Women Reshaping The Cybersecurity Industry
Barbara D.
Content Writer
Copywriter
Blog Writer
Women Reshaping The Cybersecurity Industry: Barbara Donatien Of BARR Advisory On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry
An Interview With David Leichner
Published in
Authority Magazine
May 10, 2023
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Barbara Donatien, attest services manager at BARR Advisory.
After starting her cybersecurity career at a Big Four accounting firm, Barbara Donatien joined the team at security and compliance solutions firm BARR Advisory in June 2021 and quickly rose through the ranks to become attest services manager. In her role as manager, Barbara leads a team of nearly half a dozen security professionals who plan and execute information technology audits, including SOC 1, SOC 2, SOC 3, and ISO 27001 and she plays a key role in client risk assessments and consulting engagements.
An established thought leader in the security space, Barbara’s commentary on topics including data breaches, online safety, and trends in data management has been featured in publications such as Yahoo Finance, Digital Guardian, and Nasdaq.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
I was born to Haitian immigrant parents and grew up on the east side of Pittsburgh. As a second-generation American, I was pulled in a lot of different directions — I learned one culture at home and was taught another in school. It was hard to find my voice living in two different realities.
I went to Catholic schools from preschool through college, where I really learned the importance of speaking up and being my own biggest advocate. During this time, I developed leadership skills without even realizing it. I was captain of my basketball team in grade school and captain of the step team in high school. Looking back, I realize that I was a natural leader with a voice that was respected among my peers.
I went to college at Duquesne University, right in the heart of Pittsburgh, and while I loved going to college in my hometown, I was ready for a change. I wanted to explore the world and see what life would be like outside of the U.S. While in school, I got to live in some amazing places, such as Rome, Italy; Chester, England; and Madrid, Spain, before graduating with a four-year dual degree in accounting and information systems management.
After graduation, I got a full-time job at one of the Big Four accounting firms, which gave me the chance to apply what I learned while going to Catholic school and advocate for myself to have the career I wanted. I got to travel around the country and meet some really amazing people. Toward the end of my stint in public accounting, I decided I wanted to focus on cybersecurity, so I joined the team at BARR Advisory and I’ve been there ever since.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
I have always been an avid reader. I started reading when I was about 5 or 6 years old — and I never stopped. Over the years, I have read books in just about every genre, but when I was younger, books like the “Junie B. Jones” series by Barbara Park really helped me develop my love for reading. My godmother used to take me to Barnes & Noble every Saturday to buy one new book, and those are some of my favorite memories. I remember when I first saw the book on the shelf and noticed the author’s name was Barbara. (This was the real selling point for me at that age.) I quickly fell in love with the youthful writing, quirky storylines, and, of course, the main character. Not only did the author have the same first name as me, but the bold Junie B. Jones displayed many characteristics that helped to shape me into the strong woman I am today. It’s a random pick, I know, but I would be lying if I said that book series didn’t have a significant impact on me and my love for reading.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I started really pursuing a career in cybersecurity in January 2021, right in the middle of the COVID-19 pandemic. I heard and read many stories about cyberattackers seeing the pandemic as an opportunity to exploit vulnerable people and businesses at a time when fear was especially heightened. This piqued my interest, and I started doing research on the different types of attacks. The nature of cyberattacks is always changing, but I learned that during the pandemic, there was an increase in these crimes against businesses. I wanted to know more about what companies could do to protect themselves, and I wanted to work for a firm that could help. When the world had to come to a halt, I had time to pivot my career and focus on security compliance. Now that I’m actively working in the field of cybersecurity, I know first-hand how consulting companies on security best practices helps protect people and adds value to the world we live in.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
1. Artificial intelligence’s big potential. At this point, everyone has heard about AI at work, on the news, or in movies. In cybersecurity, we have to take these new technologies into consideration, especially from a compliance perspective. Whether we like it or not, AI is becoming more relevant every single day; we all use some type of AI, from facial detection or recognition software to social media algorithms. On a larger scale, this technology could have a major impact on resolving the climate crisis and become a huge asset in the medical field. It feels like there are new developments in AI every single day, so I’m excited to look back in a few years to see how much the technology has truly changed our lives.
2. The future of privacy. Another big topic of conversation right now is the importance of data privacy. In my opinion, privacy and security go hand in hand, because it is impossible to keep data private without adequate security measures. It’s great that we’ve become more connected in recent years, but with more data comes more risk. In this day and age, information is often seen as a commodity and even serves as a serious competitive advantage for most companies. But while it may be beneficial for a business’s bottom line, at the end of the day, the users pay the true price. In response, we are seeing more conversations about the commitments that should be made by companies with regard to user privacy, as well as an increase in data privacy regulations and new data security technologies. It will be exciting to see how artificial intelligence and the Internet of Things (IOT) will also play a role in the future of privacy.
3. It’s an always-changing industry. I love a challenge, and one thing I appreciate about the cybersecurity industry is that it’s an ever-changing field. You are constantly forced to grow and evolve because the work you are doing now will not be the same as the work you’re doing a decade from now. Most of the things we do and use today didn’t even exist 10 years ago. The security industry keeps you on your toes and forces continuous learning by requiring you to solve new problems in innovative ways. In the years to come, there will be new technologies and trends in cybersecurity that we can’t even imagine today. I’m excited to see the evolution of the field and look back on how the work I’ve done has made a difference in the world we live in.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
1. Artificial intelligence’s big potential. Although I am excited to see all the good that AI can do, I also recognize the potential dangers of the technology. Not all risks are as big as sentient AI, like we see in the media. There are concerns floating around about how AI will be integrated with cybersecurity and consumer privacy. One thing that can be done to help calm these concerns is to ensure regulations are put in place so there are no blurred lines. Also, ensure your company educates and trains its employees on the latest developments in cybersecurity and AI and how the two intersect.
