Join host Sean Martin as he talks with Gina D’Addamio, a former nurse turned threat analyst at the Canadian Cyber Threat Exchange, about her transformative journey into cybersecurity and the vital skills she brings from her healthcare background. Discover how diverse experiences can enrich cybersecurity programs and why employers should look beyond traditional qualifications in this inspiring episode of the Redefining CyberSecurity Podcast.
Guest: Gina D’Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]
On LinkedIn | https://www.linkedin.com/in/gina-daddamio
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D’Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.
Gina D’Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.
Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.
Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.
The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.
Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.
Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person’s overall ability to fit within the team and contribute to the organization’s goals.
This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D’Addamio’s story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
ThreatLocker: https://itspm.ag/threatlocker-r974
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst and https://itspm.ag/rogershxbp
Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/accelerating-cybersecurity-training-and-innovation-7-minutes-on-itspmagazine-from-black-hat-sector-2024-a-rogers-cybersecure-catalyst-short-brand-innovation-story-with-rushmi-hasham-and-vasu-daggupaty
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
From Healthcare to Cybersecurity: Leveraging Past Professions to Enhance Cybersecurity Programs | A Conversation with Gina D’Addamio | Redefining CyberSecurity with Sean Martin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Sean Martin: And here we are. You're very welcome to a new episode of Redefining Cybersecurity here on ITSP Magazine. This is Sean Martin, your host, where if you listen to the show, you know I get to talk to cool people about cool things, all in support of building better programs for better security and privacy at the business to help generate and protect the revenue the business is trying to, uh, trying to create.
So, um, Today, a slightly different topic, um, used to do quite a few of these conversations where we look at how different backgrounds and different roles transition into cyber security. And the value of different backgrounds and mindsets and experiences can actually help teams better programs and actually achieve better results.
And I'm thrilled to have, uh, Gina here with us today. Didamio. I did, I did, Didamio. Yes, I [00:01:00] did. Did I say it right? There we go.
Gina D’Addamio: Yeah, did they have you?
Sean Martin: Yeah, perfect. Um, I had the fortune of meeting Gina in Toronto at the Sector Conference, which is a Black Hat event in Toronto. And, uh, she told her story there. Uh, of transitioning from the world of nursing, and I know there's a lot more specific description you'll provide that there for that into cybersecurity and I'm excited to capture this story and share it with everybody.
It's, it's a, it's a very moving and powerful story, and I think there's a lot of lessons and hopefully some things folks will take, take from this as they look at how they build and staff their teams, um, to. Yeah, bring in more experience, more diversity and open up the pipeline because we don't have enough folks in this space, as I'm sure you, sure, you know, Gina as well.
Gina D’Addamio: Yeah. Okay.
Sean Martin: so maybe let's start with, let's start with your role. Then I want to [00:02:00] move into how, how the sector, session came to be. But describe what, who you're working for now. I got to meet some of your, uh, some of your team there in Toronto as well. Uh, that's the Canadian Cyber Threat Exchange. So describe CCTX does and your role within it to start. So people have that in their mind as we kind of walk through your journey here.
Gina D’Addamio: Wow. Um, I'm currently a threat analyst at the CCTX, which stands for Canadian cyber threat exchange. Um, and we're a nonprofit, um, threat intelligence sharing organization. Our memberships range from huge telcos and banks all the way to small mom and pop shops who, you know, want to be up to date with cyber security.
Um, my role is basically understanding the threat landscape and how. I can make it translated into a [00:03:00] an actionable piece of advice for our members, um, based on understanding that our members have huge cyber security teams and somebody that doesn't even have an I. T. team. So, um, my job is a bit challenging, but it keeps me in the loop with what's happening in the cyber landscape.
Sean Martin: I love it. And, um, For those listening, of course, we have a global audience, but a good majority in the U. S. So the organization you work for is very similar to the ISACS, the information security. What's the, uh, the A stand for? Yeah. Analysis centers and sharing centers, organizations and centers, ISACS and ISALS.
So very similar to that. I think you, In the U S they have very specific sector ones. I believe yours is cross sector.
Gina D’Addamio: Ours is, yes, cross sector.
Sean Martin: So that's the context. Um, let's go back to, to sector now. So there, [00:04:00] there was a, I can't remember what that, that particular area was. It was a fantastic place to
Gina D’Addamio: The community lounge.
