Editor’s note: #WeCyberToo Talent Spotlights cover women of color in cyber so our daughters can see women who look like them thriving in the field.
Meet Tiffany L. Smith, Security Assurance Operations Analyst at a Fortune 100 Company. In her current capacity, she focuses on data loss prevention and insider threats.
How did you end up in cyber security?
In 2011, I was a Youth Counselor with a Literature degree, 3 months away from being unemployed when a Tech Recruiter came to speak with the youth about all of the great opportunities within the tech field.
I used the information she provided and began to do research on the various careers in IT. I landed on cyber security due to the nature of needing to always be current on the various tools and activities going on within the discipline.
I moved from my hometown to Maryland where I enrolled in the University of Maryland University College for my Network and Security Bachelor of Science degree. That was the beginning of my love affair with cyber security.
What is the most difficult challenge you have faced as a woman in a male-dominated field?
One of the most difficult challenges I have faced as a woman in a male-dominated field is knowing I belong, having my voice be heard and knowing my opinion matters.
How did you overcome said challenge?
I became more assertive in meetings by speaking up, not being afraid to ask questions, and giving my opinion without worrying. Other factors that helped me with overcoming this challenge is networking with other women within the field and obtaining a mentor.
A reader of Danyetta’s profile suggested asking future interviewees to share failures because those have a bigger impact than just “feel good” stories. Do you have a failure that you would like to share?
Yes, I failed the CompTIA Security+ certification exam the first time I took it. This experience left me discouraged, feeling ashamed and angry because I failed the exam by 3 points! Yes, 3 points!
My student loans were about to kick in and my unemployment was about to end. Needless to say, I was afraid I would not be able to support myself.
After reviewing the detailed score statement I received from CompTIA regarding the areas of the exam I got wrong, I came up with a game plan to to do better next time:
- Study the concepts for an hour everyday
- Complete practice exams making sure I received 90% of the questions correct
- Force myself to take the exam again in one month
I am proud to say allowing myself to feel sorry for myself for a short period of time helped me to re- focus on my goal. I was determined to earn the CompTIA Security+ certification to assist me with obtaining an entry level cyber security position.
My game plan worked as I passed the CompTIA Security+ certification exam the second time around! Validation happened in 2014 when I was selected to participant in CompTIA’s “Expect Success With CompTIA Security+” commercial.
The commercial and overall experience was one of the best days in my life because it validated the promise I made to myself after my cyber security internship ended. The promise I made to myself after my paid internship was I was not going back to what I deemed normal IT work.
Along my journey of getting into cyber security, I worked in two Help Desk positions. Those roles did not challenge or excite me. Cyber security challenges and excites me, and I am extremely thankful for the experience.
How did you turn that failure into an opportunity?
On my days off and some days after work, I spent time teaching myself Splunk by reading documentation from Splunk’s website and adding Splunk to my own home lab.
The knowledge and experience I learned on my own helped me implement it to use on the job. By having this knowledge, I am able to build efficient queries and create dashboards with my eyes closed.
Editor’s note: Splunk is hiring! Not only are they hiring, but I get messages from recruiters EVERY DAY looking for Splunk talent to work for Fortune 500 companies. I encourage students and women transitioning into the field to research this tech, teach yourself, and establish relationships with your local Splunk sales rep or recruiter. In fact, look for Splunk User groups in your city. Relationships are key.
What advice would you give someone looking to enter the information security field?
Understand the information security field is a space where you can never get complacent. Continue learning, including reading articles centered around information security through blogs and books.
Learn how to talk technology so you can effectively communicate with potential employers and your peers.
Find a network of people in the field who don’t mind helping you get into information security by providing encouragement and clarity.
Finally, have patience. Information security is a very hot field and it can take a while to break the glass of obtaining a position. Make sure the proper education and certifications are inline with the information security position you are trying to seek.
What formal education, skillsets, and/certifications do you recommend that people start with to stand out among other candidates in the cyber security field?
For candidates looking to get into cyber security, it’s important to understand why cyber security roles are important. This includes knowing the basic concepts of the CIA triad, understanding the different compliance requirements, especially SOX, PCI, and HIPAA.
For certification I would recommend obtaining the CompTIA Security+ certification as it’s the standard entry level certification for someone looking to obtain an entry level position within cyber security.
Can you give a brief “day in the life of” description of your role to help women that are coming into the field behind you understand what that kind of work entails?
