Episode 115 - How We Got Into Security with Ashley Burke, Karla Reffold, and Divya Mudgal
The .NET Core Podcast
Episode 115 - How We Got Into Security with Ashley Burke, Karla Reffold, and Divya Mudgal
Supporting The Show
If this episode was interesting or useful to you, please consider supporting the show with one of the above options.
The field of cybersecurity has traditionally been male-dominated, and many women who are working in the industry are still facing challenges. However, there are many ways for people to break into the cybersecurity industry, regardless of their backgrounds or levels of experience.
Take Karla, for example, who made her way into the industry through her own recruitment business. She discovered the importance of cybersecurity and quickly shifted her focus to this sector. After two years, she moved into a more technical role and is now working as a business partner with the CEO. Ashley, on the other hand, has recently entered the cybersecurity world, thanks to the help of Karla. She has already had multiple roles, from a risk analyst to a security program manager.
Karla emphasizes the importance of mentorship in the cyber security industry, citing her own mentors as an example. According to her, these are people who have taken the time to meet her for breakfast or answer her calls when she needs help. And sometimes, mentors don’t have to be as formal as we think; Karla and Ashley, for example, met on Twitter. The key here is to do the work and have someone who will coach and guide you.
Men should also take the initiative to be allies to the women in the technology industry. This could mean recommending women for positions, celebrating their accomplishments, and recognizing and appreciating their unique experiences and identities. It is also important to be aware of our own biases and strive to educate ourselves and others. Harvard has a bias test that can help people identify their own biases, and the New York Philharmonic has taken steps to reduce gender bias in their audition process.
In addition to mentorship, networking is also an important way to get into the cybersecurity industry. People should take advantage of all available opportunities to learn about cybersecurity and its latest trends, build their skills and confidence, and establish contacts.
In summary, the cyber security industry is a complex and ever-evolving world, and it is important to recognize and appreciate the unique perspectives and skills that women can bring to it. Men should take the initiative to be allies to the women in the technology industry by listening, recognizing, and supporting them in whatever way they can.
Hello everyone and welcome to THE .NET Core Podcast. An award-winning podcast where we reach into the core of the .NET technology stack and, with the help of the .NET community, present you with the information that you need in order to grok the many moving parts of one of the biggest cross-platform, multi-application frameworks on the planet.
I am your host, Jamie “GaProgMan” Taylor. In this episode, I hosted a roundtable discussion with Ashley Burke, Karla Reffold, and Divya Mudgal about how they got into the cybersecurity industry, how you don’t necessarily need a technical background or need to be a developer in order to get into it, and how there’s way more to the industry than the sensationalist “person in a hoodie, typing random commands into a Linux bash prompt,” than you might have realised. We talk about the fact that both Ashley and Karla are from “non-traditional” backgrounds (i.e they didn’t study Computer Science or Software Engineering) and how their experience differs from Divya’s experience, as she studied Computer Science.
Along the way, we also discuss some of the issues that they have each faced as women in the cybersecurity industry - an industry which is traditionally very male dominated. We also discuss ways that we can help our colleagues who identify as female.
This is a slight departure from our standard topic of .NET, and more into both cybersecurity and the gender divide in our industry. I ask that you listen to what these highly skilled colleagues of ours have to say, and think about what your key takeaways from this conversation are. For instance, some of my favourite takeaways from this were:
- Karla saying that sometimes, “it’s just a case of getting out of the way.”
- Divya saying it shouldn’t be about “male vs female”, and that we should combine each other’s skills and experience to create a greater team.
- Ashley saying that gender bias can present itself in some of the most subtle ways, and that we should stop teaching those gender biases
I also really appreciated having my viewpoint and a specific long-held understanding (one which I thought would help, but actually might have hurt) challenged and changed throughout this discussion.
Let me know (via the contact page) what your key takeaways where.
A late breaking note from the edit: it seems that the recorded audio is a little rough in places. Mark (our editor and podcast mastering expert) has done what he can to improve the audio where he can, but there are still some rough spots. I think that the conversation we had is a very important one, and as such I’ve taken the time to personally provide a full transcription of what was said. If you have trouble with the audio, please take some time to read through the full transcription of the episode found at dotnetcore.show - there will be a link directly to in in your podcatcher.
So let’s sit back, open up a terminal, type in
dotnet new podcast and let the show begin.
So the first thing I’d like to say to everyone, Karla, Ashley Divya: Thank you ever so much for spending some time with me today. I really, really honestly appreciate anyone who comes on the show. I’m super appreciative of them spending their time. So thank you all for that.
