Cracking the Code: Tenable’s Jessie Jamieson on how women can break into the cybersecurity industry
As the role of digital technology rises in the world, the importance of cybersecurity goes up proportionately. But there is still a shortage in the sector, and women are also not represented adequately, despite forming a large number of STEM graduates in comparison to the US and the UK.
There are, however, role models for women in the cybersecurity field, like Jessie Jamieson, Senior Security Engineer at cybersecurity company Tenable, who spells out how women can enter and make a mark in the field.
The first in her family to go to college and graduate school to become a mathematician, Jamieson always knew that her analytical mind could bring her to new heights and that was when she found cybersecurity. She moved to the Johns Hopkins University Applied Physics Laboratory (APL) where she worked for nearly four years in support of a number of tasks focused on military and civilian cyber operations, cyber strategy, and data-driven decision-making, including efforts supporting the APL COVID-19 Decision Support Center.
“Insofar as challenges, being a first-generation college student meant that I had to figure a lot of things out for myself. I also felt that, as a woman in traditionally male-dominated fields (mathematics and cybersecurity), I would often be the only woman in the room during important meetings, briefings, classes, or lectures, and that can feel intimidating at times. I found that I was constantly having to remind myself that I deserved to be in the room just as much as anyone else – which is difficult to do with imposter syndrome looming over you,” she recalls.
Working now in Tenable’s Research Competitiveness team, which assists with ongoing research efforts and drives the innovation of decision support analytics for the organisation, Jamieson is the author of a number of scientific articles across many different areas of research, and most recently led Tenable's data analysis effort concerning continued prevalence of Log4j vulnerabilities.
To encourage other women to break into the cybersecurity industry, she is also a 2023 co-lead of the Women@Tenable ERG, and is a member of WiCyS and the Women's Society of CyberJutsu.
In an exclusive interview with People Matters, Jamieson talks about the treasure trove of opportunities for women to kick-start their careers in STEM and for companies to diversify their hiring strategy.
What inspired you to pursue a career in cybersecurity, and what do you find most rewarding about the industry?
The research I did as part of my undergraduate study, namely graph theory and combinatorics, lent itself quite easily to some cybersecurity areas of research.
The biggest rewards for me working in this industry are probably twofold: (1) I get to see mathematics and data science applied in new ways all the time, and I sit on the edge of new research in a field that’s becoming more and more complex. (2) Cybersecurity is something that affects everyone, whether they realise it or not, making it so important to people, organisations, and commerce. For this reason, I see that my work benefits everyone, and the more people that I can help with my work, the more fulfilling my work becomes.
What are some of the most important skills and qualities for success in cybersecurity, and how can women develop these?
Communication skills are key for anyone in cybersecurity, but especially for women. The ability to effectively, concisely, and accurately communicate work, findings, and methods is critical for seeing your work get the recognition it deserves.
Additionally, the ability to be agile and adopt new skills is also extremely important, as cybersecurity is a field that’s rapidly evolving. These are non-technical skills that are just as critical as technical ones, and ones that will ensure that women have a higher chance of success as the cybersecurity field morphs and new tech is developed. Developing these skills can be a challenge, however, sometimes we have to create our own opportunities.
To gain experience communicating, I would suggest volunteering during meetings, calls, or team-ups to share your findings or those of your team members, advocating for more of those opportunities for yourself, and working with your teammates or managers to create an environment where positive, constructive feedback is encouraged for all members of your teams.
There are also great conferences, like the Security BSides series, that are welcoming and provide opportunities to communicate projects as well as stay on top of the most recent tech in cybersecurity. These can help with both of the skills I’ve mentioned.
Why do you think there is a lack of diversity in the cybersecurity industry, and what can be done to encourage more women and underrepresented groups to pursue careers in this field?
The cybersecurity field is no different from many other fields that are facing crises of diversity, in that despite recent progress, there’s a history of institutional discrimination and sexism to overcome. Cybersecurity is unique, however, in that it’s a relatively new field– certainly newer than, say, mathematics or other traditional STEM fields– and as such, has a head start on overcoming some of the effects of this and other sources of discrimination.
Additionally, access to technology has traditionally been viewed as a privilege, one that was not often afforded to women and persons of colour, meaning that those with access to technology and instruction were ahead. But this is changing– it’s now easier than ever to learn to programme thanks to open source materials and programming languages, the ubiquity of the Internet, and mass-produced computing platforms, even small or introductory ones, which are now more widely accessible.
What could take this further, however, is access to instruction. More programmes are needed to make instruction and hands-on cybersecurity experience accessible to wider populations globally.
Furthermore, all industries, especially cybersecurity, should continue placing an emphasis on work-life balance and benefits (such as flexible work schedules and maternity/paternity leave) that make balancing work, home, and family life more achievable. Benefits such as these will lead to better outcomes for everyone, and more equitable ones for women.
Organisations should also recognise the benefits that a diverse workforce brings to the table, and begin incentivising participation in diverse groups taking steps to create a more inclusive workplace. If your employees spend part of their work week actively contributing to diversity goals and achievements, does that mean some of their time wasn’t spent programming? Possibly, but did it mean that employees in general felt more empowered to contribute, take responsible risks, and innovate? Almost certainly. Encourage this!
How can women who are interested break into the cybersecurity industry?
Networking with other women in cybersecurity, either through organisations, clubs, or specialised programmes or by attending conferences and meetups, can go a long way towards helping anyone, especially women, break into the cybersecurity field.
In my experiences, women in cybersecurity have been so welcoming and helpful, and understand many of the struggles we face when trying to find our voices and a supportive network. In lieu of specialised training, there are a number of certificates that open doors in cybersecurity, as well, and in some cases, the certificates can be acquired with little-to-no-cost, or through self-instruction.
There are also a number of free events and bootcamps that can help anyone gain useful skills, including TryHackMe challenges and other red team/blue team/CTF events. Events that explain the answers to the challenges after the fact are very valuable!
What are some common misconceptions or stereotypes about women in cybersecurity, and how can we break down these barriers?
I think the biggest one is just that women in this field are somehow not as technical as our male counterparts, and that’s just not true. If you ask the average person to describe the image in their mind’s eye of a “hacker” or “computer whiz” if they were asked to imagine one, how many do you think would describe a white male in a dark hoodie in a room mashing away on their keyboard? I think just this image– the images and portrayals of cybersecurity experts in the mass media and on social media need to change, and that’s a good first step.
How can men be allies and supporters of women in cybersecurity, and help in promoting diversity and inclusion?
There are a number of things that everyone can do to increase allyship for women in cybersecurity. One thing I like to mention is the power of amplification – we all have a great opportunity to use our voices collectively to promote women in the field or to raise awareness of issues, and we should try to do this whenever we can.
I also would encourage our male colleagues to have the courage to call out inappropriate behaviour when it is safe to do so. I have actually seen this happen – situations in which an ally has called out when women have been talked over during meetings, when women with expertise on a matter have been ignored, or when blatantly misogynistic comments or jokes have been made – all with a profound effect. There are ways to do this constructively without being confrontational. Courses such as bystander intervention can empower all of us to step in during these situations.
What message or words of encouragement would you give to women who are considering a career in cybersecurity?
Go for it! It sounds like the typical piece of advice, but I really have found that jumping in and getting involved, whether it’s with a community of interest, organising a conference, or just a networking event, has great dividends.
If you find yourself worrying about fitting in, my second piece of advice is to just be yourself. No one is as good at being you as you are, and each of us has our own strengths and contributions – and these are not to be discounted. You are worth it, you are valued, and you have the potential to be a valuable member of the cybersecurity community.