Career Notes 8.21.22
Ep 113 | 8.21.22

Roya Gordon: Becoming a trailblazer. [Research]


Roya Gordon: My name is Roya Gordon and I'm a Security Research Evangelist. 

Roya Gordon: My mom used to always say, I just talk too much. I should be a lawyer and actually liked the idea. So in middle school and high school, I was in pre-law magnet programs, like I thought I was gonna be a lawyer. I had no idea of what cyber was. So my path was to be a lawyer. 

Roya Gordon: After high school, didn't end up going to college right away. I joined the Navy, I was in ROTC and it just had a big influence on my life and I was like, yah, I want to join the Navy. I did intelligence. This was before there was cybersecurity in the Navy. I worked a lot with a cryptologist, so a little bit of technical stuff there, but I was still doing threat intelligence, terrorism and tracking military vessel safety as they were conducting exercises and sailing the seas. I got out, in undergrad, I was still kind of on the mission of doing national security. So I got my degree in international relations and I was planning on joining the FBI, the CIA, the NSA, that was kind of my new path and then I got introduced to tech in grad school when I started studying cyber warfare.

Roya Gordon: I was originally looking at other parts of the IC, the Intel community and so I was applying everywhere, NGA, FBI, DIA, you name it, and in grad school, I got picked up by the NSA and they gave me a conditional job offer and they were like,"if your clearance comes back good, then you will start. You'll be a part of NSA's like cyber program." It was a three year program. I got to learn all about the agency. So once I realized I was gonna be in the NSA, I was like, crap. I should probably start learning about cyber stuff because up until that point, I just had no clue. So that's when I kind of took it upon myself to choose a capstone project at my Alma mater in cyber warfare, because I wanted to kind of have some kind of basis as to what cyber was and I got to learn about nation state threat actors, and it wasn't technical, it was more theoretical but that's kind of how I started getting into cyber because I was NSA bound.

Roya Gordon: So I graduated from grad school, I had my official letter for the NSA in hand. I was getting ready to fly to DC. I already set up a place to live, like I was going to start at the NSA and about a month, maybe a couple of weeks before my start date, my recruiter at the NSA calls me and says, "I don't know what's going on Roya, but the NSA is rescinding your job offer." So, I'm like, "okay, what does this mean?" And she's just like, "I don't know, you're gonna have to write a letter to the NSA, but you're not gonna be starting like you no longer have a job here." So that kind of put me on my butt, for a lack of a better term, because I didn't know what I was gonna do now. I thought I had it planned out and I was back to square one.

Roya Gordon: It was so tough because there were other jobs on the table that I didn't wanna take because I'm like, I was about to work at the NSA. Now I'm being offered jobs, which I don't wanna say was beneath me, but I knew I could do better and I didn't wanna lock myself into it. So I was turning down jobs because I was like I know what I'm looking for, I know where I wanna be. It was difficult, like the first three weeks, I don't think I did anything, but like cry. I know, moment of vulnerability because I was crushed. I moved back into my parents' house and I have no job. It did take some time. So I started just looking up intelligence jobs, and I realized there's a lot of private companies that want intelligence. 

Roya Gordon: So I started applying to all of these cyber jobs that I personally was not qualified for, but I applied anyway and I applied for a position at Idaho National Laboratory. I think the job description was cybersecurity researcher and I read it and I'm like, oh, I can research stuff, so I applied and the recruiter, bless her heart because she could have just tossed my resume to the side, but she was like, you know what? We're looking for someone with more technical chops for this position. So you don't qualify. However, there's another part of the lab that I think your background and your skills matches up perfectly with, so she passed me on to someone else and it was like an eight hour interview and after all that they said, you know what? You have all the other skills that we're looking for, you have an Intel background, you're analytical, you know how to write, you know, how to brief will teach you the cyber stuff and they hired me and for three years, I dove right into OT, ICS, cybersecurity, head first. 

Roya Gordon: I went from like a medium sized company, like at Idaho National Laboratory to like Accenture, half a million people worldwide, such a large company to now at a smaller company, Nozomi Networks. What I like about it is I get to learn so much more outside of my role, but it also enables me to do my job. So at a big company, everyone kind of gets pigeonholed into doing one thing and you do it well, but you're never gonna learn everything else. And because the company's so small, I see myself interacting with marketing and PR with the sales engineer, with BDN alliances and then of course, with the security research team that I'm a part of and I get to see the big vision of a technology company and not just the one small thing that I do. 

Roya Gordon: During the pandemic, I gave a lot of cyber security advice to a lot of my friends and associates that lost their jobs, they didn't know what to do and they were looking at me like you seem to be doing great and you're in cyber security, how do I get into it? I had to say, hold on, like let's utilize and leverage your background and your experience into cyber. So for example, I know someone who lost her job at a financial institution. I was like financial institutions need cyber. So your background can be leveraged, maybe take a couple of these courses, get these certifications, look at some job descriptions and align what the certifications you're gonna get to, what the industry is looking for. Utilize what you have, like cyber needs, all types of skills. It's not a one size fit, all type of thing. 

Roya Gordon: I think me being a woman in this field seems to, and I don't wanna say, hurt me more. But I seem to have more run-ins with that being an issue versus me being a person of color only because they assume that a woman, she's not technical. She doesn't know what she's talking about. I mean, I've been in OT for so long and I still have people trying to explain to me what industrial control systems are. So, outside of that, I don't think I've experienced that, thankfully I've just been working with people more open, more cultured, and just respect me a little bit more.

Roya Gordon: I guess I wanna be remembered as, I don't wanna say a trailblazer, but obviously someone that is representing people of color, women of color in this space, I try to speak at conferences, I'm doing webinars, and it's not for me to just feel good about myself or, I mean, obviously, it's to make the company look good too, but it's also to kind of show people, especially the youth. "Hey, there's a woman, there's someone black, that's doing these things" and kind of gauging their interest in this field. Especially with girls, I used to volunteer with girls who code and just changing their minds about what working in cybersecurity looks like. You know, you can still have your fun hobbies, you can still love fashion, you can still like your Instagram and your Tik Toking, but you can also still be a really serious cybersecurity professional. So I think I just wanna be an example that people can look at to say she did it, so I know I can do it too. If not anything else, I think that would make me happy.