“Reinventing Cybersecurity” is a new anthology written entirely by women and non-binary leaders in cybersecurity that aims to educate, inspire, and help spark more diversity in the industry.
We recently caught up with Angela Marafino, customer project manager at Microsoft who wrote a chapter called “A Little Less Yasss Queen, A Lot More Action!” about imposter syndrome for underrepresented groups in the tech industry.
Marafino, who works in security and compliance at Microsoft, signed copies of the book last month at the Seattle BSides conference, a cybersecurity community that has held more than 725 events around the world.
The interview was edited for brevity and clarity.
GeekWire: Thanks for speaking with us, Angela. How did you get into the cybersecurity industry?
Angela Marafino: After already completing my first bachelor’s degree, I was going to go to law school and then decided what I really wanted was a career in technology. I spent some time trying to figure out what area of technology to explore and determined that cybersecurity was the best route for me based on what I read about it and the traits of those who excel in the field. I completed a six-month cybersecurity bootcamp, which was an amazing experience.
Could you tell us more about the premise of “Reinventing Cybersecurity”?
The concept behind Reinventing Cybersecurity was to tell “Tales of Rebellion and Revolution,” times when we (underrepresented folks) had to fight for an unpopular opinion or to inspire waves of organizational change. We’ve often had to stand up for the right ideas even when they’re not the “popular” opinion or to adjust mid-flight to work under entirely new conditions. The frequency with which we all have to do these things lends itself to a plethora of valuable experiences to share.
Talk about the reference behind your chapter title in the book.
I had one title — “Don’t Call Me By Your Name and I Won’t Call You by Mine” — for the longest time because so frequently when someone hears someone else say, “I have imposter syndrome,” that person says “oh, me too,” and so does everybody else. It reaffirms the concept or feeling, rather than providing actionable insight on how to move forward.
But at the very end of the editing process, I was adding in all the titles for the paragraphs and there’s a part about people just saying “oh, yeah, me too. Yeah girl. Yes. Yes.” It reminded me of the show “Broad City,” which aired over the last few years and that’s where the phrase “Yass Queen” comes from.
But we don’t need to do that. We need to say “oh, tell me more about that and let’s try to figure out what needs to happen and who needs to take action to help set you up for success.”
What needs to be done to incentivize women and non-binary leaders in cybersecurity?
The interest to be in this industry is there. We just need to keep amplifying the fact that there are non-binary individuals in technology, there are trans individuals in technology, there are women, and this is what we do in our career so that they can see themselves in the positions that we have. Representation matters.
What are the main issues in the cybersecurity industry related to diversity, specifically for women and non-binary?
We have constantly had to reinvent ourselves and the way we are viewed in this white, male-dominated industry. That includes having to frequently fight to get a seat at the table, to be heard, and to be given the same well-deserved opportunities as our male counterparts.
Based on your experience, what should be done to help improve diversity?
Less “culture fit” conversations. This tends to reinforce similarity bias and a chain reaction of only hiring friends, or of friends of friends, which doesn’t lend itself to hiring a variety of qualified candidates from diverse backgrounds. It’s better to look at it as a “culture add” rather than “culture fit” perspective, and to then support those you hire to get value out of the opportunity to create a more diverse team. Another important piece is to have a more diverse group of people to be part of interviews and the hiring process as a whole.
What advice would you give women and non-binary professionals who are trying to get in and move up in the industry?
Don’t get discouraged and don’t let anyone tell you that you can’t do anything. If you have a goal, surround yourself with peers and mentors that will lift you up and help you get there. It’s not an easy path, but it’s very rewarding and we need your unique views from your past experiences to do our best work, together.
What books do you recommend for anyone breaking into the industry?
One book is “The Pentester BluePrint.” The majority of people that want to break into cybersecurity want to hack things based on what they see in movies and online. It’s the “cool role” in cybersecurity, and the Pentester Blueprint directly provides resources and advice for achieving an offensive or red team-focused role. And then there’s a series called the “Tribe of Hackers.” There are four books in that series but the first one is just “Tribe of Hackers,” which is cybersecurity professionals in general, with a variety of backgrounds and in various roles. This would be a great starting point.