Networking, engineering and education

Chris Sienko: As you probably know, October is National Cybersecurity Awareness Month and to celebrate, Infosec is giving away a free month of its Infosec Skills Platform. This is a subscription-based skills training platform for cybersecurity experts. If you'd like to learn more, please go to infosecinstitute.com/podcast and don't forget to claim your free offer before October 31st. Hello and welcome to this week's episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how these trends are affecting the work of infosec professionals, while offering tips for those trying to break in or move up the ladder in the cybersecurity industry. Our guest today is Tia Hopkins, Vice President of Global Sales Engineering at eSentire. She's held many positions in the cybersecurity sphere as well as several adjacent to security. So we're gonna talk today about career paths to these positions, her work with eSentire, and the unconventional start to her career that lead to the place she is now. Tia's currently the Vice President of Global Sales Engineering at eSentire, where she's focused on leading the team in providing pre-sales engineering support. She has held various technology roles including Senior Solutions Architect and Director of IT Services at service organizations. She is a adjunct professor for Yeshiva University's cybersecurity Masters program and a career mentor for Cybrary and Built By Girls. She is a Certified Information System Security Professional, CISSP, Certified Ethical Hacker, and Certified Hacking Forensics Investigator. She also holds a Bachelor of Science in Information Technology, a Masters of Science in Information Security and Assurance, and MS in Cybersecurity and Information Assurance and plans to continue her education in pursuit of an MBA in IT management. Tia, thank you so much for joining us today.

Tia Hopkins: Thanks for having me.

Chris: So in our conversation before the show, I was told that you have a had a really interesting career path. You started out climbing cable poles to install cable before moving into IT and cybersecurity, into the position you are now, on the sales and engineering side of things. So tell me about that a little bit. What was the transition point from cables to IT to security? And were you always interested in computers and tech?

Tia: Yeah, so I think I'll sort of back into it. It started with my interest in tech. As a little girl, I think I've always had a bit of a maybe an engineering mentality. When my mom would buy me toys, instead of playing with them, I would take them apart to see how they worked.

Chris: Yeah.

Tia: My first computer, I did the same thing. I was 12 years old, got my first computer, took it apart and also built my first computer at 12 because my mom said, "Put it back together or else." So that's kinda how that started.

Chris: Right.

Tia: But that forwarding to sort of, I guess you could say, my start or breaking into the space. I was working for what was BellSouth at the time in Miami and it was when the big transition from dial-up internet to high speed internet, which was DSL, back when it started. So there was a bit of a, I would say, gap in terms of phone service technicians that wanted to do that work because there was some hesitation or, you know, lack of belief in the viability of it, et cetera. So that's where I had the opportunity to get my start. So while I was working on the phone side of things, when you install an internet connection in someone's house, especially when it's high speed, they wanna know, hey, how can I get this on more than one computer? So that's how I sort of got started in the networking space. I got to a point where I was kinda tired of not being able to answer those questions. How do this that? How is this network, How do I get wifi? What does this mean? So I started to do some research on my own. Coincidentally, it happened to be a point in time where I think we were going from I wanna say maybe Windows 98 to Windows Millennium and people were getting faster computers. So I was able to get like four or five computers from a Goodwill or something like that, put them all networked in my home and just labbed it up and played around with things. And my interest really took off from there.

Chris: Oh, that's great. So, okay wow. So you really learned by doing then. Like you say, you had to reassemble your first computer and then in terms of learning networking and security and so forth, you were literally working at home on your own, sort of a lab of your own creation.

Tia: Yeah, I mean. One, because I really didn't know what type of training, et cetera, I should be looking for. And two, back then I couldn't afford it. So it was just, you know, lab it up and figure it out.

Chris: What years would this have been, roughly?

Tia: This would've been early 2000s.

Chris: Okay, so yeah and at this point there wasn't... I don't feel like that security and that side of things was as prominent, in terms of, like, you didn't have these huge dedicated security departments and stuff. So you were really kind of on the cutting edge there, in terms of learning some of that stuff. Networking and whatnot.