No worries. It’s great to be here
Okay, so this episode is gonna be a huge departure from what we normally talk about, we normally talk about .NET and .NET things. But what I thought is: it would be really interesting to catch up with some industry experts like yourself, and talk about how you all got into the different aspects of security within technology. And how you don’t necessarily need to have a huge amount of technical background knowledge to do it. This is not to say that none of you have the technical knowledge required. But obviously, you know, when we’re watching TV shows about the security people you know, we’re watching Mr. Robot or whatever thesensationalized side of it is everyone sitting around with a hoodie, typing esoteric commands into a Linux bash terminal. And then suddenly, the internet goes down for everybody, right? There’s way more to it than just that. And I thought it might be interesting to some of the listeners to find out a little bit more about the different ways that they can get into this industry, and perhaps a little bit more of like, how you will got in? Would you recommend courses or mentorship or whatever? And some of perhaps the issues that you see on a daily basis that are not necessarily related to the technology, right?
I’ve often said - sorry, I’m waffling on way too much, I will let everyone speak in a moment - I’ve often said that this whole space is dominated by too many people who look like me. Right? And it shouldn’t be, it should be for everybody. And so let’s make it easy for everybody. If in my small area of the internet, I can help to get the message out, then let’s make it fewer people that look like me.
Anyway, I’ve talked for way too long. Wouldit be possible for y’all to go around the circle and just sort of introduce yourselves because it shouldn’t be the Jamie podcast, right? That’s not allowed.
Well, I’ll jump in so I’m Karla Reffold. I’m the general manager at Orpheus Cyber. We’re a threat lead, risk rating, and vulnerability prioitization cybersecurity vendor. So that’s me. I’ll let everyone else go. And then we can maybe jump into the, “how we got into it and what’s different about what we what we do,” based on what you just said.
I’m Ashley. I am not, I’m very new to the cybersecurity world. Thanks to Karla. Thank you. Pretty much I’ve had multiple roles already from a risk analyst to my current role of being a Security Program Manager. So pretty much I’m running audit, I’m doing educational pieces for a fintech out of Toronto.
Okay, I’ll go next. I’m Divya Mugdal, I have about eight years of experience in cybersecurity, mostly doing penetration testing, working for different clients from different industries, leading teams and projects. I have helped software development teams in integrating security in software development lifecycle, using different industry standard, such as OWASP. Currently, I’m working as Senior Security Engineer with one of the financial product firms in Toronto. And so basically, now I am doing penetration testing and doing more security things like working on policies, doing maybe help in audit and all sorts of different things.
Well, my route into cybersecurity is probably a little different from most people these days. I had my own recruitment business, and we were looking at risk, and enterprise risk, and business continuity. And someone who I trusted very much said, “you know what, you should really look at this cybersecurity thing. I think it’s going to be big.” So we did and then very quickly, doubled down and cybersecurity was all we did. So my way into the industry was from the point of recruiting and helping people get into cyber grow their cyber teams, grow their cyber businesses. And about two years ago, I moved from running that business to Orpheus and running the business with the CEO there. So now my role is a lot more technical. I feel like I’m actually in the industry rather than working for the industry. But it’s a very different route. And I think that is to say that there are a lot of different ways and a lot of different roles that count as cyber.
I couldn’t agree more to that. My route actually is very similar, because I’m not technical. I started out as a university professor in political science, teaching in indigenous communities, and realized as much as I love that role, it was contractual. So I wasn’t able to get a full time role out of that. So I switched again, to help people find jobs and careers. So similar to Karla, I did sort of recruiting, but more the educational piece: teaching people how to network and make resumes. But I really wasn’t happy. I didn’t like the environment. I just found that I was underutilized. And I kept, as I’m helping people finding jobs, I kept being more interested in security. So people who will come in and talk about security, I was so psyched. I was like, “oh, man, I need to know more about this.” And I actually wrote a note to myself in my office that said, “you will get into cybersecurity”, like a little note to myself to remind me, I’m going to do it.
COVID hit, there you go. And I went, “well, it’s about time.” So from there, I ended up with mentors, such as Karla. And we’ll go into that in a bit more detail. And literally just started networking and talking; took a few courses. But like I took a web development course. And it turns out, I really hate web development. So I wasn’t going to do that. And I was like, “how can I get in?” through talking through networking, I landed an interview for Risk and got in that way. Almost right away, I was approached by the security manager being like, “so you want to come do a little work for us?” I was like, “yeah, I do.” And now I work there full time. It was awesome.
For me, it actually started during my graduation. While I was in my graduation, I wanted to become a Java developer. And I worked on some projects as a software developer. So while I was learning Java and working on different projects, I came to know about issues such as like SQL injection, [and] XSS. And then I started learning about securing code in Java. I read over stopped in and different resources available on from different resources available on internet. While I was reading about it, I found it interesting and wanted to explore offensive web application security. So I started reading about it more and more and then looking for… standard looking for suitable positions, and then finally landed my first job as a penetration testing [sic]. So that’s how I got into cybersecurity.
