By 2021, there will be 3.5 million open cybersecurity jobs globally, reports Cybersecurity Ventures. Worldwide, women hold 20% of the filled positions.

"Actionable advice on how women can transfer skills to fill the project 3.5M gap in cybersecurity talent. @womenwhocode @CloudCISO_Joan"

Women Who Code, a nonprofit dedicated to supporting women’s career growth in the tech industry, sponsored a panel of seasoned InfoSec professionals from Nike, Intel, Google, and Auth0 at their Portland chapter. The panel shared how they got into cybersecurity, what they’re looking for when they hire talent, and how interested applicants can easily transfer their skills to lucrative cybersecurity roles (full video).

"Discover what it’s like to be a woman in InfoSec at @google, @intel, @nike, and @auth0. —and find out how to make the most of your opportunities. @womenwhocode @CloudCISO_Joan https://youtu.be/lAraWX64ZJw"

Auth0 CISO/VP Operations Joan Pepin suggested we reach out to two other women on our cybersecurity team to talk about how they ended up in InfoSec, what it’s like to work at Auth0, and advice for women looking to break into the field.

Annybell Villarroel, Security Operations Manager

Annybell Villarroel, Security Operations Manager

Anny started working with Auth0 as a contractor back in 2015. She joined the company as a technical support engineer in 2016 and has since transferred her skills to infosec by becoming our security operations manager.

What made you make the switch to security?

While working on a ticket, I realized something that could potentially be used in a phishing campaign. I did a quick experiment with a small sample group to gather feedback, and we noticed that our trainings could be improved in different ways. After hearing about the project, Jon Gelsey, our CEO at the time, suggested to Joan [Auth0’s CISO] that I work in security. I got offered my current role.

Tell us about your current role.

Besides managing projects for our Security Team, I’m preparing our Security Awareness trainings as well as our quarterly phishing campaigns. I recently took a training at the Black Hat Conference to learn best practices and how to raise our general security awareness through social engineering attacks.

How have your skills transferred?

As a support engineer, I learned a lot about the product itself, knowing the historical context and how it works has been useful for a few projects in the security team and my experience talking with customers has helped me with the trainings. I believe that asking “why” and trying to find the root cause of the problem can be useful in any project.

What’s been the biggest challenge so far?

It’s been pretty smooth and I feel very supported in this role and the team is super-great. If I don’t know something everyone is willing to help.

There are a ton of jobs for women in InfoSec. Why work for Auth0?

The job was offered to me and in general, the opportunity was given. I really like the culture here and have an emotional connection to the company. I’ve seen it grow. Auth0 is a security-first company and I find it rewarding to do work that fits with our mission statement of making the internet more secure.

What advice would you have for women breaking into InfoSec?

Don't be afraid to ask security engineers for help. Be willing to make experiments, and take online courses on your own to learn. Practice with Capture The Flag challenges with a mentor that can guide you, and if you like to understand people or are a people person, learn about Social Engineering. We’re hiring.

Eva Sarafianou, Application Security Engineer

Eva Sarafianou, Application Security Engineer

Intrigued by cryptography’s underlying maths, research and study while working on her masters at the University of Athens led Eva to a career in InfoSec, which she describes as “a whole new world.” Eva joined Auth0 in Aug. of 2018.

Tell me about your current role.

I work as an application security engineer. In the Product Security team we work closely with the developers, try to find vulnerabilities in our codebase and give guidelines for mitigation. We’re working on security automation, building tools that will help the engineering team write secure code by default and we're also responsible for the vulnerability disclosure program

How have your skills transferred?

A few months prior to obtaining my master's degree, an internship for security consultancy gave me the opportunity to start applying security in industry instead of academia, specifically web security and mobile — how many things you can control as a user even if you shouldn’t. And how, if you really dig into it you’ll usually find something interesting, even if a code does seem very secure. It may not be something huge, but security is an ongoing effort. It never ends. Even with something small, some very sophisticated attacks are possible.

What’s been the biggest challenge so far?

Being a woman in InfoSec. During my internship, we were visiting customers for assessments and because I was young and the only woman in the office, the customers asked my manager whether or not I knew things. I had to put in extra effort to make sure the customers believed that I knew what I was doing and could explain things. It got better over time, but male interns who came to the office after me didn’t receive questions like these.

Anything seem surprisingly easy?

I think the problem most engineers have is that they love working on their computer and digging into code. If they have to explain this to a non-technical person, they find it a bit difficult. It’s easy for me to take an issue step-by-step and make sure that somebody without the technical background understands.

There are a ton of jobs for women in InfoSec. Why work for Auth0?

I knew Auth0 four years before I joined and really liked the product and the culture. Remote working is the most productive thing.

What advice would you have for women breaking into InfoSec?

First of all and maybe take a direction in college and university that has to do with a computer. Be confident. I think that in InfoSec — not in Auth0 — there are many people who believe they are experts and will ask you “why” in a not very friendly way always. Always ask what you don’t know. I’m usually the only woman on my teams — even at Auth0, in our small team, I am the only woman. Feel confident and don’t feel at all weird that you’re always a minority. If we want more women in tech, as companies and we can do participate in organizations like WWC, but this needs to be spread to the world — it’s how parents raise their daughters. My parents were the same with me as they were with my brother — no change. I was never the little girl that had to be protected and I think that helped.

"Find out what’s like to be a woman in InfoSec (https://youtu.be/lAraWX64ZJw) — and learn how to get the most out of lucrative cybersecurity job opportunities. @womenwhocode @CloudCISO_Joan"