Two industry professionals from the Cybersecurity industry joined us for a webinar on Determining Which Cybersecurity Work Environment is Right for You.
Yodi Solomon, a Senior Associate Cyber Security Consultant for PwC, is based out of Washington, DC. In short, his role helps companies improve their cyber security posture.
Solomon graduated from Virginia Tech with an Economics degree and began his career in financial services. He paved his way in the business world, and it was not until years later that he started a position on the Security Engineering and Operations team at Deutsche Bank, and discovered his interest in cybersecurity. “I was a good communicator and a good team member who understood financial services and had some project management certifications, but I wasn’t really a cyber security person,” Solomon says. After a few cybersecurity certifications and a case of the imposter syndrome, Solomon combined his past work experience and theoretical knowledge from training to find his place in a new industry.
Soheil Mirzaei is a Work Systems Engineer for Charles Schwab within its IT department. In short, his work is in risk analysis. “We never really talk to clients. We work on the back end, so we are the shy ones,” he explains.
Mirzaei began his work in Tech at age 16, helping out here-and-there for his father’s company. Though he does not recommend starting this young, it helped him realize his interest in the field at an early age. Unfortunately, when Mirzaei moved to the United States, he found himself back at square one, working as a cashier.
It was through a recruiter that Mirzaei found himself in a life changing conversation. “My recruiter said that a Charles Schwab manager wants to talk to you, and I said ‘okay.’ And, again, [he said] talk because it was just a phone call,” he recalls.
Mirzaei ended up speaking with that Charles Schwab manager for an hour and a half. He recalls the platform, Splunk being a big topic of conversation. At the end of the call, the recruiter said to Mirzaei, “I liked your confidence. I liked how you work with teams, and I like how you approach people… we’ll be in touch.” And the rest is history.
During the webinar, moderator, Tiffany Tram, held a fireside chat with Solomon and Mirzaei. Read along as we highlight some key takeaways from that conversation, where they discuss their work environments, workflows, and the cultural impact of cybersecurity.
Solomon On Work Environment & Workflow
In his own words
Working for a consulting firm, there’s two aspects of the work: one is client-relationship management, and the other is working on deliverables. In a nutshell, a typical day could involve internal team meetings within my consulting firm and then work that I’ll be doing by myself. I will work with a team on collaborative work and, then, [attend] client meetings where we discuss the work with the external client.
I really enjoy working for PwC. I think they put a lot of effort into providing resources for us to be excellent consultants – that [we] not only understand the technical components, but can also articulate the business value to our clients. Typically, we have a very structured process anytime we get a project, but there’s a lot of coaching that happens, internally. I think that puts us, as consultants, in the best position to not only understand the work, but to present a very polished and excellent artifact.
Mirzaei On Work Environment & Workflow
In his own words
We basically create infrastructure by creating applications that can take in a lot of client data and analyze it further. In a larger aspect, we do have teamwork, a lot of times. When you’re dealing with a project, you’re going to deal with other business users who are also internal people. You are not only working with your team, but you’re working with other teams.
There are a lot of times when we [must] perform a change in one of our applications. It does not just reflect on our application, it reflects on 10 teams to actually perform it and, within that time we actually try to implement it, we might crash something if people are not aware. We have to explain things to 10 different teams. It’s just a matter of trying to be 100% precise.
It is a very friendly environment and very intimate. We get to hang out now that we are ending this cycle of pandemic. In a sense, it does have its stressful moments because you’re talking about very sensitive things and, if you make a mistake, a lot of things could go wrong. But, if you admit [you’re wrong] and you’ve figured it out, that’s a very good thing in our company. We value lessons learned. It is a very important thing.
Solomon on the Role of Compliance
In his own words
There are a lot of checks, balances, and guardrails that need to be there to minimize the risk of a developer making a mistake or inadvertently disclosing any type of financial data, which is heavily regulated in the US. So, when I think about cybersecurity, I think about three pillars – I look at it as a tripod, so to speak. You have the technology component, you have the people component, and you have the process component.
The technology component is [made of] the different systems and tools that we’re using. The people component is, ‘are we [providing] proper education to our employees who are handling sensitive data?’ It can take one phishing email for a malicious actor to get access to your company’s environment. And, then, when it comes to the process part, that’s where compliance frameworks come in. A lot of really smart folks that have a lot of experience have created a structured framework to make it easy, repeatable, and standardized, so that companies won’t have to reinvent the wheel.
Mirzaei on the Role of Compliance
In his own words
Compliance, in a sense, is actually backtracing. If the documentation is poor, our compliance is poor, so you will have to document everything properly. What if some other engineers, who are not experts in that application, have to take a look at this? It has to be as clear as a fifth grader [could read]. Compliance is not just for the sake of discipline, it is for corrective use so you can actually correct yourself in the future.
Solomon on Making an Impact
In his own words
When you look at the news headlines, we always hear about a breach. We always hear our critical infrastructures being attacked. We always hear about some type of incident that happens with cybersecurity. I think part of it is just the rate of innovation of technology, which has accelerated. We have a lot of different tools: we have Fitbits, Apple Watches, Alexa, Siri, and Tesla. All of these technologies are great and making human life better, but at the same time, they create a vulnerability.
At PwC, there’s a vast amount of resources to do continual learning and continual education. Cybersecurity is a constantly changing field, so what you learned two years ago might be obsolete today. When I think about the impact that my work has on the business, I think our clients can sleep better at night knowing that they have a great support team that ensures a secure environment.
When we think about profit, cybersecurity oftentimes is considered a cost-center because it’s not bringing revenue. But I think about the brand. You don’t want to make the headlines because of a breach, you want to be known for the great products that you have. It helps society move forward, it helps companies, and it helps customers, like you and us, in our personal lives to have a more seamless technology experience.
Mirzaei on Making an Impact
In his own words
Financial goals for a person are short-term and long-term. Retirement is a long-term process. You want to make sure that the person who is about to give you advice knows what they’re doing. A man is as good as his tool, and if we can’t provide that tool, or if that tool is vulnerable and keeps crashing [then we are not making an impact].
For more cybersecurity resources, visit the industry landing page.