Women Making Waves in Cybersecurity

Kristina Balaam  00:09

Hi, everyone. Welcome to endpoint enigma. My name is Kristina Balaam. I am not Hank Schless, but I'm your host for this episode. For those who don't know me, I'm a senior security intelligence Engineer here at Lookout. Today we're talking about something a little different, but equally important diversity in cybersecurity. It's International Women's Day coming up, but also we have day of security happening March 23. We'll talk about deep security in a minute, but it's a free women focused one day conference that seeks to encourage participation of women in security. Joining me today, I have my colleague Victoria Mosby. Victoria is @ lookout federal sales engineer. She's also involved in day of security as well as the lookout foundation. Thanks for coming on the show, Victoria. Thanks for having me. So let's start with this question. Have you always been interested in technology and how did you get into it? Was it at a young

‍

Victoria Mosby  01:04

age? Oh, Lord, yes, it was at a young age. My first kind of step in technology as it were, I was at home at the time was about like six or eight and for the my parents out of house and just gave me an A Tindall system, the original Nintendo system that was my first step into things technology. And from there continued playing video games, and have another system to the first PlayStation, but I got my first laptop around, I want to say 10. And this was back in the day, when the laptop was about as thick as an encyclopedia. And your only ability to get online was like net zero or Juno or flank, you know, one of those dial up services where if your parents picked up the phone, then the internet went down. But it just kept going from there. And I think the reason I kind of stuck with it and enjoyed it so much just because it was just something different. It was something fun that had all these different avenues you could veto, do different things on you know build websites for like geo city websites or kneel pets or things like that. So it was a it was a fun time. I ultimately decided in school that I wanted to continue in that vein and I got into my original degree was in video game was supposed to be in video game programming.

‍

Kristina Balaam  02:29

I love it. I love the discussion about geo pets and geo pets, geo cities and Neopets because that was my first foray into any kind of programming as well. The like the Neo pet pages and customizing your pets individual page that yeah, that did it for me too. So that's awesome. And now how did you pivot from the introduction to video games and programming and, and those kind of like early days into cybersecurity?

‍

Victoria Mosby  02:59

Well, funny enough, I moved to Maryland. So originally from Buffalo, New York, for their video game program, degree was associate's degree out of Montgomery Community College at the time, and was one of the few. This was back when do you know it's really starting to become popular? And I got to like my last two classes in my associates. And I was like, nope, not doing this anymore. Because programming and I have kind of a very love hate, mostly hate relationship. I can do it. But I just I was having like night sweats and nightmares by a code that wouldn't compile this missing space or the cynical windows I couldn't find. And I for point, I was just like, I this is not, this is not a conductive lifestyle that I can, you know, do. But I was doing an internship at the FDIC Federal Deposit Insurance Corporation. I started in their IT infrastructure branch. And while I was there, I moved up a floor like they moved my desk, my cubicle up to like the seventh floor, which is where kind of all the execs said the Cisco, the CIO, the security engineering director at a bunch of them set up there. And I sat right outside of one of their offices. And I needed something to do, I had kind of exhausted a lot of my assignments out of the infrastructure branch. So I popped my head into one of their offices one day, it's like, Hey, intern, don't know if it's possible, but could I shadow maybe one of you or one of your folks for a little bit just to get a feel for what you know, goes into security. And they were all for it. And you said definitely happy to have you shadows. And so I did that for a couple of months and ultimately, kind of decided that I wanted to move into cybersecurity and that was right around the time that I made that decision that programming and I just were not meant to be So I put in a formal request to change offices, as it were, for my internship and moved into the cybersecurity branch. So

‍

Kristina Balaam  05:10

it was a lot of fun. Nice, that's awesome. I feel like there are a lot of people who have sort of pivoted into cybersecurity from being in an adjacent role and kind of just being exposed to it in a really organic way. I feel like for a long time, a lot of school programs just did not really talk a whole lot about security in general. And so you didn't really have much exposure to it until you were kind of out in the workforce seeing that this is something that people need to care about. So that's really awesome.

