The Cyber Queens Podcast
“WHERE ARE THE WOMEN IN CYBER?”
The Landscape
In 2022 the cyber security field still consists of 24% women and only 2.2% LGBTQ+ minorities. Long-perpetuated gender, age, and demographic biases held by the ‘Baby Boomer’ and Gen-X groups have led to a severe gap in the representation and advancement of women and minorities in this field. Millennials entered the workforce and attempted to forge a new way by asking for small changes; but definitely conceding others. Currently the Boomers/Gen-X accounting for more than 55% of the workforce are on their way out.
There is a new perspective shift happening industry-wide in tech because Gen-Z has arrived, and they don't ask for change - they command it. Millennials and Gen-Z currently make up only 35% of the workforce but that will grow to more than 75% by the end of 2030.
The Solution
We are not here to simply identify a diversity problem, we are here to solve it. Head-on. It is our mission to close this gap by inspiring and empowering Gen-Z women and minorities to seize their place in the cyber community. Breaking molds to choose careers inherently designated for us by gender bias. Branding cyber as lucrative and exciting. Nurturing a curiosity in tech where it was conditioned out of us. Dispelling the myths surrounding different niches and avenues into cyber and highlighting the success and fulfillment that can be achieved here. We are going to bestow strategies for navigating the mindsets we encounter on a daily basis and how to overcome the challenges they present. We're going to do this fueled by bold, raw, unfiltered insights to propel new talent forward and challenge managers to join the train of progress.
WE ARE THE CYBER QUEENS AND WE'RE BUILDING THE SISTERHOOD OF CYBER.
WHAT DO WE STAND FOR?
1) RADICAL TRANSPARENCY
We will never let ourselves, our message, or the value we give be censored or watered down to make a buck on this podcast or its audience. We will also provide truthful, value-driven insights according to our own experiences.
2) SUPPORT & EMPOWER
We advocate for women unequivocally supporting other women. Eliminating sexist mindsets, toxic competition and leadership between women and minorities. We get enough of that from everyone else.
3) SOCIAL INTEGRITY
We are not here to lift women by bashing on men. We don’t believe success is pie and that more for us means less for someone else. We're here to educate and uplift anyone with an interest in getting into this field who may be at a disadvantage to do so.
4) INSPIRING ACTION
We offer practical advice that can be implemented immediately for listeners to further themselves and gain traction in their cyber education or career. We foster mutual collaboration and give our audience a platform to take action and be supported in those pursuits.
5) CREATE LASTING IMPACT
We curate content and speakers who deliver unbridled value to our listeners and their perspectives. We do not cater to guests and influencers whose message is limited to their own agenda or whose values do not directly align with our own and our mission.
6) INVEST INTENTIONALLY
We want to invest in ourselves by paying it forward as much as we can. We will buy from, monetize with, collaborate with, and promote working with other minority-owned small businesses FIRST wherever they can fill the need.
The Cyber Queens Podcast
Security Awareness, Data Privacy, and MGM Breach with CybersecurityGirl Caitlin Sarian
**DISCLAIMER: All of our opinions are our own. They do not represent, nor are they affiliated with the interests and beliefs of the companies we work for. **
Welcome to The Cyber Queens Podcast! The Cyber Queens are here to close the cyber gender ad diversity gap!
In this episode, The Cyber Queens are joined by Catilin Sarian to discuss the importance of Cyber Security Awareness training, and how to make it more interesting and accessible for those outside the industry. The Queens and Caitlin discuss the importance of bringing easy to digest content to platforms like Tiktok to help reach larger audiences with bite sized and relatable videos to help make Cybersecurity more approachable.
Caitlin also discusses the importance of diversity in cyber, the entry level hiring crisis, and how humans are the weakest link in Cybersecurity! Tune in for some discussion on the scary places you might find someone’s “hidden” passwords and much more!!
Key Topics:
- Cailtin Sarian’s Story
- Purpose of “Cybersecurity Girl”
- CyberSecurity meets TikTok
- Advocacy and Education in Cybersecurity
- The most pressing threats and role of education in preventing threats such as phishing
- Importance and benefits of diverse perspectives
- Cybersecurity Girl LLC - plans for influencing and empowering cybersecurity for all
- The weakest link in Cybersecurity - What is the real problem?
Links
- What is Phishing? https://en.wikipedia.org/wiki/Phishing
- What is Social Engineering? https://en.wikipedia.org/wiki/Social_engineering_(security)
- What Is VPN? https://en.wikipedia.org/wiki/Virtual_private_network
Connect w/ Caitlin!