Tia: Yeah, I guess that's right, I probably was. If I remember correctly, I think the big draw or the thing everyone was going after at that point was the MCSE.

Chris: Right, okay, yeah. Yeah, there's a lot more in the space since then. So procedurally speaking, like how has the industry changed around you in that time? Since when you first started. What are some of the big changes that you've seen since then?

Tia: Yeah, I mean, just going back to the whole MCSE thing, I think Microsoft was just sort of making a splash and getting big into the service phase and becoming larger in the enterprise, so to speak. But at that time I didn't really have enough experience to follow that trend. So I really enjoy what I was doing with the phone companies, installing internet, which eventually turned into networking because I learned more about the physical side of things instead of the logical side, which would've been the path I would've gone down with Microsoft. Which really helped expand my networking mileage in general. I still tell people today, even though the industry has shifted to more of a focus around security, we're still following the data. So understanding how data moves is very important. And I think that's one thing that has not changed. Data will always move the way data moves. You may have to take different things into consideration in terms of how you secure it, for example, the shift from, "Hey, I'm good with a firewall "and an antivirus because all of my employees "are inside this building." To now you have borderless networks where they're everywhere and they're using their own computers and checking email on their phones. So the considerations are different but at the foundation of it, at the base of it, data is still moving the way data moves. And that's really where I got my start understanding data. And I've had several bootcamp instructors, professors, tell me that when studying for certification exams or trying to understand content, the fact that my background was in networking cuts my study time in half.

Chris: Yeah, absolutely. And we've heard that so many times on this show before that, you know, if you wanna know how to secure a network, you need to know how to make a network and work a network and so forth.

Tia: Right.

Chris: Could you walk me through some of the key points of your career? What are some job changes or experiences you had or skills that you learned that helped move you forward in each new phase of your career, up to where you are now?

Tia: Sure. I think I was really fortunate to come into my role with the phone company as a DSL installer instead of just a phone technician because that was sort of a natural bridge into computing and networking. So that role allowed me to go full-time into like a CIS admin role. It was really, I don't like to use the word "grunt work" but I really was like a tunnel rat in New York City, just running around in different offices, finding desktop icons, running network cable and things like that. But it was really good experience in terms of helping me understand how to work with users, how to solve problems, how to troubleshoot, how to maintain expectations and things like that. From there, I transitioned into my IT director role. I spent many years doing networks, system support, but throughout all of this, I'm still doing my own labs, studying for certifications, trying to keep up with what's going on in the backend, at this point I haven't had any formal education, I hadn't gone back to school yet, et cetera. So when I moved into the IT director role, I had the experience of handling customers and also building infrastructure, planning infrastructure, things like that. What I didn't have was the business side of it. How am I having conversations around return on investment and how am I contributing toward lowering cost or being more innovative, things like that. So those were things that I learned. But I got to a point when I was doing that that I felt like I was kinda starting to do the same things over and over and over again and I wanted to help in the business that I was working for grow. And I felt there were three areas just based on where the industry was at the time. I would say that this was around maybe 2006, 2007. Maybe a little later. But at the time, my thought process was: we can either focus on cloud, we can focus on security, or we can focus on DEV. DEV was out for me because coding has just not ever been something that I picked up. But I thought to myself, well, how would I focus on the cloud when I'm dealing with environments on Prim that are probably not as secure as they should be.

Chris: Right.

Tia: And if I move them to the cloud, it's gonna only increase the attack surface. So maybe I should place my focus on securing the environments on Prim. And so that is when I went back to school and I started studying for my CISSP, my Security+ and all those things. Because I wanted to understand, okay, what's out there? What am I gonna come up against? What don't I know? And that just lead me to falling in love with security. And the company I was with at the time unfortunately didn't have a focus on security so that is what lead me to the path of the solutions engineering jobs with other organizations because it allowed me to focus on security, playing around with different tools, understand pain points in the space. And I also really, really enjoy consulting customers, as well. So while it's mostly in a pre-sales role, it doesn't feel like pre-sales because, at the end of the day, I'm still solving problems.

