Women on Equifax’s Security Team Make an Impact, Share Advice for Others
According to the 2022 ISC report, women only account for an estimated 25% of the global cybersecurity workforce. Equifax seeks to combat this underrepresentation through our Women Amplifying Voices at Equifax Security (WAVES) resource group dedicated to creating a diverse talent pipeline and a culture where women excel. Women in Equifax Global Security are bringing their talent and creativity to this ever evolving field, paving the way for others as they go.
Karina Raveloson is the Vice President of the Application Security team. Her team provides Site Reliability Engineering (SRE) support for Equifax's Security tools, performs Static/Dynamic/Composition Code analysis and Penetration Testing for eligible applications. Lauren Wagner is the acting General Manager of Global Breach Services. Wagner’s team helps companies, government agencies, and other organizations comply with regulatory requirements for notifying the people whose personal identifiable information (PII) was impacted in a cyber incident, and also provides credit monitoring and identity theft protection services. Saisiresha (Sai) Kunapareddy is a Cybersecurity Vulnerability Assessment Analyst on the Vulnerability Management Team. Kunapareddy analyzes vulnerability risks, evaluates remediation of risks, and completes revalidation of the risk once it has been remediated, confirming there is no longer a risk associated with it.
They shared their stories about how they got into security, advice for others and resources that have helped them in their career.
What sparked your interest in security or how did you stumble on this career?
Raveloson: As an engineer and engineering manager at Equifax, I was looking for a deeper understanding of security controls, vulnerability priorities and the impacts of our choices. At Equifax, we believe that security is everyone's responsibility, and the industry agrees with us, putting engineers at the wheel of developing secure solutions. Now I contribute to enabling secure solutions to be created as far left of the design and producing the code as possible.
Wagner: I love this question because like the majority of people in security today, I stumbled into it! I joined a consulting project to develop the security and privacy teams’ executive reporting for Equifax. At that time, I had experience with executive reporting but was new to security. In preparing those reports, I learned about the huge security talent shortage — which creates a fantastic opportunity for career acceleration. Within the year, I joined Equifax’s security team.
Kunapareddy: I would say it all started with a virus in my system during my bachelor's studies, and I started learning about different malware and how I can ensure my data is secure and not lost. I started my career as a systems engineer, where I had a chance to learn about the weaknesses of the networking environment. I started with a project identifying the credentials saved in the SQL database server without logging in. From then on, I started to explore, kept learning, and am still learning new aspects in security everyday.
If you had a daughter, sister, niece or cousin who wanted to walk in your footsteps, what advice would you give her?
Raveloson: My advice to someone would be to not struggle with ambiguity and complexity, approach the problem with an open mind, and not be intimidated by jargon or technical details. Often, when you strip away the fancy words and break down the problem into its core elements, you will find that it is not so different from other problems you have tackled before. And don't forget to have fun.
Wagner: "When you're given an opportunity, say 'yes' and figure it out." It's my favorite advice to give because it's the best advice I've received, and it came from the cousin whose footsteps I followed through grad school and into the consulting job that ultimately led me to security.
Thanks to saying “yes,” I've been fortunate to do a bunch of things that sound cool and impressive now that they’re over the finish line. But every one of those things also required a lot of “figuring it out” — getting in the weeds, getting scrappy, and ultimately doing what needs to be done.
Kunapareddy: First and foremost, I would say if they want to love their work, the right step to take is getting into cybersecurity. I would tell them to start with projects during their bachelors and masters studies that involve networking, data protection or mobile security which helps them understand risk assessment and being secure. I would also say that security folks are smart, they never look back in their career, and of course, are paid well.
Can you recommend a few security resources that you’ve found helpful in your career?
Raveloson: I like SecurityWeek as a way to stay informed on current security industry topics. The SANS Institute is not only great for taking courses and certifications, but their site also provides a wealth of resources, including research papers, webcasts, and podcasts on security topics. For those who like books, Hacking Exposed is a classic book on the latest hacking techniques and countermeasures that includes real-world examples and case studies that illustrate the impact of cyberattacks on organizations. It also provides practical guidance for implementing security measures to protect against these attacks.
Wagner: For breaking news, I like CyberScoop and Bleeping Computer. For more analysis, I read The Washington Post’s Cybersecurity 202 and Politico’s Weekly Cybersecurity Newsletter (Weekly is free. Daily is a paid subscription.)
Kunapareddy: I would suggest starting with the official CEH (Certified Ethical Hacker) document, which will give an overview of different areas in security. On the networking side, labs can really give a hands-on experience like Hack the Box, PG by OffSec and Vulnhub machines. For web app security, the OWASP standard can be a good starting point. Portswigger labs are very helpful as well.
For more information on how inclusion and diversity play a large role in the Equifax culture, click here.