This is Tech is a series of interviews with women from all different points in their tech careers.
Meet Sandra, a cybersecurity educator and content creator whose journey into tech started with a pivot away from nursing. In this candid conversation, Sandra dives into her motivations, career-changing decisions, the biggest misconceptions about cybersecurity, and advice for those just breaking into tech.
Check her out on social media:
Would you rather watch this interview than read it? Check it out on our YouTube channel:
Please note, the written transcription of this interview has been cut down slightly for brevity and clarity.
Can you introduce yourself and what you do for work?
Hi, I’m Sandra. I’ve worked in software engineering and cybersecurity. Alongside that, I also started a YouTube channel when I graduated college in 2019. I started that for fun, then it pivoted into helping people break into cybersecurity because I made a video on how I got into cybersecurity. I got a lot of questions on that, how you study for certifications, and the study resources I use.
I made more videos on those topics, and I kind of became a cybersecurity tech channel. It wasn’t initially supposed to be that way, but I liked the way it was going.
I am currently doing this full-time. Actually, I took a career sabbatical last summer, or it’s been two summers now. So that’s kind of crazy. It’s been two summers since I took a break for a sabbatical. I’m just doing tech content creation full-time, which is very different from what I went to school for, but for now, I’m doing it and then eventually going back into either cybersecurity or software engineering.
How did you get into cybersecurity, and what has your journey looked like?
I actually entered college as a nursing major, very different from tech, but I changed my mind because I realized I was queasy around blood. I switched my major to computer science, and then I think it was math that I didn’t want to take – I think it was Calc II or something, so I switched my major from computer science to IST, which is information science and technology. It’s similar to IT. But at my school – I went to Temple University – they focused a lot on full-stack development there, even though it’s IST. But we did take some network security classes as part of my major.
I actually attended the Grace Hopper Conference in my junior and senior years, maybe even also my sophomore year, and the Grace Hopper Conference has had a huge impact on my career.
That was where I met a lot of my employers. My senior year, Bank of America was there, and I just went up to the booth on the last day, and I didn’t think they had any roles open left. I know GHC has a lot of on-site offers, but I ended up talking to a recruiter and a hiring manager that were really interested in my background, and their team also sounded really cool.
So I ended up getting my first cyber security offer right from that conference, which was really, really cool.
What motivates you?
In college, I did a lot of volunteer work with tech girls. Then, in my early career, I did a lot of volunteer work with the Girls Who Code Summer Inversion Program, so it’s always been a big part of my identity to help more women break into tech. I guess it’s kind of expanded a little bit on that, but I do think that’s the biggest motivator, and just being able to grow a community on Discord and my different platforms has also been a really big bonus.
What’s your current tech obsession?
I guess this one’s kind of funny but maybe just like home automation stuff. I’ve been doing a lot of smart light setup for light-dimming at 8 PM and just like having more routine, like using tech to automate that for me.
I have an alarm that isn’t really an alarm, but it’s a sunset alarm. I think at like six AM or something, it fakes a sunrise. So it feels like you’re naturally waking up and apparently, it’s really good for your body. I also have yellow lights turned on at 8 PM so that I can get ready for bed in a certain amount of time or at a certain time. So I guess stuff like that. I really like more hardware focus.
What do you think are the biggest misconceptions about cybersecurity?
For example, in college, I did a part-time job at a computer repair shop, and while it wasn’t cybersecurity experience, it was still related to IT and troubleshooting, so having that in my resume definitely helped because I had experience doing some technical diagnostics.
I also had experience with customer service, so it helped having that on my resume, even though it wasn’t full-on technical, cybersecurity, or even just internship experience. You don’t have to get experience, you know, just through the traditional routes. A lot of part-time jobs are great for that. You can do them during the semester, which is still experience. This is the advice that I give to a lot of my students and mentees.
But another way , I guess, is breaking into cybersecurity in other areas. For example, a lot of people will start out in IT first because there are technically more entry-level IT jobs than there are cybersecurity entry-level jobs.
That’s another way into cybersecurity that you don’t need to have cybersecurity experience first. So there are a lot of different routes into cyber, and I know nowadays with the job market being kind of crazy, it can be easy to be like, oh, there’s like no jobs out there. But there are; I still see a lot of people who are getting cybersecurity internships.
That’s another thing if you’re currently a student, I personally think that one of the best ways to get hired into a full-time job after you graduate is to have a return offer from your internship. That’s another reason why you should work hard to get those internships in school. I think that’s definitely one of the safest routes.
You mentioned that Grace Hopper had such an impact on your career. Is there anyone else or anything else that you think has had that really big impact on your career?
This sounds really cliche, but it’s probably one of my professors at Temple. So, Temple has a scholarship for the Grace Hopper conference, and she was the one who actually recommended that I apply back then. I wasn’t doing a lot of this stuff, so it was my first tech conference, and I just applied because she recommended me to do so.
I actually went, and that was when I got my first official internship. It was in software engineering, but still, it was my first internship that I was really excited about.
Then, the second year that I went, I applied for the official Grace Hopper Scholars scholarship. I ended up getting that, and that was how I went the second time in my senior year.
And honestly, it was all because of her. She also wrote a lot of my recommendation letters. She introduced me to people in the industry because she was also the lead of ACM-W at our school and was in charge of bringing in networking companies – companies that you can network with in school.