Sean Martin: lounge. Everybody was there. Anybody who was anybody who has anybody was there
Gina D’Addamio: what's nice about the community lounge is it's also geared towards people that don't actually have a pass. So, students and what's kind of nice is it reaches a large majority of people that don't just have a conference pass.
Sean Martin: and it was a real community vibe and feel in there as well. And lots of people cruising around and making new. New friendships,
Gina D’Addamio: Exactly.
Sean Martin: exactly. So how, how did you get involved with, with that? Cause you had a, uh, basically a little mini panel. I don't want to say many, you had a panel there in that, in that session where you, you kind of spoke to this.
Um, was that something you suggested or how did that come to
Gina D’Addamio: Well, um, I was there as a, um, a success story of the Rogers Catalyst program. So the Rogers [00:05:00] Cybersecure Catalyst is a program that helped me get my certifications that launched my new career. Um, and as one of their success stories, um, they asked me to, to sort of speak and, and highlight the, the results of what going through one of their programs looks like.
Um, so it was an opportunity for me as well. Um, to highlight who I was, where I've gone, come, and, and have arrived to versus the program and CCTX. So it was a, an opportunity to showcase sort of success.
Sean Martin: And for those who didn't hear it, I don't know why you didn't hear it, but I actually did a quick, uh, quick chat there on location with, uh, Rushmi Hashdarm, yes, and Vasu Daggapati. Um, so they, they were kind enough to give me an overview of, of the whole Rogers, uh, system, if you will.
Gina D’Addamio: It is a system,
Sean Martin: Yeah, looking at, I can't even recall all the stuff, but basically multiple aspects of [00:06:00] bringing in talent and making sure that they're successful.
A lot of different programs there. So I'll, I'll link to that as well. People can. You can check that out to learn more about that program, which I'm sure you'll probably touch on a little bit here as well. So So Give us a little background on what you did prior to cyber. Um, perhaps a very stressful position, and especially depending on when, when you were there, let's say maybe a pandemic was happening or not.
So talk to us about what, what that looked like, how you entered that field to start, what attracted you to it, kind of what you did in that, in that role as well.
Gina D’Addamio: from the longest time. I've wanted to be a nurse. Um, I have pictures of myself, like decked out in nursing gear from probably age four or five. So it was like nursing was my destiny. Um, and going through school, I was lucky [00:07:00] enough to know that I wanted to work with moms and babies. And I was able to get a final, my final big placement, which is called your consolidation.
Um, in my fourth year at Mount Sinai Hospital to do postpartum nursing. And I knew I'd hit the jackpot. This is the specialty that I wanted to be in. So, um, from 20, uh, 2005, um, Until 2022, I worked delivering babies, helping little, little Rugrats come into the world. Um, and, uh, I loved my job. I loved my job.
It was, it was one of those besides the stress and Um, the pandemic and all the other things that I loved my job. Uh, the problem is the system is deteriorating. The staff shortage or staff ratios to patients is deteriorating. So we were becoming [00:08:00] more and more stressed, having more and more work with not enough hands.
Um, and in, in my job, I'm dealing with life and death literally every minute of the day. I never know what's going to walk through the door. Um, so when you're constantly running like four nurse a shorter shift, um, eventually that, that emotional toll of somebody's life is in your hands, and if something bad happens and you don't have the hands to help, it's, It's one of those like I couldn't live with myself if the system created a situation where somebody's life was no longer available because of the system and not my skills.
Um, and so it was really, I was like, I'm burned out from sort of carrying that weight that somebody's life could be at risk because of a system problem and not because of my skills. Um, so sort of carrying that stress for a long time, it started to play a bit into my family life and Um, I have two small kids and I, I [00:09:00] was like, I need to decide, do I love my job enough to let it affect the rest of my family life?
Um, and so, um, after some, some mental health challenges, I said, you know, enough's enough, I need to leave. And, um, I'd worked through the pandemic and the heightened stress of all of that on top of that, and, and the, the continued shortage of staff, um, just made that decision clear. Um, for me, so I kind of left and, um, did some mental health support, sort of refocusing on myself and my family.
Um, and I did some super menial jobs because I still had to pay bills. Um, my husband left his job during the pandemic to look after our family because I worked full time, he worked part time. He was in ICU at Sunnybrook. Um, and so I was like, do we pay the bills during COVID? What happens? We have to Two young kids, they were basically kindergarten and grade one at the time.
