A (0:02)

You're listening to the Cyberwire Network powered by N2K.

B (0:09)

Spring starts at the Home Depot and we are bringing the heat to your backyard this season. Fire up the flavor with our wide variety of grills for under $300. Like the next grill 4 burner gas grill that's perfect for hosting your spring cookout. Then set the scene and turn your outdoor space into the go to spot the patio sets for every budget. Bring it this season with grills that deliver flavor and patios that set the VI vibe from the Home Depot. Start your spring with low prices guaranteed at the Home Depot. Exclusion supplies to homedepot.com price match for details.

A (0:43)

My name is Roya Gordon and I'm a security research evangelist. My mom used to always say I just talk too much, I should be a lawyer and actually liked the idea. So in middle school and high school I was in pre law magnet programs. Like I thought I was going to be a lawyer. I had no idea of what cyber was. So my path was to be a lawyer. After high school didn't end up going to college. Right away I joined the Navy. I was in ROTC and it just had a big influence on my life and I was like, yeah, I want to join the Navy. So I did intelligence. This was before there was cybersecurity in the Navy. I worked a lot with the cryptologist, so a little bit of technical stuff there. But I was still doing threat intelligence, terrorism and tracking military vessel safety as they were conducting exercises and sailing the seas. I got out in undergrad. I was still kind of on the mission of doing national security. So I got my degree in international relations and I was planning on joining the FBI, the CIA, the nsa. That was kind of my new path. And then I got introduced to tech in grad school when I started studying cyber warfare. I was originally looking at other parts of the ic, the intel community. And so I was applying everywhere. Nga, FBI, dia, you name it. And in grad school I got picked up by the NSA and they gave me a conditional job offer. And they were like, you know, if your clearance comes back good, then you will start. You'll be a part of NSA's like cyber program. It was a three year program. I got to learn all about the agency. So once I realized I was going to be in the nsa, I was like, crap, I should probably start learning about cyber stuff because up until that point I just had no clue. So that's when I kind of took it upon myself to choose a capstone project at my alma mater. In cyber warfare because I wanted to kind of have some kind of basis as to what cyber was. And I got to learn about nation state threat actors. And it wasn't technical, it was more theoretical. But that's kind of how I started getting into cyber because I was NSA bound. So I graduated from grad school, I had my official letter for the NSA in hand, I was getting ready to fly to dc. I already set up a place to live. Like I was going to start at the nsa. And about a month, maybe a couple of weeks before my start date, my recruiter at the NSA calls me and says, I don't know what's going on, Roya, but the NSA is rescinding your job offer. So I'm like, okay, what does this mean? And she's just like, I don't know, you're going to have to write a letter to the nsa, but you're not going to be starting like you no longer have a job here. So that kind of put me on my butt for a lack of a better term because I didn't know what I was going to do now. I thought I had it planned out. So I was back to square one. It was so tough because there were other jobs on the table that I, I didn't want to take because I'm like, you know, I was about to work at the nsa, now I'm being offered jobs which I don't want to say was beneath me, but I knew I could do better and I didn't want to lock my into it. So I was turning down jobs because I was like, I know what I'm looking for, I know where I want to be. It was difficult. Like the first three weeks I don't think I did anything but like cry. I know, moment of vulnerability because I was crushed. I moved back into my parents house and I have no job now. But yeah, it did take some time. So I started just looking up intelligence jobs and I realized there's a lot of private companies that want intelligence. So I started applying to all of these cyber jobs that I personally was not qualified for. But I applied anyway and I applied for a position at Idaho National Laboratory. I think the job description was cyber security researcher. And I read it and I'm like, I can research stuff. So I applied and the recruiter, bless her heart because she could have just tossed my resume to the side, but she was like, you know what? We're looking for someone with more technical chops for this position, so you don't qualify. However, there's another Part of the lab that I think your background and your skills matches up perfectly with. So she passed me on to someone else and it was like an eight hour interview. And after all that they said, you know what, you have all the other skills that we're looking for. You have an intel background, you're analytical, you know how to write, you know how to briefly will teach you the cyber stuff. And they hired me and for three years I dove right into OTICS Cybersecurity Headfirst. I went from like a medium sized company, like at Idaho National Laboratory to like Accenture, half a million people worldwide, such a large company, to now at a smaller company, Nozomi Networks. What I like about it is I get to learn so much more outside of my role, but it also enables me to do my job. So at a big company, you know, everyone kind of gets pigeonholed into doing one thing and you do it well, but you're never going to learn everything else. And because the company is so small, I see myself interacting with marketing and pr, with the sales engineer, with BDN alliances, and then of course with the security research team that I'm a part of. And I get to see the big vision of a technology company and not just the one small thing that I do. So during the pandemic, I gave a lot of cybersecurity advice to a lot of my friends and associates that lost their jobs. They didn't know what to do now and they were looking at me like, you seem to be doing great and you're in cybersecurity. How do I get into it? And I had to say, hold on, like let's utilize and leverage your background and your experience into cyber. So for example, I know someone who lost her job at a financial institution. I was like, financial institutions need cyber so your background can be leveraged. Maybe take a couple of these courses, get these certifications, look at some job descriptions and align what the certifications you're going to get to what the industry is looking for. Utilize what you have. Like cyber needs all types of skills. It's not a one size fit all type of thing. I think me being a woman in this field seems to, and I don't want to say hurt me more, but I seem to have more run ins with that being an issue versus me being a person of color only because they assume that a woman, she's not technical, she doesn't know what she's talking about. I mean, I've been in OT for so long and I still have people trying to explain to me what industrial control systems are. Outside of that, I don't think I've experienced that, thankfully. I've just been working with people more open, more cultured, and just respect me a little bit more. I guess I want to be remembered as, I don't want to say a trailblazer, but obviously someone that is representing people of color, women of color in this space. I try to speak at conferences. You know, I'm doing webinars. And it's not for me to just feel good about myself or I mean, obviously it's to make the company look good too, but it's also to kind of show people, especially the youth, hey, you know, there's a woman, there's someone black that's doing these things and kind of gauging their interest in this field, especially with girls. I used to volunteer with girls who code and just changing their minds about what working in cybersecurity looks like. You know, you can still have your fun hobbies, you can still love fashion, you can still, you know, like your Instagram and your tiktoking, but you can also still be a really serious cybersecurity professional. So I just want to be an example that people can look at to say she did it. So I know I can do it too. If not anything else, I think that would make me happy.