Meet Racquel Butler and learn about her journey in cybersecurity, how rotational programs can benefit those just starting out in their career, and some things to consider when seeking a new role in cybersecurity.
Happy Cybersecurity Awareness Month! This month, we are thrilled to spotlight a rising cybersecurity star - Racquel Butler! Racquel recently shifted between two major financial services institutions, moving from a role in offensive security to a position in infrastructure security governance. She has a wealth of experience to share from her career so far. In particular, she has seen how mentorship, volunteering, and networking has created opportunities for her professional development and she pays it forward to those coming into the field.
Thank you, Racquel, for sharing your career experiences and tips with us! We can’t wait to see the amazing accomplishments that are ahead for you!
1. You have been in cybersecurity since the start of your career five years ago. What drew you to cybersecurity?
As a kid, I loved watching spy cartoon shows and movies and playing with cool electronic gadgets. I knew at a young age I wanted to be a hacker (a person who uses computers to gain unauthorized access to data) - I did not understand what that meant, but it sounded cool! Over time, I determined which career path to commit to in college and learned how ethics plays a central role in lawfully hacking. I was drawn to cybersecurity because I enjoyed learning about computers and developing my coding skills.
While at university, I was in programs to elevate my resume and kickstart networking with employers. I attended conferences such as Grace Hopper Celebration and SXSW, networked with startups in Silicon Valley, and engaged with industry professionals. The further I immersed myself in the technology community, I learned how important cybersecurity was to all aspects of a business.
2. After graduating college, you had a unique opportunity to participate in a cybersecurity rotational program. Can you describe what a rotational program is, how you got into the program, and what your experience was like?
A rotational program offers individuals the opportunity to cycle through various positions over a period of time. After graduating college, I participated in a two-year cybersecurity rotation program, where I worked in Client Cyber Engagement and Cloud Security Governance.
My rotational program was designed to develop and harness high quality, female talent. Key features of the program included: business deep-dives, accelerated on-the-job training, executive connections, formal training and certifications, and career planning for growth within the organization. The program helped sky-rocket my cybersecurity career. And, to this day, the inspiring women I have met are part of my community.
3. After a few years of working in various roles, you served as an offensive security professional. What is “offensive security” and what was a day in your work life like?
Offensive security - also referred to as “penetration testing” or “ethical hacking” is where you try to “hack” into your own organization’s systems to find vulnerabilities and help strengthen the security of its systems.
In my role as an Offensive Security professional, my workday consisted of:
With offensive security you will always learn new things – continuous training is key. To regularly upskill, I used resources like PortSwigger Academy, Hack the Box, and PentesterLab, as well as live hacking sessions on YouTube and INE eLearnSecurity. There are also relevant certifications such as eJPT (Junior Penetration Tester) by INE Security, OffSec Certified Professional (OSCP), CompTIA PenTest+, and much more.
4. You recently took an opportunity at a new company. What guidance do you have for women who are seeking a new role in cybersecurity relatively early in their career?
I recommend that they start with a list of their strengths. It is important to assess skills you have, as well as skills you still need to develop. You are the driver of your career. Be strategic about which positions/assignments you take on and prepare yourself for future opportunities. Try to get experience with different roles to figure out the area in cyber that excites you.
I have had a supportive community of sponsors and teammates. I learned quickly that you can always make an impression, especially when working with cross-functional teams. I’ve had teammates recognize my strengths and recommend opportunities for my career advancement.
Here is the best advice I can give:
5. Your new role is in Cybersecurity Governance. What does that role entail? How does your experience and expertise from your prior roles carry over to this job?
My new role is with Infrastructure Security and Perimeter Governance.
Infrastructure refers to hardware or software technology assets, such as computers and endpoints/devices, networking systems, and cloud resources. With infrastructure security, the goal is to protect an organization’s technology assets from a cyber attack. We boost security measures to improve the security posture of a business and can minimize downtime, brand/reputational risk, and compliance costs. Governance is how organizations implement and manage controls to prevent, detect, and respond to cyberattacks and potential threats. It ensures security programs align with business objectives, regulations, and industry standards.
In my role, I perform reviews of infrastructure security controls and provide executive reporting on control performance, create/maintain adherence documentation, and identify risks within the network perimeter. I also drive remediation of infrastructure security policy gaps.
My experience working on different functional teams helped me understand the role that infrastructure security plays in protecting a business. I had to understand cybersecurity policies across domains, execute technical risk assessments (application security), gained experience with security information and event management (SIEM) tools by working on an incident response team, and much more. Those experiences, coupled with my ability to communicate complex terminology to stakeholders, gave me a strong foundation for my new role.
Working in cybersecurity never gets boring and those brave enough to take new risks become better thinkers and contributors.
