This blog post is Unfiltered
This is post 1 of a 3 part series profiling several women in GitLab’s security organization. See part two, "What’s it like to work in security at GitLab?" and three, "Considering a career in security? Here’s some advice.".
Breaking into technology, and security, can be difficult for anyone. At GitLab 31% of our workforce identifies as women. In our security department we have nine team members who are women out of a total of 48 team members; that’s 19%. Global women in tech numbers are around 21.4% according to CNET and this recent study, “Resetting Tech Culture” indicates that young women who go into tech drop out by the age of 35. How do we change this? GitLab is looking to help encourage and support women in tech through our outbound hiring model, tracking and working toward key metrics, inclusion training, team member resource groups, building and fostering an inclusive remote culture and mentorship programs.
When you’re planning your career and thinking about your professional or academic next steps, it helps to be able to understand the different paths that might take you where you want to go. This is part 1 of a 3 part series where the 9 women in our Security department will share their backgrounds and experiences, a glimpse into their roles and responsibilities and offer up some tips and advice for those looking to work in tech, and quite possibly, the security industry.
We asked: how did you get into security, what helped you most in getting to where you are, and how do you stay on top of your game?
Julia Lake - Director, Security Risk and Compliance
Joined GitLab April 2020 / Connect with Julia on LinkedIn
What brought you to work in security? I started my career in retail banking and, after being on the auditee side for a few years, developed an interest in becoming an auditor. So, I returned to school to pursue a degree in management information systems to ensure I had the necessary technical foundations and I began working in IT advisory for one of the big four firms directly after graduating. I’ve been working in security ever since, with additional focus in the privacy and quality domains.
What helped you most in getting to where you are? Having a professional mentor that proactively encouraged me to take on new challenges has been instrumental to my professional development.
How do you support your continual growth? I maintain professional relationships with past industry colleagues, meet often with my mentor, proactively solicit feedback from my own leadership and staff, and subscribe to blogs, newsletters, webinars and training covering the field of audit and security from organizations like MeriTalk and ISACA.
Jennifer Blanco - Sr. Risk and Field Security Analyst
Joined GitLab June 2019 / Connect with Jennifer on LinkedIn
What brought you to work in security? I started my career as a paralegal in civil law for a firm that provided multiple areas of law. In this role I was tasked with building out the software workflow for my department; my first introduction to a technology business solution. A couple years later I moved to Seattle, Washington as I understood it to be an upcoming tech hub and applied for a role in which I could apply my experience. That company was DocuSign, and I’m proud to say I was the first Security Compliance employee ever hired there, back in 2012. I spent four years building out the customer assurance function, external audit programs and third-party risk for engineering dependencies.
What helped you most in getting to where you are? The customer assessments and audit work at DocuSign are hands-down the biggest propeller for my knowledge journey in Security. I was fortunate to have gotten exposure to, not only security practices, but also the deeply technical aspects of a company that managed their own bare metal infrastructure and networking within a datacenter–by the way, datacenters are SUPER cool if you ever have the opportunity to step foot inside.
How do you support your continual growth? I have a bachelor’s in communications with an emphasis on research which helped sharpen my critical thinking skills. To strengthen my technical background and support my future goals, I'm currently working on Informatics core classes specializing in assurance and cybersecurity as prerequisites for either a master’s in data science or law degree; to be decided. Professionally, I've curated my path by joining companies where I could expand my knowledge within technology. I’ve also completed a number of bootcamps and training and generally keep up with innovation and industry news.
Juliet Wanjohi - Security Engineer, Security Automation
Joined Joined GitLab May 2020 / Connect with Juliet on LinkedIn and Twitter
What brought you to work in security? From a very young age, I’ve been interested in computers. When I joined high school, I decided to take computer studies and my teacher for this subject actually became my first mentor and role model as a woman in tech. I later joined the University of Nairobi to study my Bachelor’s in computer science, and as you can imagine, the ratio of women in comparison to men was highly imbalanced. However, being part of the minority did not discourage me and I decided to pursue a master of science degree in cybersecurity in the UK as I had an interest in learning how to protect software applications and build security tools. During my time there, I had the wonderful opportunity to be an intern within the Security department at GitLab, and progress on to become a full-time security engineer with the team.
What helped you most in getting to where you are? Though my journey into security may not be as long, what has helped me the most is having a network of people around me that support me and encourage me to do better. Cybersecurity is a very broad area and as I become familiar with the different domains and what interests me the most, it is important to have people to reach out to and ask questions no matter how simple the questions may sound to you. In addition, I often find myself to be the only woman/person of color/youngest person in the room. This, bundled with my shy personality, makes it a daunting task to ask questions sometimes. However, I tell myself to be confident in my knowledge and believe in myself. Having this confidence and getting answers to these questions is what will help me to evolve and grow professionally!
