In this interview, we spoke with Shannon Brazil. Shannon is a Senior Cyber Security Specialist based in Canada, focusing on the coordination, detection, analysis, mitigation, remediation, and recovery of a cyber incident. She is also an Ambassador for Cyber Mentor Dojo – a free platform for everyone to find a mentor that suits their area of expertise. Continue reading and discover her interesting insights around being a woman in cyber security and how she stays updated with the news.

1. Firstly, thank you very much for taking part in this campaign, Shannon. Can you tell us about your professional background and areas of interest?

Thank you for having me, this is very exciting, especially with these other high-caliber individuals.  

Sure thing! My background is a tad interesting to some people, and I ended up in Cybersecurity by accident. I first went to college for Culinary Management and switched over to Computer Science when I figured out that I only really enjoyed cooking for friends and family.

When I graduated as a Computer Technician, I already had a position as an IT Analyst with the Royal Canadian Mounted Police helpdesk where I was doing the basics: resetting passwords, hardware and software support, and troubleshooting printers.

After some time, I won a position with their SOC (Security Operations Center) where I supported the data center and network comms; 2 years of shift work can really have an impact on someone mentally and physically, and it just wasn’t for me anymore – so I was seconded to the Linux support group (3rd level support) where I created and maintained Linux environments for our clients’ applications.

A year later, I was seconded to the National Division, Cybercrime Investigations Unit where I conducted forensic analysis, network analysis, major case management, etc. It was my first introduction to cybersecurity, or what it looked like to have the lack of cybersecurity – and it intrigued me. So I dove deeper and I ended up leaving the RCMP for a private company where I am now a Sr. Cyber Security Specialist on their Cyber Incident Response Team. 

2. You are currently holding the position of Senior Cyber Security Specialist. Is there a typical workday for a cyber security specialist and more specifically, what are some of your primary concerns on a daily basis?

My typical workday consists of reviewing cybersecurity incidents that have been escalated to our team by our SOC, determining scope and impact, conducting investigation and forensic analysis on the alerted endpoint, and then establishing mitigation and remediation processes.

There are some days where I get dozens of alarms and incidents, and then some days are quiet enough that it gives me time to review documentation/roadmaps/playbooks, build relationships with other technical teams, follow up with clients, etc. 

My primary concern on a daily basis is ensuring the business continues as normal and ensuring client services are not degraded or impacted by cyber incidents- this includes reviewing and researching new vulnerabilities that could impact our systems. 

3. What is anything you wish you knew when you first went into this career?

You know how when you graduate from high school and you wish school or parents could have taught you the basics like cooking, finances, and sewing? Sort of like home-ed – I always think about how I wish I had known about source control (version control) when studying Computer Science. It makes a huge difference when it comes to organization, reviewing code changes, reverting back to known working states… it’s the small things. 

I’m also currently taking certifications to catch up with Cloud technology – this wasn’t a thing when I was studying, and I wish I hadn’t put it off for so long. But the key to being successful in this field is to keep learning.

4. What is the most exciting part about being a woman in technology or cyber security?

The most exciting part about being a woman in this field is the fast-moving change of acceptance. One of my first jobs was with The Source – I was on the floor selling electronics to clients, helping them troubleshoot their tech issues, and giving them my best solutions. It was the first time I experienced excitement about helping others, and also the first time (and not the last) where I experienced sexism. I had customers walk past me, and ignore my attempts to help them, only to ask questions to my male colleagues and be pointed back to me for “expert help”. I am happy to say that this doesn’t happen to me often anymore, and when it does, I have a team of colleagues that are always ready and willing to support me and ensure that my opinion matters.

5. What do you think organisations should be doing more to encourage more women to consider a career in cyber security?

I think organizations are doing plenty to encourage and support women in cyber security – there are university programs FOR women, mentorship and leadership STEM groups FOR women, coding and learning workshops FOR women, and so much more. We are the most supported gender when it comes to breaking into STEM; whether it’s by women or for women, we have a lot of opportunities to jump both feet in.

Organizations are doing great in seeking talented women to join them, and they are changing the culture for the better by not encouraging sexism in the workplace – they are becoming less tolerant and initiating more programs to ensure women and men feel equal in their fields. There’s always room for improvement, but we are on the right track.

6. How do you stay up to date with industry news and updates regarding cyber security? Feel free to share the sources/websites with us.

I have someone who does that for me! Just kidding, but also not kidding. 

I work alongside our Cyber Threat Intelligence team where they receive all the latest news and updates within their RSS feed – there’s so much out there happening all at once, it’s really hard to determine where your attention is most needed. We receive briefs every day about vulnerabilities or events that could impact us today or in the future.

Most of the news articles are pretty high level, but when it’s a slower day I like to dive down at the granular level. During my personal time, I have my own feeds from various sources like Dark Reading, Forensic Mag (Digital Forensics is my first love), Kreb on Security is a must, Tripwire, and so many more. 

7. What would be your one piece of advice to every young cyber security enthusiast?

Learn about everything, but also understand that it will take time – experts don’t appear out of thin air! 

I have a blog on Medium where I describe my path, my experiences, and some starting points for anyone that wants to get into Cyber Security: https://4n6lady.medium.com/cybersecurity-the-starting-line-8b9ee97f73c1

Feel free to check it out!

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.