Joining us for another episode of our special National Cybersecurity Awareness Month series is Ashley Baich. Ashley is the Readiness and Crisis Management Security Consultant at Accenture in their Cyber Investigation, Forensics, and Response (CIFR) practice, responsible for helping organizations flex their crisis response capabilities. She chats with host Sherry Bevan about her journey into cybersecurity and why she had her sights set on the field before even graduating. Ashley also speaks on the challenges and possible turnoffs going into such a male-dominated industry, the strides being made to close the gaps, and the opportunities for more women entering the field. Tune into this episode to learn more.
Listen to the podcast here
Interview With Ashley Baich Of Accenture To Celebrate National Cybersecurity Awareness Month
In this mini-series, to celebrate National Cybersecurity Awareness Month, I’m talking to several women about their careers in cybersecurity. In this episode, I’m delighted to be talking to Ashley Baich. Welcome, Ashley. Thank you so much for joining me.
Thanks for having me, Sherry.
Ashley is a readiness and crisis management security consultant and has been working for Accenture for the past two years. Let’s jump right in to find out more about Ashley’s career in cybersecurity. Ashley, I know you’re a fairly recent graduate. What did you study before you got started in your consultancy career?
I graduated from the University of North Carolina, Chapel Hill, which is on the East Coast of the United States. I graduated with a BS in Information Science and a BA in Journalism.
Information Science and Journalism are quite an interesting mix. Was there a lot of overlap between the two?
Not overlap, but they complemented each other pretty well. I always knew I wanted to go into cybersecurity in some capacity and use those four years of undergrad to decide what aspect of security I wanted to be a part of. My Journalism degree came from the desire to bridge the communication gap between IT and business. Unfortunately, my university didn’t have a degree in Cybersecurity. Information Science was the closest thing that I could major in that gave me a little glimpse into the cybersecurity world, but I still had a lot to know when I graduated in 2020.
I’m curious because I don’t know many people who go to university thinking they want to get a career in cybersecurity. What is it about cybersecurity that piqued your interest so young?
My father has been in cybersecurity for the past 30 years. It was definitely a topic at the dinner table. That’s definitely where I initially found a spark, but then I was gifted the very unique opportunity in my senior year of high school to write a white paper for a startup. I’ve always been very passionate about writing. I didn’t know what type of writing I necessarily would want to do long-term.
The startup approached me and asked if I would be interested in writing a white paper. That white paper turned into five wonderful years being on their marketing team as an independent contractor as I went through my university years. By the end, I was the longest-standing member of their marketing team. They were acquired by Symantec, which had turned into Broadcom.
It was a great experience, but that was my first exposure to cybersecurity personally, besides hearing about it. I saw the wide variety of opportunities within the field. Even if at the end of the day, I only wanted to write, it was a cool thing to write about. That passion shifted more to the incident response crisis management side of the house, but that’s how I started. It was in my senior year of high school. I was eighteen years old trying to make a little extra money and here I am now.
There’s a wide variety of opportunities within the field.
My father worked for IBM so it was almost a given that I was going to end up in technology in some shape or form, but it certainly wasn’t the career that I had planned on doing. Often, it’s those conversations around the dinner table that spark or ignite a thought of what you might want to do later in life. How did you make the move into the role that you are doing now? Tell us about what you do now.
In between my junior and senior years of college, I realized I probably should get myself an internship. I had a lot of Business major friends who were applying to consulting. I was like, “Interesting.” I didn’t know that much about it. I started looking and saw that cybersecurity is an aspect of consulting. You can consult for cybersecurity. As someone who didn’t have a lot of experience in cybersecurity besides my marketing experience and then my Information Science degree, I was like, “We can do that.”
I had the opportunity to intern for Accenture between my junior and senior years. I worked for Accenture Labs. It was internally facing. I was helping them bridge the communication gap between all the awesome research that our researchers were doing and their ability to communicate that with the consultants to then be able to share with our clients. I still got to use my journalism degree and do that, but get to touch on different aspects of cybersecurity that I didn’t have the opportunity to do on the marketing team.
I then received my return offer going into my senior year of college, which was great. I got to enjoy that senior year knowing that I had a full-time job waiting for me at the end. I joined our technology development program as a security analyst. It’s a soft line to financial services. What was great about that start was I got to touch on a wide variety of cybersecurity projects. I did policy writing, a merger of two large financial institutions, and picking and choosing the best of each security program. I got asked to be part of surge support for nine days for a client who needed more hands and more help. Nine days turned into four months. I enjoyed the crisis management and response work that I had the opportunity to do for that client.
