Ireen Birungi

What is one skill, interest or talent of yours that makes you great at your job?

I am an integrator who enjoys personal connections and organizing to figure out how to fit pieces together and solve problems.

What is the best piece of unconventional career advice you’ve gotten?

Always assume positive intent when interacting with folks. Take time, count to five, and think before you speak.

When building your brand, which is important, it’s more important to build the internal brand and therefore, trust and credibility. It will make the job of CISO an easier one.

What is your proudest moment working in the cybersecurity industry?

Growing an amazing team, being a mentor and role model to those looking to enter or remain in cybersecurity, and leaving the industry better than how I found it.

When did you become interested in pursuing a career in cyber and what prompted it?

I didn’t get into information security (infosec) on purpose, but I’ve stayed on purpose. My interest in staying was the diversity of domains that could apply to a number of areas: application, systems, network, data, people.

I especially became interested in infosec after spending hours in a lab and building flavours of UNIX, Linux, and Windows OS in order to test hardening guidelines.

What are the top 3 things you would tell people hoping to enter the cybersecurity industry?

1. Networking is important. Grow and maintain your network; peers, colleagues, mentors, mentees, partners, and suppliers. 
2. Willingness to compromise within the organization’s risk appetite. You will be tested and need to show up as a business enabler and effective communicator. 
3. It’s rewarding, but you have to have patience. Acknowledge that you really want to be in cybersecurity, and be open to work in various domains from risk to security operations.

What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?

That InfoSec always says “no” and will stop all attacks. The goal is resilience; to detect quickly, respond effectively, and recover with minimal impact. It’s important that cybersecurity practitioners are business enablers—not simply leading with “no,” but instead using the art of helping the business or client understand the risks. Any and all decisions regarding risk should be informed.

Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?

Helping keep our world secure is a big part of why I continue to work in InfoSec. Working with organizations to strengthen their cybersecurity program, think through risk, or communicate with clarity and impact contributes to a safer digital world. I am also a consumer of services that I support protecting, as are my friends and family, and spreading due diligence on cyber threats makes us all safer.

What positive change do you think will take place as we bring the next generation into the cybersecurity industry?

The pipeline of entrants in cybersecurity is a lot higher than when I first started out. That means there are so many more people who are curious and cyber aware, which is important as we journey through AI, deepfakes, voice cloning, and scams.

Who is your role model in the cybersecurity industry and why?

I’ve learned so much from different individuals in various disciplines and at different phases of this journey called life. In addition, the cohort of CISOs in the Canadian space—who have been part of my origin story in information security (now cybersecurity) for over 25 years—have also greatly influenced me. They are a blend of technical mastery, leadership, and challenge; healers and supporters; makers of meaningful impact; and all-round good human beings. They willingly share how they’ve progressed in their careers, including how they balance work with life goals.