[00:10:00] Um, so he actually quit his job of 15 years in the healthcare industry, re skilled himself in paralegal while he was off. So we both in our whole family have had, um, a big adjustment over the last couple of years, leaving that healthcare setting. His was a bit different also, but for our family life was the, was our priority,
Sean Martin: Yeah.
Gina D’Addamio: so.
Sean Martin: And I, I think, thank you for sharing that. And I, I think the, um, I don't know, people will take what they want from it for me. What I take is. Regardless of a profession, I would say, um, a lot of times one reaches a point where it's just not working anymore, right? And, and it can be, I mean, you're looking after two lives in many cases in your situation, so super stressful.
Um, But a lot of people listening to this in cyber security might, might say, cybers could [00:11:00] be pretty stressful too. Um, certainly if you're running a program that supports a hospital, right?
Gina D’Addamio: Yeah, that too, yes. For
Sean Martin: So, so that's why I make the point that regardless of what you're doing and what industry you work in and the role you have, I think, There's an opportunity a lot, a lot of times for people to find themselves like you did where that situation no longer worked for you in your, in your personal life.
Um, so I say that because people, the people will move in and out of different industries, including cyber security. So you chose to move from the medical field to cyber. Was that a. Was that a, I, I, I'm interested in this space. Um, I'm intrigued by it. I've dabbled in it and it, it's the place that I think I want to go or were you drawn to it [00:12:00] by something or someone, but what, what's that,
Gina D’Addamio: I wish it was that interesting and, uh, emotionally attaching. Um, it was opportunity. Um, I, like I said, you know, I did some menial jobs. I worked at Costco, I cut grass. I, you know, I just, I needed to make some money, but I didn't want to have to think about a lot of, uh, learning and, and just like, Peace out a bit, but I didn't have a direction for a new career, um, per se.
And basically the opportunity of cybersecurity landed in my lap. Um, Through the Rogers Catalyst Program. Um, So, uh, a fellow mom, school mom, said to me, have you ever thought about cyber security? I know you're looking for a new job and there's this program and at the time it was funded through the government, uh, in terms of getting new cyber talent and sort of, you know, it's out of pocket, no out of pocket education.
And I thought, okay, [00:13:00] that's, that's a nice opportunity. Um, and so I attended an info session that they offered and You know, it was drilled in that this is a really intense program. It is, um, requires a lot of dedication. Um, it's an accelerated program. So you're learning a lot of information in a really short period of time.
And it's not for everybody, but. You know, if you would like to apply, you do an, um, like a video interview, you have to do a, um, uh, abilities, abilities test, I guess it was, I had to answer a bunch of cyber sort of cybersecurity questions and, uh, they had showcased that there was a, a CTF, um, that the catalyst would be putting on.
And, you know, if, if you. Thought about it being interesting to give it a try. So I had signed up for the CTF, not knowing what a CTF was, um, capture the flag. And so I was like, Oh, okay. So like I understood the childhood version of that, but how does that play into the digital [00:14:00] world? I didn't really have an idea.
Um, so I logged into the, to the challenge and, um, Had to solve these puzzles, but not really having a lot of information. I googled and I I youtubed like I downloaded Wireshark. I'm like, what is Wireshark? And what are packets? And I have to look for something in this packet and um, anyway, it was a A good couple of hours.
I think it was like a full weekend's worth of of attempting to solve puzzles. I was able to solve 50 percent with zero cyber security training and I thought, wow, if I can do this just by Googling or YouTubing videos, it's like if I could do that. You know, with no knowledge. I have a good shot. So I, uh, I put in my application and, and I was accepted.
Um, I think a bit of my background being a nurse piqued interest as well. And I think that in general has given me a leg up in the whole process, but it's also, I've put in the work as well. [00:15:00] Um, so I got into the program. I earned three SANS certifications in seven months, um, through the program, and, um, the Rogers Catalyst program at the time was called Accelerated Cybersecurity Training Program, so we called it the ACTP.
Um, I was cohort nine of the ten cohorts that were funded, and, um, it was an intense program. There were people that had full time jobs doing the program, and the program was my full time job. So when my kids were in school, I was in school as well, um, so that I could balance my family life with school. But That was eight hours of my day or six hours of my day where I was focused on school and I struggled to stay on track.
Um, you know, life happens sometimes people get sick. Um, it wasn't easy. I was determined to get these certifications. So, you know, somebody is paying me. Um, [00:16:00] to get these certifications and I ended up, um, getting above 90 on all three of my certifications. And the first one was, was a real eye opener for me.
