14 minute read
Entering the cyber world at a more mature age
SHINTA BENILDA
by Shinta Benilda, Cyber Systems Administrator at Services Australia
“Uh? Are you sure? Can you do it?” Those were the spontaneous comments from my younger siblings in Indonesia when they first heard about my plan to switch professions.
“The challenge in the IT and cybersecurity fields is to keep up with skills that are updated every day,” I had told them. “For me, who loves learning new things, this challenge is very interesting. There is absolutely no time to feel bored because I am always busy learning new knowledge.”
It was 2019 and I had made up my mind to leave my old profession as an Indonesian language teacher and pursue a new career in IT and cybersecurity.
My siblings sounded shocked and sceptical. I did not blame them. It was a natural reaction. I had been teaching Indonesian as a second language for more than twenty years, two years in my home country Indonesia, four years in Singapore and 15 years in Australia. So, when I announced plans to embark on a completely different career, my younger siblings’ comments were inevitable.
In contrast, the reactions of my husband, relatives and friends in Australia were 180 degrees different. They were very supportive of my decision to switch professions. “Good on you. It’s a good decision,” they said.
To be honest, the differing reactions from my family members in Indonesia and Australia also played a part in my decision. On the one hand I was interested and excited to try a new career. On the other hand, I had my doubts. I was an Asian woman in her 40s who had never worked in a technical field. I had a bachelor’s degree in economic management and a master’s degree in Asian studies, but was I capable of making a career in IT or cybersecurity?
Fortunately I took an optimistic view. I have now been working in the penetration testing team in a large government agency for almost a year. It’s something I could never have imagined, but I’m enjoying every day.
There were several reasons for my decision to switch professions. First, I read an article from a cybersecurity organisation saying, by 2026, Australia would need almost 17,000 more cybersecurity workers, and there would be a huge discrepancy been positions and people to fill them.
This information opened my eyes and instantly sparked the idea of trying a new profession. I had been working for many years, but I still wanted to work for another 15 to 20 years. This article portended a bright future for cybersecurity. Many opportunities and avenues could open up if I chose to pursue a cybersecurity career.
The second reason I switched professions was the belief I could find work in any state in Australia. As an Indonesian language teacher my job was very location-bound. Most language teaching opportunities are in Canberra, which has a diplomatic academy. In other states the opportunities are very limited: many Indonesian language programs at universities have been closed. In contrast, jobs in IT and cybersecurity are not location-bound. If one day I decide to move interstate, there will be job opportunities.
In addition, although I loved and enjoyed teaching Indonesian, I felt my career had reached a plateau and I could not progress further. I had taught in various places: universities, private companies and government institutions, and taught individuals, including diplomats, ambassadors, senators and the governor-general of Australia. There was nothing further I could, or wanted to, achieve. Therefore, switching professions to cybersecurity with its many opportunities was the best choice for me.
YOU CAN TEACH AN OLD DOG NEW TRICKS
My first step to realising my new dream was to take Cert IV in Cybersecurity, followed by Cert IV in IT. Having spent decades in a non-technical field, learning IT was certainly not easy. But I was patient and enthusiastic, and sometimes frustrated. Moreover, I had difficulty understanding programming languages.
I remember spending hours in front of the computer writing code for assignments, but my program still would not run. I was completely stuck, not knowing what else to do. When my husband—an IT guy with a knack for programming—came home, he only needed two minutes to fix my code errors. This further lowered my confidence. Was I cut out for this new field? Fortunately, my husband then said something that restored my confidence. “Not all IT people should be able to program because not all of them are programmers.” It was a simple sentence, but it lightened my heart. I became determined to do my best in my studies.
Of course, the real test came after I finished my Cert IV. I applied to several places, and I got interviews but never managed to get a job because, apparently, for even an ‘entry-level’ job, you need to have one to two years’ experience in IT and at least an NV1 security clearance from the Department of Defence. When I finally got a call for an interview and test at my current organisation, I was thrilled. But my excitement faded as soon as I discovered my hacking skills would be tested.
What? Hacking? Oh, boy.
To be honest, I did not immediately say yes to this opportunity. I consulted with my husband and mentor. They were united in supporting me to take the test. “Just go. See what happens. At worst, you’ll get rejected.”
