Author Janelle Hsia
My advice for women who want to work in cybersecurity is three things: show up, stand up and network.
Show Up
As a woman in technology in the early 1990s, I was frequently the only woman in the room. To make it even more interesting, I worked in the field of Inmate Management – yes jails and prisons. This is also very male-dominated. I was part of project teams, usually made up of multiple different vendors, that installed computer systems in the control rooms, booking/intake rooms, visitation, housing units, and kitchens of operational criminal justice facilities. As you can imagine, I would be in locked facilities with inmates and prison staff waiting for me to resolve complex computer issues. No pressure!
I showed up time and time again as I began my career. First, by being willing to be on the front line of installations. Sometimes it was dirty (climbing through crawl spaces filled with cobwebs and dust) and sweaty (carrying computer terminals and coax cable), but I always did it. Why? I always learned something valuable just by doing it. Since I was literally the ‘boots on the ground’, I was asked to provide status and updates to senior leadership. From there, I was given on-site authority to make decisions for the project team and learned negotiation skills. This eventually landed me in executive meetings which allowed me to show my leadership value. This didn’t happen quickly, but I took advantage of each opportunity.
Stand Up
I said yes to projects that were outside my comfort zone. I took initiative and seized the moments given to me. As I moved from inmate management systems to installing other types of computer systems, I found myself agreeing to take on cybersecurity projects. Because I had a strong technical background, these were just another project being added to my portfolio. Following the first couple of projects, I realized that I wanted to understand the controls related to cybersecurity. After initially starting on these projects with little cybersecurity experience, I took the initiative to study it. So I took classes related to cybersecurity and the NIST 800-53 framework. It was one small assignment on top of another small assignment that turned into a cybersecurity project which eventually led to managing an entire program. Don’t expect to start in management, most of us started in the weeds.
Part of standing up is also bringing your unique voice. In my cybersecurity programs, one of my projects involved a lot of sensitive personal data. Ten years ago, not many people were concerned about personal data. It seemed to me that we needed to do more than just secure the personal data, we needed to ask questions like – do these people know we have this data about them or should we be collecting it and storing it in the first place? No one else was asking these questions and not many people were interested in looking at the privacy controls in NIST 800-53 (appendix J). So, I took the initiative and began looking into what we needed to do from a privacy perspective. I presented this to management and they agreed we needed to add the privacy controls to the project. It was a win-win for everyone.
This taught me that each of us has our own way of looking at issues and that we must ensure each view is represented. These different voices make the whole project better. Another way to view this is in meetings, when the question is tossed out there, “Does anyone have any ideas?”
Raise your hand. Don’t be afraid to take risks. Offering an opinion from a diverse point of view adds value to the process.
Network
This has two components. First, privacy and security are team sports. We have to work together so don’t try to go it alone. Privacy and security touch every aspect of the business and as companies are learning, it is critical to business success. Plus it is very complex, and no one person has all the answers. Especially if you are the lone person in your organization’s security and/or privacy program, make sure you network with other professionals. There are lots of online forums and communities for collaboration. If you don’t have this, ask for help today.
Second, make time to attend conferences, meetups, and other learning opportunities. While you are networking, you should ensure you are always looking for your next job either inside or outside your existing organization. When attending in-person events, meet new people and learn something new. At these events, sometimes my friends think I’m rude because I always want to talk to people that I don’t know. Granted, I’m a people person but if you are worried about it or not sure how to start a conversation, start by walking up to a new person and introducing yourself with a fist bump/handshake or a friendly smile. Then have a pertinent topic, related to the reason you are there and be ready to discuss.
It sounds simple but it’s not easy. The good news is that these things can successfully translate into other areas of your life. They are also things that you don’t have to be perfect at right away and they improve with practice. Always be on time, be prepared, have a good work ethic, take the initiative, and be ready to take risks. You can do it!
It sounds simple but it’s not easy. The good news is that these things can successfully translate into other areas of your life. Always be on time, be prepared, have a good work ethic, take the initiative, and be ready to take risks. You don’t have to do these perfectly right away, and they improve with practice. Plus, thinking about what worries people has turned into my business – Privacy SWAN Consulting. Everyone thinks I like swans, but SWAN is actually an acronym. I want to help you take action and address those worries so you can Sleep Well At Night (SWAN).
About the Author: Janelle Hsia, Founder and President of Privacy SWAN Consulting.
Janelle is passionate about privacy and data protection training and awareness. She is not a lawyer and brings a diverse background with strong leadership, technical, and business skills spanning 20 years. She is part of various privacy and security associations. She is also a college instructor and IAPP trainer with certifications in CIPM, CIPT, CIPP/US/E, CDPSE, CISA, GSLC, and PMP.