The 3 Transferable Skills that Helped Raytheon Technologies’ Sierra Weaver Pivot From Communications to Cybersecurity
As a Cybersecurity DOD Collateral Alt. Information Systems Security Manager (ISSM), it’s easy for Sierra to lose track of time at work because she loves learning, and her field is constantly refreshing itself with new tools, technology, and processes to stay up-to-date on.
Sierra Weaver’s boss at Raytheon Technologies keeps a good eye on the entire team to ensure no one is overworking themselves.
“He’ll jokingly say, ‘I’ve seen you online at this hour!’ and consistently reminds me of work-life balance,” she says. “He’s very supportive—we honestly have an amazing team.”
But ask her five years ago whether she thought she’d be in cybersecurity, and you would have gotten a resounding “no.”
Sierra planned to work in broadcast journalism, but after being exposed to cybersecurity while working in a contract position at a different aerospace company, she realized she wanted to transition into that industry.
“When I started, I didn’t have all of the technical skills, but that was something I learned along the way. Anyone from any background or career, so long as you are determined, open to learning, a great problem solver, and have some core transferable skills can be successful in a Cyber career,” she says.
We sat down with Sierra to learn more about what exactly those skills were, how she uses them on a daily basis, and what the future of cybersecurity looks like from her perspective.
Core Skill: Determination
Sierra studied communication and Pan-African studies at Cal State while working full-time—and she credits a lot of her success in cybersecurity to her ability to work hard.
Even her first experience with the industry required determination. As a contractor, she was involved with different departments and processes, from purchasing to contracting to licensing.
“With all of the hats I wore, I was doing quite a bit, but cybersecurity is what interested me the most,” she says. After getting hired at Raytheon, Sierra applied her work ethic to deepening her expertise in the field through certifications, including the Security Plus certification.
“As long as you are willing and open to the training process, I feel like anyone can make the pivot, just by being determined,” she says.
Core Skill: Communication
Though she loves her job, Sierra is a lot more than just her work. For one thing, she’s one of 15 siblings. Growing up in LA with that many family members, Sierra learned how to communicate with different kinds of people with various backgrounds, needs, and styles of interaction.
“With cyber, you’re communicating and collaborating with many stakeholders most of your all day,” she says, citing everyone from the IT department to program managers, and our customers.
Sierra calls her Raytheon coworkers her work family, and says that at the end of the day, “we all get along so well, communicate effectively with one another, and ultimately they help make work so much more worthwhile.”
“We spend so much time at our jobs. You always want to be in an environment you feel comfortable in, one you can flourish in. I’m lucky in the sense that the folks I work with are extremely supportive. I can leverage their knowledge. I can lean on them if I need anything. And I’m just so appreciative of that. That’s what keeps me at Raytheon Technologies,” she says.
Core Skill: Problem-Solving
Sierra’s team ensures that Raytheon’s clients, particularly those with classified contracts, have their systems set up in a way that ensures no classified information is compromised. They work with the Defensive Counterintelligence Security Agency to keep things up to snuff, which includes maintaining the systems for the life of the technology.
It requires a nimble approach to problem-solving—and a hands-on one, too.
Even though she’s now a manager of a team of six, Sierra still does some of that work herself.
“I want my team to know that anything that I ask them to do, I’m willing to do,” she says, referencing site visits and tough systems. “I want to give my team the tools to be able to fish on their own, and to feel comfortable and confident, but I also want to be just hands-on enough for them to know that if they need my support, I’m there and available to help them.”
Building the Next Wave of Women in Cybersecurity
When Sierra looks around her industry, she doesn’t see many people who look like her.
“I would love to see more women within cybersecurity. And I am absolutely doing my best and doing my part to encourage women, and women of color as well, to join cybersecurity,” she says. “For us to continue to be successful, we need diversity on all fronts.”
Part of Sierra doing her best is sharing her story, like she’s done with us here. Another part of it is offering herself up as a resource for women looking to break into the field.
“I hear from folks that they look at job requisites for cybersecurity, or research all of what the field entails, and get intimidated and discouraged because they feel like they have to have all these certifications or several years of experience just to get their foot in the door at a company like Raytheon Technologies. But honestly, we truly need individuals who are passionate about cybersecurity and willing to learn; you don’t need to be a technical expert to get started,” Sierra says.
Do you know how terrorist attacks are stopped?
Military intervention is certainly one way, but Jen Hicks prefers another.
"I really, really believe that the key to preventing terrorist attacks is by cutting off their finances," explains Jen, a senior cybercrime investigator at cryptocurrency compliance and investigation firm Chainalysis.
