Despite years of experience, Patricia Ramos Garcia, CC, is currently not employed in the cybersecurity sector. In this article, she relates her journey into (and out of) cybersecurity and reflects on where recruitment is going wrong.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
It took me 13 years to complete my ICT degree. The struggle and my unique experiences were transformative and shaped my character. It also marked the beginning of a new chapter. Unknowingly, I was heading to the U.K. to kickstart my journey in cybersecurity.
Towards the end of my degree, I connected some dots and moved on from understanding how technology assembles and operates to exploring why. Some courses on network security, a research project on security hygiene and a talk to a group of open network enthusiasts was all it took for me to marry technology with social purpose. As soon as I got my degree, I networked hard, joined workshops, attended conferences and Chapters, even a CTF, any free event I could afford to travel to. Within three months, I was offered and accepted a senior role in an internal cybersecurity team, working for a multinational in the telecoms sector.
Entering My First Cybersecurity Role
From that moment on, I was part of a unique squad, performing an unparalleled role in a challenging, dynamic and vast arena, supporting secure digital transformation. The learning curve was steep; daunting, really. Nonetheless, the vast room for improvement ahead of me was a deep source of motivation.
But my experience is that it’s not particularly easy to stand out positively as a woman in such a male-dominated field. Women are immediately different, thanks to (for example) our novel takes on topics such as risk and/or our distinctive ways of exercising leadership; a woman in a male-dominated field is perceived as inherently disruptive. That creates constant friction.
Barriers and Obstacles
I found that matters can become more complicated if, on top of being a woman, your mother tongue isn’t English and you are from a cultural background that is unrelatable to most of your colleagues. For the most part, reactions came in subtle ways albeit with compounding negative effects. The most uncomfortable moments were those when I needed to go above and beyond to either protect or regain my lost voice, visibility, or credibility. While such situations were difficult to contend with at the time, when these were successfully overcome, they represented progress; a change for the good. When it comes to women in the workplace, organization culture has the power to make or break.
During my time in cybersecurity, I received accolades: for leading the adoption and integration of a project management solution for our consultancy process; for standardizing security practices across cybersecurity consultancy teams; and for implementing quality controls to measure how our service outcomes aligned with organization goals. I developed my knowledge of a variety of functions and operational needs, including:
- Operations
- Processes
- Stakeholders
- Project Management
- Standards and Policies
- Lines of Business
- Risk Identification and Mitigation
- Cybersecurity Advocacy and Awareness
Changing Circumstances
But life is what happens when you’re busy making other plans. Just as I was about to join a program to shadow the C-suite, life took me back to the Canary Islands. Despite taking with me over four years of invaluable insights into the governance, risk and compliance aspects of cybersecurity, plus valuable experience in project management, technology and business operations, I have been unemployed for over three years.
This is hard to process. Yes, I could have already turned my back on cybersecurity, but, somehow, it stirs something within that keeps me coming to it time and again; it speaks to me about purposeful benefits for society, democratization of the internet, information and awareness, to name a few. Perhaps this is why I volunteer with various groups in my community to raise awareness of safer technology use. I’ve also earned certifications, including ISC2’s Certified in Cybersecurity.
Flaws in the Interview Process
While you would expect prospective employers to rely on your past experiences to determine how you might perform in similar situations, there has been little or no interest from interviewers in what I can bring to the table. Few questions have been asked that would uncover my potential, my critical thinking and my innate curiosity.
Other times, the hiring process closes early, leaving candidates to only guess why. On other occasions I sense that recruiters are following a quantitative approach to hiring: ticking boxes on a scorecard, representing career milestones that a candidate has reached, to assess suitability.
Recruiters Chasing Unicorns
Undoubtedly, there needs to be a measurable way to decide between candidates. What I see, though, is a deep lack of flexibility with this approach. It leads to a nonsensical drift towards ‘idealized’ candidates that often do not exist. In this context, professionals who might suit a company culture better can go unnoticed. I couldn’t disagree more with this approach as it does not bode well for long-term success.
I would prefer employers to focus on the growing skills shortage, on the value of a candidate’s resilience and adaptability in the workplace, and on their continuous development attitude. I believe this is critical in the face of the disruptive changes that the workplace faces, like the advent of artificial intelligence (AI). The reality is that, facing novel risks, organizations would benefit from the skills and experience of under-represented groups such as women. The direct impact of a diverse workforce is its resilience, proof of which is my professional experience to date. Does the sector dare to rise above biases and open doors to support long-term success?
Patricia Ramos, CC, has over four years of experience in cyber resilience in telecoms. She has held senior consultancy and cybersecurity specialist roles, with responsibility for security assurance. Her cybersecurity work spans many technologies and digital transformation initiatives with a focus on social responsibility and long-term goals.
