Cyber Security Challenges Facing Corporations
“Creative” is not always the first word associated with cybersecurity, but Ashley Schwartau adds a creative spark into the IT (Information Technology) mix at her family-owned company, Security Awareness Company. There, Schwartau is the Creative Director and has come a long way from where she thought she’d go after earning her degree.
Schwartau’s education started not with an IT degree but with earning an Associate’s degree in Multi Media from the University of North Florida. She went on to study at La Sorbonne in Paris, earning a certificate in the French language, and then earning her Bachelor’s degree in Digital Media from the University of Central Florida. While at first glance, her degrees and her profession don’t seem to correlate directly to the IT industry, she and her creative team develop and deliver educational information to their clients about how to protect their digital information from hackers and malicious viruses. Dealing first-hand with the materials used to teach cybersecurity, Schwartau has seen the field from a different angle than those who come from traditional IT backgrounds.
Read our full interview to find out more about Ashley Schwartau’s unlikely path to the field of cybersecurity and why she thinks that eventually, we’ll all need to develop our IT skills—whether we work in the industry or not!
Tell us more about your background and education. What led you to work in the field of cyber security?
I grew up as the offspring of a well-known InfoSec [information security] expert but certainly never wanted to get into the business myself. Who wants to do what they’re parents do? :) I got a degree in digital media and wanted to go be a trailer editor in Los Angeles. But after spending a week in LA working as production assistant on a small film set and talking to friends I had out there, I decided that wasn’t the path for me.
When I was little, I wanted to be the art director of a major magazine, and still loved anything to do with graphic design. So when I graduated, I had no idea what I was going to do. I’d already spent several years doing part time work (writing, research, layout and design) for my parents’ small security awareness company so when the job hunt proved fruitless and a few months in retail left me feeling depressed, they offered me a full-time position. They were starting to get into developing in-house products (as opposed to just licensing other people’s materials) and wanted to know if I would be interested in learning some e-learning development software and figuring out how to do this along with them. I said sure, figuring it would be a short-term gig. That was 7 years ago and we’ve grown so much that I now have a team of “minions!”
Can you define cyber security or security awareness for someone who may not be familiar with the field? How does Security Awareness Company fit into that field?
Cyber security, or information security (or whatever other buzzword you want to use!), is the protection of digital assets, networks, computers (and other devices). Cyber security is something that anyone who has ever used the internet should know and care about – online banking, online shopping, email, e-learning, social media, anything you ever have to sign into or input personal information into – all of that needs to be secure from criminal hackers and data leaks.
Security awareness is a subsection of the InfoSec/cyber security industry that focuses on educating users about security issues (such as hackers, malware, passwords, social engineering, etc.) so that they can protect their business’ networks and data, as well as be smart about protecting their own data, protect their kids online, avoid ID theft, etc.
As the Creative Director of Production at Security Awareness Company, what role does your work play in the field of cyber security?
In the last few years, security awareness has become a hot topic in the InfoSec industry. The last few years have seen more and more data breaches, more and more phishing attacks, and more and more research that suggests the reason for all these big breaches at companies is due to human error. Human error can be corrected if the humans are properly educated. So more and more companies (and other non-IT specific industries, such as financial and government) are turning to security awareness training as a way to educate and empower their users, and in turn improve their own security measures.
It’s still a fairly new thing, though, in this industry – or at least, still newly respected – so there are no set standards or requirements or anything that every training company does with their e-learning materials. There are no rules, so to speak. So each company that offers training and e-learning materials, like ours, has to try new stuff all the time. But what we find is that it isn’t about the bells and whistles. It all comes down to the content. Is there a large variety of content? Is there a large inventory of topics? Is it relevant for many months or many years? The great thing about security awareness is that most of the time it comes down to common sense and the basics, so no matter how often the technology changes, the concepts of security awareness remain the same (change your password; don’t click on malicious links; don’t fall for scams; don’t share confidential information), so our content is valid and resonates for a long time.
As a woman in the IT industry, what is your advice for women who are interested in pursuing an IT degree or a career in IT? Are there any challenges you’ve had to overcome?
Oh my gosh, this question. It’s the question everyone asks all the time because people are always saying we need more women in this field, we need more women in that field. If you had asked me as a teenager, “Do you want to work in IT?” my answer would have been a loud and resounding NO. Do you know why? Because to me, IT meant the nerdy dude sitting behind the help desk and no 14-year-old girl wants to be that. But the thing is, IT is such a broad spectrum that you can work in it and not even know it! I think if we can demystify the industry a little, making IT something that is understandable by anyone, then it would appeal to more young women.
