Day of Shecurity Conference 2022 recap: Breaking into cybersecurity, avoiding burnout, and overcoming imposter syndrome

In the last few years, large-scale cyber attacks have changed the way corporations think about and invest in cybersecurity. And along with that demand, the severe shortage of cybersecurity professionals has been brought to light. Corporations need to invest in people, and investing in diverse talent is key.

While we’re starting to see improvements in the cyber workforce, (ISC)² reports that only 24% of cybersecurity roles are filled by women. And in leadership roles, the numbers are far lower. 

That’s where Day of Shecurity comes in – a free, interactive, one-day annual conference that launched in 2017. The goal: build a stronger and more gender diverse security workforce. How? By bringing women and non-binary individuals together to build skills, make connections, and gain resources to make a professional leap into this exciting field a reality. 

For this year’s event, held on May 11th, Pluralsight was excited to be part of the effort to help build a more robust and inclusive cybersecurity workforce.

With more than 1,000 attendees, amazing keynote speakers, hands-on workshops, and talk tracks ranging from technical to career-building, the event was filled with everything an aspiring cybersecurity professional could want. 

Here are my top takeaways from this year’s event. 

A common theme running through this year’s event was how to get started and build a career in cybersecurity. If you’re curious about cyber and wondering if it’s for you, the first thing to understand is that cybersecurity covers every aspect of technology. It’s an ever-advancing and moving space. So ask yourself: am I someone who wants to learn something new every day in order to be successful at my job? If the answer is yes, then cybersecurity may be for you! 

Next, decide what you love to do and are passionate about. Examine your talents and skills, and find a place in cybersecurity that matches them. Put together your resume and identify the skills gaps that you need to fill in order to get the job you’re seeking. Start with the understanding that continuous learning is what cybersecurity is about, and take advantage of the many online learning resources available. Take notes about what you learn and find a way to convey this knowledge when you interview. 

In cyber, your ability to learn and adapt quickly, and your willingness to practice, are key.

The second most-discussed topic was how to overcome imposter syndrome. This is both the most easy and most difficult thing to solve because it involves changing how you feel about yourself. You aren’t the only one who feels like an imposter – WE ALL DO! The best way to combat imposter syndrome is to understand how prevalent it is. Go ahead and ask a respected leader, and I can almost guarantee they will have an imposter story or two.

So how can you take action toward not feeling like an imposter? This one is huge, so stop and think about it for a moment. If you believe you’re an imposter because you feel like you don’t know what you’re doing, well, there’s a simple fix. Learn something! Build a knowledge base. Build confidence. There are a vast amount of resources out there that will help you to gain experience in cyber. Hands-on learning is key here! Showing yourself that you can gain technical skills on your own while learning key concepts is critical in building confidence. 

Pluralsight provides online courses, assessments, and hands-on labs to help get you started. And remember, the person who hired you believed in you and understood you had much to learn, so honor that by believing in yourself!

Burnout is a real challenge in the cybersecurity industry – it’s important to look out for it, and understand how to avoid it.

For those already in a cybersecurity role, the dire shortage of security professionals is being felt everywhere. Teams tend to be understaffed, systems need to be monitored 24-7 (with some roles shared in shifts), and if an incident occurs, it could be an all-hands-on-deck situation. Combine that with the consistent need to stay relevant, learn, and upskill, and you have the perfect storm for burnout. 

Leadership that invests not only in training, but in dedicated learning time, will see the greatest retention and job satisfaction rate. Providing space for work-life balance, carving out time solely dedicated to learning, and ensuring teams are fully staffed are just a few ways that leaders can battle burnout. 

An exciting highlight from the technical talk tracks included the importance of building a communication loop between red (offensive security) and blue (defensive security) teams in security operations. 

Red and blue teams have the same goals and objectives – to improve an organization’s defenses – so the flow of communication should be cyclical. Summarize the weaknesses found, the activity detected, and the improvements to be made. Follow through after actions, share intel, and start the cycle again. Invest in cross-team training to allow for a better understanding of what is being bypassed and defended against.

Another highlight was shifting to remote security operations, and the need to adapt to the changing employment landscape. We’ve seen many industries and roles shift to remote work. Cybersecurity is attempting to follow suit, but managing pen testing programs or a security operations center (SOC) remotely is no easy feat. 

To successfully manage remote teams, businesses are learning to adapt by using collaborative platforms, designating clear and distinct responsibilities, and improving team communication.

Diversity was also a common theme running through the entire Day of Shecurity event. Karen Lavi of Microsoft said it best - “Diversity is a problem-solving superpower.” And she’s right. We all see problems differently and we all solve problems differently. Diverse candidates and teams are going to be key in solving the cybersecurity hiring problem.  

I want to send a special thank you to Kelly Thibault from Secure Diversity for organizing an amazing conference and providing a space in cybersecurity solely for women and non-binary minorities! 

Here are some Pluralsight resources to help you get you started in cybersecurity and improve your knowledge base. 

Information and Cyber Security Foundations

Security Event Triage

Incident Response

Bri Frost Andersen is a Cybersecurity Curriculum Manager @ Pluralsight