How to Launch and Grow Your Career in Cybersecurity








How did Arti Lalwani, A-LIGN’s Risk Management and Privacy Knowledge Leader, get her start in cybersecurity? To promote Cybersecurity Awareness Month, we sat down with Arti to learn about her career path and advice she has for anyone trying to break into the industry.


The world of cybersecurity is fast-paced and rapidly evolving. Current events, such as YouRock 2021, The Accellion Supply Chain Attack, and The Colonial Pipeline attack, raised new concerns in the industry. Evolutions in frameworks and national or regional regulations, drive the need for new controls, policies, and procedures. And, of course, the last year has been an especially trying time due to the COVID-19 pandemic and the extra steps organizations had to take to ensure compliance when employees are working remotely.

While exciting and cutting edge, the cybersecurity industry can be challenging to initially break into due to its rapid rise in popularity and necessity. In honor of Cybersecurity Awareness Month, we sat down with Arti Lalwani, A-LIGN’s ISO Practice Lead, to discuss her career path, challenges women face in the industry, and tips to best launch and grow your cybersecurity career.
Getting Started in the Cybersecurity Industry

How did you break into the cybersecurity industry?
“In college, I majored in finance and worked in the financial industry for a few years following graduation. I was then hired into an IT and cybersecurity services company where I learned about hardware systems and asset management. I saw the future of technology moving towards software and compliance and I knew I needed to be on the forefront of this movement. I made a career move and went to a compliance firm where I was able to learn ISO audits and accreditation.”

How did you advance your career throughout the years?
“When I jumped industries, I spent a lot of my free time teaching myself technology to help push me through the industry to the career I wanted. Also, finding a great mentor was so important. You need someone on your side that wants to see you succeed, steer you in the right direction and provide honest feedback.”

What path do you recommend taking to best break into the cyber industry?
“Internships, internships, internships. They are so important in helping you decide what you want to do and more importantly, what you DON’T want to do. In terms of college courses, I recommend taking anything business-focused because when you advance in your career, your job responsibilities ultimately revolve around running a business. When I visit career fairs at colleges, I always look for students who have an MIS background or tons of business-based classes and great internships!”

What attracted you to the service delivery side of business?
“I chose the audit and compliance side of the business because of my upbringing. My parents owned a retail jewelry store and since I was eight years old, I would be in store helping them sell, which greatly developed my communication and people skills. I most enjoy pitching, working with a team, speaking with clients, working on strategy, asking questions and following the guidelines. This is why I was drawn to ISO audits; it is mostly discussion based and less ‘check box’ than many of the other certifications.”

What do you like best about working in the cyber industry?
“The cybersecurity industry is cutting edge and always on the forefront of change. For example, the tech industry figured out how to successfully work remotely before any other industry.

“On a personal level, I most enjoy the ‘privacy’ aspect of the industry. When a person submits their information online, what options and rights do they have? How is your PII protected across international borders? Learning a company’s posture based on their policies and procedures, security settings and compliance standards. I find the entire process to be fascinating!”
Career Advancement and Working for A-LIGN

Can you tell me about your role as A-LIGN’s ISO Practice Lead?
“I manage a team of over 20 auditors that conduct management system compliance audits. Organizations hire my auditing team to certify them to ISO standards to establish and maintain a proper management system for their organization. As A-LIGN’s Risk Management and Knowledge Leader, I determine the strategic direction of our ISO practice. My role is to keep us in line with our ANAB accreditation and search for ways we can grow as a practice, as well as working each day to move everyone closer to achieving their goals. We were selected as one of the first accredited ISO 27701 certification bodies, expanding into privacy standards as a team and that was exciting to be part of.”

What’s your favorite part about working at A-LIGN?
“The culture, hands down. I’m honored to work with an amazing ISO team who uplifts and motivates each other. Some days I’ll feel burned out and a team member will message me with a genius idea or insight into a problem we’ve been trying to solve and it brings me right back. It’s the team mentality and positive attitude from my manager that trickles down throughout the team.

“I’m proud to be a CLIMBER because A-LIGN has grown a lot in the three years I’ve been here. The ISO practice has more than doubled and I’m proud to be part of a company that continues to grow and do well. When potential and current clients hear the name ‘A-LIGN’ they know it holds value and that in itself is something to be proud of.”

What actions do you take to better yourself professionally and continue learning?
“I’m constantly pushing myself to study for new certifications and stay relevant in the industry. I still get on calls with auditors to understand what new challenges and nuances they are facing. Cybersecurity is an everchanging industry, especially within data privacy. If you feel like you know it all and can stop learning, you’re doing it wrong!”
Elevating Women in the Workplace

Being a woman in a male-dominated industry, what are some challenges you’ve faced?
“As a woman in cybersecurity, I have to work twice as hard as a man. As a minority, I have to work three times as hard. Honestly, I find it most difficult to be sure I have a voice and that I’m being heard. I think self-doubt is a huge issue for many women and we compare ourselves to our male counterparts in the workforce. Oftentimes, women are competitive with each other, ultimately bringing ourselves down. We need to overcome this challenge by working together, supporting each other and building each other up.”