The biggest challenge that I’ve personally had to deal with (and that I’ve seen other women in related fields struggle with) is being taken seriously. Let me give you an example: I’m a member of the ISSA [Information Systems Security Association ] and make it to about half the local chapter meetings. I’ve been going for a few years along with my boss (who happens to be my dad). Until recently, every single time I’d go to one of the meetings, this guy who is fairly known in the chapter would say to me, “So, what are you doing now?” in a way that you would ask a college kid how they’re spending their summer vacation, not someone who runs the production department for a company. And every single time I would say “Still the Director of Production.” Or “Just hired another member for my team.” Yet it couldn’t get through to him that I run the production and development for our company. It felt like he only saw me as the boss’s daughter, or some young girl who didn’t know anything about the industry. It was only two months ago that he finally asked me “So how’s business?”
I go to a fair number of InfoSec conferences every year, often manning our booth, and there are usually a lot of women working the booths. So often, when people come by the booths to ask questions, they don’t expect you to know anything, and it comes out in their faces, in their tones, in the things they say. So a lot of the women (and I will admit I’ve done this) will be extra defensive, kind of aggressive, as a way to prove YES WE KNOW WHAT WE ARE TALKING ABOUT.
Do you have any advice to women who are interested in the IT industry or a technology-related field?
Be really good at what you do. It doesn’t matter if it’s sales, networking, security, programming, graphic design, management, program development, training. IT is made up of a bunch of different spheres, and they all overlap a little bit here and there so you’ll learn about aspects of them all over time, but whatever it is YOU do, excel at it. Become an expert. Spend 10,000 hours perfecting your skill set and increasing your expertise. Be insanely competent at your job.
What is the most exciting thing about the work you do?
That it’s constantly changing. My day-to-day tasks vary depending on the project, the client, and the day—so I’m never bored. New projects are constantly coming in, and while many of them just involve branding our materials for clients, we get plenty of custom work to keep us busy. Plus our own development schedule is always full of new things we want to create and make available to our clients. My plate is constantly full with trying to take this “boring” subject – security awareness – that hasn’t really changed at all in 20 years and make it fresh and fun and interesting to people. How do you tell the same story again and again? It’s a fun and often exciting challenge.
What sort of changes do you see happening in the cyber security field, especially as personal and business technology is constantly evolving?
So the thing about security is that it never really changes. Our technology changes, our phones become more capable, our laptops become faster, our tablets become more responsive, the internet grows and grows, social media becomes more interactive, etc. But what has changed in the last 20 years? We still need passwords. We still need encryption. We still use firewalls. We still have to protect against malware and criminal hackers. We still have to worry about ID theft and data breaches. Security doesn’t change. But perhaps people’s perception and awareness of security has changed and that’s why it feels like things change over the years.
Do you think it’s an ideal time to go into IT or to become an IT specialist. If so, why?
In some ways, it’s like you can’t NOT go into IT. Computers, technology, the internet are all very integrated into our lives and many jobs that aren’t specifically “IT.” Things are only going to continue to become more cyber, more digital, more reliant on computers and information technology. So is it an ideal time to go into IT or become an IT specialist? I don’t think you can avoid it.
This is why it’s important to hone and constantly improve so-called IT skills because of all of these reasons. Become tech savvy, become computer fluent, OS agnostic. Be able to function in a purely digital world or you’re going to get left behind.
Which skills do you think are necessary for pursuing a career in IT and/or cyber security?
It is absolutely imperative to be able to learn on your own, to figure stuff out without someone else guiding you, to be able to Google stuff and troubleshoot ANYTHING.
You’ve got to have some technical savvy too, at least the basics. Be able to operate in both Mac and PC; understand how the internet works, at least at a very basic level; be able to set up your own email client, how to set up security on your wireless router, know what to do with different file types, know how and when to use a VPN, how to zip and unzip files, understand and be able to employ professional email etiquette, etc. Just basic stuff.
What advice do you have for students pursuing a degree in IT? How can students prepare themselves for the challenges?
Expect to work your way up from the bottom. Expect to keep pushing yourself, give yourself projects in your spare time to keep learning, keep building new skills. Never stop pushing yourself. This is not an industry in which you can stagnate. You must have real skills. So if you don’t know how to do something? Figure it out. Go learn it. Watch videos, take tutorials, attend conferences, build stuff in your own time. I’ve learned most of my skills in my own time by doing personal projects (designing custom calendars for friends, editing a documentary to learn how to use FCP [Final Cut Pro], building my own website to understand HTML, making home videos and making my friends in college lip sync songs to practice syncing audio/video, etc.) The more skills YOU have, the more irreplaceable you become.
And regardless of your job or which field you’re in, when you’re given an assignment, and you come across a stumbling block, don’t go running to your boss/manager/superior telling them about the stumbling block UNLESS you have done everything (Googling, reading forums, tried out a few things) in your power to get over that block by yourself and failed.
The expert interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of [eLearners.com] or EducationDynamics, LLC. [eLearners.com] and EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.