I later realized my passion for Information Security and took it very seriously to build my professional career.
1. Tell us about your background and journey?
My introduction to the whole new dimension of computers happened during the 11th standard in school. Thereafter in college it added much to my fascination as to how the world revolved around algorithms and logic.
That’s where I can say without batting an eyelid that the most beautiful journey of my life began. But that was not it, the next struggle involved convincing my parents to allow me to follow my dreams by moving out of my place for further education.
Needless to say, it did take some persuasion but in the end they agreed. Like everyone else, I too had my own share of struggles but in the process, I learnt how to survive and stand strong with my head held high.
2. When did you thought to move to Cybersecurity as your career?
Talking about my movement to cybersecurity was a serendipity. As I happened to be in my first job, when I was asked to work in this domain, I later realized my passion for Information Security and took it very seriously to build my professional career.
3. What are the struggles you have faced while starting your career in Cybersecurity?
My first project was at a Security Operation Center where I was supposed to do the 24*7 shifts. At multiple places night shifts were avoided by girls for various reasons. In my company they had no choice but to keep me on night shift as the client wanted interaction with SME all the time and I became the vulnerability management lead in a short space of time.
There I gained a lot of interaction with clients, managing the whole vulnerability management program, being part of PCI Audits; but the most important bargain was I got weekends off as did all my friends. Night shift was not at all bad; for example, a security guard was present during the shift hours 8pm to 7am.
This became legal policy for some organizations as up to then it had been extremely uncommon for a woman to be on a night shift. For additional safety reasons the guard also escorted the woman from home to the office and vice versa.
In my second job, I was asked to perform application security penetration testing which at that time was most definitely not my cup of tea. For a moment, I was scared and nervous but gathered myself and went ahead to explore a whole new different, yet interesting horizon, which paved my way to a gargantuan number of opportunities.
The learning curve grew on and on from SOC to application security, mobile application security, cloud security to the most recent, DevOps with Security. My path wasn’t a bed of roses, but those hiccups made me the person I am today and what I had learned and could share.
4. How did you balance your personal and professional life?
Another big challenge is the inherent bias against women. While I was pregnant, I was worried about my work and other things at the professional front instead of enjoying the pregnancy.
In my case questions used to creep-in whether I will be going back to work post pregnancy or what will happen next? A similar situation could happen if someone is going to take a sabbatical or time off to follow their passion or things they like. In the rat race, we end up not doing what we want, not taking time off and tend to put down things that we like to do. All is not lost. I came back from maternity stronger than ever.
In the first quarter after my return my dedication and support for the implementation projects led to a promotion; an amazing surprise to me! I had conquered my own fears. The only thing to is to deal with bias and try to understand and experience its existence. The crux to learning is the need to be self-motivated and overcome the stumbling blocks life bestows on us.
While I am aware that is easier said than done a positive intent and unwavering determination proves everything is possible. My graph didn’t go down after maternity which is the most mythical belief for a working woman prevailing since eternity.
Thus, I chose to believe and face my fears unapologetically rather than complain. Those experiences are the tipping point of one's life, either making or breaking your vibe and enthusiasm.
5. What are the changes you find in the mindset of people over the years?
Over the years, the mindset of everyone around the Information Security strata has torrentially evolved. Initially there wasn’t much involvement and exposure for women in those domains but over time their numbers have begun to increase. The turning point in my career arrived after I joined the cybersecurity communities like null, OWASP, and InfosecGirls.
Those communities introduced me to the broader security domain and its experts. I did my first public speaking at OWASP/null Bangalore. I was incredibly nervous but everyone in the community was supportive giving me the confidence and trust to speak more and more.
However, When I started my community journey there were fewer women in cybersecurity. One reason could be that it’s a niche skill, another is the culture. Sometimes when we see people who we don’t know, we feel out of place and can be difficult to be part of it.
The Infosec girls had the idea of giving a safe space to women where they can begin getting interested in information security. The next point was given that there were few existing women, how do we increase the number? We started by approaching and connecting with people who didn’t have exposure to the communities.
6. What were the steps you took to inspire others from your work?
We began converting inactive people to active ones. We approached college students to give them opportunities before leaving college.
Example initiatives under the wings of infosecGirls included training college grads, conducting weekly sessions, having chapters in various Indian and YouTube channel. Training has always been a passion of mine; I got to train women at multiple conferences.
All the training I provide is free of charge in order to attract more people from diverse backgrounds to the cybersecurity industry. To date I have trained over 3,500 students and professionals. I had to write a two-page email to justify and explain why I wanted to offer free rather than paid training.
The explanatory email chain went on for 67 threads and made me realize how many people support and understand the value of making a change. I have also been a speaker at multiple global conferences and am looking forward to many more.
7. What were your projects in recent years?
Here is the glimpse of some of the work that I have done so far: -
I attended the Indian security conference i.e. nullcon Goa in 2015 where I participated in the Winja- CTF and won first prize for solving maximum security challenges in a given amount of time. That was a showstopping moment for me, a breathtaking feeling. There was to be no looking back from then on.