Chris: Right, yeah. You really are sort of right there on the ground and sort of mapping the space out and finding out exactly what they need. You're not just delivering product.

Tia: Right.

Chris: Yeah, so... You said, you know, before you could do that, you went back to school and you got some of these certifications and you learned these different technical aspects. Can you sort of tie those two things together a bit? Tell me what, for instance, like, the CISSP or the CEH, what you needed to learn from those to do what you do now as well as you do.

Tia: Sure. So I started with the Security+ and I recommend that to everyone. Individuals that don't have a networking background, I recommend. Even if they don't take the Network+ exam, to go through the content because I think, again, it helps to understand how data moves. But I did do the Security+ but after I got my Bachelor's degree. So my thought process behind getting my Bachelor's degree was I was already at a management level and when you look online and you look for job descriptions, et cetera, at the management level, most of them require you have to have some sort of degree. And I had just been sort of labbing my way through life.

Chris: Right, right.

Tia: If you wanna call it that, right? Just landing opportunities because of what I knew just not what I was formally educated on. So I felt if I was going to get the respect that I wanted, in terms of applying for these jobs, that that was just something that I needed to do. So I went through that and I actually got bit by a bit of an education bug.

Chris: Okay.

Tia: You know, but people like to say to me, "Oh, you love school." I'm like no, I don't really love school, I really don't like the process. I just love the outcome.

Chris: Yeah, like learning.

Tia: Yeah, I actually got my Bachelor's and both Masters degrees without stopping. I didn't take a break. And I also worked on the certifications as part of that. So the idea behind that was if I'm gonna move into this new space, I need to understand the conversations that the professionals that are in the space are already having. What are they talking about? What do they mean when they say certain things? And in addition to that, to help guide me. Because I didn't have a mentor or anything like that at the time, to help guide me. I was really just using... I don't even think LinkedIn was really a big deal back then, I was mostly using things like Monster and Indeed, looking at job postings and saying, "Hey, this looks like a job I might want. "What's listed here that I don't have? "And let me go get it." And I was, that's sort of how I pulled all that together. And so, again, I started with the Security+ but as I continued to do research and see what folks were focused on, I moved into the CISSP and then on and on from there.

Chris: Okay. Okay so let's talk a little bit about your current position, you're a, you know, you say a security solutions engineer. So can you tell me a little bit about the sort of parameters of your job? Like are you kind of on call all the time? Do you keep steady hours? Are you in the office at a certain point? Do you work from an office? Do you work from home a certain amount of time? Like what are... Like if someone wants this type of job, what can they look forward to?

Tia: Sure. So, being in a pre-sales role, and technical pre-sales, I absolutely love it. Let me just say that. But being in a technical pre-sales role, it is sales. So typically what you'll find is that you're paired with a sales rep and you'll be responsible for a book of business within the specified territory. You'll find a mix between whether you're working from home or in an office. My job prior to the one I had now was fully remote because the organization was based on the west coast and the sales team was just distributed across the U.S. and I supported the east coast. Now, I have the option to go into the office or not. But I tend to go into the office anyway. But a lot of times I'm on site, talking to customers, which is something that you can expect in these meetings, right? You wanna have meaningful discussions and I think there's something to be said about sitting down in someone's office with them and looking them in the eye and having a conversation with them about what matters over being on a WebEx and not being 100% sure whether you have their attention or not. But the role itself could be either of the two. It could be a lot of WebEx or Zoom meetings, et cetera. Or it could be on site meetings. Now, the pre-sales engineer role kind of varies in terms of responsibility. You'll find organizations where the pre-sales engineers are responsible for just doing demos or leading proof of concepts and it varies from there all the way up through the solutions engineer being fully engaged in the sale cycle with the sales rep. Which is what my role is like now. So we partnered the full way through, we have our conversations with the customer together, we discuss the solutions that we're gonna present, and then I would be more responsible for the technical enablement around that, helping the customer to understand how it's gonna integrate, how it's solving the problem, and things like that. And how it's gonna work from an operational perspective.

