Networking, engineering and education | Cyber Work Podcast

Networking, engineering and education | Cyber Work Podcast


– As you probably know,
October is National Cybersecurity Awareness Month and to celebrate, Infosec is giving away a free month of its
Infosec Skills Platform. This is a subscription-based
skills training platform for cybersecurity experts. If you’d like to learn more, please go to infosecinstitute.com/podcast and don’t forget to claim your free offer before October 31st. (upbeat jazz music) Hello and welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down
with a different industry thought leader and we discuss the latest cybersecurity trends, how
these trends are affecting the work of infosec professionals, while offering tips for
those trying to break in or move up the ladder in
the cybersecurity industry. Our guest today is Tia Hopkins, Vice President of Global
Sales Engineering at eSentire. She’s held many positions
in the cybersecurity sphere as well as several adjacent to security. So we’re gonna talk
today about career paths to these positions,
her work with eSentire, and the unconventional start to her career that lead to the place she is now. Tia’s currently the Vice President of Global Sales Engineering at eSentire, where she’s focused on leading the team in providing pre-sales
engineering support. She has held various technology roles including Senior Solutions Architect and Director of IT Services
at service organizations. She is a adjunct professor
for Yeshiva University’s cybersecurity Masters program and a career mentor for Cybrary and Built By Girls. She is a Certified Information
System Security Professional, CISSP, Certified Ethical Hacker, and Certified Hacking
Forensics Investigator. She also holds a Bachelor of Science in Information Technology,
a Masters of Science in Information Security and Assurance, and MS in Cybersecurity
and Information Assurance and plans to continue
her education in pursuit of an MBA in IT management. Tia, thank you so much
for joining us today. – Thanks for having me. – So in our conversation before the show, I was told that you have
a had a really interesting career path. You started out climbing cable poles to install cable before moving
into IT and cybersecurity, into the position you are now, on the sales and
engineering side of things. So tell me about that a little bit. What was the transition
point from cables to IT to security? And were you always interested
in computers and tech? – Yeah, so I think I’ll
sort of back into it. It started with my interest in tech. As a little girl, I think
I’ve always had a bit of a maybe an engineering mentality. When my mom would buy me toys, instead of playing with
them, I would take them apart to see how they worked. – Yeah. – My first computer, I did the same thing. I was 12 years old, got my
first computer, took it apart and also built my first computer at 12 because my mom said, “Put
it back together or else.” So (laughs) that’s kinda how that started. – Right. – But that forwarding to sort
of, I guess you could say, my start or breaking into the space. I was working for what was
BellSouth at the time in Miami and it was when the big
transition from dial-up internet to high speed internet, which
was DSL, back when it started. So there was a bit of a, I would say, gap in terms of phone service
technicians that wanted to do that work because
there was some hesitation or, you know, lack of belief
in the viability of it, et cetera. So that’s where I had the
opportunity to get my start. So while I was working on
the phone side of things, when you install an internet connection in someone’s house, especially
when it’s high speed, they wanna know, hey, how can I get this
on more than one computer? So that’s how I sort of got
started in the networking space. I got to a point where I was kinda tired of not being able to
answer those questions. How do this that? How is this network, How do I get wifi? What does this mean? So I started to do some
research on my own. Coincidentally, it happened
to be a point in time where I think we were
going from I wanna say maybe Windows 98 to Windows Millennium and people were getting faster computers. So I was able to get like
four or five computers from a Goodwill or something like that, put them all networked in my home and just labbed it up and
played around with things. And my interest really
took off from there. – Oh, that’s great. So, okay wow. So you really learned by doing then. Like you say, you had to
reassemble your first computer and then in terms of learning networking and security and so
forth, you were literally working at home on your own, sort of a lab of your own creation. – Yeah, I mean. One, because I really
didn’t know what type of training, et cetera,
I should be looking for. And two, back then I couldn’t afford it. So it was just, you know,
lab it up and figure it out. – What years would this
have been, roughly? – This would’ve been early 2000s. – Okay, so yeah and at
this point there wasn’t… I don’t feel like that security
and that side of things was as prominent, in terms of, like, you didn’t have these huge
dedicated security departments and stuff. So you were really kind of
