Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Live Webinar | Ready to Supercharge Your Microsoft Environment? Yes, sign me up!

Cyber Skills Gap

Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity.

Life at Tessian Cyber Skills Gap
Tessian Officially Named a 2021 UK’s Best Workplaces™ for Women
By Laura Brooks
01 July 2021
We’re excited to announce that Tessian has been recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women for 2021.  Our Human First value, its commitment to Diversity, Equity and Inclusion (DEI), and its Employee Resource Group (ERG) for women – Tes-She-An – are just some of the reasons why people love working at the company. This recognition confirms that:  Tessian is a great workplace for all employees, including women. Tessian recognizes that women represent a valuable talent pool in increasingly talent–constrained industries such as cybersecurity and technology.  Tessian lives up to its company values of ‘Human First’ and ‘We Do the Right Thing’, as its leaders make meaningful changes to improve their ability to recruit, retain and nurture top female employees.
Education and training have been foundational first steps in Tessian’s DEI strategy. We partnered with Jeff Turner, former International Learning and Development Director for Facebook, to deliver company-wide training around diversity, unconscious bias and inclusion. We’ve also taken the time to establish our long-term DEI roadmap – which includes a diversity recruitment strategy across all hiring levels, expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, and prioritizing the development of future leaders through well-defined growth frameworks across the company. 
In addition, Tessian’s ERG group – Tes-She-An – provides a space to support all employees who identify as women, celebrate their achievements, and help each other “shine even brighter” by focusing on career progression. The group runs monthly workshops for women, and invites inspiring external guests who are leading the charge in creating equal opportunities in the tech industry, to speak to employees. Importantly, these events do not operate in a closed network. They’re open to the entire company – not just women.  As a result of these initiatives and programs, 99% of Tessian employees surveyed by Great Place to Work® agreed that people at the company are treated fairly regardless of their gender.  Paige Rinke, Head of People at Tessian, says: “We are so proud to be recognized as a Best Workplace for Women and hear first-hand from our employees that our initiatives to create an inclusive workplace are resonating. One of our core values is Human First, and we’re committed to ensuring every employee feels supported and valued, and to improving gender and ethnicity representation across all levels of seniority at Tessian through our DEI efforts. “Why? Because empowering our people to thrive in an inclusive environment and challenging the status quo to create more equal opportunities in the tech industry is, ultimately, the right thing to do.”  Benedict Gautrey, Managing Director of Great Place to Work® UK, explains: “We’re delighted to recognize so many great organizations in this fourth year of the UK’s Best Workplaces™ for Women list. The issues affecting women in the workplace, particularly what we’ve witnessed in the face of the pandemic including parity of pay and advancement opportunities, continue to be important topics. “What our 2021 UK’s Best Workplaces™ for Women clearly show is the positive impact their practices have on business. As a result, they are better able to attract and retain women of talent, encouraging them to develop professionally and personally, and in turn, contribute exponentially to the success of the organizations they work for.” Want to work at Tessian? See if we have a role that interests you today.
Cyber Skills Gap
3 Reasons Hackers Could Help Bridge the Cybersecurity Skills Gap
By Maddie Rosenthal
28 April 2020
There are currently over 4 million unfilled positions in cybersecurity. The question is: Why? To find out, Tessian released the Opportunity in Cybersecurity Report 2020. Based on interviews with over a dozen practitioners from some of the world’s biggest and most innovative organizations (including Google, KPMG, and IBM), survey results from hundreds of female cybersecurity professionals, and quantitative research from the Centre for Economics and Business Research, we revealed that: There’d be a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK if the number of women working in cybersecurity rose to equal that of men A lack of awareness/knowledge about the industry is the biggest challenge female cybersecurity professionals face at the start of their career The industry has a major image problem. Women working in cybersecurity believe a more accurate perception of the industry in the media would be the biggest driver of new entrants  A different perspective of the same problem While we examined the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field, we were recently introduced to a different perspective. Hackers’.  HackerOne released The 2020 Hacker Report earlier this year and, on April 21, Tessian welcomed Ben Sadeghipour, the platform’s Head of Hacker Education, to present the key findings from the report during one of our Human Layer Security Virtual Roundtables. The message was simple: Hackers can (and do) help bridge the cybersecurity skills gap.  Now, by combining highlights from The 2020 Hacker Report with our own Opportunity in Cybersecurity Report 2020, we’ve identified 3 key reasons why hackers have the potential to make a positive impact on the industry. 