- Caitlin Sarian LinkedIn – https://www.linkedin.com/in/caitlin-sarian/
- Cybersecuritygirl Insta – @Cybersecurity_girl
- Cybersecuritygirl TikTok – @Cybersecuritygirl
Get in Touch:
- Maril Vernon LinkedIn
- Stacey Champagne LinkedIn
- Queens Twitter - @TheCyberQueens
- Queens LinkedIn
Calls to Action:
- Subscribe to our newsletter for exclusive insight and new episodes!
- If you love us- share us!
Welcome back to another episode of the Cyber Queens. Thanks for bearing with us. We are a little late getting started today because we wanted to give our guest time to link all of her profiles that she wanted to. That being said, today is a super exciting day on the Cyber Queens. We are really excited. We have CybersecurityGirl, Miss Caitlin Sarian herself here on the podcast with us. We're thrilled, so I met Caitlin earlier this year at RSA for the first time and then we ran into each other again at Black Hat and Caitlin very, very boldly did not have a Black Hat plan so we ended up doing a lot of things together just because I was like, are you going to go here to this? I started getting into the cybersecurity education and awareness space literally just because I started my TikTok. So before I started that channel. I didn't want to start a TikTok for the various cyber security reasons that most people want to argue about. But I started it right after they decided to move all of their servers over to the US and then they paired up with Oracle. And then I realized, you know, everyone thinks I'm some freaky genius for being in cyber security or that I know how to code and I was like, you know what? I don't even know how to code. Like I learned how to code in school and I've never touched a piece of code since I left and I've been in cyber security for 10 years. Caitlin's a phenomenal person. Caitlin is super cool. So I love your platform, love everything you talk about. You and Amber actually are killing it over there on TikTok. But I would say I don't know of anyone tackling Amber and being like you're EngineerAmber But people come up to me and call me by my handle and I feel like people call you by your handle a lot, and call you cybersecuritygirl! I'd practiced and tried it multiple times. I was like, would people be able to find out who I am? And it really wasn't until I went to TikTok where I was like, okay, I'm going to actually put my name on this. Most of my stuff is basic entry level stuff. And so it was embarrassing for me. Cause, I've obviously been in this for 10 years. I obviously know the higher crazier things, but general people have no idea what we're talking about. And so I was really trying to hit the more general audience. And I was like, Oh my gosh, if the partners see that I'm talking about privacy in this type of way, this is so embarrassing. That's why yours is like LinkedIn ready.
Erika Eakins:I have a question for you. So did your employers have a problem with it at the time? He was like, how much time do you spend on TikTok? I'm like, I'm doing my work here and I don't have a family. This is my life outside of work. So allow me that space because it's not interfering. But a lot of people just don't get social media. Like literally, I recorded a video of getting ready for this with a trending sound that was a six second video and that took me about 20 minutes to do and I'm like, okay you probably think. these videos because for the normal person, it takes a long time, but anyways, they didn't have issues until I left. So I didn't know what I wanted to do. I did mechanical engineering because that's the foundation of every engineering. It's just basic. And I started doing tech consulting interviews. And when I interviewed at EY, one of the ladies that interviewed me, who's now still my mentor, Danielle, she was like, Hey, we're starting a cybersecurity practice. And I was like, I literally have no idea what it is, but I'm going to go for it. And that's how I got in. Everything I learned was on the job. And again, to this day, I've never coded and that's why I'm so passionate because there’s genius people and Cybersecurity I feel like, is like our own little bubble and we want to protect it and be like only these types of people are in it but because of that I feel like it's similar to a boys club, it's like a cybersecurity club and we're not allowing people that maybe don't have the coding skills to get in or we're not being as welcome as we should be and there's so many roles that are open right now and I mean cybersecurity is not gonna die anytime soon so I just really wanted to like break that stigma of You have to be some freaky genius to get in you have to know how to code and What you would need to, crack the algorithm from the U.S. government at age 13 in order to get it. Like, none of that is a thing. I mean, you can, but... This could be done better. By the way, no one here is a gatekeeper. We are all barrier breakers here on the cyber queen, so just love that. Love that for the audience. So tell us how your creating TikToks led to you getting a job as a global cyber leader at TikTok. Cause again, I specialize in data privacy and I worked at a global law firm for a very long while and have a lot of experience in it. I love it. So I actually interviewed with their privacy team, got the job with their global privacy team. And then I remembered that she had reached out to me and I reached out to her being like, Hey, by the way, I just interviewed with privacy. But also my role was to be able to educate the public, educate our consumers and our users on TikTok on how they can stay safe, how they can utilize all of the security tips, the two factor authentication, how you can turn on VPN, all that stuff, through TikTok. So it was a really, really cool role where I got to make fun TikToks that was posted on the TikToks tip page and then also make fun videos internally for our own users. I was just going to say that. It's so bad and boring and just terrible because I worked for... A company called Cofense and they did manage fishing detection and response.
