By Mandy Huth
Respect comes from listening to and understanding others and their context. I have seen a lot of writing about diversity and how to increase inclusion; much of it seeks to create situational awareness and recommendations on how to make it better.
In that spirit, I believe a day in my life may produce further understanding of the challenges we face and how we might overcome them.
6:00 a.m. – I go to my home office to check for urgent emails and make sure my East Coasts employees are underway with their daily objectives.
>This is a pretty normal, if a bit early, start to most people’s days.
6:30 a.m. – I make my three children breakfast and sit down with them for about 15 minutes. When reviewing my schedule, my daughter pipes up and says, “You have to travel again? How long this time?”
>Travel is a requisite for many in the information security industry. Because it is evolving so rapidly, whether it is business meetings to ensure business owner alignment, training and conferences, or speaking at one of these events, it is our responsibility to move the needle as well as stay up to date on the industry.
8:30 a.m. – I walk into a vendor demonstration on behavioral analysis and am the only female in a room of about fifteen. It is a very engaging dialogue and I really get into the discussion. As I walk out, I receive a compliment, “Wow. You really knew what you were talking about in there.”
>I am certain that it is a compliment for my engagement in the discussion versus being surprised that I might know a thing or two about security. I think InfoSec professionals have equal pressures in this area, having to step up and show their “chops” based on the explosion of people getting into security who don’t really have the practical experience yet. It is our job to teach them.
11:00 a.m. – I have a conversation with my European intern about his current work tasks. He asks me if he can create an infographic and if it’s worth trying a downloadable podcast. I absolutely adore (and encourage!) my millennial’s ideas.
>There are all kinds of conversations going on about how to engage, leverage and retain millennials. I highly recommend this 15-minute video by Simon Sinek; it was eye opening.
1:30 p.m. – I review plans to strengthen my team and bring in new talent. I’m thinking about the diverse set of experiences and perspectives it will take for this team to be successful. Deciding what your core needs are and mapping that to correlating attributes is the way I approach it. And given the talent gap that our industry is facing, I’m considering which attributes can be taught or nurtured on-the-job versus which cannot.
3:30 p.m. – I am back working in my home office waiting for the children to come home from school. I am working on the Vulnerability Management process and how to automate more of the patching on our systems. One of my sons comes into the office and asks what I am doing. I show him some of the system information that I am analyzing and he says, “Wow. That is pretty cool. How do you learn to do that?”
>One of the victories in my job is that it’s right in line with what interests my sons. They may like video games, but the underlying code and process interests them, too. Having a conversation topic that is mutually interesting is a great way to start a discussion with them, even on rough days. Teaching them how to get into security is an added bonus.
6:30 p.m. – I jump on a call with Asia Pacific to ensure that their encryption project is going as planned. They have some obstacles with a package pushing because of latency, but otherwise, they are okay. I will need to follow up with the network team to determine if there is anything that can be done to assist.
>Collaboration across all business units, both inside and outside of IT, can be a challenge since we all have varying priorities. However, the relationships are worth the time and I have become the security advisor for our company. When people aren’t sure, they ask me, and that is a great first step in ensuring that we are leveraging the security practices that make us safe and fit our business.
8:30 p.m. – I go to tuck my pre-teen daughter into bed. Before she gets into bed, she asks if she can show me a new website she joined to load her art onto and I say, “Sure!” We proceeded to talk about strong passwords and what was appropriate to load onto that site. Then she shows me some of the graphic art she has been creating with some software that we purchased for her at Christmas. Wow. She has done some incredible drawings with shading, light and immense detail. I ask her how she likes working with the computer versus drawing by hand. She says, “Mom, I like drawing by hand, but I have been watching others and learning and I really like graphic art. I can zoom into the pixel level and adjust the shading much more precisely than with my colored pencils.” I smile and kiss her forehead goodnight.
>I know that even though she doesn’t like my traveling (I leave in the morning), she knows that I am happy with my work, challenged each day and that I can do whatever I put my mind to. She is learning what I am trying to teach her.
Respect. We all want it but it has to be earned. And you earn respect by listening to others and creating understanding. All InfoSec professionals do it. No matter your experience, age, gender, race, religion or sexual orientation, you have to get out there and be willing to put in the focus, the effort and the time to prove that it matters.
In the end, it is the journey that matters most. For me, being a female in information security is a wonderful experience. I thrive in the daily challenges and strides the industry makes, question things when they don’t make sense, and seek to build relationships that matter. People. Process. Technology. It doesn’t get any better than doing that in the InfoSec world.
About Mandy Huth
Mandy Huth, CISSP, is the Director of Cybersecurity at Belden, Inc. She is responsible for the company’s cybersecurity strategy and execution, including security for IT and OT in manufacturing. She joined Belden through its acquisition of Tripwire, where she served as Head of Security and Technology.