You know, I think what Ashley’s story kind of highlights for me is some of the advice that I’ve given people over the years is: try and look internally first, try and look for ways of getting involved with cybersecurity teams in your current business to get some of that experience. Because we’re seeing this like time and time again right now, right? Like, yes there’s courses; yes, some people go into graduate roles or intern roles. But getting that experience … is that’s really hard. And that’s one of the first ways you can do it by even one project with the team that you currently work with.
Yeah, I agree with that. I think I know that we were we’re going to talk about this, but I feel it’s important to bring it up now is the idea of mentorship. So being a non traditional woman, so like I’m a woman in a non traditional field or trying to enter a non traditional field, you know, facing a lot of challenges. Having mentorship was super helpful. And I went out of my way. Karla, for example, was my mentor. And I met Karla on a Twitter feed when she put out that she was accepting mentees. That’s how that happened. And from there, Karla has helped me you know, when I first started, I had two job offers. Karla helped me navigate that. Who should, what should I be looking for in these job offers? I didn’t know I’m new to this industry. You know, the idea of mentorship and lifting other women up to succeed is incredibly important in this field. You know, this is a male dominated field and there’s a lot of mansplaining that happens there is a lot of perspective of oh, we think of that hacker in the hoodie. It’s a white man. Right? It’s not usually like a happening cool ass woman, you know, deciding to take down the government not usually happening. Right? And so I think it’s pretty cool that we help each other up and we start mentoring other women or you know, diversity in general, to engage and grow in this field. So for me, like my heart is with Karla, because Karla looked at me and said, “we got this, this is what we’re going to do, I’m going to help you.” And I was lucky enough to have two amazing women as my mentors. And I think that’s really important to put out there.
Yeah, I agree with Ash. Mentors play[ed] an important role in my journey as well. So I met different people throughout my journey, and be if my caring seniors, men, women, but they mentored me, guided me supported me throughout my journey. Obviously, there were ups and downs, but my focus is always and will always be, to basically be learn as much as possible, wherever and whenever I can.
I think quite a couple of things I always think when I talk about mentorship is: my mentors don’t know they’re my mentors. I’ve never asked them - I mean, maybe they’ve got a clue - but like, they’re really great people that have taken the time to meet me for breakfast on occasion, or will take a call for me when I need some help. And I don’t think it was has to be as formal as we think. You know, Ashley, and I met on Twitter, we talk when she wants to talk. Like, it’s not necessarily you know, we don’t have calls booked in. And the other really important thing - and Ashley, again, is a great example - is she does the work, right? Like my style is a little more coaching rather than telling. And I think sometimes we see that when when people come and want to find a mentor, like they’re looking for someone to tell them what to do. And that’s part of it. But part of it is you have to then go and do those things.
Yeah, I think that’s a reasonable point. Like for my experience, being new in this field, I am new. So far, just you know what my mentorship being new, taking on - I’ve literally just taken on any opportunity I can find I feel that I’d enjoy. I’ve managed to run an audit. I’ve ran a security project, a Security Privacy project. I’ve liked the things I’ve helped us with our PCI certification. I’ve done PII training, all these amazing things in a year. And I think personally when it comes to this - and it is, you know, the idea of what Karla and Divya are saying is there’s ups and downs, but you put in that work. And ultimately, like I’m a go-getter, I know that and I will fight tooth and nail for something I believe in if I think I can succeed at it, I’m gonna do it. And when you have that support - and I say this because it’s important that when you have that support from other women in the field, particularly - it actually lifts you up. Alright, so Divya and I are actually in the same company. And we are the only two women on our security team. We’re very lucky. Everyone else on the team is very supportive. They’re, you know, I would classify them as feminists. But Divya and I support on each other, we lean on each other, and we talk to each other because we know our issues might be different. Our challenges might be different than other people on that team.
Yeah, I am. You know, I started when there were very few women in cybersecurity. I’m kind of annoyed that it’s going so well for us because now the lines to the bathrooms are much longer at these conferences. That is not what I signed up for. But joking aside, it’s really important to have those relationships and to support each other. There is a great network of women in cybersecurity, because there are actually - like, most of the industry is awesome. There’s some not so nice elements as well. And I think we’re seeing typically groups of women call that out and try and get rid of that. But I think if you can find that group or those people that will support you, then it’s gonna make your journey just that little bit easier.