Honestly, she really changed the trajectory of my career or like my educational path as well. Even to this day, we keep in contact, and I have gone to Grace Hopper a few times after I graduated. It’s always nice connecting with her there because every year, she brings students from Temple.
What’s one piece of advice you’d give to your younger self?
I think it would be that taking breaks is just as productive as working hard. I mean, in college you’re always grinding because you know you’re looking for internships. You’re also trying to get good grades, you’re trying to pass your exams but also do extracurriculars, and the things that I guess companies might want to see on our resume. But if you’re constantly grinding, you’re going to burn out eventually, and if you don’t take the time for yourself, then your body’s kind of gonna force you at some point. If you don’t take a break, it’s a matter of you getting to choose when your breaks are or you don’t just your body’s just going to let you know it needs to take a break.
What trends and cybersecurity are you most excited about? Or concerned?
I think my answer to both questions is AI because, well, first, I guess I’m most excited about just how accessible technology is now with the rise of AI and, for example, like a company that may not initially have access to someone who can build a website, nowadays, there are like no code applications and tools that you can use and AI builders. So it’s made tech a lot more accessible to different companies, like nonprofits, and a lot of different sectors across the board.
But I will say that something I’m concerned about is the overall rise of deepfakes and that technology. I do think that’s something that needs to be talked about a little bit more, just in a way that it’s governed, like who can use this.
And I see so many videos on TikTok now and like different platforms where you can make a deep fake if someone just talks about anything.
And I see a lot of them, a lot of companies making deepfake videos, promoting random products that I think are very ingenuous. So I think that’s going to be a really big issue. And maybe you can tell now that someone is a deep fake video because they’re not blinking or their face looks kind of weird. But you know, in three or four years, it’s even just like next year, this could be a lot more advanced. Especially if you’re comparing the deep fakes to how they used to be.
New technology is advancing so quickly, and I do think that there needs to be some real rules in place for who can use this and for what.
Interviewer: I actually just saw on Instagram a post about how there are ads that are deep fake. They have a carousel of people you can select to promote your business, and you can have them say whatever you want. Now that I’m actually paying attention I can see that they’re deep fake, but if you’re just scrolling and not paying a lot of attention, you don’t really notice it.
Sandra: Right, exactly and that’s what I’m concerned about as well because maybe if you’re younger and you know about this technology, but if you weren’t aware especially if you’re someone who let’s say may be part of an older generation and may not expect this kind of technology, you could easily be falling for so many scams that are prevalent nowadays using this technology.
So it’s definitely very dangerous. I think that’s one of my biggest concerns.
For someone interested in cybersecurity, where do you suggest they start?
I think there are a few steps to this. First one would probably be to figure out which area in cyber security you’re most interested in.
The three main niches are Blue Team – which is defensive security, Red Team – offensive security or pen testing, and then GRC – which is kind of related to auditing, governance, and compliance. That one’s mostly non-technical cyber security, but still very important.
There’s a lot of free courses out there that you can take. Honestly, YouTube is a really good resource that I recommend to everyone. You can find like six hour courses on YouTube nowadays. So definitely don’t sleep on free resources that you can find there.
The free courses will give you kind of a basic understanding of what each area is. Then, from there, you can decide which pathway you actually want to go down. So you can have at least a little bit of focus. And then, from there, you can start building your own cybersecurity home lab!
This is actually a lot easier than it sounds. All you really need is VirtualBox and Kali Linux.
Both of those are free to use. So you can basically just down like your own VM. This will be kind of like your home lab or like a hacking lab or like an SOC lab if you’re on the blue team and basically use that to do all of your future cybersecurity projects.
So I definitely recommend getting a lot of technical cybersecurity projects, maybe around three to four, onto your resume if you don’t have any prior cybersecurity experience, as well as any like other work experience that you might have. I think it’s really helpful to give a recruiter or manager an outline of the skills, not only your technical skills, but also how you utilize them in a project.
So, always having some kind of project profile is helpful.
Then there are certifications, so that’s another thing. In tech, cybersecurity definitely has a big emphasis on certifications compared to other sectors. The Security+ is the most popular certification for beginners. It is a bit pricey, so it depends on what you’re really looking for.
But, personally, I would recommend starting with the Security+, and maybe one practical certification. In terms of the certification that recruiters ask for on candidate requirements, it’s usually the Security+ because it’s just the most common one right now.
I do think that will change in the future. But after that, applying to hundreds of jobs. Right now, I really do think that the job market is a numbers game.
So if you’re applying to just a few jobs a day, it’s a lot harder to compete. We’ve recently gone through the tech recession and a lot of layoffs happened, so you’re really competing with a lot of candidates that may already have years of experience. The way to make you stand out is just through the technical projects, certifications, and like the hard skills on your resume that your feeders are looking for.
So that’s kind of like the full roadmap that I would recommend for someone just starting out.
Are there any final thoughts or any other advice you’d like to share?
I think just what’s meant for you will be for you. Like, putting in the hard work, and the hard work that you’re doing today is going to pay off.
I know it’s hard, especially if you’re currently a student or in the job market. It might feel very difficult a lot of times because you’re competing against so many people.
You’re also applying to jobs, you’re interviewing, and you’re prepping for interviews. There’s a lot that’s going on right now, especially with the global situation.
So there’s just a lot, even outside of what you can control. But just know that it does pay off. And I do think that what’s meant to be for you will always be for you, no matter what.