Kids Village at c0c0n 2017 (Kerala)
We organized the Kids village at the conference as an initiative to create awareness of technology and cyber security among teachers, parents, and children. We took the hardware from Bangalore to Kerala to show the kids different parts. We taught them Scratch and Python, soldering and how to fly a drone. It was a surreal experience to be part of kids’ lives and I’ve recently launched InfosecKids to educate them on cybersecurity aspects and their parents on how to deal with cyber issues.
As part of the #wise (Women in Security and Excellence) at IBM Bangalore, an #IBMCyberDay4Girls took place in Bangalore and Delhi in December 2018. At the Bangalore event, attended by 30-40 middle school girls from 5th to 8th grade local Government school I was part of the panel discussion on cybersecurity.
I am also the Branding and Communication Leader for IBM’s Community for Women in Security (WISE.) IBM WISE India chapter conducted a Hackathon competition (IBM WISE-She TF challenge) in connection with the IBM Security Summit (originally planned on 19th March) for girl students from some of the renowned Indian colleges. Together with the other leaders I successfully conducted the event, which was much appreciated by the Global Leaders at IBM
Training for Diversity and Inclusion (October 2018) – The first time I provided free training to some 35 participants in training at an OWASP AppSec conferences.
That was a wonderful experience in training candidates, answering their queries, and learning their challenges.
Post AppSec USA, I got the opportunity to train and be part of the Crew for AppSec California (January 2019) – 25 member class.
Amazing organisers, place, and the venue. Everyone has a place in this amazing InfoSec industry, and I am trying to build my own.
I was asked to train over 50 students at St. Cloud University, Minnesota in January 2019 in web application pentesting which was really liked by the student and I received a letter of appreciation from the university’s Head, Cybersecurity Department.
The following month I got the opportunity to Train Virtually over 50 students at Cairo University, Egypt preparing them for upcoming Capture the Flag (CTF) events.
Whilst being part of the AppSec community with its own amazing experiences, I had never previously attended a developer conference when I got the chance to speak at Rootconf. The interaction with the team, speakers and the participants was amazing; there was much to learn from the developer community and understand the challenges they faced and the solutions they have. It made me more connected with the developer world, when I talk a lot about DevOps and Security.
Learning and sharing knowledge is a wonderful thing, but how about doing it on a larger scale? In March we organized an OWASP event in Goa named OWASP SeaSides for the first time with the clear objective to spread knowledge as much as possible via free cyber security education to students and professionals.
I was then a trainer at Global AppSec Tel Aviv (May 2019); an amazing experience where over 90 candidates registered for the training.
It was a dream come true for me when my talk was selected at DEFCON (AppSec Village) in August 2019, and I got the opportunity to take part in this amazing conference on DevOps with Security and Culture Change in organizations https://www.appsecvillage.com/agenda#h.p_HQ3fM1QEzdVW
Speaker at Diana Initiative (August 2019) – A conference in Las Vegas driven by women with volunteers and speakers supporting diversity and inclusion.
Industry has given me rewards for the work that I have undertaken:
- Cybersecurity Woman of the year award by Women Cyberjutsu Society - category “Secure Coder”
- Appreciation Letter from Head of the Cyber Security Department, St. Cloud University, Minnesota
- Top #5 Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019:
- One of the top women leaders in the field of technology and cybersecurity in India
Paper Review Committee for the conferences: -
- OWASP AppSec Europe 2018
- Global AppSec Tel Aviv
- Grace Hopper USA 2019 (Security/Privacy Review Track)
- Grace Hopper India 2019 (Security/Privacy Review Track)
- BSides Ahmedabad
On 11 September, I had an unexpected but brilliant opportunity to give the Keynote speech at OWASP Global AppSec DC. A truly special and memorable day for me - https://dc.globalappsec.org/ Over the years, as a result of experience and a little bit of self-discipline, I have learned to prioritize things and manage my time well. We all have 24 hours in our day but making the most of it is all about mindset and choices. Community work brings me peace.
To be able to contribute to the community has given me an ocean of opportunities to bask in that satiates my conscience. I feel a sense of belonging within these community involvements.
When I look back, I find myself fortunate to be in the hot space of technology. I loved the way technology was shaping up in the lives of the internet boom. The Best thing I have achieved being in this field is the community. The people here are so collaborative and supportive I can vouch no other industry has such amazing folks. I have been globe-trotting for conferences.
People from different backgrounds often ask me on how to join the cybersecurity domain. The simple answer is “Anyone who has a curiosity towards every aspect of technology is probably the most suited person. You need to build on that curiosity and spend a lot of time understanding the working of these technologies. An information security expert should always be eager and enthusiastic towards learning”.
The Information Security domain can be glamorous yet tiring at times. The key to focus constantly on how security can be improved by learning and applying the necessary skills. Everything else, such as career advancement will fall into place. One should always consider giving something back to the community by way of teaching and writing blogs for example. There are some wonderful free and open communities in India such as null community, OWASP chapters, etc. where you can participate. Trust me, it does help to enhance and polish your own capabilities rather than anyone else’s when the intent is unadulterated; the knowledge will always be enlightening and works as mutual learning between the giver and the taker.
In the end no one remembers what your package was but people who even had accepted 1% of your knowledge will remember you for what you gave back to the community. Your glory will follow thereafter.
- Vandana Verma Sehgal
- Interviewed By Kusum Jha
.JPG)
.jpeg)
){kind=link}
0 Comments