I agree. I’ve actually, when I started this, like, even before when I was super interested in tech, this is just like tiny story just showcase. As an example. When I was super interested in tech. I was working in a different field. I was like, “well, I’m gonna start an IT committee,” because we actually had a cyber attack. We had a ransomware attack and I was like, “whoa, what! Okay, how are we gonna deal with this?” So me and IT guy took security super serious, though it wasn’t our job. We went around all the computers, I think there was probably 30 or 40 in the business, and we updated everything we had people change their password, and we’re like, “okay, let’s do an education to showcase the people who with influence ‘what to do if…’.” And I had an upper like, someone above me, come to my office and very much state to me, “you cannot do that anymore. Your job is this,” and they should put their hands hands together and made like a very small space and said, “this is what you do. Your job is specifically what you’re doing. You cannot join that committee, you cannot be part of that.” And that’s where I started facing that adversity of: well, who says I can’t do what I want to do? Like, no, that’s not gonna happen. You know, and that’s where my downfall started, right? In the sense of the fields I was in weren’t for me, this is where I wanted to be, I wanted to make a difference I wanted, I wanted to be on the IT committee, so I made my own. But you know, like that stuff that you deal with, and if not always in the forefront, you’re not always seeing it out in front, it’s happening in back offices.
Luckily, I did not face anything like, at least in now were I faced, like, because you have ever made, you can do that. In fact, in my case, everyone was so supportive of basically motivating me and do stuff. So maybe I was lucky.
Maybe. I certainly had a bit of both, you know, I don’t think anyone’s told me, I can’t do things. But there’s definitely been times where I feel I’ve created my own opportunities, you know: that door doesn’t exist to go build one. And that’s not always obvious. Sometimes you need someone to point out that that’s possible to you. But, you know, I think what I see from women in this field is how much we tend to do. When I’ve judged awards, you get, like a security category who tends to be mostly men. And they will say, “hey, I do my job. And I do it really well.” And then you get the women category, let’s hope Women of Influence or something like that, and then say, “well, I do my job. And I do it really well. And I’ve got three kids, and I have a philanthropic association, and I go into schools and tell people about cybersecurity, and I attract women. And last year, I affected a dozen women into the field and help them out and I mentor them in my spare time.” Like we’re doing a lot to stay, to get to the same place. I see that all the time. And I’m really hopeful that maybe, you know, this next iteration for women in cyber is that actually, we can do our jobs and that’s enough; or we’re doing more, and we’re getting ahead for doing more rather than being, you know, staying in the same place.
A Request To You All
If you’re enjoying this show, would you mind sharing it with a colleague? Check your podcatcher for a link to show notes, which has an embedded player within it and a transcription and all that stuff, and share that link with them. I’d really appreciate it if you could indeed share the show.
But if you’d like other ways to support it, you could:
- Leave a rating or review on your podcatcher of choice
- Head over to dotnetcore.show/review for ways to do that
- Consider buying the show a coffee
- The BuyMeACoffee link is available on each episode’s show notes page
- This is a one-off financial support option
- Become a patron
- This is a monthly subscription-based financial support option
- And a link to that is included on each episode’s show notes page as well
I would love it if you would share the show with a friend or colleague or leave a rating or review. The other options are completely up to you, and are not required at all to continue enjoying the show.
Anyway, let’s get back to it.
Is there - related to the points that you’ve all brought up, and especially the point that you brought up the Karla about, about women are always doing more, right? You were saying there about, you know, I don’t want to quote you back to you, but like, you know, “I do this, and I go to schools, and I do outreach, and I do mentorship, and I do all these things. And I have,” you know, because of the gender normative society we’re in, “and I look after the children, and I do the housework.” And I hate that I’ve had to just say that, but you know that’s what I was getting from it. What, is there anything that I suppose male or masculine presenting people can do to help? If I’m already in a technology area, you know, I’m a developer so is there anything that I can do to help? Oother than just so I’ve been, I’ve been told several times, the best way to support is to be there, listen and be an ally, right? To say, “hey. This person: she’s awesome. You want to hire this person,” right? But is that the best I can do? Or should I be doing more? Because I don’t want to sit here and do - I hate to use this phrase, but - “too much”. That’s the wrong way to say it. But like, I don’t want to be sitting here and going, “well, I’m going to mansplain my way through this.” But how can I help other people? Even if it’s not my area of expertise? Is it just a case of knowing enough people and saying, “oh, you want to talk to Karla; and you want to talk to Ashley; and you want to talk to Divya because they are awesome. Let me get you in contact with them” Or is there something else I should be doing? Like? What should I do?
That’s a great question. Because part of the problem is, men don’t always know what to do. Right? You know, do you want to be the person that goes into schools and tells young girls that cybersecurity is a palce for women? That’s kind of a hard thing for you to take on. I think all of the things that you just said around how you are an ally: how do you.. you’re asked to recommend somebody are women on your list? How diverse is that list of people that you’re presenting? And actually sometimes, can you just get out the way? Like can you be quiet in a meeting so that the females in the room can speak and have that place? Because we know that you know all those norms of how people are perceived. And you know, when women try to create that space, can you create that for them? So there’s a whole list I could carry on for far longer than we have. But those are kind of things that are coming top of mind.
