My (Trace)route to Cybersecurity
Author Candace Moix
Hello CSNP readers! My name is Candace Moix and I volunteer as one of the Directors of the CyberSafety Initiative.
My high school friends recently shared a photo of an old English assignment with me. It was a superlatives poll, where I was somewhat jokingly voted “Most Likely to Be a Spy.” But it wasn’t really a joke for me because I decided fairly early on that I wanted to work in national security. I was fascinated by the work itself and driven by a passion for public service. To make sure I was prepared for any opportunities that came my way, I tried to learn as much as I could - anything and everything that could be useful. While at the University of Pittsburgh, I obtained a BS in Psychology to learn more about human behavior and research methods. I received certificates in Global Studies to learn about international relations and sociology, and Arabic Language & Linguistics because it was designated a critical language by the US Government. I used the rest of my electives and free time to broaden my horizons further, minoring in Administration of Justice, Religious Studies, and Studio Arts. I was even lucky enough to participate in an amazing study abroad program in Sharjah, UAE, where I learned just about as much through traveling as I did in my formal education. Even today, I still try to prioritize continual education! Although I don’t use each of these skill sets on a daily basis, I think it prepared me for working on the complex, interdisciplinary topics that often arise in security. Having a broad, generalist background with well-honed critical thinking abilities can be a huge asset in cybersecurity.
The takeaway: Bring your whole self to the application, interview, or job - meet the requirements and more. Although checking all boxes is great, it doesn’t always set you apart. Additionally, think about what differentiates you and your application from others. What unique passions, background, or skills do you have? Learn it all and bring it all to the table. The world is increasingly interconnected, inclusive, and looking for new ideas. You never know what experiences may be valuable in the field of cyber! For a great example of this, follow Tracy Maleef and her story about leveraging a library sciences background to transition into cybersecurity.
I then went to graduate school at King’s College London to study Terrorism, Security, and Society. During this time, I did research with two think tanks and started applying for jobs in the US government. As some of you probably know, the process can be lengthy; while waiting to hear back about employment, I learned about the National Science Foundation’s CyberCorps program. This is a Scholarship for Service, which acts as a pathway into critical technical roles in the government. I reached out to the program director at the University of Tulsa and less than a month later, I was starting graduate school again! In addition to providing a security tailored MS in Computer Science, the program also connected me with a great network of peers and mentors. This was the tipping point for my career, where I began to develop some specific expertise and momentum in cyber. From there, I went on to work in a variety of technical analyst roles in the government, consulting, and now private sector for Recorded Future.
The takeaway: Be open to new opportunities and pivots. You never know what emerging field, scholarship, or job might come your way that wasn’t on your radar before. Cast a wide net and say ‘yes’ as often as your bandwidth (and mental health!) allows. Check out scholarships tailored to building the cyber workforce, like CyberCorps, or jobs that are tailored towards early career applicants, like NSA’s development programs. Explore them all and keep applying. Try out CISA’s Cyber Pathways Tool to learn more about the different types of jobs and training that can help plan your career in cyber!
Despite some twists and turns, I was very lucky to have an easy transition into cybersecurity, but it’s important to acknowledge that’s not always the case. A 2022 report indicated that women hold only 25% of global cybersecurity jobs and a meager 17% of Chief Information Security Officer roles at Fortune 500 companies. Additional research found 87% of women in cybersecurity experienced unconscious discrimination, 19% experienced overt discrimination, 53% reported delays in career progression, and that’s not even discussing the notable differences in salary. Additional barriers to success can build on each other, compounding challenges; although I have been fortunate to work in very gender inclusive environments, my Type 1 diabetes diagnosis in early adulthood quickly illuminated disability discrimination and accessibility issues. Thankfully, the more I spoke out, the more community I found, and this community of like-minded people was able to help advocate with me and on my behalf. Although it shouldn’t have to, change truly does start with you. The more willing you are to share your experience and advocate for change, the more likely an environment is to improve for both yourself and future generations.
The Takeaway: Expect barriers and prepare to overcome them. Don’t accept anything that makes you feel undervalued or uncomfortable, and find your support community for those difficult times. And play a role in that community! Make sure you’re reaching out to support others. Whether it’s in an Employee Resource Group, in a meeting, or in an interview room, your ability as a woman or minority to advocate for others and create a more inclusive environment is literally culture changing. This can help shift the needle, making diversity and inclusion an authentic part of the culture. Notably, not all employers value diversity and inclusion equally, so it’s important to set yourself up for success and consider company culture prior to accepting a position. Check out websites like Parity (plug for Recorded Future, which made the 2022 list for Best Companies for Women to Advance!), Glassdoor, or even LinkedIn to investigate what the best culture fits for you.
Everyone’s experience and path into cybersecurity may look very different! That flexibility is part of what makes the field so great. There’s no prescriptive training or magical words to get into cybersecurity, it’s often a lot of hard work and a bit of luck. Whether it’s in education, career opportunities, or building community, keep growing and learning. Above everything else and regardless of what field you’re in, be confident you deserve to be there and always be ready to take your seat at the table.
About the Author: Candace Moix is a security analyst, currently working for Recorded Future in threat intelligence. She also lectures for the University of Maryland’s START program, is a member of the Trust & Safety Professional Association, and volunteers with Girl Security. She serves as Director of CyberSafety Initiative for CSNP.