Going to the next level in your career means having to take on more complex projects. And our guest in this episode has done that while coaching and mentoring women in technology. Sherry Bevan interviews Chloe Acebes, the Director of Software Engineering at Sophos, with 20+ years’ experience in the cybersecurity industry. Chloe leads teams of Engineers who develop next-generation endpoint security products.
In this conversation, Chloe shares her career in cybersecurity, taking us along to both the challenging and proudest moments in her career thus far. She also talks about coping with the pandemic, the barriers for women working in the sector, and the future of her career balancing politics and technology.
Listen to the podcast here
Taking On More Complex Projects In The Cyber Industry With Chloe Acebes Of Sophos To Celebrate National Cybersecurity Awareness Month
In this episode, I’m talking to Chloe Acebes of Sophos about her career in cybersecurity. A very warm welcome to you, Chloe. Chloe is the Director of Software Engineering at Sophos. She’s going to be talking to us about her career in cybersecurity. Let’s get started. Perhaps you could tell me how you got started in IT or in cybersecurity.
I studied Physics and Astronomy at university. In my final project at uni, we did a little bit of C programming. I learned a little bit of C there and to say that I liked that and thought I might be interested in a career more towards IT. When I was finishing university, I applied for various different jobs in technology and in science. I applied for a job at Sophos, where they had a graduate program where they took people on from different disciplines. We got basic training on the job. We learned about coding, various aspects of technology and security. Basically, I’ve been at Sophos ever since.
That sounds amazing that you’ve been there ever since. It proves that those graduate programs, when you get them right, they do work and you get good staff. How did you get into cybersecurity more specifically?
It came to me by chance. As I said, I was interested in IT and technology. I applied for several different roles. When I came to interview at Sophos, they talked a lot about protecting customers and protecting small businesses. Sophos focused a lot on small and medium businesses, which means that we make the difference between a business doing well and a business being attacked and potentially losing money. That aspect of talking about helping people was what drove me into the industry. That’s what still gives me job satisfaction.
In thinking about your career overall, what has been your biggest challenge?
I think there are two that come to mind. The first one is starting the job. I came from a Physics and Astronomy background. I didn’t know a lot about computers. I didn’t know a lot about programming and hadn’t done computer science. There’s that foundation that you’re missing. That was a bit intimidating coming online and starting off the job, but that strong ramp up to start off with is a big challenge.
It’s a fast-moving world. You’re always trying to keep up with the bad guys, which means there’s always lots of stuff to learn.
The second one I could think of is during the pandemic. I was leading a project at Sophos to deliver a project where we had to coordinate with many different teams and many different business units, different time zones. I have led projects before, but this was the biggest and most complex one that I had ever done. That was the biggest but also more satisfying challenge I’ve had because we delivered what we were asked of on time and coordinated across many different teams, and it was a success.
At that time, you were doing it in lockdown when we were still getting used to the ways of remote working and hybrid working.
In a weird way, it was beneficial at some points because some of the teams we were working with were based in the US. We would have been on Zoom with them anyway. Sometimes when you’re in a call in the office and some people are in the office in the room and some people are on Zoom, it’s actually hard to engage both sites. Having everyone be on Zoom was a level playing field.
I think that’s been one of the advantages that we see now with more hybrid working. People are more understanding of the disadvantages of having a mixed group of people working in the office and from home. Being on Zoom and in the office all at the same time, it adds an extra layer of challenge to the way that communication works.
You have to be careful with things like drawing on the board. The meeting I was in right before this one actually, we had one person on Zoom, the rest were all in the office, and I wanted to draw on the board. We’re lucky enough that where I work, the cameras move around. You can point the camera at the board, not the people on the call, and have the person on Zoom still engaged with what’s going on in the call. You’re right, it’s an interesting challenge having people come back to hybrid, partly in the office and partly online.
I’ve seen that work well. I’ve also seen it work badly. You mentioned there about your biggest challenge and it sounded like a very complex project. I’m wondering, what about your proudest achievements in the work that you’ve done or that you do?
