Cyber Threats

CGP 21 | Cyber Knowledge
Oct 1 2022 0 Comment

Delivering Trusted, Clean, And Accessible Knowledge With Rebecca Taylor Of Secureworks To Celebrate National Cybersecurity Awareness Month

Podetize HostingPodcast

 

Trusted information is crucial in an industry where one wrong move stands between being protected and attacked. This is the heart of Rebecca Taylor’s position as the Threat Intelligence Knowledge Manager at Secureworks. In this episode, she sits down with Sherry Bevan to tell us more about her role, along with the interesting career journey that took her from studying English and Creative Writing to the cybersecurity space. Rebecca talks about the importance of having trusted and clean knowledge accessible to the right teams. What is more, she also shares some of the challenges she faced as a woman in the industry, offering advice for others as they step into their career in a male-dominated space.

Listen to the podcast here

 

Delivering Trusted, Clean, And Accessible Knowledge With Rebecca Taylor Of Secureworks To Celebrate National Cybersecurity Awareness Month

Let’s get into our episode. In this mini-series to celebrate National Cybersecurity Awareness Month, I’m talking to women about their careers in cybersecurity. I’m delighted to be talking to Rebecca Taylor from Secureworks. Welcome, Rebecca. Thank you so much for joining me.

Thank you so much for inviting me.

I’m delighted to talk to you. Rebecca is the Threat Intelligence Knowledge Manager at Secureworks. Let’s find out a bit more about her career journey. Perhaps to set it into context, could you start by telling us a bit more about Secureworks and what they do?

Secureworks is a cybersecurity leader. We focus on enabling customers and partners to out space and outmaneuver adversaries in a more precise way so they can respond to cyber threats and risks. It is achieved in lots of different ways by using things like cloud-native, security platforms and different intelligence-driven security solutions. That’s backed up with lots of threat intelligence and research. We’ve got a lot of large teams that are equipped with the best people in the world to help protect customers.

How did you get started in an IT or cybersecurity career?

The biggest thing about knowledge is that it has to be trusted.

For me, it was very much by chance. When I was 24, I was working in kitchen goods dealing with kitchen insurance for appliances. I didn’t know what my calling was. I’d studied English and Creative Writing at the University of Portsmouth. I was finding my feet. At that time, I received a phone call from Secureworks Talent Acquisition asking if I would be interested in interviewing for a personal assistant role. I jumped at the chance.

When I’m walking through that door the first time, I knew very much that I’d found an organization and an entity that could give me a great platform for growth and development but also an industry that was always going to keep evolving, one that was never going to go away. Over the last few years, I’ve focused on studying, getting as much exposure to the organization, IT and cyber as possible, making a footprint and working hard. I’m in this fabulous position where I’m their Threat Intelligence Knowledge Manager and counter-threat unit.

What exactly is it that you do on a day-to-day basis?

From a high level, what it means is that I’m responsible for ensuring that we ingest all threat intelligence to the best of our ability and that it’s standardized, maintained and accessible for those who need it. On a day-to-day basis, my role can vary quite a lot. It depends on what we’re seeing, what we’re hearing and what we need to ingest and work on but ultimately, I need to make sure that what we have is accessible, our knowledge is clean and it can be used by whoever needs it.

When you say that our knowledge is clean, what does that mean?

CGP 21 | Cyber Knowledge
Cyber Knowledge: It isn’t necessarily about having these huge qualifications. It’s very much about just being open to listening and learning as things change around you.

 

It’s been put in the correct format that’s accessible to the right teams, stored in the appropriate ways and can be trusted because the biggest thing about knowledge is that it has to be trusted. If you start letting knowledge seep through that maybe isn’t accurate, it can not only affect us internally. It could be as simple as a threat researcher is misinformed or it could go the whole hog and end up being that a customer ends up misinformed. That’s the one thing we don’t want to happen. To make it clean means to make sure that it’s accurate and trustworthy.

Thinking about your career, what’s been your biggest challenge?

For me, it’s been a mixture of things. Like a lot of people, my biggest one has always been self-doubt. I knew for a long time that I wanted to progress and do more but it took me a very long time to get in the headspace to believe I could and that I could do it. I relied on quite a lot of mentors in my organization to help get me into that correct and good head space. The second real challenge for me has been a lot about gender stereotypes.

