Introduce yourself! Who are you? Where do you work?
Hi! I am Stephanie Ihezukwu, an IT Security Analyst for Norton Rose Fulbright.
Who or what got you into security?
It’s actually random and not very interesting, I’m afraid. I got through three years of Journalism school, doing a Print Journalism concentration and I realized three things: 1) I hate prying in people’s business when I do not know them. 2) I didn’t like someone telling me what to write and when. 3) I was going to be dirt broke when I graduated and may not even get a job.
At that point, it became clear that I needed to switch majors. The first college I went to was a creativity hub, but also a place where you got to explore yourself. I had talked with the engineering students, the bio/chem students, the arts students and some computer science students. I was afraid to make the switch to a more science-based major, but when I was voluntold to switch schools to save money, I decided to take the plunge at my mother’s suggestion.
When I got to the Computer Science department to declare my major, the secretary asked me what concentration I wanted to pick, one of them being Digital Forensics/Information Assurance. It sounded so cool that I picked that. And that is how I got into security. Years later (6 years, to be exact), a company simply took a chance on me and that is how I got my first security job.
What excites you about Infosec specifically?
It’s kind of a double edged sword. I love the fact that you’re always learning something new. I get bored fairly easily and I love learning and being exposed to new things. Learning new things, creating new solutions to existing problems, messing around with frameworks and technology that colleagues have made. All of that is exciting. The energy of infosec is alluring and electric.
I see you have some certifications - have they helped you in your career? Would you recommend others pursue them too?
I don’t think so, but I can’t be sure. I don’t think they hurt. If anything, I would say that it looks good, but it isn’t a game changer. My certs didn’t change my job prospects, it just allowed me to feel more confident in my abilities. I wrote a blog post about it a while back. Here is the link.
How do you think the security industry will change over the coming years, and how might that affect your role?
To be honest, I am not sure. It could go a number of ways. I think it depends on factors that I am not 100% privy to. InfoSec shapes the world, but the world also shapes InfoSec, so really anything can happen. In terms of my role and how it will be affected, I’m going to hope for the best and not jinx myself.
What has been your toughest lesson to learn in your software career so far?
Corporate politics. I am not so good at that. I’m kind of a direct, what-you-see-is-what-you-get type of girl. My default is to be honest and upfront. To my surprise, that is not rewarded in corporate settings. I have gotten in trouble numerous times for “speaking out of turn” or butting in. I have been called aggressive for standing up for myself. I have been excluded from critical conversations because I would provide a perspective that highlights areas of improvement. I’m not a “yes” girl, I am a “let’s see what is right” girl. It has cost me, for sure, but I got some advice from an InfoSec veteran a couple weeks ago. He told me not to change, so I won’t. But I now know what that means and what it will cost me and I am willing to pay the price to maintain my integrity. I guess I am like Ned Stark from Game of Thrones when it comes to corporate politics. I do my duty, but I will also speak up for what is right.
What would be your number one piece of advice for a successful security career?
It’s a tie between “learn more” and “find your tribe.” If you’re not interested in learning, this is not the field for you. If you want to feel like an expert all the time, this is probably not the field for you. You will be challenged, you will learn something very thoroughly and it will be deprecated, you will fail over and over again. It is not a journey for the faint of heart, but you come out on the other side a tougher, more resilient person for sure. As for finding your tribe, I am a firm believer that this is very important for those failure moments. I would also say that this is very important for inspiration. When going into war, do you go alone or with a troop? Find your tribe and thank me later.
Have you got any hobbies outside of your job? Do you think they help your tech career in any way?
I write. I maintain a personal blog for some of my work. My first love is writing. It is the one constant in my life. I would say that I spend a lot of time doing it, but that would be a lie. However, when my soul feels depleted, I pick up a pen or a keyboard and write to my heart’s content. I think it has helped me but also hurt me. I am known to write a lengthy email. I can write documentation well. You’d be surprised at the amount of people that can’t write well.
What books/resources would you recommend for others wanting to follow a path similar to yours?
Professor Messer videos helped me with studying for the CompTIA tests. It was awesome. I like LabSim. However, most of my learning came from work and learning at work. I can read a book and pass a test, but it is virtually useless to me if I don’t get any hands-on, real-world experience. I know ports and services of ports very, very well and that is because I spent two years in Web hosting. For me, nothing beats on the job learning.
Finally, make your shoutout! What would you like the readers to go have a look at?
I tweet fairly regularly about a myriad of things. You can follow me @stephandsec
I run a blog that I have neglected but I have some things coming out soon. https://stephandsec.com
I will be on a panel at the tabGeeks conference: https://2019.tabgeeks.com/speakers
I recently had a conversation about my career trajectory on the Getting Into InfoSec podcast: https://gettingintoinfosec.simplecast.fm/infosteph-from-journalism-to-it-support-to-security-analyst