I have a background in economics and data analysis and was working on a project evaluating the effectiveness of government IT programs at the White House. During that time, the Office of Personnel Management (OPM) breach happened in which hackers stole sensitive background investigation information from a government system containing data on millions of government personnel. I led the effort to determine how many people had been affected by the attack. From there, I was offered a job working full time on the White House’s Cybersecurity Team, which oversaw cybersecurity policies for the entire Federal government.

I learned everything I know about cybersecurity on the job. You may think that you need to have a technical background to work in cyber, but there are actually many diverse paths you can take. I had strong analysis, project management, writing, and strategic thinking skills that helped me succeed in my job working at the White House. I also had the opportunity to get my CISSP which helped me hone my security skills.

Working in risk management requires you to have strong analytical, problem solving, and coalition building skills. Technical acumen is important, but if you are not able to win the trust of the stakeholders who are responsible for implementing protections you won’t be able to truly understand the organization's risk posture and create buy-in for improving it. In the past a lot of cybersecurity professionals were afraid to be honest about risks facing their organization because they were worried about budget cuts and a host of other concerns. Today most organizations understand that cybersecurity isn’t a problem to be solved but a risk to be managed. Being able to analyze these risks using hard data, and make recommendations couched in business terms will help you succeed in this role.

Don’t be intimidated by jumping into a new field. I think a lot of people, and especially women, tend to suffer from impostor syndrome, and think they aren’t qualified or capable to take on a task unless they meet every single one of the requirements. Cybersecurity is a field that is always changing, and can benefit from input from people with a diverse set of backgrounds and skills. There are tons of opportunities for training and certifications, and since the field is always changing there is always something new to learn. Do what you can to educate yourself about opportunities, and when you find the right one, don’t be afraid to apply! Think about how your current experience fits with the skills and strengths needed to succeed in the role and be explicit about that in your application and interview. There are so many exciting opportunities out there, there’s bound to be one that’s right for you!