I’m totally with Karla on this. Like, so many times men speak over us or they don’t let us have a discussion. You know, I think another way that you can absolutely support women in this industry, is ask us questions. Don’t make any assumptions. Don’t make assumptions, say, that we have children: I don’t I’m never having kids. In fact, I don’t really like kids. That’s okay. Right. And I’m gonna say that everyone will know. I’m asked way too many times when I’m having a baby. Over it.
You know, ask us questions. Make zero assumptions. You know, there’s too many assumptions made on women that aren’t right. You know, “oh, you know, she probably has to go take care of children.” “Oh, she’s probably off because Oh, it’s that time of her month.” Whatever BS this is, stop. Ask us questions. Engage with us. Ask us our opinions. You know, women have different perspectives. And it has - from studies I’ve read - it has been shown that women are incredibly successful in cybersecurity, because our brains work just a little bit different. You know, and that’s all right. Like, I think that’s pretty cool. And since being in security, and I can speak for myself, at least, I have gained so much confidence in my ability in my voice and what I can accomplish. And you can ask, I never shut up in a meeting, I am consistent. But it’s because I feel my opinion is important and valid. And to help us: ask, validate, you know, be part of that, be part of our journey. You’re right, when you said networking, networking is super cool. You know, I’m fine. If you want to put people my way to have discussions, I think that’s great. But it’s ultimately, not mansplaining. No assumptions. And I love how you said it Karla, like get out of our way. What a nice way to put it.
I’m not sure how nice that is. But sometimes it is that you know. Like, and sometimes it is saying, “hey, as a man, I’m leaving to pick up the kids.” Because if we make everything normal for everybody, then that, you know, then that stops it being, women stop being penalized. Because they’re doing that when the men say that they’re doing that. Something came up this week around, “why do I have my pronouns on my LinkedIn profile?” Well, because if I do it, it’s then safe for other people to do it, and we just make that normal. And it’s the same thing, when it comes down to kind of the gender split as well.
Yeah, I feel like it should never be male versus female. If someone has skill, and someone can help with that skill, be it opinion, or I can have my opinion, and I can basically, maybe contribute to something. So it should not be something like a, “because she’s a female, or she’s a woman, she can maybe better know this.” Or, “if he’s a man, he maybe he can better know it.” It’s all about skills and experience and knowledge that an individual has.
I love that point. I love everything you’ve all just said. I think it’s all completely. You are the experts in this in this place, right? I how do I put it? I always, so I always try to pick my words very carefully when I’m talking to anyone. But specifically this I feel like I need to pick my words a little bit more carefully. And that is: I will never understand - I might appreciate, but I’ll never understand - the issues that face different groups of people, right. One of my friends once said to me, “dude, you’re playing life on easy mode. You’re a white cisgendered male, you got it easy.” And I’m not saying that anybody has an easy. I’m not saying that people don’t have hard. I’m just saying, you know, that’s what one person said to me. And I feel like, I feel like yeah, you’re right. We maybe us white cisgendered men need to just step aside and shut up. Which is the opposite of what I’m doing.
I Okay, yeah. I mean, yeah, for sure that some people may have it easier than others or they may not. We don’t know what people go through and what their lives are. But for security and a general perspective, diversity is your friend. Let’s look like a hiring managers for example. You know, it’s not just about ticking boxes. is about diversity if we’re looking at technical skills versus non technical; you know, look at a person as a whole. And like sometimes women are penalized, because maybe we do have to leave. And if you look at COVID, for example, women who have been the ones that have suffered the most in the workforce, right, and why is that? It’s back to Karla’s point of let’s normalize the divide of you know, I don’t have children. But for me, personally, it will be less normalized chores. For example, right? I’m not, I’m a horrible cleaner. I know this. I am awful at this. And if you put me, I don’t know, if you put me in a place where I had to clean as a profession, I would fail miserably. And that’s okay. But you know, it is it’s that gender divide that we have to conquer, and to Divya’s point that it’s about skills. It’s not about, you know, who like, it’s not necessarily that, “oh well, you’re a woman, let me tick this box,” “oh, you have a disability, let me tick this box.” It’s the fact being that women in general, in a holistic sense, have skills and abilities and look at things a little bit different. And that’s never bad.
Yeah, and I think, you know, I think what we’re maybe gonna, sort of we’re touching on it is that it should be about skills, it should be about experience. It’s not about ticking boxes, and people get worried about that sometimes. I’m worried about then “how do I get a diverse team”? And I think, you know, that cognitive diversity comes into it, too. So I feel like you need to have different lived experiences in your team, which is creating your cognitive diversity by having diverse people in your team.
And I think about it, like when you build a sports team, right, your best athletes might be - and I’m gonna do soccer, because that’s the one I know the best - your best athletes might be 11 strikers, but you can’t have a team of 11 strikers, you have to get some defenders and midfielders. And actually, even if the best athlete available, doesn’t fit with your team, you’re not going to take that person just because they happen to be the best athlete, you’re going to take the best fit for your team. And sometimes that might mean that highly qualified women versus highly qualified men, but you don’t have any women on your team, that woman becomes the best fit. So that’s how I think about it when people are getting concerned about, “well, how do I you know, men vs women? And you know, how do I pick some boxes?” It’s about creating the best possible team and some of that team creation is diversity and diversity of lived experiences?
