What made you choose cyber security as a career?
My movement to the cybersecurity domain was kind of accidental. I didn’t have specific choice in my school days that I wanted to pursue cybersecurity, but I always wanted to be in the tech domain. I happened to be in my first job when I realised my passion for information security and took it very seriously to build my professional career. Security became a thing that was a part of my job. The more domains I worked in with cyber security, the more I understood where I had look for security issues.
I started to help organizations in their overall efforts to secure themselves against malicious actors. I started from roles that were more of an external consultant to global organizations to working in their internal security teams, where I learnt a great deal. Everyone has a different path to follow, and I believe it’s one’s path that leads them to different learning experiences. InfoSec as a career option is no different, but there are few things that, if they had existed then, would have made a big difference. I feel InfoSec communities play a big role in one’s career, as you get to meet, interact and receive mentorship from experienced practitioners in this domain and they guide you to do things the right way. One of the most challenging things in InfoSec is that one needs to stay updated with different areas of technology and their threat landscapes, so learning with a large number of people in communities can make it a bit easier. The turning point came to my career after joining the cybersecurity communities like null, OWASP, and infosecgirls. These communities introduced me to the broader security domain and domain experts.
What are the most rewarding, and most frustrating, aspects of your cyber security job?
The most rewarding part of the job is, one, you get to secure data, information and an organization. Every time you find a new issue and get it fixed in the organization before a malicious actor learns about it, it’s the most amazing feeling. Keeping yourself up-to-date is the key. Someone who has curiosity about every aspect of technology is probably the best suited person. You need to build on that curiosity and spend a lot of time understanding the working of these technologies.
The most frustrating aspect of the job: It cultivates a negative mindset sometimes in our environment, as we have to find to bad things to make sure no one can harm us. The information security domain can be glamorous as well as tiring at times. The key in this domain is that one should constantly focus on how security can be improved by learning and applying the necessary skills. Everything else (career advancement, etc.) falls into place.
—Vandana Verma, security architect, IBM India Software Labs