Slowly but surely, I found my way to the CIFR team and officially joined in November of 2021. That was my journey to my current role. As part of the Cyber Investigation, Forensics and Response team, I have the opportunity to help organizations prepare for crises as a readiness consultant, but then I also have the opportunity to go in as part of the crisis management team during actual incident response to help the C-Suite manage the crisis.
That sounds like you’ve crafted your journey into cybersecurity and it sounds like you’ve landed on your feet. I can tell from your enthusiasm that you love what you do, which is always good when you’ve got work that you enjoy. Ashley, clearly you love what you do and you’re very passionate about it. What’s been your biggest challenge working in the cybersecurity world?
I think the biggest challenge that I’ve had to deal with is something that a lot of people have dealt with working through the reality of a huge organization. With Accenture, I think we are at 750,000 employees now. It’s a huge organization and what comes with that is a set of rules and procedures that must be followed. The largest challenge I have seen as it relates to that is when it comes to the promotion cycle. While I wish at the end of the day, it was solely based on performance and what you’re bringing to the cap table and what you’re capable of and the experiences that you’ve had, at the end of the day, there are rules around how long you have to stay at a level before you can be promoted.
That can be a frustrating challenge to endure because as part of the crisis management team, I’ve had experiences where I am sitting next to the global CISO of a Fortune 100 company, working with them directly day-to-day, and have made considerable impacts on their crisis response. While that might fall under the roles and responsibilities of someone at a much higher level than myself, I am still under the pay band and roles and responsibilities of a consultant.
It’s a challenge I deal with daily, but one thing that makes it enjoyable still is the team that I work for. Having the opportunity to sit next to the CISO, even with the title of consultant is quite an honor. We run a relatively flat team, which makes me have those opportunities. While it’s still a challenge, I’m able to overcome it by thinking about it that way. At the end of the day, if I’m still able to perform the responsibilities that let’s say a manager would perform, I’m still fulfilled.
What about your proudest achievement?
I would say my proudest achievement to date was the opportunity to set foot on a client site during a major cyber crisis. I walked into their war room and see the absolute dread on some of these C-Suite faces not knowing what the week was going to hold and how they were going to recover from this incident. Sitting beside them for three months over the Christmas holiday and not leaving that project until there were smiles on their faces. We had overcome all of the challenges.
They were in recovery. They were transforming their security posture and had the buy-in from the rest of the C-Suite to do so. They were getting the money they needed from the board of directors to continue to make this transformation into a stronger security team. I can’t put into words how that makes you feel. You go in when they’re at their absolute worst and you don’t leave until they’re in a much better situation.
It gives you that warm fuzzy feeling to know that you’ve gone in when they’re in a crisis and you’ve left when they’ve got those smiles on their faces again.
You can see the impact that you’ve made. I truly feel like I’m making a difference and that’s very rewarding.
What do you see as being the most valuable skills working in this sector?
In my role, I would say that the most valuable skills are oftentimes soft skills. I have a wonderful incident response team that goes in and does the more technical responsibilities when it comes to responding to a crisis like doing the forensics, eDiscovery, and all of that. My role specifically is more soft skill driven. It’s the ability to understand what the incident response team is doing, what the findings are, and drive the business value from that. Also, be able to communicate that with my key stakeholders, but then also help my key stakeholders communicate that to the rest of the organization.
The most valuable skills are oftentimes the soft skills.
In the meantime also, the organization is a huge one. During a crisis, there are a lot of different workstreams going on. There are a lot of cooks in the kitchen and third parties that need to be considered and things of that nature. Helping the C-Suite be able to organize themselves and develop relevant tasks, prioritize those tasks, and assign them to the right individual is extremely valuable. In a high-stress “what’s going on” situation, it takes a lot of organization and the ability to step back, remove yourself from the stress, have an open mind, and think through the strategy of how you’re going to tackle the day, the hour, the next ten minutes, and things of that nature.
Those are the two key skills that have helped me be extremely successful in the crisis setting. In the readiness setting, since I don’t just do crises, those are very high intense and long day situations. When I have the opportunity to take a step back and do readiness work, go into a client and help them enhance their incident response plan or run a crisis simulation and things of that nature, communication is still important. Also, being able to think outside the box and think through the crisis situations that I’ve been a part of. Helping organizations proactively continue to improve their incident response capabilities so that they can respond the best when they do fall victim is another skill that is important in the incident response crisis management world.