Chris: Can you sort of walk me through like a sample, like it doesn't have to be based on a real case but let's say like you're starting a new case with a new client. What are some of the things that they're going to... What are some of the problems that they're gonna ask you, in tandem with the sales person, to solve? And how do you use your skills and your background and your study knowledge and whatever to facilitate these solutions for them?

Tia: Yeah, sure. That's a great question. So what I find, most of the time here at eSentire, is that the customers or prospects that we're speaking to are overwhelmed with the tools that they have in their environment, right? I mean, cybersecurity is a very complex space, there's tons of vendors, there's tons of tools and tons of categories. So security practitioners are, I mean, I'd go as far as to say burdened, with figuring out which tools are the best fit for securing the enterprise that they're responsible for. So when we talk to customers, it's because they're overburdened with alerts coming in out of tools, they don't really have a big enough team to fully focus on security, but they're aware of what's happening in the wild. All the attacks and threats, relevant to their environment. And at the end of the day, they just wanna be able to sleep at night and know that their organization is protected. So that is the service that we are offering to them. Being able to monitor their environment for them 24/7, hunting for threats and responding to them on their behalf. So when you get into those discussions, where my experience becomes relevant is being able to have conversations around what's going on in the threat landscape, being able to establish rapport by being familiar with the tools that they have in their environment, how they integrate the areas that they cover, the gaps that they leave. And then also being able to provide a bit of thought leadership based on my experience, you know, conversations with other customers, articles that I'm reading, research that I'm doing, et cetera. So it's all relevant. I think probably the biggest component for me is being able to establish rapport because once you speak to a customer or prospect and they feel comfortable that you know what you're talking about, then they feel more comfortable talking to you. And I think technical sales in the security space is a bit challenging when compared to other spaces. I mean, just to throw some things out there, like selling storage or something like that, because if someone were to come to your house and knock on your door and say, "Hey, I can help you fully secure your home. "But first, you have to tell me all the way I can get in." You're gonna be a little hesitant to do that, right? So you do have to earn a bit of trust to enable you to get the information you need to design the right solution.

Chris: Okay, so along with... Yeah, obviously, communication skills and the ability to, as you say, develop a rapport with your clients, is a huge asset for someone who would want to get into this sphere. What are some other... Are there other soft skills or other even hard skills that are really, really crucial if you're gonna do this kind of work?

Tia: I find that the hard skills, the more technical skills, are probably easier... Am I saying the right word? I'll go with it. Easier to come by than the soft skills. Because you can read a book, take an exam, watch some videos, right? To absorb that content. But I think combining a strong technical acumen with a good sales skill set is challenging. Because I think me and--

Chris: Yeah, it's not common.

Tia: Right, yeah. So being a good sales person is a combination of a strong technical background so that you can establish a rapport that will allow the audience to listen, but once they're listening, you have to communicate in a way that's gonna hold their attention and make them continue to listen. So I think important soft skills are a little bit of the ability to communicate, but in order to communicate effectively, you have to have incredible listening skills so that what you're saying is relevant to what you heard. Some of the feedback that I give, individuals that I speak to, is that you have to listen to listen. Not listen to respond. Because if you're listening to respond, then you're already formulating what you're gonna say in your head. And if you're thinking about something else, you're not really listening. And it can be that minor detail that you miss that could be the differentiator in a conversation like that so that's critical for me. And then, you know, a little bit of charisma doesn't hurt either.

Chris: Sure, absolutely.

Tia: And being able to read a room--

Chris: I wouldn't know but I've heard good things .

Tia: Yeah.

Chris: So can you give me an example of a time where you really had to listen to listen and someone was sort of giving you clues into, you know, something very difficult that they were looking for that might not have been otherwise caught by the salespeople?

