The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading Cybersecurity Industry”, we had the pleasure of interviewing Dinah Davis.

Dinah Davis is Vice President of Research and Development at Arctic Wolf Networks. Dinah has over 20 years of cybersecurity experience including a Master’s Degree in Cryptography from the University of Waterloo. Dinah is a big believer in supporting the community and as such has been running the KW Cybersecurity Meetup for the last four years, is an active mentor of the Founders Institute, and the founder of Code Like a Girl, a publication focused on celebrating Women in Technology.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

When I was in high school, I was very good at math. I took the high school calculus class and prided myself on obtaining better grades than the boys. When it came time to choose a career, I went to the school counselor for advice. He said, “You’re great at math and science and you are a girl, so you should be a math teacher.”

My 17-year-old self naively believed him and didn’t even consider schools with engineering, mathematics, or computer science programs. I went to the University of Lethbridge in Alberta to become a math teacher.

After my first year there I realized that the most critical part in becoming a teacher was to be passionate about teaching. I found that I was passionate and dedicated to mathematics and not teaching. I decided not to become a teacher. That was the best choice I could ever have made!

I waited until my third year of university to take my first computer science course. All my friends told me it was very hard and no fun at all, so I had put it off. After the first few classes I realized it was no more difficult than my other math classes and I enjoyed it. That is when I fell in love with Computer Science. What I hadn’t realized before was that the strongest skills you need for computer science are logical thinking and problem solving. These are exactly the skills that people who are talented in mathematics have. I loved that computer science gave me a real-world way to use this talent.

Later in my third year of university I decided to join the co-op program (internship program) to try and acquire some much-needed job experience. A role with the Canadian government opened up. They were looking for math students with computer science experience. Excellent! That was me! They had me implement the Bluetooth spec in C++ so they could evaluate its security value. This was how I discovered and fell in love with Cyber Security. It is the perfect career for someone who loves mathematics and computer science.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I am obsessed with the book Accelerate. It proves all the things I intuitively feel make a great dev team — an agile mindset, a collaborative culture, and continuous delivery — do in fact make great dev teams. What I love about the book is that it gives you a set of metrics you can use to evaluate your performance. By measuring organizational culture, software delivery performance, and job satisfaction and watching the trends over time you can see if you are making progress towards a higher performance organization.

I did a full book review of it here https://code.likeagirl.io/the-one-book-every-tech-leader-should-read-8d78dfdc5e0e

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

There was not. As with many of the people in cybersecurity that I know, especially women, we fell into it. Many of us have very winding stories about how we ended up in Cybersecurity. In the late 90s and early 2000s cybersecurity was a specialization few people thought about or knew about. The internet was just coming into its own and society in general was not thinking about its security issues, but about its possibilities. Until 2017, when wannacry hit, at Arctic Wolf we still had to convince companies that actively managing their security was something they needed to do. So there really weren’t a lot of stories or role models for us to see that a career in cybersecurity could be amazing.

One of the reasons I started Code Like A Girl was that I wanted to make sure my daughter and other girls like her knew about all the amazing careers in technology that were possible. Those were things I couldn’t see growing up and I felt the only way we were going to change the gender ratio in technology was if we got girls interested at a young age and provided them with role models so they could see the possibilities.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

Try as I might, I cannot think of a funny story for this one.

Are you working on any exciting new projects now? How do you think that will help people?

In 2015 I started Code Like A Girl, a global publication aimed at changing the perception of women in technology. For personal reasons I handed it over to a friend to run in 2018. This summer I will be taking it over again. I am excited to dive back in, to help women navigate the world of tech, encourage young women to pursue a career in tech, help parents and teachers get young girls interested in technology, and inform male allies how they can help.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

Opportunities, Opportunities, Opportunities!