I've always been technologically savvy. I was always, you know, the first one to get trained on all the, the pumps in the hospital. I instituted, um, the entire electronic record system. I was the. Nurse seconded to then train all the rest of the nurses on the unit. So technology was never far from me, but understanding like hardware, software applications, networks, all that was It's literally over my head.
I remember the first couple courses. Um, it was the first course was a lot of virtual, um, instruction. And I remember the instructor talking in English, but it actually didn't make any sense. It was like, it was literally Greek to me. And I thought, Oh my gosh, what have I gotten myself into? The, the program, there was a lot of support in the program.
They're like, it, you know, it's going to feel overwhelming. Just [00:17:00] like, keep, keep trying to go on schedule and do the things and just keep going forward. And by the end of the first, I think it was like. Eight or eight weeks or so. When I wrote my final exam, it was really eye opening to understand where I came from that, that first week of, of learning to, to understanding a whole system of stuff that I really was clueless about.
Um,
Sean Martin: I love hearing a nurse talk about, uh, Systems and applications and hardware and, and packets and networks. And super, super fun, super fun. What, um, Oh, you were gonna say something else. Sorry, I
Gina D’Addamio: no, um, it's just, it's like learning a new language, right? It has its own dictionary. And, and so I had a medical language and. So I often had to, you know, dumb that language down to my patients so that they could understand what was going on and cyber security and sort of relational is taking very technical knowledge and dumbing it down so that people can [00:18:00] understand it.
Um, and having gone through that initial process myself, I think it's made it a bit easier as well to do that.
Sean Martin: So the work you're doing now, you're, you're looking for threats that target systems and sectors. And I don't know if you wanted to spend more time on, on that, maybe to describe it, if it, if you think it helps with people understanding what we're, what we're going through here, I guess my point is it's different than being on a program, uh, sitting in a sock, but you, you're sitting in the big sock, the Canadian sock, I
Gina D’Addamio: That's, that's it.
Sean Martin: maybe, maybe that's probably a better way to look at it.
And in that sense, um, Are there any parallels between looking at An emergency coming in with delivering, delivering a new child into this world and doing that in a way of, and I, I'll just say it because I like risk, um, as a [00:19:00] nurse, did you have to do what I'll say risk analysis to say, here's the situation?
Here, here's what the potential outcome could be unless we do dah, dah, dah, dah, here are the options we have to make the best decision for the time we have with the people we have with the systems we have. Um, so, and, and does that carry over into some of the work you're doing now in terms of how you present the findings that you have and the guidance that you give to
Gina D’Addamio: Well, it was.
Sean Martin: and the
Gina D’Addamio: Yeah, exactly. I mean, we have a Canadian focus like a lot of what we do is we try to make sure that it's Canadian focus because otherwise we get lost a little bit in the whole global community. Global context, but, um, it wasn't without a lot of reflection that I was able to understand how my background in nursing could be used and related in cyber security.
Like, you know, having a baby is like having [00:20:00] an incident. And, and sort of going through the stages of incident response, you know, full assessment. You have to understand the whole situation, uh, find out all the little pieces that connect to make that big picture and which ones you need to adjust or contain to, to solve a problem with the outcome being a delivery of a baby or the eradication of a threat actor in your environment.
Um, it was with a little bit of time. GPT's help that I could streamline the side by side process. And just understanding sort of like, I, I expected to work in a sock that was because I was like a sock is, is labor and delivery or emergency room nursing. It's, it's the same. You're in the thick of it.
You're looking for the details, you know, what are the, what are the, the, the tags that things are not normal, like in nursing, the same as baseline, you know, what's the person's baseline heart rate versus the baseline [00:21:00] normal heart rate. Network traffic and architecture and stuff. Um, and, and understanding that I have an ability to see Detail, like alterations in detail and pick up patterns and, and those kinds of things.
And when I, in, in an interview that I had, when I explained how, you know, having a baby is like doing incident response, the lady just burst out laughing. She's like, in my entire year of interviewing people for jobs, nobody has ever said having an incident is the same as having a baby. I was like, well, your life is forever changed, isn't it?
