Women in Information Security: Jen Fox

Last time, I got to speak with Evie Andrew. As a pen testing professional, she knows there’s a lot more to penetration testing than pointing a network vulnerability scanner at an IP address.

This time I had the pleasure of chatting with Jen Fox. She’s all about cybersecurity in the very challenging compliance space.

Kim Crawley: Tell me a bit about your cybersecurity role and how you got there.

Jen Fox: I am a Senior Security Consultant. I mainly work in the GRC space, doing compliance/gap/risk assessments, security awareness training, and social engineering pen testing.

I have been in IT for over twenty years, often in consulting. My background is in tech writing, training, usability design, and requirements definition, so people and process have pretty much always been my thing. When I became interested in moving into information security about 10 years ago, governance-risk-compliance made sense as an area. Social engineering and awareness training have always been attractive areas to me, as well.

KC: What drew you to cybersecurity after having worked in other areas of IT for a while?

JF: I had gotten bored with business analysis and was looking for a new way to make things better for end users and add value to the companies I work with. I started looking in the direction of security and signed up for a graduate certificate program to start educating myself about the different areas of security and to get the additional foundation knowledge I needed.

KC: As you started to learn about cybersecurity, did anything surprise you?

JF: I think a lot of my previous experiences had prepared me for some of the things that seem to surprise people. I knew that businesses keep old technology and old code around for a long time for a variety of (Read more...)