Queen Bees #1 - Angelica Marotta International Women's Day Special

Queen Bees is Cyberhive's latest interview series! We couldn't launch it on a more suitable day then International Women's Day 2024. Queen Bees is an interview series which will regularly share inspiring career insights from women leading in their cybersecurity hive. We managed to question these busy bees, and hope to inspire others with a career in the cybersecurity industry! Do you know an inspiring female leader with an interesting career to share? Contact us! 

To kick-off Queen Bees, we interviewed Angelica Marotta, our very own content writer of Cyberhive. During her exciting career in cybersecurity research, she wore several hats. This helps her to examine the organisational and cultural implications of cybersecurity in the context of regulatory compliance at Massachusetts Institute of Technology (MIT), next to applying her technical skills. To get where she is now, she had to overcome many hurdles like gender-related stereotypes. Get to know her experiences as woman in the field, and get inspired by her lessons! 

Could you briefly describe your career path?

It's been quite a ride! I started with a deep dive into Computer Science at the University of Pisa—that's where the initial seeds of curiosity were sown. From there, I kept climbing the educational ladder, driven by my passion for cybersecurity, which has been the common thread throughout my career. I then pursued further studies in the United States at Southern New Hampshire University, where I completed both a Graduate Certificate and a master's degree in Justice Studies with a concentration in Cyber Security, graduating with honours and receiving the Outstanding Student Award. My educational journey culminated with a PhD in Cybersecurity from the University of South Wales.

Professionally, I've worn several hats. I've had the privilege of working as a Research Fellow at the National Research Council (CNR) in Italy, where I concentrated on cybersecurity and related domains such as cyber insurance, data privacy, and robotics. Currently, I am engaged in research at the Massachusetts Institute of Technology (MIT), examining the organisational and cultural implications of cybersecurity, particularly in the context of regulatory compliance. This position has allowed me to collaborate with some of the brightest minds and organisations like the World Economic Forum, contributing to global initiatives that shape our digital future.

In tandem with my research endeavours, I have the honour of mentoring the next generation of cybersecurity experts through my teaching roles at Thomas Edison State University in the US and the University of Hull in the UK.

Speaking engagements have also been a significant part of my journey. I've been honoured to serve as a keynote speaker at global cybersecurity conferences, sharing the stage with industry experts and contributing to the crucial conversations that drive our industry forward.

Lastly, I can't forget to mention my recent involvement with Cyberhive EUROPE by ECSO. It's a great way for me to stay connected with the cybersecurity scene in Europe.

So, in essence, my career path has been a mix of research, education, writing, and active engagement in the cybersecurity community. Each role has enriched my understanding and allowed me to contribute meaningful advancements to the field I'm so passionate about.

When did you decide to work in cybersecurity?

My decision to pursue a career in cybersecurity was a gradual realisation that came to life during my formative years as an undergraduate. Back then, my academic journey was propelled by a wide-ranging curiosity about technology and its limitless possibilities. As I navigated through various IT subjects, it was a course on cryptography that truly captivated my imagination and steered my interests toward cybersecurity. This course wasn't just another checkbox on my academic to-do list. The intricate mechanisms of encoding and protecting information, the intellectual challenge of solving complex problems, and the critical importance of securing data against ever-evolving threats resonated deeply with me.

Were you already interested in IT security when you were young?

Absolutely, my fascination with new technologies was kindled at a very young age. I can vividly recall being enthralled by the newest tech devices, particularly those related to telecommunications. As a kid, the thrill of exploring these technologies, understanding how they worked, and imagining their possibilities was my favourite pastime. During my high school years, my interest significantly grew, partly due to the influence of some tech enthusiast friends. Their skills opened my eyes to the power and vulnerabilities of our connected world. For this reason, my curiosity naturally evolved into a deeper interest in understanding how to protect technologies and particularly the information they held, steering me towards cybersecurity. It's like those early interests laid the groundwork for my passion in cybersecurity, turning my childhood curiosity into a professional pursuit.

What made you decide to work into cybersecurity? Was there anything or anyone sparking your interest in cybersecurity? 

