Meet Maria Paredes, IT Security Expert and a Latina Role Model

Maria Paredes, an Information Security professional in the areas of business continuity, systems security, systems administration and technical support, and a recent graduate of Norwich University's prestigious Master of Science in Information Assurance (MSIA) program and a Business Systems Consultant at a leading financial institution. She lives in the Des Moines area with her husband, their baby boy and Niko, their feisty Doberman puppy.

What motivated you to pursue a career in IT security? There were two defining moments and it is important to mention both. One was how I started learning about computers, way back in early 90’s my cousin Alberto gave me my first computer, a Compaq 386 PC. I was fascinated to learn how it worked and from that moment on, I began taking it apart and putting it back together every time I could.

Then, I moved on to Southern Illinois University-Carbondale, as an Information Systems major, and took a Network Security elective using the book titled CounterHack. It fascinated me and opened a new world of possibilities. It was then that I decided to pursue other electives that would provide me with the foundation to specialize in Information Security. Right after I graduated, I began looking at graduate schools to further my education in the field. Exactly five years after graduating from SIUC I completed the MSIA program at Norwich University.

What excites you most about that field? The Information Security field is continuously evolving and there are many areas I am excited about. One, is the way most companies are now noticing that Information Security is no longer an IT overhead cost, but rather a type of insurance that it must have to conduct business, stay ahead of the competition and lead by example with their individual Information Security programs. Though the industry is making headway in this area, we must continue to instill awareness at every level so that the importance of this business core function is understood and embraced.

Another area I am excited about is how data loss disclosure laws are holding parties accountable for some of the problems the industry faces. Take a recent example: the Heartland Payment Systems breach, in which hackers compromised a yet unknown number of credit cards. Heartland is the fifth largest credit card processor and while the investigation is still in process, with such laws in place, I am sure that many individuals will be held accountable, both within the company as well as those responsible for the crime. By the way, Iowa does not have a data loss disclosure law on the books as of yet.

In my opinion, this breach- as well as many others that have made the headlines, are preventable. Unfortunately, it takes such an event for an organization to realize the importance of Information Security and by then it can be too late. Such disasters can have a dismal effect on companies even to the point of taking them out of business.

How did you balance a family, career and a Masters program? It was tough! There are some regrets, like missing out on important events in the lives of close friends, but looking at the whole picture, it was well worth it.  I am sure they understood and now that I've graduated, it’s my time to give back to them for sticking by me. Career wise, I had a lot of support from managers as well as my mentor who saw that I did not lose focus and encouraged me all the way.

Most importantly, I had full support from my husband. For the past two years, he dealt with my familiar saying “Honey, I am writing a paper”...he understood my goal and did everything around the house so I could concentrate on my school work. He’d prepare meals, help with the majority of household chores and still had time to spend with our baby! From time to time, if I lost focus or was simply too tired to go on, he’d talk to me and encourage me not to give up. His favorite saying was, “You are almost there, keep going.” I am deeply indebted to him for all of his support.

Where do you see the future of IT security headed? This area is of special interest to me as I delve even further into the field. I foresee the Information Security agenda evolving into more than the complex technical functions. With the current financial climate, the Information Security role will be a matter of risk and balance when protecting an organization’s assets, while embracing compliance and regulation as a way of doing business. Lastly, I foresee the role of the Information Security executive as one with extensive business knowledge coupled with risk management essentials and a complete technical understanding of the company’s bottom line.

Who inspires you and why? My mother. She is a woman of strength who in spite of all of the challenges she has faced, she has overcome them and emerged a wiser person. She has set a great example for her children in regards to working hard and pursuing dreams.

What are your career goals now that you completed your Masters? I am preparing for the CISSP certification. This certification is a must for all Information Security professionals. The cream of the crop if you will. While the CISSP is not required to land a job in the field, it gives you an advantage over those who do not have it. Some employers see it as a sign that you have mastered one or more of the ten domains in Information Security. While I do that, the next level of my career is somewhat uncertain as my current employer is going through a merger right now. Soon, I will be changing teams and responsibilities, but at least I am in an organization with a lot of potential for my career. It’ll be a ladder climb, but I welcome the challenge. Other than that, I am always open to new possibilities. I want to grow and contribute as much as I can to the field.

Tell me about your paper that is being published. What is it about? What makes it unique? The paper I wrote is titled From Cube World to Boardroom-Transitioning from a technical role into a management position. The paper explores the many facets and dilemmas many Information Security professionals face when transitioning from a technical role into management. While the paper is targeted to an Information Security audience, I believe it applies to many fields, especially those with management potential. The main focus throughout the paper is what to do next when you are extremely good at what you do. It discusses how and why the management path may not be for everyone. A career in management may mean additional money and status, but it can also signify less time with your family. There are many questions to explore when going into this phase of your career because many Information Security professionals excel at what they do from a technical standpoint but may not necessarily desire to pursue the management path. In my opinion, the field needs both the “techies” as well as the managers to lead them.

The paper won the “Best Paper Award” in the Management category and I had the honor of presenting it at the Residency conference while in Northfield VT for my graduation ceremony. The paper is currently undergoing editing, but I hope it lands a spot in an industry journal as well as a notable online trade publication.

How do you thrive in a mostly male, non-minority field? I try not to think about being a female in this field. Mostly, I find myself working twice as hard to prove that it doesn’t matter whether you are female or male in this field. What really matters is brains, experience and excellent communications skills. I often think that even a tiny mistake caused by someone who is not qualified, can have a negative impact on an organization's bottom line and reputation. Another way I leave such a minor fact behind is by staying ahead of the game and continuing my education. Learning all there is to know in my field, networking, being involved in the community. I am currently the VP for the local Des Moines Information Systems Security Association (ISSA) chapter. With so many things on my plate, I seldom have time to dwell on the fact that I am one of the few women in my field. If anything, I believe it is to my advantage in some ways because we as women have excellent traits to bring to the table. I try to always use my experience to encourage other women in the field.

What is your advice to other Latinas in this field? If you are interested in this field, help contribute to it by attracting and retaining other women in Information Security careers. In anything you do, instill Information Security awareness. It is very important for everyone to be aware of how Information Security impacts you whether you are a business owner or a computer user surfing and shopping on the Internet. Be a mentor if you can, there are many opportunities both face-to-face and virtual. Finally, regardless of what you see or hear along the way, remember, it is what you do as an individual that will make or break an Information Security program.