‍

Victoria Mosby  05:37

Yeah, definitely, like it was. So the actual IT director at the time, I was found that he had a biochemistry degree. Oh, wow, he didn't have he didn't have like IT degree, but he moved into that space. And like, like you said, about schools, it's really special when I was when I was in high school. We had an electrical engineering classes, we had programming classes, I went to a vocational school. So we had a lot of different kind of trade classes and stuff like that. But ya know, security was not a thing that anyone talked about, even in those types of technical classes, security did not exist. But this was also the early 2000s. So security, as I think industry really didn't hit its stride until the late 2000, early 2000 10s. In terms of it been a big, you know, Industry Marketing buzzword,

‍

Kristina Balaam  06:34

right. It's probably why there are so few people in cybersecurity to why as an industry, we're so understaffed. And so now you're you're working in mobile security, and, you know, what do you like about mobile security? That's, that's maybe different from just cybersecurity in general? And what do you find the most exciting about your job.

‍

Victoria Mosby  06:54

So mobile security and cybersecurity as a whole, are exciting just because there's always something new, there's always something some new threats, or some new tool or some new way to kind of go about the problem. And when I was at FDIC, I wore a lot of different hats and did a whole lot of different things, from policy work to governance, work strategy, operations, program, buildings, audits, you name it, I probably did. But Mobile Security specifically, I've always found fascinating, it's just because I mean, I was I remember having a Nokia brick phone that you had prepaid, you know, minutes for, and that's all you had, from there to the flip phone with your, you know, t nine texting and all that and from there to like your razor, Motorola's and then the sidekicks with the push up. So I grew up, obviously, growing up, you know, just seeing the evolution of these phones, but then seeing the evolution of what you could literally do with this phone, it is now at this point, my oldest cell phone, like of my test devices, is still more powerful than the that original laptop I ever had. So it's just mind blowing, and it's not going to stop. So for me, I really liked mobile security, because there's just so much to it. And it's still kind of that relatively young technology from a security perspective. So it's also exciting to see what we can do to make it better Do you know, because networking and and all that has, you know, been around forever, there's tools galore, and people have more or less figured out what they need to do for it. It's just you know, doing it. Phones, on the other hand, still kind of a new state that not a lot of people really know how to properly defend against them. So that it may ties into what makes it exciting for my job, specifically, as a sales engineer. It's just fun working with different customers, especially on the federal side, especially since I have a background in the federal side. And I know how outrageously slow they can be of things and doing things for its security, a home, trying to educate them on why they actually need to protect our phones, and why oh, we just do email on our phone. It doesn't matter. Like no, it still matters.

‍

Kristina Balaam  09:19

Yeah, that's such a good point. I feel like for the longest time, people haven't realized that they are susceptible to different attacks on their mobile devices. And you know, everyone, I feel like for the last 10 years or so if not longer have thought about using antivirus software on their personal computers. But when you bring up how vulnerable you might be to certain threats on your mobile device, it's like people haven't thought about it, because maybe the technology is still too new. And we're sort of just getting to that point where people are recognizing that it is actually possible to be poned on your phone, and the media is now covering that

‍

Victoria Mosby  09:54

so that's good. But what about you what makes your job so exciting? Just just for click aerification I love your drop. I love to read read Intel, especially with the mobile site. So I think anything you guys put out is exciting.

