Solid foundational knowledge is important than certifications to become a good cybersecurity professional: Pooja Agrawalla, NXP Semiconductors
“I come from a business-oriented family. My father broke the tradition and became a doctor. He wanted me to pursue science. I was inclined toward physics and mathematics in my school and college days. For me, getting a seat in engineering was not difficult. But my initial interest was in electronics,” said Pooja Agrawalla, head of Identity & Access Management (Cyber Security) at NXP Semiconductors. Earlier, she has worked with Wells Fargo (Vice President- Information & Cyber Security), PwC, Infosys and IBM.
Pooja’s first brush with computers was in the first year of college, and she was immediately hooked. After topping the first year exams, she switched to computer science from electronics.
Challenges
“I had to come to a city and struggle to get a job. I am grateful for that struggle, as it gave me all the strength to overcome anything life throws at me. I worked 12 to 14 hours initially, and my first pay was very low. Surviving in the big city with that pay was itself a challenge. When I look back, I think that phase helped me realise my strengths,” Pooja said.
Another major challenge was the switch from mainframe to cybersecurity. Pooja had only three to four years of experience when she made the switch. “Without knowing what I am getting into, I landed a job in Identity and Access Management (part of cybersecurity),” she said.
Later, Pooja had a bout with depression in her professional career, after the birth of her son. “In that mind frame, it becomes very difficult to keep the momentum. At work, you are expected to perform at the same level. But your mind is divided between your work, guilt, health, and home. When you are a top performer, it’s very hard to accept average or mediocre performance. This period lasted for about two years, and I decided to make a switch. I picked a career which was a bit more flexible with work times, it was more of an individual contributor job and less of a manager role,” she said.
Fourteen years into her career, Pooja was working on mid-level technical roles. She was sceptical, when she applied for a leadership role at Wells Fargo. But she cracked the job, and taking on such a big role was a huge turning point.
Gender disparity
At the entry-level, Pooja said, the male-female ratio is par for the course in the tech domain – an equal number of men and women get jobs through campus placements.
“The change happens in the journey from entry-level to mid-level manager level. I think women cannot or are not allowed to make their own choices at certain times. I have met women in my life who have abandoned their careers and settled abroad as their spouses are moving there. I have lost so many women in my team because they did not choose themselves. If we want more women in the workforce, we have to make them capable of making their own choices first,” said Pooja.
Sometimes, Pooja said, women get too comfortable with their jobs, and shy away from challenging opportunities. “If you have proven your capabilities, you should always look for better opportunities. But, never get comfortable as that will stop your growth,” she added.
Gender disparity is also due to some of our Indian beliefs. Indian families expect women to handle everything and wear multiple hats. The ‘superwoman’ tag is a lot of pressure. For women to excel in their professional settings, treat them as normal human beings, not goddesses, she said.
Diversity washing
“I have seen organisations that only talk about diversity. They are looking at a number, say to have 30-40 percent women in their teams. I don’t believe in this number metric. Organisations have to look beyond numbers. If you get 30 percent women in the team, but the women do not feel inclusive, then what is the use of diversity in your team? The leaders of an organisation have to lead by example. They have to show how women should be included, coached and sponsored in an organisation. It is a numbers game and a fake diversity if it does not start from the top,” Pooja said.
Cyber security talent
Pooja feels that a lot of people put emphasis on cybersecurity certifications. “I think certifications can be done later or if your knowledge is good enough, you don’t need certifications. Anybody in cybersecurity should have a solid grip on the fundamentals of computers-how the network works, how the operating system works etc. These are mostly taught in the foundational classes in any engineering college or any good cybersecurity program.”
Pooja said a commitment and desire to learn with honesty are critical. “The problem is most people think that their organisation will sponsor their learning. I feel that is the wrong approach. If you are waiting for sponsorship for learning, you are missing out on a critical time of your life. Learning should never wait,” she added.
Move over passwords
The cybersecurity space is undergoing a massive shift. From an Identity and Access Management perspective, Pooja believes passwords will soon be a thing of the past. “Identity and access management in a multi-cloud environment will be a very big challenge in the future as well. With 5G, and zero trust principles, we have to think about how we can trust and let people in our network. Additionally, everybody has their own devices now. Even if the intent is not bad, the device may be bad and could be risker to your network. Identifying and acting timely on such users and devices will become more critical,” she said.
Gloss