How do you support your continual growth? Keeping in touch with mentors who help me map out my career path and offer feedback is definitely an important support factor for me. Additionally, I enjoy reading blogs by Troy Hunt and Bruce Schneier, listening to podcasts such as Smashing Security, and attending conferences like BlackHat that offer an opportunity to network with diverse groups of people and learn about their experiences in security.
Kristie Thomas - Executive Business Administrator
Joined GitLab February 2018 / Connect with Kristie on LinkedIn
What brought you to work in security? I got started in tech a few years after I graduated from college with a bachelor’s in communications. I knew nothing about technology, business or what my 10 year plan was. I loved experiencing a start-up and felt at home in the fast-paced environment. I grew in my role and saw multiple paths I could take in the industry. In the last 4 years prior to becoming an executive business administrator (EBA), my jobs were more technical. I spent a lot of time writing SQL queries and troubleshooting CI pipelines. I felt pressure to be technical, even though I didn’t enjoy it. I made a list of what I liked and didn’t like, and realized the perfect fit for me would be to move into an EBA role and support the engineering teams at GitLab, allowing me to broaden my skillset while still being involved in technical work, at times. I can truly say that my role as an EBA at GitLab is perfect for me and has exceeded my expectations in many ways.
What helped you most in getting to where you are? It has always been important for me to be in tune with myself and know what fulfills and exhausts me. Before transitioning to my current role, I took on the exercise of listing and organizing the things I enjoyed and disliked about previous roles and was able to clearly identify what the right position for me would look like. Thankfully, the path I had been on led me to my current role. I’ve always been a curious person and I enjoy engaging with others. I feel fulfilled when others succeed and I am driven to help people meet their goals. I get to do that every day at GitLab, and this role has allowed me to interact with hundreds of team members and form professional relationships. Because I attend a variety of meetings and help with a handful of projects, I get to learn new aspects of the business on a daily basis and am energized by my work.
How do you support your continual growth? I believe that growth comes from taking care of yourself. I have to prioritize non-work things to succeed at my job. A GitLab colleague recommended the book Designing Your Life and I have used its principles to find balance, meaning and joy. Along with a lot of self-care, I prioritize a few monthly 1:1s with mentors outside of GitLab. Talking to others at various stages in their career and getting advice on current challenges has helped me grow, try new things, and solve problems in unique ways. I also feel comfortable making mistakes because this gives me the opportunity to try again with wisdom learned along the way.
Liz Coleman - Sr. Security Analyst, Compliance
Joined GitLab January 2020 / Connect with Liz on LinkedIn
What brought you to work in security? The twists and turns of life are what really guided me to security. It was not something I initially sought out from an educational or professional perspective. In fact, I originally intended to go into politics which took a turn into government compliance and ultimately, information technology and security as it relates to compliance. However I’ve realized over the course of my career that although they are different buckets of work, they are all interconnected in so many ways.
What helped you most in getting to where you are? One big thing that has helped me to get to this point in my career is being able to identify synergies between my past experiences and new opportunities, and finding those organizations who are able to see how my expertise can span beyond silos. I’ve found that I may have more experience from a compliance perspective but it can apply to auditing. Or understanding IT processes can assist with security initiatives. I don’t think you can go wrong with working hard, being open to learning and trying to surround yourself with quality people that can see your value even if your resume doesn’t 100% match the job description.
How do you support your continual growth? I obtain, at a minimum, 40 continuing professional education (CPE) credits a year. Typically these are obtained through webinars, e-learning, conferences (pre-Covid), and signing up for anything that I think might be interesting. I also attend GitLab Commit! It’s one of the best opportunities to further immerse myself in all things GitLab and learn about areas of the business that I don’t tend to focus on.
Meghan Maneval - Manager, Risk and Field Security
Joined GitLab July 2020 / Connect with Meghan on LinkedIn
What brought you to work in security? After I graduated with a bachelor’s degree in management of technology, I pretty much applied for as many jobs as I could that related to technology. I ended up being offered a job as an IT auditor for an insurance company. After working there for some time, I obtained my master’s in business administration and got the opportunity to lead a dynamic team of auditors and Security Analysts. It was at that point that I realized I wanted to know more about security and pivoted into security compliance.
What helped you most in getting to where you are? Having a strong mentor that I can speak candidly with. A lot of people think a mentor is the same as your boss, but it’s not. Having an independent person that you can be open and honest with is key. They can guide you through tough situations and provide opportunities to grow.
