panel um with any kind of concluding thoughts um or anything else that we have left i'll i'll jump in there and i'll uh approve we're gonna have to have a conversation because i'm a i'm a coder by trade but i haven't been hands-on coding in oh 20 some odd years but i don't actually have to know how to code in order to understand the security behind it but we'll we'll say that for another day all i would actually say is consistently in regards to your mental resiliency right your your stamina building your stamina and not allowing outside forces to derail you from the goals that you set for yourself that that is the most important thing because as you think is as as you will achieve well what do you never heard of anything sure so engage is really important and know that you know when you come through the door have some goals set for yourself like some quick wins to make an impact to show that individual that hired you that employer that they did not waste their money or their time that you are here to make an impact whether you're an entry-level aspiring or someone who's been in the industry for years but you're literally there to support their mission in their business you're there to be impactful and one way to do that is to engage i would say never stop learning i think many people in my circle they like whether you have a job or whether you're just studying i think always learn or try to learn new things because i think sometimes people like okay they got a job and they then been there like for a long time and they stop learning new thing so just try to like learn things that you don't already know so yeah okay great thank you everyone again uh for listening to our panel right thank you to the panelists and david and the rest of the sans institute for bringing this and making it happen well thank you first of all mary aperve gina thank you so much i i also really want to thank monster you put together this whole panel this this was this would not have happened without you so don't thank me i'm not the one who needs the thanks here thank you all very much i can just tell i was reading along in the uh hallway channel why you guys were talking and i you know more than most of the other sessions i think it seems like people are getting good advice but they're also getting a lot of inspiration from your stories and so thank you very much we very much appreciate it

Original Description

Whether you’ve landed your first or your fifth role in cyber, whether you're a student or thinking of studying cyber, this talk is for you! The distinguished panelists will share actionable ways to hack your growth in the industry, join the community and the resources available that will allow you to take the next step. Moderator: Mansi Thakar - https://twitter.com/mansimusa Panelists: Mary N. Chaney, Esq., The Cyber Security Law Firm Of Texas Apurv Singh Gautam, Student Researcher, Georgia Institute of Technology - http://twitter.com/ASG_Sc0rpi0n Gina Sharp, Cybersecurity Subject Matter Expert
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 0 of 60

← Previous Next →
1 SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
2 SANS Institute Cybersecurity Training Customer Stories
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
3 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
4 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
5 CISSP® Prep Exam, MGT414, by SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
6 SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
7 Information Security Training from SANS Institute - Student Testimonials
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
8 SANS NetWars
SANS NetWars
SANS Institute
9 SANS DFIR NetWars
SANS DFIR NetWars
SANS Institute
10 Hack The Drone - SANS Cyber Academy UK
Hack The Drone - SANS Cyber Academy UK
SANS Institute
11 SANS VetSuccess Immersion Academy
SANS VetSuccess Immersion Academy
SANS Institute
12 SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
13 The 2015 SANS Holiday Hack Challenge
The 2015 SANS Holiday Hack Challenge
SANS Institute
14 SANS VetSuccess Academy: Hands-on Skills
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
15 SANS VetSuccess Academy Overview
SANS VetSuccess Academy Overview
SANS Institute
16 SANS ICS Security Summit & Training 2017
SANS ICS Security Summit & Training 2017
SANS Institute
17 Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
18 WannaCry recap, patches, and analysis
WannaCry recap, patches, and analysis
SANS Institute
19 If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
20 Graduation Day - SANS HM Gov Cyber Retraining Academy
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
21 Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
22 SANS Data Breach Summit & Training 2017
SANS Data Breach Summit & Training 2017
SANS Institute
23 SANS Secure DevOps Summit & Training 2017
SANS Secure DevOps Summit & Training 2017
SANS Institute
24 How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
25 SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
26 SANS Cybersecurity Programs for the Department of Defense
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
27 SANS Pen Test HackFest Summit & Training 2017
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
28 SANS SIEM & Tactical Analytics Summit & Training
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
29 If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
30 SANS Institute
SANS Institute
SANS Institute
31 ICS515: ICS Active Defense and Incident Response
ICS515: ICS Active Defense and Incident Response
SANS Institute
32 SANS Institute
SANS Institute
SANS Institute
33 Introducing the NEW SANS Pen Test Poster
Introducing the NEW SANS Pen Test Poster
SANS Institute
34 SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
35 SANS ICS Security Training, Munich, Germany
SANS ICS Security Training, Munich, Germany
SANS Institute
36 SANS Automotive Summit Webcast
SANS Automotive Summit Webcast
SANS Institute
37 Privesc Playground - SANS Pen Test HackFest Summit 2017
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
38 Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
39 Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
40 SANS Security Operations Summit & Training 2018
SANS Security Operations Summit & Training 2018
SANS Institute
41 Sh*t Happens!  (But You Still Need to Drink the Water) – SANS ICS Summit 2018
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
42 ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
43 You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
44 A Sneak Peak at the New ICS410
A Sneak Peak at the New ICS410
SANS Institute
45 Jumping Air Gaps – SANS ICS Summit 2018
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
46 Introduction to Linux
Introduction to Linux
SANS Institute
47 Introduction to Malware Analysis
Introduction to Malware Analysis
SANS Institute
48 You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
49 Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
50 Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
51 Apples and Oranges?:  A CompariSIEM – SANS Security Operations Summit 2018
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
52 SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
53 SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
54 The Science of Security: The Psychological Impacts of Security Awareness Programs
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
55 How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
56 Practical Advice for Submitting to Speak at a Cybersecurity Conference
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
57 SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
58 SANS Webcast - Zero Trust Architecture
SANS Webcast - Zero Trust Architecture
SANS Institute
59 SANS STX Cyber Range
SANS STX Cyber Range
SANS Institute
60 Part 1 – SANS Institute and Tenable talk about cloud security
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute

The panel discussion provides insights and advice on how to hack growth in the cyber security industry, covering topics like career development, mentorship, and soft skills. By applying these concepts, individuals can advance their careers and make a meaningful impact in the field. The discussion also highlights the importance of research papers and vector databases in RAGs.

Key Takeaways
  1. Build a support network of trusted individuals
  2. Engage in a trusting environment
  3. Reach out to high-end professionals
  4. Be vulnerable and ask questions
  5. Create friends and talk freely with them
  6. Read and understand research papers
  7. Apply research findings to career growth
💡 The importance of soft skills like communication and vulnerability cannot be overstated in the cyber security industry, and individuals should prioritize building these skills to advance their careers.

Related Reads

Up next
A Vibe Coder In His Natural Habitat
SCALER
Watch →