on the cutting edge there, in terms of learning some of that stuff. Networking and whatnot. – Yeah, I guess that’s right, I probably was. If I remember correctly,
I think the big draw or the thing everyone was
going after at that point was the MCSE. – Right, okay, yeah. Yeah, there’s a lot more
in the space since then. (Tia laughing) So procedurally speaking,
like how has the industry changed around you in that time? Since when you first started. What are some of the
big changes that you’ve seen since then? – Yeah, I mean, just going
back to the whole MCSE thing, I think Microsoft was just
sort of making a splash and getting big into the service phase and becoming larger in the
enterprise, so to speak. But at that time I didn’t
really have enough experience to follow that trend. So I really enjoy what I was
doing with the phone companies, installing internet, which
eventually turned into networking because I learned more about
the physical side of things instead of the logical side,
which would’ve been the path I would’ve gone down with Microsoft. Which really helped expand my
networking mileage in general. I still tell people today, even though the industry has shifted to more of a focus around security, we’re still following the data. So understanding how data
moves is very important. And I think that’s one
thing that has not changed. Data will always move the way data moves. You may have to take different
things into consideration in terms of how you
secure it, for example, the shift from, “Hey,
I’m good with a firewall “and an antivirus because
all of my employees “are inside this building.” To now you have borderless
networks where they’re everywhere and they’re using their own computers and checking email on their phones. So the considerations are different but at the foundation of
it, at the base of it, data is still moving the way data moves. And that’s really where I got
my start understanding data. And I’ve had several bootcamp
instructors, professors, tell me that when studying
for certification exams or trying to understand content, the fact that my background
was in networking cuts my study time in half. – Yeah, absolutely. And we’ve heard that so many
times on this show before that, you know, if you wanna
know how to secure a network, you need to know how to make
a network and work a network and so forth. – Right. – Could you walk me through
some of the key points of your career? What are some job changes
or experiences you had or skills that you learned
that helped move you forward in each new phase of your
career, up to where you are now? – Sure. I think I was really
fortunate to come into my role with the phone company as a DSL installer instead of just a phone technician because that was sort of a
natural bridge into computing and networking. So that role allowed
me to go full-time into like a CIS admin role. It was really, I don’t like
to use the word “grunt work” but I really was like a
tunnel rat in New York City, just running around in different offices, finding desktop icons,
running network cable and things like that. But it was really good
experience in terms of helping me understand how to work with users, how to solve problems,
how to troubleshoot, how to maintain expectations
and things like that. From there, I transitioned
into my IT director role. I spent many years doing
networks, system support, but throughout all of this,
I’m still doing my own labs, studying for certifications,
trying to keep up with what’s going on in the backend, at this point I haven’t
had any formal education, I hadn’t gone back to
school yet, et cetera. So when I moved into the IT director role, I had the experience of handling customers and also building infrastructure,
planning infrastructure, things like that. What I didn’t have was
the business side of it. How am I having conversations
around return on investment and how am I contributing
toward lowering cost or being more innovative,
things like that. So those were things that I learned. But I got to a point when I was doing that that I felt like I was kinda
starting to do the same things over and over and over again and I wanted to help in the business that I was working for grow. And I felt there were
three areas just based on where the industry was at the time. I would say that this was
around maybe 2006, 2007. Maybe a little later. But at the time, my thought process was: we can either focus on cloud,
we can focus on security, or we can focus on DEV. DEV was out for me because
coding has just not ever been something that I picked up. But I thought to myself,
well, how would I focus on the cloud when I’m dealing
with environments on Prim that are probably not as
secure as they should be. – Right. – And if I move them to the
cloud, it’s gonna only increase the attack surface. So maybe I should place my focus on securing the environments on Prim. And so that is when I went back to school and I started studying
for my CISSP, my Security+ and all those things. Because I wanted to understand,
okay, what’s out there? What am I gonna come up against? What don’t I know? And that just lead me to
falling in love with security. And the company I was with at the time unfortunately didn’t
have a focus on security so that is what lead me to