My journey toward a specialisation in cybersecurity was not a linear one; rather, it was an exploratory path that unfolded over time as I delved into the varied opportunities offered by my computer science degree. As I reflected on the diverse sectors, I had the chance to explore, the recollection of my cryptography class began to take on new meaning, casting the importance of secure digital systems in stark relief. However, this growing passion was not just about applying what I had already learned; it was about pushing the boundaries of my understanding and contributing to the field in a meaningful way. I began to envision a career where I could not only apply my technical skills but also engage in rigorous research to uncover new insights and methodologies in cybersecurity. The allure of research within cybersecurity lies not only in the intellectual challenge but also in the potential societal impact. With the knowledge that the cyber landscape constantly evolves, I am committed to lifelong learning and innovation, aiming to contribute to a safer digital world through my research endeavours.

Could you describe what your research in cybersecurity is about? 

My research endeavours in cybersecurity have been extensive and multifaceted, beginning with my early research activities at the National Research Council (CNR), where I dove into the complexities of cyber insurance. This relatively new and rapidly evolving area has become increasingly relevant as both practitioners and researchers seek alternative ways to address the residual risks in the cybersecurity sector. My work there laid the groundwork, providing a foundational understanding of cyber insurance from both practical and theoretical standpoints. I dissected the unique difficulties the emerging cyber insurance market faces, shedding light on its effects on different technologies and evaluating scientific methodologies for market analysis. Over the years, this research, quite unexpectedly, evolved into a foundational asset for numerous follow-up investigative efforts, driving advancements in the field and serving as educational content in university curricula.

As the landscape of cyber threats continued to evolve, my focus shifted towards the inherent challenges they pose to organisations of all sizes. It became clear to me that the traditional siloed approach to cyber risk management, often relegated to IT departments, was insufficient to counteract the sophisticated and adaptive nature of modern cyber threats. Therefore, my research centred on devising improved methods for cyber risk management that extended beyond traditional cybersecurity approaches, drawing parallels with emergency response strategies. By integrating principles from emergency management, such as FEMA (Federal Emergency Management Agency)'s model, with conventional cybersecurity tactics, I sought to construct a more comprehensive and practical framework for enhancing our collective security protocols.

With the progression of my academic career and legal studies, I began exploring the legal aspects of cybersecurity. At MIT, my research took on an organisational focus, delving into how cybersecurity is influenced by regulatory compliance and the impact of culture on cybersecurity practices. Over the past years, I became particularly interested in the strategic aspect of cybersecurity, examining how companies manage their cybersecurity policies and procedures within the context of varying cultural and regulatory landscapes.

Throughout my career, I have been committed to scholarly dissemination, contributing over 30 articles to prestigious cybersecurity journals and authoring chapters in key industry texts. This dedication to my field was acknowledged through various accolades, including receiving the Best Paper Award at the IACIS Europe Conference. For example, the paper that earned me this award highlighted the importance of cybersecurity compliance across industries, companies, individuals, and nations, and took a comparative approach to analyse the varying compliance environments through case studies. This study highlighted the cultural, regulatory, financial, and technical aspects contributing to compliance challenges and offered strategic insights from regulatory and organisational perspectives.

Moreover, a segment of my research has been devoted to examining AI within the healthcare sector, spotlighting the risk of perpetuating historical biases in diagnostic data. I have then proposed a framework for algorithmic auditing to ensure AI operates under secure, legal, and fair principles, with the goal of enhancing women's healthcare through ethical AI practices. This research not only contributes to the ongoing conversation about AI and ethics but also has practical implications for improving women's healthcare through the responsible application of AI technology.

Do you reflect on, or celebrate International Women's Day? If so, how? 

Absolutely, it's a day of great significance. I try to get involved in webinars or panel discussions aimed at empowering women in tech. It's about sharing our journeys, the hurdles, the triumphs, and just connecting. It's a powerful way to inspire and be inspired.

What is your experience as a woman in this field? 

Navigating the cybersecurity field as a woman, I've discovered it's a double-edged sword. There were instances where my contributions and insights were celebrated, leading to a sense of prominence and respect within the community. These moments were deeply empowering, offering a platform to demonstrate my capabilities and contribute meaningfully to my projects. Conversely, I've also faced situations where I was underestimated. These circumstances were challenging, forcing me to not only prove my worth but to also advocate for the recognition of the skills and talents women bring to cybersecurity.

