Fresh Faces in Cyber Security: Bryn Ossa

In my continuing article series "Fresh Faces in Cyber Security", I interview up-and-coming professionals new to #cybersecurity. Have you recently started your first cyber role and would like to share your thoughts on what it's like to be the new kid on the block? Message me, and let's talk!

Today's interview is with Bryn Ossa (they/them), Product Evangelist with Elevate Security since July 2019. Bryn is a believer (as I am), in the power of relationships as a catalyst for a stronger cybersecurity community. Bryn is a graduate of UC Davis, with a dual-degree in Spanish and Neurobiology, Physiology, and Behavior.

1. You're a full-time sales professional with cybersecurity firm Elevate Security. Before that, you worked in the auto industry as a Service Center Manager and Shop Assistant. Tell me, what drove you to transition into cybersecurity? What has been the toughest part about moving into cyber? What has been the easiest part?

The transition was a fairly slow process. When I was in school, I actually studied to be a neurosurgeon and then decided that I wasn't as thrilled about medical school (and the price tag associated with it), but I've always loved the behavioral aspects and the way people think. My part-time job in college was as a Shop Assistant working on busses, so post-college, I moved further into the automotive industry while I figured out whether I wanted to stay in cars or do something else, and my role relied heavily on customer service, which I discovered I loved. Meanwhile, I knew I wanted to go into tech because my fiance is a developer, and he would often come home and tell me about his day, and I would have no idea what he was saying. Between wanting to interact with people and build relationships, wanting to learn "tech-talk," and still having that background in behavioral and neuroscience, Elevate Security was a shoo-in since I was able to flex all those muscles (our product is based heavily on behavioral science and social proof).

2. What do you think the cybersecurity industry is good at? What do you think it needs more of?

I think the cybersecurity industry is great at taking in new folks. I was very worried that as a total newbie to all three aspects of my job (sales, tech, and cyber), I would feel like a fish out of water, and it hasn't been like that at all. Everybody has been super welcoming! That said, security has so few non-males in the space, and even fewer queer/LGBTQIA+ folks, and that is painfully obvious. The inclusivity is there (I've seen pronoun stickers at a number of events), but the effort to enforce and encourage it is practically non-existent. I will be the only one using the sticks/badges etc. at events, and hardly anyone even notices that my pronouns are "they/them," so they assume I identify as female. It's hard.

3. I'm sorry, that does sound hard. Let's switch gears a bit. Describe a day in the life of Bryn at Elevate Security.

My day can vary since I like trying to go to as many cyber events as I can, but generally, my day starts with an email and LinkedIn check, both for my own notifications and for potential news on prospective clients. Because I'm in sales, I spend a lot of my day putting together sales campaigns that typically revolve around email, but I try my best to really personalize my outreach so it's relevant and not "just another sales pitch" by taking an interest in someone's life outside of just their title. However, many prospects are truly jaded by outreach after outreach that I understand the reluctance to engage and the feeling of being overwhelmed with pitches and "just 10 minutes," so I'm actively trying to make my outreach as painless as possible while at the same time trying to make sure I actually do my job. It's a challenging balance since our product is such a new concept that the only way people can know what we're selling is by either researching us specifically or by my reaching out.

4. That's actually how we got connected! I appreciate that you're not pushing purely for the sale. Tell me, what do you want security veterans to know about new people entering the industry?

I want security veterans to know that we're willing to learn and want to be good at our jobs, but for many people, myself included, cybersecurity is sort of an industry that we fell into, so there's a lot that we need to learn, and we don't always know what that is. I'd love to pick people's brains more, but cyber folks practically run in the opposite direction when they hear I'm in Sales, when I'm genuinely interested in what they do and how they got there and the knowledge and wisdom they'd be willing to impart upon me. Not all new folks grew up learning how to hack (or even knew that was an option for a career!).

5. What advice would you give others interested in getting into cybersecurity?

Attend as many events as possible. Meet people, meet with people, read some blogs, sign up for newsletters. There's so much news on cyber that you can't possibly keep up with every little thing going on, but some carefully-selected google alerts and following certain people on LinkedIn can help bridge the gap without feeling like you're falling headfirst into information you didn't even know you needed to know. Keep an open mind, soak up as much information you can, and connect with people on a genuine level - the cyberspace is a tight-knit one.

It truly is. Thank you for sharing your story with me today, Bryn. And thank you for keeping a Humanity First approach to cybersecurity. Keep on keeping on!

Naomi Buckwalter, CISSP, is the Director of Information Security and Privacy for an industry-leading HR technology firm.