I am a mum. I do have that label and I carry that label as a woman but I also want to have a career. I do have my goals and ambitions. I found that I do work in cybersecurity but I didn’t want to necessarily be in the gender stereotypical role in the cyber field. Breaking through that, being able to become more technical and hopefully, in time, become a specialist has been a journey for me but also breaking down gender stereotypes that maybe friends or family have held of what I should be like and what I should do has been a challenge as I’ve pushed through with my career.

There’s that stereotype of people who work in cybersecurity being geeky and very introverted people. It is the stereotype that we often see but to be successful in cybersecurity, you need to have strong interpersonal and communication skills.

The real beauty of cyber security is that it’s not going away and that it’s very present.

It’s a mixture of assumptions of what a person in cyber is or should be. There’s the weight or the vision that we carry of what a woman or a mum should be. It’s taken me time to bring those all together and decide, “I don’t have to fit with any of them. I can be myself. I can have a footprint that is made by me in the way that I want it to be.” It took time for me to own that and be confident with that. Also, to know that I was doing the right thing by me.

When we realize that we can go to work, be ourselves and bring our whole selves to work is when we start to make progress in our careers and have the biggest success. It’s getting to that point and that can be challenging sometimes. You mentioned the mindset and referenced Imposter syndrome. What was the biggest thing that helped you get over that?

For me, I started to explore not only mentoring but training opportunities. I joined this Releasing Female Potential Program that was run by one of our sister companies. By doing that, I changed my perspective of I can do more and that it is okay to want more, regardless of the fact at that point in time, I didn’t necessarily have any technical qualifications. It’s all about what you make it. I knew that I wanted to do more, could do more and needed to get to do more.

I bounced off of that program and found myself a good mentor. I’ve got three because they all offer me very different perspectives, opinions and support. Finding the right mentor for me that could help drive me, help connect me with people that maybe were more like me or that could appreciate what I was trying to accomplish. It all helped me to get to that point.

Thinking about cybersecurity, there are training and qualifications. I imagine that to be successful in cybersecurity, you’ve got to constantly be training and learning new stuff.

CGP 21 | Cyber Knowledge
Cyber Knowledge: Finding the right mentor for you can open up so many more opportunities and give you that platform to excel and find the career you’re looking for.

 

The real beauty of cybersecurity is that it’s not going away and it’s very present. Keeping abreast of what’s happening in the media, making sure that you’re reading up and seeing what’s happening in itself is a way for you to learn and develop. You can begin to see new ways like what may be threats are behaving, new risks changes, evolutions and all these kinds of things.

At least at Secureworks, you do get to learn a lot on the job. By having that exposure, seeing the threat landscape change and evolve and having access to the latest threat intelligence and metrics, you can learn as you go along. It isn’t necessarily about having these huge qualifications. It’s very much about being open to listening and learning as things change around you. Technical qualifications can support. I did English and creative writing so I had in no way any kind of technical background.

You can pick up stuff as you learn and it doesn’t have to cost you a fortune. There are so many free courses available. You’ll probably find as well if you have a mentor that you can do lots of training through them. If you pick the right ones, at least they can teach you what they know and share that knowledge. Whilst there is sometimes the need for training qualifications, it isn’t the be-all and end-all.

Thank you for explaining a bit more about that. It’s quite interesting that 2 or 3 people that I’ve spoken to have studied English or History and then have gone on to have a career in cybersecurity. I find that quite fascinating. I’m wondering. What’s been your proudest achievement in your career?

I have a few. I spoke about that Releasing Female Potential Program. That was a big achievement at a time when I needed it to flick that switch and get that drive to progress in my career. I’m also very proud of the fact that I have pushed myself. I have got 2 amazing points in my career but I also have 2 children and like a lot of us, I have gone through the pandemic too.

The cybersecurity industry worldwide is facing a talent shortage.

Having that career, having that identity that fulfills me, owning my ambition and having that drive is something I’m super proud of. If I suppose, take it back to my career, being the first Instant Response Knowledge Manager and the first Threat Intelligence Knowledge Manager is a real pat on the back for my organization that they do believe and trust in me.

What is it that you enjoy about the work that you do?