the path of the solutions engineering jobs with other organizations because it allowed me
to focus on security, playing around with different tools, understand pain points in the space. And I also really, really enjoy consulting customers, as well. So while it’s mostly in a pre-sales role, it doesn’t feel like pre-sales because, at the end of the day, I’m
still solving problems. – Right, yeah. You really are sort of
right there on the ground and sort of mapping the space out and finding out exactly what they need. You’re not just delivering product. – Right. – Yeah, so… You said, you know,
before you could do that, you went back to school and you got some of these certifications
and you learned these different technical aspects. Can you sort of tie those
two things together a bit? Tell me what, for instance,
like, the CISSP or the CEH, what you needed to learn from
those to do what you do now as well as you do. – Sure. So I started with the
Security+ and I recommend that to everyone. Individuals that don’t have
a networking background, I recommend. Even if they don’t take the Network+ exam, to go through the content
because I think, again, it helps to understand how data moves. But I did do the Security+ but after I got my Bachelor’s degree. So my thought process behind getting my Bachelor’s degree was I was already at a management level and when you look online and you look for job descriptions, et cetera, at the management level,
most of them require you have to have some sort of degree. And I had just been sort of
labbing my way through life. – Right, right. – (laughs) If you wanna
call it that, right? Just landing opportunities
because of what I knew just not what I was formally educated on. So I felt if I was going to
get the respect that I wanted, in terms of applying for these jobs, that that was just something
that I needed to do. So I went through that
and I actually got bit by a bit of an education bug. – Okay. – You know, but people like to say to me, “Oh, you love school.” I’m like no, I don’t really love school, I really don’t like the process. I just love the outcome. – Yeah, like learning. – Yeah, I actually got my Bachelor’s and both Masters degrees without stopping. I didn’t take a break. And I also worked on the
certifications as part of that. So the idea behind that was if I’m gonna move into this new space, I need to understand
the conversations that the professionals that are in
the space are already having. What are they talking about? What do they mean when
they say certain things? And in addition to that, to help guide me. Because I didn’t have a
mentor or anything like that at the time, to help guide me. I was really just using… I don’t even think LinkedIn was
really a big deal back then, I was mostly using things
like Monster and Indeed, looking at job postings and saying, “Hey, this looks like a job I might want. “What’s listed here that I don’t have? “And let me go get it.” And I was, that’s sort of how I
pulled all that together. And so, again, I started
with the Security+ but as I continued to do
research and see what folks were focused on, I moved into the CISSP and then on and on from there. – Okay. Okay so let’s talk a little bit
about your current position, you’re a, you know, you say a
security solutions engineer. So can you tell me a little bit
about the sort of parameters of your job? Like are you kind of on call all the time? Do you keep steady hours? Are you in the office at a certain point? Do you work from an office? Do you work from home a
certain amount of time? Like what are… Like if someone wants this type of job, what can they look forward to? – Sure. So, being in a pre-sales
role, and technical pre-sales, I absolutely love it. Let me just say that. But being in a technical
pre-sales role, it is sales. So typically what you’ll
find is that you’re paired with a sales rep and you’ll be responsible for a book of business within
the specified territory. You’ll find a mix between
whether you’re working from home or in an office. My job prior to the one I
had now was fully remote because the organization
was based on the west coast and the sales team was just
distributed across the U.S. and I supported the east coast. Now, I have the option to
go into the office or not. But I tend to go into the office anyway. But a lot of times I’m on
site, talking to customers, which is something that you
can expect in these meetings, right? You wanna have meaningful discussions and I think there’s something to be said about sitting down in
someone’s office with them and looking them in the eye and having a conversation
with them about what matters over being on a WebEx
and not being 100% sure whether you have their attention or not. But the role itself could
be either of the two. It could be a lot of WebEx
or Zoom meetings, et cetera. Or it could be on site meetings. Now, the pre-sales engineer
role kind of varies in terms of responsibility. You’ll find organizations
where the pre-sales engineers are responsible for just doing demos or leading proof of concepts and it varies from there
all the way up through the solutions engineer being fully engaged in the sale cycle with the sales rep. Which is what my role is like now. So we partnered the full way through, we have our conversations
