TL;DR
This article is part of our Women in Cybersecurity series, in which we’ll explore the careers of women who are making a positive impact in the cybersecurity industry.
Working with computers was never much of a question for Gina Cardelli. After her family bought a PC when she was 16, she became obsessed. In fact, to her dad’s dismay, she ended up taking apart the computer just to learn how it worked. (Through some trial and error, she was able to put it back together again.) This level of passion and curiosity has defined Cardelli’s work ever since.
Now, with over 20 years of experience in the field, Cardelli is the Principal Security Strategist at Fortra, where she gets to be at the forefront of using AI to improve how we detect and respond to cybersecurity threats. As such, she has become an early leader in the growing number of women who are finding success and satisfaction in the cybersecurity field. While only about a quarter of the workforce is currently female, according to the latest statistics, this ratio is expected to increase to as much as 35 percent in the next five years.
But continuing to build a more inclusive workforce should include leveraging the perspectives and experiences of the women already here. To that end, in our latest Women in Cybersecurity series, we chatted with Cardelli about her start in cybersecurity, the challenges she’s confronted, and her thoughts on the unique skills and perspectives women bring to the workforce, among many other topics.
This interview has been edited and condensed for clarity.
When did your formal education into computers begin?
I initially went into computer engineering but due to some family constraints I had to drop out of college. A few years later, I was able to go back and put myself through college, but not through computer engineering — it was actually through computer information systems, which allowed me to really experience all sorts of different aspects of computers and related technology, like networking, database management, programming, web page design, and so on. It gave me a mile-wide, inch-deep view of everything. It exposed me to the networking side of things, as well as a little bit of cybersecurity, although cybersecurity wasn’t a core field then.
After I received my degree, I was able to get hired as a security analyst at a company called, at the time, VeriSign. I helped customers troubleshoot connectivity, as well as investigate issues or anomalies they have seen. So that's how my focus became cybersecurity.
What was your experience early on as a woman in this field, especially as you started to transition into formal career roles? Were you aware that there weren't many other women working or did other people ever make comments, especially really early on when it might have been a rarity to see a woman?
Yes, definitely. Initially, when I started in the Security Operations Center that I worked in, I was one of four women and two of the women were more directed toward the health and wellness side. Me and another individual were more on the security and networking side. This was out of a team of around 50, including all shifts. Because of this, there was a standing joke about me being a token hire. So I felt like I had to prove myself a little bit more than the rest, but that was okay because one thing that I am up for is a challenge.
Along the way, did you have any mentors or role models you relied on? Or were you just driven to succeed and prove yourself in male-dominated field?
Oh, I wouldn't be successful or where I'm at today if it wasn't for the manager who gave me a shot because I was harassing him at that point, wanting a role. So he was definitely an individual that I do owe my current trajectory to. I also had a mentor who taught me from the ground how to deal with customers, how to leverage the systems, what to look for when troubleshooting, etc. And then, when I was offered a full-time position on the third shift, the engineer took me under his wing and basically trained me on the third-shift perspective and what we will see during that shift.
So, early on, there were two really important lessons I learned in this field. One, networking with different people is just really important. You have to make those connections. And two, you always have to keep learning. The field is ever-changing. For example, for the past 15 months, I’ve been heads down in machine learning and artificial intelligence from a cybersecurity perspective and how we can leverage that space to solve key problems. All this is net-new. This field is not something I learned in college. It means I have to constantly learn and find those connections that can help me grow.
Although more women are entering cybersecurity, there is still a pretty big gender imbalance. What would you attribute that to?
I think it's all dependent on exposure. In the United States, we didn’t really get exposed to technology until middle school or high school, although we’re starting to change that trend. But usually in middle school or early high school, you kind of already know what you want to do. And even if you get exposed to technology later on, you’ll probably be less likely to change your trajectory. So I think if we gave women the chance to use and learn about the fundamentals of technology from an earlier age, it could really help drive their curiosity and interest in this field.
Do you think there is anything that businesses should be doing? The education argument of getting them started at a young age is very important. But just from a more professional focus, is there anything that companies or organizations should be doing to help attract more women to the field?
Supporting grassroot programs like Girls Who Code is really important. This is a very impactful organization that is trying to get girls and young women involved and interested in computer science. There's also another one called Girls Who Hack, but it has a cybersecurity element to it. Engaging with and sponsoring these nonprofits, I think, would be incredibly helpful.
I remember a company I worked at hosted a program for Girls Who Code. We brought in 10 young women and taught them for a day. And it was just so engaging. It was great to see all the collaboration that was going on and all the questions that were coming up. It gave a space for the girls to ask questions and not feel intimidated. So I think having more grassroots programs like that can help incentivize and promote more women in the field.
Given the current political environment, there might be companies out there that are more resistant to making a concerted effort to find women to hire. To them, would you have an argument in hand as to why they should hire women?
Some of the things that I think women particularly bring is more of a compassionate lens. What I mean by that is not to say that men aren't compassionate, but we do have the ability to find the gray in things, I think, a little bit better. And having that kind of superpower is important not just within a cybersecurity realm, but also from a people realm. It can be enough to change the direction of a particular problem or project that's being worked on.
For example, I come at problems from a different angle than the folks whom I work with. They are incredibly smart and are some of the best in the industry. But when I'm engaging with them on a particular problem, I often approach it from a different angle than they are. This helps me bring up some nuances they may not have thought of. That more human element to it always seems trivial to me, but it's something that they may have missed because they're attacking problems analytically. As a result of combining our perspectives, we've been able to produce better outcomes for our customers.
Is there anything more you want to say about being a woman in the field?
Being a woman, knowing that people might have different expectations, has helped me become more determined in my field to excel and succeed.
Many women, especially in this field, have imposter syndrome. From my experience, it's definitely something that women experience a lot more frequently than men. It’s something I myself work on a lot. But it's a reason why we, as a collective, really do need to lean on each other. Women shouldn’t be afraid to lean on other women in order to promote ourselves and help us lift each other up because we're not vocal enough.
But we can do better. We have to remember we’ve all got to where we are for a reason. We know our stuff. So let’s be more vocal about how good we are at it.
—
Are you a woman working in cybersecurity who’d like to share your experience? We’d love to hear from you! Reach out to us at support@cybrary.it.