Job Opportunities: In a world where so many jobs are getting replaced by machines, cybersecurity offers a never-ending constantly growing supply of jobs. The more we use technology, the more ways we are going to have to figure out how to keep it secure. The amazing thing about cybersecurity is that it lends well to being a second career as well as a first career. The world is changing quickly, and jobs we were used to relying on are going away. If you are a person who pays attention to detail and likes problem solving, then you will likely do well in the cybersecurity industry. There are many college level programs that have one year programs or organizations like SANS that will get you ready for an entry level cybersecurity role.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

Lack of Talent: As I said above one of the great opportunities in cybersecurity is the expansion of the job market for cybersecurity roles. The flip side of this is that we run the risk of not having enough people to do the work needed to keep us safe and secure. Chronic shortages in security talent will mean we will be slower to react to new and expanding threats.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

I believe that supply chain attacks are one of the biggest threats to company security in the near future. The solar winds hack last year really shows how damaging they can be. This is a hard problem to solve, but companies can start by assessing and understanding their supplier network, knowing the risk associated with their third-party suppliers, and ensuring they include the supply chain in their response and remediation plan.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

The one security tool I could not live without is my password manager. On average people have over 200 online accounts. Without a password manager it is easy to fall into the trap of re-using your passwords over and over again. This means that if your password is stolen from one account it could be easily reused to get access to another account where you have used the same password. This is particularly bad since 2017 over 80% of hacking related breaches have leverage stolen and/or weak passwords. If you use a password manager and have a different password for every single site that you use, you basically shut down this attack vector.

I also do a lot of online shopping, especially with covid, and one of the tools I use the most is a website called islegitsite.com. There are so many malicious websites out there trying to steal your data and money. This side checks a host of indicators to help you decide if you should trust the website or not. If you are at all in doubt about the validity of a website I suggest you try out this site.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Account takeover attacks have been the number one vector for attacking companies in the last 4 years. This is where the attacker tries to reuse previously leaked credentials to take over targeted accounts.

Here are 5 signs an account takeover could be in progress in your company

Account details for multiple users getting updated in a short time span. Accounts are updated to use the same details, like phone number, in a very short period of time. Accounts start to show logins from IP addresses in many different countries in a short period of time. Single accounts start using multiple types of devices. Hackers do this to try to cover their tracks. Many accounts using the same device. Not all hackers are savvy about covering their tracks and use the same device to login to multiple accounts.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Before a company is ever attacked they should build an incident response plan that they can then follow if an attack ever occurs. What any company needs to do after a data or security breach depends on the type of business they run and the attack they have suffered. A strong incident response plan helps to guide the company through the process. A great place to start is with the NIST Computer Security Incident Handling Guide.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

The biggest mistake companies make is not using multi-factor authentication to access all corporate accounts. We know that account takeover attacks are the most common way to infiltrate a company. Using multi-factor authentication is one of the easiest ways to significantly reduce the risk of becoming an account takeover victim.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

I have spent the last ten years doing my best to be a positive change agent for Women In Technology. I started a global publication to change perceptions of women in technology. I have run numerous coding workshops for girls and spoken at many Women in Tech events. I have worked hard to be a role model for those around me, mentoring many other women, and showing girls and teenagers what is possible with a career in tech.

Happily over the last five years we have seen many other people, organizations, and schools jump into the conversation. This has driven a significant shift in how diversity in tech is discussed and valued. We are starting to see change, more change than we have seen for the previous 20 years.

Am I satisfied with where we are at today?

Ruth Bader Ginsburg said “When I’m sometimes asked when will there be enough [women on the Supreme Court] and I say, ‘When there are nine,’ people are shocked. But there’d been nine men, and nobody’s ever raised a question about that.” Until it is commonplace to see a C-Suite team that is all women in tech companies, until no one has to comment on how unique that is, I will not be satisfied.

We have reached the hardest part of the process. The part where everyone knows that increasing diversity in tech is the right thing to do. The powers that be, Old Boys Club and the 20 something Mark Zuckerberg wannabes, know that companies with better diversity numbers, especially at the executive level do better financially than those with little to no diversity. They truly believe they are doing positive things for change, but their unconscious biases are undermining their good intentions and alienating the women, people of color, and other minorities who work for them.

We are in a place where people are becoming open to change, they understand the benefits and want to reap them. If we give up now it will regress, undoing the positive change that we have created.

We need to turn our anger into positive change, not reflect it back at those who are starting to soften to change already.

For me, positive change means building up the women around me and advocating for them wherever and whenever I can. It means mentoring them. Taking the time out of my day to help build the next generation even though I am exhausted. Without them we have no future. Redirecting the conversation back to women when they are interrupted in meetings so they have the space to share their ideas. It means advocating for them when they aren’t in the room and building them up in the eyes of others so their competence and value can be seen. It means redirecting questions back to them when questions are asked of a man in the room, even when the woman is the expert in that field.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

There is this idea that to be in cybersecurity you need to know how to hack into anything, know how computers and networks work inside and out, and be an introverted white male.