with the customer together, we discuss the solutions
that we’re gonna present, and then I would be more responsible for the technical enablement around that, helping the customer to understand
how it’s gonna integrate, how it’s solving the problem,
and things like that. And how it’s gonna work from
an operational perspective. – Can you sort of walk
me through like a sample, like it doesn’t have to
be based on a real case but let’s say like you’re
starting a new case with a new client. What are some of the things
that they’re going to… What are some of the problems
that they’re gonna ask you, in tandem with the sales person, to solve? And how do you use your
skills and your background and your study knowledge
and whatever to facilitate these solutions for them? – Yeah, sure. That’s a great question. So what I find, most of
the time here at eSentire, is that the customers or
prospects that we’re speaking to are overwhelmed with
the tools that they have in their environment, right? I mean, cybersecurity
is a very complex space, there’s tons of vendors,
there’s tons of tools and tons of categories. So security practitioners are, I mean, I’d go as far as to say burdened, with figuring out which
tools are the best fit for securing the enterprise
that they’re responsible for. So when we talk to customers, it’s because they’re
overburdened with alerts coming in out of tools, they don’t really have a big enough team to fully focus on
security, but they’re aware of what’s happening in the wild. All the attacks and threats,
relevant to their environment. And at the end of the day,
they just wanna be able to sleep at night and know
that their organization is protected. So that is the service that
we are offering to them. Being able to monitor their
environment for them 24/7, hunting for threats and responding
to them on their behalf. So when you get into those discussions, where my experience becomes
relevant is being able to have conversations around what’s going on in the threat landscape, being
able to establish rapport by being familiar with
the tools that they have in their environment, how
they integrate the areas that they cover, the gaps that they leave. And then also being able
to provide a bit of thought leadership based on my
experience, you know, conversations with other customers, articles that I’m reading,
research that I’m doing, et cetera. So it’s all relevant. I think probably the
biggest component for me is being able to establish rapport because once you speak
to a customer or prospect and they feel comfortable that you know what you’re talking about,
then they feel more comfortable talking to you. And I think technical
sales in the security space is a bit challenging when
compared to other spaces. I mean, just to throw
some things out there, like selling storage
or something like that, because if someone were
to come to your house and knock on your door and say, “Hey, I can help you
fully secure your home. “But first, you have to tell
me all the way I can get in.” You’re gonna be a little
hesitant to do that, right? So you do have to earn a bit of trust to enable you to get
the information you need to design the right solution. – Okay, so along with… Yeah, obviously, communication skills and the ability to, as
you say, develop a rapport with your clients, is a
huge asset for someone who would want to get into this sphere. What are some other… Are there other soft skills
or other even hard skills that are really, really
crucial if you’re gonna do this kind of work? – I find that the hard skills,
the more technical skills, are probably easier… Am I saying the right word? I’ll go with it. Easier to come by than the soft skills. Because you can read a book, take an exam, watch some videos, right? To absorb that content. But I think combining a
strong technical acumen with a good sales skill
set is challenging. Because I think me and– – Yeah, it’s not common. – Right, yeah. So being a good sales
person is a combination of a strong technical background
so that you can establish a rapport that will allow
the audience to listen, but once they’re listening,
you have to communicate in a way that’s gonna hold their attention and make them continue to listen. So I think important soft
skills are a little bit of the ability to communicate, but in order to communicate effectively, you have to have
incredible listening skills so that what you’re saying is
relevant to what you heard. Some of the feedback that I give, individuals that I speak to, is that you have to listen to listen. Not listen to respond. Because if you’re listening to respond, then you’re already formulating
what you’re gonna say in your head. And if you’re thinking
about something else, you’re not really listening. And it can be that minor
detail that you miss that could be the differentiator
in a conversation like that so that’s critical for me. And then, you know, a
little bit of charisma doesn’t hurt either. – Sure, absolutely. – (laughs) And being able to read a room– – I wouldn’t know but I’ve
heard good things (laughs). – Yeah. – So can you give me an example of a time where you really had to listen to listen and someone was sort of giving
you clues into, you know, something very difficult