1. Hackers have the skills the cybersecurity industry needs When asked why there’s a skills gap in the industry, 47% of those women surveyed said it’s because there’s a lack of qualified talent. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); Likewise, 33% of women currently working in cybersecurity say that a lack of requisite skills was the biggest challenge they faced at the start of their career. This came behind a lack of clear career development paths (43%) and a lack of awareness/knowledge of the industry (43%). !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); While a greater emphasis on STEM subjects in primary/high school, more apprenticeship programs, and cybersecurity-specific curriculums at universities would certainly help, we need to look beyond formal education. According to HackerOne’s report, “Most [43%] hackers consider themselves self-taught… since formalized cybersecurity engineering educations have yet to become common, bug bounty programs and public VDPs give promising hackers the ability to quickly learn, grow, and contribute to everyone’s increased security.” What’s more, hackers are putting these self-taught skills to use, with 78% of hackers saying they’ve used or plan to use their hacking experience to help them land a job. On top of that, the majority of hackers (59%) say they hack as a hobby or in their free time and 27% describe themselves as students.  That means a large percentage of hackers could, in theory, transition into cybersecurity. It’s important to note, too, that different cybersecurity roles attract different types of talent. We asked our survey respondents to identify the skills needed to thrive in different roles, and the results demonstrate how diverse the opportunities are. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//");  
2. All hackers aren’t “bad” While a lack of requisite skills is perpetuating the skills gap, 51% of the women surveyed in Tessian’s Opportunity in Cybersecurity Report 2020 said that a more accurate perception of the industry in the media would encourage more women into cybersecurity roles. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); Hillary Benson, Director, Product at StackRox and one of the contributors to our report summed it up nicely when she said, “People hear ‘cybersecurity’ and think of hackers in hoodies. That’s a bit of a caricature, maybe with some legitimacy to it—and that was even part of my own experience—but that’s not all there is.” Unfortunately, this “caricature” of hackers tends to be negative as pop culture and headlines about nation-state hacking groups have conditioned us to associate hackers with criminal or solitary activity. HackerOne even commissioned a survey of over 2,000 US adults to gauge their perception of hackers.  The survey found that 82% of Americans believe hackers can help expose system weaknesses to improve security in future versions. However, a nearly identical share said they believe hacking to be an illegal activity.  But, hackers feel confident this perception is changing for the better, with:  55% saying they see a more positive perception from friends and family 47% saying they see a more positive perception from the general public 38% saying they see a more positive perception from businesses 35% saying they see a more positive perception from the media
3. Hackers already have a strong community 23% of Tessian’s respondents said that a lack of role models was a challenge they faced at the start of their career, and a further 26% said that more diverse role models would encourage more women to enter cybersecurity roles. The impact of role models is even more important for the younger generations. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); Hackers already have a strong community. Katie (@Insider_PHD) was quoted in HackerOne’s report saying “The community is super encouraging. The community is super willing to help out. It’s, as far as I’m concerned, my home.”  Likewise, Corben (@CDL) was quoted as saying “Being part of the hacker community means the world to me. I’ve met a ton of people. I’ve made a ton of friends through it. It’s really become a big part of my identity. Everyone who is a part of the community is bringing something important.” Beyond that, 15% of those surveyed got interested in ethical hacking because of online forums or chatrooms.  The bottom line is: Mentorship is important. Role models are important. Community is important. Unlike cybersecurity professionals – specifically female cybersecurity professionals – hackers have these things in abundance. Cybersecurity is more important now than ever Data has become valuable currency and ransomware attacks, phishing scams, and network breaches are costing businesses and governments billions every year. And now, with new security challenges around remote-working and a marked spike in COVID-19-related phishing attacks, cybersecurity is more business-critical than ever before. While we should continue encouraging gender diversity in cybersecurity, we should also encourage other types of diversity as well. The field is wide open for a range of educational and professional backgrounds…including hackers.  Challenge perceptions, make an impact.  Learn how cybersecurity professionals kick-started their career   So, what is cybersecurity actually like? It depends on your role within the field. And contrary to popular belief, the opportunities available are incredibly diverse.  To learn more about how the 12 women we interviewed broke into the industry, read their profiles. #TheFutureIsCyber
Cyber Skills Gap
Key Takeaways from Tessian’s Cybersecurity Skills Gap Webinar
By Maddie Rosenthal
31 March 2020
In case you missed it, Tessian released the Opportunity in Cybersecurity Report 2020 earlier this month. In it, we examine the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field.  While the report was released in time for Women’s History Month and addresses the issue of gender bias in the industry, we found that it’s actually inaccurate perceptions of cybersecurity that are preventing people from considering the opportunities available. So, how can organizations tailor recruitment efforts to help candidates overcome this barrier to entry? To find out, we invited three of the contributors to the report to join Kelli Hogan, Tessian’s Head of Marketing Communications, for a webinar: “Cybersecurity skills gap: talent shortage or image problem?” You can view the full webinar here, and we’ve compiled the key takeaways for you in this blog. Cybersecurity is an incredibly diverse field Cybersecurity isn’t limited to hackers, developers, and engineers.
This is perhaps best demonstrated by the women themselves.  Carolann Shields, the former CISO at KPMG, is something of an industry veteran, having driven more than fifteen large-scale company-wide cybersecurity initiatives throughout her career. But, she didn’t study anything related to computer science. Instead, she earned her degree in Business Studies before starting down her path to cybersecurity. On the other hand, Hayley Bly, a Cybersecurity Architect at Nielsen, earned her Bachelor’s Degree in Computer Science almost four years ago and is currently working towards her Master’s of Science in Cybersecurity. Finally, Tess Frieswick, who earned her Bachelor’s Degree in World Politics with a minor in Islamic World Studies, became interested in cybersecurity after learning about Russian bot interference in the 2016 US presidential election. She recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security analyst. Learn more about their backgrounds by reading their profiles on our blog.  Organizations should enable internal recruitment as well as external recruitment  While most of us think of recruitment outside of our organization when we consider growing our security teams, Carolann has, throughout her career, made a point to look internally first.