What people don’t realize is there are hundreds of different types of jobs in cybersecurity. Some of those jobs require technical hands-on security skills, but there are also a huge number of jobs in security that don’t need that. They are more typically focused on policy, compliance, and risk management.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Tackle Issues No One Else is Addressing

Everyone wants to have a successful career, but it isn’t always easy to see how to do that. Standing out among your peers is a great way to become successful. The best way to stand out is to tackle the issues that no one else is addressing in your organization. Look for the places in your organization where there is frustration, communication issues, and mistakes being made. Tease out the root of the issue and take the initiative to solve it. Collaborate with others to build and refine the solution. Then socialize it to get buy-in and adoption. By working to solve issues no one else is addressing you will be looked at as a leader. A person with initiative who is looking out for the best interests of the company. This will help you get noticed by a wider range of people in the organization in a positive way to help grow your career.

2. Be Fearless

Being fearless is the mantra of my life. I believe it has been the key to my success and happiness in life, especially as a woman in tech. I often walk into rooms that are 80–90% men. Early in my career this was intimidating. I really had to push myself to be fearless and speak up in those meetings. I push myself to be fearless when I am in meetings with senior leaders. Just because they have a bigger job title than me doesn’t mean my ideas and insights don’t add value. To voice my ideas, I have to quell my fears, remind myself that I am smart, and my ideas are valuable. To me this is being fearless. The more you do things that scare you the easier it gets. But you have to keep pushing yourself to do them.

3. Be a Servant Leader

As a leader I am always trying to get the best from my team. To do that I need to put the needs of the team before my own needs. The happier a team of people is the more creative, innovative, and hard working they will be. To be a good servant leader you need to listen, be empathetic, create psychological safety, be self-aware, be a good steward, be committed to grow your people and build a community around them.

One example of this is where the leader sits in the office. Many people think the leader should have the quiet corner office where they can do their work in peace. Instead I look at my team and think, who needs the most peace and quiet to produce the best results? That isn’t me, I am interrupted 100s of times a day. I don’t need a quiet space to work, my workspace is never quiet. My developers on the other hand need a place to think and problem solve.

So a few years ago when we were bursting at the seams in a previous office, I volunteered to take the desk that was quite literally beside the men’s room. There were about 45 people in our office at the time, 40 of which were men. It was a busy, not so nice location. Given that I would often be away in meetings and easily interruptible anyway I volunteered to take that spot. This meant my Architect could be in a much quieter location where he could think and be more productive. Thinking of your team first will gain their trust and respect and they will work harder for you because of it.

4. Network Network Network

Networking is critical to our careers. Three out of the four jobs I have held have been a direct result of the magic of my network. In the summer of 2003, while still a grad student, I attended a cryptography conference. There I met a co-op student that was working on the “crypto team” at BlackBerry (then called Research In Motion). That fall I started to look for a full time job as a security software developer. The problem was the tech industry was still recovering from the 2001 bubble and it was hard to find work. In November of 2003 I ran into the co-op I met the previous summer near our university. We made small talk and he asked me what I was up to. I mentioned I was looking for a job and wasn’t having much success. He remembered I was finishing a degree in cryptography and suggested I email him my resume so he could pass it on to the boss of the “crypto team” at BlackBerry where he worked the summer before.

A couple of weeks later I landed a job interview at BlackBerry and in January of 2004 I started my dream job as a security software developer at BlackBerry.

5. Use Your Support Network

When times get tough, because they will, you need to lean on your support network. There is no such thing as the superwoman, the woman who does everything. The woman who takes care of her family, cooks, cleans, has a successful career, is the perfect daughter or best friend, and is everything to everybody. She does not exist, so stop expecting it from yourself and lean on your friends, family, and co-workers when you need to. When you collaborate with others you will build the best solutions and create the most amazing things.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂

I would love to have breakfast with Ellen K. Pao. I read her book “Reset: My Fight for Inclusion and Lasting Change.” and found it both inspiring and infuriating at the same time. She was the catalyst for so many conversations that brought about positive change for gender equity in the tech space. I would love to learn from her how she persisted against so much adversity and how she has continued to push through the sexism in tech to build her career.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!