My Career Pivot: From IT recruiter to information security
As we celebrate International Women in Engineering Day this week, we’re profiling female-identifying engineers across our business. Maria Sepulveda is a Senior Security Engineer at Skyscanner. An expert within information security, Maria led the recertification of Skyscanner’s PCI DSS (Payment Card Industry data Security Standard) compliance. Maria took an unconventional path to information security, starting her career in customer service and IT recruitment. Here, she discusses her journey, imposter syndrome and what her role looks like today.
Maria, as a Senior Security Engineer, what does your role involve?
Well, I only recently joined Skyscanner so a typical day for me today might look different to a typical day in a couple of months time! Having said that, I have already been given responsibility to lead the recertification of our PCI-DSS compliance. It’s great that I can be trusted so early on in my Skyscanner journey. My day typically starts with following up on tasks that are due in the coming week. During the day I meet with people and various teams to understand what they do. I’ll also attend internal events, often to better understand the Skyscanner culture and the way things work here — as well as to make connections. Focus Time in the afternoon allows me to re-read my notes and absorb information I obtained during the day. The day might end with a recap of the day with my team, allowing me to ask questions I haven’t already asked or just generally talk about how the day went.
What was your career journey to this point?
I took an unconventional path into information security. Originally from Australia, I worked in customer service roles and IT recruitment. I arrived in London and found a job working at an in-house recruitment team for an online betting company. I knew that I wanted to move into a more tech-focussed role but still interfacing with the business. My colleague who was recruiting for the security team at the time suggested that I apply for a junior role that had opened. The role was supporting the team who managed compliance activities and security awareness. It was the perfect stepping-stone as I got to shadow the more experienced team members as well as apply my business acumen to the security awareness programme. I also took the opportunity to learn from other members of the security team. I have great memories of my time there and throughout my career journey I have bumped into people from that first job at various industry events. Never underestimate the power of connections early on in your career!
Why do you think you didn’t go into your current field when you first joined the workforce?
I didn’t know how to get into Security or even that it was a field. Networking opportunities didn’t exist at the time and any that did exist were more of a ‘boys club’. It just didn’t feel like an accessible place for me, or for women generally.
And were there any preconceptions about what you do now that held you back?
I suffered hugely from imposter syndrome. In my first role everyone in the Security team had a security-related degree, came from a bank or police/military background, or had worked in the industry for forever. Fortunately, I’m quite stubborn and so I wanted to prove that I could also be successful.
What advice would you give your younger self — or others considering a career change?
Don’t underestimate the skills you learn and the people you meet from any job that you do, no matter how unrelated they might seem to the career you want to move to.
Where you’re considering a change into a male-dominated industry, like engineering, remember that you can bring a fresh perspective. Personally I feel I bring a holistic point of view. I consider the views of different groups and encourage collaboration. This is useful in my role because the same solution can’t always be applied to the same problem in every organisation. We all have our strengths — play to yours.