‍

Kristina Balaam  10:10

Thank you. Yeah, I love it too. I love reading all of the research reports that my coworkers put out, I find them all fascinating. I think what I love really overlaps with what you were talking about with mobile security. It's such a new part of the industry. And there's so much growth here. And I also feel like we're progressing so much toward this kind of like mobile first lifestyle, everyone's always kind of connected to their phones, your phone goes everywhere with you. I read some stat that was like 90% of Americans use their mobile devices for at least some of their internet usage during the day. And we're kind of progressing towards it being like a mobile first internet use, at least in the United States. So from that perspective, there's a huge attack surface that so many people don't realize is actually quite dangerous. And you have this device in your pocket that is essentially the perfect espionage tool. I mean, it could record your audio, your camera, your location, it can detect if you're picking up your phone to look at it, and decide whether it's going to basically activate any malicious activity because it knows you're looking at your phone, and it might just kind of wait to put that off until your phone's sitting down. And it can do stuff behind your back without you noticing. And so it's terrifying, but important that we're we're protecting our customers and protecting users from those kinds of threats. And then it's also quite fascinating from like, a purely scientific standpoint, seeing what malware authors come up with next, because they can get very creative. So I love that I love the problem solving. I love the the constant puzzles that reversing a piece of mobile malware presents. And yeah, so that's, I mean, why I love mobile, specifically, and especially the work that we're doing here. Which brings us to look out how did you how did you end up @ lookout?

‍

Victoria Mosby  12:01

A little serendipitously? I know I said that wrong. But there you go. When I was at FDIC, it's just back in 20 2014, I went to the Gartner risk summit. And I maybe should backtrack a little bit. I've had look out on my personal device since 2007. Since basically inception, so 2007 2008 Because being in security, I'm like, No, I don't I didn't really have much my phone to be honest with you. But still, it's like, no, I know what can happen here. So I've always been a fan of the company and what it was doing. It just seemed like the most logical step of putting something on the device itself. So and then fast forward to 2014. And that's This is around the time when mobile management, mobile device management and BYOD really kicked off from a cybersecurity buzzword for that year sort of deal. So a lot of agencies were looking into how do we handle, you know, mobile devices? And do we let our employees do BYOD I went to the 2014 Gartner conference. And while I was you know, walking in the floor, there was a booth, and it said Look out, and I was like, I know that name and I know that shield. So I went over. And Tim the master who's my current boss, Bob Stevens, current V p of America sales, I hope I got a title right. At one other individual were there they ran a booth and I got to chatting with them and ultimately brought them to the FDIC to do a pilot. Fast forward a bit didn't really go anywhere, the FDIC decided they weren't going to do anything from a device management perspective, or BYOD perspective at the time. I kept in touch with Tim out of personal just, you know, curiosity in terms of what's going on in the realm of mobility because even back then that's kind of where I was leaning. And he and I kept in touch over the next three to four years. You know, just occasionally grabbing lunch, catching up on each other as you know what we've been up to. And he would pass along different information about what's going on in mobile security, different research that's going on things like that. So and then fast forward to summer 2018. I was finishing up a contract that I was working for the Air Force at the time. And this was right around the time, Tim and I were supposed to have our biannual as it were lunch and catch up sort of deal. And he had to reschedule because he had to go to a conference but he was like, Hey, if you're interested at all, we have some positions coming up and the DC office for a sales engineer and Admittedly, I, in the time that I've been talking to Tim, I had expressed the fact that I wanted to get in @ lookout, I wanted to get my foot in the door @ lookout because by that point, I decided mobile security was ultimately kind of where I wanted to go. And Ira new lookout was a company, at least from a consumer perspective, and just, you know, keeping tabs on things. So I thought this place would be a good starting point. And I've thoroughly enjoyed the jobs. It's

‍

Kristina Balaam  15:25

amazing. I feel like that's such a great endorsement being a customer, a consumer, and then you know, liking the product so much that you actually want to go in and sell it. That's, that's very, very cool.

‍

Victoria Mosby  15:38

It's definitely been a fun time. So how about yourself? So I want I understand you actually joined us after a day of security conference?

