Liz Maida is the co-founder and CEO of Uplevel, the first intelligent cybersecurity system powered by graph-based machine learning. At RSA 2018, IT Career News spoke with Liz about how she got into cybersecurity, what she looks for in candidates at her early-stage startup and what advice she has for people looking to start their cybersecurity careers.
How did you get into cybersecurity?
I was a civil engineer in undergrad, but I never worked a day in civil engineering. I had taken some computer science courses, and I realized that‘s what my passion really was. [I liked that cybersecurity] was this unique field that combined computer science and architecture with an awareness of geopolitical context. I love that you can take your technical understanding and have this real impact at a very strategic level with a mission I believed in.
I wanted to work for an innovative technology company focused on computer science and happened upon Akamai. I joined in the very early days, and part of working at an early-stage startup is that you do everything, so you learn everything, you have no idea what you’re doing and that’s just the way it is.
I focused on product development around security and data analysis and then went to graduate school in computer science because I’d had a lot of the practical and hands-on application, but I wanted to get that academic foundation that I didn’t necessarily have because I didn’t do computer science as my undergraduate focus.
What advice do you have for someone who is looking to change careers to cybersecurity?
What’s exciting, I think, with cybersecurity in general, is that you don’t have to have all these credentials or educational experience. The most important thing is to jump in and start learning and trying stuff and being hands on.
The first thing is to identify the areas of security that are most interesting to you, because there are so many. It’s much different to configure all the systems vs how you do data analysis vs data modeling. There are so many different areas.
If you’re already dealing with networks or you’re a SysAdmin, you probably already have this really great skillset where it’s just a matter of adapting it and thinking about it from the perspective of security professionals.
These days, there are so many resources online that are available. Do your research, but also get hands-on experience. I can’t stress that enough. Figure out how to play around with things, test them on your computer, set up your own network and start looking at the traffic.
As you get further along, you’ll come across key influential people from a technical perspective in this area. As you’re experimenting and you’re learning, you can reach out to them with specific questions, based on the work you’ve already done. It’s amazing how open people are in wanting to help and provide guidance.
What qualities do you look for in candidates?
With early-stage startups, you want people who have this curiosity, the ability and desire to learn new things versus having a whole set of predefined knowledge. The reality is, every single day you’re encountering something new. You have to embrace that. You have to really enjoy being given something everyday where you have no idea what you’re doing and you have to figure it out. You need to know how to learn.
I think related to that is being uncomfortable with uncertainty and being self-directed. Here’s a high-level objective I need to achieve, and there’s a million ways to do it. Let me figure out the pros and cons and let me be comfortable going and talking to people and admitting that I don’t know things because that’s the only way you’ll be able to vet your proposed solution.
You cannot underestimate the aspect of self-motivation and teaching yourself. What’s exciting, I think, with cybersecurity in general, is that you don’t have to have all these credentials or educational experience. The most important thing is to jump in and start learning and trying stuff and being hands on.
How do you balance the need for technical skills with the need for soft skills?
There’s a component [of the interview process] that’s on pure technical programming skills. But there are also peer programming exercises or design and architecture whiteboard sessions, where it’s about how you interact and communicate with people.
I like to have candidates come in and give a presentation on technical work that they’ve done because I think that helps illustrate a lot of things:
- Is there something they’re really passionate about?
- What did they do to learn it?
- How did they figure out how to translate that learning into something that other people can find accessible?
- How do they handle questions from people who don’t know as much about a topic as they do?
It gives the team an opportunity to learn something new, but it also allows candidates to be like, “Hey, this is the stuff I’m interested in.” Because if you’re not going to do anything like that here, does this make sense for both sides? I wouldn’t underestimate figuring out what you want to do and making sure that when you talk to companies, they want to understand what you want to do and that it’s a good fit on both sides.
What it comes down to, especially at early-stage startups, is understanding what motivates you personally and to be thoughtful about that and figure out if that’s the environment this company will provide for you. Are we aligned on that? Ultimately that’s the motivation that gets people to do great work.
Read more from RSA 2018:
- Collaboration and Cybersecurity Culture in the Spotlight at RSA 2018
- Knowledge Is Power: Slaying the Cloud Beasts
- The Experts Weigh In: Key Takeaways from RSA 2018
- Hacking for Good: A Conversation with White Hat Hacker Alex Heid