It doesn't matter which way you look at it. It's never the same again. Um, And so I think having the background that I have and sort of relating the, the, the concepts and how they, they mirror each other has been very helpful for me. Um, and I'm, I'm just very lucky that I didn't end up in a SOC because I realized the SOC is, is what I left [00:22:00] behind.
And I didn't want to end up there, but I, I figured if I have to, if this is the only way I'm going to get into the, into the industry, then I would have to suck up, you know, working 7 day night evening shifts. Um, very high stress. Um, but, um, the C. C. T. X. Gave me an opportunity that I didn't have to do that.
And I'm very grateful because Um, I've been able to enjoy my cyber security, um, career, having leapt through that portion of fire that I didn't want to jump into.
Sean Martin: so the. So many questions. I mean, the first thing that comes to mind is like playbook. I'm sure there's a playbook for delivery, playbook for incident response. And guess what? You need to practice them, right? You don't just show up and hopefully deliver a baby properly.
Gina D’Addamio: A hundred percent. It took me a long time. And the time that you delivered the first baby on your own is, is, is like no, no experience you'll ever forget. Um, I remember [00:23:00] telling the story at Sector, you know, the baby like slid right out and here I am. It was no doctor. It's just me. It's like, Oh my God. So, I mean, I.
I think in, in cyber security, it's the same. It's like when you, when you find that nugget, that's like something, something's bad, something bad. It's something bad. Um, the adrenaline, the emotions, all of that stuff. Um, it's, uh, As human beings, we thrive on that adrenaline and people that work in SOX and actually stay there for a long time, you know, they thrive on that kind of that feeling that dopamine hit and the rush of I found, I found it.
I found some stuff. Um, I'm kind of like, I'm over that now. I've kind of don't want the adrenaline rush as much anymore. Um, but
Sean Martin: But that experience and knowledge will help everyone in Canada
Gina D’Addamio: 100%.
Sean Martin: actually do that and hopefully be a little less stressed themselves because they have your guidance, your [00:24:00] findings and your guidance.
Gina D’Addamio: Yeah. Yeah.
Sean Martin: Hopefully that's the G E. You said it's Greek to me earlier and it's a whole new language, but I want to touch on the, the value of communications because there's a team in delivery, right?
And what you say, how you say it, when you say it, what you're trying to get out of it. By saying it, um, is all important. So how, so that's being succinct and very deliberate and what you say and what you, what you want to get out of it. So how does, how does that translate to what you do now? If it does, I'm assuming it does, but how does that, how's that come across?
Gina D’Addamio: It does. Um, in a way, in terms of taking the information that I, I literally, you know, scraping the web for what's new. Um, we don't produce any besides what's new. Sort of, [00:25:00] we don't create threat intelligence, like, I'm not sharing IOCs that I found in, in, in our thing. We do have a, a dark space where we monitor unused IPs from a couple of our members.
Um, so that in its ways, we're producing threat intelligence that way. But the rest of it is, sort of, I'm looking what's, what's being shared. And then assimilating and sort of translating and relating in simple terms with, with the help of technology. Um, to sort of say, you know, these are some of the major threats that are happening.
These are the, the sectors that are being targeted more. Healthcare specifically, uh, finance, you know, the financial sector. Um, and then for the small little mom and pop shop who doesn't even have an IT team, let alone what cyber security, um, options they have. Kind of, in a way, translating it into simple terms that they can [00:26:00] understand.
You know, what is MFA? A lot of people don't even know what that is. It's like, you know, it's, it's, it's a second identity verification, um, and teaching people how to use password managers. And to, to have random passwords that are just already generated, you don't have to remember them. Because those are the simple things that the, the average person can do to protect themselves from, from identity theft and, um, malware, ransomware, all that kind of stuff.
Um, so, in a way, my, my ability to translate. complex, like, medical, um, terminology. It's basically, well, your baby's heart rate is, is showing me that the baby's stressed out. Simple. What it is, she doesn't need to know all of the analysis that I've done about it. She just needs to know that I'm telling you, based [00:27:00] on what I see, that your baby's stressed and we need to do X, Y, and Z to move this process along.
These are your options. This is why I would suggest this option over this option. You know, using Using the knowledge that you have the same with with cybersecurity, you know, why would we use this option versus this option? Well, there's pros and cons Vice versa, you know In the end, simplifying it as much as possible so that even one little adjustment can improve safety significantly in both, in both environments.
Sean Martin: I am. I presume it's, uh, constant learning. So what are you doing to kind of keep up with, with what's going on? Are you doing more studying, more certifications, CCTX, helping with some of that stuff? What's going on?
