The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to shed a light on the remarkable women in our industry. The following is a feature on just one of the many phenomenal women put forward for the 2021 awards. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability.
This year, the awards are sponsored by KPMG and Beazley.
Regina Bluman, Security Analyst at Algolia
What does your job role entail?
A bit of everything! I’m currently leading the implementation of Algolia’s new SIEM solution and will be managing the ongoing running of it once installed. I also oversee our long-term projects (anything counted as ‘strategic’ that runs for more than 6 months) and work closely with our compliance team on our ISO27001, SOC2, and C5 audits. Day to day, I perform security reviews of new applications or products which the company wants to use, and often work closely with the sales team to help customers understand our security measures and work with them to find solutions when there are questions!
How did you get into the cybersecurity industry?
I took the long way around! My background is in IT Marketing, so I have always been on the fringe of the industry as a whole, albeit never in a ‘security’ role – my last job before this was Head of Brand and Marketing for a global MSP, so just *slightly* different!
When I first started out in Marketing, I realised I was best at my job if I understood the products and the customer needs, so I began diving more into the technical side of IT. From there, I found I really loved security especially. I took advantage of having incredibly supportive managers and teams around me who would let me sit in on engineering meetings, let me tag along to conferences, etc., and my passion for security just grew from there.
I began doing a lot of studying and training in my free time, more out of interest than anything serious at first, but I decided a couple of years ago that I would make the formal move across into a security-focused role. I sat and passed (on my first go!) my CISSP exam, which really helped me prove my knowledge to potential employers – I just needed to find someone who was willing to take a chance on me without that hands-on experience to go along with it.
I was incredibly fortunate to find a company that recognised the strengths of a Marketing background and who was happy to let me learn as I went along. I’ve been in this role for almost a year now, and will shortly be moving up into a Security Programme Manager role, helping shape the strategy for our team and overseeing the roadmap for our department.
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
I think the biggest challenge has just been constantly being overlooked – almost to the point of feeling invisible. I think that the majority of the bias (that I have experienced anyway) has not been intentional – very few people have gone out of their way to make me feel unwelcome. However, there are old habits and dinosaurs in the industry, which make it very hard to be recognised or acknowledged as much as some of my male counterparts. I have been fortunate to be offered numerous opportunities to speak on different panels, webinars, podcasts, etc., but they’re almost always about diversity. I still very much feel like the ‘token woman’ a lot of the time. Men are often invited to talk about new tech, or challenges, or their thoughts on a new ransomware gang… women are mainly offered speaking slots around getting more women in the industry. Which is great, don’t get me wrong – I’m happy to see that this is being more widely acknowledged and talked about – but I am more than my gender! I have opinions and valuable experience which I would like to share beyond just ‘my story’. We are doing a good job working towards better diversity in the industry, but we need to focus on the inclusion bit now. I don’t want to feel looked over, ignored or pigeonholed, just because of my gender. I hope that we can begin to look beyond that as an industry.
What are your top three greatest accomplishments you have achieved during your career so far?
- I established, managed, and sold my own business before the age of 25. I moved over from the US to set up an overseas branch of a business there. I was the sole employee in the UK, and was responsible for everything – taxes, import requirements, employment law, sales, marketing, website development, logistics… I did it all! It was an incredible experience and I think having that first-hand knowledge has helped so much as I’ve grown in my career, to understand the other parts of the business and their challenges.
- Passed my CISSP exam on my first try! The CISSP pass rate is about 20%. For me to sit it and pass it on the first go, with no formal education and no hands-on security experience – I’m incredibly proud of that achievement! I know that CISSP gets a lot of flak from the industry, and I don’t see it as the be-all and end-all of my security knowledge, but it was important for me to have that rubber stamp to prove that all of my studying and dedication paid off – and it did!
- Achieved a career move into security. It was something I talked about for years, and something I know people struggle with on a daily basis. When I handed my notice in at my Marketing job, I hadn’t even applied for a security role at that point – I had no other job lined up, and we were in the middle of a global pandemic which was causing furloughs, redundancies, and more, but I’d had enough. Once I decided to make the move, I began interviewing almost immediately and had 2 job offers within a month. I had a few people say that I got my job through my network or I only got a job so quickly because I’m a token woman hire – I know the interview process I went through, I passed the assignment I was given just as every other person in my team has had to do – I’ve earned the job I have, and I’m so proud of myself for taking the leap, backing myself, and making it happen!
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
I try to do as much as I can! I have a few young women which I mentor and I am a member of the Ladies Hacking Society, so try to publicise the group and our efforts as much as I can to try to attract more women! From a practical perspective, I also try to help run CV workshops for career changers, so I can help them capitalise on their transferrable skills and get past those pesky CV-bots! I also think we need to be very careful that we don’t just see diversity as a male/female thing. It’s great that women are becoming more ‘common’ in the industry, but we need diversity in other areas too – diversity of thought, of race, of religion, of background, of socioeconomic status… I hugely appreciate the platform that I’ve been given so far in my career, but I am a white, English speaking, straight, cisgender, middle-class woman – I am not diverse! Anytime I’m given a voice, I think it is my responsibility to pass the mic and draw others who are less represented into the spotlight with me, and I try to do this as often as I can.
What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?
Play the game. I had an attitude for a long time that I didn’t want to leverage my network to get to where I am. It’s great to be principled, but I was going to be principled and unemployed if I’d stuck with that. Do I agree with the state of the industry currently, that you often need a ‘sponsor’ or referral to get your foot in the door? No, I hate it with a passion! However, it is how things work now. The best thing we can do is play the game, get our foot in the door, and then kick it open behind us. We can’t make a change if we’re not in positions of power to lead that change from the inside. So play the game, use your network, but don’t forget to reach back and offer a helping hand to those behind you. It’s the only way we can make things better for future generations of women!