Continuing our series of “In Conversation With” interviews, we are delighted to feature Paloma Garcia, Senior Presales Manager, Mid-Market & Channel at Symantec.

Originally from the north of Spain, Asturias, Paloma completed her Telecommunications engineering degree in Madrid and soon after emigrated to the UK to learn the language and gain valuable work experience. Whilst working as an IT administrator managing around 80 users, Paloma went on to top up this degree at Oxford Brookes, specialising in Telecommunications with First-Class Honours.

Paloma’s technical background was complemented with an MBA at Henley Business school (UK) that has given her opportunities to further understand what tools, models and frameworks can be leveraged to make a company and people perform at their highest levels. As part of this MBA which she completed whilst raising a now 3 years and more recently a 4 month old, Paloma has had to apply many of these concepts to the cyber-security industry. Recently she has decided to start her own blog to share some of her learnings as well as introducing business concepts to address current challenges in the cyber-security market. She has also over recent years become a huge advocate of Women in Technology, promoting gender balance and the importance of diversity in this sector

We are excited to present the second in this series of interviews with Paloma.

How did you get involved in the cyber security industry?

My work experience to date has always been in the IT/Network & cybersecurity industry. After completing my telecommunications engineer degree in Spain I was given the opportunity to travel to the UK to gain some work experience as a systems administrator. At the time I did not have much knowledge around the IT industry, but I felt that I had to start somewhere.  I was part of a team of 2 who had to manage an 80-user organisation. I’ve had to learn not just networking but also security skills and therefore this was my first exposure to cybersecurity.

What roadblocks have you come up against?

The biggest challenge for me has been the lack of gender diversity. I often felt the odd one out and this has had a knock-on effect on my confidence levels – Initially, I did not feel like I fitted in.  Frequently in my career, and specifically at the beginning I’ve always felt that I had to prove myself twice as hard than my male counterparts.

How long have you been in the cyber security industry and what changes have you seen in that time?

I’ve been in the industry for about 13 years. The biggest change I’ve seen so far is that organisations are generally more security conscious and, in some instances, they even leverage security for their own competitive advantage – which I believe this is a step in the right direction. The other change for me is that the industry is more inclusive, and I feel more than ever part of a community. This is thanks to the work that other women in cyber are doing such as Jane Frankland, Dr Jessica Barker, Becky Pinkard, Sian John and people like yourselves to name a few. We need more role models like you/them.

What changes or trends do you expect to see in cyber security in the next 10 years?

From a vendor perspective what I expect to see is a simplification of the solutions the industry provides. The market is very competitive and it’s becoming difficult to really understand how you can secure your environment without having to invest in many disperse tools and layers of security. There is also a lot of jargon that needs to be simplified – at the end of the day we just want organisations to become more resilient so let’s keep it simple.

I would also like to see an increase in security awareness at a global scale. Being security aware should become second nature like the same way we teach our children to look at both sides before crossing the road, how to interact with strangers…I still think we have long way to go before achieving this.

How much job demand is there for cyber security professionals? And what factors will shape this demand in coming years?

According to latest figures published by Cybersecurity Ventures there will be about 3.5 million unfilled jobs in the cyber security industry by 2021. Some of the factors that will shape this demand will be the 4th industrial revolution. I’ve recently read a book published by K. Schwab about this that explained that this new era would negatively impact women worsening gender inequality. In his book he highlights the fact that although we don’t know whether male or female dominated professions will be more vulnerable to automation, it is likely that women are more at risk. That’s why we need to take advantage of new opportunities that require more interpersonal, leadership and emotional intelligence skills – all of which being more difficult to automate.

Brexit will also have a huge impact on this, it’s going to be much more difficult to do what I did 13 years ago. To travel and work in the UK without any travel / work authorization, this will limit the talent we receive from other countries and therefore diversity which will have a financial and creative impact.

What soft skills do you think are most important for cyber security professionals?

We often focus on the technical aspects, but I strongly believe that Interpersonal skills are also key for the cybersecurity industry. Having to connect with people and earn your buyer’s trust is a critical skill.

