Build a career in cybersecurity: tips, tricks… and traps

Build a career in cybersecurity: tips, tricks and traps

On 19 Feb 2021, I spoke about how to build a career in cybersecurity at the Women4Cyber Masterclass with a Role Model. Happening every month, the Masterclass aims to highlight the achievements and expertise of women who shape cybersecurity in the EU today. Women4Cyber is a non-profit European private foundation with the objective to promote, encourage and support the participation of women in the field of cybersecurity. The strategic objectives and actions of the Foundation are supported by the Women4Cyber Council, an ad hoc advisory body, of which I am a proud member.

Yes, girls outperform boys at school. Yes, women managers outperform their men counterparts at work. Watt zillion initiatives exist to encourage more entry-level diversity. But how many initiatives exist to tackle the leaky pipeline?

So, is there a perfect profile to build a career in cybersecurity? Or is it more of a perfect combination of skills? How, as a woman, do we tackle ambition? Let’s talk about navigating those avenues because helping other women move forward with their career is good business.

The effort is there, but why doesn’t it transform into fast change? Cultural change for gender equality requires system change. It is not just about women “leaning in”. It is also about men reaching out and stepping aside. You can invite a diverse crowd to a party; but then, you also need to invite them to dance.

You can watch the recording with the Q&A session by clicking the “Play” button.

A summary of the discussion and the recording are also available over at the Women4Cyber Foundation website. Below are the full notes of what I discussed along with additional notes we didn’t address. Hope that helps!

🎧 Listen to this post!

Continue reading

Commuting is taking a toll on ya? Podcasts are the solution

Here is the ultimate podcast list for infosec and data protection. Enjoy!

The other day, I was participating in an after-work panel centring on the professional opportunities cybersecurity at large presents. The discussion primarily focused on drawing in women to the field as a way to diversify and enrich the talent pool. Yet, few of us insisted on focusing on diversity, be it gender, social, etc.

Amongst the main questions was: how do I get into the field? Trying to provide sound advice on that made me realise we have a handful of resources to building up new and/or extra skills within the realm. However, starting off if you are, say, a developer or a legal person may turn bumpy and challenging.

Continue reading

Comment ne pas écrire un guide de cybersécurité pour les dirigeants


J’ai lu le Guide de cybersécurité pour les dirigeants pour pas que vous ayez à le faire. Ou comment perdre une bonne occasion de sensibiliser…

Challenges et Eyrolles publient, le 23 février, un guide intitulé “L’essentiel de la sécurité numérique pour les dirigeants”. L’ouvrage est présenté comme “[l]e mode d’emploi facile d’accès pour être à jour et mieux éclairé face au nouveau risque numérique”. L’idée est excellente : il faut sensibiliser toujours davantage aux risques numériques, les personnes qui ont en charge la prise de décision. Ces derniers sont nombreux et de nature très variable. C’est encourageant de voir qu’enfin la gestion des risques rencontre le volet numérique.

Enfin, c’est ce que j’ai pensé… jusqu’au moment où j’ai commencé à lire. Déjà, pour l’obtenir, c’était un peu délicat : la personne qui me l’a envoyé en première disait que ça m’épargne la création d’un compte pour le télécharger chez Eyrolles où la navigation n’est pas en HTTPS, où il n’y a pas de TLS pour SMTP et où les machines ne sont pas à l’heure. Que doit-on conclure quant à l’importance de la sécurité de ses visiteurs dans ces conditions ? (C’est une question rhétorique.)

Continue reading