How do you support your continual growth? I make it a point to participate in industry events and webinars where I can network and learn from others in my field. In particular, I enjoy attending ISACA Webinars as they directly relate to my role in governance, risk and compliance. I also really enjoy more vendor-specific user conferences like Cisco LIVE because they generally have tracks specific to security or risk management and it gives great insight into how others use the same tools I do. I also love to read and enjoy reading retrospectives of security incidents and lessons learned from past security events.
Mitra Jozenazemian - Senior Security Engineer, Security Incident Response Team
Joined GitLab July 2020 / Connect with Mitra on LinkedIn
What brought you to work in security? I got my bachelor’s degree in information technology. During my studies, I had a security course where I learned about hacking and how to secure systems against hackers. The course made me feel like I was a detective. As a result of that course, I developed a passion for security so I pursued a master’s in information security and started working as a security engineer in 2010.
What helped you most in getting to where you are? Be open to new experiences. In 2013 a mentor at my university asked me to join his team as a computer forensics researcher and trainer. Before that I’d never done forensic analysis. To prepare, I started to learn how to collect and examine volatile data on a live system while responding to an incident so that I could later teach it. I found it so interesting that I stayed awake for nights and studied and analysed memory/disk images. After that experience, I knew I would love to work on a security team, responding to incidents and trying to find clues of what has happened among the collected evidence.
How do you support your continual growth? I am always excited for new challenges and the opportunity to participate in something outside of my comfort zone. I also try to stay up-to-date through IT related newsletters, webinars and training such as SANS courses.
Rupal Shah - Analyst, Security Compliance
Joined GitLab October 2020 / Connect with Rupal on LinkedIn
What brought you to work in security? I definitely did not enter the world of Security in a traditional way. I graduated with a MIS (management information systems) degree, but never really pursued it. I started my career doing customer integrations from an in-house product to a SaaS application and then moved to customer support which led into IT project management. I was approached with the opportunity to build out and lead a compliance program for SOX (based off of my project management and organizational skills) and that’s how I started my career in compliance and security; literally learning from the ground up!
What helped you most in getting to where you are? Being a team of only 1.5 for all things related to SaaS-based IT compliance allowed me the opportunity to learn everything about governance, risk and compliance and really get my feet wet. Building out an entire program to manage SOX, SOC2, risk assessments, third-party vendor security management, etc programs from scratch allowed me to focus on my growth potential and career progression.
How do you support your continual growth? I try to give myself as much exposure as I can by subscribing to many blogs/newsletters/webinars and attending trainings/conferences when I have the time. The Women in Cybersecurity is a great event. I’d also recommend reviewing this virtual cybersecurity event list from Digital Guardian. Included in my reading list are revsec, threatstack, csoonline and darkreading. I also try to learn about how other parts of the organization function and to identify areas that are lacking; where opportunities to improve security from the lens of the organization and not just a specific department or project may exist. Lastly, staying in touch with my mentor (a previous manager) has enabled my knowledge growth and provided constructive feedback–which makes me work harder and learn from my mistakes.
Heather Simpson - Senior External Communications Analyst, Security Engineering & Research
Joined GitLab February 2019 / Connect with Heather on LinkedIn and Twitter
What brought you to work in security? Spoiler alert! I don’t have a “technical” background and I don’t have even a handful of years working in security. What I do have is two bachelor’s degrees: international communications and Spanish, a master of science in marketing and close to 15 years experience working in tech. I came to GitLab from a large IT integrator where I led marketing communications efforts for the office of the CTO. I found that I enjoy collaborating directly with deeply technical folks on marketing initiatives that shine a light on the awesomeness that is their expertise and work. I’m one of few marketing or communications roles at GitLab that sit directly within the business. This helps me maintain a deeper understanding of the programs, processes and technology we use and the people that make them successful. And, I can always count on my security team members to help me break down the complex and patiently answer my many, many questions so I can gain clarity that I hope is reflected in our external communications.
What helped you most in getting to where you are? I’ve always enjoyed a challenge, which has led me to tackle new roles and new subject matters and areas within the tech industry. It's also given me a love for building new marketing, communications and engagement programs and processes from the ground up.
How do you support your continual growth? Is twitter an answer? 😆 I ❤️ reading and try to read at least 60 books each year. I also try and consume as much as I can on platforms like Twitter, LinkedIn and HackerNews around marketing and/or devops and security topics. I appreciate the Hootsuite blog and Ann Handley's Total Anarchy newsletter for marketing topics and try and stay on top of the feeds from many of our bug bounty hunters through this twitter list. Staying abreast of trends helps me stay sharp even when I’m not regularly or directly practicing those skillsets in a current role.
Cover image by #WOCinTech Chat.
“Oftentimes, the professional road to security practitioner is a windy one. We talk to 9 women from the @GitLab Security team to see what their journey looked like. #careerdevelopment” – Heather Simpson
Click to tweet