Lookout Threat Intelligence
Threat Intelligence

October 1, 2019

min read

Q&A: A Candid Conversation With Women Working in Cybersecurity Today

In anticipation of the Day of Shecurity San Francisco, happening on October 11, we sat down with a few of our security intelligence engineers – Kristina Balaam, Kristin Del Rosso, and Apurva Kumar – to get their take on diversity in the information security industry and why we need more of it. Day of Shecurity is a free one-day conference that advocates for the inclusion of women and the diversification of cybersecurity.

Were you aware of jobs in cybersecurity when you were still in school?

Apurva Kumar: If somebody told me that I could become a hacker, I would have paid attention in class more. But no, definitely not.

Kristina Balaam: No, not at all. And I think that's one of the biggest issues a lot of people face, but in particular women in the industry. I didn’t even know there were specific security roles. I just assumed that anybody who was a software engineer knew security and handled it.

Kristin, you had a more unique career path into security, right?

Kristin Del Rosso: Yeah, it's kind of the opposite for me. I fell into this because I didn't know what I wanted to do after I graduated. I have zero technical schooling. I studied history and German in college. I ended up doing sales at a cybersecurity company and that’s when the world of cybersecurity opened up.

Was there a role model or someone who influenced you when you were still trying to figure out your career?

Del Rosso: Lookout’s the first place where I’ve had a wide variety of mentorship. I could ask [Kumar] a billion questions a day and she’ll run through everything with me. Mentors like Michael Flossman and Mike Murray were also really supportive and aware of the lack of women in security. But I think there’s definitely a lack of female mentorship.

Balaam: I didn’t really have anyone I saw as a role model until my first year of university when Jade Raymond, a developer for the gaming company Ubisoft in Montreal who had gone to McGill [University] and did a computer science degree as well, came back to talk about it. Her talk was really the catalyst for me switching from what I thought was eventually going to be a career in international law because I didn't know that computer science was a thing I can actually do.

That’s why I think Day of Shecurity is such an important event because most people don’t even know these roles exist until they see someone else talking about them and doing them.

Speaking of Day of Shecurity, the event is about promoting diversity and inclusion of women. Why do you think diversity is so important to the industry?

Kumar: One thing you’ll hear from almost everyone in this field is that everybody does research differently. Kristin and Kristina – they either attended Day of Shecurity or we hired them through Day of Shecurity. Both of them took different paths to cybersecurity, which allows them to look at problems in completely different ways.

Del Rosso: We complement each other. It’s a really good mix. Diversity is, on one level, about more women or people of color, a physical diversity where I can relate to others like me, but it’s also about mental diversity. A variety of backgrounds allows teams to think differently which is critical. It’s why I think Apurva and I work so well together, because we approach problems from completely different perspectives due to our different backgrounds.

What role does Day of Shecurity play in getting more women into infosec?

Balaam: I think there are a lot of people who are interested in getting involved but don't really know where to start and who might feel intimidated walking into a major conference like DEF CON. But with [Day of Shecurity], it's specifically for people who are interested in dipping their toes into the world of infosec without being surrounded by people who might appear to know more than they do and make them feel like it's too late to make the transition.

Do you have any good advice for young women out there who’s looking at computer science or cybersecurity as a potential career path?

Kumar: What I’ve noticed women do is that they sell themselves short, because we don’t think we have all the right experience. I would say: don’t sell yourself short. Definitely don’t think that you know less than other people. Most likely, you know more than them and they’re just good at having the confidence to say that they know something, even if they don’t.