Growing up in a military family and serving in the Navy herself, Jen has lost friends to war and considers it her life's work to help develop a more humane way of stopping attacks and stemming the growing wave of cybercrime. "I like to think that at least in my small corner, it's making a difference," she says. "That if we're able to stop things from happening without violence, then that's all the better."
We sat down with the veteran, blockchain expert, and steampunk enthusiast to unpack her role at Chainalysis, her personal interest in investigating and stopping crime, and why it's so vital that women continue to join and lead the rapidly growing fields of cybercrime and cryptocurrency.
Falling in love with financial intelligence
Jen was born in Okinawa, Japan to an Okinawan mom and Black American dad and raised between Okinawa Island and Miyako Island. Following in her dad's footsteps and joining the military wasn't her original plan.
"As a high-achieving military brat, doing ROTC and becoming an army officer felt like something I was expected to do," she explains. "But I never took a moment to do any self reflection."
When she did, around age 18, Jen realized she had political reservations about the U.S.'s involvement in the Middle East and decided against enlisting in ROTC. That was an early example of Jen breaking out from other people's expectations for her and building her own path, but it wouldn't be the last.
When she did go into the military a couple of years later, it was because she realized she couldn't afford college and didn't want her parents to go into significant debt to help her pay for it. Inspired by her Marine father, she decided to pursue a more cerebral position and became a linguist, studying Mandarin at the Defense Language Institute.
After working for a few years as a hybrid translator/cyber analyst, looking at sensitive data and combing it for intel, Jen wanted to stay in the Navy and work as an instructor, but didn't get those orders.
She decided to leave the military and look for a civilian job. Not everyone agreed with her decision, but Jen was sure of it. "I knew I'd figure it out on my own. I said, 'I know what I don't want to do, and it's this,'" she remembers.
After being recruited by Booz Allen Hamilton and working as a critical infrastructure analyst, Jen became a threat finance analyst at Leidos, where she got to combine her long-standing loves of cryptocurrency and intelligence.
"I fell in love with it," says Jen. "I saw how financial intelligence is crucial to national security—money laundering, trafficking, terrorist financing, all of that. I thought those were fascinating. So I soaked everything up like a sponge."
Jen had been following cryptocurrency as a hobby ever since she read Satoshi Nakamoto's Bitcoin whitepaper when it was published shortly after Jen graduated from high school. "I can't say that I understood every single thing at the time, but from then on, I was hooked on this idea of peer-to-peer digital currency that was, like, very cyber punkish," she says. She kept her early interest to herself because "it was such an obscure, nerdy topic," she says. But once she realized that she could work in a security capacity, investigating the dark side of cryptocurrency, from the darknet to hacks and scams and more, Jen decided to lean into her interests.
"I made it my life's mission to map how terrorists and violent extremist organizations were using cryptocurrency around the world," she says. But that mission wasn't a business priority for the company where she worked at the time, so Jen started looking for a company where it would be.
That's how she found Chainalysis.
A colleague of hers suggested she apply to the blockchain investigation firm, but Jen wasn't sure she qualified. "I had such a high opinion of them, like 'Oh my god, they're all super smart, they probably talk in Bitcoin addresses,'" she says. "But as it turns out, they really wanted me on board, so I was hired and now I get to indulge in my 19-year-old fantasies of exploring illicit activity as a job."
Jen splits her time doing investigations tied to business priorities—from looking into exchanges targeted by malicious cyber actors to investigating how someone could avoid compliance regulations and launder cryptocurrency to identifying who's phished millions out of people's accounts—and doing the work she considers her "moral responsibility."
That second set of projects includes looking into things like child sexual abuse and terrorist financing. "The spectrum is vast, and it's super, super exciting. In between these cases, I have the freedom to pursue the research that I've been wanting to for the past couple of years now," says Jen. "It's really gratifying."
Some of those leads come from her team's research; others come from law enforcement. Her team has relationships with different agencies, from local to federal. "We provide them with data to track people down and make arrests," explains Jen.
Other leads come from individuals in the community who find people like Jen via LinkedIn or Chainalysis's contact form and ask for help. "People will come and say, 'I was scammed out of thousands of dollars,'" says Jen. "It's almost always part of a larger phishing campaign. So we take that, ingest it into our database, and absorb that information into our research to see if we can find where the money went."
It's that open-ended puzzle-solving that Jen loves so much about her job.
"It's the ultimate puzzle to be solved every time you're given one of these cases," says Jen. They'll start with an address and an initial transaction and will follow transitions in and out of different cryptocurrencies, building a graph of transactions and understanding of what is happening.
