#InternationalWomensDay Interview: Anne Jobmann, IBM Security

Sunday 8 March marked International Women’s Day 2020, a global day celebrating the social, economic, cultural and political achievements of women.

The campaign theme for this year was #EachforEqual, with the message that an equal world is an enabled world.

“Individually, we’re all responsible for our own thoughts and actions – all day, every day,” read the International Women’s Day website. “We can actively choose to challenge stereotypes, fight bias, broaden perceptions, improve situations and celebrate women’s achievements. Collectively, each one of us can help create a gender equal world.”

The information security industry is one that has traditionally suffered significantly from a notable gender disparity. In fact, in the midst of a staggering global cybersecurity skills shortage that is estimated to have surpassed four million, it’s believed that women represent less than 25% of the cybersecurity workforce. This is a statistic that absolutely needs to change, and initiatives like International Women’s Day are catalysts for doing just that.

However, it is not to say there are not many talented, innovative and thought-leading women already helping to drive the information security industry forward, operating within various roles to ensure the defense and protection of peoples’ data.

One of those is IBM’s Anne Jobmann, who leads the IRIS Intel Malware Reverse Engineering Team which provides malware analysis support to incident response engagements and intelligence research teams as well as supporting the development of a large-scale malware processing engine.

In celebration of International Women’s Day, Infosecurity spoke to Jobmann learn about her security career journey and to discuss the current gender disparity in the security sector.

What was your route into the information security industry?

My route into the cybersecurity industry was based on a combination of luck, skills and good networking. I have a bachelor’s and master’s in Computer Science. I was a software engineer for 15 years before transitioning into cybersecurity – the latter part spent developing custom computer forensic and system triage tools. I was looking to make a move to reduce my commute and reached out to a contact about the possibility of a software development position. He had recently taken a role leading a team conducting computer intrusion investigations and malware analysis and asked if I was interested instead in reverse engineering and malware analysis. I didn't really know much about that domain, but my existing background and experience was a natural fit for the role. The idea of digging deep into a malicious file to determine its purpose and functionality to help put pieces together for analysts and investigators had me hooked. I started out building software and ended up in a field where I was ripping it apart.

What’s the most interesting thing about information security?

It’s always changing. It’s always different. There is always a new challenge. Each day in this industry, there is a new problem to solve, a new piece of malware, a new group of ‘bad guys’ trying to outsmart those of us who are protecting client systems, networks and infrastructure. It is energizing and inspiring to know the work you do daily makes a real difference fighting the adversary and defending clients.

What needs to be done to encourage more women and minorities into the field of cybersecurity?

There are a few key things that would help encourage more women and minorities into the field. There is a responsibility for those of us already in the field to get out there and champion our roles and be visible so women and minorities can have more of a personal connection with those already in the field. Leadership needs to continue to be encouraged to hire diversely. Leaders need to actively look for people who think differently, have different backgrounds and bring unique work or life perspectives along with the appropriate skills to round out teams and then ensure those team members have a true sense of sense of ownership of ideas/projects/tasks within the team. Some roles in cybersecurity have a better fit for alternative work schedules and remote work options. This should be actively encouraged by companies and promoted more as it can be an important factor to women specifically when considering a career field.

What’s Hot on Infosecurity Magazine?