Jen Miller-Osborn is a Threat Intelligence Analyst at Palo Alto Networks, a next-generation security company that specializes in cyber breach prevention. She works for the company’s threat intelligence team, Unit 42, researching, analyzing, and providing solutions to cyber threats. An Air Force veteran with close to 20 years of experience in cybersecurity and related fields, she has worked as a Senior Analyst for the National Cyber Investigative Joint Task Force, and a Cyber Security Engineer for MITRE. She is also fluent in Mandarin Chinese.
Ms. Miller-Osborn holds a Master of Science degree in Information Technology with a specialization in Information Assurance from the University of Maryland, and a bachelor’s degree in Business Administration from the University of Maryland. Her professional certifications include the SANS’s GIAC Reverse Engineering Malware (GREM) certification, and the International Information System Security Certification Consortium’s Certified Information Systems Security Professional (CISSP) certification.
[OnlineEducation.com] One common way that people get into cybersecurity is through military service. Was that your entry to the field?
[Ms. Miller-Osborn] I’ve been in cyber security for over 15 years and started while active duty in the Air Force. My degrees all came later; the master’s I completed using my Post-9/11 GI Bill after leaving the service. All of my initial training was on-the-job or in-house classes provided to government and contract employees. Except for the technical certificates. By the time I took college classes in the field I could have been teaching those classes. Which serves to highlight that a college degree hasn’t always been necessary to be good in this field. There is a lot of information and training online. Curiosity, stubbornness, and a desire to learn have gotten many people into this field before it was even considered a real field, and those traits are what will keep you here and successful.
[OnlineEducation.com] What was it that initially drew you to cybersecurity, and what were some of your formative experiences in that regard?
[Ms. Miller-Osborn] I’ve always liked to figure out how things work and go together, whether that involved carpentry, auto mechanics, electricity, sewing, chemistry, biology, foreign languages…I love puzzles, and to me, almost anything can be considered a puzzle. I became a computer geek in high school when I was given my first computer. Someone in the family was forever doing something they shouldn’t and breaking it, which I then had to figure out how to fix. Not all that dissimilar from tech help calls I still get from family; once I was invited to a family beach weekend and upon arriving told the “internet was broken” and asked to fix it. I joke to this day I was “invited” as tech help first and family second.
Joining the military allowed me to indulge both my love of foreign languages and puzzle solving. When I had the opportunity to add another thing I enjoyed, computers, I jumped at the chance. I’ve continued that pattern throughout my career – when given an opening to work an area I haven’t before, I’ve taken it. Having worked within the military, government, law enforcement, and private sector communities doing cybersecurity has been challenging, fun, and afforded a broad view of how important cybersecurity is. Working in cybersecurity, to me, is one continuous puzzle game, and I enjoy the challenge and constant need to learn new things, along with all of the good you can do, protecting people and organizations around the world.
[OnlineEducation.com] When you began your cybersecurity career, was it your impression that cybersecurity, threat analysis, and information assurance were areas in which women were underrepresented?
[Ms. Miller-Osborn] Getting started in the field while active duty military and the continuing to work as a government contractor, I was used to working with more men than women. It was common for me to be the only woman on a team. But I also grew up in a large family with mostly male cousins, had mostly male friends, and a lot of my interests tended to fall outside those typically popular with females. I was a tomboy all the way. So it wasn’t really something I initially noticed as odd when my professional career had the same demographics.
What did highlight it was negative attention I received over the years – male colleagues that would talk down to me, ignore my contributions, force me to go above and beyond to prove I knew what I was doing, if I was ever acknowledged at all. Positions I was told I wasn’t qualified for, but for which I was expected to both train the new hire and step in and do the job whenever needed. Thankfully, for all those negative experiences I also had a lot of male colleagues who treated me just like anyone else, as well and mentors and managers who supported me and wouldn’t tolerate negative treatment based on my sex. They focused on getting the job done, and that I could do.
[OnlineEducation.com] From your perspective, are women underrepresented in the field of cybersecurity? If so, are there particular barriers to entry for women that you can pinpoint? I’m asking this in the context of programs like the NCI’s Women in Cybersecurity program, New America’s Women in Cybersecurity project, and other similar STEM-related programs that encompass cybersecurity.
[Ms. Miller-Osborn] Women are underrepresented in cybersecurity. There’s no denying that. But as the need for cybersecurity professionals continues to grow it simply isn’t feasible to ignore qualified candidates based on gender. In addition, programs such as those you mentioned allow more women to get the necessary skills to both get started and grow in the field, which has been a critical missing component. Those programs also come with built-in support networks, which is another important factor. As more and more women are successful in the field, it both encourages companies to hire them and lessens incorrect arguments against their capability. It’s sad we’re still talking about whether women are capable of any job in this day and age, but I like the positive progress being made.
[OnlineEducation.com] What advice would you give to a person who is considering/preparing for a career in cybersecurity? Are there considerations that are particularly relevant for women in this regard?
[Ms. Miller-Osborn] To have a strong sense of curiosity along with a stubborn need to solve problems and find answers. Sometimes you’ll work on something you can figure out in just a few days, sometimes it can take months. Or years. I usually compare my field to being handed a giant box full of puzzle pieces from hundreds of different games of varying complexity, and you have to figure out both which pieces belong to which puzzle, but then each of the puzzles themselves. You also rarely have all the pieces for any of the puzzles. If that sounds fun, you’ll probably enjoy the field. Plus, cybersecurity is a broad term that covers a lot of specialties, and it can be easy to switch among them, learning as you go, to find a niche you really enjoy. If you get bored with that one, you can always try another. Cybersecurity people are often very collaborative and enjoy sharing their expertise and helping others get involved.
There are increasing numbers of conferences and organizations focused on women and girls in cybersecurity, and those are great resources not only to get started, but also to network at all levels. Networking is also important; all of my favorite jobs I’ve gotten via networking.
[OnlineEducation.com] From what you’ve seen, are there specializations within cybersecurity that may be more accommodating to women for one reason or another?
[Ms. Miller-Osborn] In what are considered to be less technical fields, such as marketing, there seems to be less of a bar than in more technical fields. But you can also argue many of those fields also already had less of a gender discrepancy.
[OnlineEducation.com] There is quite a bit of talk these days about work/life, or work/family balance. Is that a complicating factor for women in the field of cybersecurity?
[Ms. Miller-Osborn] I don’t see why this should be more complicated for women than for men. If anything, the onus is on employers creating and supporting a work environment that fosters this balance. A lot of schedule flexibility is inherent to many cybersecurity jobs, including being able to work from home and flexible office hours and time off. Those types of benefits are important for work/life balance regardless of gender or career field.
[OnlineEducation.com] Is there anything else you’d like to add, or that you feel would be helpful to women who are considering a career in cybersecurity?
[Ms. Miller-Osborn] Go for it! If I can help, please feel free to reach out to me on LinkedIn. I truly love my job and I am always happy to help others get into it. After all, they’re my future co-workers, colleagues, and bosses and I want them to enjoy what they do as much as I do.