Jen has two goals for her work: first, to make cryptocurrency more accessible and safer, and second, to help educate people on how it works to empower them to participate in crypto.
Now is the time to get involved
Financial crimes are here to stay, says Jen, even for people who aren't in traditional finance.
"Let's say you're a social worker or a mental health counselor or provider of some sort, right. And you have an elderly patient who just happens to mention that they've struck up a long-distance friendship online. You're going to have to know what the red flags are for possible scam attempts," says Jen.
And cybercrimes often exploit social vulnerabilities, not just technical ones. Look at the 2016 election, says Jen: "They're able to exploit deep fissures that we've always had here and do some considerable damage." On a smaller scale, criminals are sending phishing emails that look like crowdfunding campaigns which people are less likely to look closely at in their rush to help. "It's a new flavor of social engineering that malicious actors are latching onto," says Jen.
With cybercrime already impacting so many aspects of our lives and soon to impact more—"targeting IOT devices, medical technologies, self-driving cars, NFTs"—it's a prime time to shift into the field, and Jen believes that there's no one 'right' way to make that pivot. You don't have to come from traditional IT or finance backgrounds to make an impact in this space, and if you come from an underrepresented background, that's especially true.
"It's easy to build up that psychological barrier of entry to the crypto community when you see that these huge online communities might be filled with trolls saying derogatory things that are either racist or sexist, or that conversations surrounding cryptocurrencies are being dominated by certain personalities on Twitter, or there are men around you who try to confidently tell you the most contradictory things about investing in crypto. To me, all of that is just noise and you have to block it out," says Jen.
"What I want women who are interested in this stuff to do is just be hands-on with the technology itself," says Jen, who suggests starting by creating a private wallet, understanding how privacy coins work, and learning about centralized versus decentralized systems.
If you're a woman interested in the field, reach out to others! Jen is happy to talk to anyone interested, she says. "People in the field are way, way too happy to talk to you for hours about how it works or how they got there," she says. "Chainalysis is doing a fantastic job of hiring women as investigators, and our director is a woman, and it's really cool seeing the empowerment there and knowing that we're considered the best of the best. But we always want more! So feel free to reach out."
Sara Garvey has always been inquisitive and reserved—so much so that her father once left an application form for MI5, the UK's domestic counterintelligence and security agency, on her desk as a joke.
"I called his bluff and got through three rounds of interviews before calling it off, as I couldn't see myself living in London!" shares Sara, who hails from Armagh in Northern Ireland and currently works in Belfast as a Security Researcher at Contrast Security, a leading provider of enterprise application security offerings.
Sara studied computing at university and did her thesis on intrusion detection systems. She loved the work and realized she'd found her passion. "Beyond the technical side, I love that security allows a creative, analytical side—having a hunch about something, and tugging at the thread to see where it leads," she says.
We sat down with Sara to talk about how she broke into the security industry, what her day-to-day looks like working with a distributed team at Contrast, and the career advice she has for other introverts for whom "just ask for what you want" isn't particularly useful.
Progressing despite gatekeeping
"One of the reasons tech, and more specifically, cybersecurity, is so difficult to get into is the initial hurdle you have to get your foot through the door with obtaining all the necessary certifications," explains Sara, who notes that such certifications are both timely and expensive. "Straight away, that eliminates a subset of people."
Sara went a different route. She got her first job in tech as a software engineer, where she learned development practices, how to code in different automation frameworks, and how to collaborate well. She continued to build her security-specific knowledge with online courses and Capture the Flag events (CTFs), which are cybersecurity competitions where teams collaborate together to solve complex security and coding problems.
She was feeling frustrated in her role and was browsing job postings when she saw a listing for a Security Researcher at Contrast. "It had everything I was looking for," she says. "The job spec was really, really appealing to me. I thought I was more than capable of doing it, there was no bias in the language, and it seemed like a really good opportunity."
Sara applied, and despite not having a long list of certifications, got the job. "Thankfully, Contrast took a chance on me and took me at face value with my practical experience," she says. A year and a half at Contrast has "solidified my reasoning that this is the career path I should be on," says Sara, and her team agrees; Contrast's Vice President of Engineering, who nominated her for this profile, called her "an exceptional security researcher" and highlighted that her involvement in Contrast's CTF team has been "instrumental in making us better."
She's seeing more companies follow Contrast's lead and reduce their emphasis on formal certifications, favoring practical experience instead, and she thinks that will be key for leveling the playing field for talent of all backgrounds. "Cybersecurity is notoriously understaffed, yet so hard to get into," she says. "A lot of people don't have the means or time to obtain those [certificates]. Not everyone wants to study for four years, or can."