And maybe that means the interview should change a little bit, Karla, you know. Because when you’re doing an interview, sometimes it is very like, “okay, here’s your intro. What’s your name? What’s your experience? What’s your strength? Okay, tell me about this time blank.” But maybe, and I really love that maybe it should be not about necessarily all your work experience, but also your lived experience. You know, “tell me have you traveled before, where have you traveled? Why did you like it? What did you do there?” You know, it’s all about - and this is bringing me back to my career days, but - it’s all about transferable skills. Right? We have so many transferable skills like 1000s, one person, and no skill is the same because a person who owns that skill is different. Right? So utilize it in a way of asking about personal, you know, and not like super personal but that person has a whole. I love that point.
There’s - excuse me - there’s a related story, or at least a story that I think is quite related into how both, Karla and Ashley, how you both described this diversity of thought, this diversity of everything. And I believe it’s the New York Philharmonic, I may be completely incorrect as to which Philharmonic it is. Because there are millions of them. They found in the early 2000s, that they were hiring people based on how they look, “oh, we need more male cellists; we need more female cellists. We need more, you know, African American tuba players,” or whatever, whatever instrument it is that they were looking for.
And they found that even having the people… so what they would do is they would have the musician, walk on stage with their instrument, introduce themselves and then play a piece of music. And so what they did was they changed that, so then the people watching the audition, who were making the decisions would turn their backs. The person will walk on stage would introduce themselves and then play the piece of music. They were still picking more men than women. So then they dropped the Introduce yourself: you’d walk on stage, play a piece of music, and you’re done.
Then they found they were still hiring more men. Because what they noticed was they were hearing the click clack of the high heels and going, subconsciously going, “oh as a woman.” So what they did was: they’re still facing the wrong way, they have the curtain drawn, and they have the musicians come on barefoot, and play music. And they’re now iterating towards a 50/50 split of masculine presenting and feminine presenting musicians.
So just spitballing a potentially silly idea: maybe we should do tech based job interviews like that, right? You don’t have a camera - like in the world, we’re in where everyone’s remote - you don’t have a camera on, and you just talk about, like you both were saying there about, these are my lived experiences, these are my transferable skills. So then you don’t have that immediate hit of, “oh, well, this is a masculine person,” or, “this is a feminine person,” or, “this is a African American person,” or, " this is a person of Asian descent," or whatever, right? You, you get rid of those cognitive biases. Maybe that’s a good idea. I don’t know.
I’m not sure if that will get rid of cognitive biases, though. Because you’re still going to have inflection in voice, right, you’re still going to have… But I think the point you’re making is the idea of gender bias. Right? So when we and I, we’ve already touched on this a bit is that when we think of a woman, right, so, “oh, okay, so I think of a woman and the first thing that comes into mind, maybe,” and this isn’t me, this would be me talking for everyone else, maybe I’m not 100% sure. But a stereotype would be: children; empathy, you know, like, runs a household. It wouldn’t necessarily be a boss, and entrepreneur, right? You know, it could be a great decision maker, and an Olympic athlete, there’s an amazing sports person. Like, women are bigger than the stereotypes that are given to us. And this goes to your point where you’re asking, again, “what can I do?” it’s getting rid of these assumptions and these stereotypes. But it’s hard when that’s ingrained in you. Right, it’s ingrained, that a woman makes sandwiches, again, I make a horrible sandwich. Like, you do not want to have me as a housewife, because the house will be awful, and you won’t eat. You know, ultimately, that’s where it’s at that we need to find a way and maybe it is through education, you know, it is hard to change your way of thinking if you’ve necessarily thought that way for a long period. And when you had these nucular traditional families where this is how you’ve grown up, it’s hard to change that perspective. But there’s no reason that we can’t work around that and get through that.
There’s a lot of examples like that, you know, blind CVs - so no names on CVs - and how that makes a difference in the recruiting process. And if you think about it we’ve changed how women are perceived, and how women work over a very short period of time, if you think about it in terms of human history. And actually, we all have those biases, there’s a Harvard bias test that I’ve taken, I’m biased against women, according to that test, like that will probably surprise you. But if you then look at how I’ve grown up and the things that I’ve experienced through work, maybe it makes a little more sense. So actually, knowing that I have that bias is the thing that helps me keep the check on it. Because if I find myself thinking a certain way about somebody, I stop, and I just say, “alright, if this person was a man doing the same thing, how would I feel about them?” And if I think I would feel differently, I try and reassess. So I don’t know that you can get rid of your biases, I don’t think we can design processes that eliminate them. I think we have to own it as people to try and do the best that we can do. And to make those those changes.
