Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability and where relevant, supplemented with additional commentary by their nominator.
In 2024, the awards were sponsored by BT, Think Cybersecurity Ltd. and Plexal, with Eskenzi PR, Assured and Women in Cybersecurity UK & Ireland Affiliate as partners.
What does your job role entail?
Currently, I am a Senior Staff Security Engineer at Google. As the tech lead for cryptography in our Trusted Infrastructure Services group at Google Cloud, I work on things like identifying strategic security choices we can make to improve systems at scale, proposing new engineering designs for new or existing products, designing or optimizing secure implementations of cryptography on planet-scale distributed systems, driving technical consensus on critical engineering decisions, mentoring the tech leads of specific subfields, or serving as the technical expert on security and cryptography within my team, so that the other amazing engineers that I work with can seek out my advice to help strengthen their own work. I also get to do things like advise customer CISOs on how to defend against advanced adversaries, work on global technology standards, and lead large, cross-organizational projects like the GCP migration to post-quantum cryptography. I like that as a relatively senior engineer, I get to influence the technical direction of broad areas of Google, but that my work can still have considerable technical depth. I managed large teams for several years before joining Google which was very fulfilling, but stepping into a purely technical individual contributor role has been an exciting change of pace where I can deeply focus on technical excellence and interesting problems.
How did you get into the cybersecurity industry?
I originally wanted to study neuroscience and piano performance. During my first-year Intro to Computer Science class, I was introduced to computational complexity theory by one of my professors. I was so captivated by the profound questions in theoretical computer science that it changed my entire career trajectory. I ended up receiving a bachelor’s degree in artificial intelligence, followed by a master’s degree in engineering. After that I pursued a PhD in mathematics/computer science (unfinished), where I focussed on quantum computing and cryptography, bringing me right back to those deep questions about what is efficiently computable, applying this now to how this differs in a quantum setting, and how it affects the privacy and security of information. While attending my first major industry conference, I met the CISO of a large bank and we had an amazing conversation about the unique technical challenges in cryptography and security in the financial sector. He created an interesting role for me an I made the leap to full-time private sector work in cybersecurity and have never looked back.
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
I think that one of the biggest challenges women face in this industry is sometimes not being as respected or taken as seriously as our male peers, and not being truly seen for who we are and what we have achieved. Internally, overcoming it means remembering that if when I meet someone new, they initially assume that I am nontechnical or junior in my field, it generally isn’t a reflection of my abilities – rather, it is a reflection of their biases, or the fact that they simply haven’t gotten to know me yet. Externally, overcoming it involves establishing credibility early and choosing to only invest my time and energy in meritocratic spaces where my contributions are valued and I have the opportunity to use my skills to do something truly amazing. After all, we are all here on Earth for just a brief flicker of time… why waste it?
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
I am the quiet champion who advocates for people in the rooms that they aren’t in, eagerly gives credit where due, enjoys bringing along junior folks to be a part of interesting opportunities they’d otherwise not have access to, broadens hiring decisions to seriously consider non-traditional, underrepresented, or otherwise underestimated candidates, and pays careful attention to those who might be getting overlooked or may otherwise need support. I have also mentored dozens of high-potential researchers and engineers over the last several years, many of whom are women or are otherwise underrepresented and have gone on to make incredible contributions to our industry. As a leader, I strive to build organizations where mutual respect is table stakes, beginners are welcome to contribute and learn, diverse backgrounds and ideas are well understood to be an asset, and growth, intellectual risk-taking, and excellence are regularly celebrated, while rockstar-ism and toxic elitism are not. I also like doing things like hosting technical workshops to help underrepresented people begin to do security research, participating in outreach events to people of all ages and skill levels, and volunteering my time to work with scholarship students, and with non-profit groups doing privacy/security in the public interest. Ultimately, it’s about building a culture of respect for one another so that everyone can thrive and do their best work, and about giving people the opportunities and encouragement they need. One of the most powerful things we can do is believe in others when they can’t quite yet believe in themselves.
What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?
Choose to get excited about what you don’t know, rather than letting it intimidate you. Read books, technical advisories, research papers, codebases, and blog posts about topics you don’t understand but find interesting. Write down what you need to learn more about, and keep digging until you understand it. You can take this at your own pace. It’s totally okay to sit at Black Hat and not fully understand what the researcher is saying – after all, it’s their area of expertise, not yours! Just try to learn something from every experience, and over time this knowledge will grow and you’ll start to see how the pieces all fit together. Computer science and information security have profound philosophical questions, fascinating real-world attacks and defenses, and critical societal implications. Let passion and curiosity be your guide. This field is massive and there is a space for you in it. That and: ignore the gatekeepers.
The post #MIWIC2024: Jennifer Fernick, Senior Staff Security Engineer, Encryption Lead, Google first appeared on IT Security Guru.
The post #MIWIC2024: Jennifer Fernick, Senior Staff Security Engineer, Encryption Lead, Google appeared first on IT Security Guru.