Why do you think young women aren’t showing as much of an interest in the industry?
“Barrier to entry is so high when it comes to this industry that I find young women shy away from it. When I started with A-LIGN three years ago, there was only one other woman in the ISO practice and now we have seven female employees. To encourage women to pursue a career in cyber, I try my best to mentor and provide guidance.”

How does A-LIGN empower and elevate our female CLIMBERS?
“That’s a great question. I think A-LIGN is a great company to work for, and we empower female CLIMBERS by giving them the same opportunities to showcase their skills and listen to their opinions. I believe I have much respect here at A-LIGN and that my voice is heard. Providing those opportunities really empowers women.”

Why does diversity and inclusion matter to you?
“These initiatives are phenomenal because it comes down to finding talented people to join your team. That’s what we’re working towards as a company. I think when you build and nurture an inclusive and welcoming culture, you create a pattern on how the company should act towards everyone.”

Early in your career, what challenges or obstacles did you run into?
“Trying to break into the cybersecurity industry can be more difficult as a woman. My name comes across as male so when it comes to interviews, I get them pretty quickly. But, then I get on the phone or on video and the interviewer is surprised. As a woman, opportunity is always there; it’s up to us to push for equality and respect in a male-dominated industry.”
Advice for Entering the Cybersecurity Industry

Do you have advice for anyone considering a career in cybersecurity?
“Don’t give up. The cybersecurity industry may not be the easiest route you take but it will be worth the work and perseverance. If you’re not happy in your current situation or feel like you haven’t been able to break through, change your current situation but do not give up on the cyber industry.

“For women, I recommend joining Women in Cybersecurity (WiCYS). The group is really helpful in terms of networking, career growth and learning new skillsets. I personally use WiCYS as a resource often!”

Are you interested in joining the A-LIGN team or learning more about career paths we have to offer? Visit our careers page today or contact one of our experts!
Source

Comments

Post a Comment

Popular posts from this blog

SOC 1, SOC 2, and SOC 3 Reports: Type 1, Type 2 or Readiness Assessment?

Image
  SOC reports are gaining in popularity across industries and across the globe. More and more customers are asking for demonstrated SOC compliance, and independent cybersecurity control validation and attestation are becoming necessary to compete for high-priority contracts. Beyond customer demand, SOC reports ensure that controls are properly implemented and used within your organization, greatly reducing potential security threats. For organizations seeking a SOC 1 , SOC 2 , or SOC 3 report, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation. With so many options, what type is best for your organization to prove compliance? Our experienced assessors break down the options so the path to compliance is clear between SOC 1, SOC 2 and SOC 3. We then dive into the various types of SOC reports: Type 1, Type 2 and a readiness assessment. SOC 1 Report A SOC 1 report foll...
Read more

What is NIST 800-171?

Image
  Your organization can’t afford to lose valuable government contracts. Protect your business by bolstering your organization’s ability to comply with NIST800-171. Government contracts are highly lucrative, but also tough to secure and manage. That’s because the Federal Government deals with a lot of classified and controlled information on a day-to-day basis. Any contractors or subcontractors who wish to work with the Federal government must, therefore, have security procedures in place to protect that sensitive information. National Institute of Standards and Technology (NIST) 800-171 is a mandate that states that federal contractors and subcontractors that handle, transmit, or store controlled unclassified information (CUI) must comply with certain standards to protect that data. Compliance with NIST 800-171 is required under Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012. What is Controlled Unclassified Information (CUI)? CUI is information crea...
Read more

Federal Compliance 2022: CMMC 2.0, StateRAMP, FedRAMP & Beyond

Image
  With the recent unveiling of CMMC 2.0, the expanded presence of StateRAMP, and new FedRAMP advisory guidelines for external servers, it’s safe to say that 2022 has a lot in store for Federal compliance changes. Tony Bai, A-LIGN’s Federal Practice Lead, and Emily Cummins, Anitian’s Director of Cloud Security, had a chance to sit down and discuss the latest news in federal compliance and what it could mean for your organization. Let’s dive in and get their thoughts on the latest CMMC 2.0 introduction, the new FedRAMP authorization boundary guidance, StateRAMP and more! CMMC 2.0Like everyone else in the world of federal compliance, A-LIGN and Anitian have been closely tracking the Cybersecurity Maturity Model Certification (CMMC) since the U.S. Department of Defense (DoD) shared its initial draft of the model in early 2020. With the release of CMMC 2.0 , three major changes were recently announced: fewer security tiers, removing some third-party assessment requirements, and allo...
Read more