that they were looking for that might not have been otherwise caught by the salespeople? – It’s usually, It’s usually a technical concern. Because when you’re in a
meeting with your sales rep, the two of you are listening. You have the same goal
but you’re listening for two different things, right? A sales rep is gonna be
listening for buying cycles, challenges around getting signatures, how soon are we getting this deal done, is anyone going on vacation, right? I’m listening for what’s the problem that we’re solving here
that’s gonna get you to sign? So we can worry about who’s
gonna be in the office. – Are you gonna be
satisfied beyond the point when you sign the line. Yeah. – Exactly, right? So, you know, challenging
discussions come into play I think for me, when you have an organization that thinks they have it handled themselves. Like their internal
program has it covered, I’ve got resources, I’ve got tools, and you have to do a bit of
evangelizing and educating. Evangelizing to help them
understand the service that you’re offering
and how it helps them, not takes away their responsibility. Because that’s a concern as
well with any organization that’s looking to partner
the team that’s currently responsible for what you’re augmenting has concerns about, well,
where’s my value gonna be? So, you know, ensuring them
that that is not a concern. But then also paying
attention to the technical challenges that they have, listening to the tools that
they told you they have so if you heard something in the news about one of their tools… Like a couple years ago,
Cisco had some issues with a lot of security advisories
around their ASA products, granted, it’s end-of-life but customers are still using them. So when customers would
mention things like Cisco ASA, I would jump in and
have discussions around hey, are you aware of X, Y, and Z? And a lot of times, I’ll get, “No, I didn’t know about that.” So that’s my way in to educate, further establish rapport. But I think when you get
into challenging situations, you don’t push back, right? You don’t wanna tell a customer
that their baby’s ugly, you just wanna (laughs) you wanna find another way to penetrate, get them to open up a bit, and then kind of come
back around the corner with the point that you’re trying to make. – Okay. I feel like I know the answer
to this question already but is this type of pre-sales
security engineering, this is probably something
that’s not something you would be able to do freelance, right? You’re mostly gonna be hired by a company that needs this type of service, right? – Right. Because you’re gonna be selling
a service for a company. So you’re either gonna be doing
it for the company directly or you’ll work for a
partner of that company and sell it along with other
things for that partner. – Okay. A lot of the career tracks
we talk about, you know, some people do them freelance, some people do them for a company, and I just needed to ask that. So to that end, if
someone’s looking to get your type of job, not your
job necessarily, but you know a pre-sales security engineer
solutions type job like where would they… I guess, what would they
need to do in advance of that in their life and in their
career to make themselves desirable to a position like this? And then what types of companies
would they be looking for to try and find something like this? – Sure. I think it’s a combination of
a solid technical background and great customer service skills. Because I think customer
service is a great umbrella for the listening and
making sure you’re solving the problem and setting expectations. All the things that make for
an amazing sales experience so to speak. But if someone is just starting out, I would heavily, you
know, strongly recommend a focus on doing it first. Because once you’ve done it,
you can speak to it, right? So not necessarily a security
operations center analyst or anything like that, but maybe a firewall administrator
or an endpoint analyst. Just something within a security team or that has a security focus that helps you understand the problem outside what you would
read in a book, right? So you can tie it back
to the business value. So you know the pains of
deploying and managing solutions on your own because that’ll drive those
conversations as well. Granted, you can get
through the discussions just having the technical
knowledge, right? But I think you’re able to
connect at a deeper level when you’ve actually
experienced what the person you’re speaking to has experienced. So definitely would recommend, before trying to jump into the space, having a bit of hands-on. Or even, you know, labs. You don’t have to… If someone said, “Hey. “I don’t really want a job as an admin “I wanna go right into this.” As long as you’ve done it
and you can talk about it then that’s okay as well. And then on the customer
service side of things, I just happened to be fortunate
to have a blend of jobs that just makes this work for me. All of my roles, technical or not, have been customer-facing
in some way, shape, or form. Started out working for the phone company, I’m knocking on peoples’ doors, talking to them about what I’m gonna do, drilling holes in their house, et cetera. I also had a job way back
