44. Deana Shick (she/her) – CERT Coordination Center (CERT/CC) at the Carnegie Mellon University Software Engineering Institute

Posted on
Reading Time: 4 minutes

“Sometimes you have to try out a bunch of things in your career before you settle into what you love.”

Tell us a little bit about what a typical day looks like for you.

My mornings are really the only consistency I have between days. I wake up and have coffee with my husband and two dogs, then head off to work. It’s my morning ritual, and frankly, I need more rituals :).

The CERT/CC is a unique place to work because I can reach across industry and government to solve tough problems for our partners. I started off my career doing network analysis and threat intelligence – I still dabble in these two things when I can! The directorate I work under is titled “Threat Analysis,” which is where my passion in infosec lies. We do malware and vulnerability analysis, and I work within the latter. We help researchers coordinate vulnerability information with security vendors, so you never know what’s going to come through the front door. I occasionally work with our malware folks especially if one of our partners has a process they need to build, or have a question that that spans across the directorate.

While I don’t have a hand in the day-to-day coordination or analysis much anymore, I mostly provide the translation between the technical bits (no pun intended) and our partners who oftentimes want the “so what?” from our analysis. This means my days can vary from problem to problem and sometimes can be filled with fires to put out.

How do you stay passionate in your career?

I have always been passionate about threats. I loved mystery and spy books, tv shows, and movies when I was a kid, so this fit right in for me. The “ah-ha, eureka!” moments our partners have from our work is what keeps me going.

Did you have a traditional path into tech (i.e.: CS/IT degree transitioned into tech job)?

My path was equal parts traditional and not traditional. I was raised by my mom who is a software engineer. When I was a kid, my mom was running a software development company, so I was constantly surrounded by tech. I terrorized her engineers, broke many floppy disks and CDs, and played around as much as I could (sorry!). Also, I would figure out different ways to “hack” my friends via AIM/AOL Instant Messenger. I think these two things really shaped what I eventually decided to do.

I did my undergrad in international relations concentrating in national security and political science. I thought I wanted to go into law after I got my bachelor’s, but quickly realized that wasn’t for me. I enrolled in the Heinz College at Carnegie Mellon where I got my master’s in information security policy and management. I was also working as an international trade specialist (just in case infosec fell through for some reason), but then I took on a role as a graduate research assistant at the CERT/CC. I got hired full time after graduation.

It’s common knowledge that women and femmes often face obstacles in the tech industry based on their gender. Have you ever had to deal with this type of experience and if so how did you handle it?

Yes, absolutely. I’ve been in situations where people thought I wasn’t technical at all based on my looks. I still have meetings where I am the only woman in the room. The way I handle it is to remember that my ideas are worthy of discussion, and I try to tackle any misunderstandings when I can. We all have value to bring to the table, so I try and show everyone respect.

What’s your favorite thing about being a part of the #womenintech community?

I have met amazing women in the field. Some of my best girlfriends are also in infosec, too! I love seeing more women coming together to lift one another up instead of putting each other down. The latter still happens sometimes (even perpetuated by women), but overall we are building a community capable of tackling the hard problems in infosec. I love walking into meetings where I see other women doing great work and sharing their ideas and solutions. It’s a great place to be, but we still have a lot of work to do!

If applicable, how have you given back to the WIT community?

I try to give back as much as I can. Along with my day job at the CERT/CC, I am an adjunct faculty member at Duquesne University (and sometimes at the Heinz College). I encourage all of my students to go into infosec, but I specifically try to support my female students. Most of the time they are coming from a non-tech background, so I try to show them that they do have a place in the field. I have also bought and given away tickets to BSides Pittsburgh and Las Vegas to women who needed them.

What is a piece of advice you would give to others wanting to or currently pursuing a career in tech?

Find something you like even a little bit and go for it. You can learn so many things online especially in infosec! Don’t be discouraged either. There are a ton of good people in the field and it’s a matter of finding them and creating your own community.

Favorite quote if you have one?

“You don’t know what you like until you know what you don’t like.”

Seriously, sometimes you have to try out a bunch of things in your career before you settle into what you love.



Interested in advertising here by sponsoring us?

💌Wanna stay in touch? (We’ll only bug you monthly with useful resources, exciting updates, jobs, and events!)💌