Risk and compliance expert Chasserae Coyne, honored as an Advocate in SC Media's 2023 Women in IT Security program, didn't set out to have a career in cybersecurity. But one of her first jobs after college was in client services at a data-processing company in her native Michigan.
"I was a psychology major. My whole IT career was kind of an accident," Coyne tells us. "I just chased positions based on what I really liked doing. Through that, I grew into becoming a cybersecurity analyst."
Psychology and communication
Coyne went on to become an IT manager for the state of Michigan, an information-security manager for the Michigan State University credit union and a technical product manager for RiskOptics. Through it all, she finds her psychology training to be an asset.
"One of the things that I really like about cybersecurity is that yes, it's IT. But it also has this human element that not a lot of the other fields and areas really have," Coyne explains. "You can have all of the tools and the technology that you want and that you need, but there's still this human element that is massively important, which is why security awareness is important."
[Please visit SC Media's 2023 Women in IT Security and read about more women Power Players, Advocates, Cybersecurity Veterans and Women to Watch.]
Because of her experience and training, Coyne has become a vocal advocate for promoting soft skills among technology professionals — skills such as communicating complex concepts to non-technical people in clear and simple ways.
"You can have the right architecture, you can have the right tools, you can have the right skills. But you also need to be able to communicate effectively and educate at all different levels," says Coyne.
"You need to understand what motivates the chief of marketing, what motivates your chief financial officer, what's important to them, so that you can get that buy-in, that ownership for whatever your security initiatives are."
Her clarity of communication also applies to risk management, a concept that's at the core of modern business yet is even more alien than cybersecurity to most people.
"You have to make [risk] easy to understand, and you have to make it relevant," Coyne says. "You have to make sure that you have that common language, that everybody understands what you mean when you say X, and when you say Y, and those definitions are consistent so that everybody knows where you're starting from."
"There's this idea that security is everybody's responsibility," she adds. "Well, risk also is everybody's responsibility. Be able to communicate that in a way that everybody feels that sense of inclusiveness and ownership, that they're all contributing to this larger business strategy."
Fighting the security-bros mentality
Coyne's career has had its obstacles. Like many women in cybersecurity, she has sometimes been the only woman in a room and has encountered sexism both from colleagues and superiors.
"There is still this lingering, for lack of a better term, security-bros mentality in a lot of areas of cybersecurity," she says. "I think a lot of people want to pretend that [the culture is] fixed. It's not. There's still a lot of work to be done in the diversity and inclusion front."
"I was even told by two different male bosses to smile because I was furrowing in concentration," Coyne says. "The problem with this is that it limits opportunities and advancement for women. If you're telling me to smile, or not be direct, versus the feedback you're actually giving to my male colleagues, actionable feedback to help them with their career, you're holding me back from other opportunities and projects that I might be able to put my hat in the ring."
As a manager, she once held another manager accountable for taking no action when a technology partner made a rape joke during a red-team exercise.
"When you're a manager in that situation, you are showing other people who work for your organization who intersect with them what is acceptable for the business and what's acceptable within the industry," Coyne tells us.
"If you say nothing, silence is acceptance," she adds. "Don't be silent. Be that squeaky wheel, because the squeaky wheels are the ones that actually make change within the industry."
How to get more women into cybersecurity
Coyne thinks there are several things the cybersecurity industry can do to attract more women, among them:
Offer more online training. "Where you're the only woman in the room, it is intimidating, especially when you don't know something and you're afraid to ask questions. When you have an online environment, you can feel a little bit more psychological safety in those situations."
Offer more remote positions. "Diverse workforces, people of color, LGBTQ and women actually thrive more in remote environments because they have to deal with less microaggressions."
Make clear that job-application requirements aren't absolute. "Women think they should meet 100% of the requirements, whereas men only think they need to meet 60% in order to apply."
Support advocacy organizations. "I'm a member of WiCyS [Women in CyberSecurity], and I love what they're doing to advance women in the field."
Coyne also stresses the importance of mentoring in cybersecurity, which she says often helps mentees have a faster career trajectory.
"When you're being mentored, it helps you understand and apply the knowledge that you're gaining more effectively," she says. "You start to understand the mentality that you need to have in order to be an effective cybersecurity analyst."
The benefits of mentoring flow back the other way, Coyne adds.
"When you're also mentoring somebody, it can be very rewarding," she relates. "One of my favorite parts about being a manager is watching somebody develop and grow and reach those goals, and it's just the best feeling in the world."
A place in cybersecurity for everybody
Asked what she would tell women considering a career in cybersecurity, Coyne is quick to respond.
"The thing that I would say, not only to women but to everybody, is that cybersecurity is not one thing," she says, explaining that it's not just about hackers, analysts and blue teams, but also incident response, architecting tools and much more.
"You need to have governance," Coyne says. "You need compliance. You need awareness training. You need risk management. These are all part of cybersecurity."
"There is a place for everybody in cybersecurity," she adds. "You just need to find that fire, whatever lights that fire inside of you, and follow that into a position that makes the most sense for you in this industry."
To Coyne, combining that broad-scope view of the industry, along with her communication skills, has led her to become an advocate, not just for women in the field, but for cybersecurity as a whole.
"I used to be a very private type of person," she tells us. "But I realized through my last position that I had all this knowledge that I wanted to share with other people in the cybersecurity industry."
"It's been one of the most rewarding things," Coyne adds, "because I have all of this information that I've obtained through my career. If I can share my viewpoints with somebody, they can benefit from that and they can learn."