Importantly, internal recruitment was only possible because of the environment KPMG created through job shadow programs and other initiatives that encouraged cross-functional movement and communication between teams.  Internal recruitment can do more than just fill vacancies, though. It also gives other individuals and even full departments a chance to better understand the function of cybersecurity teams which, in turn, helps build a stronger, more positive security culture.  Collaborative and open environments attract new talent We know from our research that creativity and collaboration rank in the top five skills needed to thrive in a cybersecurity role, but it’s clear that these are also attractive traits in an organization to applicants. That means if you want new, diverse talent, you have to communicate the scope of the opportunity, the open-mindedness of senior executives, and the organization’s overall propensity to engage with new ideas.  COVID-19 means more for cybersecurity than just a transition from office-to-home Given the current climate, it’s no surprise that the conversation turned to COVID-19.  When asked by an audience member during the live Q&A what the outbreak meant for the future of cybersecurity, all three of the women were steadfast that the impact goes far beyond just the transition from office-to-home, especially as attackers are taking advantage of the situation with opportunistic phishing attacks. 
But, this doesn’t just impact professionals in client services. Organizations are relying more heavily on cybersecurity teams to lock down internal systems and networks. The question is: Are teams going to have to do more with the same resource? Or will teams expand as necessary? Increased remote-working could mean more opportunities in cybersecurity  According to Carolann, it’s inevitable that this sudden transition necessitates a larger security team. 
Now more than ever, organizations have to recruit new and diverse talent in order to not just fill the 4 million vacancies that already exist, but to accommodate the increased reliance on cybersecurity teams to help us all safely transition to remote-working. For more insight on how to improve your recruitment efforts, listen to the webinar. #TheFutureIsCyber
Cyber Skills Gap
Introducing Tessian’s Opportunity in Cybersecurity Report 2020
11 March 2020
Despite higher-than-average salaries, the opportunity to solve real-world problems, and unlimited growth potential, there’s a skills shortage in cybersecurity. In fact, the cybersecurity workforce needs to grow by 145% to meet the current global demand.  That’s over four million unfilled jobs. But, there isn’t just a skills gap. There’s also a gender gap, with women making up less than a quarter of the workforce. The question is: Why? To find out, Tessian: Worked with the Centre for Economics and Business Research to analyze the economic impact if the number of women working in the industry equaled the number of men Surveyed hundreds of female cybersecurity professionals in the US and the UK with Opinion Matters Interviewed over a dozen practitioners from some of the world’s biggest and most innovative organizations – including Google, KPMG, and IBM –  about their own experiences. To download the full report, click here.
An economic boost worth billions Today, the cybersecurity industry contributes $107.7 billion in the US and £28.7 billion in the UK, and that’s in spite of four million job vacancies. So, what would happen if we minimized both the skills gap and the gender gap, and the number of women working in cybersecurity rose to equal that of men? Our research reveals that we’d see an economic boost of $30.4 billion in the US and of £12.6 billion the UK, bringing the total contribution of the cybersecurity industry up to $150.8 billion and £45.7 billion in each respective country.   But, without a clear understanding of the challenges women currently working in the industry faced at the start of their career, organizations and governments will continue to struggle with recruitment.  And the challenges aren’t necessarily what you’d expect… Cybersecurity has an image problem While it’s easy to cite the gender gap as a barrier to entry – especially with 66% of women in cybersecurity agreeing there is a gender bias problem in the industry – it actually isn’t one of the biggest challenges women currently working in the industry have faced.
Instead, women cite a lack of awareness or knowledge of the industry and a lack of clear career development paths as the biggest challenges, meaning a general demystification of the industry is required to encourage new entrants. What’s more, 51% of women believe more accurate perceptions of the industry in the media would encourage more women to explore cybersecurity roles. This came first, beating out a more gender-balanced workforce, equal pay, and cybersecurity-specific school curriculums. So, what is the industry actually like? Read the full report to find out the top 5 skills needed for a range of cybersecurity roles, including CISO, network engineer, data scientist, and risk & compliance. You can also read the profiles of each of our contributors which prove there is no “stereotypical” cybersecurity professional.  The industry is future-proof Demystifying the industry truly is essential, especially because the industry is one of the most important today, with over half of those surveyed saying that they joined for exactly that reason. But, it’s not just the opinion of cybersecurity professionals.  In fact, the global cybersecurity market is booming, having grown 30x in the last 13 years. That’s because cybersecurity professionals are solving real-world problems and are making a positive impact doing so. After all, data has become valuable currency and ransomware attacks, phishing scams, and network breaches are costing businesses and governments billions every year.
Perhaps that’s why the vast majority of women surveyed feel so stable in their jobs; 93% saying they feel secure or very secure working in this industry. Unfortunately, though, without encouraging more people to join the industry, professionals will struggle to keep pace with the ever-evolving threat landscape.  The cybersecurity industry – like all other industries – requires diversity to thrive. And we don’t just mean gender diversity. The field is wide open for a range of educational and professional backgrounds, from psychology majors to business analysts and just about everything in between. Read the full report to learn more, including: How opinions of the industry differ based on age, company size, and region The economic impact the industry would have if the number of women working in cybersecurity equaled the number of men and the wage gap was eliminated The five most important developments in the cybersecurity industry today Resources – including cybersecurity groups, female empowerment groups, and industry-specific certifications to help you make a start in the field Challenge perceptions, make an impact.  #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Shamla Naidoo From IBM
By Maddie Rosenthal
10 March 2020
Shamla Naidoo – who has 37 years of industry experience in technology and security – is currently leading C-Suite strategy and integrating security with digital transformation at IBM, where she previously served as the Global Chief Information Officer. Having held Senior Officer roles at Starwood Hotels and Resorts, WellPoint, and Northern Trust, she’s a true veteran in the industry and has used her professional and personal experiences to help mentor and motivate teams and individuals across departments within all the organizations she’s served.  Earlier in her technology career, she earned degrees in Information Systems and Economics (her fail-safe!) and, afterwards, went on to receive her Juris Doctor degree.