Caitlin Sarian:I think there's a few factors as to why it gets a little weird. And I noticed this when I worked at TikTok legal comes in and changes like scripts around so when I made really great fun scripts They're like this also needs to include these specific sayings and I'm like, no, it doesn't I've read that I've read that law It's not needed but if you need me to put it in and then a lot of like weird legal jargon comes in or it gets reviewed, especially in the corporate environment, it gets reviewed a lot by multiple people, marketing, PR, because, especially at TikTok, anything internally, we're expecting it to go external, someone's gonna say something, so we have to talk to PR, we have to talk to legal, and it ends up adding a bunch of extra stuff that is not necessary, A lot of the videos I make are like 30 second videos and they're funny and they're relatable and that's what it is. You need to make it relatable to them and for them to understand that it's important but in a fun way so you're not shoving stuff down their throats to have them remember stuff they don't want to know. Like, why would non cyber people want to know about cybersecurity?
Erika Eakins:I'm excited about cyber after working in cyber all day.
Caitlin Sarian:I do. Because it's pairing what they already want to see with a little bit of education. It's not too much, it's not overwhelming, it's just like you're getting little snippets of reminders and then there's a bunch of studies that show that someone has to see something seven times in order for them to even grasp it or remember it. It was just like, Hey, and I was like, yeah. And it's like, what are we going to do about that? And then it's a smashing sound. And it was like. Hey, what are we going to do about that? And it's like, get people to give a shit about cybersecurity. Sorry guys. And it was like, Oh, make TikToks about it. Because that's what people are into. It's so quick. That's what people don't understand. And I'm sure you went through this a million times. I can't even imagine at TikTok. But even for my companies, personally that I've worked at, it's like, okay, marketing wants to get involved. It's one of those things where it's so bad that they're like, we've made it a point to where you can't just fast forward. We've made it a point to where we're watching to see if you're actually watching the screen. Right. Cause I used to do that. I would open like six different windows and just play them all at once. I'd be like, cool, here we go. private browsers, six of them. You don't know. People aren't forced to watch it, to wait until their show starts. They're going to scroll. And so it's the same as I honestly feel like when I accept sponsored deals, which it's very rare for me to accept, but when I accept to sponsor deals now, I make sure that I'm like, okay, no, it's in my own voice.
Erika Eakins:Would you say that TikTok allows you to reach the most diverse group of people? And I know I'm going to ask another question and you're shaking your head. And can you talk about the importance of diversity in cybersecurity and reaching those types of audiences? It was ridiculous. People were asking me to help get verified. I'm like, when I figure it out for myself, I'll help you. I don't know. Getting more diversity into STEM and cybersecurity was one of those reasons because I'm just really tired with the same people being at the top of the table or the head of the table. Yes, I understand that they're there and they deserve to be there and obviously what they did worked but we're in a day and age that continues to grow and learn and evolve and if we're not bringing different types of people, different types of opinions and different types of answers to the table, which we won't get unless we have more diversity, Then we're shooting ourselves in the foot. There's so many open jobs right now, and all these entry level roles require three, five, six years of experience, which makes no sense. And then we're shooting ourselves in the foot in the future because we're not even allowing actual entry level people to get into cybersecurity to have those skills. They have to have three to five years in a CISSP, which you can't even get a CISSP unless you have five years of work experience. I've seen that five years and a CISSP. You can't even get that at entry level, but whatever. That's not my point. The point is that we're going to have a huge problem and all of these people that get recycled, that are the same people that are getting the same jobs, which, they're there for a reason. It's fine. When I want to get in the industry, but if you're continuing to hire me, just because you can check that box and then you're just going to hire the same person that looks like you after me, it's going to become a problem. I've told people multiple times I was denied a web app pen tester position, like two weeks before I got hired onto the red team at zoom. Your value literally just depends on the market you're advertising yourself in. I love the diversity topic, and I would love to talk about that and literally nothing else, but we did promise the good people that we would talk about the importance of cybersecurity and recent breaches that are hitting Las Vegas a little hard right now. If someone, similar to the MGM situation, gets suckered into a phishing email or some type of social engineering scam, You're going down and, and this is also where we can bring diversity back in just a little bit. You need to have and, bring back what I had said previously too, but you need to have someone in your company that's in charge of fun, interactive training for your employees, because that's like the biggest thing that you can do. And so I think more budget needs to be put onto training awareness. And you can also bring diversity in here because you know what? Having a more diverse group of people allows you to better understand what people want. All different types of people in your organization. What people want to see in a training that's not boring, that keeps people's attention is relatable to your general user.“the security awareness free version that some companies offer!” I ran into that when I worked at Kofence and I'm like, bro, that's just not enough. Like, come on. So like, as a sales engineer, our job is to go in and talk about like, Here's the use cases, right? Okay. This part of your job sucks. That's great. Okay. This is a possible risk and breach potential breach. Great. Let's actually show you like what would really happen if that happened. Right. Cause nobody cares about preventing it as much. Do you guys think that orgs should be forcing people to do it more often, more than once a year? Like what should we do? How do we address this? And like the basic ones aren't really going to show you the importance or do anything. They're really boring and not relatable and not digestible. It's very heavy legal jargon. And so I think there's a good mix of outsourcing the standard basic cybersecurity training, but for your specific company, you should have a team that's making it, that's way more fun and relatable to stuff that your company actually uses and does and thinks about on a day to day basis.
