CyberWire Daily - Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Episode Date: June 27, 2021Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Ma...ria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Maria Thompson- information systems management, so I went
to college and I studied information systems management at the University of Maryland,
University College. When I was growing up
we didn't really have computers in my home but you know it was something that
seemed interesting to me and because I didn't have a computer I felt oh this is
interesting and I want to learn more about it so when I had the opportunity
to go to college I figured it would be something that I definitely wanted to
look into.
I can certainly say there were a lot of challenges because when I first decided I wanted to study
computers, I thought, oh, I'm going to study computer science.
And so not knowing that, you know, with computer science,
there's a lot of math and math was not my strong suit. Although I wasn't really strong in math,
I still wanted to study computers and I wanted to be involved in that type of work. And that's how
I ended up with information systems management because I didn't have to have a whole lot of math.
systems management because I didn't have to have a whole lot of math. I would have to say that I was a bit of a rarity in there because even after I finished college and I started working,
it was the same situation. I don't recall a lot of women being in my classes.
Once I finished college, I was like most people finish college. They don't really know what to do.
And so I had an opportunity to work in government.
I ended up taking a job at the help desk level for one of the federal agencies.
at the help desk level for one of the federal agencies.
And so a big part of my career was spent working in federal agencies around technology.
The federal government had a series of opportunities,
but as a contractor, not a federal employee.
And so I did contracting work in technology for a number of years,
and then I ended up jumping out into private industry.
From help desk, I worked my way up to become a sysadmin. I suddenly was put into an environment
that was Unix and Linux. And so that's how I moved from Windows system admin to being on the Unix
Linux side, which was really exciting by the way,
because it was a challenge
and it was something I had never done.
And who knew that it would be something
that would totally change everything for me.
But it really did because it opened up
a lot of other opportunities after that.
I focused a lot around security and I was advocating for security best practices and for security tools and just processes. And so with that, it just really
changed the whole focus of my mindset. And with that change became, you know,
the desire to want to do more of that type of work.
It led me into looking for companies that focused on security.
And so that's how I jumped from being a sysadmin,
focusing on Linux at that time,
to becoming a full-fledged security professional.
There were definitely doubts along the way because there were many times when I was advocating.
In one position I had, I was advocating for security very hard, but it was just very challenging and very difficult for senior management to even view me as a security professional.
And it just got to the point where I was trying to do everything I could to be seen as that type of person and to be given a role around security. But it just never really happened.
There were promises, but they never came to fruition. And so I had to take it in my own hands to go out and figure out what it would
take for a company, a manager, or someone to see me as a security professional and not just a sysadmin.
And so that's what I did. I decided to go after the CISSP.
But before I did that, I went after the CISA.
So I decided that in order for a company to take me serious,
maybe it would be best if I had a license that showed that I had the basic level of knowledge
to be able to function in that role.
After trying so hard at one particular company and it just wasn't happening, I felt that the only way it could happen is if I switch companies.
And so that's exactly what I did.
And so that's exactly what I did.
At Illumio, I am responsible for helping to build and maintain customer trust around the Illumio core and edge micro segmentation platform.
I'm responsible for ensuring that the controls that Illumio has around the platforms related to SOC 2 continue to operate effectively.
The way I like to work is to collaborate with people. I may not have all the answers,
but I rely on the people who do have the answers. So my style is to rely on the people who know more than I do to help me understand where I have my own gaps.
I do to help me understand where I have my own gaps.
The biggest thing, had I known about this world of cybersecurity, I would say go right into that.
I mean, focus on security.
Make sure you get the proper education.
I would, if I could go back and do it all over again, I would study cybersecurity. I would focus on security and compliance. And then I would tell myself, you know,
make sure you understand the proper threats. You understand how to remediate those threats
and that you understand how you can help companies avoid those threats.
I also tell myself to have a clearly defined roadmap.
I mean, for me, I feel like some things happen organically because I had to go down one path and then change based on maybe a roadblock and then go down another path.
Be flexible.
I think that's what I would tell myself.
Just be flexible.
Be able to change when you need to change. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly
what's been done. Take control of your data and keep your private life private by signing up for
Delete.me. Now at a special discount for our listeners. Today, get 20% off your Delete.me plan
when you go to joindeleteme.com slash N2K and use promo code n2k at checkout. The only way to get 20% off
is to go to joindeleteme.com slash n2k and enter code n2k at checkout.
That's joindeleteme.com slash n2k code n2k.