Last time, I had the opportunity of speaking with Avi. Avi’s not a woman, but they’re a badass hacker with a natural intuition for cybersecurity that has been put to excellent use.
This time, I had the pleasure of speaking with Susan Ballestero. She has unique experience with working in a security operations center and being an information security professional from Costa Rica.
Kim Crawley: Hi Susan! Please tell me about what you do and how you got there.
Susan Ballestero: I’m currently a senior security analyst in a security operations center.
I have been in love with information security since I was 15 years old. My computer got infected after inserting a floppy disk. I found it amazing that I was infected with a virus; I bragged about at high school, and since then, I have been reading. I did not have internet at home, so I had to go to the public library to read books about infosec. After working for a service desk on network and connectivity and supply chain IT , I managed to get a job as junior analyst at the SOC. It was really hard because I had to try several times to get the job.
KC: What do people misunderstand about how SOCs work?
SB: When it comes to non-infosec people, they think SOC people know everything about security and IT. However, I have seen this from people who already work in infosec. They don’t value the work SOC analysts do; most of the time, SOC jobs are the entry level when it comes to creating a career path in infosec. That’s the reason we don’t get the visibility we would like to get when we have to deal with senior analysts from other teams within security operations. For those of us on incident response roles, especially as SOC analysts, the collaboration and knowledge sharing from senior teams are key in improving the analysis in our tasks.
KC: What do you think can be done to encourage more companies to establish SOCs?
SB: It’s really hard; however, I think we have to improve communication in how we as the information security community share ideas when it comes to non information security people. By providing more information online with the correct communication methods, we can encourage companies to have more awareness on the need for security policies and best practices. This will help us to create diferent plans like risk analysis, business continuity plans, incident response plans, and later the incident response team. They can help us to identify the areas where our employees require more awareness. Also, they can assist on the evaluations for new technologies, identify new vulnerabilities and and formulate the most proper responses for them.
SOC teams can get involved with different key projects by providing their point of view regarding risk analysis and how to improve business continuity plan among others. Also, since they are sometimes the first interaction between users and security teams, they can help provide training and resources to end users. This will help the SOC team create material for non-security users and learn from them during the training sessions. However, we can’t do that if we don’t have enough support from upper management.
KC: What do you think the biggest problems in cybersecurity are these days?
SB: I would say we have a lot of them.
There’s the lack of security professionals and the lack of study programs in some countries. I am from Costa Rica, and sometimes it is really hard to study this field if you don’t have the right resources. If you have internet, sure you can do it , but there’s a few students who don’t have that option. That makes it difficult to access the free material online.
There’s also cloud security, the Internet of Things, advanced persistence threats, vulnerabilities in the healthcare and supply chain industries, and regulations like GDPR and CSL.
KC: How do you think companies in our industry can attract more women to enter the cybersecurity field?
SB: I think the gender gap is not only in the security field; it is a bigger issue in the tech industry. I feel countries like the USA currently have different programs and encourage girls and woman to be part of STEM. However, it will be great if those programs considered populations from other countries like those in Central America.
Machismo in Central America is huge, and sometimes women don’t get the support from their family or local institutions to continue their studies. It would be great if we can promote those programs across the world using a single platform. If someone wants to join those programs, they can submit the information to check if she is eligible.
KC: Excellent! Is there anything else you’d like to add before we go?
SB: Besides information security, I enjoy reading. This is something we should keep handy. As Robin Sharma said, “Less ego, More excellence. Less talk, More doing. Less gossip, more guts. Less being busy, more being productive. Less hate, More love.” Sometimes we as infosec professionals forget that behind the analysis and malware stuff, there’s a person, and we should have more empathy for everyone.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.