Q. Describe your role as a CISO in 300 characters or less. A CISO’s job is to protect an organization’s brand and reputation by managing cybersecurity threats. Protecting a corporation’s digital footprint supports business growth enables the acceleration of innovation. Q. How did you get started in cybersecurity? This is my 38th year working in technology and initially, security wasn’t a separate function, role or organization; it was completely integrated. As a developer, my job was to write code that worked and that included working in a secure way.  As a network engineer, I built networks, in a secure way. I never envisioned security would become a free-standing profession. But, after almost 20 years of integrating security into my technology roles, I realized Security was becoming important and that I was actually knowledgeable on the subject. Not because I had a security title at that stage, but simply because I had done it before. Q. What does this integration of tech and security roles mean for the cybersecurity industry? There’s now an entire ecosystem for security and because of that, you can participate without having technical skills or a hardcore technical background. You can now become a security expert without ever having written a line of code in your life; you can become a security expert without ever having built any kind of technology solution. It’s really expanded the opportunities for career paths in security. Q. Do you think people are aware that technical skills aren’t necessarily required to succeed in cybersecurity? There’s still a lot of mystery surrounding what exactly a profession in cybersecurity entails. The information isn’t that forthcoming. It’s not clear or simple to understand. This requires us to demystify the opportunities and talk about them not just in business terms, but in relatable terms.  Perhaps we’re just missing the mark on how to market jobs in this industry… Q. Do you think that the industry has an image problem? To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry. Q. How did your role as a CISO enable you to champion the industry and the people in it? I believe leaders take ordinary people and enable them to do extraordinary things. I have been able to do that; I’ve been able to mentor and coach people to be better versions of themselves, better professionals, better employees, more productive, more engaged, better community leaders…  My goal is to help people connect hard work and aspiration.  Sure, you could go out and read a book on cybersecurity, but if you don’t understand the vocabulary or the required outcomes, and you don’t understand what impact these types of roles can have, you miss the plot. If you can contextualize it, it becomes real quickly.  When I coach people, I ask them to pick a person who they aspire to be. I ask them to tell me their name. You learn best by observation! If you can pick a person and you can visualize the role you want, it’s more attainable. If it’s a role that you want to have rather than a person you want to be like, then find the role you want, seek out the person doing that role, and try to understand what led them to that position. What do they know? How did they prepare? What do they deliver?  How are they recognized for it? That research will help you to create a roadmap of how to get there. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, Funding Circle and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Hayley Bly From Nielsen
By Maddie Rosenthal
09 March 2020
Hayley Bly is a Cybersecurity Architect at Nielsen, where she’s worked since graduating from the University of Miami with a Bachelor’s Degree in Computer Science almost four years ago. Since starting her career, she’s championed the industry by going back to her alma mater for recruiting events to raise awareness about cybersecurity and has participated in events in collaboration with Women in Technology International (WITI). She’s also found time to further her education and is currently working towards her Master’s of Science in Cybersecurity.
Q. Describe your role as a Cybersecurity Architect in 300 characters or less I build tools that our incident response team uses. This could be implementing a vendor tool or building something from scratch. We do both, and this includes designing how the tools are made, implemented and deployed throughout the larger company.   Q. Since your educational background seems so focused, have you always been motivated to pursue a career in cybersecurity? My parents both worked in banking software so I’ve always been around it. They both really pushed me to explore a career in the field but – you know how it is – I fought it. I never wanted to pursue it just because they told me to do so; I wanted to decide my own path. That’s why I actually applied to college as Pre-med. But, my senior year of high school, there were no other electives to pick so I chose the computer programming class and, of course, fell in love with it. Once I was accepted into the Pre-med program at the University of Miami, I threw them for a loop and asked if I could change my focus to Computer Science and never looked back.  Q. How did you transition from more general Computer Science to cybersecurity specifically? I thought I was going to be a software developer up until I started at Nielsen straight out of college. Since then, I’ve really found my home in cybersecurity.  The team I work with and my managers are absolutely incredible. They have had something to do with every single career decision I’ve made thus far, because the work others do really inspires me. Especially when I first started, their work opened my eyes to how much I didn’t know and what really goes on behind the scenes in a company.   When you’re working in cybersecurity, you’re not just writing code all day. You’re actually dealing with real-world problems and it’s up to you to prevent, detect, and respond to incidents by finding or creating solutions. Q. What do you think would inspire more young women to enter into the field? I think just bringing more awareness to the fact that you can really create your own success. I was let in the door without any real cybersecurity skills or experience and was given the opportunity to prove myself, and I have. It’s a jump-in-and-figure-it-out-as-you-go type of field and people shouldn’t be afraid to do that. Cybersecurity isn’t about who you are or what degree you have. It’s about what you can do, what problems you can solve, and how well you can work with other people to get the job done. You don’t have to play politics because your work speaks for itself. I love that. Q. Do you have any recommendations for resources or groups that might be a good first-step for anyone interested? is a great way to connect with local people who are interested in the same things you are and, speaking specifically about cybersecurity events, people can pique their interest and learn, but in no-pressure situations. And that’s really important. I think sometimes when you’re first starting out at something it’s easy to feel self-conscious or nervous about really getting involved, and these events can give newcomers a chance to try something they haven’t before without any fear of being wrong or feeling out of place.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Hillary Benson From StackRox
By Maddie Rosenthal
08 March 2020
Hillary Benson is the Director, Product at StackRox and has an incredible background in government and military intelligence. She holds two degrees, including a Bachelor’s Degree in Management Science with a focus in Finance from Massachusetts Institute of Technology and a Master’s Degree in Security Studies with a focus in Terrorism and Substate Violence from the Georgetown University Walsh School of Foreign Service. Additionally, she is a Master’s candidate in Computer Science at The Johns Hopkins University. But, her experience isn’t limited to her education. She started her cybersecurity career at the National Security Agency, where she spent almost six years as an intelligence analyst, technical collector, and product leader. She moved into the private sector as a red team operator and has shifted gears in the last three years to focus on building product at a leading container security company called StackRox.
