Life in Cybersecurity: From Nursing to Threat Analyst
As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not.
However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D’Addamio, for example, a former nurse turned threat analyst.
I spoke with Gina about her career transition. Her responses show how she leveraged her previous experience to succeed in an exciting new role in the cybersecurity space. Check out our conversation below.
Joe Petit: Thanks for speaking with me today, Gina. Let’s talk more about your previous career.
Gina D’Addamio: Thanks for having me, Joe. I worked as a registered nurse here in Toronto, where I delivered babies for more than sixteen years. My role included everything from assessments in triage to regular delivery and C-sections. I worked in the operating room, provided postpartum care and newborn care, and worked for two years as a team lead, running the organization and flow of the Birthing Centre.
During my time at the Birthing Centre, we made the move to electronic documentation. Known as “Miss Technologically Savvy,” I was chosen to undergo training on the new software first and then educate our team. Over a span of eight months, I offered one-on-one training and support to staff, facilitating a smooth transition during this period.
I really loved my job, and it’s been a very fulfilling career.
JP: Nice, that’s quite a start. So, what brought you to cybersecurity? Any particular moment?
GD: Working through the COVID-19 pandemic with all the heightened anxiety and stress took a toll on me. The stress was starting to interfere with my home life, and I knew something needed to change. Also, the problem of being continuously short-staffed was weighing on me. So, although I loved my job, it was ultimately the stress and burnout that led me to get out of that system.
I took some time off to recuperate my mental health, and during that time, one of the moms from my kid’s school told me she knew a number of nurses transitioning into cybersecurity. She asked if it was something I would be interested in because she knew of a program that I could apply to. I wasn’t really sure I knew what cybersecurity even entailed, but I found out that it was in high demand and that, thanks to the cyber talent crisis, a lot of opportunities to retrain were being offered.
The Accelerated Cybersecurity Training Program (ACTP) was being offered by the Rogers Cybersecure Catalyst in collaboration with Toronto Metropolitan University. It was a grant-based program that only required an administration fee on acceptance. I took a shot in the dark, decided to apply, and got accepted into the program!
I had supported my husband during his career transition, as he too had left healthcare during the pandemic to take care of our children, so now it was my turn!
JP: That’s interesting. We’ve seen a lot of those necessary jumps into the security field. So, what were the key challenges when you first transitioned to cybersecurity? What helped you navigate those?
GD: At first, it was all Greek to me. I remember watching my first lesson and thinking, “I know this guy’s speaking English, but I don’t understand a word he just said.” And I thought, “What have I gotten myself into?” Thankfully, I decided to keep plugging ahead – and then everything just clicked. Within seven months, it was mind-blowing to see how far I’d come and how much I had learned. From the first class being totally incomprehensible to me to actually understanding everything and being able to complete labs and capture the flag games. By the end of the program, I had successfully completed three GIAC cybersecurity certifications and was invited to the Advisory Board which is for students who achieve a 90% or higher grade on their certification exams.
I have to say that the main challenge was time management. Being a full-time mom and wife is challenging enough in itself, then adding a full-time education program into the mix, I really had to prioritize my time. I had the support of my husband and family which allowed me to juggle all and still be successful. What kept me focused on the end goal was finding a job where I could have a good work-life balance. This was a real challenge in nursing, so knowing it could be a part of my cybersecurity career gave me the strength to keep on going.
JP: Can you tell me more about your role now? What do you love the most about it?
GD: I was hired by the CCTX (Canadian Cyber Threat Exchange) and started work in July 2023. This was after an intensive month of applying for jobs and networking. I was certain it was networking that would land me a role in cybersecurity, but ironically, the CCTX position resulted from a random “quick apply” I found on LinkedIn. It was just meant to be! What sold me on CCTX was their priority on family and the work-life balance. It is a small organization, and when my son was sick on Day One, they offered to let me push back my start date. That’s when I knew this was the place for me!
In terms of my role, the CCTX has a membership base that leverages our secure platform where the CCTX and members share threat intelligence. I’m responsible for putting together threat newsletters on a daily and weekly basis for our members who are from all different sectors, from finance to healthcare and beyond. I am also responsible for researching, analyzing and documenting threat trends. I enjoy that my role allows me to see the big-picture overview of the threat landscape.
I thought my first position in cyber would be in a SOC (Security Operations Centre). Although my role isn’t very technical, I still get the chance to do the cool geeky, coding-type things to help keep my skills fresh. For example, one of the CCTX members hosted a Capture the Flag (CTF) Event, which I took part in and was able to solve several challenges. I also participate in all the workshops and webinars offered by our members. When I want to practice the technical skills that are still new to me, I sign up to do events like the Try Hack Me and SANS CTFs or play in the CyberStartCanada program. After all, if you don’t use them, you lose them.
JP: Sounds like you have found yourself in a great role. Based on your experience, what advice would you give to others who are thinking about the change?
GD: Start to study concepts that are related to the industry. I understand that without my GIAC certifications, I would have had a harder time getting my foot in the door, but there are many avenues that don’t cost a whole lot, that can give you valuable learning and experience. For example, I joined a CTF event before I even got into the ACTP program and completed half of the challenges by just Googling; at this point I knew virtually nothing and was learning with the challenges.
You need to be determined, you need to leverage your previous experience, and you need to be willing to learn. Learning’s the biggest key because this industry is changing at a very fast pace and continuous learning is a must. The good news is that you can basically start for free and you can start at any point. There are so many free resources available, and there are many different pathways you can use to find your place in the industry.
Lastly, it’s a balance between hard (technical) and soft (people) skills. Technical skills show that you can think and pick things up quickly, especially if you’re coming from an accelerated program like me. But don’t underestimate the value of soft skills like being a team player, a good communicator, or having the ability to connect well with people. Employers are looking for all the soft skills because they can teach the technical skills as long as you have the ability to learn. That being said, it was definitely my ability to combine the two that got me to where I am now in my cybersecurity career.
JP: Those were some really great insights, Gina. Thanks for taking the time to chat with me.
GD: My pleasure, Joe. Thanks for having me.