THE TEST OF MY LIFE
The hacking test at my current organisation was a landmark event I will never forget. The three interviewers I met did not ask much. They just handed me a blank laptop with a simple command. “Go ahead. You can go crazy. You can break it.” Facing that pitch-black screen, I did not know what to do. As the minutes passed, I finally got up the courage to ask the examiners nicely. To my surprise, they were willing to answer my questions. They gave me little hints that allowed me to move forward step by step until I finally completed the test.
I did not expect to pass. So when a large government agency called and offered me a job, I could hardly believe it. What made them choose me? My husband thinks the examiners may have seen a lot of test-takers who gave up after two or three minutes. Or perhaps many test-takers were too proud to ask for help. So, in addition to testing ability, the examiners may also have been looking for persistence and the humility to ask questions when encountering obstacles.
I have been working in my current organisation as a cyber system administrator for a little over a year. I am in the penetration testing team. I am enjoying my new profession, but, as with any job, there are pluses and minuses. On the plus side, there are many training opportunities available, so my knowledge and skills have increased rapidly in a short period. For example, I was sponsored to take the SANS 401 course.
Meanwhile, the challenge of working in cybersecurity is to maintain required skills that are changing daily. I love learning new things, so this challenge is welcome. There is absolutely no time to feel bored because I am always busy acquiring new knowledge.
BREAKING DOWN EXTERNAL AND INTERNAL BIASES
Something else I initially perceived as a challenge was the large age difference between myself and my colleagues. I had to work with colleagues almost half my age. I thought, am I too old to be a newbie in this field?
But as it turned out, starting a new career at a mature age has its advantages. Despite being older, a lot of work was delegated to me because I understood the meaning of responsibility. I always try to complete every task, not leave it half done. I do not rush out of the office to hang out with friends. Compared to millennials or Gen-Zers, I also have a longer attention span, which makes me more focused in long meetings.
Another big challenge is countering biased views of me as an Asian woman. Some people believe Asian women working abroad usually work ‘only’ as masseuses, domestic helpers or cleaners. And I still lack confidence. I am a woman and an immigrant in this country. Will I be fully accepted? Am I capable of doing this job? Can I be as smart as other people? Am I smart enough?
These are the biases I must deal with and slowly try to erode. But the longer I work, the more I understand what needs to be done. The more I understand, the more confident and assertive I become in the workplace. I believe my decision to switch professions was the right one and will pay off handsomely in the future.
www.linkedin.com/in/shintabenilda
INDUSTRY PERSPECTIVES
CAN SCHOOLS STOP YOUNG STUDENTS FROM DISMISSING CYBER CAREERS?
by David Braue
Imposter syndrome starts early, and so should advocacy of cyber careers.
Cybersecurity industry advocates long ago recognised that resolving the chronic skills pipeline would require early engagement with students but anecdotal evidence increasingly suggests that, by working together, schools and cybersecurity experts can successfully steer students into cybersecurity by enlightening them about the many possibilities it offers.
Andrea Szeiler-Zengo, the global CISO for Swedish outsourcing firm Transcom, realised the significant potential of student outreach. In 2014 she cofounded Hungary’s first-ever Women in IT Security (WITSEC) association with a mission to improve representation and opportunities for women in the cybersecurity space.
Now a board member of the Hungarian Chapters of ISACA and cybersecurity organisation (ISC)2, SzeilerZengo remembers going to industry conferences that invited attendees to bring their wives and children along.
“We decided it was time to start something,” she said, and WITSEC was born.
In a country where the women-in-cyber movement was still in its infancy, the group grew steadily on the back of a growing roster of speaking engagements, first in Hungary then, eventually, in other countries. An annual conference increased visibility further as did ongoing visits to schools and engagement with students.
“We’re just talking about what we’ve achieved and what newcomers can achieve,” she explained, noting that the group has a mentorship program “and we get results.”
After observing there were no girls in her son’s technically focused class and just 10 girls in the entire school, Szeiler-Zengo arranged for WITSEC to speak at outreach events for new students in grades seven and eight who were just starting to form concrete ideas of the career paths they would eventually take.
“Two years later, 29 girls started there to study,” Szeiler-Zengo said. “We showed them that it’s visible, and that we can reach the sky even when we are women. We have the same, or maybe even more capabilities in the cyber field and it is a rainbow, with lots of directions they can go. I just let them understand what their future can be.”
BE THE FUTURE YOU WANT
TO CREATE
Whereas the industry initially deferred to universities as the primary sources of formal cybersecurity education, growing attention on school-aged students has reinforced the value of earlier intervention that paints cybersecurity as a real career option.