Maril Vernon:I've been in so many tabletops. We all sit down. I'm like, okay, what do you do when something's going bad? We all call this guy. Okay. That guy's out on vacation. Now, what do you do?
Erika Eakins:Or on your phone, where somebody can hack your phone and get it out of you.
Maril Vernon:Yeah. But I mean, every nice thing you try to come up with to make your user experience better, like SSL and federated users and stuff like that. I'm going to come right along and break those things. And we're all going to go back to the stone age where we do have to log in six times.
Caitlin Sarian:Yeah.Well, I always knew that I was put on this earth to do bigger things. And I always wanted to help people and that's literally why it kind of drove me to start my TikTok channel. And when it was growing so much, I realized I'm really, really passionate about anything I start working on. I literally was like I'm in my 30s and I've been hustling and grinding and This is not where I want to be so that was one of the reasons but that was a Small reason the main reason was because I realized how much of a need this was for everyone like again we are given technology at a young age like literally kids are swiping their phone before they even have their first word and no one, it's similar to taxes. I'm just starting, I have interviews with my first few interns next week, but, yeah, there's a lot of stuff that I want to do to help educate the public on online security and education. And obviously I also want to get more STEM in, there's two buckets, right? There's like the general public, and then there's the bucket of like who wants to get into cybersecurity and how, how I can help them.
Maril Vernon:They're also so high level, they're like 30,000 foot views of security concepts, like the CIA triad and stuff, and it's like, you haven't even told these people how that applies to what we do. And it's like, okay, well, do you guarantee me to get a job? No, we don't ever guarantee that. Well, then why am I paying you? Well, for intro to cybersecurity. And I'm like, well, I could find all of that free and I could do all this, but what is your coaching actually offering? And there's a lot of LinkedIn influencers now that are saying that they can do all this stuff, but I've never seen anyone prove it. So you need to target things that actually give you skills to do that thing, not just be called that title.
Erika Eakins:Well, and the schools and certification and boot camps, they let you take out FASFA for federal loans and whatnot, but then you're in debt. Right? So we have student loan debt problem. We're entering. I mean that I have student loan debt because I have multiple degrees. And I'm like, this means nothing because right now, none of you guys are hiring entry level. So talk to me when you're hiring entry level like actual entry level because what do you want me to do? I don't know what to tell you I can give this to someone but it's gonna be discouraging because all these people are saying, oh I got this certification.
Maril Vernon:Yeah. Yeah, I would agree. All right. This episode has been 45 minutes long already. We are having such a great time, but unfortunately we do need to bring it to the end.
Erika Eakins:I love that. Speaking of that, there was a study that I read that, uh, security budgets are even being taken away more in 2023.
Amber DeVilbiss:I think one thing I don't usually say on these, but Maril made it a point on my first time on this podcast is, find a few mentors, even if they're not your mentor.
Maril Vernon:So many. Um, now don't, don't listen to everybody on YouTube. Some people out there do not know what they're talking about, but there are definitely the good ones. You can find the good ones. We're going to have one of them on the show next week. Coming up next week on the next episode of Cyber Queens, we have Heath Adams from TCM Security, the cyber mentor himself. So the harder you make my job, the better off you will be. But also it is going to be to tailor that security awareness training, because I think the most effective training I ever saw was not super general and like, hackers are bad. Watch out for them. It was seeing my own coworkers be like, this is our definition of PII. No big deal. Thank you so much for spending your Friday afternoon or morning with us. Thank you. Again, next week we have Heath Adams joining us. So be sure to tune back in for that. We're going to be talking about affordable, accessible, practical, and realistic upskilling in cyber skills and everything that he's doing with the good work over there. And Caitlin, please tell the good people where they can find you. And if you've got anything coming up.