Welcome to our interview series, How'd You Get That Job, where we grill people with unusual positions you won't find in your standard career guide.
In light of the massive information security breach that was recently unveiled by Equifax and the uproar around the qualifications of their former Chief Security Officer we thought it might make sense to point out there are some very highly qualified women working in this field. The first person that came to mind was one of the most inspirational and informative people to follow on Twitter, Christina Morillo.
She makes the world of Information Security accessible and easier to understand for those of us who may have only a cursory knowledge of the subject. Plus, she provides a lot of real talk about the challenges of working in tech as a woman of color.
Christina is New York City-based information security and technology professional. By day she works at Microsoft as a Senior Program Manager on the Azure Information Protection Cloud & Engineering team. As an information security professional, she engineers solutions to solve complex issues, strengthen processes, automate tasks and increase productivity.
In addition to her professional work, Christina also co-founded Women of Color in Tech Chat, a grassroots initiative for women and nonbinary people of color in tech. Under this initiative, Christina developed, strategized and creatively directed three stock photo shoots, with the goal of boosting visual representation in the industry.
The #WOCinTech chat photos have been used by a variety of press, journalists, technology and business organizations, and have inspired others to follow suit. She has since advised on subsequent diverse photo projects including Jopwell's recently released diverse stock photo collection. She is also a mom of three proving that you can actually have a successful career, and family.
How did you get into the field of cybersecurity/information security?
While going for my undergrad I started building my experience by working helpdesk and technical support roles. I gradually moved into desktop support and system/network administration. By the time I graduated, I had the necessary experience to land a job as a Jr. network/system administrator and was offered an information security role shortly thereafter. The rest, as they say, is
history evolution. I've been here a very long time.
Is there any special education or training required for this field (to do your job)?
I get asked this question a lot and it tends to be a polarizing topic in the security community. There really hasn't been a direct path. In my experience, however, having foundational knowledge and an insatiable curiosity about how computers and networks work opened many doors for me. Back when I started there were no cybersecurity specific programs, certifications or organizations helping you to level up. There are tons of them now. Learn to research as it is a skill you will need throughout your career.
You also want to:
- Understand the security ecosystem and figure out which direction you want to take. For example, are you interested in threat hunting, penetration testing, offensive, defensive, compliance, etc. Start there then speak to others in the industry to better understand what skills are needed.
- If you have no experience coming in, look at reputable industry certifications, depending on your focus, and study, practice, build.
What's the weirdest part of your job?
I wouldn't say that it's weird per say but one thing that was initially foreign to me was being 100% remote. I’m an ambivert which means I love people but have moments of introversion so being completely remote was something I had to get comfortable with. On the bright side, this means that I get to travel to Seattle and other places often.
When did you know that being in information protection and security was something you should be doing?
A few years ago, I was hired to complete the development and ship (for the non-tech types, ship=launch) of an identity and access management program for a global company. I had never built something like this before but I accepted the offer and gave it my all. I was given a year but I completed this humongous task in four months. This was confirmation that I could do anything.
Tech, in general, can be a tough industry especially for women and women of color in particular, but it's also exhilarating, exciting, you are constantly challenging yourself, learning and growing.