I’ve been in my current role as an Inside Sales Engineer for Sophos Managed Threat Response (MTR) for nine months. Previously I worked as a threat analyst on the Sophos MTR team—I like to be involved in the technical side of cybersecurity, where I’m always learning.
When this role was pitched to me, I thought “I’m not a salesperson.” But every day I’m speaking with people and doing technical demos. That’s why my manager saw I’d be a good fit for the job; I love talking with our customers, telling stories about MTR and what we do.
Storytelling is a big part of being a sales engineer. And my previous experience, conducting threat researching and threat hunting, means I have better stories to tell. I’ve been in the trenches—including working night shifts, because MTR is a 24/7 service—so I can talk about my own, hands-on experience.
Ready to take action with MTR
For customers who already have Sophos endpoint or server protection, enabling Managed Threat Response is easy, like turning on a light switch. You’re adding on another service that gives your business the support of our Security Operation Center (SOC)—a team of threat analysts and threat researchers.
We analyze your cybersecurity data, looking out for potential threats or suspicious behavior. And what’s really neat about Sophos is that we let you choose your own response option, which determines how we react when we spot an issue.
There are three options. The first is “Notify”—we’ll tell you about the threat so your own team can respond to it. In “Collaborate” mode, we’ll recommend a course of action, but won’t go ahead until you say so. Or there’s “Authorize” where we step in to contain and neutralize the threat for you, and let you know what we’ve done.
One feature our customers really love is the way you can switch modes to suit the situation. So you might want MTR to take action at certain times, like if it’s outside your business hours, or if you’re going on vacation.
We also get a lot of take up for our Rapid Response service, which gives people a super-fast emergency incident response option when they’re facing a cyberattack—even if they’re not already a Sophos customer. We’re able to triage most attacks in 48 hours, so it’s very satisfying to be able to help people when they really need it.
A supportive, global “neighborhood”
I started working with Sophos during the pandemic and my working day is based at home, in Indianapolis, alongside my rescue dog, Marco, and cats, Ziggy and Zara. They sometimes make appearances in my calls, which always seems popular—I’m relieved that my customers are animal lovers!
It’s been a little strange getting to know my Sophos colleagues while working remotely, but the company feels like a big neighborhood. Even though we can’t meet up right now, you can just go to a neighbor’s door virtually if you ever need help.
That’s good, because the work we do together is demanding and fast-paced. We recently supported our customers through the Kaseya VSA supply chain ransomware attack.
It might sound strange, but I really like it when we’re busy. It’s fun, and it’s great to help more customers in need. They need us and trust us, and that’s rewarding.
Even when we’re busy, there’s always time to learn and continue expanding our cybersecurity knowledge. My manager, Greg Rosenberg, is passionate about career development, and with his support, I’m working on a project relating to the MITRE ATT&CK framework, a huge taxonomy of security tactics and techniques. It means I get to work with colleagues around the globe; I hope one day when the world opens up I might meet them in person.
I’m also being mentored to build my knowledge of new technologies and business areas. I have conversations every week with mentors in the UK and Australia. I’m working on my certification to be a Certified Ethical Hacker, and an Incident Handler.
Supporting women in InfoSec today
Sophos is the first place I’ve worked that really values diversity—and even though the industry is improving, women in cybersecurity are still rare.
Sometimes, that brings challenges. I spend my day advising people in senior InfoSec roles, and they might not be expecting to talk to a young, Asian American woman. But I’ve been coached in how to respond if someone talks down to me, and I have a very supportive team to back me up.
Happily, they soon realize I’m here to use my technical expertise to help them resolve what’s going on in their environment, and I can quickly win their trust.
But I can see change happening, and that’s great. I recently secured an important deal, and it really stood out to me that the Chief Information Security Officer (CISO) for that multi-million dollar company was a woman.
I’m part of a global Sophos Women in Tech group which has a strong focus on mentoring. We discuss the obstacles women face when they’re trying progress their career—and it’s good to know the company is thinking about these things.
Encouraging the next generation of cyber experts
I’ve received a lot of support and encouragement in my career, and for me it’s important to give back where I can.
Just this morning, I was speaking to high school girls about cybersecurity and my career at Sophos. I also work with Trace Labs, a non-profit organization that helps find missing people using a crowdsourced OSINT approach.
I recently took part in the Sophos Techvids webinar series, talking about launching a career in cybersecurity. Outside of work, I’m starting a podcast, and I use social media to be very transparent about my experience of working in this industry.
It comes back to storytelling. I’ve always wanted to hear stories that are real, not just the good parts of the journey. I want to understand the challenges we face as women in this field, and how we help each other grow. That’s what the podcast is about.
Earlier in my career, I contributed to a book on women in cybersecurity, sharing my own story of how I joined this industry. I didn’t have a female mentor when I was starting out—and that’s why I’m so glad I now work at Sophos and can be a mentor through Sophos Women in Tech.
There’s a sign on the wall of my home office. It says: “Do what you love, love what you do”. I’m the first generation in my family to go to college and I wanted to choose a career that was going to be challenging, but also that I was passionate about.
Cybersecurity is almost like my second language; it’s my favorite thing. You’re always learning, and I never want to be in a place where I’m not learning. And now, I’m happy to say that I do love what I do. That’s a pretty good story.
Stephen Mark
Thanks for sharing such great tips in your article.