For our latest Stories From Cybersecurity, We talked to IT professional and cybersecurity enthusiast Samantha Frost @infosecsam . We hope Samantha's story will give our readers greater insight into the varied routes people take to join our industry. Samantha has some great commentary, advice, and tips about the industry and how to get started in your cybersecurity career. Let's take a look.
What’s your journey into cybersecurity? What is it that appealed to you?
I didn’t have much tech growing up. That changed when I got to high school and started using a computer during my Microsoft Office class. And then when I started college, I changed my major 3 times – 2 of them were Criminal Justice and Nursing. Once I realized I could barely pass an Anatomy class, I went back to the drawing board!
Growing up, I’ve always enjoyed the sciences; learning how and why things work the way they do.
So, after some research into different majors, I decided to change to the Networking Specialist program. I made Network Fundamentals my first class to make sure the field was a good fit. I loved it! And I had a teacher who was interesting and made difficult concepts easier to grasp.
We eventually got to the Network Security chapter of the course, and this was “it.” As we began to discuss threats and attacks, my eyes lit up; I was intrigued. I wanted - no, I needed - to know more about security than what a single chapter had to offer. This would be my 3rd and last time changing my major; I became an Information Systems Security student and I was stoked.
Throughout my studies, I was working in healthcare – mental health hospitals, to be specific. I enjoyed it, but at the same time, I was hungry for more. Once I had taken a few IT classes, I added them to my resume in place of hands-on experience and it helped me get my first job as a PC Technician working on an OS upgrade for US Bank locations throughout the Midwest.
I have been working in a Desktop Support role for a large healthcare organization in WI for the past 6 years, but recently obtained my CompTIA Security+ certification and am finishing up a bachelor’s degree. In my spare time, I work on honing my skills in Kali Linux, reading articles on cybersecurity and listening to cybersecurity podcasts. I plan to take these tools and knowledge with me when I obtain a position in the field.
What skills do you think are needed to be successful in cybersecurity?
I think it is important to at least have a basic understanding of networking concepts, as well as technical skills. Of course, an understanding of the security fundamentals is vital, along with being able to stay up to date on new technologies, new threats, and new vulnerabilities. The field of Information Technology is constantly changing, so those who decide to enter it should know that with it comes constant change and the need to learn new things. The ability to adapt is in high demand…and is a necessity for success in this field.
While technical skills are important so are “soft” skills. Knowing how to communicate effectively, work well within a team setting, and be resilient in stressful situations is essential to be successful in this field. Depending on your role in cybersecurity, it can be extremely stressful, requiring a great deal of patience and the ability to prioritize well. It's not all stress though - It's also fun and rewarding!
Cybersecurity is still a male-dominated field. Is this something you see changing in the future? What more do you think can be done to attract more women into the industry?
I believe if we can get more women interested in technology in general, the numbers will change. I think having good female role models in the industry is key. They don’t have to be women you know personally; they could be prominent women in technology right now. We can listen to their journeys, understand their challenges, and watch their presentations. That helped me and still does.
A great cybersecurity group (women only…sorry guys!) is Women in CyberSecurity (WiCys). This organization welcomes both students and professionals; even those seeking to make a career change into cybersecurity. I joined their organization back in 2018 on their website (for a small annual fee), then requested membership of their very active Facebook group and decided to attend their annual 3-day conference in the Spring of last year.
I went by myself and was extremely nervous, but…this is THE most welcoming, supportive and encouraging group of women in technology! The moment I walked in I was greeted, and there was conversation throughout my time there. Attending this conference has renewed the passion I had for security that I had once let wither. I encourage any women reading this to look them up and consider joining.
Can you offer some simple advice to our readers about how to protect themselves online?
The first thing I would recommend is securing your devices. Enable strong passwords – I recommend a minimum of 14 characters, including letters, numbers, and symbols. Use 2-factor authentication, such as having a code sent to an email address or text on your phone. Fingerprint technology is even more secure; if this is available to you, enable it as your method of protection on mobile devices.
In addition to these things, make sure you have an antivirus program running on your devices; this includes your phone! Anything attached to a network is vulnerable to attack and needs to be protected. Microsoft has Windows Defender built-in and it’s free to use, requiring minimal user interaction unless you so choose. When you’re on the go, use a VPN on your laptop and phone, especially when connecting to open, unsecured wireless networks.
This creates a secure tunnel for your traffic to pass through; it may run slightly slower, but it’s minimal and offers much greater protection of your data. One last bit of advice: take care when clicking on links online and in emails. This is how much of the malware out there infects our devices. For example, if you get an email from your bank, don’t trust the email; go directly to their website by typing it in your browser.
If you get an email from someone you know that you weren’t expecting and it includes a link to click, maybe reach out to the outside of the email to make sure it’s real. Social engineering is one of the easiest ways to gain unauthorized access, but if we are vigilant and take these proper measures, we can better safeguard our networks and help keep the intruders out.
Do you have any advice for aspiring cybersecurity professionals?
A good tip for those seeking to enter the cybersecurity field is to view current job postings to get an idea of what skills employers are looking for in potential candidates, then take that information to learn about 1 or 2 of those areas. One that I’ve seen required in many job postings is having experience in or some knowledge of a programming language.
This is one skill that I have yet to obtain, but during research I’ve done on the topic, I have found that Python is one of the more desired languages within the security space. It is also known to be one of the easier languages to learn for those without prior programming knowledge.