Women in Cybersecurity: Proofpoint's Sherrod DeGrippo Answers Your Questions

On June 1 2020, Infosecurity Magazine hosted its fourth annual Women in Cybersecurity event. Traditionally a physical discussion-led and networking event held on the morning of Day Two of Infosecurity Europe at London’s Olympia, this year saw Women in Cybersecurity go virtual to bring the industry together to celebrate the women of cybersecurity and discuss the challenges around diversity.

Hosted by editorial director Eleanor Dallaway and sponsored by enterprise security company Proofpoint, the live webinar featured a panel of female industry experts and thought leaders discussing various elements of the women in cybersecurity topic and answering questions from the virtual audience in attendance.

On the panel was Dr Jessica Barker, cybersecurity consultant and co-founder/co-CEO of Cygenta, Becky Pinkard, CISO at Aldermore and Sherrod DeGrippo, senior director of threat research and detection for Proofpoint.

The 60-minute event was full of insightful, thought-led conversation with notable interaction from listeners keen to hear from the industry leaders showcased. Though many audience questions were addressed, unfortunately time was insufficient to fully respond to every question or point of conversation submitted on the day and the days that followed via digital channels.

However, Infosecurity is delighted to be able to compile a selection of the excellent yet unanswered audience questions received and now share responses from one of the panelists, Proofpoint’s Sherrod DeGrippo.

[Submitted question] As a cybersecurity recruiter, I often get a lot of reservations from really promising female students about how male-dominated the cybersecurity industry is and the gender imbalance puts them off. Is there anything I could say to help put their minds at ease?

This is tough and it’s a ‘chicken or egg’ problem where we can’t really solve one part of it without addressing the other. We can’t change the fact that the industry is male-dominated right now, so getting into the industry means you may sometimes be dropped into those environments. The key is making sure you are able to find a company culture that is supportive and encouraging for women in security roles and their career growth. Interview the organizations as much as they’re interviewing you to ensure that you will be in a great place when you land the job.

“Make sure you join an organization that is a fit for your talent growth goals”

[Submitted question] If you do not want to become a manager, can you still advance your career in cybersecurity as a ‘technical’ person?

Absolutely, yes! The security industry needs both leaders and advanced technical contributors. Try to find an organization that supports career growth not only for those in management, but for those who wish to stay on a more technical path as well. Most organizations will have an equivalent growth track for those wishing to remain individual contributors and asking about that during the hiring process is very helpful. Make sure you join an organization that is a fit for your talent growth goals.

[Submitted question] Can you recommend any certifications or courses necessary to be successful in the IT security field?

While certifications aren’t necessary for success, if you are early in your career, certifications like Security+ and Certified Ethical Hacker (CEH) can demonstrate your willingness to learn security concepts. Depending on your career path, the OSCP or CISSP (among others) may be helpful as you advance in your career, but again, not necessary for success.

[Submitted question] If I already have a career degree in IT Security and I am focusing more on the human side, is it valuable for me to do a management master’s degree?

I would advise against pursuing a degree solely for the purpose of moving into a management position. You can likely find management positions on security teams or at security vendors without having a management-specific degree. 

[Submitted question] What advice would you give to someone who is already working in cybersecurity but wants to go into auditing and compliance, which is not such a technical role?

While I do not have specific experience in auditing and compliance, your technical skills likely give you different, valuable perspective from others in audit or compliance. Think about how those transferrable skills would allow you to approach problems differently from those without your background and lean into that.

“Ultimately, the biggest cure for a lack of confidence is to build it through experiences that challenge your self-perception and ideas of what you can and can’t do”

[Submitted question] How can I find a mentor?

Are there people in your organization doing work you admire or you are interested in? If you are comfortable doing so, email them and let them know! Ask if they would be willing to meet for a (virtual) coffee to chat more about what they do. Alternatively, attending industry events like conferences and meetups can be a great way to make new connections. Often, the mentor-mentee relationship will happen organically. Twitter can also be a great way to meet others in the infosec industry.

[Submitted question] How did you build your confidence? I am just starting out in my career and experiencing a lot of doubt.

There’s something to be said for forging ahead instead of letting your anxieties or fears hold you back, but I know that can be difficult. Trying new things and continuing to evaluate how those things make you feel, what your results are and then choosing whether to lean more or move away can help you feel in control. Ultimately, the biggest cure for a lack of confidence is to build it through experiences that challenge your self-perception and ideas of what you can and can’t do.

“I would recommend getting women into the rooms of influence, into the places where they’re able to be involved and make decisions”

[Submitted question] Do you think a varied career across multiple roles in different organizations is vital for climbing the professional ladder, compared to sticking with one employer and pushing vertically?

Either of these paths can work. As usual, it depends. There is no accurate answer here. I think that lots of experiences are helpful for finding what you enjoy and what makes you happiest, but specialization is highly valued in information security. The key to keeping going in any role is having an interest in it and that lets you push through the bad days or the challenging aspects of the job. 

[Submitted question] I work for a cybersecurity company where the senior staff seem supportive, in theory, of celebrating women in tech, but they don’t really know where to start. What recommendations would you give for initiatives and ideas we can do in-house to really push the message?

Celebrating is not something that garners inclusion and advancement and can be seen as an empty gesture. I would recommend getting women into the rooms of influence, into the places where they’re able to be involved and make decisions. There are real teeth behind having them directly involved in the decision-making process at the executive level. Celebrating is showing, putting women in the room is doing.

What’s Hot on Infosecurity Magazine?