It’s education, right? It’s education and personal change. It’s create goals for yourself and try to accomplish them.
I like that because like, that makes me happy because that means that whether it’s next year, whether it’s I would hope it’s sooner than 10 years, 15 years, 20 years, but this means to me that we can iterate towards a better world, right? Because in that “mythical perfect world”, right - I have to do the sort of bunny quotes or whatever around it. At the moment I have to do the bunny quotes around the word “perfect world”. Going back to Divya’s point of view about it’s about skills. All three of you have made the same point it’s about the skills it’s about the technique is about the the transferable experience, the diversity of thought was a wonderful phrase used by Karal believe.
If educate the current and next generation of people who are going to take these roles and and support everyone around them to go, “hey, you know, this idea of you know, of this particular vision of a person or other: through that out the window, because it’s got nothing to do with a reality,” then in my opinion we’ll iterate towards a much better place. We’ll iterate towards that point where we’ll be sitting in an interview and someone will come in, and we won’t see race; we won’t see gender; we won’t see any of the identities or anything like that. We’ll still see the person. But like, in our minds, we’ll be thinking, “right, okay, this person has come in answered the questions, they are perfect, through what they’ve said, through the way they’ve presented themselves to us. It’s got nothing to do with their identity, it’s got nothing to do with their background or anything where this person is perfect. It also happens to be that they are female, and a bunch of other things or attributes are brilliant, whatever, that didn’t matter. What mattered was, this person came in, answered all the questions provided us with some knowledge. And we’ve learned and moved on, right?” That’s where I want to be. And so if “all” - here come the bunny quotes again - if “all” that takes is, you know, I can go into a school and say," look, let’s talk about gender biases, I don’t want to talk about technology, let’s talk about gender biases," and do that education, rather than, “let’s talk about getting into the business.” I am more than happy to do it. But I have no knowledge of that. I’m not the expert here.
I think you do though, because didn’t you like, you’re already declaring and saying that, you recognize that you’re the norm, you’re recognizing that there’s too many of you. And I say that paraphrasing what you’re saying. There’s too many of you in the industry. That’s the start to where your goal is. Right. So ultimately, yeah, like you’re on the right path. Yeah, you’re getting there. But I think that yeah, talking about gender bias, and maybe there has to be a little bit more talk and discussion insecurity about this. I say this, because women, we’re entering the field, you’re not gonna stop us, right, no one’s gonna stop us, we’re coming home, we’re coming fast. And if we put our mind to it, we will rock anything we touch. Right. And this is why I love being a woman, I love it, I just I adore being who I am, what I am now. And there’s no stopping is just supporting. Right? So this is where it comes into that play of asking questions, you know, getting to know us as people, not just as a stereotype.
Jamie, I’m going to disagree with you a little bit like that perfect world. I think that’s like such a future state. And I think it’s a nice goal to have. But I think we’re very many years away from now, why I’m gonna disagree with you is: I think, we, when we say that that’s our goal, that gives people in excuse to say, “well, that’s how I do it. I don’t, you know, I don’t judge people on their race or their gender. So we’re in that perfect world.” And that means there would ignore some of their own biases, because they deny that they have them. And I’ve think it means they ignore the equity piece. Because actually, people, you know, that whole “I don’t see race thing,” is not what people are saying they want, you know, they say, “actually, I want you to see me as a black person, and I want you to recognize my experience is different. And then I want you to enable me to do my best at work around that.” So I think we’re far away from that. And I would have said the same thing a few years ago, but I’m really changing my opinion on what I think our goal state should be for the next few years.
I think that’s a good point. Because you can’t, my gender is female, you cannot see my gender. In fact, I want you to see my gender, like, that’s who I am. And, you know, it’s the same thing, Karla, you’re right with someone who, you know, is black. Well, you know, the color of their skin can be part of their culture, and their culture is important for who they are as a person. So why wouldn’t they want you to see that? That’s them as a whole that’s incredibly important to their identity. And to be very frank, I want to see that I want to know more about your culture. I want to learn more about your identity, your experiences, like tell me and tell me when I’m wrong. Let’s engage in conversation. And one thing that is missing, ultimately, is conversation.
Personally, my take on this is because it’s not just about industry, cybersecurity, and on our job. In day to day we face this issue. So my take on this is basically talk to people, try to get their perspective on things. And don’t make a perception for a person like based on where they are. Instead, just go and talk to them and try to understand their thoughts, and why dothey feel in that way? Maybe that might change things basically talk to people don’t make a judgement and perception and try to be at their place and try to understand their point.
