Women have made significant progress in cybersecurity over the 6 years since Frost and Sullivan’s 2013 survey, which found that female workers made up just 11% of the global cybersecurity workforce. Today, that number has nearly doubled to 20%, according to CyberSecurity Ventures.
That leaves room for improvement, however, since research shows that diverse teams are more creative, more productive, and better at problem-solving. In an effort to increase female participation and inspire the next generation of female cybersecurity professionals to succeed, we’re collecting the stories of Armor’s highest-achieving women. We asked them how they got into the industry, how they succeeded, what obstacles they faced, and if they had any advice for younger women entering the industry. In this first installment, we talk to Marilyne Mendolla, our incident response and forensics engineer.
This is her story:
What is your specific area of focus in cybersecurity? Can you expand on what that means and what you do?
I’m an Incident Response and Forensics Engineer at Armor. I respond to security events in our environment. When security events are deemed to be incidents—that is, when something like malware attacks, system compromises, unauthorized access or configuration changes have occurred—I determine the root cause and work with our customers to contain and remediate the incident. I also help them improve their security posture to prevent these incidents from reoccurring.
What kind of training or schooling did you have? Any certifications you’d like to note?
I have a Bachelor’s degree in computer engineering from Florida Atlantic University, and I have a Master’s degree in computer science (information assurance track) from The University of Texas at Dallas. In addition, I have almost 10 years of “on-the-job” training through a variety of security-focused roles.
How did you get in to cybersecurity?
My interest in cybersecurity sparked when I took a security-focused class during my undergraduate studies. After graduation, I got my first entry-level job as a software engineer with a defense contracting company. When I first sat down with my manager, I told him my interests were in cybersecurity and he supported my move to a security-focused role in the company. The transition happened within a year. The rest is history.
What got you interested in cybersecurity?
Since I was young, I’d always wanted to be a doctor. Before I completed my Bachelor’s, I spent 4 years in the army as a medic, where I quickly realized that the medical field wasn’t for me. I don’t know what made me believe that computers were easier to fix than humans but it seemed to be the thinking that I had at the time. Computers were the way to go and where I wanted to be. That interest led me to an undergraduate degree in computer engineering, which in turn introduced me to cybersecurity. As my experience in cybersecurity grew, I found I had a knack for analytical thinking and problem solving and that I greatly enjoyed these types of challenges.
Ever since my transition into this field, security has become a big focal point in many aspects of my life—in my career, as a consumer, and in how I choose to interact with the digital world.
Do you feel like any of your time in the army helps lend itself to a career in cybersecurity?
I had a few experiences in the military that lend themselves a bit to the cybersecurity industry. Some skills and characteristics are transferrable—like independence, leadership, critical thinking, the ability to solve problems, and understanding how my actions affect my team. My military experience wasn’t cybersecurity focused, but it helped me grow into a dependable teammate.
What do you enjoy most about the industry?
The thing I enjoy most, and the thing that I find most challenging, is the constant change that occurs in the day-to-day industry. It’s why I get so much enjoyment out of it; there’s always something new to learn. It’s refreshing to engage with subject matter experts and know that you can learn something from, and teach something to, everyone. Every day is a new challenge, and that keeps it fresh.
What advice do you have for women entering the industry?
Honestly, for anyone wanting to get into the industry, my advice is: Establish your foothold. Participate in an internship while you’re studying or accept the entry-level position even if it’s not directly within the scope of your interests. Software engineering wasn’t what I wanted to do long-term, but I did it for a year to gain the experience. Get that entry-level job and then make the move to a security-focused role. Next, build your foundation by learning the security fundamentals through on the job training and/or self-study. Then, find an area of interest in which to specialize and hone your skillset. Last, take initiative and stay current in the field—read blogs, attend conferences and training events, etc. Things are always changing, so it’s important that we stay current as security professionals.
Have you had to overcome any challenges as a woman in cybersecurity? If so, what were they and how did you work through them?
I’ve been fortunate not to have an answer to this question. My experience in the cybersecurity field has been overwhelmingly positive. I’ve always been a part of diverse teams and my ideas and opinions have always been valued. I’ve never felt that my gender played any negative role in my career path.
While I’m grateful at the media attention that these topics—e.g. lack of diversity in cybersecurity, pay inequality—are receiving, I do hope that the attention is seen in a positive light and that it is not dissuading women from pursuing careers in cybersecurity. There are over half a million job openings in cybersecurity and not enough skilled professionals to fill them. This is a very exciting field to be a part of and so, if you want a career in cybersecurity, I believe there is nothing holding you back but yourself.
A growing need for women in cybersecurity
Women like Marilyne Mendolla represent the vanguard in female cybersecurity leadership, but the industry needs more women to achieve its highest potential. New research from (ISC) and Frost & Sullivan suggests that, on average, women value different skills than men. For instance, they are more committed to strong communications skills and a deep understanding of the security field than men. While men in cybersecurity focus relentlessly on technical knowledge, women emphasize a broader set of business skills that can be critical to exceptional performance.
Attracting more women in cybersecurity, then, is essential to the industry’s future. Cybersecurity super-women like Marilyne Mendolla are leading by example and offering insight to help the next generation of women come aboard.