It will take a paradigm shift to defend our national security moving forward. Women and people of color should be at the forefront of this effort. Demystifying Cybersecurity, a #ShareTheMicInCyber and Ms. magazine monthly series, spotlights women from the #ShareTheMicInCyber movement—highlighting the experiences of Black practitioners, driving a critical conversation on race in the cybersecurity industry, and shining a light on Black experts in their fields.
Raenesia Jones is a cybersecurity operations analyst. She works in the legal industry, protecting firms and their clients from cyberattacks. She also serves as the treasurer for Women in Cybersecurity Tennessee and an IT auditor with Black Girls Hack, where she helps the nonprofit organization reduce risk and improve security posture.
While working as the IT service desk manager at a local private high school, Jones also became a CompTIA instructor aiming to inspire students to consider a career in technology. She designed an apprenticeship and curriculum that resulted in a 100 percent pass rate for leading industry certifications. Jones has hosted technical summer camps teaching cybersecurity and computer basics to K-12 students to help encourage even more students to consider technology.
In her free time, she enjoys baking, playing video games, dancing and advocating for increased diversity in technology and cybersecurity.
Lauren Zabierek and Camille Stewart: Raenesia, what do you do? What does a normal day look like for you?
Raenesia Jones: As a cybersecurity operations analyst, my work starts with investigating alerts and intrusion detections. For me, it’s a matter of collecting and analyzing data from various sources to determine if the activity in question is legitimate or nefarious.
One of my duties that I really enjoy is defending the firm against business email compromise and other phishing attacks. [Phishing is a social engineering method that a cyber criminal may use to get you to click a link or go to a website that will download malicious software, or malware, that will give them access to your system or device]. Cyber criminals and other malicious actors are getting more and more sophisticated and the phishing attacks are more advanced than ever, so it keeps you on your toes!
In the legal industry, confidentiality is key, and I’m tasked with ensuring that the data being transferred out of the environment is being transferred safely, by way of encryption or other secure methods.
Imagine if your sensitive data about an ongoing legal matter were to land in the wrong hands, and what a criminal or nation state actor would do with that information.
Zabierek and Stewart: How does your work keep people safe?
Jones: Law firms host confidential information that bad actors can use for nefarious reasons—imagine if your sensitive data about an ongoing legal matter were to land in the wrong hands, and what a criminal or nation state actor would do with that information.
My daily tasks include preventing phishing attacks, data breaches and ransomware attacks [in which a criminal locks down an organization’s system to demand a ransom payment], which are some of the most common attacks facing the legal industry. There’s a lot that is riding on the outcomes of daily activities for our clients, attorneys and families, and it’s important that they can operate safely. I recognize that there’s potential for bad actors to want to target members of our firm simply for the nature of the industry, so I don’t take this work lightly. We have a security culture where everyone has joined in the effort to keep the firm safe.
Zabierek and Stewart: How did you get into cybersecurity?
Jones: It was always known that I would work in tech—and security was “just what I did.”
My grandaddy was a veteran. He was very protective, strategic, and security-minded and he was my hero as a little girl. My mom tells me that I’m a lot like him in many ways.
I was always taking things apart, always curious about how things worked. It was very clear from an early age that I would be in tech. I was relentlessly curious, always reverse engineering things. I was the tech-y kid who would set up all of the household electronics and that one kid who all the teachers called to fix the classroom computer.
One day after playing games on the family computer for way too long, I heard the disc crack inside. I removed the case and CD-ROM drive, removed all the fragments and re-assembled the PC using anything I could find in the kitchen, which happened to be a knife and a pair of scissors. Highly dangerous and I don’t recommend that anyone attempt this—but it worked!
I started in tech and moved into cybersecurity because I would just naturally operate with security in mind. Taking an official role in cybersecurity was a natural transition for me.
Because there is so much on the line, I found that there were pretty high expectations for entry-level roles in cyber. Although I’d been an IT manager and I operated with security-top-of-mind, I knew I could not wait for someone to give me an official role, so I had to “hack” my way into cybersecurity!