Tia: It's usually, It's usually a technical concern. Because when you're in a meeting with your sales rep, the two of you are listening. You have the same goal but you're listening for two different things, right? A sales rep is gonna be listening for buying cycles, challenges around getting signatures, how soon are we getting this deal done, is anyone going on vacation, right? I'm listening for what's the problem that we're solving here that's gonna get you to sign? So we can worry about who's gonna be in the office.

Chris: Are you gonna be satisfied beyond the point when you sign the line. Yeah.

Tia: Exactly, right? So, you know, challenging discussions come into play I think for me, when you have an organization that thinks they have it handled themselves. Like their internal program has it covered, I've got resources, I've got tools, and you have to do a bit of evangelizing and educating. Evangelizing to help them understand the service that you're offering and how it helps them, not takes away their responsibility. Because that's a concern as well with any organization that's looking to partner the team that's currently responsible for what you're augmenting has concerns about, well, where's my value gonna be? So, you know, ensuring them that that is not a concern. But then also paying attention to the technical challenges that they have, listening to the tools that they told you they have so if you heard something in the news about one of their tools... Like a couple years ago, Cisco had some issues with a lot of security advisories around their ASA products, granted, it's end-of-life but customers are still using them. So when customers would mention things like Cisco ASA, I would jump in and have discussions around hey, are you aware of X, Y, and Z? And a lot of times, I'll get, "No, I didn't know about that." So that's my way in to educate, further establish rapport. But I think when you get into challenging situations, you don't push back, right? You don't wanna tell a customer that their baby's ugly, you just wanna you wanna find another way to penetrate, get them to open up a bit, and then kind of come back around the corner with the point that you're trying to make.

Chris: Okay. I feel like I know the answer to this question already but is this type of pre-sales security engineering, this is probably something that's not something you would be able to do freelance, right? You're mostly gonna be hired by a company that needs this type of service, right?

Tia: Right. Because you're gonna be selling a service for a company. So you're either gonna be doing it for the company directly or you'll work for a partner of that company and sell it along with other things for that partner.

Chris: Okay. A lot of the career tracks we talk about, you know, some people do them freelance, some people do them for a company, and I just needed to ask that. So to that end, if someone's looking to get your type of job, not your job necessarily, but you know a pre-sales security engineer solutions type job like where would they... I guess, what would they need to do in advance of that in their life and in their career to make themselves desirable to a position like this? And then what types of companies would they be looking for to try and find something like this?

Tia: Sure. I think it's a combination of a solid technical background and great customer service skills. Because I think customer service is a great umbrella for the listening and making sure you're solving the problem and setting expectations. All the things that make for an amazing sales experience so to speak. But if someone is just starting out, I would heavily, you know, strongly recommend a focus on doing it first. Because once you've done it, you can speak to it, right? So not necessarily a security operations center analyst or anything like that, but maybe a firewall administrator or an endpoint analyst. Just something within a security team or that has a security focus that helps you understand the problem outside what you would read in a book, right? So you can tie it back to the business value. So you know the pains of deploying and managing solutions on your own because that'll drive those conversations as well. Granted, you can get through the discussions just having the technical knowledge, right? But I think you're able to connect at a deeper level when you've actually experienced what the person you're speaking to has experienced. So definitely would recommend, before trying to jump into the space, having a bit of hands-on. Or even, you know, labs. You don't have to... If someone said, "Hey. "I don't really want a job as an admin "I wanna go right into this." As long as you've done it and you can talk about it then that's okay as well. And then on the customer service side of things, I just happened to be fortunate to have a blend of jobs that just makes this work for me. All of my roles, technical or not, have been customer-facing in some way, shape, or form. Started out working for the phone company, I'm knocking on peoples' doors, talking to them about what I'm gonna do, drilling holes in their house, et cetera. I also had a job way back when with Verizon Wireless in technical support, solving customer problems. You definitely have to listen when someone calls tech support for Verizon Wireless. They're definitely not calling to tell you how happy they are, right?

Chris: No, and they're not in a frame of mind where they wanna tell you cogently what the problem is.

