Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes] - CyberWire Daily

Summary

CyberWire Daily Podcast Summary
Episode: Maria Thompson-Saeb: Be Flexible and Make It Happen
Host/Author: N2K Networks
Release Date: February 16, 2025

Introduction

In this episode of CyberWire Daily, host N2K Networks sits down with Maria Thompson-Saeb, Senior Program Manager for Governance, Risk, and Compliance at Allumio. Maria shares her inspiring career journey, emphasizing the importance of flexibility and proactive career management in the ever-evolving field of cybersecurity.

Early Career and Education

Maria begins by recounting her early interest in computers, despite growing up in a household without one. This curiosity led her to pursue Information Systems Management at the University of Maryland University College.

“When I was growing up, we didn't really have computers in my home. But you know, it was something that seemed interesting to me and because I didn't have a computer I felt, oh, this is interesting and I want to learn more about it.”
[01:45]

She initially considered a Computer Science degree but opted for Information Systems Management to avoid the heavy mathematics content, aligning better with her strengths and interests.

Transition to the Federal Sector

Upon graduating, Maria entered the workforce through a position at a federal agency's help desk, marking the beginning of her extensive experience in government technology roles. She spent several years as a contractor, navigating various technological environments within federal agencies.

“I had to take it in my own hands to go out and figure out what it would take for a company, a manager or someone to see me as a security professional and not just a sysadmin.”
[04:20]

Advancing to Sysadmin and Embracing Unix/Linux

Maria's career took a significant turn when she transitioned from a help desk role to a System Administrator position, working with Unix and Linux systems. This shift not only broadened her technical expertise but also ignited her passion for cybersecurity.

“I suddenly was put into an environment that was Unix and Linux. And so that's how I moved from Windows system admin to being on the Unix Linux side, which was really exciting, by the way, because it was a challenge and it was something I had never done.”
[03:30]

Emphasizing Security and Advocacy

As Maria delved deeper into her sysadmin role, she became an advocate for security best practices, pushing for the implementation of robust security tools and processes. This proactive stance marked her transition from general IT roles to a focused security professional.

“I was advocating for security best practices and for security tools and just processes. And so with that, it just really changed the whole focus of my mindset.”
[05:10]

Overcoming Challenges and Seeking Recognition

Despite her dedication, Maria faced significant challenges in being recognized as a security professional within her organization. Senior management struggled to view her beyond her sysadmin title, leading to frustration and the realization that proactive measures were necessary.

“There were many times when I was advocating in one position I had, I was advocating for security very hard, but it was just very challenging and very difficult for senior management to even view me as a security professional.”
[06:50]

Determined to change her professional trajectory, Maria pursued certifications such as CISA and CISSP, believing that formal credentials would validate her expertise and facilitate her transition into dedicated security roles.

“I decided to go after the CISSIP, but before I did that, I went after the CISA. So I decided that in order for a company to take me seriously, maybe it would be best if I had a license that showed that I had the basic level of knowledge to be able to function in that role.”
[07:45]

Joining Allumio and Current Role

Maria's efforts culminated in her current role at Allumio, where she is entrusted with building and maintaining customer trust concerning the company's core and Edge micro-segmentation platform. Her responsibilities include ensuring that Allumio's controls around SOC2 compliance operate effectively.

“At Allumio, I am responsible for helping to build and maintain customer trust around the Allumio core and Edge micro segmentation platform.”
[08:15]

She emphasizes a collaborative working style, valuing the expertise of her colleagues to bridge any gaps in her knowledge.

“I rely on the people who know more than I do to help me understand where I have my own gaps.”
[08:30]

Advice for Aspiring Cybersecurity Professionals

Reflecting on her journey, Maria offers valuable advice for those aspiring to enter the cybersecurity field:

Focus on Security Education: Maria advocates for a dedicated focus on cybersecurity education to build a strong foundational knowledge.

“If I could go back and do it all over again, I would study cybersecurity. I would focus on security and compliance.”
[08:50]
Understand Threats and Remediation: Grasping the nature of cybersecurity threats and effective remediation strategies is crucial.

“Make sure you understand the proper threats, you understand how to remediate those threats, and that you understand how you can help companies avoid those threats.”
[09:00]
Be Flexible: Maria highlights the importance of flexibility in career planning, adapting to challenges, and altering paths when necessary.

“Be flexible. I think that's what I would tell myself. Just be flexible. Be able to change when you need to change.”
[09:07]

Conclusion

Maria Thompson-Saeb's story is a testament to resilience, adaptability, and the pursuit of professional growth in cybersecurity. Her journey from a help desk technician to a senior program manager underscores the significance of continuous learning, certification, and the willingness to navigate and overcome organizational challenges. Maria's emphasis on flexibility and proactive career management provides a roadmap for aspiring cybersecurity professionals aiming to make their mark in the industry.