I’m purpose-driven, so I assigned a greater purpose to my pursuit in learning cybersecurity beyond just myself. I opted to teach tech with a focus on cyber to students while I was studying the industry myself. I was learning while teaching, and it drove me to seek a deeper level of understanding because I didn’t want to let my students down. My pursuit became deeper than just me and my goals, I had a younger generation looking to me.
Wanting to give others a chance to learn and try, while working as an IT manager, I’d also created a technical apprenticeship for high school students, and I received support from CompTIA and Dell. It was awesome! Students received a year of verifiable work experience and earned IT certifications.
If you are a learner at heart, someone who doesn’t mind upskilling and solving problems, then you belong here.
Zabierek and Stewart: What do you wish people knew about working in cybersecurity?
Jones: Cybersecurity is the industry for those who are students at heart. What I mean by this is that cybersecurity is continually evolving and will require you to forever be learning. If you are a learner at heart, someone who doesn’t mind upskilling and solving problems, then you belong here.
Zabierek and Stewart: Why is cybersecurity important for women?
Jones: With so many unfilled jobs, and cybercrime being on the rise, it’s safe to say that we’ve got a national security issue and the industry can only become stronger by having more diverse perspectives and experiences. I think that there are pervasive gender biases that have prevented women from going into cyber but I think it’s time we change that. I’d like for little girls to see someone who looks like them doing the work, so that they too can see themselves in this industry.
Now more than ever in our society many households are headed by women and in some cases they are the sole income earners. The cybersecurity industry allows women to pursue meaningful work, maintain work-life balance, and still earn a salary that will allow her to care for her family in the absence of the traditional two-income household.
Zabierek and Stewart: What is your cybersecurity or privacy tip?
Jones: Passwords are like toothbrushes; don’t share them, change them often!
Zabierek and Stewart: What do you wish you knew when you were trying to get into cybersecurity?
Jones: The fact that women are underrepresented in cybersecurity doesn’t go away once you enter the field there is an even deeper layer of community, mentorship and support that women need once they enter the field.
Zabierek and Stewart: Self-care is so important in the security world—what do you do to unwind or relax?
Jones: I’ve learned in order to be successful in this industry, it’s important to care for yourself mentally, physically and emotionally. Dancing helps me in all three areas! I attend Zumba and Dance Jam (cardio) four times a week in addition to weight lifting. I feel that even in the fitness industry, there’s room to embrace people who may not fit the stereotypes, just like in cybersecurity. I even have an alter ego that shows up when the music starts during dance and she also shows up when I’m working on cyber attacks. She’s fierce!
Zabierek and Stewart: What advice would you give a young person reading this with interest in the field? How can they break into it?
Jones: Give whenever possible! Find opportunities to plant seeds of friendship and support with people in the industry and you shall receive! It’s not all technical; make friends and be a lifelong learner.
If I could use a magic wand to get rid of anything in the industry, it would be unconscious gender bias that exists not just in hiring but that is also present once a woman has entered the field. Successful cybersecurity teams and leadership should include people of all personality types, genders and backgrounds.
Zabierek and Stewart: What do you wish people knew about working in cybersecurity?
Jones: Many studies show that although we as cybersecurity professionals understand the importance and impact of having a well supported cybersecurity program, many companies may not see the urgency until it’s too late. Cybersecurity professionals should expect to be able to communicate risk in a way that people outside the industry can really grasp the severity of the issue.
There are times when there are high stakes incidents that happen and the pressure mounts. This is when I rely on my peers in the industry to share ideas, collaborate on strategies and to prevent burnout and I am very intentional about being that person for other cybersecurity pros as well.
Zabierek and Stewart: If you could wave a magic wand to change anything about the cybersecurity industry, the law, or the technology ecosystem, what would you change?
Jones: If I could use a magic wand to get rid of anything in the industry, it would be unconscious gender bias that exists not just in hiring but that is also present once a woman has entered the field. Successful cybersecurity teams and leadership should include people of all personality types, genders, and backgrounds. The bad actors are diverse and ever-changing and I think the defenders should be as well.