Accomplishment Alert!: Your New Security Analyst is Here
Yes, you read that correctly. Yesterday, I completed my first full month as a security analyst for a retail company. How I got here is a real whirlwind of events, but I’m here, I’m happy and I’m learning. I tweeted this in June:
I cannot wait to one day refer to myself as a Security Analyst. And then a Security Engineer. And then maybe even a Security Architect.— InfoSteph (@StephandSec) June 4, 2018
The response was amazing. And then, less than two months later, tweeted this:
I just finished my first day as an official Security Analyst! https://t.co/HALwvAM1UJ— InfoSteph (@StephandSec) July 31, 2018
The two events were, surprisingly, unrelated.
Since I know so many women that are attempting to break into security, I’d like to share my experience. Full disclosure, I don’t think that it’s going to be completely encouraging. I’ve had a theory for the longest time that getting into the industry is based on pure happenstance, and to be honest, I think my theory was proven through my own experience. But, then again, I do have a nasty case of Imposter Syndrome, so I could be selling myself short. As always, take what you need from this and leave the rest on the page. Here it goes:
I randomly applied for a job.
I got a call back from a recruiter that works with a recruitment firm, and he initiated a phone screen.
He passed me forward to the company. They scheduled interviews through him.
I had an offer from another company already, so they graciously sped up the interview process.
I met with the team, the director and the CIO across two separate interviews.
I thought it went well, but I did not have hope. We will get into why in a moment.
I got a call from the recruiter internal to the company I was applying to and she said I got the job.
That’s it. That is the whole story of how I got into security. I didn’t spend months studying all kinds of security concepts. I didn’t learn a new coding language. I didn’t spend months preparing for this position. It essentially walked right up to me and fell in my lap.
I had great conversations during all the interviews. I laughed, they laughed, we all had a good time. It was important to me to be chosen for who I am, not who I pretend to be. And, ladies, that was actually enough. Three weeks into the job, my boss revealed to me that he hired me because I talked with a smile.
My boss just answered the question of why I was hired instead of more technical or experienced people. And it is because I talk with a smile. He said that you can train someone to be more technical and experienced, but you can’t train someone to talk with a genuine smile.— InfoSteph (@StephandSec) August 15, 2018
Nearly every individual I’ve talked to about how they got into security has deluded themselves into thinking they did something outstanding and amazing to get in, but 9 times out of 10, it was happenstance, just like my experience. Completely random. Fell out of the sky. Which makes perfect sense. Unless you’re in a tech company (and sometimes even then), security tends to be an afterthought. A reaction. An action based in fear. In a way, it makes sense how people seem to randomly fall into it. But that’s another theory to be explored in another post or in a DM.
Of course, I wasn’t sitting on my behind doing nothing. In the last year, I re-enrolled in an undergraduate program for IT Security, I obtained my Sec+ among other certs, I attended HouSecCon, I networked, I ran tech-a-thons, I attended DefCon, I read, I studied. None of that really played into why I was actually hired, though. My new boss and my new team didn’t know about most of those things before hiring me. In all honesty, it’s right place, right time, right person. You want to do all you can while you wait to make sure you’re good when the time comes, of course. And keep applying. Keep meeting people. Keep immersing yourself into the community and into the literature. Keep learning. Because you don’t get into security and relax. Oh, no. You have major work to do for the rest of your career.
So…in summary: Hello, my name is Steph. I’m a new security analyst. I have imposter syndrome. I fell into my role by happenstance. I will use my time here to do great things. Thanks for reading.
Subscribe to get the Steph&Sec newsletter sent directly to your inbox!