My Information Security Journey
From Curiosity to Expertise
Introduction
This is my journey, challenges and lessons learned as a Latina Female in Information Security.
As you may know by now, the Information Security field has always been a dynamic and intriguing landscape, evolving rapidly with the growth of technology. My journey into this world has been driven by an innate curiosity, passion for problem-solving, learning new things, and the desire to protect the digital frontier.
Biography
My mission is to be at the forefront of Information Security innovation, contributing to a safer digital landscape. As a Latina in Information Security, I am an evangelist, I work to inspire others to advance others to our industry.
With over 25 years in technology, a robust foundation in Incident Response (IR), cloud security, and data management. Currently, as VP of Security Operations for an OT Information Security startup called Secret City Tech, I am eager to take on the challenge of building the Security Operations Center from its inception. I can’t wait to make the best of this opportunity!
Previously I was an Information Security Incident Response Manager, which focused on enhancing IR processes by developing and refining policies, procedures, and evidence collection protocols to safeguard digital assets and aligning evolving security requirements.
My expertise includes a chain of custody tracking, forensic evidence collection, and imaging, in strict compliance with NIST SP800-61R2 standards. I have led technical refresh projects initiatives, deploying advanced tools such as M365 and Microsoft Entra while implementing monitoring solutions like Intune, NinjaOne, and SentinelOne to ensure comprehensive security across platforms.
My credentials include ISC2 Certified in Cybersecurity (CC), ten Cyber Security Leadership Certifications from Proofpoint, MITRE ATT&CK Fundamentals, and Certified ScrumMaster®. These qualifications empower me to implement robust security and privacy controls that ensure information systems are compliant with industry standards.
With a relentless focus on staying ahead of emerging threats and deploying innovative security solutions, I am committed to driving meaningful change and fostering resilience at every level of the digital ecosystem.
Background
I was born in a small town of Zempoala, Veracruz Mexico. My dad moved us to the United States when I was 3 years old. Growing up in Houston, Texas, during summer vacation we would travel back to Zempoala and Veracruz visiting our grandparents and extended family. You would often find us playing in the Aztec ruins just outside my hometown.
After my last trip to Zempoala to say my ‘good-bye’ to my grandma, I found myself at a crossroads that led me to eventually become a US citizen in 2001.
I was introduced to computers when I was in elementary school during my 5th grade year. While it was just used as a learning tool for mathematics, it piqued my interest. It helped me to learn mathematical calculations without using pen/pencil paper or a calculator. I went on to win 19th place out of approximately 200 in a competition called “Number Sense”, where you were timed while being tested to complete mathematical problems.
Fast forward to High School, where I graduated 10% percent of my very huge class of about 600+. I was also awarded a scholarship from the LULAC foundation thanks to my guidance council that kept pushing me to go meet with them. The plan was to go to Berkeley, CA for my Bachelor’s degree then transfer to Texas A&M for my Master’s Degree in Chemical Engineering. Unfortunately, because I needed parental approval and my mom did not approve of the scholarship, I was not able to accept it. However I didn’t let this stop me, I was devastated but I knew that when one door closes there are more that open. I went to Houston Community College to get my basic classes completed, then eventually transferred to University of Phoenix in Pasadena, CA for my Bachelor of Science in Business Management in 2004.
Early Career Journey
During my Senior year of High School (1988-1989), I worked at Tenneco Oil, as part of a Co-Op program for students taking Data Processing class. Working in the HR College Recruitment department, I quickly learned Lotus 123, and DW4. During my tenure, I eventually became the ‘go-to’ for any technical computer issues.
After graduation, I went on to become the Technical/Office Manager for Charles Barney LLC. He believed in my skills and helped me see the value I brought to the business. He guided me to becoming more than I believed I could be at the time. I quickly became the ‘Go-To Tech Guru’. I helped to implement several Oil and Gas applications to help monitor all of Mr. Barney’s Oil rigs. I also automated several accounting tasks to help the accountant from having to do them manually.
Fast forward to 1998 started working at Latham & Watkins thanks to networking with a previous colleague. I started at the service desk and dove into learning and consuming all the knowledge I could to be the best Service Desk Technician. I volunteered for every project that came our way, to help the Network Engineers implement firewalls and switches. One of my favorite projects was New Year’s Eve 1999 to New Years 2000, when everyone believed the computer would revert to 1900, and applications would fail. I took the nightshift from 19:00 - 07:00 PDT. I was all set with my snacks and hacker movies - Hackers, Sneakers, War Games, and Tron. Nothing happened. Midnight came and went, and the world’s computer systems kept going.
