Samantha has 20 years of experience in cyber security, and during this time has held a plethora of roles, one of her favorite titles being Global Threat Response Manager, which definitely sounds more glamorous than it was in reality.
She has defined strategy for multiple security products and technologies, helped hundreds of organizations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained anyone who’ll listen on security concepts and solutions.
In her current regeneration, she’s thoroughly enjoying being a part of the global product marketing team at Exabeam, where she has responsibility for EMEA, Data Lake, plus anything that has “cloud” in the name. Sam’s a go-to person for data compliance related questions and has to regularly remind people that she isn’t a lawyer, although if she had a time machine she probably would be. She authors articles for various security publications and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEFCON).
Tell us a bit about yourself, background and your current role
I’ve worked in cyber security for over 20 years now, and had a myriad of different roles. Including, defining strategy for multiple security products and technologies, and helping hundreds of organisations of all shapes, sizes, and geographies recover and learn from cyberattacks.
In my current role at Exabeam I am responsible for security strategy, EMEA, and anything that has “cloud” in the name. I like to spend a chunk of my time speaking on webcasts and authoring articles for security publications, as well as speaking and volunteering at a number of industry events.
I am also involved in an incredible initiative that the company started called ExaGals. The group creates a safe space for women in the company – and in tech more generally – and inspires a positive conversation, offers training and other opportunities. The cybersecurity industry has been struggling with a skills gap challenge for many years, plus unfortunately there is still a lack of women working in and entering the industry. I hope that by supporting programmes that open women and girls up to the possibilities of an education and career in tech, we can help address the skills shortage and introduce new perspectives and problem-solving skills to the industry.
Did you ever sit down and plan your career?
So, my IT career started when I was six. Sort of. My mum worked for a company that copied programmes onto floppy disks. Often, she would come home with educational games and I would play them, testing them out… practically doing quality assurance for free.
I had no plans to enter IT or security – I wanted to be a war correspondent, inspired by Kathryn Adie, a BBC News war correspondent. Just for some reason I thought that going to a war zone to report news was a really good idea…
Early in my career I worked as a business travel consultant, and eventually took on responsibility for a company named Network Associates (NAI – who are now known as the more familiar McAfee). My move to McAfee was mostly because I had a personal interest in computers and it was in the early days of virus infections. I thought it would be exciting to be in the thick of that. I was hired as their head receptionist with a promise that I wouldn’t have to sit on reception for too long – they asked that I at least gave it six months before looking for another role in the company. I moved to the sales department for a bit – then decided having a quota wasn’t my favourite thing, but that I did enjoy helping the customers who’d bought from me with their initial and technical queries. So, from sales I moved into technical support, which made a lot more sense.
As well as doing product support, all of us were on the hook to help customers with virus outbreaks, which definitely isn’t something everyone is comfortable with, particularly when helping customers who are panicking. I have a strange sense of calm when everything seems to be going wrong, and I enjoyed being hands on and solving the problem. I ended up setting up a team in EMEA for handling malware escalations and outbreaks. Some calls could involve one or two machines down, or indeed the customer’s entire network, or anything in-between.
The next logical step was to move into McAfee Labs, where I had possibly the coolest job title ever – Global Threat Response Manager. This involved being the main escalation point in Labs for customers with outbreaks, plus managing a team of researchers, and dealing with a plethora of incidents. After 3.5 years of little sleep or weekends, I went to product management to help build solutions that would drive better detection capabilities.
I bounced from product management to product marketing, and today I spend my time talking to organisations about their security challenges and helping them to solve them. A bit different from finding myself reporting on recent events in a war zone… but tackling (cyber) warfare, nonetheless. Fortunately, with fewer bullets.
Have you faced any career challenges along the way and how did you overcome these?
There’s definitely been an element of being in the right place, at the right time and knowing the right people. That said, being an extrovert has likely contributed, because I really do enjoy meeting people and attending events.
When I had applied for my first role in product management, in the final stages I was head-to-head with someone who was heavily involved in architecting the technology I would be responsible for . He was very good technically, but didn’t really have so much of the commercial background that I have. I remember being the most technically pushed I’ve ever been in the interview; it was really challenging. I pulled it off and got the job, proving to myself – and others – that I had the knowledge and can hold my own technically.
I am very fortunate to have never felt like the ‘token’ women, nor have I lost out by being a woman. I think it has a lot to do with personality – I’m not a very shy or retiring person, even in very male dominated environments where there are lots of egos and opinions.
What has been your biggest career achievement to date?
I’ve presented on the cybersecurity keynote stage twice at Digital Transformation Expo (DTX), and that was really special for me.
Something that I do consider an achievement was – once upon a time – I was in a situation where I halted the release of a product because I didn’t believe it was ready. This was against the wishes of the head of engineering. It was difficult, and I had to go to the C-Suite to convince them to change their mind. I could have rolled over and just gone with it, but I could foresee it causing major problems for customers if it had gone out the way it was initially designed. I was really proud because, while it did cause a headache and took a lot of effort, it was the right thing to do. “We need to listen to Sam on this” was the most rewarding thing to hear after it all.
