Epic Women in Cyber — Saltanat Mashirova
Saltanat Mashirova is a Cyber Security Consultant at Honeywell (Industrial IT and Cybersecurity Engineer/Architect). She is focused in Control systems, Network engineering and Cyber Security in various fields of Oil, Gas, and Energy Industries.
She was awarded a Presidential Scholarship in Kazakhstan to study at University of California, Irvine. She has graduated UC Irvine with a Master’s Degree focused in Networked Systems. She is certified in CISSP, CISA, CISM, TOGAF, ISO 27001.
Saltanat previously worked in the stock exchange where she implemented ISO 27001/27032 and managed large-scale IT Security Projects within the stock exchange in Kazakhstan. Moreover, she is a speaker/ role model/ panelist of different events about cybersecurity. In her spare time, she helps girls from rural areas who have limited access to education resources to learn English, science and choose future majors.
Reach her on Linkedin: https://www.linkedin.com/in/saltanat-m-b88bba193/
How did you get into the cybersecurity field?
I have worked mostly in the IT field, starting as a helpdesk. When I was working as an IT Manager in the company, the company didn’t have any security position. Therefore, I needed to do security related tasks such as infrastructure security, updating internal policies and procedures, ensuring that IT architecture meets security requirements, etc. At that time I was working at least 12 hours per day. During that time, I didn’t know the clear border between IT and Information Security. Then, the Board of Directors have decided to assign information security roles. The CEO, who knew that I was doing most of the security related jobs, asked the Board of Directors to appoint me to the information security role and report to him. From that time my cyber security journey has started. First training that I attended as an information security professional was ISO 27001.
What are the main challenges in this field?
The main challenge is that cyber threats are never ending and they are constantly changing. You always have to learn and stay on path. It means mostly you perform this learning outside of working hours. For me, it is night time to learn what’s happening in the cyber world. You have to make sure that you are aware of vulnerabilities related to your industry, e.g. for a vulnerability which was found and announced yesterday night, in the morning or even at that night you have to take appropriate actions. Another challenge would be working in ICS cybersecurity is completely different than working in IT. My role at Honeywell is mostly technical which requires me to perform work on site (e.g. oil and gas industry), wear protective clothing, and be away from my family. This is quite challenging for women. As a result, there are few women in the ICS Security field. There are not many women to support each other.
What are the things you’ve learned being a woman in cybersecurity?
Speaking with confidence even when I am not certain with my answer. To be challenged all the time and learn new things. I enjoy this process of always doing research and learning.
Moreover, cybersecurity is a field full of smart and intelligent people and I want to see more women to join. It means you get a diversity in problem-solving, so different kinds of people working on problems, the better. There’s a lot of really complicated and hard problems out there in cybersecurity. When you become part of this cybersecurity world no one cares anymore who you are, they care what you can do.
What advice would you give to women who would like to join the industry?
It is a booming field. You can take different directions such as you can work remotely, work in governance or take a challenge as me go to site and work in OT Security. You will improve both your soft and hard skills together. Sometimes you might get asked to implement some software, at the same time you might get asked to conduct IT Security awareness training.
Who are your role models?
My mother! I have grown up watching her how she handled all difficulties in life, and at the same time managed to stay strong and happy.
Another role model who inspired me to join the ICS field is Janine Oosthuizen, she has worked in OT Security for more than 10 years.
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
I would say everything comes by experience. I had many doubts, so I would say to myself be confident! Be kind to yourself, don’t work more than 8 hours per day. There is life out there after work to enjoy.
If you are a founder or a member of a community for women in security, can you introduce it?
I am a member of Advisory Board at Siberx https://siberxchange.ca/
- Member of Women of Security https://www.womenofsecurity.com/
- Member of 1st Global Cybersecurity Observatory https://cyberstartupobservatory.com/
- Global Ambassador at Women Tech https://www.womentech.net/
I am also a member of local communities as well, especially communities which help girls in rural areas to get to the university, choose a major, break old stereotypes to let girls follow their dream.
