In this reoccurring series, we speak with CyberGRX team members about why they joined the company, what their experience has been like, and what they're looking forward to the most.
Here we chat with Brianna Groves, Security Engineer.
Why did you select CyberGRX over other employment opportunities?
CyberGRX was exactly what I was looking for when I was offered a position here. I was overworked and underdeveloped at my prior company, and I was seeking a new profession that would challenge me, had growth opportunities and was in- demand. I was ready to transition into a role within computer science and CyberGRX was receptive to my mission and wanted to support me in that.
How has your job changed over your time here? Please list titles, the amount of time at each position/level, speak to how responsibilities have grown/changed.
My job took a 360 transition almost overnight about four years ago. When I initially joined CyberGRX, I was hired as the Office Manager, and I held that position for approximately a year. I spent half of that first year building the Office Manager role and once that was majorly established, I began incorporating my personal goals to begin learning about technology. I spent several months shadowing different departments and building mentorship relationships. I was reading a lot of books on computer technology and teaching myself how to use the command line and write code.
Around this time, it was suggested I take an interest in cybersecurity and was given a Security + cert book. Acknowledging my interest and determination to work in tech, our former Chief Information Security Officer (CISO) bargained with me for an opportunity to transition into a security role if I committed to taking and passing the Security + exam. That is how I became a Security Analyst.
At the start of my Security Analyst role, the initial stages of my work were to collaborate on building out a baseline security posture for the company. You see, I joined the team when it was being created, so I again spent a great deal of time in the beginning helping establish these operations. This was beneficial for me because it allowed me to learn the fundamentals of security at a pace that was compatible for myself and the team. I was growing as the Security Operations department was growing.
As I began to feel more comfortable in my security professional skin, I started thinking about scoping the direction I’d want to go within this industry. I felt like offensive security would give me the most meaning and that acquiring the Certified Ethical Hacker (CEH) credential would help me learn the standard framework. I self- studied this for a few months and passed the exam two months into the COVID-19 US lockdown.
After receiving that certification and taking on more responsibilities that utilized a more technical skillset, I was promoted to Security Engineer. This is my title as I am writing this blog and have been in this position for approximately a year. Working as a Security Engineer has opened opportunities for additional work that challenges my knowledge and skills, encompassing problem solving, critical thinking, collaboration, and communication. While the role generally addresses constant challenges, this makes for many potential internal wins and it is quite rewarding. I look forward to what comes next.
What keeps you at CyberGRX?
The work culture, schedule flexibility, employee benefits, growth opportunities, and the team I get to work with.
What is one piece of advice you’d give to someone just starting out at CyberGRX?
If you have a quirky, interesting, random, or atypical hobby, you’ll fit right in. Bonus points if you share it with the company and have some way of making it an engaging experience. We love to find ways to socialize.
Where do you see yourself professionally in 3 years?
In three years, I see myself in a position that doesn’t yet exist within the company. Performing more of the offensive security work by researching and documenting proof of concepts and identifying known vulnerabilities, acting as our internal “penetration tester” or “ethical hacker”.
How does the leadership team help set the vision for the company and how does that trickle down to the individual departments?
It’s important to me that our leadership team practices transparency and accountability around any successes or setbacks to the company vision. I believe they’ve done an excellent job of practicing this since the beginning and have continued to make sure they remain aligned on this moving forward. Because this is demonstrated from the top, it naturally trickles down to individual departments and its people, offering a platform to express their opinions creatively and openly without fear of reprisal.
Secondly, while we were not a very diverse company prior to forming the DEI program, I have always felt included and welcomed by our CEO and the company as a whole. I have felt that people believed in me and helped me advance even though I look different and come from a different background. We aren’t a perfect and completely unbiased organization, but it is broadly felt that we all want to do better. Although we have initiatives and metrics we desire to meet, I don’t believe this is simply about checking a box. We truly want to diversify and enhance inclusion within our business because we realize what that means and how broader engagements build a better business, community, and world.
(For women) What advice would you give to other women looking to get either cybersecurity or the tech space in general?
You can work in tech without being technical. This industry has a need for many types of skill sets to achieve a safe, secure, and successful digital space. Don’t let anyone tell you that you don’t work in tech because you don’t write code or fix bugs. Adversely, don’t let society box you into a niche that feels stereotypical. If you have a desire to get into the technical weeds of the work that makes the internet function, it is not a job for just men. You don’t have to have already been hacking since you were twelve, or even hold a computer science degree. I once had no in-depth understanding of technology outside of end-user knowledge, and certainly didn’t know anything about cybersecurity. But I had an interest in this industry and the grit to see it through in the way that worked most successfully for me. So, if you want to do it, you can and should.
What most excites you about the future of CyberGRX, cybersecurity, and/or your career path?
It’s easy to want to curl up in a corner when thinking about the future of cybersecurity. With the internet vastly expanding and technology advancing at a pace faster than we as humans can keep up with, it is unknown how we will stack up to these growing challenges. But that is also what makes it kind of exciting. Seeing that there’s an overabundance of untapped opportunities to make an impactful difference for the better is a huge motivator. That is what I believe CyberGRX has done. There was a lack of confidence in the security of corporate ecosystems, and we work to solve this through building an exchange that maps the security reputation of every company in the world.