Getty Images

How to reconfigure the IT industry

Nick Booth catches up with Ciara Campbell, senior security engineer at Tenable. , to get her take on the changing world of the security industry

Imagine the IT industry was a system – how would you configure it to suit you?

Would you change the default setting that restricts language? Wouldn’t it be lovely if people were allowed alternative words for, say, innovate? The diversity of language and self-expression would enrich us all. We need to liberate the Enterprise setting that restricts us to Corporate Speak. We need to allow people to speak freely as individuals, rather than numbers.

But what do I know – I haven’t worked in IT for 25 years! So let’s ask someone who actually knows what she’s talking about.

Ciara Campbell senior security engineer at Tenable, is well positioned to engineer the IT industry to change the access control list, open up some windows, debug certain malware, change the default to Herdware and set the properties to her liking. 

So we quizzed Campbell about the IT industry’s default settings, how they have changed and if they could still use some updates. Here are her answers to our questions.

Security must be fun to work in. Do you catch criminals and put them in the slammer? Or is it more like community police work, persuading enterprises to close their windows?

Security can be about prevention and detection, but I wouldn’t say it just comes down to those two aspects. There are many layers to security, which is what makes it such a fun industry to work in. You really do learn something new every day. Every job in this sector can be vastly different from any other.

How much time is spend shivering in a comms room and how much is spent talking to the users?

This is like saying hackers in hoodies are sitting in a basement, and it couldn’t be further from the truth. Most engineers work remotely once the installation is complete and not as much time as you think is spent shivering in the comms room. Although it can happen and it is cold.

Is there a case to be made that women take a different approach to security? Is that a silly generalisation? Or do they spot anomalies better? Is there a more innate sense of things that are wrong?

We need diversity in teams – it gives us a wider perspective. Different ideas and perspectives can create amazing innovation. It’s really important for teams to have different inputs and ways of thinking, and it really helps when you get that different viewpoint.

I don’t think it’s as simple as just gender, as all of our collective differences – race, ethnicity or any other demographic – mean we bring something different to the table.

Cyber security forces us to view things from an alternative perspective – not just how it should work, but how it actually does work; how can I make it do something differently; not just where it should lead, but where it actually goes. A career in cyber means we are constantly looking at what is possible, be it right or wrong, good or bad, successful or not. Threat actors are constantly finding new attack paths and we are working to find them first to shut them off.

That is why diversity is important. It empowers us to achieve greater creativity, to think outside the box and drive innovation that allows us to grow closer to our customers, partners and communities.

IT used to be a very blokeish industry riddled with by Johnny-Need-to-Knows who hoarded their knowledge like buried treasure. Has it changed?

The culture has changed a lot over my career and colleagues say this is a general trend. There are still some who don’t share their knowledge. This insecurity comes from the fear that if they share their knowledge, you might become better than them.

If they see more and more of us helping and sharing our intelligence, they just might see the benefit. Fantastic if that person becomes better than you – you helped them to build themselves up and it will only encourage them to do the right thing to help someone else along the way. Pay it forward.

I am very lucky to have worked with some great people who were willing to help and share their knowledge. More importantly, they never made you feel your question was stupid, or made you feel they were asking themselves: “Why doesn’t she already know that or how did she get this job not knowing that?”

There is still an element of that out there, but it is smaller and there are genuinely more people out there willing to help you. All you’ve got to do is ask politely and appreciate their time. I honestly don’t think I have asked for help or knowledge on something and got told “no”.

Have you noticed a culture change during your career? 

Yes, most definitely. Many years ago, I was told I couldn’t think of working in that position because I had a family to consider. There is no way anyone would say that to me now. It made me more determined to get that job and prove them wrong. 

We still have a long way to go, but it has definitely moved in the right direction. Still, lots of companies say they are driving change. Then there are those that actually do it and they tend to be progressive without a rigid traditional view of the workplace-employee dynamic.

The pandemic has forced many organisations to reconsider their stance on working from home.

Could communication be better?

I think there is always room for improvement with communication. This is something every company struggles with, whether it’s employees or customers.

Can you sell a career in security to us?

I say to my son: do what you love and you will have a great career because you are happy. It won’t feel like work. If you want to work in an exciting and fast-changing environment with huge opportunities for growth, then security is the industry to be in.

Read more on Data Protection Services