There are a couple of things. I do some coaching and mentoring at Sophos. Some of it is around women in technology. I’m part of the Women in Technology Group at Sophos. We have a coaching scheme and a mentoring scheme as part of that. I have a mentor and I mentor other people. I also run a Women in Engineering Group where we try and get people together. We started that in the pandemic. New people would start during the pandemic, they didn’t have that natural meet the peers in the coffee area and find people around. I’m not at all saying that because there’s another female in the office, you should be friends with them because you’re females together, but you maybe have more in common with them.
Meeting people in the office is more natural. We couldn’t do that in the pandemic, so we started this Women in Engineering Group. We went out for dinner one night. We have an online teams thing where you have new starters join and realize there’s a community of other women at Sophos that they can meet up with. I’m quite working with the mentoring scheme. The project I mentioned was a big complex thing, and I’m proud of delivering that project. It set me up for more complex things in my career.
Obviously, you work in cybersecurity, and we know that the gender balance between men and women in technology as a whole is not great, but it’s even more marked in cybersecurity. What do you see as some of the potential barriers for women working in this sector?
I think part of it is fear of the unknown. I’m not seeing role models that are similar to yourself. The thing I struggled with the most is it’s quite difficult to fix having more people to apply because the pipeline isn’t big enough. It doesn’t have a strong enough pipeline of females. You have to go back to university or school, and change the attitude there so that they’re more likely to do science and technology subjects, and be more passionate about those so that when you get later on in life and you start to look for a job, there are more women looking for that. It’s almost a bit of a catch-22. We can work as hard, and we do work very hard to try and make the balance as good as we can and make cyber at Sophos more appealing to women. If there are fewer people applying, it’s like fighting a losing battle.
We know there’s a skill shortage generally in the cybersecurity sector. That does make it even harder.
There are fewer people, in general, doing degrees, never mind women.
The more diverse your workforce, the better the solutions you come to.
What about the opportunities for women in the sector? If you were to go and do a marketing piece and come and join the sector, what would you say to women?
This may sound weird, but I almost wouldn’t want to say that there’s anything specific to women that appeals to women in cyber. It’s just a good career for anyone. There isn’t anything specific to women or men. There are lots of challenges. It’s a fast-moving world. You’re always trying to keep up with the bad guys, which means there’s always lots of stuff to learn. There are always new challenges coming, and I think that should be exciting for anyone.
It sounds like that’s what you enjoy about the work that you do.
That’s part of the reason I’ve been in one company for so long. I think if I had been here and done the same thing for many years, I would be bored. I’ve moved around different teams. The challenges move on all the time. The bad guys are always doing different stuff, so the whole industry has to move along to keep up with that. There are always new things to look at, new techniques that you have to worry about. It keeps you on your toes.
In the role that you do, can you tell us a bit more about what you do on a day-to-day basis?
As a Director of Engineering, that means I basically manage multiple teams in one functional area. My role has transitioned a little bit. It was at first that I was the director of the endpoint detections for our endpoint software, which covers some Windows devices and Linux devices. I’ve shifted a little bit, and I now focus more on protecting Linux devices. I have 3 or 4 teams now that work on various aspects of our products, which protects Linux servers.
We help to work on strategy with product management to identify the roadmap and the areas that we want to deliver. I also work then with the teams to work on how we deliver those things, what technical choices we want to make, how we split the projects up, how we are using resources for the projects, what the timelines for those look like. How do we coordinate across the teams? How do we make sure we deliver it with quality?
A lot of your role at the level you’re at now is managing the teams to do the development and the delivery of those products.
I still have one team who reports directly. Maybe I do like day-to-day management with them and what tickets are we working on and what are we doing? I would like to hire a person to take on that role so that I can be exactly as you described, a slightly higher level. You’re worrying more about what direction the teams are going in and what direction the product itself is going and more strategic.
What do you see in the future for you and your career?
I think I would like to weigh in the scope of my responsibility and the area that I’m in. As I said, I’m responsible for taking care of the Linux product, which covers a lot of cloud workloads. A lot of customers have machines running in the cloud, AWS or Azure, and that’s a specific type of customer. That type of customer may use other tools and leverage other security tools to manage their cloud workloads. I’d like to extend my functional responsibility to cover those areas and have the responsibility within the department.