Gina D’Addamio: Well, [00:28:00] actually a lot of our members, um, help educate other members. So a lot of mentorship and sharing amongst each other. So I get to attend a lot of webinars where, I'm absorbing tons of information. Um, one of our members a little while ago did a, did a whole wire shark webinar. It was, I think it was three hours long where we got to, you know, he'd set up an environment, gave us things to see and look for.
And, um, so it's a lot of, can be hands on learning besides, you know, just listening to somebody talk about stuff. Um, I haven't enrolled specifically in any more certifications. I mean, I've only been in this industry a year and a bit now. Um, and I was
Sean Martin: have a lot already. Do
Gina D’Addamio: after three certifications in a very short period of time, I'm like, I'm just going to absorb what naturally comes my way instead of, you know, hunkering down.
But, um, I'm always looking for opportunities, um, to learn things, sort of going to sector, you know, I was there to speak, but I also attended a couple, uh, [00:29:00] a couple of the talks there. Um, and, uh, I actually
Sean Martin: you mind sharing which topics
Gina D’Addamio: Oh, sure, sure. Well, I saw Trend Micro's topic on, um, their AI. Um, the name escapes me. It's like AI that learns itself.
Sort of like, it starts with an A. But anyway, um, so I attended that. And then, with the, the elections coming up, um, the keynote speaker's election, uh, topic was, was kind of interesting. Um, and I signed up to do, I signed up to do the SANS holiday. the last two years as a way to just do something fun, but learn something new in the process.
Um, as a cybersecurity professional, there's always, you have to keep learning because every day you take a week's vacation and something new pops up or changes. And, um, And at least in my job, I'm [00:30:00] also learning all the time. Like, I'm just, I read a lot, um, and dissect a lot of information. So just in that way, um, I'm keeping up to date with what, what's happening, the threat actors that are coming and changing and amalgamating and sharing things.
And, um, I said, we need to do that more between the blue team is we need to share more, you know, sharing indicators of compromise. And so sort of that sort of, um, What the mission is at the CCTX is to bring people together so that we can strengthen each other's resilience based on information, but people are very scared to share when bad things happen.
And we see that, you know, this, the reporting to the SCC, um, people don't want to report it. So much stuff goes unreported, but nobody can learn from it if you, unless you report it and share it. So, um, the idea is to, to share so that we can all learn and better prepare, um, in the cat and mouse [00:31:00] game of, you know, reporting. versus good.
Sean Martin: Yes, exactly. Well, as we wrap here on it, and of course, I give you whatever space you want to say anything else that we didn't touch on that you, you think is important for folks to hear, but you kind of gave a few examples. Um, and I'm going to share a couple of examples of what you can do already by leading by example for advice for folks who may want to make this transition or early in their transition of how to really find their, their place in their role and to stay relevant in that role.
So you gave a number of examples already for that. Is there anything else you want to share for advice for folks who may not realize that this is a place that they could, they could join and thrive and, and I don't know anything you want to say to those folks.
Gina D’Addamio: Well, like, like any specialty, the umbrella of the opportunities that fall under the specialty, like cybersecurity is such a huge, [00:32:00] people think of cybersecurity as hackers and, and that kind of stuff. But the amount of opportunity that falls under the umbrella of cybersecurity is really endless. And depending on what background you have, there's a specialty Or an area within the specialty for you.
Um, honing that out and find fine tooth combing your way to which area is going to fit with your previous experience or your goals, because again, like I said, I didn't want to work in a sock, but that might've been where I needed to go first to get into the industry. Um, you sort of, you have to see that the industry is, is large and really Any, any area it's possible to enter into, you do need some certifications because that's what the industry sort of mandates, um, to kind of get your foot in the door and also how you present yourself.
Um, you know, you have to be, you have to be [00:33:00] able to showcase your ability to communicate, you know, say almost all of us on the resume say, Oh yeah, we can communicate. I can, you know. You have to be able to show that to somebody and have that face to face conversation, make those connections. As a nurse, I got to get people to divulge their their deepest, darkest secrets, like within the first 20 minutes.
So it's like understanding how to make those physical connections with people, um, is super important. So, um, if you're wanting to make a career transition, you're going to have to do a lot of personal work versus just technical learning. Um, because that's how you present yourself that really, I think will help you.
