Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes] - CyberWire Daily

Summary

CyberWire Daily Podcast Summary

Episode: Marcelle Lee: Cyber Sleuth Detecting Emerging Threats
Host/Author: N2K Networks
Release Date: December 15, 2024

Introduction

In this episode of CyberWire Daily, host Marcelle Lee, a senior security researcher at SecureWorks, delves into her journey into the cybersecurity field, the diverse roles within the industry, and the importance of diversity and continuous growth in cybersecurity careers. Lee shares personal anecdotes, professional insights, and offers valuable advice for aspiring cybersecurity professionals.

Marcelle Lee's Career Journey

Marcelle Lee opens up about her unconventional path to cybersecurity. Initially pursuing a double major in electrical engineering during college, Lee realized it wasn't the right fit for her. "I had one year of double E in college and that definitely wasn't for me" (01:04). Without a background in computers, she had never considered a career in the field.

However, life took an unexpected turn when a relative passed away, leaving Lee responsible for managing their estate. This responsibility brought about significant changes, allowing her to quit her full-time job managing capital projects for a municipality. The financial flexibility enabled her to explore new opportunities, ultimately leading her to cybersecurity.

Breaking into Cybersecurity

Lee credits a pivotal grant program for facilitating her transition into cybersecurity. "I actually was part of a grant program... it paid for classes at my local community college, which it has an excellent cyber program and also paid for like certifications" (01:04). This federally funded initiative aimed to reskill workers, offering financial support for both education and certification.

Through structured coursework and certification exams, Lee was able to "throw caution to the wind and leap into this with like both feet" (01:04). This support was instrumental in her shift from managing municipal projects to becoming a security researcher.

The Diversity of Roles in Cybersecurity

Contrary to the common perception that cybersecurity is synonymous with penetration testing, Lee emphasizes the vast array of roles available within the field. "There's so many different roles in cybersecurity... but there's many, many different paths that people can take" (01:04). She advises newcomers to "find your specialty, your, like one thing that you're really good at and focus on that" (01:04), while also encouraging the development of additional skills over time.

Lee believes that having a specialized expertise not only boosts confidence but also provides a solid foundation from which to expand one's knowledge and capabilities within the industry.

Marcelle's Current Role and Responsibilities

In her current position at SecureWorks, Lee wears multiple hats. She serves as both a senior security researcher and the emerging threats lead. "In my role as a security researcher... whatever shiny cyber thing catches my eye, as long as it's impactful potentially to our clients" (01:04). This role allows her to explore various aspects of cybersecurity, driven by both curiosity and the potential impact on clients.

As the emerging threats lead, Lee focuses on staying ahead of new and evolving cyber threats. She monitors cybercrime activities globally, extending her analysis beyond well-known actors like Russian or North Korean entities to include "the rest of the world" (01:04). This proactive approach ensures that SecureWorks remains vigilant against a wide spectrum of threats.

Encouraging Diversity and Growth in the Field

Lee is a strong advocate for diversity in the cybersecurity workforce. Reflecting on her own experiences, she shares, "I'm certainly of a generation of women that were not encouraged to do anything particularly technical" (01:04). Recognizing the underrepresentation of women and individuals from diverse backgrounds in technical roles, she actively encourages more inclusive hiring practices.

"I especially like to encourage diversity in hiring and encourage women... because it's a great way to, like, stimulate your mind and just keep growing as a person" (01:04. Lee believes that diversity not only enriches the workplace but also fosters continuous learning and adaptability, which are crucial in the ever-evolving field of cybersecurity.

Moreover, Lee highlights the pressing need for more professionals in cybersecurity. "This is a tough industry and we need more people always to help solve all the hard problems there are... we just don't have enough people, we don't have enough bodies" (01:04). Her call to action underscores the importance of expanding the talent pool to meet the growing demands of the industry.

Conclusion

Marcelle Lee's story is a testament to the possibilities within the cybersecurity field, even for those without a traditional technical background. Through support programs, personal determination, and a passion for uncovering cyber threats, Lee has forged a successful career in cybersecurity. Her emphasis on specialization, diversity, and continuous learning offers valuable guidance for aspiring professionals. As the cybersecurity landscape continues to evolve, voices like Lee's play a crucial role in shaping a more inclusive and resilient industry.