when with Verizon Wireless in technical support,
solving customer problems. You definitely have to
listen when someone calls tech support for Verizon Wireless. They’re definitely not
calling to tell you how happy they are, right? – No, and they’re not in a frame of mind where they wanna tell you
cogently what the problem is. – Right, right. – You have to decipher
some yelling, possibly. – Yeah, yeah. – So to that end, you know,
obviously there’s a bunch of different types of
positions you can do in advance of a job like this. But, you know, would you recommend… The search that you got, you said that you were kind
of addicted to learning but do you think that someone
trying to get into this sphere of the industry would need a CISSB or a CH or a Security+ or, you know, was that just a little overkill? – I mean, I think everything
I have is probably a little bit overkill. – Okay. – But I would say, given that
the industry is picking up in terms of just the cyber skills gap being plastered everywhere and we need more resources and now you’re finding
more and more schools with cyber programs
and boot camps offering a quick path to getting certification. The key, for me, is how are you going to
differentiate yourself? It is important to
validate your experience. So I tell everyone yes, get the Security+. One, just to validate
that you know the space but two, make sure it’s
what you wanna do, right? From there, you know, I’ve
been on forums and things where someone will say, “Hey, what certifications should I get?” And I’ll see, “Get your Security+
and then get your CISSP,” or this or that. My question is always,
“What did you want to do?” Because if someone says to me, “Well, I wanna be a
pre-sales security engineer “or solutions engineer.” I’m not gonna tell them to
go out and get their CEH because that’s relevant
to a completely different type of job. – Sure. – But I will say, if
you’re looking to work with an enterprise-level organization that’s talking to enterprise
customers about securing their organizations,
then something like CISSP does go a long way, right? It just establishes that… One thing with the CISSP
is you can’t be officially certified unless you can
prove that you’ve been working in the industry for five years. So that goes a long way. If you have that, automatically
you’ve been doing this for at least five years. So is it helpful? Yes. Do I think it’s needed? It’s not but you really
have to be a rockstar to overcome that because
there’s gonna be so many other people that do have it. – Okay, now so… Let’s sort of flip to the other side to sort of the HR position. One of the things we talk
to a lot of folks about the skills gap and, you
know, while there is clearly a skills gap and there
is clearly, you know, there are a lot more positions out there that need qualified people than there are qualified
people to fill them. One of the issues that we’ve
heard time and time again is that HR departments have this tendency to sort of overload the
requirements for the position and they basically want
this unicorn candidate that’s got, you know, 10
years with a certification that’s only been out for
five years and, you know, all these other things. So I’m not sure if you
do any hiring yourself but like if you were to
look at a resume for someone who would be a colleague or someone who would work under you, what are some things
that you would wanna see either in experience or in
certification on their resume that you think would be
both useful to whittle down candidates but wouldn’t
be excessive in the sense of, you know, “Well, they
don’t have this Masters “and they don’t have this Doctorate,” and what have you? – Sure. So for me, I think a resume is
a really high level overview of who an individual really is. There are some things that
I look for like, you know, do they have network experience? How long have they been
in the security space? Where in the security space
have they been, right? Because I can’t just say, “Send me a candidate that’s
got security experience.” Because if they’ve just
been in risk and governance, there might be more of a learning curve coming into something that we’re doing, when you’re talking about
threat hunting, right? But if you’ve got a candidate
coming from endpoint security or a SIEM environment or network security, it
translates better to what we do just based on the services that we offer. And so, to your comment,
I do do some hiring myself and I have seen resumes
out there where they want somebody that’s got
security certifications but can also code, and by the way, we probably want you to build our website on your day off next Saturday. – Right. – And to those, I say, either they’re paying these individuals an astronomical amount of money or they’re just looking
to see what they can get. And I think the latter is true. So for me, when I put a
job posting out there, I think it’s really
important to be descriptive of not only what the
job is going to require, but what your background
needs to look like in order for you to be successful. And it has to be relevant to
the job that’s gonna be done. I can’t imagine that
you’re gonna have someone writing your code and securing that code. That’s just not good
business practice in general. And I wonder with the HR thing, is it that inexperienced