Notable Quotes:

“Be flexible. I think that's what I would tell myself. Just be flexible. Be able to change when you need to change.”
[09:07]
“Hackers can't attack what they can't see.” – Zscaler Sponsor Message
[00:11]

Key Takeaways:

Educational Path: Choosing a specialization that aligns with personal strengths can pave the way for a successful career.
Certifications Matter: Credentials like CISA and CISSP can significantly enhance professional credibility.
Advocacy is Essential: Proactively advocating for security within organizations can lead to pivotal role changes.
Collaboration: Leveraging the expertise of colleagues fosters a more comprehensive understanding and effective problem-solving.
Flexibility: Adapting to changing circumstances and being open to new paths is crucial in the dynamic field of cybersecurity.

This episode provides a comprehensive look into the career progression of a cybersecurity professional, offering insights and inspiration for listeners navigating similar paths.

Transcript

A (0:02)

You're listening to the Cyberwire network, powered by N2K.

B (0:11)

And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.

A (1:32)

My name is Maria Thompson Saab and I am the Senior Program Manager for Governance, Risk and Compliance at Allumio. I had decided long back that I wanted to study information systems management, so I went to college and I studied information Systems management at the University of Maryland University College. When I was growing up, we didn't really have computers in my home. But you know, it was something that seemed interesting to me and because I didn't have a computer I felt, oh, this is interesting and I want to learn more about it. So when I had the opportunity to go to college, I figured it would be something that I definitely wanted to look into. I can certainly say there were a lot of challenges because when I first decided I wanted to study computers, I thought, oh, I'm going to study computer science. And so not knowing that with computer science there's a lot of math and math was not my strong suit. Although I wasn't really strong in math, I still wanted to study computers and I wanted to be involved in that type of work. And that's how I ended up with information systems management, because I didn't have to have a whole lot of math. I would have to say that I was a bit of a rarity in there because even after I finished college and I started working, it was the same situation. I don't recall a lot of women being in my classes. Once I finished college. I was like, most people finish college, they don't really know what to do. And so I had an opportunity to work in government. I ended up taking a job at the help desk level for one of the federal agencies. And so a big part of my career was spent working in federal agencies around technology. The federal government had a series of opportunities, but as a contractor, not a federal employee. And so I did contracting work in technology for a number of years. And then I ended up jumping out into private industry from help desk. I worked my way up to become a sysadmin. I suddenly was put into an environment that was Unix and Linux. And so that's how I moved from Windows system admin to being on the Unix Linux side, which was really exciting, by the way, because it was a challenge and it was something I had never done. And who knew that it would be something that would totally change everything for me? But it really did because it opened up a lot of other opportunities. After I focused a lot around security and I was advocating for security best practices and for security tools and just processes. And so with that, it just really changed the whole focus of my mindset. And with that change became, you know, the desire to want to do more of that type of work. It led me into looking for companies that focused on security. And so that's how I jumped from being a sysadmin focusing on Linux at that time to becoming a full fledged security professional. There were definitely doubts along the way because there were many times when I was advocating in one position I had, I was advocating for security very hard, but it was just very challenging and very difficult for senior management to even view me as a security professional. And it just got to the point where I was trying to do everything I could to be seen as that type of person and to be given a role around security. But it just never really happened. There were promises, but they never came to fruition. And so I had to take it in my own hands to go out and figure out what it would take for a company, a manager or someone to see me as a security professional and not just a sysadmin. And so that's what I did. I decided to go after the cissp, but before I did that, I went after the cisa. So I decided that in order for a company to take me seriously, maybe it would be best if I had a license that showed that I had the basic level of knowledge to be able to function in that role after trying so hard at one particular company and it just wasn't happening. I felt that the only way it could happen is if I switch companies. And so that's exactly what I did. At Allumio, I am responsible for helping to build and maintain customer trust around the Allumio core and Edge micro segmentation platform. I'm responsible for ensuring that the controls that Lumio has around the platforms related to SoC2 continue to operate effectively. The way I like to work is to collaborate with people. I may not have all the answers, but I rely on the people who do have the answers. So my style is to rely on the people who know more than I do to help me understand where I have my own gaps. The biggest thing if had I known about this world of cybersecurity, I would say go right into that. I mean, focus on security. Make sure you get the proper education. I would. If I could go back and do it all over again, I would study cybersecurity. I would focus on security and compliance, and then I would tell myself, you know, make sure you understand the proper threats, you understand how to remediate those threats, and that you understand how you can help companies avoid those threats. I also tell myself to have a clearly defined roadmap. I mean, for me, I feel like some things happen organically because I had to go down one path and then change based on maybe a roadblock and then go down another path. Be flexible. I think that's what I would tell myself. Just be flexible. Be able to change when you need to change.