‍

Kristina Balaam  15:49

Yeah, that Yeah, that's right. I had known about lookout because I went to a local Toronto cybersecurity kind of meetup, I was working in application security, managing, basically Android security for Shopify out of our Toronto office. But I had a really keen interest in malware. And I was doing my own little side projects. And so I knew about lookout from going to these local security events. And I saw a talk that the threat intel team did on dark Caracal, I think it was a product that was giving the talk. And I just thought it was the coolest thing I'd ever heard. I mean, the idea of looking at state sponsored malware, and combining that like love of malware research with, I have a history and political science and foreign policy stuff. I'm really passionate about that. So it was really cool to see those two things combined into like this technical research. And so then shortly after that, yeah, I heard about the day of security events. And I went to that and spent the day with the team and totally fell in love with all of the workshop things that we did, and ended up getting recruited that way. So it was kind of serendipitous as well, actually. Yeah. And speaking of Dave security, do you want to tell us what that is what it's all about?

‍

Victoria Mosby  17:04

Sure. So Dave, security is a as you mentioned before, it is a woman focused, women only conference to essentially celebrate women in it and cybersecurity and honestly in STEM is in general. Lookout actually originally started it back and released the first conference was back in 2017 lockout was the founders of it, we've since partnered been partnering with another firm, secure diversity. And it's very much an effort to get more women involved in cybersecurity or IT in general, to show those women who are interested and just may not know where to start, or those who've been in it for you know, years, like yourself and me that there are others out there and you know, to come together and kind of share what we all know. And to help those newbies you know, get on the right track to you know, figure out where they may be want to go. So this year's released his first iteration of this year's as security will be a virtual event will be on March 23. registrations are currently open, you can definitely find more information at day of Xi caridi.com, the website would have a lot of information registrations are open, honestly, I believe up until the day of the conference. And it's completely free. So go for it. There's no reason not to. But I will caveat in saying that it is women only. So unfortunately, fellas, this one's not for you. But we are also always looking for sponsors to

‍

Kristina Balaam  18:42

Yeah, and it's such a great experience. I mean, I really love this event, because I feel like when you're at a security conference, as women, it's sort of you get lost in the sea of mostly men. And it can be really hard to find other women in the industry to connect with. And especially for like mentorship and stuff too. Sometimes it is really helpful, you know, seeing people who look like you doing the jobs that you might want to do and and that kind of can help you figure out what area of security you're interested in as well. So I mean, right now, it's a great way to connect with other women in the industry or those who are interested without necessarily being able to all be together in person. So it's gonna be great.

‍

Victoria Mosby  19:21

Oh, and the other thing I should probably mention is that just like what happened with you, Christina like we will have there will be recruiters from the various sponsors on site. Secure diversity itself is a recruiting firm, so they will be there as well. And so there'll be a lot of resources available at the conference for women who are looking to get into Intel, Annette and well, maybe Intel. Yeah, definitely. But as you know, cybersecurity it in general, there to help with that. Actually, we have one track that is actually solely dedicated to you know, getting your career started and figuring out what your your pathing

‍

Kristina Balaam  19:56

would be. That's amazing. I think that's the question I get asked At least four times a week on various social media channels so that that's going to be super helpful. So now kind of going back to engineering and in general and being a woman in engineering, how would you describe your experience so far as women in engineering, it's been

‍

Victoria Mosby  20:17

fun, honestly, like, I've had a great time. My personal background, like my degrees, and all that are, by and large moral on the, say, the Policy Governance side that the top level side of, you know, pushing down the letter of the law less doing or executing it. But since, you know, being @, lookout, and being in this kind of engineering role, though more of a sales side, it's been a lot of fun, frankly, I've gotten to kind of really build up my technical expertise, my ability to speech, more technically, and just the people that I've worked with, in general, frankly, I've had a great time. I am. Well, not anymore, actually. One of the few female engineers that we have on staff, specifically, from the sell side, we do have more on the actual back end engineering side as well. And obviously, also an Intel. But like, I've had a great time, everyone's been very helpful, very keen to, you know, work with me to get problem solved. Because I think at the end of the day, in most shops, especially air, it's just all about getting the work done. And you know, making sure we're all successful. So I've had a good time.

