4 minute read
Noushin Shabab
Senior Security Researcher (GReAT) Kaspersky
I’m a Senior Security Researcher at Kaspersky ANZ, which means I have to keep across the latest advances in malware and attack techniques, solve the puzzle of a new cyber threat and share the knowledge gained from my investigation with others. It’s challenging, but it’s what I love the most about my job.
Being able to communicate technical topics in a language appropriate to the audience is, I believe, just as important as technical skills. That audience could be other security experts, media representatives, or even a general audience with no cybersecurity knowledge. In each case a different approach and a different language is needed.
As I have gained more experience in cybersecurity I have had opportunities to move into management roles, but decided to stay in a technical role and improve and expand my technical skills. I think that was my most important career decision. And I think the most important advice that’s steered my career was to keep learning. I believe it’s never too late to learn something new, so I constantly strive to learn. I believe it’s the only way to be successful in cybersecurity.
At university I took courses that helped me build a deep understanding of computer system fundamentals. I believe those have also helped me greatly in my career.
In general, I don’t believe having certificates has a direct impact on career progress. However, if a qualification or certificate is chosen wisely, what you learn from it can be quite useful in your journey, rather than the certificate itself.
I prefer to read books, learn from the extensive resources available on various platforms and gain hands-on experience in the topics that interest me rather than gaining new qualifications and certificates. I constantly improve my skills through these avenues, and through communication with others. “There is plenty of scope for getting more women into cybersecurity, and everyone has a role: academia, government and the industry. One my most memorable career experiences was discovering I had played a part.”
The culture of my workplace accepts and encourages innovation, new ideas, thinking outside the box. It welcomes new perspectives and gives equal opportunities to people despite their background and their differences. For a long time, I was the only women in our team, but was never made to feel I did not belong.
I think collaboration and knowledge sharing are essential to help us all as a community to move forward in this fast-paced industry. I would like to see more social events (virtual or in-person) as well as public blog posts and webinars to help build this collaboration.
I’ve attended many security conferences and events in the past few years. The quality varied greatly, across the topics, the peripheral activities and the overall organisation. When I looked at the organising team, I was not surprised to see the better ones had a better gender balance.
We’re a long way from achieving a gender balance across the cybersecurity industry, but we’re moving in the right direction, as some research undertaken by Kaspersky shows. Earlier this year we released a Women in tech report: Where are we now? Understanding the evolution of women in technology.
It followed similar research undertaken two years earlier, and between those two studies we’ve had COVID-enforced remote working. Forty six per cent of women surveyed, globally, believed gender equality had been improved by teams working remotely. In the APAC region the figure was 58 per cent.
Flexible working fosters gender equality, and technology supports flexible working but technology can also be used against gender equality.
Stalkerware is software that can be installed on a mobile phone or a tablet to spy on the user’s activities without their consent. In 2019, Kaspersky came together with a group of partners and founded the Coalition against Stalkerware. I’m playing a small role in this initiative and help wherever my technical skills are needed.
Earlier in the year I gave a presentation and joined a panel discussion at PauseFest with the CEO of the Women’s Services Network, WESNET, Australia’s peak body for specialist women’s domestic and family violence services, about the issues related to the abuse of technology to facilitate domestic violence.
There is plenty of scope for getting more women into cybersecurity, and everyone has a role: academia, government and the industry. One my most memorable career experiences was discovering I had played a part.
In 2016, I delivered a malware analysis workshop to a group of university students from the Australian Women in Security Network’s cadets program A few months later, when I was presenting at the Ruxcon Conference, I saw some of the girls from that workshop sitting in the front row and taking notes.
At the same event a year earlier I had struggled to find many women among the conference attendees. It was wonderful to realise I had encouraged those girls to be more active in the community.
twitter.com/NoushinShbb