I’m in a lovely position where I confidently know that I am making a difference and that I am contributing to the cybersecurity community. That’s something that does mean a lot to me and is something I enjoy. I’m able to do conferences, write blogs and mentor. I feel like I’m leaving a solid footprint and a good legacy, which is important to me. I’m lucky as well that Secureworks is a remote-first employer. That means that 90% of us are remote workers. That is something I enjoy about what I do because I don’t have the pressure of having to commute or make sacrifices in terms of being there for my family. I can have the best of both and be as involved in my career and with my colleagues as I can be with my family.

What do you see are some of the potential barriers for women in cybersecurity or perhaps aren’t in cybersecurity yet but would like to move into that area?

The biggest barrier was the lack of women in high-ranking cyber positions. Sitting there knowing that I wanted more but not seeing necessarily that inspirational figure, I didn’t know whom I could look up to who maybe had a similar path or a family like me. Also, similar ceilings like we have. That is improving. There is more representation but I do think for younger people or those who may be looking to progress into STEM, it’s hard if there is that continued lack of representation.

CGP 21 | Cyber Knowledge
Cyber Knowledge: There are so many different facets to cybersecurity. You don’t have to fit a mold that maybe you’ve built into your own head.

 

I still think there’s a lot that needs to be done from a diversity and inclusion perspective. As a woman, I do have different needs from my counterparts. I do face different adversities and have different stereotypes and external demands, potentially to some of my other colleagues. There’s this whole space that needs to be explored to make cyber more inclusive but until a lot of these larger cybersecurity organizations start pushing and changing their D&I initiatives, there’ll continue to be that gap and barrier for people wanting to have a cybersecurity career.

Having role models in more senior positions, you often hear people saying you can’t be what you can’t see. We’re starting to see change but sometimes it’s slower than I want it to be. It’s good to see that things are starting to change. You’ve talked about potential barriers. What about opportunities for women in the sector?

There are a lot of opportunities. The cybersecurity industry worldwide is facing a talent shortage. It is something we talk about quite often. We need millions more people so the opportunities are very real. There are lots of roles out there. We only need to apply for them and believe in ourselves to make that application. In the same way within our organizations, there are ways we can be advocating and promote opportunities for women, things such as via our employee resource groups, newsletters, reward and recognition. There are lots of different ways to help women rise.

Another huge opportunity is all these sub-security courses that are available. There are loads of free ones that I have used like FutureLearn, which I massively recommend. For me, mentorship was a real game changer. Finding the right mentor for you can open up so many more opportunities and give you that platform to excel and find the career you’re looking for.

Something occurred to me while you were talking. There are certainly lots of opportunities. It’s for us to go and reach out to those opportunities. If women are reading this who are thinking about a career in cybersecurity, what would you say are the skills that they need?

It does depend. When people think about cybersecurity, they think it’s sitting behind a computer, knowing technical skills, knowing how to hack or code and all these things but that isn’t it. There are so many different types of roles in cybersecurity. There are marketing teams, finance, design and speaking opportunities. There are so many different facets to cybersecurity so you don’t have to fit a mould that maybe you’ve built into your head. If you want to apply, think about what you enjoy doing and find the cyber role that fits that. You don’t have to change yourself just because you want to work in cybersecurity.

Rebecca, thank you so much. I enjoyed talking to you. If people want to get in touch with you, you’re on LinkedIn, aren’t you?

I am, indeed. I’m happy to take any questions or help where I can.

Thank you so much to my guest, Rebecca Taylor from Secureworks. I’ve enjoyed hearing about Rebecca’s career and her thoughts about being a woman in cybersecurity. If it sparked a thought in your mind, let’s talk. An exploratory call with me gives you the opportunity to ask any questions you have about the work that I do with cybersecurity companies on attracting, developing and retaining your female talent. Get in touch with me by email at Sherry@SherryBevan.co.uk to book your call.

 

Important Links

 

About Rebecca Taylor

CGP 21 | Cyber KnowledgeRebecca joined Secureworks in 2014, where she developed an immediate passion for cybersecurity. Rebecca quickly expanded her cyber acumen, moving into Secureworks first Threat Intelligence Knowledge Manager role in 2022.

Rebecca is primarily focused on the implementation of knowledge management processes and procedures for the Counter Threat Unit, the ingestion and management of Secureworks Threat Intelligence knowledge, and its associated quality, storage and maintenance.

