Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/12/2020
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Back to the Future: A Threat Intelligence Journey

Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.

"If you could go back in time, what advice would you pass on to your younger self?"

When a friend recently asked me this, for a brief moment the question gave me pause. It prompted me to reflect back on my first steps fighting cybercrime and a feeling that followed me at the start of my career and morphed over time. I remember thinking: Will I fit in?  

Straight out of college, I took a job matching "technical wizards" to their dream jobs, a process that jump-started my intrigue with technology and ultimately led me to my own dream: becoming a threat intelligence analyst.

I had no prior background in cybersecurity — or technology, for that matter. My only experience with information technology was losing my college essays to computer or user error. But I was on a mission: I experimented with Web development, tinkered with database administration, and, fast forward a couple of years, I had a master's degree in IT and landed a job with a security company on its vulnerability database team.

As I was about to embark on my first steps in a male-dominated industry, I also realized that in taking this job I would be the only woman on the team.

Would I fit in?

I realize today the palpable impact that lack of female representation in the threat intelligence community had on me 20 years ago — it hardwired me into questioning myself. At the time, I could count on one hand the number of women in the field; the industry's existing homogeneity had seemingly introduced a sliver of doubt to my sense of belonging.

This is why gender representation matters. While I've been very fortunate to have incredible colleagues and be part of teams throughout my career that have supported me and empowered me, I didn't really look like anyone in my environment.

Since then, the industry has made great strides to become more open, more inclusive, and more diverse. Just within IBM, formidable female leaders are leading in security and threat intelligence. Twenty years ago, the absence of female figures in the industry to relate to, model after, or look up to would confine one's breadth of aspirations — what career paths she could follow and how far she could go. Today, women represent 24% of the security workforce, which is light years ahead of where we started.

There are visibly more women in the field, a greater number of women in leadership, and various industry initiatives committed to attracting, empowering, and mentoring talent to enter this fascinating field. For example, IBM Security founded a program called #CyberDay4Girls, where the company partners with local middle schools and hosts workshops to get middle-school girls interested in cybersecurity — a program that has expanded into nine countries.

While the future is looking brighter, there is still a ways to go, which is why representation matters now more than ever. For the industry to become more diverse and more inclusive, it's essential to inspire our future cyber fighters and tomorrow's potential leaders. In the presence of diverse references and female trailblazers, when young girls face the inevitable question, "What do I want to be when I grow up?" they can more easily envision themselves in this field and realize this too can be their calling. This too might be their dream.

Now in 2020, I reflect back on that feeling, that uncertainty my younger self had about fitting in. I now know I already had what I needed to fit it then. I just didn't know it then. The traits that led me to this field were the ones that helped me thrive and excel in my career. They were the nontechnical skills — the attributes that had fueled my fire, passion, and persistence to break through into this industry when starting off.

Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce — it's not binary.

So, to answer my friend's question, if I could go back in time I actually wouldn't offer my younger self advice. I'd let her experience it all — the good, the great, the bad, the difficult. Because that's the way you learn, evolve, and grow. However, as she prepared to take that first courageous step into threat intelligence and question whether she'd fit in, I'd whisper in her ear "Why wouldn't you?"

Related Content:

 

Michelle Alvarez is the manager of the Threat Intelligence Production Team with IBM X-Force Incident Response and Intelligence Services (IRIS). She brings nearly 20 years of industry experience to her role, specializing in threat research and communication. In her current ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8004
PUBLISHED: 2020-04-06
STMicroelectronics STM32F1 devices have Incorrect Access Control.
CVE-2020-7631
PUBLISHED: 2020-04-06
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
CVE-2020-7632
PUBLISHED: 2020-04-06
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7633
PUBLISHED: 2020-04-06
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7634
PUBLISHED: 2020-04-06
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.