I keep the things people care about safe.
Their bank accounts, their private data, their social media accounts, their children, spouses, grandparents, employees and their company secrets.
I didn’t set out to work in cybersecurity. But given what I’ve learned about the business, its people and their sense of mission, and our growing criticality to the world at large, I urge you to think about it.
As a young professional, technology was not my strong suit. I majored in management at Oregon State, with a minor in behavioral science. I was not up coding all night. I was waitressing and bartending to pay tuition. I graduated without a job and finally found a rent-paying gig as an administrative assistant.
Hardly a storybook start for a would-be cybersecurity leader.
But after laboring for several years in a succession of corporate vineyards – becoming a product manager, getting an MBA on the side – a professional networking contact reached out and I was offered a position at McAfee. I joined as the VirusScan product manager (it was our flagship corporate solution at the time).
Just the next stop on the corporate shuttle, right? Wrong.
I saw within a year what a different industry security was. I stopped looking for the job that would deliver long-term job satisfaction realizing that I may very well have found it. I’ve now worked at this company for 16 years.
Drinking the security Kool-Aid was not my plan. But after one short year I realized coming to work and keeping people safe was pretty cool. Not inventing rationales for obscure widgets, or assessing my worth according to how much jargon I could cram onto a presentation slide. I knew I was doing good and creating value for a world that had come to rely, with astonishing speed, on digital systems born fragile and vulnerable that have been playing catch up with the bad guys ever since.
Cybersecurity attracts extraordinarily committed people. Early in my McAfee term the I Love You virus broke out – a malicious e-mail attachment that affected tens of millions of PC’s. It was not just another day at the office. We had grown men and women melting down on the phone, terrified that their company’s security teams might not tame the malware before it overwrote critical files and resent itself to all their employees Outlook contacts. I had colleagues work 3 days straight, pitching in without pause – amazing engineers, researchers and managers who brought passion to the task of protecting our customers. If we didn’t feel like a family before we certainly felt that way after 72 hours of pizza, Chinese take-out, and a steady stream of caffeine. It felt like a cause.
At times like that ours is not a normal life. Of course I stayed.
In the years since the I Love You virus, cyberattacks have only grown more malicious and fateful. It has matured from mostly innocuous pranking to well-organized crime. Malware is an established industry with its own developers, pricing models and distribution chains. The bad guys have become serious adversaries.
Why don’t more young people respond to the urgency and rewards that come with such exciting work – the development of digital protection and detection technologies for the whole civilized world?
It’s partly because we have to make a better, clearer case. We need hard science skills and hard coding chops, but you don’t have to be a computer science or mathematics major to contribute to this industry. Look at me. I understand technology and know how to communicate its powers – and when the tech arena gets more good communicators, the public will better understand this field and more importantly, why it is so important to them personally and professionally.
It’s partly because private industry and higher education need to up their collaboration game. When McAfee piloted cybersecurity coursework with Cal Poly and my alma mater, Oregon State, the classes we designed filled up in 15 minutes. So we know we can ignite the next generation’s interest. We, as an industry, ought to work with more universities to proactively develop and disseminate cybersecurity curriculum.
And I think we have to reach young people sooner. When I talk to students in middle school and high school I tell them a cybersecurity career offers a chance to fight bad guys, yes. It rewards adrenalin junkies, yes. But it also makes you a caretaker, teacher and a hero all at once.
If in the 8th or 9th grade I had heard that pitch, who knows how much more quickly I might have gravitated to the career I love today. If today’s 8th or 9th graders hear it, I hope they’ll consider joining me.
Cybersecurity is more than lines of code. It’s keeping people and corporations safe and teaching them how to keep themselves safe. It’s what I do, and I want more company.
For more information on the state of the cybersecurity workforce, read the new report, “Hacking the Skills Shortage”, from McAfee and CSIS.
This blog originally appeared on my LinkedIn page.