Amber Pham is an Information Security Officer at iovation, a business unit of TransUnion. After earning her Bachelor’s Degree in Psychology, she transitioned into IT where she worked for over nine years, first as a Systems Administrator and then as a Systems Engineer for software and technology companies like Webtrends and Intel. She rounded out her IT experience with consulting and contracting and was able to gain a broad range of experience; this inspired her to go down a slightly different path and pursue a career in cybersecurity.
She’s been working for iovation since then – except for a three-year stint in Amsterdam where she also worked as an Information Security Manager – and has watched both the organization and the industry grow exponentially.
“I was able to sample a lot of the opportunities available in physical security and networking security through consulting, and that’s what’s really missing in recruitment for this field. People just don’t know the huge variety of roles that are available.”
Q. Describe your role as an Information Security Officer in 300 characters or less
I’m a people manager, which is probably my most important role. I ensure people feel supported and in cohesion with other teams to learn and grow. I’m also the central point of contact for the corporate business and, as a part of that, I work with Development and IT teams to get security work done.
Q. How did you make the transition into cybersecurity after earning a degree in Psychology?
When I came out of college with a Liberal Arts degree I had basically zero technical skills. But, tech companies were growing so fast that they were really willing to give people a chance and train them.
I got my “chance” thanks to a really good manager who recognized that I was a diligent worker and that I’d be able to figure the work out pretty quickly. That was working as tech support on a Help Desk, which is how I got into IT. I paid a lot of attention to the training and really just wanted to learn as fast as I could so that I could genuinely start contributing.
I didn’t actually even use my psychology degree until I got into my current role in security leadership. Understanding the psychology of motivation has been a key part of building a team and security program.
Q. When did you make your move from IT to cybersecurity?
I went out to do some contracting and consulting. That’s really where I grew the most. You learn a lot faster because you’re throwing yourself into different situations at different companies at a really high rate.
I was able to sample a lot of the opportunities available in physical security and networking security that way, and that’s what’s really missing in recruitment for this field. People just don’t know the huge variety of roles that are available from social engineering to forensics to risk assessment.
Q. After you got a taste of all the different opportunities available, did you take any more steps to prepare yourself for the roles you were most interested in?
I went on to get my CISSP which was a huge launching point for me. I know it’s just a test, but the studying that I did on the way to that really rounded out my knowledge and was a really strong signal to future employers that I had real experience under my belt and knew what I was talking about. This also gave me some confidence.
For a young person – or anyone really – who wants to launch into a professional career in cybersecurity, certifications like that are a good place to start, especially because it’s hard to jump from 50% system implementation or another aspect of IT all the way to 100% cybersecurity without taking a little bit of a step down and back.
That’s something people are reticent to do. But, by doing that – by taking on a role with slightly less responsibility than I was used to, but that was a 100% security job – I was more prepared for the industry and got recruited just nine months later into what has turned into my current job. I was their first “security person” and was able to build a security program from scratch.
Q. Having really run the gamut of IT and cybersecurity roles, has gender bias been an issue for you?
I’ve almost always been the only woman within the teams I work in. Currently, out of about ten Information Security Officers, I’m the only one. It continues to be the trend but, more often than not, people completely disregard my gender. As long as people don’t talk about it, I don’t really feel it. When I was in my 20’s, it was more daunting. The combination of being young and a woman made me feel it more acutely, especially because I didn’t have a mentor.
You know, most men I work with that are at a certain level credit their success to a mentor. I feel like I’d be years ahead if I’d had one. That’s why I say “yes” every time there’s a Women in Cybersecurity function, a mentorship program, a local event, anything. I always say yes. My dental hygienist asked if I would mentor her daughter because she’s interested in security and, of course, I said yes. It’s so important! You don’t have to be an activist to get involved and help someone.
This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, Funding Circle and more.