CGP 22 | Cybersecurity
Oct 1 2022 0 Comment

Cultural Change, Continuous Learning, And Cybersecurity With Dora Ross For National Cybersecurity Awareness Month

Podetize HostingPodcast

There’s always something to learn. You don’t have to know everything, but you should look for innovative ways to acquire new knowledge every day to achieve the success you are meant to have. This interview is one of a series of interviews with women in cybersecurity. The series is published in October 2022 to celebrate National Cybersecurity Awareness Month. Our guest, Dora Ross, shares her knowledge of the barriers and challenges of cybersecurity. Dora is a security culture transformation specialist. She works with organizations to define and implement risk-based, human-centered security culture and training strategies enabling positive behavioral change. In this episode, she emphasizes that there are so many different areas in Security, and the landscape is constantly changing. Tune in to learn more about what people do daily in cybersecurity, the importance of communication skills, and shaping cultural change.

Listen to the podcast here

 

Cultural Change, Continuous Learning, And Cybersecurity With Dora Ross For National Cybersecurity Awareness Month

In this mini-series to celebrate National Cybersecurity Awareness Month, I’m talking to a range of women about their careers in cybersecurity. I’m delighted to be talking to Dora Ross. Welcome, Dora. Thank you so much for joining me.

Thank you so much for having me.

She is a security culture transformation specialist. We’re going to find out what that involves and hear about Dora’s career journey. Perhaps you could start off by telling us how you got started in IT and how you made that move over into the role you do now.

My first several years weren’t in IT or cybersecurity at all. I was working in marketing, communications, and business change management. I transitioned into IT unintentionally. When I was a business change manager working for a social and housing organization, I needed to understand work processes and ways of working for different departments. That is in compatible systems in IT as of products used. That was my way into the world of IT.

It’s quite a different career, but you got those transferable skills. What do you find is different about working in IT compared to the roles you had before?

It is different compared to what I have done before. I feel like I need to understand a bit more because IT is a wide spectrum of topics and systems that are used. I constantly feel like I need to understand more and learn more, and it can be technical. Sometimes, I feel like I need to research a lot more to be able to understand what people do and how they do it, especially with engineering teams. They are so different and technologically advanced people that I feel sometimes I get a little bit of impostor syndrome with them because I might not be able to understand as much as they are.

To be applying for something that’s completely out of your comfort zone is a really big thing.

However, in my world and in business change management, it’s number one to be able to ask questions. It doesn’t matter, even if I don’t understand something. It is being able to ask questions. There might be some complex topics that I need to translate into an easily digestible format for the rest of the organization. Although I used to have impostor syndrome, and sometimes I still have that, I have to be okay with knowing that it’s okay not to know everything.

That is one of the traps that some women tend to fall into wanting to know everything, needing to be the expert, and having all the detail on everything. The more you move up in an organization, the less feasible that is practically to have the time in the day to know the detail about everything. I’m glad you have talked about that. That is positive that you have taken that learning on board. Tell us a bit more about what you do because your job title is a bit different than some of the other women in this area. You’re a security cultural change specialist. What does that mean? What is it that you do on a day-to-day basis?

As the title said, it is not heavily technically involved at all. It’s more of a softer side, people side, and psychology and behavioral side of elements. I am responsible for embedding secular behaviors into that corporate culture. That means I work with all different parts of the business, different functions, and departments to understand what they do and how they do it. I help them during the workforce in more secular ways.

They’re able to protect the company data, but besides that, it’s not just the company, customer data, and employee data that are important. What I enjoy about this is that people can learn tips and techniques and best practices on how to protect themselves in their own personal lives, their families, when they do banking, or even on social media, and how much they share.

It’s an interesting role to be able to help the organization build up cyber resilience and also help people on a personal level. My role could be different on another day. I could be writing blogs or user guides, preparing for some training or workshops, working on creating cyber secretary training and culture strategies, or some incident communications that could happen any day. It’s varied in terms of the role.

What about the skills that you need for that particular role?

CGP 22 | Cybersecurity
Cybersecurity: Be motivated and have that hunger for knowledge, so you continuously learn and expand your horizon.