individuals are writing these requirements? You know, how much input
does the hiring manager actually have? Because I don’t think that
jobs requiring all these things that are listed in these,
I guess you could say, bloated job postings, I don’t think they’re real positions. – In what sense? You mean that they’re probably
planning to hire internally but they’re just trying
to find a unicorn anyway? – Yeah, probably a little bit of that and then yeah, let’s just
see if we can find a unicorn, let’s see if we get lucky. I just, in terms of I
don’t think it’s real, I don’t think that that’s
what the job really requires. – Yeah. – That’s probably how
I should’ve put that. – Okay, so and, I mean, there’s a really
interesting point in there. You said, I think it might
be worth noting for future… if HR people are listening to this, that making sort of, angling your description
of your job description more towards what the job is going to be and what, you know, almost in a text way, what your experiences, I’m looking for people who
have done this, this, and this. Rather than the usual
list of certs, you know, degrees and things like that. Have it almost more sort of like if we want you, this is what
your history looks like. Something like that. – Right. – Yeah. So in your biography, it mentions that you are a career mentor for Cybrary and also something called Built By Girls. Can you tell me a bit
about Built By Girls? – Yeah, sure. So I was referred to the
program by a friend of mine. I coach football as well, so
she I met on the football team and she was involved with Built By Girls and referred me to them. They basically offer a
mentoring program for girls looking to get into tech. And so the way it works
is they will assign you… They have cycles. I think they’re three month cycles, they’ll assign you a mentee, you meet up, you have a profile of what they’re interested in,
where they wanna go, and then you meet up, talk to
them about your background, et cetera. You can give them projects,
just anything that will help them further their knowledge, understand the job market, get connected. I actually think one of the requirements is to get them to network with two people in your network, just to help them along. The age group is, I think
most of them might be either high school graduates
or close to graduating high school. At least in high school. But what I like about it,
which scared me at first, is that I am paired
with individuals outside my expertise. – Okay. – So when I, yeah, when I
signed up for the program, I thought for sure that I
would get paired with a mentee that was looking for
someone in cybersecurity. Instead, I was paired with an individual that was interested in development. So, you know, back to
my point about coding. I reached out and I was
like, “Oh my goodness. “I’m not gonna be able to
help this candidate at all.” Right? This was my first match. So they explained to me
that they do it on purpose and that’s so that the mentee
can just get a broad range of knowledge and experience
from the different mentors that they speak with. So even though this individual
is interested in coding, there is still a security element to that that they should be
aware of and considering and I thought that was brilliant. So I really like the program. – Do they sort of rotate
through several mentors over a period of time? – Yeah, so you get assigned a mentor, it’s a three month cycle, and then you get assigned a new one. So I’m coming up on the end
of the cycle that I was in. I think I’m actually due to
get a new mentee assigned in a couple weeks. – Okay, and for the mentees, on average how many mentors do they get? Like is it their last year of high school or last two years or? – They get one at a time and I believe, I hope I’m not mistaking this, but I think they go through
the program for a year. So they might get three or four mentors. But I don’t think they
ever kinda get pushed out, obviously they build relationships
as they go through it and if they wanted to
continue, I’m sure the program would allow them to. – Okay, so we’ve talked to several women in the cybersecurity industry
and in industries adjacent about your experience of being
a women in what is clearly a fairly male-stacked
industry or whatever. Things like Built By Girls
are obviously a great way to start moving towards
gender parity in the industry. Do you believe that… What are some other
solutions do you think? In terms of sort of building the bench, in terms of getting women not
just into sort of entry-level tech positions but moving up the ladder into leadership positions and so forth. – Yeah, I mean I think
mentoring is a start. You know, there has to
be some sort of guidance. I was fortunate to just be able
to figure it out on my own. But I think also representation
is very important. Because you can mentor
an individual and say, “Hey, here’s the steps to
take to go through it.” But it goes a long way to see
someone that looks like them doing it as well. You know, that just adds
to the confidence level. So while I haven’t had… I’m a bit of a, I don’t know, I guess you could say I’m
a bit bullish (laughs). I just, you know, I want
that, I go after it. So I haven’t had the sort of “Oh, I’m a woman in this