Q. Describe your role as a Director, Product in 300 characters or less My job is to distill business opportunity into a technical vision and development roadmap for our flagship security product, the StackRox Kubernetes Security Platform. We’re building a product that enables security practitioners to rethink their approach to security by leveraging container technology. Q. Your background – both educational and professional – seems very focused. Have you always aspired to have a career in this industry? From a very young age I had an interest in technology, security, the military and intelligence. I can certainly tie all the threads from those interests to where I’ve ended up, but I wouldn’t have been able to predict that my path would look the way it does.  I generally attribute that to the fact that the most interesting opportunities are usually the most difficult to predict, and I am constantly searching for the next interesting problem to solve. My approach to life can lead me down very unexpected rabbit holes. Q. What professional experiences have guided your career path the most? Certainly NSA had a huge impact on my career direction. I landed there by luck, really, after shotgunning online job applications. I applied on the right day, they picked up my resume, and before I had even graduated I was in the clearance process.  I joined as an Intelligence Analyst and participated in a program that allowed me to rotate through a number of offices within NSA to get experience in different disciplines. I gravitated toward technical analysis and collection. That track led me to Tailored Access Operations and stoked my interest in offensive security. The rest is history. Looking back on my career up to this point, many of the contributions I’m most proud of took place during my time with NSA. At certain times, I had an extreme sort of impact that you can’t replicate in the commercial world. From a business perspective, though, I’ve learned more in the last two years than I ever hoped for and am extremely proud of the product that my team has built at StackRox. Q. Since you’ve sampled a lot of different disciplines within cybersecurity, do you think people tend to have a narrow view of the industry and the jobs available in it? People hear “cybersecurity” and think of hackers in hoodies. That’s a bit of a caricature, maybe with some legitimacy to it—and that was even part of my own experience—but that’s not all there is.  A lot of what you do as a security professional involves bridging gaps between security teams and the development and operations teams. So much of the job is convincing people that the security risks you find are worth fixing. You can’t do that if you only have technical skills; you have to be able to talk to people and to influence them. Q. Do you need certifications or a degree to get those skills? Actually, of all the things to get into without formal education or training, there seem to be a lot of people who either cross-train from other fields or enter security without any formal education. Which is pretty awesome, I think. It’s not uncommon to hear someone say something like “Oh, I studied psychology, then took a year off and painted, and now I’m a penetration tester”.  There are many people in security who gained the knowledge and landed a job without a formal degree. A lot of the folks I’ve worked with were independent and curious problem-solvers—I think not in small part because a lot of them fought their way into their role by proving their competence in the field. You don’t necessarily have to take the traditional route and get a four-year degree. If that works for you, great. But if you’re looking to switch careers or you’re confident in your specific passion for the security industry, there are other ways to get the requisite technical skills.  The OSCP is a great training ground for aspiring penetration testers who want to nail down the basics. Joining a bug bounty platform like HackerOne or Bugcrowd is an excellent way to get hands-on experience with finding bugs in the real world. And almost nothing beats learning to code—what better way to understand how security issues materialize when building software but to try to build it for yourself? This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Swati Lay From Funding Circle
By Maddie Rosenthal
06 February 2020
Swati Lay, who has more than 20 years’ experience in software development and information security, is the Chief Technology Officer (CTO) at Funding Circle, a peer-to-peer lending marketplace that allows the public to lend money directly to small and medium-sized businesses. Her interest in cybersecurity was piqued at 16-years-old with a course on Number Theory and Cryptography and, having earned her Bachelor’s Degree in Electrical Engineering and Operations Management from Princeton University, Swati started her career at Merrill Lynch in New York as a software developer.  Since then, she’s held leadership positions both at scale in larger enterprises and in higher growth environments, including retail banking at Barclays Bank and gaming, where she was the Director of Information Security at Betfair, what was then a FTSE 250 gaming operator.