Tia: Right, right.

Chris: You have to decipher some yelling, possibly.

Tia: Yeah, yeah.

Chris: So to that end, you know, obviously there's a bunch of different types of positions you can do in advance of a job like this. But, you know, would you recommend... The search that you got, you said that you were kind of addicted to learning but do you think that someone trying to get into this sphere of the industry would need a CISSB or a CH or a Security+ or, you know, was that just a little overkill?

Tia: I mean, I think everything I have is probably a little bit overkill.

Chris: Okay.

Tia: But I would say, given that the industry is picking up in terms of just the cyber skills gap being plastered everywhere and we need more resources and now you're finding more and more schools with cyber programs and boot camps offering a quick path to getting certification. The key, for me, is how are you going to differentiate yourself? It is important to validate your experience. So I tell everyone yes, get the Security+. One, just to validate that you know the space but two, make sure it's what you wanna do, right? From there, you know, I've been on forums and things where someone will say, "Hey, what certifications should I get?" And I'll see, "Get your Security+ and then get your CISSP," or this or that. My question is always, "What did you want to do?" Because if someone says to me, "Well, I wanna be a pre-sales security engineer "or solutions engineer." I'm not gonna tell them to go out and get their CEH because that's relevant to a completely different type of job.

Chris: Sure.

Tia: But I will say, if you're looking to work with an enterprise-level organization that's talking to enterprise customers about securing their organizations, then something like CISSP does go a long way, right? It just establishes that... One thing with the CISSP is you can't be officially certified unless you can prove that you've been working in the industry for five years. So that goes a long way. If you have that, automatically you've been doing this for at least five years. So is it helpful? Yes. Do I think it's needed? It's not but you really have to be a rockstar to overcome that because there's gonna be so many other people that do have it.

Chris: Okay, now so... Let's sort of flip to the other side to sort of the HR position. One of the things we talk to a lot of folks about the skills gap and, you know, while there is clearly a skills gap and there is clearly, you know, there are a lot more positions out there that need qualified people than there are qualified people to fill them. One of the issues that we've heard time and time again is that HR departments have this tendency to sort of overload the requirements for the position and they basically want this unicorn candidate that's got, you know, 10 years with a certification that's only been out for five years and, you know, all these other things. So I'm not sure if you do any hiring yourself but like if you were to look at a resume for someone who would be a colleague or someone who would work under you, what are some things that you would wanna see either in experience or in certification on their resume that you think would be both useful to whittle down candidates but wouldn't be excessive in the sense of, you know, "Well, they don't have this Masters "and they don't have this Doctorate," and what have you?

Tia: Sure. So for me, I think a resume is a really high level overview of who an individual really is. There are some things that I look for like, you know, do they have network experience? How long have they been in the security space? Where in the security space have they been, right? Because I can't just say, "Send me a candidate that's got security experience." Because if they've just been in risk and governance, there might be more of a learning curve coming into something that we're doing, when you're talking about threat hunting, right? But if you've got a candidate coming from endpoint security or a SIEM environment or network security, it translates better to what we do just based on the services that we offer. And so, to your comment, I do do some hiring myself and I have seen resumes out there where they want somebody that's got security certifications but can also code, and by the way, we probably want you to build our website on your day off next Saturday.

Chris: Right.

Tia: And to those, I say, either they're paying these individuals an astronomical amount of money or they're just looking to see what they can get. And I think the latter is true. So for me, when I put a job posting out there, I think it's really important to be descriptive of not only what the job is going to require, but what your background needs to look like in order for you to be successful. And it has to be relevant to the job that's gonna be done. I can't imagine that you're gonna have someone writing your code and securing that code. That's just not good business practice in general. And I wonder with the HR thing, is it that inexperienced individuals are writing these requirements? You know, how much input does the hiring manager actually have? Because I don't think that jobs requiring all these things that are listed in these, I guess you could say, bloated job postings, I don't think they're real positions.

Chris: In what sense? You mean that they're probably planning to hire internally but they're just trying to find a unicorn anyway?