male dominated space.” I’ve never had that mentality but, I mean, I’ve also not had experiences
that make me think that way, fortunately. I just represent myself as
qualified and I get the role or I don’t, I just put on
the best version of myself that I can. But I do think that there’s
a huge gap in this space and I’m involved in several
organizations in an effort to get more women in the space. Actually, one of my students
approached me in class the other night and said, “I wanna talk to you about my career path. “I wanna figure out what I wanna do. “And I need you to help me
because I need to understand “what roles are out there for women.” – Right. – And I paused and I said, “Well, everything’s for women.” And (laughs) she kinda looked at me and she couldn’t believe I said. And I said, “No, I’m serious
and literally nothing “that you can’t do if you wanna do.” But then I told her that
we should continue to talk. But I was a little taken aback
that she thought that way, that there were certain roles
that she should focus on based on the fact that she was a woman. So I’m obviously involved
in Built By Girls, leading Cyber Ladies is another group that I’m involved in. You know, we put on seminars, panels, so I think that’s a
great way to reach out. So I haven’t really figured
out beyond mentoring and just sort of leveraging my platform whenever I have the opportunity to speak in terms of just being a representative of yes, this is possible. I haven’t really figured
out what to do beyond that but if someone does, I’m on board. – Yeah, no it’s… It’s a big task, obviously. So I’m always looking for new solutions. So can you tell me about your, what you do as a teacher? What class do you teach? What types of students? Is it high school level, college level? – Sure, yeah. So I teach network and data
communications security as part of the master in cyber program at Yeshiva University. So I’m an adjunct there. – Okay, so as we wrap up today, can you tell me a little
bit about eSentire and some of the projects your
organization’s working on at the moment? And also how our listeners
can reach out to you and/or eSentire if they wanna know more. – Sure. So, you know, eSentire’s
a manage detection and response company. I think we could be most closely compared, from a recognition perspective, to managed security services providers. Our approach is a bit different. We’re not relying on log data, et cetera, like the traditional MSSP model is. We take a bit of a different approach and we are actively hunting for threats for our customers, 24 by 7. And then taking it a step further, not just sending them an alert
and letting them deal with it when we find a problem, we’re actually solving
the problem for them. So containing the threat
so that when we reach out, it’s not to say, “Hey, the
building might be burning down.” It’s just, “Hey, clean up on aisle six.” And let’s make recommendations
on how we can prevent this from happening going forward. So it really is a holistic
approach to security in general because we’re that last line of defense where your technology
fails because something was not configured properly or
it’s end-of-life, et cetera. When an attack gets into the environment we can pick it up, but that also allows us to say, “Hey, here’s
where you need to focus “or expand into your environment.” And we can make
recommendations, et cetera. So, I mean, we’ve been doing
this for a very long time. In terms of things that we’re
focused on going forward, we have recently announced a partnership with Sumo Logic to
introduce a SIEM platform that’s cloud-based. So that gets us into the cloud and able to protect things
like Office 365, AWS, Azure, things like that. So currently we have a pretty heavy focus on where we’re going and
what that strategy looks like in the cloud. – Okay, and it’s esentire.com then? – esentire.com, yeah. E-S-E-N-T-I-R-E. – Okay. And, again, what college
was it if people wanna take networking from you? Where would they– – (laughs) Yeshiva, Yeshiva University– – University, that’s right. Okay, is that yeshiva.edu or? – Yeah, it’s yu.edu. – yu.edu, okay, very good. Well, Tia, thank you so
much for joining us today. This has been really educational. – Yeah, thank you so much for having me. – Okay, and thank you all
for listening and watching. If you enjoyed today’s
video, you can find many more on our YouTube page. Just go to YouTube.com and type in “Cyber Work with Infosec” to check out our collection
of tutorials, interviews, and past webinars. If you’d rather have us in
your ears during your workday, all of our videos are also
available as audio podcasts. Just search “Cyber Work with Infosec” in your favorite podcast
catcher of choice. Also, in honor of national
cybersecurity awareness month, Infosec is offering a free
month of its Infosec Skills subscription-based learning
platform to listeners of this podcast. Just go to infosecinstitute.com/podcast
to learn more and be sure to claim your free
month before October 31st. Thank you once again to Tia Hopkins and thank you all for
watching and listening. We’ll speak to you next week. (upbeat jazz music)

Leave a Reply

Your email address will not be published. Required fields are marked *