Q. Describe your role as a CTO in 300 characters or less. I’m responsible for all of Funding Circle’s technology capabilities globally. Q. You’ve been apart of the larger cybersecurity industry for over 20 years. How did you get involved initially? My first real introduction to cybersecurity was a Number Theory and Cryptography course I took when I was 16-years-old. While I was so fascinated by the subject, I remember thinking that I wasn’t the strongest from a math- perspective and that, because of that, I just wouldn’t be able to get a job in this industry. Fast forward several years later, I’ve graduated from Princeton University, am working at AT&T as a Systems Engineer, and I started to realize that there are actual applications of cryptography in the business world. Importantly for me, its application in the business world is more focussed on implementation rather than the math behind it, so I was able to really get my head around it.  A colleague of mine at AT&T moved to Merrill Lynch to an Information Security team and asked me if I’d be interested in coming along. The rest is history! For me, it really was fulfilling a childhood dream. Q. Why did you initially write off the industry as an option for you? It just seemed so far out of reach. I didn’t understand what skills were required, in part because cybersecurity really wasn’t its own, standalone industry yet.  What’s even more sad, though, is that’s still the case for many people today.  Despite the industry being more defined than it ever has been, there’s still a lot that needs to be demystified to really get people interested and involved. Q. If you were discouraged based on preconceived notions about the industry, what skills and interests can you point to that are actually necessary to thrive in a cybersecurity role? I think people view cybersecurity as a black art. But, it’s really not that obscure! There’s an incredible range of opportunities available, and not all of them require technical skills.  Yes, when you consider more general engineering, technical skills are paramount. But when you think about management roles, you need communication, collaboration, vision, etc.  Then, you look at cybersecurity more broadly. What you really need is the ability to communicate risk in a way that enables decision-makers to do their job.  People don’t always understand the work you’re doing or why it’s important, and that can make you second-guess yourself. That’s why we need people who are willing to do some really deep problem solving, people who are willing to dive into deep issues and not be afraid to have a contrary point of view.  You have to be smart. You have to be disruptive. That’s why it’s so important that we diversify the population of people working in cybersecurity. We need to round out our teams and encourage more than just technical skills. If we don’t, the implications will be quite severe, especially because we’re not just protecting financial institutions and governments anymore. Companies across industries – small, medium, and large – have seen the value in building out cybersecurity functions.  Q. Does your senior role enable you to empower more people to explore the opportunities available in cybersecurity? I think every person in senior leadership in cybersecurity wants to empower more people to explore these opportunities that are available. A big piece of that is role models. You have to see it to be it!  I remember when I was 12-years-old,  someone mentioned an Ivy League school to me and I thought “I’ll never be able to do that!” It wasn’t until I saw people who had the same background and upbringing as me going to these schools that I finally thought I could do it, too. That’s why now – especially because I’ve been so fortunate throughout my career and have had so many incredible opportunities – I want to show the next generation that they can have those same experiences.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, KPMG, Nielsen and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Amy Johnson From Herbert Smith Freehills
By Maddie Rosenthal
04 February 2020
Amy Johnson is the Information Security Manager at Herbert Smith Freehills, an international law firm with headquarters in both London and Australia. She’s worked in cybersecurity for over six years and started her career as a Lead Investigator at Freshfields Bruckhaus Deringer. Before entering the cybersecurity industry, she worked in Human Resources. While she doesn’t have a formal education that’s focused on cybersecurity, she’s earned five certifications to-date, including her Certification in Information Security Management Principles (CISMP), Certified Information Security Manager (CISM), Certified Data Protection Officer (CDPO), ISO 27001 Implementer, and Certified Information Systems Auditor (CISA).   Next, she’ll aim to earn her Certified Information Systems Security Professional (CISSP) qualification.
Q. Describe your roles as a Security Manager in 300 characters or less. I monitor system user behavior and I review client security requirements and questionnaires. I’m very much forward-facing and part of my job is to guide the firm and our people on how to work with information and technology in a safe and secure way. Q. How did you get started in this industry?  I don’t have a background in cybersecurity. I actually studied HR and worked in that industry for years. About two years into working at Freshfields Bruckhaus Deringer, Mark Walmsley, who was the CISO at the time and still is, started creating a new group called the Information Security Group (ISG).   At that point, I was ready for a career change. I wanted to do something that wasn’t just exciting every day, but different every day. The idea of protecting people, investigating threats, and creating training materials about the evolving risks in information and cybersecurity really, really interested me.  I decided to go for it and got the job! I was the Lead Investigator there for about five years. Since then, I’ve earned different certifications and have really catapulted myself into a more senior position that I’m in now at Herbert Smith Freehills. Q. Did your previous experience help prepare you for your first role in cybersecurity? Monitoring/ investigating systems can be a sensitive subject which means you have to be hyper-aware of data privacy laws, etc. That’s something I was able to bring to the table because of my previous experience.  But, to really be successful in a cybersecurity role, you have to be familiar with not just the current threats, but the new and evolving technologies. You have to stay on top of that. I didn’t get that exposure until I started. I also didn’t have any technical skills when I started. I learned on the job, which – to me – is far better than going to study.  Cybersecurity is really about putting what you know into practice. Q. Do you have any thoughts on why women only make up a quarter of the cybersecurity workforce? A lot of women in tech might not see cybersecurity as a suitable career path because it is considered quite a masculine profession. That’s probably ingrained at a very young age. It’s important to not be discouraged by that, though. Bear in mind, I came from a HR background; that’s a field where you’ll often work in a team that’s all women. Moving into this industry, I’ve often been the only woman within the teams I’m working in. But, that doesn’t mean I don’t feel like I belong. I don’t find men that intimidating!  Women can be just as successful in this industry and opportunity, recognition, and progression are absolutely available to those who work hard. Q. In terms of progression, do you feel like a career path to a more senior position is clear?  To be very honest, I’m already very proud of how far I’ve come in the last 10 years. When I first moved to London, I was making significantly less than I’m making now. I’ve consistently worked my way up the ladder since then. I’d still really like to learn and grow more within this industry and I certainly have dreams of being a CISO or a head of a department eventually. But, the opportunity for growth can really depend on how big your department is. Cybersecurity is still growing, and not all organizations have large teams which means you may not necessarily see what your next step will look like or what skills you need to develop to take that next step. It can be hard. But, the skills you get at any one organization are really transferable. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Kim Smathers from Snapdocs
By Maddie Rosenthal
01 February 2020
Kim Smathers, who has worked in this field since the mid-90’s, is the Head of Information Security and Compliance at Snapdocs. Her resume is extensive and includes big names like Symantec, Walmart, and Jobvite among many others, as well as several years experience teaching Microsoft and Citrix certification courses and Engineering at the Computer Learning Institute. She’s just as passionate about building agile teams as she is about risk assessment and resolution and considers communication the most important aspect of being a leader. 
