Did you enjoy school?
I did enjoy school, and found that I particularly gravitated to subjects where I was lucky to have top-notch teachers. I think if you find someone inspirational, it’s easier to learn from them. I had a great maths teacher, and really good science teachers.
My maths teacher had a doctorate from Cambridge University and I remember at GCSE we had completed all we needed to, so instead he got us on A-level maths. He just carried on teaching us and pushing us to learn more, become better and grow beyond the confines of what we were “supposed” to know at that age group or level.
What qualifications do you have?
No degree, nor any A-levels, I’ve just got 9 GCSEs, and a violent passion for technology.
In terms of formal education, I started doing A-levels, but I couldn’t get the funding to go to the college I wanted to study journalism. The funding board recommended I could do “similar things in school” so suggested I stayed there…I wanted to study media studies, communication studies and English language but it obviously wasn’t meant to be. Nevertheless, I stuck out A-level for three months, studying subjects I wasn’t particularly interested in, and then I left. From there, I went to work in a travel agency which in a somewhat roundabout way did lead to my career in cybersecurity.
Has your career path been a smooth transition, a rocky road or combination of both?
There have been a few crossroads or “sliding doors” moments in my life that I believe have motivated a number of my life and career decisions. I’ve been lucky, I think. I really enjoyed working in travel, but I had also always been interested in computers.
I was working as a business travel consultant looking after a company who at the time were called Network Associates (NAI), this was in the early days of computer virus infections. I definitely had a level of morbid curiosity into how insane it was that somebody could cause so much havoc with a few lines of code, and was intrigued by how technology could help prevent this from happening. I got to know a lot of the team at NAI, and through a well-timed chain of events ended up going to work there as their head receptionist.
It’s been a combination of the right place, right time, and also right people. I have been blessed with having amazing managers for the most part. I will be forever grateful to my manager who first welcomed me into tech support, with no IT qualifications and only me insisting “I really do know my way round a computer”. He took a chance on me and gave me an opportunity to break into the industry, and he was brilliant. He was the type of manager who when things were going absolutely insane, like dealing with a big virus outbreak, would just jump on and help out. He was really hands-on, and very supportive of our team.
What’s the best career advice you can give to others?
It’s a little cheesy to say this, but don’t be afraid to ask for help. Reach out to people, talk and learn from others. You’re not an island – there are people around you that will help you in your career and will be happy to – but you do have to ask.
This is the same for leaders and those in senior positions: soak up knowledge and learn from your teams. I think the best leaders realise they don’t have all the answers. The saying goes “if you’re the smartest person in the room, you’re in the wrong room”, and it’s so true.
If you had to pick one mentor who has had the biggest influence on you, who would it be?
I’ve had a few mentors over the years. One being Raj Samani, who is the chief scientist at McAfee and advisor to Europol (European Cybercrime Centre). He is so inspiring and really helped me to find my niche. Raj’s best advice was always about being an individual, rather than a copy of someone else and to find your niche and the space you want to own.
Someone who I also want to shout out as an inspirational person is Candace Worley, who is now the chief product officer at Ping Identity. Like me, she started in administration and worked her way up the ranks moving into technical roles. She was – and still is – an absolute inspiration. I remember sitting down with her when I had first started product management and her teaching me the importance of knowing your domain, and how to say “no”. I was once in a really tricky situation, where I adamantly halted the release of a product because I didn’t believe it was ready, and Candace had my back. She believed in and trusted me, and confronted the executive team with me to fight for a cause that ultimately saved thousands of customers major problems. I was extremely grateful to have Candace’s support and perspective during that time.
From where do you draw inspiration?
My mum, who worked in IT in the 80s. It was because of her that I started getting interested in computers. She worked for a company that copied programmes onto floppy disks and often she would come home with educational games for me to play and test out. She has an amazing work ethic and is where I think I get my drive and motivation from. And another dollop of cheese, but my kids. They give me a reason to get up in the morning and it’s important for me to show them what good work ethic looks like.
There’s also my friends and colleagues in the industry and their constant passion for learning. You have to keep moving and evolving because if you stay still in this industry, you’re going backwards. Even people in IT and tech that I follow on Twitter, their thirst for knowledge is contagious and it’s brilliant to see – even from afar.
