Guardians of Cybersecurity: Insights from Information Security Consultant Imaris Loja
Imaris Loja ’21, who studied computer science at Gordon, now works at MassMutual as an information security consultant. We sat down with her to ask about her job working in cybersecurity and her passion for computer science.
What does your job look like on a day-to-day basis?
I’m on the Cyber Technology and Innovation Team, which means I’m in charge of evolving and maturing our cybersecurity strategy. We’re constantly trying to think of how we can best protect our data, especially our customers’ data, in the face of an ever-evolving industry. I document our current security lineup, coordinate meetings and communicate with cybersecurity startups that could offer us something to strengthen our strategy. We bring them in to demonstrate their product or to see if our ventures organization might have an interest in investing in them.
What’s a common misconception you think people have about information and cybersecurity? How would you debunk it?
Cybersecurity is about helping people and keeping them safe in an untraditional way. We’re not all hackers or coders like in TV and movies. I’m certainly not! Sometimes it’s about helping customers who have faced a security breach and need help recovering their data. But for all the breaches you see in the news, you don’t see the ones that were stopped. All that is thanks to everyone doing their part in cybersecurity. From governance and compliance to technical work, all of it is important. Also, you don’t need to be a computer science student to be in this industry, although the background knowledge helps.
What’s one of the biggest cybersecurity challenges for businesses right now?
We’re seeing a big wave of ransomware attacks on businesses of all kinds, and we need as much protection as we can get. People will throw money at a ton of tools, but sheer volume won’t cover all your assets. You need a complete view of what companies have and a way to see the risks on all fronts and where the gaps are in their cybersecurity portfolio. A lot of startups are now trying to solve this problem for businesses by creating platforms that will give you a holistic view of your company and your technical assets to see where you’re the most protected and where you’re the most vulnerable. This is a growing trend in the cybersecurity startup world called cybersecurity posture management. Once you have this holistic view of everything, you can rationalize what you already have and invest in what you need.
You work with businesses normally, but what is something regular people with mobile phones and personal devices should be aware of concerning information security?
I have two tips. First, never reuse passwords. Take advantage of password managers. It makes it incredibly easy to keep track of everything and ensure you’re not reusing anything. I personally love the Google password manager, but there are many that will work and give you strong password suggestions. Secondly, enable multi-factor authentication everywhere you can. It may seem a little cumbersome, you may add a couple seconds to your process, but it’s worth it in the long run to prevent your accounts being compromised.
How did Gordon prepare you for this role?
My experience with the faculty in the computer science department played a huge part in preparing me for my career, specifically Russ Tuck, professor of computer science. He was at Google for so long, and it gave him the background he needed to create a strong curriculum of work that is relevant to computer science students today. Having faculty with such hands-on experience in the corporate field helped me discern what topics and skills I needed to know about or be aware of to thrive in the cybersecurity industry. When I started this job, there were all these project management terms and tools I had to use that I’d already heard of or had experience with, like Kanban boards or an agile framework. These are things I use at my job all the time.
What strengths do you see in the next generation of women of color in cybersecurity?
It’s so important to have representation in fields like cybersecurity. Each day I’m here, I’m so grateful I can bring my skills and expertise to the table, knowing I have a different perspective from others as a Latina and the first generation of my family to go to college. I try to bring this perspective of community and inclusivity wherever I go. I’m always thinking, how are we as a field affecting other people? How are we making others feel seen or heard? Also, I’m part of a younger generation in a workplace with a lot of older generations who’ve seen cybersecurity from the start. They have the big picture view, but I have the fresh eyes. All of these are strengths that women of color can offer as valuable insights to our peers.