Heather Hall is a Department of Defense trained Cyber Security Professional, “aka Hacker”, with a Master of Cyber Security and Information Assurance. She maintains 18 professional IT certifications, 14 of which focus on security. Many of these certifications where earned while working as the Warrant Officer in charge of Computer Network Defense for the Nevada National Guard.
Her background includes knowledge and leadership skills grown while holding roles that range from Computer Specialist, Database Administrator, System Administrator, Programmer, and Information Assurance Manager for the National Guard; Director of Operations for a growing security company; Senior Information Security Analyst for the largest privately held company in the U.S., Information Security Consultant for a chain of Casinos, and Director of IT and Security for an undisclosed family. Currently, Heather is the Information Security Program Manager for EMPLOYERS, a nation-wide workers compensation company.
Her role has her leading third-party vendor risk reviews, vulnerability management, penetration testing, security awareness training, and data loss prevention. She also advises the business on security and manages incidents as they arise.
How did you get into the cybersecurity field?
I got into cybersecurity while in the United States Army. After 17 years as an enlisted member of the Army, I was selected to become Warrant Officer. Warrant Officers are technical specialists, subject matter experts, in their field of study. The world of information security was made available to me during my Warrant Officer training. Shortly after my return, a last minute opening for a CISSP boot camp opened up. I immediately seized the opportunity and attended CISSP training and achieved certification the first try. Following my demonstrated expertise in information security, I was selected by the Army for reclassification in cybersecurity specifically; which helped build the base for the dozen or so security certifications that I currently hold. I’m basically a DoD trained Hacker.
What are the main challenges in this field?
The challenges are also what make this field fun. As more reliance on Information Technology grows the security changes. When the IoT, Internet of Things, started emerging there were vulnerabilities found in everything from the pacemaker keeping a person alive to the luxury toilet. The growth of the borderless network adds to the complexity of the field.
What are the things you’ve learned being a woman in cybersecurity?
While diversity is on the tip of many the executive tongue, the faces showing up and conferences, web casts, and leadership pages are not those of an outwardly diverse culture. I strive to add diversity to the cybersecurity pool through mentorship. I have learned that if people are welcoming of new ideas, your background no longer matters; what you provide matters.
What advice would you give to women who would like to join the industry?
The advice I would give women is to continue to be inquisitive. Find the answers to problems, dig. I encourage women to go into cyber, especially forensics; because I don’t know a single woman that won’t find the truth behind someone being untrustworthy. We are naturally curious, use this instinct as an advantage.
Who are your role models?
I am an introvert when it comes to thoughts and don’t find myself emulating others or admiring them to the point of modeling myself after them. I have, however, had the pleasure of interacting with brilliant and generous people at every turn of my career. I can’t point to one that has inspired me more than others, until recently. A mentee of mine, Maril Vernon, has found success through HOURS of hard work and focus on her goals. I hope that I too can learn to focus and inspire as she.
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
I started my career in cyber relatively late in life. I was in my mid-thirties. If I were to do it over, I would have started earlier, when my brain was an evolving sponge. Had I started earlier, I could have taken more risks in my career without concern for financial support of my family. But, as I look back, it has been a fun ride. I make a difference daily in the lives of those who will never know my name.