Joani Green is a senior consultant at F-Secure consulting, a research-led cyber security consultancy. Joani specialises in digital forensics, corporate incident response and incident readiness consulting. She is also an Offensive Security Certified Professional and is skilled in cyber defence and purple team engagements. Her current research area is focused on forensic techniques and incident response in the various cloud technology platforms. She is passionate about inclusion and diversity, and is involved in several initiatives that aim to empower more females and minorities to pursue careers in technology
Tell us a bit about yourself and your background
Originally from South Africa I now live in London and work as a Senior Incident Response Consultant for F-Secure Consulting. When I joined the company in 2014 it wasn’t in a technical role, I came from a Travel & Tourism background. However through a lot of mentorship, studying and hard work I was able to take the leap to a technical role, starting out as an Information Security Consultant and working my way up to where I am today in F-Secure’s UK Incident Response team. I can honestly say that all the hard work has been very much worth it and I truly love what I do.
What is your typical day like?
Working in a consultancy means that my days are quite varied, we deal with different clients all the time from all kinds of industries. My team works with companies who have been affected by cyber security incidents, these incidents involve anything from live attacker situations to historical data breaches or insider threats. Our approach differs depending on the type of incident we’re dealing with. We either do ‘incident response investigations’ where we help our client analyse and understand an active threat, and then develop a containment and eradication plan; Or we do ‘historical investigations’ which involves digital forensics to figure out what happened when their assets were compromised. We then write reports to summarize our findings and to provide them with a remediation plan that can be implemented to avoid the situation from happening in future. My job also involves consulting on how organisations can better prepare to handle incidents, and research to figure out new forensic techniques for ever-evolving technology.
What influenced you to pursue a career in tech?
Ever since I was young I was drawn to computers. My dad brought an old computer home once and I vaguely remember my older brother teaching me how to play “Lemmings” and some other probably not age-appropriate games from a floppy disk (yes, I am that old). I was always trying to figure things out and try new things on the computer. I recall that it overheated often and the solution was to physically remove the tower case to expose the fan. I was unfortunately not one of those kids who tried to learn how to program at a young age, but I was always intrigued by the fact that computers could be used to solve many different problems. Somewhere along the way in my teenage years I got dissuaded from pursuing Computer Science as a career. This was probably as a result of insecurity, lack of guidance and just an inability to articulate what it was that I wanted to do. So I spent 10 very mediocre years doing something I didn’t particularly enjoy, until I did the introspection that was necessary for me to work towards something I was more passionate about. I applied for an operations administrator position at an information security company (the same company I currently work for) and was honest with the interviewer when I said that my long term goal was to ‘do something technical’ and that I wanted to work towards that. I signed up for a part time Bachelor of Science degree in Informatics. After around 2 years at the company I had learnt quite a lot as part of my degree studies, and had gained some great mentors who guided me along the way. At that point I asked the Managing Director if I could apply to the Security Consultant internship while working in my current role and he agreed. In that internship I worked my butt off, spending every possible moment trying to figure things out, suffering from insane imposter syndrome and dizzying anxiety. But I pushed through and it paid off, after the internship they offered me a role as an associate consultant in the security consultancy.
How has your background prepared you for success in the industry?
I’m from a small, conservative town where I never really fit in and it tended to be the norm for women to get a mediocre job, get married and have kids when they left school. That obviously isn’t the case for everyone but at the time it did feel like a clear trend. More than anything, I knew that was not what I wanted and I think that made me very determined from an early age. That determination drives me to work hard until I can solve a problem, which is a really good skill to have in tech. Now after a few years of working in the industry I know that it isn’t always about the qualifications or the experience you have that makes you succeed, its mainly about your determination and approach to solving problems logically. Yes in the beginning it takes longer to solve the problems, but where there is a will there’s a way. The more problems you solve, the easier the whole process becomes.
What has been your most career-defining moment that you are proud of?
There are probably a few of these but one comes to mind. I’m a natural introvert and quite shy at times, and just a short while ago the idea of being on a stage giving a talk to a large group of people would have crippled me with anxiety. But in early 2019 my colleague and I submitted a response to a call for papers for a SANS Institute DFIR Summit Event (SANS is a globally respected organisation in Cyber Security). To our surprise, we got accepted and we got to speak on the stage in Prague to a few hundred people about a research project we put together. It might not seem like a big deal to many, but to me this was quite a turning point, because since then I’ve been able to more confidently speak publicly about the work and the research that I do and it has become easier and easier every time – I’m proud of that.
