Epic Women in Cyber — Limor Kessem
Limor Kessem is an Executive Security Advisor at IBM Security. She is a widely sought-after security expert, speaker and author, and a strong advocate for women in information security. At IBM, she leverages her years of cyber risk and security expertise to provide counsel to CSOs, CISOs, and CIOs at the world’s largest corporations and governments.
She is an active member of the RSA Security Conference committee, an ITSP Magazine podcast host, and volunteers in the local chapters of OWASP and BSides. Follow Limor on Twitter for her security feed @iCyberFighter.
How did you get into the cybersecurity field?
I started out in the security field working in a huge counter cybercrime operation. At the time, it was the largest of its kind in the world, running a 24/7 mega SOC that served customers. The center worked on shutting down phishing attacks, analyzing sophisticated malware, doing security research, and running a solid dark web/HUMINT/OSINT operation in the fight against online fraud. It would fascinate anyone and I got completely absorbed in it. It made me become passionate about cybersecurity as a whole, and here we are 12 years later…
What are the main challenges in this field?
Security has challenges that run the gamut… From gender parity to facing nation-state attacks, to the more lofty goals, such as innovation, we are tasked with changing and evolving all the time to keep up with what the world needs. One of my focus areas in the field is bringing and keeping more women in this domain. I want to invite women reading this to contact me and feel free to ask for advice/help. I am on LinkedIn and Twitter and my DMs are open to all.
What are the things you’ve learned being a woman in cybersecurity?
I want to be completely blunt here about being a woman in a domain that’s mostly manned by men. What has made a difference for me is male allies that believe in me and sometimes open doors that are otherwise behind that proverbial “glass ceiling”. It’s undeniable that men still outnumber women in positions of power, and as such, their help can (in some cases) make all the difference. That is not to say that one should bank on “favors”. Mark a very clear goal, then do all you can, work as hard as you need to, learn what’s required for a potential promotion/lateral move to a new chapter. Make yourself visible in your company and be ready for the opportunity you are after.
This subject is too important for me not to mention the help of other women. This is a call to women to see their peers and those coming up, and lend them a helping hand where one’s power can make a difference. Even a tiny step up, is still a step up.
What advice would you give to women who would like to join the industry?
One striking characteristic of people I know from this industry is passion! People are working to make a difference for others, to secure the digital realms that guard our everyday lives from a large array of aspects. The second is community. So, to begin, find something in the security domain that you really can connect with and feel passionate about doing. Then, become part of that community — it’s a way to learn, grow, get advice, share expertise, find opportunities, be a voice for others, and just have a great time getting to know people who you might work with in the winding road ahead.
Who are your role models?
My role models are many, so I will try to mention a few here… Caleb Barlow (CynergisTek), Limor Elhayani (Facebook), Diana Kelley (SecurityCurve), Katherine Fick (IBM), Chris Roberts (Semperis), Keren Elazari (@K3r3n3), Vandana Verma (OWASP), Michael Rowinski (IBM), Daniel Cohen (RSA Security), Uri Rivner (BioCatch), Rob Thomas (IBM), Nick Rossmann (IBM), and many more…
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
I would tell myself something that Ginni Rometty said all the time: “Never let anyone define you”. YOU decide what you want to be. YOU shape your career, your path, the risk you take, but most of all, YOU are your #1 fan, so believe in yourself, be an ally to others and find yours, and go after what drives you the most.
If you are a founder or a member of a community for women in security, can you introduce it?
My recommendation to women is to get involved via organizations that are striving to help women in some of the more niche communities as well as the larger ones.
So, WiCys https://www.wicys.org/ is a great start, and they are also holding a career fair for women in March! https://careerfair.wicys.org/. There is OWASP’s Women in AppSec (WIA), Women in Payments (https://www.linkedin.com/company/women-in-payments/), and others.
It’s about finding what you most connect with, and also about seeing how it works out over time.
