Cyber Security Advocate: Meet Annybell Villarroel
As the ongoing dialogue on threats, standards, and best practices continues to drive awareness of cyber security issues, we noticed something slipping under the radar: the contributions of security professionals working behind the scenes to stay ahead of the curve. To us, cyber security means people, and we’re celebrating the Cyber Security Advocates who strengthen our industry by helping to bridge the technology and talent gap.
Annybell Villarroel is the Security Culture and Awareness Manager at Auth0, and she has focused her career on helping build security cultures that make the internet safer by empowering people with the right knowledge, skills, and tools.
Okta’s Amanda Rogerson, Director, Solutions Product Marketing, sat down with Annybell to discuss the biggest opportunity for making the internet safer, and the role she plays in making security careers more accessible.
Amanda: What led you to specialize in security?
Annybell: I’ve always loved security. It’s what we do at Auth0 and it’s what inspired me to join the company when I finished university. Then my passion prompted me to run a phishing experiment to see if Auth0 employees could identify an attack.
When the CISO heard about the challenge, she gave me the opportunity to follow up and train employees on how to avoid these attacks. This led to a bigger conversation around security within the company. It also opened my eyes to the potential for a full-time role training people on how to make the internet safer—and I was excited to get to pursue that. It’s what I’ve been doing for the last few years.
Amanda: Are there any notable moments in your life that brought you to your current role?
Annybell: The phishing experiment was definitely a big catalyst. I also grew up in an area with widespread crime and violence, so security became an innate part of my behaviour and the way I think through potential risks and challenges. Spending my formative years this way is probably why I put so much importance on helping people live secure lives online. As an adolescent, I was also hacked on a gaming site by someone who was offering free items, so that made me overly conscious about social engineering.
Amanda: What are some of the biggest challenges for people entering the security field, and how can they be addressed?
Annybell: We always talk about the shortage of security professionals—and how countless numbers of people who want to work in security can’t find an entry-level position. There are reasons for this. For example, security teams are often smaller than engineering teams, and sometimes they have smaller budgets to spend on new hires. This means that job seekers only come across senior positions.
For entry-level professionals who are hitting a wall, I suggest joining a company in a different department and then making your way over to security. You can take time to develop your knowledge and learn the right skills. Then put yourself out there with something like a blog post, show-and-tell talk, or podcast in a way that catches the notice of the security team.
Above all, it’s important to take responsibility for your career, identify what areas of security you want to focus on, and be proactive. The more you show up for yourself and for your interests, the more people respond.
“With a background in neuroscience, my role model, Rachel Tobac, co-founder and CEO of SocialProof Security, has shown the world where people and security come together, and she really opened my eyes to what I could do in my role.” —Annybell
Amanda: How do you demystify security?
Annybell: It’s all about making security more fun, engaging, enjoyable, and accessible as a topic. We’ve got to help people realize that they can contribute. I think an important thing Okta and Auth0 do is give security a platform at our conferences and take the conversation to other spaces.
For example, I’ve partnered with our Auth0 Kids program to talk to children about security in a way they understand. With them, we use the metaphor of an egg to describe a password: if you don’t protect the egg, it can break and leak out all your data. They understood that immediately.
Amanda: How do you make working in security more accessible?
Annybell: In my current role at Auth0, I consider the entire company to be a part of my team. Everyone is responsible for security in some way or another—and we ask people to be voices of security both within and beyond the company. For instance, employees can take our Security Checklist to their families to have casual yet important conversations about safety on the internet.
We also launched a Capture the Flag (CTF) hacking game with Hack the Box that you can participate in until October 25. Our offensive security team designed it to be friendly for developers to help them develop an attacker mindset.
Participating in developer conferences is key—we can step outside of our security bubble, raise awareness, and build more knowledge around what we can do in security, regardless of where we come from.
With the dynamic work model we currently operate in, we’re getting access to so many more people in different places. This helps drive diversity in perspectives, which is vital for building a robust security culture.