How does it feel to be a woman in a male-dominated field? What are some of the biggest challenges that women who work or want to work in tech face today?
I’ve been lucky enough to work for an organisation that has never made me feel any differently for being a woman. I’ve been given the same opportunities and I’ve been held to the same high standards, and I have always appreciated that. The biggest challenge is probably that this isn’t necessarily true for the wider industry, and women do have to work a lot harder in order to be taken seriously and to be seen as the respected authority on a subject. I’m also aware that for many women, the prospects of working in offices that are 80-90% male is somewhat intimidating. And for this reason, I think that women don’t naturally pursue jobs in male dominated companies or industries for that matter. As for the cyber security industry, in 2013 women only represented 11% of the global workforce and in 2019 that number was up to 20%. Because of this very unbalanced ratio, for women attending large male-dominated tech conferences for example, it is easy to become intimidated or even uncomfortable. This clear imbalance is perhaps therefore hindering the growth of diversity in the industry. Thankfully there are many organisations working to make the industry a more female-friendly place, but we have a long way to go.
Is there one piece of advice you wish somebody gave you at the beginning of your career?
Find the thing that you want to do that brings you joy, find a mentor, learn and work hard to get there. It will not always feel as daunting as it does in the beginning. And the truth about imposter syndrome is that everyone feels like an imposter at some point, you just have to embrace it and let it motivate you.
Technology is a male-dominated field. What do you think companies can do to encourage more women to both attract and stay in tech careers?
This is a tough problem to solve, I don’t think there is an easy-fix blueprint for the short term. But I do think that organisations can become more aware and intentional when it comes to diversity in their hiring practices. This might involve educating managers on diversity, and mandating more diverse hiring in divisions that are traditionally unbalanced. I think there is also a lot of opportunity for companies to encourage more women to pursue a technical career through mentoring and coaching initiatives. Companies can use initiatives like these to showcase their expertise in a meaningful way when they use them to teach and empower the next generation.
Any resources that you would recommend? eg Podcasts, networking events, books, conferences, websites etc?
- Wagora events are always insightful and are always a great opportunity for networking > https://wagora.io/
- Ladies Hacking Society has a really great community if you’re interested in Cyber Security > https://llhs.com/
- Wosec is an organization for Women in Security and has a lot of great events and meetups > https://wearetechwomen.com/wosec-women-of-security/
This is a great website with excellent resources, run by a young lady who recently entered the DFIR industry. It has loads of resources and also shows how much research and effort it takes to learn an entirely new field: https://dfirdiva.com/
- Darknet Diaries – This is a beginner friendly cyber security themed podcast > https://darknetdiaries.com/
- Risky Business – A cyber security podcast > https://risky.biz/
- Malicious Life – Another good cyber security podcast > https://www.cybereason.com/malicious-life
- How I built this with Guy Raz – An insightful podcast with interviews of people who started successful businesses > https://www.npr.org/podcasts/510313/how-i-built-this?t=1613926045105
I’m afraid I’m not one who can sit down and read non-fiction books about self-help or careers, I’m more of an audio book, escapism kinda gal. But here are some good cyber security books that I use often:
- Incident Response & Computer Forensics by Luttgens, Pepe, Mandia > https://www.amazon.co.uk/Incident-Response-Computer-Forensics-Third-ebook/dp/B00JFG7152
- Operator Handbook by Joshua Picolet > https://www.amazon.co.uk/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5
- The Hacker Playbook 3 by Peter Kim > https://www.amazon.co.uk/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759
Fun fact about you?
The high school I went to was a small private school located on a farm. At that school, I once got attacked by a massive chicken (Yes, seriously). Also, the farm next door bred crocodiles. After a massive storm that led to a flood, some crocodile eggs ended up in the pond at the centre of the school property. A short while later, there were baby crocodiles swimming around in the school pond. They had to evacuate them before they got big enough to chomp off any curious fingers 🙂