I don’t know how much further I would like to go up the ladder. The further up you go, the more removed you are from technology, the more of the politics game you have to play. I’m in the middle of that now, but I still have reasonable ideas about what technology the team is using and having a hand in the strategy. I still have to do some politics, but I’m not far enough up the ladder that that’s what I do day-to-day. That’s probably the next decision I have to make if I’m able to go farther up and do more of the politics and less of the technology, if that makes sense.
The cyber industry is looking for many passionate people who want to solve problems.
Thinking back to your original degree, I think you said it was Physics and Astronomy. Is there anything from what you studied in your degree that you’re actually using in your work?
No. I think the main thing is ability to solve problems. Anyone who does a Science degree learns how to have a logical approach and how to approach solving problems. That is invaluable. You’ve proven that you can understand the problem and that there are various ways to approach it, and that absolutely applies in software engineering. That’s one of the main things we look for when we get graduates to join.
These days, many more people will do Computer Science degrees than back when I was at university. We always look for people who have a Computer Science degree because they have that foundation that I mentioned earlier, but they also have shown that ability to solve problems. We do also sometimes consider people from other backgrounds if they’ve shown that ability to do the problem-solving.
What other skills are you looking for apart from problem-solving and that kind of foundation in Computer Science?
Definitely communication. That’s something that’s changed in the time that I’ve worked in the industry. When I first joined Sophos, there were lots of people who would be handed a little bit of work to do. They would sit in their corner. They’d write their code and then they pass it back and they almost would avoid talking to other people. The industry has gone through quite an epic change where the focus is much more on Agile programming and collaboration.
That’s important to know that when we solve problems, we often do it as a team. You have to be able to stand up in front of a whiteboard, draw a picture, explain the problem and what your approach should be, and then collect information from other people and come to some consensus about, “Let’s take a little bit from everyone’s solution.” Come to a consensus, something common. To be able to do that, you have to communicate. You have to actively listen. Those are the two other key things that we look for.
At the end of the day, that means that you’re going to end up with a better product because it’s not just one person’s thoughts or ideas on how to deliver or how to develop that product.
That’s where the diversity comes in. The more diverse your workforce, the better the solutions you come to.
Before we finish, Chloe, any tips for people thinking about working in cybersecurity or thinking about going into that as their career after university?
Just apply. The cyber industry is looking for lots of people who are passionate and want to solve problems. You don’t need previous cyber experience to do well. You just need someone who’s passionate, able to communicate well, can sell yourself and can solve problems. Those are the things we’re looking for. I’d recommend that you read up a little bit about, in general, what cyber is about, but just go for it. We’re desperate for new blood.
I hear that all the time from lots of the companies I’ve been talking to. The skill shortage is very real. I was talking to someone else who was saying, “We don’t mind whether they’re male or female. They could come from planet Mars, as long as they have got communication skills and problem-solving skills because we’re so short on good talent.” It sounds like it’s a brilliant sector to work in with the future of technology, isn’t it?
Yes. For me, the thing I mentioned earlier about the fact that you’re helping people, you don’t get that in many other technology industries. You could work in finance, doing fintech, or you could work in IT, building computers for people, but you don’t get the same satisfaction. You’re helping protect people. You’re helping keeping their assets secure. For the small businesses, you’re basically helping keeping them going. If they had a ransomware attack, they could potentially go out of business.
It’s that sense of purpose that you get working in that sector. Thank you so much for joining me. I do appreciate it. Thank you, everyone, for reading. I’ve been talking to Chloe Acebes from Sophos. She’s a Director of Engineering there. I enjoyed hearing about Chloe’s career as a woman in cybersecurity, but also her journey from coming from a Physics and Astronomy degree, and then finding out about coding and then eventually joining Sophos as a graduate.
You can find out about more episodes at SherryBevan.co.uk. If it sparked a thought in your mind about how to attract more talent to your organization, particularly if you’re looking at attracting female talent, then please do get in touch. An exploratory call with me will give you the opportunity to ask any questions you have about the work I do with cybersecurity companies on attracting, developing, and retaining your female talents. You just need to get in touch with me by email, Sherry@SherryBevan.co.uk. Thank you again, Chloe. It’s been great talking to you. Enjoy the rest of your day.
Thank you very much.