When I graduated from college, I joined a rotational program at my first company. The idea was that we spent a year in a role, then switched to another role for a year. This rotational program allowed me to explore my interests. While I did not formally study security, I was interested in learning more. I found an application security engineering role with the cybersecurity division. The manager of the team thought I was a good candidate to mentor, so I had the opportunity to gain experience on the job.

I began my career at a large financial enterprise as a software engineer. In that role, I worked as part of an agile development team, releasing updates to production on a rolling basis. I had expressed interest in security to my tech lead, and he introduced me to secure code training. From there, I met a mentor in cybersecurity who thought I would be a good fit for his application security team. I eventually transitioned to that team, where I was primarily focused on helping developers write secure code early in the development life cycle, as well as remediate static analysis findings. After speaking at the Grace Hopper Celebration and meeting cyber leadership from many different organizations, I pursued an opportunity in the entertainment industry where I focused on maturing the organization’s application security process.

In the last couple years, I have taught middle school students to build Android apps, mentored new employees entering the workforce, and volunteered with conferences (BSidesCharm, The Open Web Applications Security Project (OWASP) Global AppSec DC, and in the future, Grace Hopper Celebration 2020). I was also involved in the Women in Technology organization at my last company, where I volunteered for numerous internal events. I find getting involved with the community outside of my usual day-to-day allows me to broaden my network and gain industry insights.

Curiosity, communication, and flexibility are key to excelling in this field. One of the greatest challenges in security is keeping up with the fast-paced field of technology. Much of my learning is on the fly or during my free time. My roles require communication with various types of audiences. Flexibility ties all of this together - with so many moving parts, being flexible in technology, processes, and communication helps me quickly absorb new information.

There are many resources available to pick up skills in the industry. I had a technical background but not all cyber roles require that foundation. For application security specifically, I suggest participating in hackathons, or capture the flags, where you can gain hands-on technical experience. I also suggest attending meetups, especially with local OWASP chapters to network and learn from industry professionals. OWASP is a non-profit organization who is best known for the OWASP Top 10, but they have broadened to other types of applications such as APIs and mobile.