YouthInsight’s most recent Youth in STEM survey of Australian young people highlighted some of the challenges that await those trying to engage young people around cybersecurity and other STEM-related subjects.
Sixty eight percent of girls, for example, said they were not really interested in STEM subjects and 74 percent said the subjects were not related to the career they wanted.
Girls were more self-critical, with 48 percent saying they were not very good at maths and 47 percent saying they were not very good at science. Some 53 percent said STEM subjects were “too hard for me” while, disappointingly, 41 percent said they did not see themselves as smart enough to pursue a STEMrelated career. The proportion of boys expressing interest in engineering, computing or IT-related job was three times larger than that of girls, while boys were twice as likely to express interest in being data analysts or mathematicians.
The only area where girls were more interested in STEM-related careers was science, suggesting science jobs have achieved stronger brand recognition than cybersecurity and IT jobs.
Those figures suggest that imposter syndrome—the all-too-common belief that women cannot build careers in cybersecurity because they are not smart or capable enough—is already well developed in adolescence.
However, digging into the YouthInsight numbers reveals that the window of opportunity may be more open when girls are much younger.
Although 40 percent of 14 to 17-year-old girls said they were not smart enough to do STEM subjects, just 12 percent of 12 and 13-year-olds said the same. Fifty five percent of 12 and 13-year-old boys said they were not smart enough for STEM subjects.
Something, it is clear, is happening to the self-esteem of young people as they become teenagers and it is making boys more confident while making girls less so.
If school programs can maintain the confidence 12-year-old girls seem to have in abundance, they could arrest the dive in interest that has plagued efforts to improve cybersecurity’s gender diversity.
“A lot of the focus needs to be in primary school, rather than waiting until higher years for students to make that decision,” noted Toni Falusi, the ACT project officer for Adelaide University’s Computer
Science Education Research (CSER) program and president of the Information Technology Educators Association ACT.
“It’s too late by then,” she continued. “We need to capture them early and encourage and inspire them in those early primary school years to develop capabilities and soft skills.
“While they are good consumers, do they understand the nuts and bolts of how it works? Make it part of their life growing up, and I think that will help them to become cybersecurity and cyber aware.”
ALL TOGETHER NOW
A growing roster of school programs has proved successful in engaging those students who have recognised their intrinsic interest in cyber and STEM-related fields and who understand the field is about much more than sitting hunched over a glowing screen.
School-based cybersecurity events such as hackathons and capture-the-flag (CTF) competitions have become regular features on the schedules of high schools around the world, sharing calendar space with the likes of the recent Day of AI.
That nationwide US effort, designed by MIT and i2 Learning and recently replicated in Australia, aimed to help students between years three and 12 to appreciate the many ways artificial intelligence (AI) is infiltrating everyday life.
Cybersecurity authorities are taking a similar approach with programs like the US Air Force Association’s CyberPatriot, National Cyber League competitions, Hacker Highschool, Schools Cyber Security Challenges and GenCyber summer camps each taking a different approach to
engage students with cyber, STEM and other technology-related roles.
However, the challenge with such programs is that they can be self-selecting, catering only to those students who are already interested in such areas. Converting girls from disinterested selfdoubters into self-confident learners who are at least willing to consider the merits of cybersecurity will take more time.
Anecdotal evidence suggests the figures in other countries would likely show a similar spread and that increased visibility supported by targeted early intervention is consistent with improved engagement of girls with technical subjects.
Even as the number of cybersecurity-related school programs continues to expand, often backed by universities for whom the programs are a way of improving the skills of their future students, nationally consistent programs are steadily helping scale repeatable cybersecurity initiatives.
Such programs are also providing critical mass for industry organisations seeking to turn successful student teaching innovations into forces for widespread industry change. For example, partnerships between cybersecurity association ISACA and Kenya’s Presidential DigiTalent Programme have helped link students, universities and potential employers.
Input from professional organisations like ISACA has helped provide crucial perspectives about the types of courses available to students, helping them shape their course decisions early in their university degree courses while they can still steer themselves towards cybersecurity if it takes their fancy. “Most people used to hear about professional opportunities when they were already working,” explained Faith Wawira Nyaga, special programs director with ISACA’s Kenya chapter. “They would look at what courses they could take and maybe their boss needed to promote them or had asked them to have a particular certificate.”
“But if that information is passed on early, it allows someone to plan their career nicely, to be able to see ahead and think about how to get prepared, as a recent graduate or student, to get there.”