Do you know what I love that I go that wrong. Because this means that I’ve learned something. Right? And that sounds really hand wavy and, “oh, look Jamie’s…” but I genuinely mean that. Right? It means that I’ve now started that journey of growing as a person and understanding a little bit better. So thank you all for that for for correcting me on that because I really appreciate that. It isn’t, like you say, it isn’t about, “don’t say this. Don’t do that.” It’s about accepting it, as you say, “Okay, cool. Yeah, talk to me.” I absolutely. Thank you very much for that. I really appreciate that.
So what I would say is right, we’ve only got about two or three minutes left in our allotted time of talking today. I was wondering if any of you have any top tips for people who want to get into the industry. And then perhaps, if you wanted to, if you have any links or socials to share, please make, you know, if we have time to share them. If we don’t just send them to me afterwards, after the recording, I’ll put them in the show notes. Anything we’ve talked about today, going in the shownotes. So does anyone have any top tips on how to get into the industry and all that kind of stuff.
So my main one is network. You know, there’s so many stats, and I won’t bore home with them. But when I was applying for jobs is is hard when you’re trying to get into the industry. So network and network in places where you are comfortable. So it might be like Ashley did with Twitter, it might be in person, go where you’re comfortable, and you can be at your best and try and add value in those interactions. If someone approaches me and says, “have you got a job?” I can’t really do very much with that. But if someone pokes me and says, “hey, would you spend 15 minutes to talk to me about getting into the industry?” Then I will absolutely do that. And then the flip side of that is if you are hiring, because we’ve talked a lot about diversity on this call, how diverse is your network? Because most jobs do go to your network. But if your network is made up of people that look like you, then you are not going to get a diverse team. So think about making sure that your own network as a hiring manager is diverse.
I agree. Actually, something really cool happened to me recently where I had a, like a goal inside me that I wanted to speak at an event; I wanted someone to ask me to do and it happened, where they were referred to me and now I’m speaking tomorrow at the open Security Summit.
Yeah, I’m actually speaking on this exact point of why you don’t need to be technical to get into security and going through my journey of not being technical, to networking and mentorship and transferable skills and confidence building
One tip I’m definitely going to give is imposter syndrome is real. Okay? So sometimes if you’re new to the industry, or maybe you just want to change careers in the industry, impostor syndrome 100% is real. But don’t let it bring you down. Yes, network, find mentors if you can. One thing that I did, and I’m still suffering from impostor syndrome, I still don’t know if I belong. Insecurity. You know, every day, I’m brought up with something acronym, I have no idea what it means. No idea. So I just Google it, but I don’t know everything. And that’s okay. All right. And I have to continuously remind myself, but when that comes, write your skills down, write what you’ve accomplished, how you’ve accomplished it, what are you good at? Look back at it, go to your mentors and make conversation with people on your team? Let them know how you’re feeling. You know, I think one thing that happens is women in tech, I would think, feel like, “if I show vulnerability, then it shows that ‘oh God, I don’t know what I’m talking about,’” or it’s a weakness because it’s a male dominated field. I have to be a certain way. But you don’t, you know, be authentically you. If this is how you feel it’s okay because your feelings are valid. Right and you’ll grow and you expand and ultimately keep conversations going; talk about it. And really just challenge yourself and you’ll be great.
Karla and Ashley already covered it: networking is very important. Basically go talk to people know about their experiences, and know what challenges and problems they faced and they are facing on a day to day basis. List on your strength and identify like, these are the strengths and these are the problems that people are facing. So how I am going to overcome these things. If I can do this. So it’s not like doubting yourself, but everyone has their own strength, interest and everything. So know about those and read about it. Because cybersecurity is a very technical field, you will need to be stay updated and read about things. On a day to day basis, there are new attacks, vulnerabilities, and basically new things coming up. So just read about it, talk to people. And I think that’s my tip.
Excellent. Thank you so much. Are there any socials or websites? You would all shout out? Or should I just collect those from you offline, and we can throw them into the show notes? Okay, sure. Yep. I’m also very, very aware that we’re running very short on the minutes during the day that we have for the recording. So I will say thank you all ever so much for taking this up. Because I say this after the end of every episode, but this one, I definitely learned a whole bunch of new stuff. And I’m gonna go and change the way that I see the world and hopefully make my corner of it a little bit better. That’s my goal. So thank you all. You’ve all helped me do that. So thank you very much.
Thank you before doing that
Thank you Jamie
Thank you very much.
That was a roundtable discussion with Ashley Burke, Karla Reffold, and Divya Mudgal about getting into the cybersecurity industry. Be sure to check out the show notes for a bunch of links to some of the stuff that we covered, and full transcription of the interview. The show notes, as always, can be found at dotnetcore.show, and there will be a link directly to them in your podcatcher.
And don’t forget to spread the word, leave a rating or review on your podcatcher of choice - head over to dotnetcore.show/review for ways to do that - reach out via out contact page, and to come back next time for more .NET goodness.
Remember: I’d love to hear your key takeaways from this episode, so do get in touch.
I will see you again real soon. See you later folks.