I've gained a greater appreciation for the connection between the offensive and defensive sides of security.

Simone V. Business Information Security Officer, NSW

Simone V., a Business Information Security Officer at the NSW Department of Customer Service, Office of the CISO, was already a successful cyber security practitioner and CTF winner when she completed her first SANS course and GIAC certification. Her career journey so far has been a truly interesting one...

What Sparked your interest in Cyber Security?

The excitement of participating in Capture the Flag (CTF) events was initially what sparked my interest in cyber security. It's a great experience and an excellent way to learn if you are new to the field.

I've participated in various CTF events, including some organised by the NSW Government and the Australian Women in Security Network (AWSN), for example. These events are highly competitive, but the most valuable aspect is they usually simulate real-life challenges and techniques. These events are designed to test participants' ability to defend systems and exploit cyber security vulnerabilities, so there are many factors contributing to success, such as problem-solving, how you manage your team, and how everyone's skills complement each other to achieve the same goal.

What advice would you give to women looking to enter the Cyber Security Industry?

If you're passionate about the mission of safeguarding our information from adversaries and potential threats,my advice is that the world of cyber security is for you.

When I initially considered entering this field, I was unsure about how my skills would align as I have a background in humanities rather than IT. There's a common misconception that a career in cyber security is exclusively technical, but that's far from the truth. Cyber security encompasses different roles and requires a broad skill set, including, communication, governance, critical thinking and much more. These non-technical skills play a crucial role in advancing the cyber security cause. There is a place for you in cyber security, regardless of whether you're a techie or if your strengths lie in other areas.

I also highly recommend exploring and joining associations such as the Australian Women in Security Network (AWSN). They have been instrumental in providing avenues to connect with other women and leaders in the cyber security community. Thanks to the AWSN, I had the opportunity to participate in events that led to a valuable training opportunity with SANS Institute.

What were your expectations going into your first SANS training event?

I'd heard many positive things about SANS training and knew that the immersive nature of in-person training would be the best way for me to gain the skills necessary for a successful cyber security career. I was expecting that my SANS training course would offer quality hands-on content, but also that my training event would provide a great opportunity to connect with and learn from other practitioners like me in the cyber security industry.

Were there any surprise outcomes from your SANS training experience?

Coming from a non-technical cyber security background, I've experienced a significant improvement in engagement with my technical team after attending the SANS SEC504 course. The training with SANS has provided me with a contextual understanding of our work, allowing me to better grasp the intricacies of safeguarding our organisation's infrastructure. A notable outcome of the SANS training is my newfound confidence in reading and interpreting technical reports, simplifying my job, and enhancing my overall efficiency.

I would participate in further SANS training if given the chance. One of the most valuable aspects of the training is the in-person interactions with the instructor and the other students in the course. Moreover, the instructor is a practitioner in the field which makes the content more relatable and practical. It's not just theory from a textbook; personal experiences are shared throughout the training.

Where do your learning and career go from here?

I've gained a greater appreciation for the connection between the offensive and defensive sides of security. I think it's important to understand both the steps that an attacker might take, and the most effective methods for detecting and responding to these threats. This helps develop a more holistic mindset and approach to security, regardless of one's role and career path.