Q. Describe your role as a CISO in 300 characters or less. My job is all about giving people an understanding of risk and figuring out how to translate, address and resolve that risk. Q. How did you end up in a cybersecurity leadership position? The surprising thing about me – especially given where I am now in executive management – is that I don’t have a significant formal education. While I completed a bit of college, I didn’t earn my degree. But, a few years before Microsoft took off, before laptops were even a thing, I went to The Computer Processing Institute in Connecticut. This was back when computers took up an entire room!  That’s where I got my start and, for some reason, not only was I really interested in it, but it was really easy for me. I had a natural aptitude first towards coding, then networking, then technology, and I just kept going. Every time things changed, I changed. And, you have to remember, when I first started out, security wasn’t really a “thing”. It’s evolved and grown so much since then. Now, there’s so many different facets to it, so much depth. Q. What changes have you seen in yourself since then? For quite a long time, I was the only woman in the room and I would often be leading teams that were exclusively male. It was very, very hard to find any women working in information security or cybersecurity and it was even harder to find these women in leadership positions.  Initially, working in a male-dominated environment led me to think that I needed to adopt more masculine attitudes. I think a lot of women who have worked in the industry as long as I have would tell you a very similar tale. Doing this – trying to act like someone else or act how you think people want you to act – is problematic for so many reasons.  Once I started taking the time to talk to other women, I changed my approach. You’re going to get push-back from people no matter what; this taught me to rely on data instead of adopting attitudes that weren’t mine. That enables a lot more diplomacy and – more importantly – authenticity. That’s what’s really allowed me to thrive and do my best work. Q. Are you starting to see more women in leadership positions like you? There’s still only a tiny percent of women in senior leadership positions in this industry but I do see a shift, yes. Only in certain places, though. In certain companies – specifically really established companies – you still have boardrooms that are filled predominantly with white males. You can’t underestimate the impact that has on a larger organization. It all trickles down. If you’re a woman in that environment with aspirations to be in senior leadership and you’re only seeing one kind of person in those positions, the career path there can seem very unclear.  But, when you work in an organization like I do now, there’s an incredible amount to compare and contrast. There are women, there are people of color. It’s a totally different environment. Q. What advice would you give women who want to achieve the same sort of success you have? Be authentic to who you are and what you’re thinking and let go of the fear of saying “I don’t know” or “Explain it to me” or “Can I have more information, I’m not sure I understand”. Asking these questions doesn’t mean that you’re ill-informed or don’t know enough. Letting go of that fear will give you a lot more control over what goes on around you. When I build out my teams, I avoid people who are absolutely convinced that they already know everything there is to know about a topic. That almost eliminates the possibility of having a conversation and, in cybersecurity, collaboration and openness are absolutely vital. We’re influencers. My job is to bring diverse groups of people together, make them feel comfortable, and let them really exercise their creativity in order to actually influence other teams and solve problems.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Sara Zahid From Jefferies
By Tessian
31 January 2020
Sara Zahid is the Assistant Vice President at Jefferies, a global investment banking firm headquartered in New York City. After earning her Bachelor’s Degree in Business Administration with a focus on Finance from the University of Toronto, she started an internship at Scotiabank. Over the course of 5 years, she was promoted several times to eventually become a Lead Business Analyst. After that, she transitioned to a more IT-focused role and gained product management experience at Clarus Commerce. In her current role at Jeffries, she’s combined her business acumen with IT project management to safeguard the company’s Information Security. 
