A Candid Conversation About a Career in Cybersecurity: Q&A With Amanda Wittern
October 17-22 is Cybersecurity Career Awareness Week, which is part of October’s Cybersecurity Awareness Month. We sat down with Amanda Wittern, Deputy Chief Security Officer at Ivanti, to learn more about what it’s like to work in the cybersecurity world.
Q. How would you describe your role as Deputy Chief Security Officer at Ivanti?
It's my role to partner with Daniel Spicer, our CSO, and our entire information security team to ensure that we are the most effective and secure organization possible. I'm often the liaison between our team and other teams across Ivanti to enhance our company’s overall cybersecurity infrastructure and the security of our products.
Q. What do you enjoy the most about working at Ivanti?
Hands down – it’s the people! They are incredibly knowledgeable and have so much integrity and passion. There's a shared vision for the future that’s just incredible. I've experienced nothing like it and Ivanti is special that way. Also, I am constantly challenged and continually learning, so I'm never bored.
Q. What does a typical day look like for you?
There is no such thing as a typical day in information security. Some days, a cybersecurity threat is identified that requires all hands on deck. It's very exciting to work with agencies worldwide to coordinate and collaborate on cybercrime. And other days, it's about improving Ivanti and our cybersecurity controls.
Some of that is pen testing and some is improving coordination across teams. For example, I’ll sit down with engineering and have them tell me about what they do in a day and how we can improve.
Q. Why did you decide to pursue a career in cybersecurity?
Interestingly, my bachelor’s and master’s degrees are in accounting, but I became passionate and interested in technology early on. While I was in my master’s program, they introduced a Master’s of Information Systems, and I was the Guinea pig for that and basically received an information security degree.
During my early career in technology consulting, I decided that what I was really excited about was being on the solution side rather than being a third-party consultant. Now I'm helping to create solutions for the company and our customers, sharing our knowledge worldwide.
Q. What is an important lesson you’ve learned throughout your career?
From early on, my goal was to change the world, so initially, even though I didn’t know what I wanted to do, I was thinking of pursuing a physics-type, technology-oriented degree. As I talked to my mentors, they said that the people who change the world are people who make money and directed me to go into accounting, which made sense.
But as I matured, I realized there is no one way to change the world. We impact the world significantly. Whether it’s a person sweeping the streets, or the CEO of a large company, we all have a unique impact on the shaping of our society.
You don't have to do what other people say to make a difference. What makes a difference is being happy with who you are and what you're doing. That's when you really accomplish your goals and contribute to the amazing group of cultures and societies we have in the world.
Q. What cybersecurity trend are you most excited about?
A topic that fascinates me is how we will secure space. As countries, and now individuals and organizations, are expanding farther into the cosmos, we face some of the same security challenges there as we do here, but it's a totally different environment.
New AI technology and sensing and maneuvering capabilities could be hacked. What are the repercussions of that? How do we protect those devices?
It's exciting to be moving outward, but we will have to stop and determine the safety precautions we need to have in place. If we send people to Mars, what does communication look like? If we must send super critical data, what will the encryption be like?
There’s just so much new technology and exciting things going on in outer space, especially with AI technology. And there's a lot of scary stuff too. We're going to have to see what happens from a vulnerability standpoint and then try to be on top of it. We don't want something to be taken over and not respond correctly.
Q. What advice do you have for women entering or thinking of entering the cybersecurity field?
It's super, super important that we as women realize it's okay if we don't know the answers. Speak up and ask questions – it's okay to be unsure. You don't have to know everything, and the moment that you realize that you expand your capacity to influence the world around you.
Early in my career I would take furious notes because I didn't want to ask the questions. And then when I realized people didn't think I was dumb because I was asking questions, I accelerated my learning and quickly was able to become the expert. But as women, we tend to shy away from that.
Whether we're self-conscious or whether we are worried about being wrong or whether we don't want to appear inferior, that’s how we limit ourselves. And in cybersecurity, you don't have to know everything. Just ask questions. Have a passion for technology and a passion for learning. And that's it.
Q. Any thoughts on how we can close the gender gap in cybersecurity?
We need to provide education on bias and equity. Some of the barriers that are in place for women and other genders in the workplace are systemic and not necessarily nefarious, but something that we may not be aware of.
For example, when someone congratulates someone for doing a good job, men will often say “thanks, I worked really hard for this,” where women will say “thanks, I had a really great team.”
Those are both great answers, but one is perceived as weaker. If we just provide education to these conscious and unconscious biases, we’ll be better equipped as coworkers, bosses, employees and society to be more understanding, accepting and respecting of different ideas.
Q. What is one security tip that you’d like to offer readers for Cybersecurity Awareness Month?
Understanding how much information you give away can help you make better decisions on what you share. We give away a lot of our information all the time, not always actively, and it’s scary. But if you don’t know, you can't make informed decisions.
I would highly recommend everybody take a few minutes and protect yourself a little better, especially with your cell phone. A good rule of thumb is to turn off GPS when not in use. Think of GPS as giving people your home address and don't share it with anyone you wouldn't give directions to your house. Try to only connect to secure Wi-Fi networks.
When using public Wi-Fi, like at a coffee shop, don't enable the ability to automatically connect. Public networks are notoriously unsecure, so take extra precautions whenever possible. Always be wary of the apps you download, the links you click and how you interact with information online.
Q. Anything else you’d like to add?
Don’t let a lack of a formal technical degree stop you from pursuing a career in cybersecurity. A cybersecurity expert is not a single kind of person with a finite set of abilities. We need different perspectives and people with various backgrounds.
While having a technical aptitude or a strong technical background is important, you can get into cybersecurity in lots of different ways; it's not just one path that gets you here.
So, if you are passionate about it and you have a passion for learning and have that curiosity, there are ways that you can apply your skills that are not necessarily technical in such a way that could contribute or benefit a cybersecurity team or an information security team.