I moved on to a smaller law firm in May of 2000, where I was able to expand my knowledge and skills. The firm's IT department consisted of 1 Sr Engineer and 2 Service Desk Technicians. I learned everything from implementing Cisco routers and switches to APs. The firm’s Partners and Special Council would ask me to help them set up their home network. This is when I started creating wireless network segmentations for their kids, guests, and home network. I helped to implement security controls before I even knew what they were.
I continued my learning and training by getting the CompTIA Project + certification. This helped me to manage my first major Tech refresh project before I knew what tech refresh was.
Mid-career Journey
I moved back to Texas in 2007 and continued working as a Sr. IT Project Manager for a Medical Device company. There I homed in on my technical skills and managed several tech refresh projects. Fast forward to 2010, I went to work for Dell, continuing to manage technical refresh projects. I also became a Firearms and Personal Protection Instructor, where I taught a lot of Firearms and personal protection classes in my 5'ish years of traveling and teaching throughout the state of Texas. I mentored a lot of women to become more comfortable with their firearms and personal security all while still having a full-time job as a Sr. IT Program Manager at Dell.
In looking back at what drew me to become a Firearms and Personal Protection Instructor, I think it had to do a lot with all of my instructors and mentors. When I spoke with them, they all agreed it was in my nature to be strong, even though I was small and petite and could get into places without being noticed. With the training I took and the push I got from my mentors, I became a Certified Personal Protection Officer. This is where personal security and professional security became very similar in my brain.
Fast forward to 2017, I met an amazing person, Steve Fink [Fink], he has built his career in Information. He introduced me to my first Information Security conference in 2018, BSides in Austin.
Later that year he introduced me to the Black Hat Community, and I attended my first Black Hat as a Conference Associate. I was able to network with a lot of the Information Community Leaders. That’s when I knew my next career move was to go into Information Security.
I was lucky enough to attend the 2018 Black Hat Keynote, and Persia’s talk is what made me want to be just like her when I “grow up” in Information. She was amazing, I related to all she had to say.
In 2020, Fink and I spent an entire weekend building honeyPis. I learned so much that weekend, it was an amazing learning experience. Later that year I attained ScrumMaster Certification, which has helped me with continuing to manage technical refresh and infrastructure projects. Fink wasn’t just my mentor, we wed in January of 2021.
In 2023, I started the Proofpoint Cyber Leadership Certification series, I’ve been able to attain ten certifications. I hope to continue learning about the product and keeping up with the certificates. In 2024, I attained my ISC2 Certified in Cybersecurity and in 2025 I attained my MITRE ATT&CK Fundamentals Certification.
Challenges, Lessons Learned, and Take A-ways
The journey has not been without its challenges but one thing I can say is don’t let setbacks, rejections, let downs or failures deter you from your goals. If you fail, fail fast and hard, take that as an opportunity to learn and keep learning. Remember to celebrate your wins and the wins of others. Network with folks in the Information Security realm and find mentors that will help point you in the right direction as you find your way in this ever evolving world of Information Security.
As I have said, the world of Information Security is huge, so do your research and find your thing that inspires and interests you, this is where you will shine. Talk to folks in the industry and join Groups or communities so you can grow your network and learn from others. Find a mentor that can help you with setting goals, learning, join Capture the Flag Competitions, and attend as many conferences as you can.
The Road Ahead
Looking ahead, I’m excited about the future of Information Security. Technologies such as artificial intelligence [AI], machine learning, and quantum computing will revolutionize the field. My goal is to continue growing as a professional, contributing to the community, and staying at the forefront of technological advancements.
The key to learning and future-forward thinking is to embrace emerging technologies and be prepared to adapt to new paradigms in the Information Security landscape.
Conclusion
My Information Security journey has been a combination of education, hands-on experience, innate curiosity, a commitment to ongoing learning, and the invaluable lessons gained from overcoming various challenges.
It’s a field that requires passion, dedication, and a constant drive to stay ahead of adversaries. For anyone considering a career in Information Security, my advice is simple: stay curious, be proactive, and never stop learning. The path may be challenging, but it’s incredibly rewarding and vital in today’s digital age.
