Career Notes 9.19.21
Ep 67 | 9.19.21

Limor Kessem: Be an upstander. [Security Advisor]


Limor Kessem: My name is Limor Kessem and I'm an Executive Security Advisor at IBM Security. 

Limor Kessem: When I was a young girl, like a lot of us as children, we wanted to be a doctor and we wanted to be a firefighter, wanted to, you know, have these core professions where I think what ruled everything that we talked about as children. So I definitely wanted to be a doctor or a teacher. I did study microbiology and then I went into naturopathic medicine. I ended up really liking that and studying that, but lo and behold, that's not what I do today. 

Limor Kessem: I started my cybersecurity career by what I call pure chance. But, I don't want to make anyone think that they just need to get lucky to get into cybersecurity or to any other domain that they end up really loving. I think that opportunity has to be met with something on the other side, and time and again, I saw others that joined by chance into cybersecurity, but they brought skills with them to the table. They brought passion, investment, discipline, perseverance. Those are some of the things that I started out with and they characterized my first job in cybersecurity and also align with everything that I've been doing since then. 

Limor Kessem: The first job that I got was in a large security research lab, and it was a fascinating place and a pivotal time also in cybersecurity to get in and learn the ropes. And my first encounter was with threat intelligence and I worked with a lot of information that was gleaned from the underground communities. Then came the malware analysis, the cyber crime economy that evolved into what we now see as the big ransomware gangs and all these, the big money that we see going into the black market of cyber crime. It was like opening your eyes in a whole new way and seeing a new world. That's how I started out. 

Limor Kessem: I ended up with IBM because I started working with researchers that I worked with before. So a lot of times when you end up on a team that I really enjoy, that team moves on and they bring in people from different parts of the teams later on. And it was one of those things where I was asked to come on board, but it was also at the right time for IBM and the right time for what they were trying to do.  

Limor Kessem: My day to day can feel a lot like being in university. There is constant learning. There's staying up to date, there's reading and writing. There's an ongoing knowledge share that is the core of what security advisors do. There's also a lot of action. Sometimes it could be emerging attacks that make my life look more like I'm a journalist, then there's core security stuff that brings things down to the domain of risk management where I think everything kind of comes together. There is a concept of innovation that is a guiding principle that we have to recognize. We see bad guys all over the place, innovating, using stuff, progressing. They try new tools before legitimate customers ever do. So they use new tech against our old tech and they're kicking our behinds, so I think there's a lot to be said here also for, you know, we tighten our core security and at the same time we allow innovation to help us move forward with the times.  

Limor Kessem: I think as a woman in cyber security, I've either experienced first hand or seeing things happen to, and with women, from gatekeeping to gaslighting, to harassment, bullying everything, it runs the gamut. And I've been through some of these things and what I've found to be the most important throughout these adversities is to be an upstander and to stand up for others and then be fortunate enough to have others stand up for you. I found that it was a sure way to really influence culture more than having programs that try to fix the culture. It's more of a lived experience.  

Limor Kessem: Because I am an advisor, I am always more of an independent person within the overall team and I work a lot with customers. I work a lot with our research teams. I always try to mentor others. I really work across every different part of the organization which I find is really invigorating. It's called matrix management. It means you're not really managing anyone per se, but you're really managing a lot of things all at the same time with different people. I had mentors that kind of came into the picture when I needed it the most, but I had no idea that I did. It was more people who believed in me that thought that, yes, you'd be great on a stage. You should go up there and speak about the stuff that you do when I totally did not even think that was an option. And that is so motivating and has allowed me in my career to really explore every possible thing I can contribute and without limiting myself to a certain role. And I think I was extremely fortunate in that way.  

Limor Kessem: What I would suggest to people coming into the field, whether they're women or otherwise, because we need more of everything. The cybersecurity job market has grown by about 350% in the last eight years alone. So we have over 3 million jobs to fill right now. We need more women. We need more ethnic diversity. We need more neurodiversity. We need more men. So anybody coming into this field, what I would say is you have to come with an open mind, but you have to know what you want to be, not what you want to do. The second thing is understand there's going to be a major learning curve and there's going to require a lot of investment and there's no way to really go around that. I would hope that all this information that's out there helps others make better decisions about security, helps them better secure their companies, their families, things like that would be, I think, worthwhile for me.