Working in cybersecurity provides many exciting challenges
By Anna Chung, Principal Researcher, Global Threat Intelligence Team, Palo Alto Networks
Anna Chung is on the Unit 42 team at Palo Alto Networks and shares her advice for women looking to get involved in the technology and cyber industries. Anna's work sees her understanding the cyberthreat landscape to provide intelligence assessments that help customers prioritise actions, time and resources.
Tracking latest threats and attacks
As a threat hunter and dark web expert, I typically spend my day researching new malicious tools, tactics and procedures discovered by the global security community. Part of my job is to track the latest threats and attacks, but also to understand cybercriminals’ motivations and methods to then help organisations be better protected and prepared. I use both internal and external tools to monitor cyberthreats, and then transform the raw materials into actionable threat intelligence. The final research results are delivered through the Palo Alto Networks Unit 42 blog, and feed into our products, as well as community sharing programmes. I am passionate about threat hunting and feel fortunate that my research allows me to explore various facets of the dark web, and ultimately share my key findings with individuals and organisations to make the Internet a safer environment.
One example of what I’ve been working on recently is researching the topic of QR code security. We’re seeing many more of these used during the pandemic by shops, gyms, and restaurants, for example, so I’ve been looking into how cyber-attackers are devising ways to use these codes to steal personal information. QR code technology is safe in itself, but as reliance on it grows, cybercriminals are taking note. I’ve observed cybercriminals in underground online forums discussing ways to abuse QR codes and target the everyday consumer.
I have also written reports about how Internet of Things devices like smart surveillance cameras or even medical canners can be vulnerable to attack. As an advocate for cybersecurity, I regularly talk to the media across Europe about the latest threats and how to protect our society and economy.
Starting a career in cybersecurity
My advice for women looking to start a career in cybersecurity is don’t be put off by the scientific image sometimes presented. When many people hear the term cybersecurity they think it is about mathematics, coding and engineering. This can create for some an assumption that there’s a high barrier to entry.
I have a confession. My mathematics was terrible in high school and in the national entrance exam I received a score of 50 out of 100, leaving me feeling inadequate. However, I still found a career path in the information security industry.
Cybersecurity sector is a growing arena
Cybersecurity is such a young industry and full of potential that it doesn’t just need people who are maths, engineering and coding; the job demands a much more robust and diverse skill set. Some key skills sets and areas of interest include threat actor profiling, underground economics, reverse engineering, incident response, digital forensic, statistics, malware analysis, artificial intelligence, data mining, privacy and legal framework and cyber behaviour analysis. If you are interested in any of these subjects, I recommend taking online training or attending local industry meetups to learn more about cybersecurity. You might gain not only a job offer, but an opportunity to redefine a future career path for someone else also.
My own route into cybersecurity started with my background in international affairs and the parallels between international cooperation for peace and prosperity; and for understanding and preventing cyber-attacks through research and communication.
I see a career in cybersecurity as developing an appreciation of a niche combination of technical abuse and malicious human behaviours. This demands a very wide range of skills and knowledge. Beyond combining those two practices, cybersecurity is about learning to harness these skills for good purposes. As a result, my cybersecurity career spans both fraud in financial technology fields and network security. While there are a lot of similarities, overall, they are fundamentally different and the solutions and strategies are quite diverse.
Challenge yourself and pick your challenges
When I mentor women who want to enter this industry or further their cybersecurity career, I utilise these experiences, insights, and professional networks to help them best navigate where they are in their career progression and what they need to do next to realise their dreams, goals and to reach their desired next step.
Knowing that, I see one of the main coaching goals as encouraging young women to respect all elements in the industry to better understand their own strengths and limitations, because we all have our own unique attributes as individuals.
At the end of the day, it’s important to remember to challenge yourself and pick your challenges. We all want to see our workplaces and society as a whole continue to improve diversity and inclusion, but these improvements won’t happen if we don’t actively pursue it. It’s so important to make time to engage with
others, ask questions, learn and celebrate diversity. Opening yourself up and taking action is the first step in making yourself part of the changes you want to see in the world.
There’s no predetermined path you have to follow or one ‘right way’ of getting there. Pick the challenges that interest you, rather than those that are imposed on you. And always remember to take time out to be kind to yourself.