Tia: Yeah, probably a little bit of that and then yeah, let's just see if we can find a unicorn, let's see if we get lucky. I just, in terms of I don't think it's real, I don't think that that's what the job really requires.

Chris: Yeah.

Tia: That's probably how I should've put that.

Chris: Okay, so and, I mean, there's a really interesting point in there. You said, I think it might be worth noting for future... if HR people are listening to this, that making sort of, angling your description of your job description more towards what the job is going to be and what, you know, almost in a text way, what your experiences, I'm looking for people who have done this, this, and this. Rather than the usual list of certs, you know, degrees and things like that. Have it almost more sort of like if we want you, this is what your history looks like. Something like that.

Tia: Right.

Chris: Yeah. So in your biography, it mentions that you are a career mentor for Cybrary and also something called Built By Girls. Can you tell me a bit about Built By Girls?

Tia: Yeah, sure. So I was referred to the program by a friend of mine. I coach football as well, so she I met on the football team and she was involved with Built By Girls and referred me to them. They basically offer a mentoring program for girls looking to get into tech. And so the way it works is they will assign you... They have cycles. I think they're three month cycles, they'll assign you a mentee, you meet up, you have a profile of what they're interested in, where they wanna go, and then you meet up, talk to them about your background, et cetera. You can give them projects, just anything that will help them further their knowledge, understand the job market, get connected. I actually think one of the requirements is to get them to network with two people in your network, just to help them along. The age group is, I think most of them might be either high school graduates or close to graduating high school. At least in high school. But what I like about it, which scared me at first, is that I am paired with individuals outside my expertise.

Chris: Okay.

Tia: So when I, yeah, when I signed up for the program, I thought for sure that I would get paired with a mentee that was looking for someone in cybersecurity. Instead, I was paired with an individual that was interested in development. So, you know, back to my point about coding. I reached out and I was like, "Oh my goodness. "I'm not gonna be able to help this candidate at all." Right? This was my first match. So they explained to me that they do it on purpose and that's so that the mentee can just get a broad range of knowledge and experience from the different mentors that they speak with. So even though this individual is interested in coding, there is still a security element to that that they should be aware of and considering and I thought that was brilliant. So I really like the program.

Chris: Do they sort of rotate through several mentors over a period of time?

Tia: Yeah, so you get assigned a mentor, it's a three month cycle, and then you get assigned a new one. So I'm coming up on the end of the cycle that I was in. I think I'm actually due to get a new mentee assigned in a couple weeks.

Chris: Okay, and for the mentees, on average how many mentors do they get? Like is it their last year of high school or last two years or?

Tia: They get one at a time and I believe, I hope I'm not mistaking this, but I think they go through the program for a year. So they might get three or four mentors. But I don't think they ever kinda get pushed out, obviously they build relationships as they go through it and if they wanted to continue, I'm sure the program would allow them to.

Chris: Okay, so we've talked to several women in the cybersecurity industry and in industries adjacent about your experience of being a women in what is clearly a fairly male-stacked industry or whatever. Things like Built By Girls are obviously a great way to start moving towards gender parity in the industry. Do you believe that... What are some other solutions do you think? In terms of sort of building the bench, in terms of getting women not just into sort of entry-level tech positions but moving up the ladder into leadership positions and so forth.

Tia: Yeah, I mean I think mentoring is a start. You know, there has to be some sort of guidance. I was fortunate to just be able to figure it out on my own. But I think also representation is very important. Because you can mentor an individual and say, "Hey, here's the steps to take to go through it." But it goes a long way to see someone that looks like them doing it as well. You know, that just adds to the confidence level. So while I haven't had... I'm a bit of a, I don't know, I guess you could say I'm a bit bullish . I just, you know, I want that, I go after it. So I haven't had the sort of "Oh, I'm a woman in this male dominated space." I've never had that mentality but, I mean, I've also not had experiences that make me think that way, fortunately. I just represent myself as qualified and I get the role or I don't, I just put on the best version of myself that I can. But I do think that there's a huge gap in this space and I'm involved in several organizations in an effort to get more women in the space. Actually, one of my students approached me in class the other night and said, "I wanna talk to you about my career path. "I wanna figure out what I wanna do. "And I need you to help me because I need to understand "what roles are out there for women."

