Author Catarina Pottle
As a recent graduate from a community college with an Associate of Applied Science in Cybersecurity, I have experienced opportunities and challenges that have allowed me to expand my understanding of what it means to be a woman in cybersecurity and to get a sense of what lies ahead for me. But before I explain my current situation, let us begin where it all started.
Originally, I had a different plan in mind when graduating from another college in late 2020 to pursue environmental law. I had just wrapped up my environmental capstone project, and I was taking on the arduous challenge of finding a job while being a recent graduate. However, life had other plans and I had the misfortune, as so many others did, to graduate when the pandemic was just starting. More people were staying home, and companies were not posting as many opportunities for entry-level work. I was even willing to work for free if that meant I could gain professional experience. Unfortunately, there were no offers and I had to rethink my career goal of getting some legal experience or working for an environmental organization.
After making the difficult and scary decision to change career paths I had to think about what drove me. I had a knack for learning quickly and being able to think creatively. In addition, I enjoyed being in a stimulating, challenging environment and seeing on the news day-to-day issues concerning internet safety and malicious state actors. I decided to read more and find ways I could help. That is when my dad mentioned cybersecurity. At first, I was hesitant as I had little to no knowledge about computers and networking, but it was at the forefront of everyone’s mind.
As mentioned, I had zero knowledge and my path towards cybersecurity was not easy or clear. For all intents and purposes, I was a noob (an amateur). However, I did not let that stop me and I pushed to absorb every drop of knowledge I could find and gather. I would read on forums, articles, and watch videos even if I did not understand everything. I was fortunate enough to work with amazing professors and gain the opportunity to intern at Duke University’s ITSO-SOC for a year. To be honest, not many people get this kind of opportunity, and I was not going to look a gift horse in the mouth. I took that internship and did everything I could from collaborating with fellow interns, giving presentations, and asking as many questions as I could.
And back to the present, I graduated with a 4.0 GPA, received an award for being the top IT student within the IT division of my college, and I am currently working full time at Duke University. But the biggest takeaway that I would share with others is to apply for every opportunity no matter how slim the chances seem. You never know, someone may give that helping hand you need.
What advice for your younger self do you have about the challenges and unfairness that you have experienced in Cybersecurity and how you handled / wish they had handled these situations?
I think the biggest challenge I have faced is impostor syndrome because I sit there wondering how I got to where I am and if I am good enough. Even now, that little voice sometimes creeps up. This is worse when you are a woman surrounded by men and you do not believe you have enough expertise to really speak-up. There is this expectation to continually learn and be a knowledge expert in your field whether it is Cybersecurity or something else. But that is where you have to say no to that voice and just speak up. It is not easy, but it slowly gets better.
How have your experiences affected how you approach cybersecurity?
I have decided to slow-down a little to not burn myself out, but I keep myself up to date by reading recent blogs and news. I find that, as a commonality when speaking to friends in Cybersecurity, there is the desire to learn and take in everything, but we forget to sometimes slow-down or step away. Mental and physical health is important!
As a woman in Cybersecurity, can you suggest any affinity or other groups others should join to create a supportive network?
I would join Women in Cybersecurity (WiCys), local chapters for ISC^2, local PowerShell chapter, and your local colleges’ IT groups (programming, gaming, and etc.). There are also numerous online communities hosted through services like Discord and YouTube. Some users or channels that I recommend are John Hammond, NetworkChuck, TryHackMe, Professor Messer, OffSec, and TCM Security to name a few.
Do you have any advice on how to seek allies at work?
I think the best way to make allies at work is to show you are a team player by volunteering to help and looking for ways to be an asset to your team. BUT keep in mind that you are one person and only take on what you can manage because if you spread yourself too thin, then everything else will become subpar. As my father said, “a job worth doing, is a job worth doing right.”
Do you have advice on finding a job in Cybersecurity or tips on getting promoted?
Keep studying, share your interests, show that you are trying to actively learn through certifications, CPEs, and attending webinars/workshops. Also, do not forget to network by connecting with classmates, co-workers, and members in the community. Networking is something that I am still working on, and it is easier said than done, especially for us introverts out there!
What advice can you provide when it comes to being aware that you have bias in your organization and how to manage that? What changes would they like to see in the industry?
I think the first step to recognizing bias is admitting it. Then, addressing bias can be done via conversations with individuals who are willing to take part/listen. At the same time, you as an individual must also be willing to listen.
Do you have suggestions on how others can seek out companies that have and value diversity?
I think a way to seek out companies is to use social media such as Reddit, Mastodon, Discord, Instagram, and Facebook to see what others have to say and what kinds of events these companies host or sponsor. Also ask yourself, do these companies support the same interests, cultural understanding, and goals you have?
Many companies have "Diversity and Inclusion", but is it just there to check a box?
In some cases, yes because it brings in money, but I think diversity and inclusion can be incorporated to ensure that a truly diverse workforce exists. I think for many they believe it has to do with the color or gender of an individual, but true diversity is defined by a person’s personal experience. Diversity is important because it creates opportunities for new ways of thinking and challenges people to step out of their comfort zones.
Do you see the need for more women in Cyber? What skills or characteristics do women bring to the table?
In general, I think more women in Cybersecurity would be beneficial to promote diverse perspectives, innovation, and collaboration. In addition, this would encourage younger women to pursue a career in Cybersecurity and potentially reduce bias or discrimination in the field over time. Women can bring new skills to the table such as analytical thinking, risk management, attention to detail, communication, and ethical/social responsibility.
How do you think having kids will affect your career?
Having a child may affect my career later down the line. I will need to juggle family and work responsibilities even more, which is why I am pushing myself to continue learning and taking as many opportunities as I have the time.
Is there a glass ceiling?
I would agree that there is a glass ceiling or barriers to entry when it comes to representation and lack of support networks; however, there has been a greater push to increase representation and promote a better workplace culture and work-life balance for women.