Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

A

You're listening to the Cyberwire network, powered by N2K.

B

And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.

A

My name is Maria Thompson Saab and I am the Senior Program Manager for Governance, Risk and Compliance at Allumio. I had decided long back that I wanted to study information systems management, so I went to college and I studied information Systems management at the University of Maryland University College. When I was growing up, we didn't really have computers in my home. But you know, it was something that seemed interesting to me and because I didn't have a computer I felt, oh, this is interesting and I want to learn more about it. So when I had the opportunity to go to college, I figured it would be something that I definitely wanted to look into. I can certainly say there were a lot of challenges because when I first decided I wanted to study computers, I thought, oh, I'm going to study computer science. And so not knowing that with computer science there's a lot of math and math was not my strong suit. Although I wasn't really strong in math, I still wanted to study computers and I wanted to be involved in that type of work. And that's how I ended up with information systems management, because I didn't have to have a whole lot of math. I would have to say that I was a bit of a rarity in there because even after I finished college and I started working, it was the same situation. I don't recall a lot of women being in my classes. Once I finished college. I was like, most people finish college, they don't really know what to do. And so I had an opportunity to work in government. I ended up taking a job at the help desk level for one of the federal agencies. And so a big part of my career was spent working in federal agencies around technology. The federal government had a series of opportunities, but as a contractor, not a federal employee. And so I did contracting work in technology for a number of years. And then I ended up jumping out into private industry from help desk. I worked my way up to become a sysadmin. I suddenly was put into an environment that was Unix and Linux. And so that's how I moved from Windows system admin to being on the Unix Linux side, which was really exciting, by the way, because it was a challenge and it was something I had never done. And who knew that it would be something that would totally change everything for me? But it really did because it opened up a lot of other opportunities. After I focused a lot around security and I was advocating for security best practices and for security tools and just processes. And so with that, it just really changed the whole focus of my mindset. And with that change became, you know, the desire to want to do more of that type of work. It led me into looking for companies that focused on security. And so that's how I jumped from being a sysadmin focusing on Linux at that time to becoming a full fledged security professional. There were definitely doubts along the way because there were many times when I was advocating in one position I had, I was advocating for security very hard, but it was just very challenging and very difficult for senior management to even view me as a security professional. And it just got to the point where I was trying to do everything I could to be seen as that type of person and to be given a role around security. But it just never really happened. There were promises, but they never came to fruition. And so I had to take it in my own hands to go out and figure out what it would take for a company, a manager or someone to see me as a security professional and not just a sysadmin. And so that's what I did. I decided to go after the cissp, but before I did that, I went after the cisa. So I decided that in order for a company to take me seriously, maybe it would be best if I had a license that showed that I had the basic level of knowledge to be able to function in that role after trying so hard at one particular company and it just wasn't happening. I felt that the only way it could happen is if I switch companies. And so that's exactly what I did. At Allumio, I am responsible for helping to build and maintain customer trust around the Allumio core and Edge micro segmentation platform. I'm responsible for ensuring that the controls that Lumio has around the platforms related to SoC2 continue to operate effectively. The way I like to work is to collaborate with people. I may not have all the answers, but I rely on the people who do have the answers. So my style is to rely on the people who know more than I do to help me understand where I have my own gaps. The biggest thing if had I known about this world of cybersecurity, I would say go right into that. I mean, focus on security. Make sure you get the proper education. I would. If I could go back and do it all over again, I would study cybersecurity. I would focus on security and compliance, and then I would tell myself, you know, make sure you understand the proper threats, you understand how to remediate those threats, and that you understand how you can help companies avoid those threats. I also tell myself to have a clearly defined roadmap. I mean, for me, I feel like some things happen organically because I had to go down one path and then change based on maybe a roadblock and then go down another path. Be flexible. I think that's what I would tell myself. Just be flexible. Be able to change when you need to change.

B

Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.

C

Hey everyone, grab your favorite bug and put the kettle back on the stove. Because afternoon cyber tea is coming back this season, I am joined by an all star team of thought leaders and industry experts to dive into the critical trends that are shaping the future of cybersecurity. We will explore how these technologies are revolutionizing the way we work, the way we live, and the way we interact with the world around us. And as always, we will be bringing you thought provoking discussions and fresh perspectives on what is driving the future of cybersecurity and what leaders can do now to protect their teams. Tomorrow, new episodes will be coming to you in February every other Tuesday, so subscribe now wherever you get your favorite podcasts.