Make the transition easier. Um, I mean, I still have people in my cohort that don't have cyber security roles and they got the same certifications as me. Um, and a lot of the time, you know, they're like, well, we're getting the interviews, but I was like, okay, so that tells us that what you've written on the paper is intriguing to somebody, but [00:34:00] there's something not happening in the interview process that you're not making it to the next stage.
So, um,
Sean Martin: Storyteller,
Gina D’Addamio: Yeah. Highlighting the abilities to, to straight talk, to communicate, to connect with people, um, and show them what it is that you know. You might not know everything. Cybersecurity is so huge. You can't know it all. Um, but also then being not afraid to say, I don't, I don't know that, but that's a good question.
And I'll look it up later. Um,
Sean Martin: two weeks ago and look at me now.
Gina D’Addamio: yeah, exactly. It's like, now look at me now. It's like seven months. Look what I could learn in seven months. And I said, I said that in my interviews, I said, So you know my certifications. I don't know 100 percent everything of these sort of vacations. It takes a lot of work and practice to really hone those skills.
I said, but what I can show you with my certifications is that I can learn really technical information or things in a very short period of time. And be tested on it and show you that I did well. [00:35:00] So, you know, I might not know everything now if I had to rewrite those exams. I probably wouldn't pass the same as if I'd done a full study again if I just was given the exam because I haven't used all of those skills in my role right now.
What's nice about cyber is if this role isn't working for me, there's another one that I've gained experience. And again, I have to assimilate what I've learned in this role and how I can apply it to another one. Um, and the opportunities for growing in general in the industry are huge. With AI now, There's a big, there's a big push to how to integrate AI with cyber and make the analysis part much less strenuous and tiresome for these poor people in the socks.
You know, like get AI to help weed out all the noise that, you know, people have to spend usually hours and hours trying to figure out if it's real or not. So I feel, you know, for people that are coming in the industry, having a better understanding of [00:36:00] AI and how it could be integrated in cyber is a great way to go.
That right now is like way beyond me. I don't have a good understanding of of A. I. In general, but again, that's a new language that somebody has to learn. Um, and we can't all be experts and everything. So, um, there's lots of opportunity in cyber security and A. I. I think moving forward. And if you see a lot of the talks at the conferences are all Yeah.
A lot of them are ai, they have a big AI focus. Um, even at the community lounge, like Sentinel One, oh, look at our pur, I think it's called Purple. Purple something. Purple ai. Um, you know, look at pur. I, I went to see Purple AI 'cause I thought that was super interesting. Um, but that's, that's the next step of cybersecurity.
So, you know, as much as MFA and, and that kind of stuff is, is important. The analysis part in the background is where all the work is going to happen now in the next few years.
Sean Martin: and you may not be able to pinpoint it right this [00:37:00] moment, but I'm, I'm going to guess, or maybe you make a bet that you're going to have an experience in your healthcare career that will help, help you transition or leverage the, the, AI, just from the things you had to, you know, learn.
Gina D’Addamio: Mm
Sean Martin: and and and work through in your role as a nurse.
Um, Marco is not here to stop me. My co founder. Okay. I always have one more question. He says he always have one more question. I'm gonna I'm gonna do one more question and it's to two employers and I I'm hoping that I get a chance to speak with Jennifer Quaid. She's the executive director at CCTX and maybe she can shed more light on this.
But there's a there's a thought, I think, Okay. By from employers, and you mentioned it, you have to have certifications and you have to be able to show that you've done certain things, um, just to get in. And then you have to present yourself well on [00:38:00] top of that. And and then at the very end of that is. If not all of that lines up, the company has, the hiring organization has to take a bet or make, or take a chance, I should say, take a chance. I'm not, I don't personally find comfort in that. And, and I don't, I don't know what your experience was. And like I said, I'm hoping when I get a chance to talk to Jennifer, she can shed more light on this. Um, cause I think you had the, you had the fortune of. Going through the Rogers thing and, and CCTX was kind of there, I want to say waiting for you, but open, open for you to be presented and then they, I don't want to say gave you the chance, but they, that path existed.
I'll just say that. So talk to me a little bit about that as we wrap here, speaking to employers who maybe not out of the gate or naturally would feel comfortable picking up some transition and [00:39:00] has less years experience in cyber, but tons of experience in different roles.
