‍The following is an interview we recently had with Anastasia Edwards, Security Engineer and Cybersecurity Professional with soft skills in emotional intelligence, awareness communications, cultural code-switching and cultural change implementation. Anastasia discussed the biggest challenges businesses face when implementing new security awareness measures, the most important lessons she has learned so far being a woman in information security, and further topics. Enjoy her full insights below.

1. Firstly, thank you for taking part in this campaign, Anastasia. Can you tell us about your professional background and areas of interest?

A sincere thank YOU for having me. I am grateful for the opportunity.

I am currently titled “Security Engineer”, I work for a technology manufacturing company in the Aerospace and Defense Industry. My main responsibilities are a cyber event management and incident response as well as administering and running the user cybersecurity awareness and remediation program. I am also a member of the team which investigates and monitors insider threat issues.

After 10 years in Cybersecurity, I have discovered that my passions are in the “human aspect” of Cybersecurity. I enjoy helping users adopt cyber core values and best practices that they can use at home and at work. I also thoroughly enjoy the cyber human risk management aspect for the organization.

Actually, I love this space so much that I have a personal project in the works creating a new framework for a Cybersecurity Department or Team which focuses on Human Risk Management and Remediation. It melds customer service aspects, educational and remedial training with defense capabilities, behavior analysis observation and monitoring, providing a robust metrics system that gives you a pretty good look at your overall cyber human risk factor as well as threat and risks remediation plans. I’m very excited about this project. The human risk factor is often severely overlooked when it comes to cybersecurity defense and risk management.

2. How difficult was it for you to break into the IT security industry and develop yourself?

I am a very open book and an honest person and I have to say my answer to this question makes me feel a little bit bad. It was not hard for me at all, I was extremely lucky and blessed to be called to cybersecurity by someone who took the lead over a Security Operations Center and knew me from my work ethic and drives in other areas of the company. They felt that I would be a great fit for the team and asked if I would be interested in joining. I thought Cybersecurity was (and I actually asked the individual this) “like doing FBI work?”. They found humour in that. Turns out, it’s kinda like that? But, not exactly. You get to do a lot of analysis, investigations and come to conclusions that require swift action. That’s the fun stuff!

I feel bad because I scroll LinkedIn quite a bit, to keep up on my networking (very important in cybersecurity) and I see loads of posts from people who have spent lots of time and money attempting to simply break into this field. There are so many people who are having the hardest time finding a position. It really boggles my mind! I know there is plenty of work to do and I just don’t understand why organizations make it so difficult to bring perfectly capable people on board. That needs to change. There is some really amazing raw talent out there! Give’em a chance!

3. Please tell us about the biggest challenges businesses face when implementing new security awareness measures.

I would say the biggest challenge is getting the decision-makers, the ones who will authorize funding for the security awareness program, to truly understand the importance of the Human Firewall. Sure, technology has its part in protecting an organization and its data, but if there is a person who happens to merely click the wrong link or download the wrong file – the entire company could be compromised or taken for ransom. Simple as that.

Organizations MUST deploy some kind of cybersecurity awareness program that is consistent and ongoing. Cyber best practices need to remain “front of mind” in our digital era that we’re rolling into from now and on into the future. It’s not going anywhere anytime soon, but it needs to be elevated in importance, for sure.

4. What are some new threats you have recently noticed cyber criminals pose?

New threats? I’m more familiar with constant threats. Social Engineering includes phishing of various kinds. I believe that cybercrooks are now looking deeper into attacks via mobile phones, yikes! Of course, Cryptojacking is sounding like the most recent “hot new thing” out there. Make sure you put passwords on your cloud accounts! And make sure those passwords are good and difficult for anyone to guess or crack! And, enable multi-factor authentication anywhere you can.

5. What are the most important lessons you have learned so far being a woman in information security?

Interesting question. I’ve always worked with mostly males in the field of Cyber. But, I grew up with all my brothers and had a few jobs in my early years where I was the only female on the team so I’m very used to it. And, personally, I don’t really notice a difference. I let the “the guys” know that they can be themselves around me and let’s just take care of the business at hand! I’m a cheerleader for the team, always shouting “GO, TEAM!”. The lesson in that is, just do what you’re there to do, do it well and always support the team

6. What do you think organizations have to do to encourage more women to consider a career in information security?

Hmm…I don’t know about organizations specifically but maybe some TV production company can come up with an awesome cybersecurity show that has a female lead or a team of females possibly? I think that is the fastest way to spread awareness and interest in this field. You gotta make it “cool” and interesting and relatable. Give women a “hero” that inspires them to look into a career in cybersecurity.

And, I just thought of this as well…anyone can begin a career in cybersecurity awareness. It’s very simple to want to help people simply be more aware of living and working a safe digital lifestyle. You can come from a completely different career field, and switch to cybersecurity by starting on the awareness team.

You may get some time to interact with other parts of the cybersecurity team and become drawn to a more specific practice, like threat intelligence, or malware analysis, or risk management and so on and so on. You can then transition into a more focused speciality of your passion. So come on down! And check us out!

7. How do you stay up to date with industry news and updates regarding information security and technology? Feel free to share your top 5 sources with us

Oh man, it’s hard to keep up on all the great information that people work very hard to put together for the industry. I have over 700 subscriptions in my RSS feed. I wish I could read every single article! As I mentioned before, I am a big LinkedIn scroller so I find myself reading a lot of articles from there, all from different sources.

I seem to read SANS newsletters, Gate 15 Sun, Infragard posts, The Hacker News, Infosec Sherpa, Cybesafe newsletters, Dark Reading, and Krebs on Security on a more consistent basis.

8. Our last question: What advice would you like to tell our young readers who are pursuing their dreams in the security market?

Oops! I should have read this question before I answered #2. I don’t ever mean to discourage, but like I said, I’m an honest person so – let me say this…

You can do and be ANYTHING you want to be. You only need to have a true passion and dedication for making it happen (refer to the second part of my answer in question #6, this goes for both women and men!). As I mentioned above, there is currently some strange issue with specific requirements when looking for an organization willing to hire you. DO NOT BE DISCOURAGED!

Apply to any job you feel drawn to, even if you don’t possess ALL of the requirements. The worst they can say is no. Keep a clean and up to date resume or list of cybersecurity activities and accomplishments on hand and be sure to network, network, network! That is KEY! There are PLENTY of free resources online to help you learn various specialities of cybersecurity, do that as much as possible too! Immerse yourself. You will find your spot, there is PLENTY of room. Come join us!

Thank you for this interview! That was fun!

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.