Submitted by: Dru Macasieb

In the era before COVID-19 employers felt secure within the confines of their organization’s network. Cybersecurity was an afterthought that a faced a shortage of talent all while lacking a diverse workforce.

Then COVID-19 happened, and just like that, nearly everyone that could work from home did. Many faced unemployment as business found themselves ill-prepared to adapt. Online activity surged and cybercriminals took advantage. By the end of 2020 cybercrime broke new records and the U.S. government faced one of the worst cyber-attacks in modern history, whose consequences have yet to be felt.

Cybersecurity is now on everyone’s minds. Unemployed? Work in Cybersecurity. Need to make more money? Work in Cybersecurity. Don’t want to be hacked? Work on your cybersecurity. But what does it take to get your foot in the door? To find my answers I decided to interview a professional in the industry.

I had the pleasure of interviewing WiCyS San Diego’s Affiliate President, Jennifer Cheung. Jennifer is a mathematician turned cybersecurity engineer. She holds a CISSP certification and currently works as a research scientist for the government. In addition to these roles, she’s a circle leader of San Diego Women In Tech and is the Digital Media Manager at the San Diego County Engineering Council.

I met Jennifer more than a year ago on LinkedIn. Her name on LinkedIn trailed with an unfamiliar acronym that caught my eye. When I had learned what a CISSP was, I was amazed as I had hardly seen women in cybersecurity, especially an ethnic minority.

Despite the title, I am not going to write about her experiences as an Asian woman in cybersecurity. That story is best heard in person and I don’t think I could do it justice in one article. Instead, here are four questions answered by a cybersecurity engineer who happens to be an Asian woman.

Q: What does a cybersecurity research scientist exactly do?

A: A research scientist works on research projects and conducts research on some of the hard to solve problems in the cybersecurity field. For example, security issues on IoT devices, post-quantum cryptography, privacy, insider threat, Advanced Persistent Threat (APT), etc. 

Q: How does your certifications fit into the future?

A: Depending on your roles, academic credentials such as a master or PhD degree weigh as much as certifications in R&D (Research & Development). Certifications show your security knowledge and skills. You won’t be in a management position without appropriate certifications such as CISSP or CISM, more so outside the R&D.

Q: What’s a common misunderstanding of a cybersecurity engineer?

A: People might think a cybersecurity engineer is just a hacker. Since most security classes in college are offered under the Computer science dept, and how IT is closely related to cybersecurity, it gives people the misconception that hacking or being a hacker is part of the jobs of a cybersecurity engineer. In fact, the main responsibility of a cybersecurity engineer is to make sure that the systems or whatever you are building is built securely, meaning it would remain reliable, available, and even resilient when it comes in the face of malice and errors.  

Q: In your opinion, what are the top three subject areas should professionals preparing for top tier certifications understand?

A: You have to understand computer networks, communication (how packets are sent), and the 7 layers of OSI model.

The three security objectives: CIA–Confidentiality, Integrity, and Availability. Depending on which objectives you wish to achieve, you will apply different security controls and measures.

Cryptography is one of the hardest topics to understand but it is essential for cybersecurity certification. Make sure you understand encryption (symmetric and asymmetric) is to achieve confidentiality, while digital signature (hashing) is used to achieve Integrity.    

If you want to find out more about cybersecurity, pathways to certification, advancing your career, or you would like to meet and ask Jennifer a question, she’ll be speaking at WiCyS San Diego’s New Years Certifications event on Thursday, January 14th from 6-7pm.

Dru Macasieb (2021, January 5). Asian Woman turned Cybersecurity Engineer: Four Questions Answered.