Opportunities for women in the sector, I know that there seems to be a skills shortage generally, but what are the opportunities for women in the sector?
They’re endless. I’ve talked to marketing. I’ve talked to communications and the business side of things. There’s a huge technical shortage as well. For me, being a part of that technology development program to start helping me identify what niche I wanted to be a part of, and there are endless niches. You can create your own.
I don’t necessarily think that my career path is going to be just crisis management, but even crisis management as a workstream is something that is still so new. There are not many organizations that have invested in that workstream yet. The beauty of the opportunities is endless. You can have an open mind and create your own. At the end of the day, there are a lot of organizations that would love to invest in women who are interested in developing a skillset, and finding what they want their niche to be.
It’s identifying a current gap in the security program where you can use the skillset you have to provide unparalleled value. That’s a hard question to answer because there are so many different ways that I think you could. For anyone that’s interested in getting involved and doesn’t think that they have the background to make a decision on what niche they want to be a part of, to begin with, I know most organizations these days have that development program. They have the opportunity for you to start and look at cybersecurity as a whole. Pick what aspects you want to be a part of and try them out. That is extremely beneficial and a great approach to getting your feet wet.
Ashley, you’ve talked about some of the skills that you use, but what do you think puts women off applying to work in cybersecurity?
There are two things and they go hand in hand. I’ll start with the first and that’s job postings being daunting in and of themselves. You look at the skills required or even what the description of the job is. This is not only in the cybersecurity field. Oftentimes, someone may not be super confident in the fact that they are the right fit. Typically, if I look at a job posting and I’m not sure if I’m the right fit, I would still apply and go through the interview process. That’s the whole point. You’re interviewing the company as much as they’re interviewing you so you can see if there is a good fit.
When it comes to cybersecurity and the gender gap that we already see within the field, it can be a turnoff for women. They look at the job posting. They’re unsure. Maybe they do still have the courage to apply, but then every interview that they have from that point on is by a very successful senior male figure. It’s hard for them to imagine themselves in that role as a female, knowing that they’re going into a very male-dominated environment.
It’s hard for women to imagine themselves in that role as a female, knowing that they’re going into a male-dominated environment.
I am the only female that is on the crisis management team, and one of three females on the readiness team at Accenture. I’ve had a great experience. Someone had to point out to me that I was the only female on the team, but I know everyone doesn’t have that experience. It takes a lot of courage to put yourself in those uncomfortable situations to even apply for a job you’re not fully confident in.
You add that to the mix and it can be extremely daunting and a turnoff to many. I think there’s a lot of change in the cybersecurity field these days. People are aware of the fact that it is male-dominated. I will give a shout-out to my male leaders. They pointed out and they have the conversations. They’re trying to make strides to minimize that gap. As women, we also have to apply for them to be able to minimize the gap. I don’t want to forget that part of the equation too.
Finally, what’s your top tip for anybody that wants to get into cybersecurity? What would you suggest they do?
I would go in head first. If I’m being honest, as we’ve talked a lot about here, there are so many different opportunities and skillset that you can leverage to be successful in the field. The way that I was able to find my path was going in head first trying a wide variety of things until I found my niche. I would encourage anyone who has any potential desire to be in cybersecurity to go in and give it a try. We have such a shortage. Everyone is going to be grateful that you’re there.
If you’re on the right team, they’re going to encourage you and teach you along the way. At the end of the day, it’ll be a great learning experience. At the very least, you might find your niche and passion, and years later, be excited to go to work every day and want to have the opportunity to be on shows like this to encourage others. I couldn’t say enough positive things about my experience thus far. I would recommend for anyone that’s potentially interested to go in head first and see how you feel a few months in.
Ashley, thank you so much. I’ve enjoyed hearing about your career, how you got started, and the skills you use. It’s fantastic to hear somebody talking about cybersecurity with such enthusiasm and passion. Thank you very much for joining me in this episode.
Thank you for the opportunity.
If this conversation has sparked or thought in your mind about how you recruit your female talent, let’s have a conversation. To give you the opportunity to ask any questions you have about the work I do with cybersecurity companies on attracting, developing, and retaining more female talent, simply email me at Sherry@SherryBevan.co.uk to book your call. Thank you and I’ll see you in the next episode.
About Ashley Baich
Ashley is a security consultant whose work is focused on proactively improving organization’s resiliency to cyber threats and advising organizations through cyber crisis’. A readiness and crisis management consultant at Accenture in their Cyber Investigation, Forensics, and Response (CIFR) practice, she is responsible for helping organization’s flex their crisis response capabilities.