For other women struggling with tech's (and cybersecurity's) gatekeeping, Sara offers some practical advice: "Have side projects on GitHub, continue online learning, write blogs, and be active in CTFs and Bug Bounties to make your CV stand out and to obtain practical experience to talk about in an interview."
Finding success on a distributed team
Sara was one of Contrast's first hires in their Belfast office, and she worked there with several coworkers until the coronavirus pandemic sent everyone home. "I don't mind working from home, actually," she says, smiling. "I always want to control the aircon."
Even when she was heading into an office, Sara was collaborating with teammates across time zones, as Contrast's team is distributed around the world. They make it work, says Sara, because the culture is built on flexibility and trust.
"The culture is more casual. I can't think of anyone, right up to the top level, that I couldn't approach here," she says. "One thing that I really love is that there's a lot of trust. My current manager is in Iowa, so I've met him twice weekly, but there's a lot of trust and independence in my work. There's no micromanaging at all." (There is some occasional teasing when Sara can't remember the names of American football teams—"especially around Superbowl time, which I don't get," she jokes—but that's not so bad.)
Introversion at work
One of the main reasons Sara likes Contrast's culture so much is that it allows her to be herself.
"A lot of career advice is just for one type of person, like 'opportunities will pass you by if you aren't loud about it,' but it's not one-size-fits-all," says Sara. "I think one of the most important things is to have a manager and teammates on your side who understand your personality type."
She's found that at Contrast. "I got pretty lucky with my manager, and the entire team, actually," she says. "My manager likes to sometimes force me out of my comfort zone for demos and speaking opportunities, which is good; he doesn't take it too far."
Having a supportive team is half the battle—but here's the other advice Sara would share with fellow introverts:
- Think of the long term. "Promotion or salary discussions have never been easy for me. But I have learned that if you don't state your intentions and fight for yourself, who else will? I approach it as a few minutes of uncomfortableness for long-term gain."
- Go into negotiating conversations with data. "Research your market value, present goals you've achieved. It can make an uncomfortable conversation much shorter and takes the emotional element out of it," says Sara. "There's no reason an introvert should be left out or not compensated enough just because that's their personality type."
- Set up a goal-based performance review system. Sara likes how Contrast does performance reviews, where she and her manager both rate her work against a set of previously-determined goals in regular one-on-ones. "There's really no awkward conversations or debate that way; compensation is earned from that track record."
- Take advantage of virtual meetings. "You can jump in a bit quicker, and it's easier to make your point," says Sara, who also recommends communicating with the meeting host prior to big meetings to make sure you'll have a chance to speak. Better yet, see if your company will consider assigning moderators for large virtual meetings, as Contrast does, to make sure people don't talk over each other and that everyone has a chance to be heard.
If you're interested in working with Sara or learning more about how Contrast Security's culture encourages employees to be themselves, check out their PowerToFly profile here.
She’s Paving the Way for Women in Cybersecurity: How She Went from First-Generation College Student to IT Leader
A Conversation with Freddie Mac's Stephanie Johnson
When Stephanie Johnson, currently an Information Security Manager at Freddie Mac, was just starting her career as an IT professional, she found herself sitting in her car one night after work asking herself, "Why am I not being heard? Should I adjust my tone? Posture? What I'm saying?"
She wanted to make an impact and knew she could do better.
So she challenged herself to rethink her meeting approach. No longer would she sit back and wait for someone else to speak first. She decided she'd enter her next meeting as a confident subject matter expert.
And it worked.
"I put on a black suit and heels, and I came into the meeting and sat at the front of the table so I could see everyone. I sat up straight, I kept the meeting on track, and I was respectful of others but I took control. From that moment forward, I was always heard," says Stephanie.
Designing her path
Stephanie had to create her own approach and career path for her entire life. Growing up in a small midwestern town with a single mother who didn't have a large income, college didn't seem like a realistic goal for many in Stephanie's family. But she believed that education was the key to changing her life, so she found a way to make college work.
"I knew there was a better way to live. And I knew I was going to be the first
person to change the picture for my family. I wanted others to follow in my footsteps," says Stephanie.
Stephanie started off at a two-year college, where she graduated with an associate's degree in computer science. (She picked that major after doing research into the most lucrative and fastest-growing fields of study—talk about prescience.) That helped her land a job as a data analyst with the City of Pine Bluff finance department; the money she earned there allowed her to go back to college at the University of Arkansas at Pine Bluff and complete her bachelor's.
