A woman with dark hair wearing a white blouse smiles at the camera in a bright room.
Katherine Cancelado. Image: PwC

‘Not everything in cybersecurity is hacking’

13 Apr 2022

PwC’s Katherine Cancelado talks about the biggest challenges on her cybersecurity career path, from a language barrier to a lack of diversity.

Click here to view the full Infosec Week series.

Katherine Cancelado’s interest in cybersecurity was sparked when she was about 12 years old and she started learning RedHat and Debian Linux. This led her to a variety of tech communities where she learned more and shared her knowledge, and started engaging with cybersecurity without even realising it.

Future Human

“I learned so much about how to create secure and optimal configurations for different systems and applications, and this was what caused me to move towards cybersecurity as a way to make things better and not to simply make things work,” she told SiliconRepublic.com.

“I soon moved from Linux for desktops and got a little obsessed with servers and services, when I noticed I had actually been doing defensive security and was earning money doing so!”

Her passion for properly configured systems soon brought her to discovering vulnerabilities, which in turn led her to become a penetration tester and then a cybersecurity consultant. She now works as a cybersecurity manager at PwC Ireland.

‘Being curious is what keeps cybersecurity as the shiny object in my life’
– KATHERINE CANCELADO

What brought you to your current job?

A good previous working relationship with someone who I share a similar work ethic and passion for cybersecurity. We all have a colleague who became friend or people we always want to work with!

What brought me to my current job was one of those relationships, because even though I wasn’t looking for a job, I also knew it was worth taking the call. Time has proven that it was totally worth it and I haven’t looked back. Shout out to Neil Redmond for that.

Click here to check out the top sci-tech employers hiring right now.

What were the biggest challenges you encountered on your career path in cybersecurity?

I’m originally from Colombia and my native language is Spanish. My country is surrounded by Spanish-speaking nations and the need for learning English tends to be limited to passing a subject at school or university.

While studying towards my bachelor’s degree in computer science and engineering, I had the opportunity to participate in very technical and interesting projects, which somehow always took me to papers and books for which a translation wasn’t always available. My reading and writing English skills soon were forced to improve.

Reaching the end of my time in university, I was approached by an American company with offices in Colombia’s capital, Bogotá. After a couple of calls with the team and a lot of things to think about, I joined the company and moved out of my hometown.

Working for this company required me to communicate with native English-speaking engineers in the US. This meant that after a couple of months of daily panicking when speaking English, I became used to the language and soon started to exchange books in English with my colleagues. It also meant I had to re-read some books that were better in their native English tongue!

In university the number of women in engineering-related degrees was always low, but some of my male colleagues ended up becoming friends so I didn’t feel strongly that I was part of a minority.

However, after starting my first job and having to talk to so many male colleagues and attending tech and cyber-related conferences, it soon became obvious that the number of women was very low.

In many cases, being part of the minority also means that you might not relate to the common experiences of the majority. In my case, it meant I had to ignore or not pay attention to uncomfortable female-related jokes. I’m very happy to be able to say that for me this is a story of the past, and I’m also more confident to say when the ‘joke’ seems a bit out of place.

Was there any one person who was particularly influential as your career developed?

As cheesy as it might sound, my first role model is my mother, who taught me maths and to speak up in a respectful but direct manner.

Female writers and female characters in books who allowed my imagination to build role models when there weren’t enough in the media.

Katherine Johnson, who was not only a brilliant mathematician but also a lovely human being and reminded girls and women that we are capable of doing anything we want.

Rachel Riley, who breaks stereotypes of maths lovers and geniuses looking like…well, you know the stereotype I’m talking about.

Georgia Weidman, entrepreneur, penetration tester, security researcher, speaker, trainer and author who, from the very first moment, noticed there weren’t enough women in the cybersecurity field and decided to become a role model herself.

What do you enjoy most about your job?

No two days are the same! It’s not a cliché. One day I could be running to respond to a cyber incident and the next one I might simply be at home learning and preparing to support the delivery of a cyber project on a topic or type of entity I’ve never worked on before.

In addition to the above, working with people from so many backgrounds (data protection, compliance and regulation) also means there are always new points of view to learn from. There is always something new happening somewhere and that keeps things exciting.

What aspects of your personality do you feel make you suited to cybersecurity?

I’m a very curious person, I like to know how things work and how to get them to work differently – the definition of hacking. This has taken me to literally take apart appliances at home, buy and read books on topics I don’t even like and continue studying and learning.

Being curious is what keeps cybersecurity as the ‘shiny’ object in my life, as I always find different ways to look at it and have fun.

I like solving problems by finding and implementing creative solutions. Those who know me also know I kind of hate doing the same thing over and over again, so it is no surprise to find me trying to automate what could take me two minutes a week.

What can people expect from career progression in the cybersecurity industry?

We are all familiar with the phrase “your career is your responsibility”. However, careers in cybersecurity are definitely the living example of this. So, it’s important that you know the many options you have because if there is something new you want to try, you will always have people, projects and challenges to take you on a new journey.

My background in cybersecurity has somehow focused on what’s known as offensive security (hacking) and security architecture. I like looking at zeros and ones. However, after having fun with so many technical projects I learned to enjoy non-technical projects as well.

I’m currently working as a manager in PwC’s cybersecurity, privacy and forensics team. They are incredibly supportive and respectful with my way of working and try where possible to give me projects in the areas I’m most interested in and not just the ones I’m most experienced on.

What advice would you give to those considering a career in cybersecurity?

Ignore the stereotypes. Not everything in cybersecurity is hacking and you don’t need to know how to write code. Cybersecurity is a massive industry that touches pretty much all aspect of our lives.

Be curious and read the news so you know what’s happening in the world, as there is a high chance cybersecurity will be somehow involved.

Ask questions, ask more questions and never stop asking questions! As technology and our ways of living change, so does cybersecurity.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Loading now, one moment please! Loading