2. Cybercrime. Cyberattacks have become more common in recent years. As the cybersecurity field continues to evolve at a fast pace, so does the knowledge and abilities of cybercriminals. Most people don’t understand how easy it is to be a victim of phishing, identity theft, or hacking. Cybercriminals don’t look like the stereotypical image of a dark figure in a hoodie that we all think of. Instead, it can be anyone with the motive, tools, and means to conduct an attack. There are even tutorials that are readily available, meaning the complex and sophisticated attacks that we hear about in the media no longer paint the full picture of what cybercrime looks like today. Anyone can be vulnerable to these attacks, so it’s important to erase the illusion that cybercrime is unlikely to occur on an individual basis and educate people on the importance of sound cybersecurity practices at work and at home.
3. Blurred lines in cybersecurity. Although companies are investing a lot of money into cybersecurity, poor cybersecurity practices still run rampant. To truly be secure, you have to do more than just talk about the importance of cybersecurity; you also have to make sure accountability is in place. At the organizational level, the CISO and the security teams should be independent from IT operations to provide adequate oversight and avoid conflicts of interest.
Can you share how you are helping to reshape the cybersecurity industry?
Currently, I am focused on professional development and sharing my knowledge and experiences with peers and up-and-coming cybersecurity professionals both within my own team and beyond. Through research, training, and continuous education, I’m able to keep up with new developments in the industry and make thoughtful contributions to the broader conversation. They say knowledge is power, but the real power is in sharing what you’ve learned — and in the cybersecurity field, that’s even more important.
As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?
Manufacturers should prepare by maintaining a strong security posture and frequently testing their control environment. This can be done by completing annual external audits, penetration tests, and vulnerability scans, and by implementing an internal audit function. These steps will ensure security and compliance remain a priority in your business so that as products, devices, and vehicles become more connected, you can recognize and mitigate new risks. In addition, customers should frequently review the results of these audit reports to confirm the manufacturer has the adequate controls and other safeguards in place with regard to services used to initiate, process, report, and manage data.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
While I can’t share any specifics, my work as a security auditor supports organizations in preventing breaches by helping them identify gaps in their security programs and recognize new and existing threats.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
We all browse the internet, interacting with countless different websites on a daily basis. But the web is packed with scams that can lead to your device being hacked. While browsing, there are three signs I always check for that indicate something is amiss. First, I make sure there is a lock symbol right by the URL. This shows the website is using hypertext transfer protocol (HTTPS), which encrypts your communications to help prevent criminals from stealing sensitive information like passwords. Second, I look to see if there is a privacy policy linked. Most reputable sites will have this displayed prominently. Last, if I see signs of malware, I quickly leave the site. This could include malicious redirects, onsite spam, and search engine warnings.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Once a company becomes aware of a data or security breach, the security team should move quickly to identify the source, lock down the system that caused the breach and prevent any further data loss, and document the incident. Looking back on this documentation can help the security team identify additional vulnerabilities and learn from their mistakes. But it’s not enough to take steps after a breach has occurred; you must also have plans in place to guide your team’s response prior to an incident.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
The biggest mistake I’ve seen is not preparing ahead of time. A comprehensive security program should always include a Business Continuity/Disaster Recovery (BCDR) plan. These plans should be tested annually so that the individuals responsible for each element of the plan understand which business-critical functions should be prioritized, what critical resources are needed, and how to minimize downtime to keep the business running after an incident.
Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?
1. Stay in the know. The field we work in changes constantly, so developing your own skills is extremely important. You have to remain aware of the climate we are living in and find ways to take what you learn to make your job and your company better. For example, AI tools like ChatGPT can be a huge help with automating a lot of mundane tasks. If used correctly and responsibly, tools like these can help you stay ahead of the curve and become very successful in the work you do.
2. Technical skills. Every job can be learned, but you can’t get comfortable with the work you are doing if you want to be successful. There’s always a better, easier, or quicker way to do things and it’s up to you to find out what that is. Having the appropriate technical skills will set you apart from the competition.
3. Soft and transferable skills. We all have skills that we have developed throughout the years that are transferable. Transferable skills show that you are a great candidate for a role regardless of a lack of previous experience in that specific field. These skills don’t have to be from previous work experience and can be gained from volunteer work, hobbies, school, and other activities. Additionally, don’t dismiss your soft skills such as creativity, time management, and leadership. The best way to know which skills to include on your resume is to review job descriptions, because employers often explicitly state what is needed to be successful in the role.
4. Networking. We live in a connected world, so don’t be afraid to leverage that for your career. Social media platforms like LinkedIn are a great starting point, but you can also join information technology communities or attend virtual or in-person IT conferences. Remember, sometimes it’s not about what you know, but who you know. The right person can help you get in the right seat at the right company, so build and use your network to your advantage to maximize your growth.
5. Continuing education. Having a college degree is one thing, but having a certification is a great way to show employers that you are ready and willing to put the work in outside of business hours to continue to learn about the latest developments in cybersecurity. Not only will this set you apart from other job candidates, but it will also help you gain new knowledge and insights that will allow you to bring a fresh perspective to your current company. Learning shouldn’t stop once you graduate college, so keep adding on to your knowledge.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)
I would have a private brunch with Beyoncé, because she seems so fun and I love her music. I also just love brunch food.
