CyberWire Daily - Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]
Episode Date: September 19, 2021Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecu...rity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times. She's been fortunate to have been able to stand up for others and has had others support her. She said that is very motivating and has allowed her to really explore every possible thing in her career that she can contribute without limiting herself to a certain role. We thank Limor for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Lamora Kesem, and I'm an executive security advisor at IBM Security.
When I was a young girl, you know, like a lot of us as children, we wanted to be a doctor and we wanted to be a firefighter.
We wanted to, you know, have these core professions where I think what ruled everything that we talked about as children. So I definitely wanted to be a doctor or a teacher.
I did study microbiology and then I went into naturopathic medicine.
I ended up really liking that and
studying that. But lo and behold, that's not what I do today.
I started my cybersecurity career by what I call pure chance, but I don't want to make anyone think
that they just need to get lucky to get into cybersecurity or to any other domain that they end up really loving.
So I think that opportunity has to be met with something on the other side.
And time and again, I saw others that joined by chance into cybersecurity, but they brought skills with them to the table.
They brought passion, investment, discipline, perseverance.
Those are some of the things that I started out with.
And they characterized my first job in cybersecurity and also aligned with everything that I've been doing since then.
The first job that I got was in a large security research lab.
And it was a fascinating place and a pivotal time also in cybersecurity to get in and learn the ropes.
And my first encounter was with Threat Intelligence. and a pivotal time also in cybersecurity to get in and learn the ropes.
And my first encounter was with Threat Intelligence.
And I worked with a lot of information that was gleaned from the underground communities.
Then came the malware analysis, the cybercrime economy that evolved into what we now see, you know, as the big ransomware gangs and all these,
the big money that we see going into the black market of cybercrime.
It was like opening your eyes in a whole new way and seeing a new world.
That's how I started out.
I ended up at IBM because I started working with researchers that I worked with before.
So a lot of times when you end up on a team that you really enjoy,
that team moves on and they bring in people from different parts of the teams later on.
And it was one of those things where I was asked to come on board.
But it was also the right time for IBM and the right time for what they were trying to do.
On my day-to-day, it can feel a lot like being in university.
There is constant learning, there's staying up to date, there's reading and writing,
there's an ongoing knowledge share that is the core of what security advisors do.
There's also a lot of action.
Sometimes it could be emerging attacks that make my life look more like I'm a journalist.
Then there's core security stuff that brings things down to the domain of risk management,
where I think everything kind of comes together.
There's a concept of innovation that is a guiding principle that we have to recognize.
We see bad guys all over the place innovating, using stuff, progressing.
They try new tools before legitimate customers ever do.
So they use new tech against our old tech and they're kicking our behinds.
So I think there's a lot to be said here also for, you know, we tighten our core security and at the same time we allow innovation to help us move forward with the times.
I think as a woman in cybersecurity, I've either experienced firsthand or seen things happen to and with women.
From gatekeeping to gaslighting to harassment, bullying, everything. It runs the gamut. And I've been through some of these things.
And what I found to be the most important throughout these adversities
is to be an upstander and to stand up for others
and then be fortunate enough to have others stand up for you.
I found that it was a sure way to really influence culture
more than having programs that try to fix the culture. It's more of a lived
experience. Because I am an advisor, I am always more of an independent person within the overall
team. I work a lot with customers. I work a lot with our research teams. I always try to mentor
others. I really work across every different part of the organization, which I find is really
invigorating. It's called matrix management. It means you're not really managing anyone per se,
but you're really managing a lot of things all at the same time with different people.
managing a lot of things all at the same time with different people.
I had mentors that kind of came into the picture when I needed it the most, but had no idea that I did.
It was more people who believed in me that thought that, yes, you'd be great on a stage. You should go up there and speak about the stuff that you do when I totally did not even think that was an option.
and speak about the stuff that you do,
when I totally did not even think that was an option.
And that is so motivating and has allowed me in my career to really explore every possible thing I can contribute
without limiting myself to a certain role.
And I think I was extremely fortunate in that way.
What I would suggest to people coming into the field,
whether they're women or otherwise,
because we need more of everything.
The cybersecurity job market has grown by about 350%
in the last eight years alone.
So we have over 3 million jobs to fill right now.
So we need more women.
We need more ethnic diversity.
We need more neurodiversity.
We need more men.
So anybody coming into this field, what I would say is you
have to come with an open mind, but you have to know what you want to be, not what you want to do.
The second thing is, you know, understand there's going to be a major learning curve
and that's going to require a lot of investment. And there's no way to really go around that.
going to require a lot of investment. And there's no way to really go around that.
I would hope that all this information that's out there helps others make better decisions about security, helps them better secure their companies, their families. Things like that
would be, I think, worthwhile for me. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.