Source: The State of Security
When a layperson imagines someone who works in cybersecurity, or any area of tech, they probably picture a man. But I’m a female information security professional, and I’ve had a great time speaking to other women in my industry.
Last time, I spoke to Sarah Aoun, who educates journalists and political activists on how to keep their data secure. This time, I have the honor of speaking to Jennifer Sunshine Steffens. In speaking with her, I realize that not only are there women in my industry in directly technological roles but also some of us in corporate leadership, as well.
Jennifer is the CEO of IOActive. IOActive is a major cybersecurity services company with many corporate clients across a number of different data-sensitive industries, including finance, healthcare and manufacturing.
Kim Crawley: So, you’ve been IOActive’s CEO for nearly nine years. I assume that most cybersecurity company CEOs are male?
Jennifer Sunshine Steffens: Yes, August will be nine years. It’s been an amazing ride so far. Most CEOs are male, but I’ve met more women in the role recently, which is a great trend.
KC: I’ve had the opportunity to speak to many women in our industry now, and I think the gender balance might improve. Fingers crossed!
JSS: Yes, I’m definitely seeing progress and have met some truly amazing women who are really advancing the industry as a whole.
KC: You were also a Director of Sourcefire for four years. Did you learn anything there that has benefited you in your role leading IOActive?
JSS: Definitely. I started before we had funding and before we’d hired our CEO, so it was a chance to help build a company from the ground up. It gave me great visibility and exposure to all aspects of the business, and I certainly learned a lot that I’m able to apply to our business every day.
We also built the Vulnerability Research Team there, which gave me a tremendous opportunity to get inside the mind of researchers. My psychology degree has been extremely useful in that regard, as well.
KC: Do you meet people outside of your company who have misconceptions about what you do? Or misconceptions about what cybersecurity services companies do?
JSS: Less now than when I started, but sometimes still – yes. Some people struggle to understand the difference between a researcher and an attacker. As researchers and consultants, our mission is to make the world safer and more secure. When we tackle a new technology, our goal is to work with the vendor to fix the issues and then collaborate to ensure the public is aware of potential threats and how to address them.
I think overall people are appreciating researchers more today than in the past and understand the importance and purpose of the work better. In many ways, mainstream media has helped as security is such a common topic now. Far less taboo than it once was.
KC: Laypeople assume all “hackers” are criminals, and they don’t understand pentesting and cybersecurity research. Is that what you’re referring to?
JSS: Yes. We don’t think “hacker” is a dirty word. We employ some of the best hackers in the world, and they do amazing and important work that makes organizations, products and people more secure every day.
KC: Yeah, I wrote an article for 2600 Magazine about that exact topic two years ago. So, how did you get started in IT?
JSS: I got my start in sports marketing actually, and I loved it. But then I was wooed into the shiny world of technology. I really lucked out early in my career at NFR, where the research team took me under their wing and helped me really understand the technology and industry. I’ve been hooked on security ever since.
KC: You benefited from a lot of mentoring, I presume. I’ve spoken to lots of women in information security who have backgrounds as diverse as high finance and sociology. You were in marketing. That fascinates me. Now have you ever tried any sort of ethical hacking?
JSS: Yes, I definitely did. And I should note, the technical teams that mentored me early on were all male. They were extremely welcoming.
KC: That’s great. I wonder how many more…
Click here to read more
