Cybersecurity wasn’t always my dream career. In fact, I landed here by chance. But looking back, I see how the smallest moments shaped my journey in this domain. Back when I was pursuing my Bachelors degree in Computer Science, I remember being extremely fascinated with cryptography. The different types of encryption, key rotations, and their applications in so many areas amazed me. Years later, I realize that my fascination probably stemmed from cryptography being quite tough. I just wanted to choose a topic to stand out! 😀

But who knew that I would end up in a career which has cryptography in its core? Fast forward to campus placements when everyone was trying to get into either TCS, Infosys, Wipro or L&T. I was eventually selected in TCS. I had no idea what would happen after my training in coding for 6 months in TCS Thoraipakkam campus. Every single person in the batch expected to land up in a development project. But there were other plans in the making for me. I ended up in a cybersecurity project by fluke. I remember vividly writing my bio in the cramped office library. I was literally selected for my English writing skills. I am not even joking.

Here are three things that I wish I knew before I started my career in cybersecurity:

1. Understanding the core foundations of cybersecurity
   • Basically the CIA triad. I had absolutely no knowledge on what does confidentiality, integrity or availability meant for a company. Early on, I thought cybersecurity was just about preventing data breaches. I didn’t fully grasp the deeper concepts of confidentiality, integrity, and availability (CIA triad) that formed its backbone. We were responsible for notifying the stakeholders of any possible breaches. I understood the essence of the project. But, I did not really tie it back to the core of cybersecurity. I did not understand why this mattered. This realization occurred to me when I started looking for opportunities outside. One of the interviewers asked me some very basic cybersecurity questions. I couldn’t respond to them. It was embarrassing to say the least but it made me realize how much learning I had to take up.
   • Now that I understand the importance of having one’s foundations clear, it is easier for me to connect the dots. I can now look at a security program on a higher level.
2. Doing entry level certifications
   • Having someone to guide me on pursuing entry level certification to boost my knowledge and solidify the hands-on experience I was gaining would have helped immensely. I saw my seniors doing CISSP, CISM, CISA which was not something I could do at the beginning of my career. I believe that if I had done something during my first two years, my career trajectory might have been slightly different.
   • I cleared my CISSP 5 years into my experience. This achievement served as the fulfilling point for a higher level role. It also helped in getting my foundations clear.
3. Getting comfortable with the possibility that you might be the only woman in cybersecurity among all men
   • This was extremely daunting at first. During the early years, I lacked a female security lead to look up to. There was no one to guide me through this minority issue. Sure, there were some female leads but they acted like tomboys, trying to be aggressive instead of assertive. It took me several years, well almost a decade, to become comfortable with this situation. I often felt the need to over-prepare before speaking in meetings or leading projects—just to prove I belonged. At the back of my mind, I feared judgment. As a woman, I worried I will be termed as incompetent or lacking in this domain. For a long time, this led to a lack of confidence. I had adequate knowledge but always looked to retreat from meetings with a wide audience.

Looking back, I realize that having a clear foundation, pursuing certifications early, and embracing confidence despite the gender gap would have made my journey smoother. But every challenge taught me something valuable.

My two cents: The senior members have the responsibility to guide freshers or interns. They must help them as they navigate or explore cybersecurity for the first time. Even before that the training that are conducted for college graduates must include actual work related workshops. Just providing a laser focused training on software development restricts a student’s visibility towards other potential interests. This eventually leads to quitting the IT sector altogether. Alternatively, they grow to dislike it so much that they start looking for side gigs. Would you agree?

What were the three things you wish you had known at the start of your career? What would you have done differently when you look back? Please drop a comment to share your thoughts.

Thank you for reading!