My Humorous Foray into Cybersecurity


Posted on by Nneka Achufusi

Lots of articles have been written about how underrepresented women are in cybersecurity. I am willing to bet money that most women shy away from cybersecurity because they believe that it is very technology heavy. Or some women looking for second careers may feel like they are too old to start cybersecurity as a new profession.

Well, I am living proof that nothing could be further from the truth. I self-studied and passed the CISSP exam on my first attempt at the age of 50. Yes, it was a grueling three months of non-stop studying, while raising four sons, working full-time and trying to start my security firm. And, no, I have zero background in tech. My undergraduate degree was in accounting, and I had worked in the accounting field as a CPA for the better part of my career, until I could not take it anymore!

Cybersecurity has not sold itself successfully to women, but the truth is that women and moms are the perfect candidates to jump into this fantastic field. We are already practicing cybersecurity and, specifically, risk management in our daily lives. We already condition ourselves to think in terms of “risks” and often do not think of it as risk management. But trust me, we are already pros at this stuff.

The key for the non-techie folk like me is to find ways for it all to make sense. To make it relatable. For example, it took me several months to understand what a database was until one afternoon, I walked into my pantry and had an “aha” moment. It was as simple as seeing the various packets of pasta stacked in order next to the numerous bottles of spaghetti sauce to help me understand relational databases. (Hey, whatever works!)

It is not that I am not smart enough (I passed the CPA, CISA and CISSP!), but I develop major angst when I think about cybersecurity in terms of technology. In fact, I have such impostor syndrome that I am still reluctant to refer to myself as a “Woman in Tech.” So, I find creative ways to bring security concepts to life by creating scenarios that relate to my everyday life as a female.

Here are a few of my cyber tips that women can relate to:

  1. When a significant other leaves his/her cell phone lying around and you are curious about whether you can break its defenses (think penetration testing), you are practicing risk management. Of course, you are not curious about the contents of the phone at all, you are merely trying to make sure that your significant other has adequate access control mechanisms in place. And if you are successful in penetrating his/her cell phone, you have just created the perfect opportunity to discuss security awareness!

     

  2. When you take that girls’ trip and pack five suitcases for a two-day weekend, you arrange the contents of each suitcase in such a way that one suitcase does not carry too much of the load (think load balancing). You do not put all your fancy outfits in one suitcase, in case that suitcase does not arrive (think single point of failure). If one outfit goes down for whatever reason, you have four other outfits to choose from (think redundancy and high availability). You have essentially put controls in place to mitigate the risks of not being prepared. That is practicing risk management.

     

  3. When you have an active toddler that is into everything, you put defenses everywhere (stair gates, wall plugs, cabinet enforcements, anything to protect them from getting hurt (think Defense in Depth). That is practicing risk management.    

     

  4. I have a scenario to explain a Firewall, but I will not go there. Here is a hint—Number 4 controls will help mitigate the risk of Number 3 occurring.

As you can see, these cybersecurity concepts that can seem daunting at first are concepts that you are already familiar with in your daily life. Security transcends technology in this field. So, do not let a fear of tech or lack of technology training hold you back.

There are so many different areas of cyber, and success in this field is a matter of finding that “sweet spot” that is perfect for you. You do not have to go deep into technology unless you want to. As petrified as I am of tech, I find that it all starts to make sense if you are open to it. Also, do not be afraid to pivot if you find another cyber area that is more suited to your personality and interests.

There is no better time for women to get into cybersecurity. I hope I have convinced some of you who may have been scared away from this field to take a closer look. This is a fascinating, fast-evolving and exciting space. We women in cyber are waiting for more of you to join us. The profession will be all the better for it!

Contributors
Nneka Achufusi

Founder and President, ConMon Solutions

Professional Development & Personnel Management Risk Management & Governance

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community