 

My career started doing marketing communication and business change, especially for this work, this cultural change. Change management is important to know how people go through change cycles and how to influence behaviors. Also, the marketing side is quite good to have so that you know how to write communication and business training materials. It captures people’s attention. You can help them learn new skills in an easily digestible format.

Once I started being interested more in security, I went on a couple of courses at Open University. There are free courses out there that can be taken. You can go on a different learning journey. I have qualified by SANS, which is a paid five-year course. You need to learn about how to manage and measure secondary awareness practices and interventions. There are different ways you can go about it, and you can learn on the job. I do find some qualifications help you to be better at this role.

That qualification gives you a certain level of authority and credibility in what you do.

Exactly. However, there are some rules. Sometimes, there are too many qualifications that may be asked. People are not going to apply for those because they don’t have them. They might have the skills and experience but not the qualification for various reasons. Qualification might not always be the most important thing. However, there are certain ones that are worthwhile to see.

I remember years ago, I was hiring a network administrator. We interviewed some people who had the qualification, and some of them didn’t have the qualification that we were looking for. Some of those people without certificates were fantastic, knowledgeable, and experienced. Some of the ones with the certificate didn’t know what they were doing. There is an element of that. It’s a mixture of having the qualification and the experience, but those qualifications certainly give you that credibility. In your career, what’s been your proudest achievement?

I can mention a couple. I will bring down the two main ones. When I was working at a social housing association back in 2012, I was still in my marketing role. PWC came in to look at our target operating model or the stigma that we can get some savings. I applied for a role, besides my marketing role, to help PWC with this big piece of work and be marvelous for six months.

To be able to collaborate with people, having good communication and social skills are the keys.

I was fortunate enough to be accepted for this program. That completely changed the course of my career life. That’s where I learned about business change management, organizations, and different departments and got to know the business and how they operate. That was mind-blowing to learn all of these things. That was one of my proudest moments because I was in marketing. To be applying for something that’s completely out of my comfort zone was a big thing for me. It changed the course of my life.

The other one I would mention was before COVID hit. It was in February 2020. We had the ties in International Security Summit. I was one of the speakers, and that was the last live event before we stopped the live conferences. I was able to speak about security culture and education among many credible and amazing speakers. That was one of my biggest highlights. To be able to be on stage with those people, commenting and giving advice on best practices, and imparting my knowledge around security culture was an incredible moment.

The opportunity to work alongside PWC, what better organization to learn from a big consultancy firm like that? I can imagine that’s given you a strong foundation in business change. I’m thinking about getting more women into cybersecurity. What do you think are the barriers or challenges to doing that?

When I transitioned from the business change adamant into more of the technological side, I mentioned impostor syndrome. You might feel you don’t have enough knowledge to get into a certain industry or tech industry. That could be a barrier. People believe in themselves, move forward, and go for those interviews or look at those opportunities. You know there was a way in.

I would encourage women to have mentors because they can be a great help to get into cybersecurity or IT. Find communities and networks that support each other in the area of interests and performance people, and they will be able to show them opportunities, skills festivals, or something like that. There are opportunities to meet future employees. You can ask them, “What do you need, or what requirements do you have?” Start the initial conversation. You will get a better chance of getting into this industry.

You sound like you love your work. Your enthusiasm and passion for it come across when you’re talking. What do you see as being the key skills that are required not just for women but for people to be successful in this industry?

CGP 22 | Cybersecurity
Cybersecurity: Working with people and getting to know the business through the different departments and what people do in different functions is really satisfying. It’s creating those relationships and actually making a difference.

 

Social skills are important. To be able to collaborate with people, you have to have good communication skills. Sometimes that’s a little bit lacking. If someone has got a lot of technological knowledge, they are not able to translate what needs to be done about the systems in an easy and clear way to people. Collaboration is one of those keys. Be motivated and have that hunger for knowledge so that you learn more and continuously learn and expand your horizon.

What is it that you love about the work that you do?

I love our security culture. It does not just work for me. I personally love this. I’m the one who can go out with friends or family. I’m giving them best practices sometimes. They don’t even want it.

You can’t help yourself. That’s what is valuable about the work that you or the people like you do. What you’re doing is protecting companies, but that information and knowledge help individuals protect themselves. In this cyber world, that is important.

