RH-ISAC: What is your background in cybersecurity? Where did you get your training and education?
Christy: My background is not originally in cybersecurity. I have only been working in cybersecurity for a little over a year. My background is actually in business. After earning my MBA, I began working at Hannaford, another company in the Ahold Delhaize USA network of companies. I held various corporate roles within Hannaford, including managing the operations side of the retail scheduling system, being a business process engineer, and being a forecast analyst for deli and bakery items.
I have always been interested in technology, however, and my favorite part of several of my roles was doing UAT testing of the systems and trying to find issues. When I decided to take the leap into cybersecurity, I earned certifications from the SANS Institute through their Women’s Immersion Academy, a scholarship-based program designed to help women launch careers in cybersecurity. There was no cost for me to take the courses and certification exams, and it was key to building my skills and transitioning into a new position on the cyber defense team at Ahold Delhaize.
RH-ISAC: What made you decide to get into cybersecurity?
Christy: I had hit a point in my previous role where I was not learning much, and the job was becoming very similar day in and day out. For example, every Thursday, I did one particular task of forecasting, week in and week out. I was looking for more of a challenge and more variation in the work that I was doing. I decided that I needed a career change, and while I was trying to figure out what I wanted to be “when I grew up,” my husband suggested I may be good at cybersecurity. My husband works in cybersecurity as a penetration tester, and his work was (and is) very interesting. He would tell me stories about the type of projects he was working on and vague details on how he got into secure areas using stickers he bought at a store. I mean, when you hear someone needs to buy a grappling hook for a physical and cyber penetration testing engagement they’re doing, it piques some interest in the cybersecurity field! I ultimately decided that changing careers and going into cybersecurity would allow me to learn about something that I was interested in and offered so many opportunities to grow.
RH-ISAC: What is your current role? What do you do day-to-day?
Christy: My current role is as one of many members of the cyber defense team for Ahold Delhaize. The team consists of several “mini-teams” specializing in different areas. I formally belong to the penetration testing and vulnerability management team; however, I am also expanding my skills by filling in in the threat intelligence area of my team. I do a briefing on threat intelligence daily, and then my time is spent coordinating penetration tests, keeping an eye out for vulnerabilities that could affect the organization, and using skills from my previous positions to work on process improvements and automation for the areas I have influence over. No two days have been the same yet, so it’s an adventure every day.
RH-ISAC: What do you enjoy most about working in the cybersecurity field?
Christy: I enjoy how every day is different in the cybersecurity field and how it can also change quickly, which is much different from my previous roles. I am a list maker, and my to-do list at the beginning of the day currently can look totally different from the list at the end of the day. There is always something new to learn, and I love to learn. Every day there are new threats, new threat actors, new tools, new techniques. Things are always changing, and I like the challenge of trying to be one step ahead of the malicious actors. I also enjoy the level of camaraderie that is in the cybersecurity field. It feels, from what I have been exposed to, that nearly everyone in cybersecurity is willing to teach, spend time, etc. Some of my other corporate roles were a bit more competitive, and sometimes people would hoard their knowledge and were more reluctant to spend time teaching others.
RH-ISAC: Sharing and collaboration are key to what we do. Can you share a story of how you were helped or when you helped another?
Christy: I have been helped so much already, and I’m still new to the field. When I was first starting to look into making a career change into cybersecurity, one of my husband’s friends, who has his own penetration testing company, let me “ride along,” as an intern of sorts, on a penetration test he was doing. He let me write the report, which he reviewed (and even paid me to do), in order to get some experience and see what penetration testing was like. My team has helped me immensely as well. I put together a “new kid on the team dictionary” and was sitting in meetings just trying to keep up with all the terms and acronyms. Whenever something came up, I was always the person that was like “what does that stand for?” or other simple questions. The team always answered my questions, no matter how basic they were. They are always willing to help me, show me things, or observe as I do things for the first time to help build my knowledge.
As for helping others, I have had folks reach out to me asking about my career change into cybersecurity. I have talked to other women who are looking to make transitions into the field but are unsure that they will be able to make the leap. I am always happy to share what I have learned and share any resources that helped me with whoever asks, and I have been able to answer some questions for new members of my team as they have joined.
RH-ISAC: What do you think is the greatest benefit that the RH-ISAC community brings to your company?
Christy: I think the greatest benefit that the RH-ISAC community brings to my company is that it connects me with other experts doing the same thing, some of whom are looking for the same information I am. Asking a simple question in the RH-ISAC Slack channels or searching for keywords has saved me hours of work and has pointed me in the right direction a number of times. It is really great to have allies at other companies against cybersecurity threats. Additionally, seeing what others are experiencing and reporting has also allowed me to quickly provide answers to my leaders on attacks or other topics that are trending in the industry.
RH-ISAC: What do you enjoy outside of work?
Christy: Outside of work, I enjoy having fun with my kids, like dance parties in our living room. Lately, we have enjoyed traveling to a handful of amusement parks to tackle the biggest, fastest, and scariest roller coasters. I also like watching Marvel superhero movies because we do it as a family and all my kids enjoy them. I also like to crochet and garden, although I do not get to do it often because, with four kids, there is not a lot of down time.
You can learn more about Christy in our Member Spotlight podcast episode!