Gina D’Addamio: Like I had said it, you know, it's a topic for a whole another day is like, there's not a cybersecurity talent shortage. There's an opportunity shortage because people that want to hire cybersecurity people want people with five to six years experience. It's like, well, those people don't exist. So we need we need to reframe how we hire talent to our organizations and go back to, you know, I'm going to train you.
In in this area and I'd like you to be loyal to our company and not you know Stay for one or two years be educated and move on Um, but it's it's the understanding from an employer's perspective that somebody from a different background. They have work experience. They have Life, communication, relationship, experience, and, and all of those things, the soft skills, if you want to call them, those, those, those can all be used and [00:40:00] translated.
And I don't want to say manipulated, but adjusted to a new, new situation as an, as an employer, you need to understand that that's where the value of this person comes is, is with their experience and not just their technical skills. Um, And, and, again, there's a disconnect between HR and the person that actually needs to hire a person for that role.
They know what kind of a person they need for their team. What was really nice about CCTX is You know, I was number six of our little organization and I literally was interviewed by all other five members. So they're like, she's going to be a good fit for our team. That's what they were looking for is, you know, a person that's relatable to the team.
There's only six or five of us at that. There's five of them at the time. And they're like, they want somebody that's going to work well with them. Um, which is why I feel like I got the job based on sort of my personality and my ability to communicate with them [00:41:00] versus. My technical skills. Um, you know, have I used Wireshark in, in my role?
No, I haven't. Um, you know, I haven't had to hack a box. I mean, I've created, I've created a MISP and I've done some other things which were, was new. Um, technical, you know, technical skills like, you know, creating a set of, uh, keys. I was like, I didn't know how to create a set of keys for, for logging into a server and those kinds of things.
Um, you know, so I've used some of that sort of ability to learn new things in my role, but, um, a lot of it comes from the soft skills part of it and the person that, that you are for that team. So employers need to, I think the person. That's initially screening. As much as it's a big job, they kind of need to have more input into the people that are screened initially based on the piece of paper, which is a very flat, if you want to say [00:42:00] flat, you know, view of somebody.
Um, and again, you know, there's only so much real estate on a resume. You can't put your whole piece of history of who you are in that piece of paper. And, and so I use my resume as a, I want to give them a little taste of who I am and I want them wanting more, you know, like that first taste of chocolate cake.
And so I've been mentoring a couple people that are. Transitioning into cyber and and I say, you know, you don't want to like verbal diarrhea your whole life on the paper No one's gonna read it. No one's gonna read it fine Find a little tidbit that you might give them that's gonna say I want to know more about this because that's how you're gonna get The interview and then after that that's when you've got to showcase yourself and how you can you know fit in this and this role and And employers need to take the jump to see that part part of that and not expect that they have six years experience and they're going to be able to run because no one's going to be able to [00:43:00] run regardless if they have five or six years experience because every organizations set up networking architecture is all different.
So somebody is going to have to learn anyways. So you might as well bring somebody on board. That's going to be a good team member. With the team that you already have and those skills they've shown you they they got a bunch of certs. They show you do they could learn fast They're gonna have to learn anyway, so so give that person Versus the skills a chance.
Sean Martin: I love it. I love it. Tease with the chocolate cake. Come in with, come in with the a la mode.
Gina D’Addamio: Here's a little spoonful get some wanting more.
Sean Martin: Exactly. Uh, it's fantastic chatting with Eugenia and I'm, uh, so, uh, So honored and pleased that we had a chance to meet in person in Toronto and that we were able to pull this conversation together. My, my best to you. Congratulations to you on your transition into this, into this industry. I know we're better for it because you're in it.
And, uh, [00:44:00] I thank you for sharing this story with us. Hopefully, People get to think a little differently. And I mean, the last point you just made, uh, really sum it up nicely for me, for organizations. There are people like Gina who, who can do great things and, uh,
Gina D’Addamio: to be given a chance
Sean Martin: give them a chance. And we were human.
We're not a piece of paper. So,
Gina D’Addamio: hundred percent hundred percent hundred percent. It's my pleasure. Thanks for giving me the opportunity
Sean Martin: uh, it's fantastic. And, uh, thanks everybody for listening and watching. And, uh, I'll put a few links in for some of the things we touched on today and, and, uh, please keep your mind open and stay tuned, subscribe, share with your friends, and we'll see everybody on another episode of Redefining Cybersecurity here, uh, in the near future.
Thanks again, Gina. Cheers, everybody.