Editor’s note: #WeCyberToo Talent Spotlights cover women of color in cyber so our daughters can see women who look like them thriving in the field.
Meet our new #WeCyberToo Talent Spotlight: Quiessence Phillips, VP, Cyber Security Operations-Incident Response.
She holds GIAC’s Reverse Engineering Malware, Forensic Analyst, Incident Handler, and Security Essentials certifications. She’s currently pursuing the GIAC Web App PEN Tester.
How did you end up in cyber security?
As a Computer Science major and working with Network Solutions Engineers at my university, I found myself spending an ample amount of time on root cause analysis. I’ve always been at the intersection of development and investigation – even before I knew InfoSec was a thing.
As Information Security began to gain traction, my school added a module (3 classes) to the curriculum. I quickly registered and stayed in school an extra semester complete.
I landed an internship with the Federal Reserve Bank of NY on the National Incident Response Team, based on the various projects and Information Security related models that I built in that last semester. This is why projects are paramount to showing your knowledge within technology.
What is the most difficult challenge you have faced as a woman in a male dominated field?
The most difficult challenge many women in male dominated industries face is getting out of our own way. This was definitely a challenge for me, and one that continue to try to creep up from time to time.
Whether you refer to this as imposter syndrome or just feeling like you don’t fit in or not worthy; guess what? Most of it is in your head.
There are definitely struggles within the industry that we face, due to the lack women contributions to the culture, but that is a multi-page discussion in itself.
How did you overcome said challenge?
I overcame this by looking inwardly and owning my responsibility in it. I realized if I wanted a certain result, I needed to take the appropriate actions. For example, if I was upset that my ideas weren’t being heard, then I needed to speak up, set the strategy and move quickly with regards to execution.
A reader of Danyetta’s profile suggested asking future interviewees to share failures because those have a bigger impact than just feel good stories. Do you have a failure that you would like to share?
Failure is always an interesting topic. Even amidst a moment where I feels like I failed, I still see it as growth and an opportunity to win, if I’m able to pull some gems out of it.
I personally see several points in my career where I wish I would have done things differently, and they were all attributed to a specific root cause.
I was spreading myself too thin. I couldn’t allocate the necessary time and focus to a particular project because I was trying to give an inadequate amount to many.
How did you turn that failure into an opportunity?
The resolution to this was simple – learn to say no!
I’m one person and while I do superhero type stuff, I don’t quite possess those powers. I had to set boundaries and people adapted.
It was easier than I thought it would be. People respected my decisions and a load was lifted. I gained more satisfaction from completing amazing projects with quantified metrics and moving on to the next one, versus trying to manage more than was sanely possible.
What advice would you give someone looking to enter the information security field?
For those looking to enter in the field of Information Security, I would say, “get your hands dirty”. Pick an area of interest and jump feet first into a project. You’ll learn so much. For more advice, please read my article, here or here.
What formal education, skillsets, and/certifications do you recommend that people start with to stand out among other candidates in the cyber security field?
Can you give a brief “day in the life of” description of your role to help women that are coming into the field behind you understand what that kind of work entails?
A day in the life for me varies greatly. Being that I work within Incident Response, as the title states, we are often responding to incidents of varying degrees and natures.
For example, an incident can consist of lot of analysis (network, host based, malware), working with other teams to contain, mitigate and close an incident.
However, what is constant is the leadership of my team in the US. We focus on preventative work – such as, increasing the resiliency of certain technologies and applications, relationship building, improving our processes, etc.
Are you planning on pursuing your CISSP? Why or why not?
I don’t hold a CISSP, nor am I looking to attain one 🙂
I’m not against any other certificate authority (e.g. ISC2, CompTIA). I don’t think there is one straight answer for anyone, as our careers and aspirations will vary.
However, I chose to invest my time into several SANS courses and accompanying GIAC certifications, due to the week long in-person and hands-on training involved.
This allows participants to remove themselves from work and every day life to focus on new theoretical concepts and practical training. Many of the courses are also taught by industry leaders that have done amazing work, which speaks volumes to me, personally.
The individual training courses are for the most part, specific to a discipline (e.g. Forensic Analysis, Reverse Engineering, Penetration Testing).
Many of the conferences include Capture the Flag (CTF) competitions and SANS@Night, which are basically bonus sessions after class on various topics throughout the field.
As you mentioned, SANS does offer a scholarship program for women, which is a great opportunity to reduce overall associated costs.
What project(s) are you most proud of?
I’m most proud projects that are fulfilling and impactful. With regards to project at my day job, without getting into specifics, I was able to drastically decrease the number of malicious attempts penetrating our borders. The benefits of this effort span across technical capabilities, regulatory issues and resource constraints.
With regards to projects in my free time, I’ve done tons of non-profit work in the tech and diversity space and co-founded an organization, JOURNi, where we are building an inclusive tech ecosystem in Detroit.
I’m also proud of the work I’m spearheading with Securing Your Path – check it out, if you are interested in joining a community of women in InfoSec.
Thank you so much for sharing your perspectives! I was happy to find a woman who took the GIAC certifications route.
CompTIA and ISC2 are common, but it is important for students and women transitioning from other industries to be exposed to a variety of roads to success.
How would you like readers to contact you?
About Quiessence Phillips:
Quiessence is a Cyber Security Professional with 10 years of experience working within the financial industry. She is the co-founder of a non-profit EdTech, JOURNi, where they are building an authentically inclusive tech ecosystem in Detroit. In efforts to get more women into Cybersecurity, she started Securing Your Path – A community for women interested in forging their path in the industry. Quiessence is a mom, mentor, coder, hacker, strategist, and change agent. For more information about her, visit https://www.itsquiessence.com/
Editor’s note: Women of color were noticeably absent from most of the top women in cyber and top security bloggers lists in 2016 (and those released in 2017). I applaud the work of those who were celebrated because the recognition is certainly well-deserved.
However, I want to expose students in my demographic to women who look like them. They need to know that we are out here ready to help them navigate the complexities of this field.
I also want to create our own “Top Lists” to celebrate our accomplishments just in case future lists exclude us, inadvertently or otherwise.
Our stories connect us, and our daughters need to see people who look like them thriving in this high tech field. How else will they know we exist? How else will they know they are welcome?
We are not waiting any longer to be chosen. We are choosing ourselves as of February 2017 because gender diversity is not enough.