Next time someone says it’s difficult for women to advance in the global security or technology sector, point them in the direction of IBM. At the very top of the tree is Ginni Rometty, global CEO, who is joined by Shamla Naidoo as the chief information security officer (CISO) — just two of the many female executives across the company, all supported by very woman-friendly policies and culture.

That IBM is so supportive of women in security is a source of great pride for Limor Kessem, executive security advisor at IBM Security. Limor herself is an incredibly inspiring woman, having made a U-turn from naturopathic medicine and microbiology to leading governance, risk management and compliance (GRC) processes for content at IBM Security. Today, Limor works with global research groups to deliver actionable threat intelligence and is, without a doubt, one of the company’s top cyber intelligence experts.

“IBM is not a boys’ club; it’s not somewhere only men can move forward,” she says with conviction from her home office, her new baby sleeping soundly in another room. “A lot of executives at IBM are women, which is amazing, and I love it.”

Limor then lists some of the initiatives the company has in place, from career re-entry for women who left work to raise a family to cybersecurity camps for girls and funding conference tickets for women. Not surprisingly, Limor leads by example, always ready and willing to speak about her experiences as a woman in cybersecurity to anyone who’ll listen at conferences and events, in the corridors at work, and even on social media.

A New Collar Approach Brings New Perspectives to Cybersecurity

She might be a security evangelist today, but Limor’s original plan was to go into naturopathic medicine. She studied microbiology at McGill University in Montreal before changing her mind and moving to naturopathic medicine next.

When she left Canada and moved back to her birthplace, Israel, Limor intended to open her own clinic. She started to investigate entrepreneurial support for women, possible funding sources and even had business cards made up. But one day, on a whim, she decided to translate her CV from French to “terrible Hebrew” and send it out. A security company called her in for an interview.

“I was like, OK, I’ll go check it out, maybe there will be some cash for now, who knows. And it just ended up being this huge life-changing thing,” she recalls.

While the term wasn’t in use yet, Limor thus entered the cybersecurity field as a new collar hire. This is a deliberate hiring practice encouraged by IBM and other companies in which people from different backgrounds and education levels are brought on board with the aim of repurposing their skills for security. IBM, for instance, recognizes the value of military experience and regularly hires veterans for work in incident response. In Limor’s case, the skill she could repurpose was her ability to translate very technical information into something that is easily understood and actionable.

“You take what you’re strong with and the talents you have, and you still get to enjoy them just doing something completely different,” she says. “A lot of people ask me how do I connect my education, my knowledge from microbiology to what you do now? I’m like, hello — viruses!”

Diving Headfirst Into the Fascinating World of Cybercrime

Limor has barely stood still since she joined the global security sector about a decade ago. Back then, she was working in “probably the biggest research lab in the world,” at a time when not many vendors were doing underground and malware research. The processes that exist today hadn’t been defined yet, and the amount of cybercriminal activity taking place on the internet was not widely known. As Limor puts it, she was seeing “crazy stuff” happening in front of her eyes that no one else really knew about.

“Once I found out more about this fascinating world, I developed an immense passion for it,” she recalls. “I started teaching myself, reading everything I could read. I used to spend nights until 1 or 2 a.m. just reading and reading.

“I would sit in the company’s research lab with the malware researchers, the reverse engineers, the cryptography experts. I used to sit with the cyber intelligence folks who would be monitoring dark web forums and chat rooms and speaking undercover to criminals. I couldn’t get enough.”

A Security Manager’s Best Friend

All those conversations and late-night reading sessions paid off. Soon, Limor was spotted by a high-ranking colleague who saw her knowledge as something that should be spread wider — over conference stages. He entrusted her with one of his own speaking opportunities, and she hasn’t stopped since. Limor became a global security evangelist, traveling the world speaking to groups that wanted to know more about the threat landscape: banks, police task forces, military groups and peers. She would explain in detail what they would see in the research labs, what they were digging up that might be relevant to that specific group. And yet Limor herself was still learning, still growing.

Today, she channels that learning and growth into IBM’s threat research, working with all the company’s research teams to implement a strong governance, risk management and compliance (GRC) process and ensure anything released under the IBM Security name is on-message, approved by all involved and, most importantly, useful to security managers seeking information. She brings in researchers, writers and reviewers and works with lawyers from every department, with colleagues across all teams and regions.

“I work with an ecosystem of people who help me be fair and just to everything and everyone that’s involved in a publication like that,” she says. “We’re really helping the community, helping security managers to do their jobs. One of the biggest things any security manager needs to be able to do to properly estimate risks and controls is to understand the threat landscape.”

Limor is essentially the educational editor-in-chief, with her immense security knowledge and a palpable passion for the subject.

And she really goes to bat for those security managers. In a recent interview, she talked about their day-to-day work: A team comes to them wanting a new website, but it’s not as simple as that. The IT manager must consider factors such as the number of customers the site will serve per day, the infrastructure architecture and number of servers needed, but security will have to bring in the right controls, encryption processes, identity management and more. It’s this type of work that requires reliable information about the current threat landscape as it pertains to different projects, and this is what she strives to help deliver to security professionals and management.

A Cry of Support for Women in Security

Limor has spent her adult life to date working in operations and now in risk management, two areas that are informing her latest adventure: motherhood. She’s throwing herself into that role with as much gusto as her ever-growing security responsibilities, showing that women don’t have to make a choice when it comes to careers versus families.

“Don’t think if you have a baby your career is over. It’s not,” Limor says. “If you work for a good organization that supports women, your career is going to stay intact, and you’ll come back with a bang.

“Women should feel good about that and should know that there are other women who are doing it and have had kids and are doing just as well in their careers in security. Not saying it’s easy, because many mothers know it is not, so I hope that organizations in the security sphere make profound changes to their culture to help keep more women on their teams!”

As though on cue, Limor’s own baby daughter lets out a wail in the background, a little cry of support for her mother — an additional cheerleader alongside a very woman-friendly workplace. And Limor is doing her best to make sure that her baby can, if she chooses, follow in her mother’s footsteps and blaze new trails for women in security.

Read more ‘Voices of Security’ stories

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today