Epic Women in Cyber — Stacey Champagne
Stacey believes that cybersecurity careers are a means to disrupt the inequity of wealth and power in society. As the Founder & CEO of Hacker in Heels, she attracts, advances, and advocates for women in cybersecurity through her membership community and programs. She is an active practitioner herself with specialized expertise in Insider Risk, and continues to lead in the field as the Information Security Program Manager for Compass, a modern real estate technology platform.
How did you get into the cybersecurity field?
I’ve always been interested in technology, as early as kindergarten. When I was a kid my grandfather was always buying a new computer at the speed in which they were innovating. This meant my brother and I got hand-me-downs. For fun, I’d take apart the tower, disconnect the wires, pull out the cards — everything, and then put it back together again and hope it turned back on. In middle and high school I participated in the FIRST robotics competition programs.
All that said, I didn’t actually go to school for cybersecurity, at least not at first. I equally loved graphic design and had aspirations to work for a magazine like Teen Vogue (thanks Lauren Conrad & The Hills). During my junior year at a robotics competition, I met a recruiter for a government agency who spoke of opportunities for designers. It sounded super cool, so I ultimately committed myself to that goal, and achieved it.
To keep a long story short, that job afforded me the chance to go to grad school with significant financial support (not totally paid for, but close to it). So when faced with the decision of what to study next, cybersecurity felt right. I wanted to be back in the tech lane and do something that would expand my career potential. I earned a Masters in Science in Security & Resilience Studies with a focus in Cybersecurity Policy from Northeastern University, and jumped to the private sector for my first cybersecurity position thereafter.
What are the main challenges in this field?
Too much emphasis on processes and technology, not enough on people. This goes for the technical, tactical work, as well as the talent (employees) and those who interact and are served by our solutions. In industrial security, a sector we all have heightened awareness of from the recent pipeline incident, a 2019 Kaspersky report found that employee errors or unintentional actions were behind 52 percent of incidents. Program strategies, automation, and machine learning are only as capable as those who create and control them. Making sure everyone is equipped, empowered, and of sound mind is essential… and extended help as opposed to a closed fist when they are not, especially in times of unanticipated crisis whether it’s professionally-related or personal.
What are the things you’ve learned being a woman in cybersecurity?
Computers were once the term for a profession of women making critical calculations, before it became the name of the devices we use today.
Women are innately capable of thriving in this field. We consider what we share over the internet more than men. We’re unlikely to give away personal information, and unlikely to offer this information while chatting online with a friend. A study commissioned by HMA (VPN provider) of internet users in the United States found that men reported their accounts being compromised or hacked, or accidentally installing spyware, malware or a virus more often than women. Yet, when women experienced a security problem, women were more likely to make lasting changes to their behavior to protect themselves from future problems. Men, in contrast, fall back on technical means of protection.
One study of more than 10,000 employees across five verticals in two countries within the Nordics found women complying with rules, and embracing organizational controls and technology more than men. The men rated their knowledge and awareness of IT security, controls and behaviours much more highly than women, despite demonstrating higher levels of risky behavior.
Only when the immense value of this industry was recognized did we see the shift in representation to the male-domination we have today. The average cybersecurity salary is over six-figures. Given what’s known, portrayed, and pressured around women and money, it’s no surprise that we have the imbalance we have today. And yet it is, as I’ve heard financial feminist Farnoosh Toorabi put it, borderline masochistic of organizations to ignore the stats and studies which prove the increase in effectiveness and earnings of diverse teams.
It’s through all this you learn that the issues you’ll likely come to face at some point (or at multiple points) in your cybersecurity career are not about you, but greater societal biases, injustices, and politics at play. These will continue to persist until we have the capability to challenge and mandate change.
What advice would you give to women who would like to join the industry?
You can do good, and live well. This field has interesting and lucrative opportunities that are critical to safeguarding our collective livelihoods. It can enable you to build generational wealth and realize your dreams beyond the workplace. When women earn more, we are able to support the causes that are most important to us, and effect change towards a more equitable world.
Obsession with information security, computers, technology, or otherwise is not a requirement. Neither is a hoodie. But you do have to have at least a willingness to learn and appreciate technical concepts. The depth and complexity varies depending on the focus area you’re pursuing, and nobody expects you to master it all.
The perfect parallel to this is the field of medicine. Podiatrists and neurologists have foundational knowledge in the human body, but specialize in very specific aspects. After learning the basics, cybersecurity practitioners typically niche down to areas that interest them, and those areas can be significantly diverse in how their day-to-day looks. Not every role is eyes-on-glass in a dark room, especially given a large part of cybersecurity programs involves partnership with the business(es) you’re aiming to protect.
Who are your role models?
Elsine van Os is the founder and CEO of Signpost Six, a global insider risk training and consultancy firm headquartered in Europe. When I was active in the insider risk specialization, it was inspiring to see another woman with such a prominent role in the community, whose perspective of the subject matter aligned with my own. I’ve had the incredible fortune to participate in events with her, and contribute to her organization’s insider risk training program. She is my go-to recommendation to watch and learn from for anyone considering that niche.
Outside of the cybersecurity community, Rachel Rodgers is an absolute must for every underrepresented individual to get acquainted with. As a black female founder and self-made millionaire, she helps women entrepreneurs achieve seven-figure businesses through her company Hello Seven. Even if entrepreneurship isn’t of interest, her book “We Should All Be Millionaires” is essential reading for every woman to shift the way we’ve been historically conditioned to think about money.
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
More than once, those who fight to uphold the status quo and unearned power will gaslight you and do whatever they can to drive you out. These experiences will only make you stronger, and lead you to your calling. Stay vigilant, and stay prepared so that those who want to hold power over you, can’t.
Oh, and those “personal vision notes” you wrote out in your college studio apartment — outlining your salary, car, homes, vacation, and life goals? You’ll vastly exceed those dreams.
If you are a founder or a member of a community for women in security, can you introduce it?
Hacker in Heels is the premier platform for women to grow and develop six-figure cybersecurity careers. At Hacker in Heels we are committed to attracting, advancing, and advocating for women in cybersecurity through our two programs: Changemakers and Six-Figure Cybersecurity Society (SFCS).
Changemakers is a group program where women from any and all career backgrounds are invited to a two-fold experience: (1) to learn about cybersecurity and understand the opportunities in the field, and (2) go through a career/life-coaching experience to help uncover options that are best for them and their life.
Six-Figure Cybersecurity Society, launching in 2022, is a membership community with resources, and events for ambitious women advancing their careers in cybersecurity. Together we’ll cultivate clarity, competence, and connection with both cybersecurity as a career and practice, as well as within ourselves.
In July, Hacker in Heels will be launching a crowdfunding campaign via iFundWomen. It is important to our company’s core that we operate without dependence on corporate donations, and engage only in corporate partnerships that support our mission to speak honestly on issues within the cybersecurity field. If this resonates with you, please follow us on Instagram to get notified when the campaign goes live. You’ll have the opportunity to register for future program offerings at a discounted rate, or contribute at a level that nets some pretty fun rewards (a virtual wine tasting, and custom-designed women in cybersecurity themed swag are both currently in the works!)