This rising cybersecurity star is phishing for the greater good
She’s a cybersecurity pro. An adjunct professor. A published author. A mentor. And more. While her lengthy list of accomplishments is already impressive, this 2020 Infosec Accelerate Scholarship winner is far from finished. Meet Alejandra Diaz, the extraordinarily skilled and perpetually curious up-and-coming security star who’s making it her mission to raise awareness and mentor others.
The spark that ignited a cybersecurity career
Today, Alejandra is a cyber software engineer lead and cybersecurity intelligence analyst at Northrop Grumman, a global aerospace and defense technology company. Not too long ago though, she was struggling to figure out what she wanted to do with her life.
Like most of us, Alejandra spent the latter half of high school trying to determine what path to pursue in college. Unlike a lot of us, however, she discovered her passion pretty quickly — and stuck with it.
While initially uninterested in following in her father’s footsteps, Alejandra decided to take a programming class just to see if she’d like it. But this mere curiosity quickly turned into a full-blown fascination. “I didn’t realize I would like it so much, and how easily it came to me,” she said.
I realized then that not only did I seem to have an aptitude for cyber, but I immensely enjoyed understanding how vulnerabilities worked and how the human mind can be tricked into creating computerized chaos.
Phishing study on her undergrad class
With her sights set on cybersecurity, Alejandra decided on the Center of Women in Technology (CWIT) Cyber Scholars program at University of Maryland, Baltimore County (UMBC). “I knew I could get the specialized mentoring and community support that would best help me be the cyber professional I wanted to be,” she said.
Throughout her undergrad program, Alejandra competed in cyber competitions, expanded her professional network and completed internships in research and development, but four years just wasn’t enough. She quickly applied to UMBC’s combined BS/MS program where she could earn both degrees in just five years.
For her Master’s thesis, Alejandra set up a social engineering experiment to better understand the psychology of user susceptibility. “Understanding why a user is susceptible to these kinds of attacks is important. The most critical and vulnerable part of a company is the user, no contest.”
Unlike past experiments, Alejandra targeted very small and very specific audiences at UMBC to see if there were any differences due to demographics. “I wanted to understand: biology students versus computer science students versus music and art, is one group more susceptible than others?” With this question in mind, she sent out three phishing emails: one was a thank you from Paypal, one used a scare tactic and the last one enticed users with a monetary incentive.
While the experiment revealed that monetary incentives are far more likely to be clicked, it also suggested something even more interesting: students who know more about phishing attacks might be more susceptible to them. In short, they think it’ll never happen to them so they’re not as careful.
Alejandra’s study, Academic Phishing: An Analysis on User Susceptibility and Behavior, was later published by Cryptologia and Bitdefender, sparking conversations about new ways to tailor cybersecurity training.
The importance of mentorship and education
While advancing her career and gaining a wide variety of experience is important to Alejandra, mentorship, education and giving back are her top priorities. “I firmly believe that guiding others like past mentors guided me is the best way to give back to the community,” she said. “And if future students are not really sure if they want to do it, I can help ease their fears and help them make that decision.”
When she’s not working at Northrop Grumman, Alejandra shares her skillset — and the joy of experiencing those aha! moments — as a mentor to peers and past students and as an adjunct professor at UMBC and Society of Women Engineers (SWE) volunteer.
For those she can’t teach or mentor directly, she offers three pieces of advice:
1. Take risks
“If I didn't take risks and jump at opportunities, even when I felt uncomfortable, I wouldn't be where I am today,” said Alejandra. Whether you’re afraid to ask for help or terrified of failing, Alejandra’s best piece of advice is to get out of your comfort zone and go for it.
2. Never stop learning
“If someone is complacent and stagnant and doesn't want to learn new things, they're quickly going to be left behind,” said Alejandra. “That’s not helpful to the team, and it's just going to keep yourself from going to the next level.”
3. Sharpen your communication skills
“You have to be able to talk to people in different teams,” said Alejandra. “No matter how skilled or qualified you are, being able to convey your message is really important — and something that I work on as well.”
Staying relevant with Infosec Skills
As the world of cybersecurity continues to evolve, Alejandra looks forward to diving in and evolving with it. For now, that means using her lifetime Infosec Skills access to work on certifications like the CISSP.
“I definitely love where I am right now,” said Alejandra, “but I'm eager to look for different opportunities and get more responsibility, maybe in policy or on the management side. Currently, I love what I'm doing, but I don't want to stop learning.”