What is the biggest challenge you’ve faced to date?
Definitely when I went head-to-head with the head of engineering – the tricky situation that I mentioned before where Candace backed me up. It was difficult and I had to go to the c-suite to convince them to change their mind. I could have rolled over and just gone with it, but I could foresee it causing real issues for customers if it had gone out the way it was initially designed. I was really proud because, while it did cause a headache and take a lot of effort, it was the right thing to do.
It was terrifying, especially because it was quite early on in my product management career. So, imagine being in your early thirties, in a room with people who had much higher job titles than you – general managers, vice presidents, and the president of engineering – and telling them they’re wrong. It would have been much easier to bow out and let the disaster play out, but I wasn’t ever about to let that happen.
What qualities do you feel makes a good leader?
I think knowing when to get involved in a situation and when to sit back. Knowing when to let people fail in a safe way. My manager in Incident Response once said to me “you’ve never failed at anything have you?” and I was taken aback: “…well, what do you mean?” I thought it was a bit weird. But what he was saying was that I probably hadn’t taken a risk where I was going to fail. I thought it was interesting and tried to debate my case that it’s because I think things through and try to make informed decisions… but he told me that I still needed to fail at something and understand what it feels like. Learning to fail, picking yourself up and moving on is a tough but necessary experience, and creating a safe environment for your people to fail is key in being a good leader.
Giving feedback is another crucial skill, and an underrated one. On both sides it’s tough – it can be tricky to ask for feedback and to give feedback. Especially when giving feedback, if you’re not articulating it in a positive or constructive way you can destroy somebody, their attitude, their confidence. You have to consider the impact of your words and take a more reflective approach when speaking to team members, particularly if it’s set to be a delicate or difficult conversation.
Authenticity is also crucial in the making of a good leader – arguably the most important quality. Reflecting on who you are and how to become the person you want to be. I don’t mean creating the ‘corporate version’ of you… but making the steps and building the person that you want to be in your career, and finding your work ‘self’ is the key to authenticity.
What is the biggest cybersecurity challenge we face today?
The biggest cybersecurity challenge we face today is the same one we’ve faced since the beginning. Visibility. If you don’t have visibility into your assets and user activity, then you’re blind to risk.
Visibility is the first pillar of security and the hardest one to get right – and only made more difficult today with remote working.
So what’s contributing to our lack of visibility? Why is it so difficult for organisations to see the threats in their own systems? There are various reasons, or excuses. Poor asset management for one thing dramatically increases the chances that threat actors are able to access data and disrupt operations, generally putting the business at risk. Bring Your Own Device (BYOD) and employees connecting to the organisation’s networks, accessing work-related systems and confidential data from personal devices, also means less control and visibility. Today, Bring Your Own Home (BYOH) presents a new risk, as distributed workforces set up their home offices devoid of the necessary security and business continuity requirements.
Organisations need to realise the seriousness and the fact that attackers are constantly scanning the web, on the lookout for vulnerable machines without security patches. In 2008, experts warned that it only took four minutes for an attacker to infect a computer…you can imagine the speed at which sophisticated actors can access your assets today. It only takes one chink in your armour for someone to get through, and if you can’t see that chink somebody else will – and you don’t want to risk who that somebody else is.
The ability to improve visibility has got better over the years, and there are more solutions that can help organisations gain insight into events and behaviours in their network. Securing credentials is an important layer of security and one way in which IT teams can better secure access and control. It won’t eradicate the threat but securing credentials will help you to determine who has access to what, and to identify abnormal behaviours attempting to gain entry.
Give us a fact about you that most other people wouldn’t know.
I have a fear of polystyrene. I can cope with little balls, like in a beanbag, and I can cope with a polystyrene burger box. But, big chunky pieces that squeak I can’t deal with. Polystyrene is my kryptonite.
Another fact for good measure…I met Darth Vader (David Prowse) when I was six years old at a Bentalls in Kingston. He is the tallest human being I could ever imagine! As a massive Star Wars fan that was something special. Actually, my last three tattoos have all been Star Wars-related.
Samantha Humphries is senior security strategist at Exabeam