‍

Kristina Balaam  21:34

That's awesome. On that point, just you know, about being a woman in engineering and just diversity in general, why, why do you think it's so important to promote this in our field,

‍

Victoria Mosby  21:45

because security is everyone's issue. And I say that kind of making a joke, but also being completely and utterly serious. Traditionally, you know, it's been mostly men that have gone into, you know, a security filter on it field. And it goes very much along the lines of, you know, when you see the news, or you see movies, or things like you see a certain type of individual in that role. So rather you consciously think of it or not, that's what you associate with that role, which is the nice mundane securities that you as you mentioned before seeing other people like ourselves, other women in these roles, is it Oh, no, this is open to everyone. And there's so many different forms and avenues within security that lends itself to, you know, any one's kind of personal interests or personality types, you know, I'm more honestly more of an introvert as a person. But when I'm in my sales role, I'm more extroverted because I have to be, but there are some people who just like, that's not me paranoid. So that way, there's security research, or there, she's back in engineering, where you're not dealing with customers face to face, but it is, it's necessary. Because one, we are being perfectly honest, we're so far behind and so understaffed as a nation from a security perspective. And there's no reason that this should be a man, you know, men's only club for any reason. And you know, women in this field have just as much to contribute, and to, you know, offer new insights and ideas towards as anyone else. That's my two cents anyway. What about you? What do you think?

‍

Kristina Balaam  23:23

No, I totally agree. Completely, completely agree. Yeah, I think it's super important to have different backgrounds and opinions look at a problem from all different angles. The way I kind of think about it, it's a totally different industry. But in the automotive industry, I think about the story where they were creating the first airbags. And quite tragically, the airbags that were, were developed by a team of men that basically created the airbag for the typical dimensions of a man at that time. And so when you had airbags that were deployed around women or children, you know, the specifications were off because no one really thought about who else might be sitting in the car, they came at it, they came at the problem looking at it from their perspective, as you know, men of a certain height and stature and and build and everything like that. And so that was a huge problem. That, thankfully, has been corrected. But I feel like there's a lot of that in tech in general, there are so many different problems that require different approaches and different eyes and different experiences to properly tackle. So yeah, I totally agree. We need we need everybody we can get so it's important that it's not just one group of people. And now you're also involved in the lookout foundation. Can you tell me a bit about your work and your involvement with that group and the types of work that the foundation does?

‍

Victoria Mosby  24:45

Yeah, so the lookout Foundation is a 501 C three, charitable extension of lookout as a whole. And through that we do different grants for We'd like to call random acts of kindness, disaster relief funding in various different projects. So Dave, security actually came out, or at this point is being done through the lookout foundation. It originally started in our internal diversity steering committee. But as it grew, we moved it to the foundation to better support it. And this foundation has three kind of main thematic areas that we focus on. And below that we do various things. But the three areas are women in STEM, data, privacy and internet freedom, and supporting Black communities. That last one is newer. It was a requests specific from our CEO Jim Dolce last year, and we are definitely making strides towards that though it has proven to be a bit more challenging than we would have otherwise liked. But that's not to say that there aren't great organizations out there, it's just been a bit harder for us to kind of sink our teeth into it. But specifically, the women in STEM, for instance, that's kind of where the day of security really sits. And we are, you know, beyond just sponsoring the day of security event, we are also doing you know, other things, some of the other programs that we're looking into, have been around, you know, sponsoring groups that focus on Well, women in STEM care packages, things like that. My personal involvement with the the foundation, I am in charge of the internal communications, which I say internal comms, because that's kind of where we focus thus far, but we will be slowly rolling out to external as things progress. I'm also on the board for the Dave security program, I'm the voting member for lookout with our other partner, and other things they're in. So the foundation is definitely it's a great avenue for lookout to give back. And to put more back into just the community as a whole. Versus just say, you know, selling our product, look out as a company through the foundation subscribes to what's called pledge 1%. That started out of Silicon Valley. But it is essentially tech companies pledging to give 1% of the revenue 1% of employee time, and 1% of product to external causes charitable causes, nonprofits, local, say food banks or disaster recovery relief, different avenues. So we are looking forward to 2021 and doing you know, a lot more than we have in the past and trying to really ramp up and do more fun things. Nice.