Chris: Right.

Tia: And I paused and I said, "Well, everything's for women." And she kinda looked at me and she couldn't believe I said. And I said, "No, I'm serious and literally nothing "that you can't do if you wanna do." But then I told her that we should continue to talk. But I was a little taken aback that she thought that way, that there were certain roles that she should focus on based on the fact that she was a woman. So I'm obviously involved in Built By Girls, leading Cyber Ladies is another group that I'm involved in. You know, we put on seminars, panels, so I think that's a great way to reach out. So I haven't really figured out beyond mentoring and just sort of leveraging my platform whenever I have the opportunity to speak in terms of just being a representative of yes, this is possible. I haven't really figured out what to do beyond that but if someone does, I'm on board.

Chris: Yeah, no it's... It's a big task, obviously. So I'm always looking for new solutions. So can you tell me about your, what you do as a teacher? What class do you teach? What types of students? Is it high school level, college level?

Tia: Sure, yeah. So I teach network and data communications security as part of the master in cyber program at Yeshiva University. So I'm an adjunct there.

Chris: Okay, so as we wrap up today, can you tell me a little bit about eSentire and some of the projects your organization's working on at the moment? And also how our listeners can reach out to you and/or eSentire if they wanna know more.

Tia: Sure. So, you know, eSentire's a manage detection and response company. I think we could be most closely compared, from a recognition perspective, to managed security services providers. Our approach is a bit different. We're not relying on log data, et cetera, like the traditional MSSP model is. We take a bit of a different approach and we are actively hunting for threats for our customers, 24 by 7. And then taking it a step further, not just sending them an alert and letting them deal with it when we find a problem, we're actually solving the problem for them. So containing the threat so that when we reach out, it's not to say, "Hey, the building might be burning down." It's just, "Hey, clean up on aisle six." And let's make recommendations on how we can prevent this from happening going forward. So it really is a holistic approach to security in general because we're that last line of defense where your technology fails because something was not configured properly or it's end-of-life, et cetera. When an attack gets into the environment we can pick it up, but that also allows us to say, "Hey, here's where you need to focus "or expand into your environment." And we can make recommendations, et cetera. So, I mean, we've been doing this for a very long time. In terms of things that we're focused on going forward, we have recently announced a partnership with Sumo Logic to introduce a SIEM platform that's cloud-based. So that gets us into the cloud and able to protect things like Office 365, AWS, Azure, things like that. So currently we have a pretty heavy focus on where we're going and what that strategy looks like in the cloud.

Chris: Okay, and it's esentire.com then?

Tia: esentire.com, yeah. E-S-E-N-T-I-R-E.

Chris: Okay. And, again, what college was it if people wanna take networking from you? Where would they--

Tia: Yeshiva, Yeshiva University--

Chris: University, that's right. Okay, is that yeshiva.edu or?

Tia: Yeah, it's yu.edu.

Chris: yu.edu, okay, very good. Well, Tia, thank you so much for joining us today. This has been really educational.

Tia: Yeah, thank you so much for having me.

Chris: Okay, and thank you all for listening and watching. If you enjoyed today's video, you can find many more on our YouTube page. Just go to YouTube.com and type in "Cyber Work with Infosec" to check out our collection of tutorials, interviews, and past webinars. If you'd rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search "Cyber Work with Infosec" in your favorite podcast catcher of choice. Also, in honor of national cybersecurity awareness month, Infosec is offering a free month of its Infosec Skills subscription-based learning platform to listeners of this podcast. Just go to infosecinstitute.com/podcast to learn more and be sure to claim your free month before October 31st. Thank you once again to Tia Hopkins and thank you all for watching and listening. We'll speak to you next week.