A day in the life of my current role consist of meetings, researching, triaging and analyzing data. My meetings are team and project based, which can include learning about a new process my team is trying to implement. We also flesh out updates or tweaks to existing processes.
Triaging incidents, analyzing data, and research consumes 75% of my day where I am looking for bad actors on the network and escalating those bad actors to another team.
Are you planning to become a CISSP? Why or why not?
CISSP is in my future, and my motivation for obtaining it would be to fully display my hands on experience and knowledge of cyber security. In addition, this will facilitate achieving my goals of a mid-level career position as a stepping stone to a C-suite level position.
Diversity within cyber security starts from the top of the hierarchy. As a hiring manager, I would love to be able to hire more women, people of color, and serve as a mentor to employees to assist in building the next generation of Cyber Security Warriors.
What project(s) are you most proud of?
As a woman who transitioned into the field, I am proud that the hard work of studying the different concepts of cyber security helped me in being selected as an intern in 2013 by Foreground Security.
Three candidates were selected amongst a group of 13 candidates, and I was the only female and black woman to be selected. Within the internship I learned a great deal about the IT field, Linux, virtual machines and everything cyber.
Each intern had a project they had to work on which included installing a monitoring tool on a Redhat Server and my tool to install was Opsview. I spent nights after work and my weekends figuring out how to install Opsview.
This was extremely challenging to me, but I figured it out by keeping track of the steps I took in every phase of installation. It truly felt like I was drinking from the fire hose.
This experience prepared me for the challenges I had waiting for me in my first full time cyber security role. My project was selected and placed into production of the company at the end of my internship and I was extremely ecstatic!
Installing my first home lab was a liberating experience as it forced me to become my own IT Security person for my home. I was able to set up my router and practice security processes such as:
- Changing the password
- Making sure I have the right form of encryption
- Setup virtual machines to install network detection tools so I can read my own logs to see if there is any malicious activity on my network
Finally, serving as a mentor to individuals who are interested in learning how to get into cyber security through the process I took is another ongoing initiative that I take great pride in.
Editor’s note: Ladies, you should have a practice lab at home. All the men have labs, and this is how they keep their technical skills fresh.
I’m working on a lab setup tutorial and will publish it in the next few weeks. Sign up for the newsletter to make sure you don’t miss it.
Is there anything other info you’d like to share?
Believe in yourself, know you can succeed in the cyber security space. If a woman who was once a Youth Counselor can make it and succeed in this field, there is no excuse why the next women behind me can’t succeed.
Thank you so much for providing your insights! How would you like readers to contact you?
About Tiffany L. Smith
Tiffany L. Smith is a Brooklyn, New York native who considers herself to be a Technologist, Cyber Security Professional and self-proclaimed nerd who is an alumnus of the University of Maryland University College and SUNY Purchase College.
At the age of 10, Tiffany vividly remembers interacting with her first computer during a time when computers were considered to be “Dinosaur Computers” due to the monitors and central processing units being huge, and floppy disks used to store data. In high school, Tiffany was apart of an elite group called “Computer Techies” which included monitoring and troubleshooting the computer labs at William H. Maxwell High School.
Before pursuing a career in Cyber Security and obtaining her Computer Network and Security degree from the University of Maryland University College. Tiffany graduated from Purchase College with a Literature degree and became a Youth Counselor with the Harlem Children’s Zone and has worked for non-for-profit organizations such as FEGS, Odyssey House, and Good Shepherd. Currently, Tiffany works for a Fortune 100 company as a Cyber Security Analyst helping to protect the company’s critical data. The IT/Cyber Security certifications Tiffany holds are CompTIA Linux+, CompTIA Security+ and Certified Ethical Hacker.
Editor’s note: Women of color were noticeably absent from most of the top women in cyber and top security bloggers lists in 2016 (and those released in 2017). I applaud the work of those who were celebrated because the recognition is certainly well-deserved.
However, I want to expose students in my demographic to women who look like them. They need to know that we are out here ready to help them navigate the complexities of this field.
I also want to create our own “Top Lists” to celebrate our accomplishments just in case future lists exclude us, inadvertently or otherwise.
Our stories connect us, and our daughters need to see people who look like them thriving in this high tech field. How else will they know we exist? How else will they know they are welcome?
We are not waiting any longer to be chosen. We are choosing ourselves as of February 2017 because gender diversity is not enough.