Honestly, another achievement for me is balancing my family life and work. My work is stressful and involves a lot of travel, and when I became a mum it changed my work ethic completely. It’s a tough balance and can be heart-breaking being away from my kids, but it’s also really important to me that I show them what good work ethic looks like.
What one thing do you believe has been a major factor in you achieving success?
I have had a really good support network, both professionally and at home. Also, sheer determination and a splash of bloody-mindedness doesn’t hurt.
What top tips would you give to an individual who is trying to excel in their career in technology?
Find a mentor. Definitely. My best mentor was Raj Samani, he’s the Chief Scientist at McAfee, advisor to Europol (European Cybercrime Centre) and speaks to organisations and professional bodies across the world. He is so inspiring and helped me to find my niche. Raj’s best advice was always about being an individual, rather than a copy of someone else and to find your niche, the space you want to own.
Also, I think accepting failure, and accepting that it’s inevitable. It’s probably the toughest thing, but it’s ok because it’s all learning. People will tell you my motto is “every day is learning day” and that’s true. Take failure for what it is: another learning opportunity. Learn from it and just do better next time.
Do you believe there are still barriers for success for women working in tech, if so, how can these barriers be overcome?
Diversity in the industry is getting better, but it’s not where it needs to be.
There’s still a long way to go, and companies also need to avoid the pitfalls of tackling it. Diversity hires can be a problem; hiring someone for the purpose of ticking a box or meeting a quota isn’t good practice. With this you have two problems. Firstly, there’s the concern that someone is being hired for a role who is not necessarily the best person for the job, purely to tick a box. Secondly, the notion causes doubt in the mind of any new hire who happens to be a minority, despite them being the best person for the role. One of the most effective things I’ve seen is hiring manager training, or open involvement in the interview process. Training around not hiring people who look like you, act like you, like the same things as you – I think that’s really important. Recognising your unconscious bias – because everyone has it – and being able to call yourself out and move yourself out of your comfort zone. This will ultimately mean better decision-making, diverse hires and balanced teams.
The bottom line is when faced with an obvious and unfair barrier at work, it’s not your fault. There are ways of dealing with it and communicating effectively. Sometimes you won’t be able to deal with it at the time and you’ll need to appreciate you’re not going to win in that moment, but wait until after and set up a meeting. Talk to people one-on-one, they’ll likely be more receptive to what you have to say without them acting up for an audience.
What do you think companies can do to support and progress the careers of women working in technology?
I think more companies need to embrace returners to work, offering opportunities to individuals who have taken a career break and are keen to get back to their profession or are able to cross-train. Particularly for women who have taken a break to have a family or look after children. The skills these women have do not disappear when they have a career break, if anything they will acquire new skills from motherhood that will be valuable to the work-world. These can be cross-purposed into a role. Particularly with a skills shortage, we can’t be turning away good candidates.
Creating safe spaces in the industry is crucial. This means offering individuals different spaces and environments that suit them and help them do their job well, or the facilities to make them feel comfortable. Ensuring there is the freedom and safety to be able to share concerns or discuss what’s on your mind is also crucial. It’s a positive movement that the industry needs.
Representation is essential and women need to be active in going into schools, universities and showing the next generation that this is what a computer engineer could look like. Representing diversity at that level is really important because it is still so imbalanced. This isn’t just a career for men, and we need to take action to get more women in the door to represent a more diverse workforce in technology.
There is currently only 15% of women working in tech, if you could wave a magic wand, what is the one thing you would do to accelerate the pace of change for women in the industry?
First and foremost, equal pay. Organisations need to be encouraged to review their pay situations and be more transparent with their employees. Companies hide behind “well, that’s a woman’s fault for not asking for more money” and having rules not allowing their employees to talk about salaries. This only fuels the problem. There needs to be less secrecy and more paying people the right money for the right job.
What resources do you recommend for women working in tech?
I would recommend going to meetups and events – virtual currently or in real life once we return to normal – particularly events where women and minorities have a platform. I’ve been involved in the Diana Initiative for the last three years now, which is a side conference at what’s lovingly known as the Hacker Summer Camp in August in Las Vegas. They do an amazing job creating a safe space focusing on diversity and inclusion, where you feel comfortable to go and learn, and be inspired by speakers at a conference that embraces all genders and sexualities. In addition, Ladies of London Hacking Society and Ladies of the North East Hacking Society are very good places to meet like minded individuals in the industry.
I also have a couple of book recommendations written by former colleagues of mine. First, Intelligence-Driven Incident Response by Rebekah Brown (and Scott J Roberts), secondly Cybersecurity Blue Team Toolkit by Nadean Tanner. Both are excellent technical books that just so happen to be written by inspirational women.