I’ve conducted an extensive research a couple of years ago as part of my MBA that demonstrated that ‘trust and being personable’ were some of the critical success factors in cybersecurity.

Why should more women consider a cyber security career?

We need people from different genders to be more effective at combating cyber criminals. Let’s say that we were to instruct a phishing attack to a group of analysts within a SOC. If they all belong to the same ethnicity, gender and backgrounds then they would probably have similar interests and so it would be easier to craft an email that entices them to open it up.  However, if a cybercriminal wants to attack a very diverse group of employees then you won’t be able to rely on their blind spots.

How does a person with existing tech experience make the shift to cyber security? What would be your advice to those looking to make the switch?

This would depend whether they would like to work for the vendor & consulting world such as Symantec, Deloitte, EY. Or the end user side of the business i.e. organisations that would have a dedicated cybersecurity team. From the vendor world what I can say that sometimes there are very specific roles that require particular skills i.e. data loss prevention, endpoint or email skills – all of this can be learnt online. There are other entry roles that would simply require a good positive attitude and willingness to learn. In my case I would always look at potential, attitude and background as the technical knowledge can be gained with the right behaviours/approach.

Do you think that discrimination exists for women in the cyber security industry and can you give some examples of this?

Discrimination still exists, and this has been demonstrated by the gender pay gap initiate. According to the BBC gender pay gap has not improved much since last year from 9.7 per cent to 9.6 per cent.

Do you think that women must prove twice as much as men so that our opinion is considered when carrying out technical careers such as cybersecurity?

Sometimes this is the case, yes.

There is still a huge perception about women that “we aren’t technical enough”. I’ve experienced this on several occasions, especially at public events but in particular at the beginning of my career journey. I’ve had situations where I was not considered technical enough, yet I probably had the most number of technical qualifications in the room!

What would you say to a group of young women who have not considered a career in the world of computer security due to lack of knowledge or lack of programming experience?

Nowadays you have a great access to information so what I would say is that do not discard a career in cybersecurity just because you don’t know what to expect of it! A few of us are delivering talks at different schools, colleges, universities. With regards to the lack of programming experience, there are many positions within cybersecurity that do not require the ability to program. I would also say that programming experience is something very useful to have for any career! So, although you don’t end up doing it – it’s good to understand how code is written as I can guarantee that one day you will need it.

What kinds of obstacles have you encountered in your years as a professional to get where you are?

Desire to progress fast enough perhaps. I was once told by a peer that I would get promoted when I stop having babies. We will struggle to attract & retain women in cyber or any workplace if we are not more supportive of women that want to start a family and have a career. Luckily, my work is very supportive but there are others that aren’t.

To explain the scarce presence of women in cybersecurity, one study shows that 52% of them do not have any interest in computing and therefore discarded developing a professional career in this field. What is it that attracted you to this field? I’ve always liked learning new things and Information security was a new field that I did not know much about. I felt very much outside my comfort zone, but I would always welcome a challenge. In my case I was given the opportunity to work in a foreign country to learn their culture and language and so I jumped at the opportunity. In other words, my family pushed me to try and give it a go! It’s important that you are surrounded by people that encourage you to try new things – even if they are a bit scary and you are not sure if you will make it. It’s all part of the journey.

As to why I chose an engineering degree well this was a recommendation by my teachers & family based on my academic results. I was told that If I were a man with those results in STEM subjects that I would become an engineer.

The few studies that we find about the low representation of women in cybersecurity suggest that people with social skills are needed, not only with coding skills. In your opinion what would you say to young women who, out of ignorance, have quickly ruled out a career in the world of computer security or simply do not think about it? There are many different skills required in cybersecurity not just coding capabilities. I learned how to program in C/C++ at university but have not touched it since then! Having said that, I’ve recently started blogging and had to buid my own website using WordPress so I’ve started learning some web programming languages. I realised that if you wanted to do something fancy with your website that you needed to know how to code. So I am keen to learn more. In summary, be open about learning new skills!

If you would like to take part in our “In Conversation With” series, please get in touch via [email protected].