Notable Quotes with Timestamps

Career Shift: "I had one year of double E in college and that definitely wasn't for me." (00:01:04)
Entering Cybersecurity: "I actually was part of a grant program... it paid for classes at my local community college... and also paid for like certifications." (00:01:04)
Diverse Roles: "There's so many different roles in cybersecurity... there are many, many different paths that people can take." (00:01:04)
Encouraging Diversity: "I especially like to encourage diversity in hiring and encourage women... it's a great way to, like, stimulate your mind and just keep growing as a person." (00:01:04)
Industry Needs: "This is a tough industry and we need more people always to help solve all the hard problems there are... we just don't have enough people, we don't have enough bodies." (00:01:04)

Timestamp Key:

00:01:04: Minute 1, Second 4
Note: The transcript provided primarily contains content from this timestamp onwards.

Transcript

A (0:02)

You're listening to the Cyberwire network. Powered by N2K.

B (0:11)

Identity Architects and engineers. Modernize your identity systems with Strata. Integrate legacy apps with any idp, Ensure seamless identity failover and apply MFA without touching app code. Strata offers robust, efficient identity management, reducing tech debt and enhancing security. Gain peace of mind and operational efficiency with Strata's comprehensive Solutions. Visit Strada IO CyberWire. Share your biggest identity challenge and enjoy free AirPods Pro. Optimize your identity solutions today. Visit Strata IO CyberWire. And our thanks to Strata for being a longtime friend and supporter of this podcast.

A (1:04)

My name is Marcel Lee and I'm a senior security researcher at SecureWorks. I wanted to do a lot of different things in my life and have done quite a few of them. I had one year of double E in college and that definitely wasn't for me. So at the time, like, I had never even considered like a career in computers because it just wasn't something that I grew up with at all and didn't have any concept, you know, of what a career in that field would look like. So. Yeah, but here I am now. I had a relative pass away and I was in charge of managing their estate and it was a bit complicated because there was like a household to, you know, empty and a house to sell and so on and so forth. And. But because I was getting some money from that, I was able to like, basically quit my full time gig, which was managing like capital projects for a municipality, and focus on taking care of the estate and then getting into the cyber thing because I had a little bit of funds and flexibility. The other thing that helped was I actually was part of a grant program and I think it was through the county that I live in, but it was federally funded and this was just one of these things to like get workers reskilled in cybersecurity. So with that program, basically it paid for classes at my local community college, which it has an excellent cyber program and also paid for like certifications. So the idea is that you would take a class, sit for a cert, take a class, sit for a cert. So those two things are really what made it possible for me to just kind of throw caution to the wind and leap into this with like both feet. There's so many different roles in cybersecurity. So, you know, everybody thinks like, to be in cyber is to be like a pen tester or something, right? But there's many, many different paths that people can take. I always recommend, you know, trying to find your specialty, your, like one thing that you're really good at and focus on that, and it doesn't mean you can't build other skills along the way. But to have something that you're really good at is confidence boosting, for sure. And it gives you, you know, sort of a starting point. I love the part where I feel like a detective, basically. So trying to get to the bottom of maybe a cyber campaign or trying to understand motivations of a threat actor or, you know, whatever, it's just a lot of uncovering of stones. And in my role as a security researcher, like, it's the perfect job for me because I get to work and as I always say, whatever shiny cyber thing catches my eye, as long as it's impactful potentially to our clients. And then my other role at SecureWorks is the emerging threats lead. So that also suits me very nicely because I do like to try to keep my finger on the pulse of anything sort of new and interesting that's coming down the pike. So I look at cyber crime, I look at different countries and their cyber activity outside of, like, the primary ones that we already have, you know, people. Like, we have a Russian person and a North Korean person and, you know, so on and so forth. But I get, like, what we call the rest of the world. I'm certainly of a generation of women that were not encouraged to do anything particularly technical, and I didn't know anybody who did anything particularly technical. I think I had, like, one friend who was maybe a civil engineer or something like that, but, you know, nobody else worked in any kind of role like that. So it really took a long time to realize that I can be a technical person, and I'm actually pretty good at it. And to me, there's nothing like, more exciting than getting somebody to be passionate about cybersecurity as an industry or just to get excited about a topic. You see light bulbs going off when people suddenly get how something works. And to me, that's super rewarding. This is a tough industry and we need more people always to help solve all the hard problems there are, help defend, help do all the things in cyber. And we just don't have enough people, we don't have enough bodies. So from that end, we just need more people, period. But I also particularly like to encourage diversity in hiring and encourage women. And really anybody who is interested in the field and has, you know, comes from a diverse background to get into it, because also it's. It's a great way to, like, stimulate your mind and just keep growing as a person, because it's so, you know, not static. You. You have to continue to grow and learn, and I think that's. That's awesome for people to be able to do.