"There were times I wanted to give up because it was hard. I carried pictures of my family,
and every time I looked at those photos, I knew I had to stay the course. I told myself, 'If you
don't do this, nobody will.' My mom was the oldest of 12 and none of her siblings went to
college. My older siblings didn't go. Now, about 70% of people in my family have…graduate[d] college," says Stephanie proudly.
While still in college, Stephanie started an internship at the Pentagon as a UNIX system administrator. "That was the role that got my hands under the hood," she remembers. Her strong work ethic and ability to provide top-notch customer service through technical issue resolution led to her receiving a full-time job offer at the Pentagon. She stayed for several years and completed her degree before leaving government work because she felt her career path was becoming stagnant, she says. She wanted to grow and learn new things.
Before landing at Freddie Mac, Stephanie held IT positions in several different sectors, including government, telecommunications, consulting, and finance. After 9/11, she was inspired to transition from pure IT into information security and cybersecurity, and data privacy.
All of her career choices were motivated by one thing: challenging herself to keep learning and growing, and by so doing, creating a path for other women (and especially women of color) to do the same.
Paving the way for women
"When I first started in my career, there was a common belief that women should be submissive," remembers Stephanie. Luckily, that stereotype has changed, but women still aren't anywhere near parity in representation or pay in the cybersecurity industry or the tech industry at large.
"I feel I have a responsibility to pave the way for minority women in IT. If I could wave a
magic wand and create the perfect job, I would be a beacon for recruiting at colleges to bring
more women into this space. There's work to be done. I am an advocate and an avenue for that work. I want to change the trajectory," says Stephanie.
Her contributions to solving that problem include mentoring women. Through lunches, phone calls, and long advice sessions, Stephanie passes on her tried-and-true pieces of advice: "I tell them they need to learn to own their craft and their brand. If they don't do that, they won't be heard. They can be assertive without being aggressive."
By mentoring younger women on her team and those from her past positions, Stephanie has been able to pay homage to two mentors of hers who made differences in her IT career: Ed and Brian, two of her past bosses who offered Stephanie a helping hand from the get-go.
Though she's had success in cybersecurity and proven that women can take on important technical and leadership roles in the field, she'll never say it was easy. "Just by being a woman, you don't always get opportunities to move up. People can see strong women as intimidating. You become a threat. There's still a lot of room for change in this space – and I'm at the front of it," says Stephanie.
Finding her fit
After years of impressive experience across IT and cybersecurity roles, Stephanie accepted a job in cyber risk management at Freddie Mac because it fulfilled her desire to keep learning and growing professionally while providing her a meaningful mission, a strong organizational commitment to diversity and inclusion, and truly open channels between upper management and employees.
"At Freddie Mac, I get to go to work and know everything I'm doing is helping make home possible for someone in the U.S. Our work matters. That is what excites me," explains Stephanie.
Our What Women Want report found that the majority of women (72%) are dissatisfied with the level of diversity and sense of inclusion and belonging in their company. That's not the case for Stephanie, who accepted the role at Freddie Mac because of their strong corporate commitment to diversity and inclusion: "I was really impressed with the company's Inclusion & Diversity (I&D) program. Once I got here, I realized the program is always getting better and better. They're always working on making this place more inclusive and I'm so proud to be part of an organization so focused on inclusion."
Freddie Mac's I&D initiatives include investing in women leaders. Stephanie is a member of the Rising Leaders employee resource group and has been nominated by her company for several leadership training programs, which have contributed to her upward mobility at work and increased confidence in her management and leadership skills.
Those leadership skills have resulted in Stephanie leading a change in Freddie Mac's cyber risk assessment program. She developed a risk-based, customized approach incorporating customer input that resulted in increased efficiency while also decreasing the backlog of tasks. "I expected there to be more resistance to change, but leadership has been really on board for changes. That's one of my favorite parts of working here," explains Stephanie.
That openness is extended on an individual basis, too—one of Stephanie's favorite moments at Freddie Mac was when she connected with Jacqui Welch, Chief Human Resources Officer and Chief Diversity Officer, outside of work, and was encouraged by Jacqui to follow up and have a one-on-one meeting. Jacqui's team made the meeting happen and Stephanie was surprised by how Jacqui truly wanted to understand Stephanie's perspective and ideas for the company.
Overall, Stephanie has found the role and company that's right for her—one that values her ideas, supports her identities, and believes in investing in women in tech.
If a role like that sounds right for you, too, check out Freddie Mac's open positions or leave a question for Stephanie in the comments!