Cybersecurity...How Did I Get Here and Why Are There So Many Acronyms?
At 10:25 a.m., after twenty-six hours of flight delays and seemingly endless Las Vegas traffic, I had a choice to make: miss my 10 a.m. presentation at The Diana Initiative entirely, or run for it? I ran.
I was giving my first talk ever on breaking into cybersecurity as a woman from a non-technical background alongside my coworker Maril Vernon. Maril and I had been practicing our lecture for weeks and, although I knew she would thrive on stage solo (as evidenced by her prolific speaking engagements, podcasts, awards, and monolithic LinkedIn presence), there was no way I was missing out on my chance to engage in this critical conversation.
So out into the 100+ degree Vegas sun I went, sprinting the last four blocks, and up a few flights of stairs.
I’m no stranger to hustle. I was an NCAA Track and Field coach for 10+ years and spent more than a decade of my life training to compete in distance running at the highest competitive levels. But what had my brain also running was a question that was the crux of our talk at The Diana Initiative: what in the world was I doing presenting at a cybersecurity conference?
The answer plays out over the course of three Augusts.
So, How Did I Get Here?
August 2021
I was starting year thirteen as a track and field coach, having fought my way up from a part-time assistant to a head women’s coach, moving through four universities and all over the country, all the while battling for opportunities in one of the least gender-diverse industries around. And I was successful. I had helped multiple teams to elite finishes at national championships and had been lucky enough to coach individual champions and Olympians. I loved my athletes and playing a role in their lives. But I was miserable. I was burnt out from a lack of work-life balance, toxic workplace dynamics, and too many demands on my time. I was caught up in the vicious cycle of thinking that so many women in all walks of life find themselves in: if I just sacrifice a little more of my time, energy, or attention I could “make things work”. I wasn’t happy, and because I wasn’t happy, I wasn’t doing the job well — which is unacceptable when you consider the responsibility of working with collegiate athletes.
So within that year, I made the tough call to step away from my career with no plan of what to do next.
August 2022
After spending a few sad months on the couch, watching too much bad TV and oscillating between lethargy and crippling anxiety, I realized I had to figure out what came next for me. But I had only done one thing, running, for decades; what was I supposed to do now? Was I able to add value somewhere else, in some other way? Those are tough questions to face at any age, but to do so in your mid-thirties, far removed from those early post-college years, with so many real-world responsibilities, was daunting. So I did two things: first, I got a therapist and started to really work through the issues that had led me to burnout, and second, I started to look at careers that supported the kind of engagement, balance, and fulfillment that I felt like I was lacking in coaching. I asked myself:
Where were people happy and thriving? Where were innovation and continuous learning encouraged and rewarded? Where could I find those things and build a career that would sustain me mentally and financially?
I started reading about the “hundreds of thousands of unfilled cybersecurity jobs” out there, and my interest was piqued, but my real cyber “lightbulb moment” came after chatting with a family friend at a wedding. A conversation about our tattoos (I have many) quickly turned to work, people management, security, and transforming the way the industry works. By the end of that talk, I was hooked. I began to network with anyone and everyone that knew anything about cybersecurity. I asked questions on calls, texts, and Zoom meetings, and was fortunate enough to find some great mentors and friends along the way. But breaking into this industry is tough (more on that later).
I was lucky enough to find Aquia, Inc., a service-disabled veteran-owned cybersecurity firm that was interested in starting an apprenticeship program. I fought tooth and nail to convince them that I was the right person to initiate that program. Ultimately, they agreed.
What followed was maybe the most intimidating six months of my life. I was drinking from the firehose — underwater and upside down. I have a great husband, who loves all things tech, which meant I didn’t have to think about updating my iPhone or troubleshooting my laptop, I just handed it off, and in effect, over 12 wonderful years, I had become a technical luddite. Suddenly, I needed to know what an “SBOM” was, and what an “ISSO” did. What the heck is GitHub, and why does their website look like that? In my first meeting at Aquia’s company offsite (which I was fortunate enough to be invited to, after 3 days as an apprentice) Maril, my co-presenter at the Diana Initiative, (aka, @SheWhoHacks), asked me:
“So, what do you want to do? Do you want to code? Purple team (her favorite)? Do governance?”
I just stared blankly back at her, a deer in the headlights standing in the road, waiting to get run over. I didn’t know what I didn’t know.
But I knew this, I could learn. And learn I did.
August 2023
After six months as a cybersecurity apprentice focused on Governance, Risk, and Compliance (GRC), and acting as the designated “canary in the mine” for the Aquia Accelerator Apprenticeship program, I was hired as a full-time employee, initially to support Aquia’s then-fledgling Zero-to-FedRamp offering, and then quickly transitioning to a role as an Associate Security Architect supporting the new Zero Trust Architecture practice on the Center for Medicare and Medicaid Services’(CMS’s) batCAVE platform-as-a-service (PaaS) project.
Meanwhile, back on the Vegas strip…
Cue the mad dash to make the final few minutes of my presentation on breaking into cybersecurity at The Diana Initiative. Quite frankly it has been a mad dash since I entered the cybersecurity field, but striving for an opportunity to get into this space, and experiencing all the possibilities that it offers, has been a race worth running. Special thanks to The Diana Initiative for having me as a speaker. If you’d like to check out our talk (with my dramatic entrance at 36:31), you can view it here
If you have any questions, or would like to discuss this topic in more detail, feel free to contact us and we would be happy to schedule some time to chat about how Aquia can help you and your organization.