Q. Describe your role as an Assistant Vice President in 300 characters or less I am responsible for requirements gathering, simplifying requirements, testing, organizing sprints, managing the sprint cycles, delivering requirements, communicating with stakeholders and management, and other business analysis and project management activities across Jeffries’ Global Information and Technology umbrella. As a manager, one of my key responsibilities is to make sure the team stays organized. Q. Have you always been interested in cybersecurity? When I was younger, I always got feedback that I was creative, so I initially pursued marketing. But, as soon as I started as an undergrad, I realized that I was missing an important piece, which was practical, hands-on work. I actually got an offer for a marketing job straight after college and didn’t take it because it just didn’t seem interesting enough. It didn’t seem like a challenge. That’s what drove me to consider finance, then IT, and now cybersecurity.  I love to critical-think, I love to strategize, I’m great at problem-solving. It’s been a great fit. Q. What did your path into this industry look like, then? A recruiter actually reached out to me based on my experience in product management and business analysis. At that point, I had zero exposure to cybersecurity. I didn’t know what it looked like. But, during the interview, I was told that if you have a background in IT, you’ll be able to pick-up cybersecurity. It’s not rocket science.  That was hugely comforting to me and enabled me to look at the job description with a much more open mind.  They were looking for an experienced project manager who was willing to learn. I ticked both those boxes. The journey from that day until today has been exactly that: all about learning.  Q. Was it challenging to transition from business analysis to a highly technical role? I’d say my knowledge base is currently 50% technical and 50% business analysis. But that’s part of the appeal for me. It’s something I have to work at, especially because IT and cybersecurity change so drastically, so quickly.  That means that I have to learn something new every single day and I’m not afraid to admit that. I don’t think that’s a weakness, I think that’s a strength. I know 50% more about cybersecurity than I did a year ago and that number is only going to continue to grow.  And I’m not afraid to ask questions! I’m not afraid to say that I don’t know.  Asking is the only way that you get an opportunity to get involved and expand on what you already know. Q. Has your work in cybersecurity so far been what you expected it to be? I didn’t fully grasp how many problems the industry solves until I got into cybersecurity myself. Even with a background in IT and business, I didn’t know. You think about logging into your computer every morning at work. We all do that. I never even considered how a functionality like that is safeguarded until I started in cyber. Most people don’t spend time thinking about how many characters their password has or whether or not two-factor authentication is enabled, the work behind the scenes is normally done for us. I’m now the one behind the scenes doing that work. And it’s incredibly important work! Not just for the individual, not just for the company, but for any and all external parties involved in that company as well.  Q. Did you face any challenges related to the disproportionately low percentage of women in the industry? It’s very clear that there are fewer women in this field than there are men, but I don’t feel – or haven’t been made to feel – like I’m less than because of that. If anything, I’ve gotten more respect from male colleagues because of it. It’s actually in many ways empowered me and boosted my confidence. Not only have I taught myself about the industry and progressed by doing so, I’ve progressed in an industry where not many women currently exist. That’s something to be proud of, not burdened by. I also have to give credit to my colleagues and managers and people in leadership; the culture at Jeffries enables me to do my best work. The problem isn’t solved just by acknowledging that there’s a problem. It’ll take time. But, this is such an important industry and we’re solving real problems with a real impact. It’ll continue to evolve, expand, and attract more people. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Tess Frieswick From Kivu
By Maddie Rosenthal
28 January 2020
Tess Frieswick recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security consultant. She started as a Security Analyst straight out of college and was promoted to a more senior position after just six months.  In addition to earning her Bachelor’s Degree in World Politics with a minor in Islamic World Studies at The Catholic University of America, she’s gained political experience through internships at the International Model United Nations Association (IMUNA), the National Consortium for the Study of Terrorism and Responses to Terrorism (START), and the American Enterprise Institute.
Q. How did you end up in cybersecurity after studying World Politics and Islamic World Studies? I was fortunately hired to work for IMUNA during my first semester of college after getting involved in the organization in high school. I really lucked out and was assigned to work on the Counter-Terrorism Executive Directorate which, at the time, was focused on the terrorist group Boko Haram in Nigeria. I loved learning about African politics and counter-terrorism efforts in the region which sparked my interest in international security.  By the time I was ready to graduate, I was more certain that was the direction I wanted to take, I just wasn’t sure in what particular specialty. I had a few years of experience in counter-terrorism, but no real experience in cybersecurity. Q. What was it like, then, starting as a Security Analyst at Uber so soon after graduating? When I first started, I was a bit intimidated. I was the youngest on my team, didn’t have my Master’s, and was one of the only women on my team. I felt like I had a lot to prove, but that inspired me to work really hard. I had a manager and a boss who both recognized and valued my skills and trusted me with big projects that had a global impact.  My team actually worked on 565 different tasks from executive protection to assessing phishing emails. That experience really reinforced that cybersecurity was the path I wanted to pursue. Q. What interested you the most about cybersecurity? The 2016 presidential election piqued my interest. I remember learning about Russian interference, bots, and the manipulation of social media after Trump was elected and recognizing that cyber security is bigger than people realize. It provides a new landscape for modern warfare and these things are changing the dynamics of politics. Even something like the recent assassination of Qassim Soleimani; that presents a potential cyber warfare risk. After the assassination, I was doing assessments and considering what retaliatory actions Iran may take. Could it result in cyber warfare? Would they target critical United States infrastructure?  Developing technology is driving all of this; it’s changing everything. Politics is constantly evolving, especially with the development of cybersecurity and cyber warfare. It’s fascinating!  Q. Did you have any specific technical skills that made you especially marketable for jobs in the field? I haven’t taken any cybersecurity-specific classes. Everything I know about cybersecurity I either taught myself by reading or learned on the job. After leaving Uber, I was really upfront during interviews that I didn’t have technical skills. But, that was balanced by the fact that I can learn really quickly. That’s what I focused on. I think my writing background was also something that made me stand out. I have experience writing intelligence products in a strong, thoughtful way. At Uber, I wrote over for a project 70 documents, including style guides for products, global standard operating procedures, and security policies. Talented writers might be surprised that they have a place in cybersecurity but they’re needed to create really polished products that impress clients. Q. You had an internship at an all-female media company while you were in college. Was that a formative experience in your professional development? In every single internship I’ve had, I’ve had a woman that I looked up to for advice and counsel. I’m also just a huge feminist. I’m obsessed with Ruth Bader Ginsberg – she’s my hero, and I love Madeleine Albright. From athletes to politicians, I’m constantly seeking out stories of successful women, and women fighting for equality and change, to motivate me. I still think of some of these mentors years after working with them and I hope I am making them proud. Now, as the only female leader in my new role, I have a responsibility to step up and empower other females, too. This is especially important for women who are shy or aren’t as quick to speak up. Those people – even if they’re smart and capable – can be overlooked. Backing up their ideas, supporting them, making sure they feel empowered…it all makes a big difference.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Funding Circle, IBM and more. #TheFutureIsCyber