Cybersecurity professionals need to shoot for the stars and overcome self-confidence issues to progress in their careers. That was the message of an illuminating keynote address by Alyssa Miller, business information security officer, SMP Global, while giving the keynote address at the Infosecurity Magazine Autumn Online Summit - North America 2021.
Miller began by describing her own career to date, and how she reached the heights of business information security officer at SMP Global, where she leads the cybersecurity strategy for a $4bn a year division.
Her career in information security began at 19 as a programmer at a fintech firm, while she was still studying computer science at university. She stayed at the firm for almost nine years, holding a range of high-profile positions.
At 28, Miller was approached to become a penetration tester; while she was concerned she had no prior knowledge of penetration testing, she was assured she would be able to figure it out. This leap worked, as by the age of 31 Miller was leading a team alongside the entire testing and vulnerability management program for a 35,000 employee company. Despite these achievements, Miller continued to consider her progression as mainly luck. “I never really considered how impressive some of that was,” she explained.
Four years later, at the age of 35, Miller entered the world of consultancy in an application security practice. As the least profitable practice at the consultancy, she was tasked with building a team from the ground up and alongside colleagues, made that team the most profitable in the entire practice, achieving revenue growth of 400%. However, “I never really gave myself a lot of credit for that,” she reflected.
Following a merger, Miller became head of a program services practice of a new consulting services firm at the age of 37, where she worked with high-ranking security leaders like CIOs and CISOs in major global organizations. Again, Miller largely put this down to “serendipity.”
Then, a setback occurred at the age of 41 while working for a security consulting organization as part of a larger security practice at a reseller. She was passed over for promotion to director despite being the pick of the previous director. “It really harmed my self-confidence. I felt like I’d shot too high, maybe I wasn’t ready for that high level of a role,” she outlined.
This led her to re-evaluating her goal of progressing in high-level security positions, and she moved into a 'contributor' role, focusing on public speaking and advocacy work.
Her perspective changed when she was approached by one of the three big social media companies, who asked if she’d like to be considered for an executive position. While nobody was ultimately hired for that role, just being considered “forced me to go back and look at everything I’d done and ask 'why did they choose me?'” This made her analyze the extent of her achievements “and it really built up my self-confidence.”
“This is a chance now to do all those things I’ve been working towards all my life — what an exciting position to be in”Alyssa Miller
This new found confidence took Miller to her current high-profile position, as BISO for SMP Global. “This is a chance now to do all those things I’ve been working towards all my life — what an exciting position to be in,” she said, adding: “I’d never have gotten here if I’d been afraid to take that leap, if I’d let that damage to my self-confidence hold me back.”
Miller believes that getting over self-confidence issues is therefore key to progressing security careers, especially for women, who she believes continue to experience numerous disadvantages in the workplace. This includes being expected to give up their careers for their families.
With this in mind, Miller gave the following advice to those keen to develop in their careers:
- Overcome “imposter syndrome” — the fear of being 'found out' in a role is “universally experienced,” particularly in tech. Therefore, it is worth remembering that there is a wide domain of cybersecurity knowledge that is around, meaning each person brings their own unique diverse perspective to the table. “Nobody knows it all,” Miller pointed out.
- Look at job descriptions differently — Miller said that in cyber, many job descriptions “stink,” setting out experiences, requirements and responsibilities that are simply unrealistic. She gave one example of a job description that required 10 years of experience of Kubernetes, even though it has only existed for six. However, she advised potential candidates to not be put off “as no-one can check off all those boxes,” and instead look at the high level job description and ask themselves “is this something you can do or something you can learn to do?”
- Know your worth — Potential employers should never ask you what your current salary is, and if they do, you should turn the question round and tell them what you expect to be paid or even what they expect to pay someone to do that job, Miller advised. She added that you can look on sites like LinkedIn and Glassdoor to give yourself a better idea of what kind of salary you should be earning for the position you are applying for. This way, you can ensure you will be paid what you are worth to that organization.
- Get a mentor — Miller also advised people to get a mentor to help guide them on their career journey. Rather than focusing on learning job skills, the mentor “should be sharing their journey, and be that person to help [with] situations you’re experiencing that you need help understanding or navigating.” This relationship is best forged “organically” via people met at work or at conferences.
- See denials differently — People need to ensure they do not lose confidence if they are not offered a job after attending an interview, said Miller. The decision is never a personal one, and it might just be that “there was something about that role that wasn’t right for you.” She added that it is always worth asking for feedback from the hiring manager about what they could have done differently with their resume or during the interview. “You can use these denials as an opportunity to grow and learn, to understand how a certain position might not be the right fit for you.”
- Negotiate the job offer — It is also important to understand that any job offer you do receive is negotiable, and don’t be afraid the company will rescind the offer if you do try and negotiate the terms of the deal. This is something that recruiters expect, noted Miller. This negotiation doesn’t just have to revolve around salary either, and can include aspects like bonuses and annual leave. “Always be willing ask, don’t be afraid,” she said.
Miller concluded by saying: “Shoot for those heights – just because you shoot high doesn’t mean that you have a chance of falling.”