‍

Kristina Balaam  28:00

Yeah, you guys do so much important work. It's really great. Now, wrap things up. A last but very important question. Do you have any advice for people of color or for women who are interested in getting into the field.

‍

Victoria Mosby  28:15

So I can give a few pieces on it. Honestly, if you're interested in it, continue with that interest. There are a lot of good books on Amazon. But honestly, we have a local library, a lot of those books can be found through them. I know a lot of them are more virtual now, which is also great, because then you don't have to actually go there and wait in line and hope the books there. Anyway, I have had memories of this anyway, but actually some more actionable advice. If you're in high school, find your say if if you if you have on like a robotics team or your programming teams are things like that a lot, a lot of high schools nowadays are starting to pick up on that and do those more often. at earlier stages, I would definitely reach out even if you aren't in that program, or on those teams reach out to you know, whoever's spearheading them and you know, express interest. If you are out of high school or you're getting towards your senior year, and you are just at all curious, look into different, you know, colleges grow, they be community colleges or, you know, larger universities that have cybersecurity programs, forensic programs, you know, policy programs, things like that, and reach out to the program directors. Or if you can get a name for an actual teacher there reach out to one of the teachers because the fun thing about this is as an adjunct teacher for any given class, you actually have to work in that field and or have that certificate that that teacher is teaching. So they have to have those credentials to actually teach the class. So reach out tell them that you're interested, but you're just not sure where you want to start or you know, you maybe want, if they are open to it, you know, maybe they can mentor you, or they can point you in the right direction. There are a lot of resources out there. And as much as I personally am not always the best at talking to people and networking is key. It really, it honestly, really is, at least especially in those early stages. So I always encourage people to reach out if they can.

‍

Kristina Balaam  30:30

Yeah, I totally agree with that. And one thing I'll say, too, that I know was really helpful for me was reaching out to people that you might be interested in having as a mentor, most of the time, people are more than happy to help, especially because they likely remember what it was like having an interest in this industry and not necessarily knowing who to talk to, I would say that 99% of people you reach out to would be more than happy to give you some advice or their experience or even just tell you what their day to day work is like, and that can really help you kind of figure out what area of tech in general or in cybersecurity that you might be interested in.

‍

Victoria Mosby  31:05

No, you're completely right. I think that's part of the reason. Well, I mean, look at me, I got here because I kept in touch with Tim and he has been a great mentor and just, you know, a good sounding board for different things that I was looking into at the time. So I completely agree with you on

‍

Kristina Balaam  31:21

that. Yeah, absolutely. Me too. The connections that I made through random conferences are they have security, to lead me to look out and even before that, getting into application security, by way of another mentor that that I knew previously. So it's people are more than happy to help. So don't be afraid to reach out. Awesome. That was fun. Thanks for hopping on and hanging out with me Victoria, it was good to talk to you and hear a bit more about your life story. Is there a place for people to get in touch with the Look Up Foundation?

‍

Victoria Mosby  31:51

Oh, definitely. You can reach them look out foundation at committee. @ lookout foundation.com There's also an external web page on our lookout.com page. I think it's just look out.com/foundation Foundation are the foundation. But yeah, we're always happy to chat, especially if anyone has thoughts or interest in perhaps partnering with us for different partnerships or grants and things of that nature.

‍

Kristina Balaam  32:23

And as you said earlier to learn more about Dave security, which is coming up March 23. anybody listening can visit Dave security.com and you can also follow Dave security on Twitter at Dave security. And you can also follow lookout for the latest on both LinkedIn and Twitter @ lookout. Thank you endpoint Enigma listeners for having me as a guest host. Until next time, it's been a pleasure.