Let’s Broaden the Definition of Diversity in InfoSec

Let’s Broaden The Definition Of Diversity In InfoSec.jpg

This episode of Diverse IT is made possible by the generosity of our sponsor, BNS.

By Selena Templeton

On today’s episode, I chat with Tracy Maleeff, cyber analyst in a SOC for a global company, about the importance of diversity in cybersecurity — but not the typical diversity bullet points (gender and race); rather, a diversity of backgrounds.

Tracy got into the cybersecurity industry via a career as a librarian, which she held for about 15 years before realizing that her “natural paranoia and distrust of things was a career path.” It’s refreshing to hear how just because you didn’t start a career in or undergo schooling for InfoSec doesn’t mean that’s not a viable option for you at any point in your life.

But when she looks back, she can see that her interest in security began young: As a latchkey kid who often lost her key, she became a master at breaking into her own house. Ironically, she used her library card to loid the lock.

“It’s a lot to ask of someone to be very good at interpersonal communication AND know how to reverse engineer malware...because those are completely different skill sets…. That’s why it’s important to build a team of complementary skills and then work together.”
— Tracy Maleef

In this podcast, we talk about:

  • How she brings her Liberal Arts and Library Science skills to the job, particularly when dealing with end users or the tech department.

  • In library science, you don’t organize a book collection so that it makes sense to the librarian; you organize a collection so that it makes sense to the people using it. That’s why a library is organized differently than a bookstore.

  • The phrase “the human or the user is the weakest security link” and why the user is so castigated (why isn’t the industry, which is trying to solve problems for the end user, more sympathetic towards the end user?).

  • People who have been in tech or cyber for decades forget what it’s like to learn something new in this field, so explaining or helping a newbie can be very difficult for them. Tracy brings customer-facing skills to InfoSec.

  • She gives talks like "Empathy as a Service" to teach soft skills to InfoSec and tech types – soft skills and other ways of doing things to improve the end user experience and to improve their own processes. For example, listen to what the user is NOT saying.

  • Advice to get started with a career/industry change into InfoSec:

    • Start following the news in security or technology, set up Google alerts, read the tech sections in magazines

    • Meet people in the industry, ask questions and listen to what they’re saying, go to meet-ups, go to conferences (including the exhibit hall to learn what the main issues are that everyone’s trying to solve), follow news and people on Twitter

    • Her formal training includes: GSEC (GIAC Security Essentials Certification) through SANS Institute and she strongly recommends Network+

Listen and enjoy!

About Tracy Maleeff

Tracy Maleef.png

I am a Cyber Analyst in a Security Operations Center with a Master of Library and Information Science degree. A frequent author and speaker on InfoSec and research topics. I have presented at the industry conferences of Security BSides (Boston, Charm, Northern Virginia, and Philadelphia), DEF CON's Recon Village, and many library/information professional events. I hold the GIAC Security Essentials (GSEC) certification.

I am a frequent presenter on Information Security topics, professional networking, and best practices for performing research/OSINT. I was a keynote speaker for the 14th International Southern African Online User Group Meeting in Pretoria, South Africa in June 2018.

I have 15 years of experience as a librarian in academia, corporate, and law firm industries.

Find Tracy on Twitter & LinkedIn.