In light of International Women’s Day, SND-ME’s International Editor, Emma Procter, sat down with Sivan Nir, Threat Intelligence Team Leader at Skybox Research Lab, to discuss the darkest reaches of the cyber world and the role of women in the security industry
How did you get started in the security industry and how have you progressed?
I majored in Biotechnology Engineering at university and started out as a process engineer before I realised it wasn’t for me. The analytical skills I acquired in my studies helped me to become a business intelligence and analysis team leader. I later went on and completed my Masters in Business Administration and took a position as a product manager. Later, I got the opportunity to join Skybox Security and lead the cyber threat research team.
What does your role as Threat Intelligence Team Leader involve?
I lead a team of seven security analysts who daily scour dozens of public and private security data feeds and sources, including investigations using the dark web in order to create threat intelligence. I find it very fulfilling to brainstorm with my team on ways to improve, and to keep up-to-date on security news. The ever-changing threat landscape keeps my career interesting. No two days look alike.
As we near the end of the first quarter of 2019, are there any new trends you’re seeing in the industry already?
In 2018, ‘crypto-jacking’ became the cyber criminal’s tool of choice, due to its potential to generate profit for the attacker over a longer period, stealing computational power from the victim’s system without their knowledge. This trend remains in Q1 of 2019, with new campaigns distributing new and known crypto-jacking malware.
Additionally, OT networks are still a prize target for threat actors. At the end of 2018 we saw the return of the Shamoon malware targeting several hundred Saipem computers across Saudi Arabia, the UAE, Kuwait, India, and Scotland. In January 2019, the OmniRAT malware was distributed by a spreadsheet named Kuwait Oil Company, likely targeting companies connected to the real KOC who are heavily dependent on OT networks functioning normally.
The cyber security sector still has a dearth of females in meaningful roles and at entry level. Why is this, and what can be done?
Oftentimes the cyber security field is viewed as masculine and this can sometimes deter women from trying to enter the field. Throughout my career I’ve noticed that women usually have to push a little harder for opportunities and recognition. But this shouldn’t discourage women from applying for any managerial or technical positions, especially not those associated with cyber security.
Additionally, since the cyber security field is so new and dynamic it thrives on diversity, not only gender wise but also background wise. My own team comes from all walks of life, which is one of the main reasons why we’re so successful at researching and understanding the context of cyber threats. A conceptual change is needed; it’s not only men with a computer science degree or equivalent that can thrive in this field.
Moreover, I think young women need to be encouraged to make more tech-oriented education choices when they’re still at school. Working in technological fields should be seen as exciting with a bright future — and not intimidating. Internship programmes for young women are also a way to help encourage more women to enter the field.
Do you encounter sexism in the industry (or in business)? If so, what’s your strategy?
I’ve been very fortunate and have not encountered sexism in the places I have worked. But the phenomenon is far from being extinct. I’ve heard many stories from close friends who have encountered such incidents of sexism in places of business. This is a pity as it causes some extremely talented women to pass on the opportunity to climb up the management ladder.
What words of advice would you give to an ambitious female entering the security industry in a management or tech role?
You need to have passion and a thirst for learning. You should have a strong sense of curiosity along with a stubborn need to solve problems and find answers. Find a way to familiarise yourself with the technical skills you’ll need in order to succeed in this industry. Do not let the complexity and the knowledge gaps to discourage and overwhelm you. You should be able to fill in the technical gaps as you go. I also recommend making time for networking with other industry professionals.
What are your thoughts on the Middle East security market?
The Middle East is an important focus area for Skybox Security in 2019 and beyond. A lot of businesses in the Middle East are growing in maturity, and so are their cyber security needs. As their networks continue to expand and fragment, they need a platform solution which helps them centrally manage security, visualise their hybrid network — across physical IT, OT and cloud environments – and that delivers the contextual insight that they need to control risk. The Skybox Security Suite is that solution.
What is Skybox Research Lab up to in 2019?
We are continually evolving our product offering to help enterprises and government agencies simplify cyber risk management and establish a single source of truth for hybrid environments. We’re continuing to add to our already robust list of 130+ networking and security product integrations, providing more capabilities for cloud security management, improving user experience and more.
We’ll be taking part in the IDC Security Roadshow events in the Middle East, and will be in Kuwait on 18 March, Qatar on 20 March, and KSA on 15 April.
Words you live by?
If you’re the smartest person in the room, you’re in the wrong room.
Your worst habit / best trait?
The best is that I work well with others and am driven to succeed, I also think outside the box. The worst is I’m a perfectionist, so I tend to also be very demanding of others. But I am learning that everyone has their own unique strengths.
Famous women you admire and why?
Katherine Johnson. Many of the space missions carried out would not have been possible without her work. She made her way against all odds, at a time where women – especially black women – were faced with challenge after challenge and limitation after limitation. She managed to overcome all that hardship and, exceeding all expectations, significantly contribute to astrophysics as we know it.