In business, the cybersecurity team is often disparagingly referred to as the “Department of No.” But Zarmeena Waseem says she has built up an immunity to that word.
Looking for work in the infosec field? The answer should be, “Yes, you are welcome,” regardless of race, gender or sexual orientation.
And sure, sometimes security professionals have to tell employees, “No, you can’t perform this unsafe action.” But even then, Waseem doesn’t believe in just plain “No.” She believes in: “No, because…”
Simply put, Waseem has spent her career trying to remove the litany of “no’s” that have stood in her way, and others’ as well. In just nine months on the job, Waseem has already had a palpable impact at the National Cyber Security Alliance, where she serves as director of cybersecurity education, helping small and medium-sized businesses learn and develop best practices that reduce human risk.
The key to getting her message across is not just telling people what to do, but also explaining why — a lesson that was passed on to her from her former mentor CISO at George Washington University, where she worked her way up from technical support specialist in June 2013 to security awareness and education program manager in January 2019.
“Every single person, whether they know it or not, is walking around with a million-dollar cell phone and a million-dollar laptop,” due to the data they come in contact with, said Waseem, a passionate privacy advocate. “And if you understand why your information is worth hundreds of thousands or millions of dollars to other people, then you are more apt to protect that data.”
In addition to her corporate outreach, Waseem also introduced a new internal cyber training program into the NCSA, including quarterly security refreshers. And she also spearheaded a public communications campaign that celebrated Black people in STEM to mark Black History Month.
Prior to the NCSA, Waseem was an information security trainer with the New York Times, where she contributed to a variety of diversity initiatives: joining the publisher’s Women in Tech task force, creating a formal proposal for a more equitable and diverse workplace, and educating both the LGBTQ+ and Black Professionals Employee Resource Groups on how to protect their personal data and how to safely conduct themselves on social media.
While any journalist can potentially become a target of hackers and internet trolls, Waseem told SC Media that minority journalists are uniquely susceptible. “If you are Black and you're a woman, the first thing that people are going to… attack is that you're Black and that you're a woman. And so the way that they get harassed online is very different from the ways that other people get harassed online. And as a brown woman, as a Muslim woman who grew up in post-9/11 America, I know what that's like,” said Waseem, who is of South Asian descent and emigrated from Saudi Arabia when she was 6.
At GWU Waseem conducted security awareness training for the school and its students. During her stint there, she joined EDUCAUSE — a nonprofit created to advance higher education through IT — as well as its Higher Education Information Security Council.
According to her nomination, Waseem was set to speak at a 2020 EDUCAUSE conference about her work at GWU, until a new director at the university placed the school’s communications team in charge of the security awareness program. Shortly after this change, Waseem departed GWU, and her funding to speak at the event on behalf of the school was revoked. But that didn’t stop her from getting her message across.
“As a woman who is also a minority and also partially grew up in the developing world you get told ‘no’ a lot,” said Waseem. So this setback was just another “no” that Waseem would have to overcome, she explained.
Which brings us to yet another lesson her mentor once taught her: that despite what some may say, the cybersecurity team is not, actually, the “Department of No.”
“We are supposed to find the avenue to ‘Yes,’” said Waseem. “So instead of hearing all of the nos, I was like, ‘OK, how do I get this to be a ‘Yes?’”
Sure enough, Waseem raised her own funds to present at the conference, as an independent speaker. Because sometimes you have to be an advocate for yourself, too.