Working with people and getting to know the business, different departments, and what people do in different functions are satisfying. Creating those relationships in each department depends on their needs in providing them suitable training or whatever guidance they need. Creating those relationships is amazing and you are making a difference.

When you see a communication strategy come to life, people come to you, and they’re starting the conversation. It’s a two-way conversation. That’s where the magic happens. You’re not pushing out information, but the people receiving them now ask questions about the ending in the changing behaviors because of that. That unfolds the beauty of other cyber security cultures.

When you see a communication strategy come to life and people actually come to you and start the conversation that’s really where the magic happens.

What has been your biggest challenge since you have been working in cybersecurity?

I would mention learning more about the technical side. Initially, because I’m coming from business change, plans the psychology of change, and how to communicate changes to people, but to understand and be credible on a different topic is learning about the system, the threats, and the risks a little bit more.

That was a bit of a challenge for me because I knew how to communicate about certain topics, and I found that I needed to find out. I did feel like if I knew a little bit more, I don’t always have to ask those questions because I understand what people are talking about. It’s easier to impart that knowledge to other people. It’s learning a bit more about the technical side.

Having that depth of knowledge and information makes it easier for you to communicate in ordinary English that a non-technical person can then understand. One of the hardest pieces about working in technology is doing that translation from tech speak to normal person speak.

There is so much out there, and you could get lost in the knowledge because there is much information out there. I hear a word over here about technological solutions. You instantly research, but you can get into too much research and get lost because there is more information. There has never been a stop to it. There is a lot more that you can do, and you have to know where to stop. You’re not getting overwhelmed by all the information that comes in.

Understand what you need to understand and ask questions. If you ask people, “Can you explain it a bit more because I don’t know about this? Could you demonstrate it to me?” They like to help. People are naturally quite helpful. It’s good to ask for knowledge. You need to research and stop there. If you need more, get more later.

CGP 22 | Cybersecurity
Cybersecurity: You could get lost in the knowledge of someone because there’s just so much information out there.

 

If there are women reading this who are looking to get into cybersecurity, what are your best tips for them?

If you can sign up for mentorship, you can do it within your own organization or somewhere externally. I have had mentors before, but one in particular, Deborah Haworth from the publishing company where I worked previously has been amazing to me. She has opened doors for me that I don’t think I could have opened myself in terms of getting to know people and introducing me to many people. From then on, I could learn more.

My number one advice if someone would like to get into the industry is to find a mentor who is in that industry that you would like to get into, and they will be able to help you. The second last tip is to find the community. There are many communities like the SANS or SASIG community that are helpful. The people there can help you with whatever career you would like to take. There are lots of advice on training or conferences on how to develop your skills.

With more women working in cybersecurity, finding a mentor and finding the right communities are getting easier than it was several years ago because there are that many more women now in the sector. We don’t yet have a gender balance. I don’t think that’s going to be anytime immediately soon, but we’re getting there, aren’t we?

We are getting there, but there’s no balance yet. In the last few places where I worked, my immediate team, the smaller team, had a high number of women working in the department. When you look at the widest perspective, the whole IT or security, there are more male-oriented than female. I have worked with incredible women.

Hopefully, there are more women who want to get into this industry because it’s amazing. There is so much variety in work, and you could progress into different roles. Mine is not too technical. Social skills are required, but I can digress in the future years to more technical elements and do something completely different. There is so much there and everyone can choose whatever system works for them.

Dora, if people want to get in touch with you, I’m guessing LinkedIn is the best place.

LinkedIn is the best space.

Thank you so much to my guest, Dora Ross. I have enjoyed hearing about Dora’s career as a woman in cybersecurity, particularly because she is doing a role a little bit differently, looking at the cultural transformation. For more episodes, go to SherryBevan.co.UK. If this has sparked a thought in your mind about how you can do more to attract, develop, and retain your female talent, please do get in touch. Email me at Sherry@SherryBevan.co.UK. Thank you so much, Dora.

Thank you.

 

Important Links

 

About Dora Ross

CGP 22 | CybersecurityDora is a security culture transformation specialist. She works with organisations to define and implement risk-based, human-centred security culture and training strategies enabling positive behavioural change. She has a true passion for information security, demystifying security threats and policies, so that people know what to do in certain situations to better protect themselves and their organisations from cyber threats.