This month we’re thrilled to feature Alexandria Engen, Principal Cloud Security Consultant at ScaleSec. ScaleSec is a consulting company that helps businesses safely use cloud technology, keeping their important digital assets secure while following all the right rules.

At ScaleSec, Alexandria is an expert in DevSecOps, cloud architecture, and information security, working with clients to build secure systems on platforms like Amazon Web Services (AWS) and Google Cloud Platform (GCP). DevSecOps is a way of building software that blends development, security, and operations to ensure everything is safe and runs smoothly from the start.

Alexandria’s career is a perfect mix of technical expertise and a true passion for teaching and mentoring others. She excels at breaking down complicated security topics, making them easier to understand and inspiring others to thrive in tech.

Thank you, Alexandria, for sharing your experience in cloud security consulting!

‍‍

1. Could you please share what drew you to your career in cybersecurity, specifically in cloud security and what steps you took to break into it?

After working in financial compliance for a few years, I started feeling like it wasn’t the right job for me. I wanted to find something exciting that I could enjoy doing for a long time. So, I thought about the parts of my work I liked most and what might keep me happy and curious for many years. That’s when I decided to try something new and signed up for a coding bootcamp—and it was amazing! It made me realize I wanted to work in technology.

I didn’t know right away that I wanted to focus on cloud security, but during a cloud computing class I discovered how cool the cloud is and how much potential it has. I also saw how important security is for making it work safely. My background in compliance helped me see that my skills could be really useful in this field.

To get started, I jumped in and started learning as much as I could. I did a challenge called The Cloud Resume Challenge by Forrest Brazeal, where I built and shared projects to show my skills. I joined the #100DaysOfCloud community, worked on my skills every day, and kept a GitHub page to track my journey. I also earned two important certifications: AWS Solutions Architect and AWS Security Specialty.

I talked to a lot of people who were learning, like me, and shared what I was working on. Making those connections helped me find opportunities, and eventually, I got my first job in cybersecurity with the Global Information Security team at Bank of America.

‍

2. You’ve been intentional in gaining experience across various cybersecurity functions, including specialized training and certifications. What specific skills or certifications do you feel made the biggest difference in advancing your career?

The certifications that have made the biggest difference for me are the ones directly tied to what I was working on at the time. Being able to explain what you learned while earning a certification and how you apply that knowledge is much more valuable than just having the certification on your resume.

Some certifications, like CISSP, have been great for opening doors since they’re often required for certain roles. However, the ones that taught me the most and really advanced my skills were those tailored to the areas I was actively pursuing. I approach certifications strategically -I identify the role I want next and focus on gaining the skills and certifications needed for that specific position, rather than just sticking with what’s relevant to my current role.‍

‍

3. As a consultant with a strong focus on compliance, what are some of the most common challenges you help clients navigate, and how do you approach building compliance into security strategies?

A lot of people think compliance is just something that has to be checked once a year to show auditors that your organization is doing the right things. My team and I get asked to assist because there is an audit review coming up - or better yet, to help prevent panic every time an audit happens!

I believe compliance and security shouldn’t be seen as roadblocks but as tools to help a business grow faster and securely. The best way to do this is by weaving compliance requirements and security controls into everything the business does. Since I work mostly in the cloud, I help set up systems that automatically follow the rules when deploying infrastructure or application code. I also make sure everything is designed to track and monitor the requirements the business has to follow.

But it’s not just about technology - it’s also about people. A big shift needs to happen where teams start thinking about security as part of their everyday work. This change has to come from leadership and requires a lot of open communication to show why this way of working is important and how it benefits everyone.

‍

4. How does working in client services and consulting differ from working with an in-house cybersecurity team? What unique skills or approaches does consulting require?

The biggest difference is how often things change. With consulting, think of it like starting a new job every few months! You have to quickly learn about a new team, a new way of doing things, and what they need your help with. Being adaptable - able to adjust to new situations - and having great people skills are super important in consulting.

Each project is different, so it’s not just about solving problems; it’s about building connections and understanding how to fit in with new groups. These skills also make it easier to share your ideas and help others see why they’re important, which is a big part of making a lasting impact.‍

‍

5. Cybersecurity is a field that’s always evolving. What advice would you give to those starting out or looking to build a purposeful career in this space, especially in cloud security?

Always stay curious and keep learning! You don’t need to know everything, but it’s super important to always try to learn something new. The technology field moves at such an incredible rate of speed that there’s always a fascinating new technology coming out to discover. Find what excites you or what you think could be the ‘next big thing’ and learn as much as you can about it. Even if you change paths later, all the things you learn along the way will help you.

Also, make friends and talk to people in the field. Having others to ask for advice or share ideas with is really helpful—and it’s often how you’ll find new opportunities. Never underestimate the power of sharing your story and telling others about your dreams. You might be surprised at where those conversations can take you!

‍