Were there any unique challenges to overcome to get to the position where you are now?

My journey in cybersecurity has been marked by numerous "firsts." I've encountered various obstacles, not solely from the initial scepticism of some people but also from the rigid procedures and traditional thinking that did not account for someone with my unique background embarking on such endeavours. I was frequently met with the notion that certain goals or roles were simply out of reach, cloaked in the rhetoric of tradition or the preference for the familiar, well-established routes. Despite this, my guiding principle has been the idea that even the most inflexible systems harbour flaws, and it is through these flaws that new opportunities arise. Holding fast to this belief has spurred me on to continually defy the established norms and forge not only my own path but also to clear the way for the next wave of professionals in the cybersecurity domain.

Did you ever encounter any gender-related stereotyping? 

There have been moments where my capabilities were initially viewed through the lens of stereotypes rather than evaluated on the basis of my qualifications and performance. For example, I have been in situations where my input during technical discussions was overlooked or required additional validation, whereas my male counterparts received immediate acknowledgement. However, I prefer to approach these experiences as opportunities for growth and education, both for myself and for the industry. I believe in leading by example, fostering an environment of respect, and advocating for change. 

Do you have any role models you aspire?

Yes, I am fortunate to have a host of role models that inspire me, both within my professional sphere and from my personal life. The women in my family laid the foundation for my work ethic and resilience. They have consistently demonstrated an unwavering commitment to hard work and have instilled in me the value of perseverance and dedication.

In my current professional environment, I am surrounded by colleagues who continually establish outstanding benchmarks in both research and education within our field. I am constantly learning from their approach to challenges, their strategic thinking, and their ability to drive positive change. However, among the most significant influences in my professional journey, I must acknowledge a professor at MIT with whom I have the privilege of collaborating. The guidance received in this collaboration has been transformative, offering insightful feedback on my work while exemplifying the highest standards of leadership and expertise. 

What would you like to change in the world to close the gender gap in cybersecurity? 

I envision a future where mentorship programs for women in cybersecurity are not just an occasional initiative but a norm within organisations. A mentor once told me, "Your unique perspective is your strongest asset in this field." This advice was pivotal for me. It is crucial to create environments where women are encouraged to speak up, share their ideas, and lead confidently. I hope to see more platforms amplifying women's voices and contributions to cybersecurity.

Do you have any suggestions for educational pathways to encourage women to pursue careers in cybersecurity research?

To effectively encourage women to pursue careers in cybersecurity research, I think it's important to emphasise educational pathways that extend beyond the traditional IT focus. Cybersecurity is a multidisciplinary domain and thrives on diverse skill sets. Aspiring professionals should consider engaging in interdisciplinary studies that blend computer science with fields, such as psychology, law, ethics, business, and beyond. For example, incorporating disciplines such as classical studies into one's educational foundation can offer unexpected advantages to the cybersecurity professional. These subjects nurture an analytical insight critical for breaking down and understanding the complexities of cybersecurity challenges and cyber threat landscapes. They train individuals to recognize patterns and interpret contextual clues. Nonetheless, it's imperative to maintain a balance by anchoring this diverse educational background with a solid understanding of mathematics. Mathematical proficiency underpins the ability to quantify risks and navigate the technical intricacies inherent in cybersecurity, ensuring a well-rounded skill set for tackling the multifaceted nature of cyber risks in the modern era. Such variety in education not only equips future cybersecurity researchers with a robust toolkit of skills but also encourages critical thinking and innovation, which are essential in addressing the complex challenges of today's digital world.

What would you advise young females interested in cybersecurity?

Never underestimate the power of curiosity and resilience. There will be moments of doubt and challenges that seem insurmountable. Early in my educational career, I remember that studying IT seemed way over my head. Instead of backing down, I took it as an opportunity to demonstrate that I could. I think it was a good choice because studying this field turned out to be one of the most rewarding experiences, teaching me more than I could have imagined. So, I would say that embrace challenges as opportunities to grow, seek out mentors and allies, and remember, your perspective is invaluable in this field. Your journey in cybersecurity has the potential to inspire the next generation of women in cybersecurity.