Interview of the Week - Nancy Gariché
During Cybersecurity Awareness Month Security in Color plans to highlight different women in the field of Cybersecurity / Information Security, in an effort to give voice to an underrepresented yet talented and diverse group.
Hometown: Ottawa, Ontario Canada
Degree: Computer Science, B.A
Current Position: Senior IT Security Analyst
Organization: Co-founder, Secure That Cert!
Nancy Gariché is the co-founder of 'Secure That Cert!', a community designed to bring individuals access to skills and certifications required to kickstart or level up your career in the field of cybersecurity. With over a decade of experience in the technology industry, and the latter half specifically in the security industry, it was a pleasure to feature and meet Nancy during Defcon to highlight her story for our website.
Can you scan your resume for us?
"After graduating with my degree in Computer Science I went on to be a System Administrator for seven years. From there I wanted to specialize in Security and was able to find an opportunity in Ottawa, Canada where I have been doing risk management for the last ten years for different departments for the government of Canada."
What was your inspiration for Co-founding Secure That Cert?
"When I wasn't learning hands-on at my job I turned to certifications to gain the knowledge necessary in the field. Certifications can be expensive and sure, work pays for a part of the expense if you are lucky but the rest I had to cover on my own. I co-started this organization, with Jenny Guay, because I knew I was not alone in this struggle and wanted to connect and build a community for those who are looking to study for certifications.
I can definitely understand that mission, as an individual who has gotten many certifications that are a lot of money in training and testing costs.
Exactly, certifications are not only expensive to receive but also to maintain. Canada is similar to the United States in that the CISSP is seen as a very essential security certification to get you in the door. Many of the other certifications required in the United States, though, are not as important but the skills are. That is why we really focus on learning the skills from these exams with our study groups so that anyone can learn without the cost of the exam. If they want to go for it, sure, but my goal was to improve my workshops to become more skills-based. We started off with a lot of lectures and reading but realized the true value comes from getting individuals to be more hands-on and you do that with labs.
You have almost a decade in the IT industry, can you speak on the biggest challenge you have faced in your career and advice on how you overcame it?
"For me, it was to stay relevant in the field and be more hands-on. For the majority of my career, I have been the 'assessor' but not the 'builder'. Meaning a lot of my work was conceptual and not apart of the engineering process. To combat this, I just started to educate myself. You are always a student in this field and having an innate curiosity is key to staying motivated.
Let's switch gears a bit and talk about a topic that I do not think gets much attention - burnout. The Tech industry is known for having this 24/7, always-on and connected mentality that can be very harmful. Is this something you have experienced and if so, what measures do you take to prevent this from happening again?
"Oh most definitely, I have had issues in the past with burning out because I am always studying. If I am at work, I am studying or applying the skills and doing reports. When I go home I do more studying. I had to stop myself and learn to prioritize the things that are important to me - such as my nephews, my boyfriend, my health. I knew that if I continued this way I was going to run myself into the ground. So I have learned to block time for what I want to do. I block time for studying, picking up my nephews, meeting a friend for coffee - it's just about making sure you remember that the people around you are important and making them a priority. I even have this application, Life Tick, that helps me map out my goals to make sure I am keeping track of my goals not only in my career but in life as well.
Security in Color was named for two main reasons: to change the traditional narrative of the security industry in terms of news, as well as encouraging and promoting diversity in the field. How do you contribute to this change and how can we continue to change this narrative?
"This is something I am still trying to embrace but my answer would be to live loudly. What I mean by this is to work to put myself in positions of leadership so that I can be visible. I really believe this is important and have an example of this that I have seen first hand here in Canada when P.K. Subban, a Black hockey player, joined the Canadiens de Montreal. Prior to him joining I didn't see any interest in the game from young black kids in the city. As soon as he joined the team, and little kids of color were able to see that being a hockey player is possible, the amount of attention to the team grew. It was astounding to watch and I firmly believe it was because he put himself out there, was publically visible, successful and showed the youth that they too can be successful. I believe this method can also apply to our industry. I am in security, I am building 'Secure That Cert' and I am making myself visible so that people know it is possible to be successful here as well but this experience is still a growing process for me to do. Growing up French-Canadian, there were no visible options to be in technology in my family - you were either a nurse or an accountant. It was often seen in poor taste to celebrate yourself too much in my culture and that taking up too much space was being inconsiderate. It is a struggle I am still learning to face but I know the work I am doing is important - I know that when you expose children to the possibilities that they can do more, their imagination becomes endless."
Thank you so much for taking the time to speak with me. For those in the Ottawa area or are just interested in your mission, where can they find you?
Secure That Cert has an official website and various social media - twitter, LinkedIn. I am also the co-project lead OWASP DevSlop (short for Sloppy DevOps) and we have a YouTube channel that features guests to learn about introducing security to DevOps practices.
Want to be featured on our site, or know of someone who deserves to be heard? Submit your nominations at SecinColor@gmail.com