Sometimes it seems like professionals in the cybersecurity industry “eat, sleep, and breathe” cybersecurity and that they’ve done that since the first day they could walk.

But in reality, job-seekers with all types of interests find happy homes as cybersecurity professionals. And this is certainly true for Prajakta “PJ” Jagdale, Director of Offensive Security at Palo Alto Networks.

A general technology and math enthusiast with a desire to help people and solve problems in a fast-paced environment, PJ has become a go-to leader in cybersecurity with a diverse background tackling both traditional and emerging cybersecurity threats.

Here is a bit more about how PJ turned her general passions and interests into an incredibly successful cyber career.

Being a Cybersecurity “Late Bloomer” and Coming to the US

While some professionals in the cybersecurity profession have a clear roadmap laid out in terms of the majors they plan to pursue and the career fields they are looking to enter, some enter the cybersecurity field with very little hands-on experience with computers, software, or data science. In PJ’s case, an encounter with a cryptography professor led her to cybersecurity. 

“A lot of the security professionals have these stories growing up about how, especially in Western countries, they were fascinated by computers, and spent hours playing computer games or video games,” said PJ. “And so their journey began with them trying to hack into those games and score higher than what was possible or find Easter eggs and things like that. My story doesn’t align with that. I got introduced to computers quite late by typical standards. I even decided to do computer engineering from a bachelor’s degree without ever having interacted with computers a whole lot because unfortunately in India, where I grew up, we were a little behind Western countries in terms of access to computers. Nonetheless, I knew I was interested in math and technology but didn’t really know where I wanted to go within those fields.” 

“I was introduced to a professor who taught army officers about mathematics and cryptography. He introduced me to what cryptography is, what role math plays, and the whole idea of encryption and cryptanalysis. And that whole world just sounded super fascinating to me. And he was so passionate about it and he was so enthusiastic about it and it was easy to get sucked into that. I did a year-long project with him, but I wanted to learn more. 

From there, PJ decided to dig-in on cybersecurity. To gain a more immersive experience, she decided that the time was right to make the big move from India to the southeastern United States. 

“At the time, I couldn’t find anything in India that really taught cybersecurity specifically, and so my brother suggested that I look at universities in the US, and it turned out that there were a couple of universities at the time that had a dedicated cybersecurity program or infosec program. And so I ended up applying to all of them, and luckily Georgia Tech accepted my application.” 

Jagdale spoke at RSA Europe in 2008 in London. The theme of the conference was Alan Turing, well-known for helping crack the German codes during World War II. RSA Europe had a display of all different cipher machines from various different places and eras. Jagdale was just starting her career at the time and she was amazed by these displays. The memory stuck with her.

Getting Her Foot in the Door

Despite having a masters degree in tow, PJ ran into yet another stumbling block: getting formal work experience and ultimately starting her career.  

“It was not easy when I was trying to get started and I don’t think it’s any easier today,” said PJ. “In terms of my own journey, as I was going through my master’s program, just like everybody else for the summer, I was looking for an internship, and it wasn’t easy because I was just starting my cybersecurity journey. Everyone was looking for people with experience and the master’s program was the first time that I was actually learning a lot about cybersecurity, so it was a bit tough to convince those who were looking to hire interns that I knew enough to do the job.” 

However, just as PJ’s classmates were beginning their own internships, she happened to come across a company that would not only allow her willingness to learn and cybersecurity skills to shine, but allow her to dig into one of her favorite cybersecurity aspects: web application security. 

“I guess my ‘lucky break’ was when somebody introduced me to this company that came to Georgia Tech to speak about web application security. I was just really fascinated by it, especially as web applications at the time were an emerging area. Luckily enough, somebody I knew had a connection at that company and they referred me.”  

“When I went for the interview, I was nervous because I had to tell them I really knew nothing about web applications security or web applications in general. But that didn’t matter because the person I interviewed with asked me, “What do you know?” I said, “I have learned a little bit about network security. So he asked me all these questions about network security and I was able to convince him that if there’s a topic that interests me, I know how to learn about it and understand it. And so I think that convinced him that I was worth a hire. And so that basically started that journey.”  

Jagdale and an infosec colleague presented on the main stage at Palo Alto Networks 2019 Conference. In Jagdales words, “We decided to do this extremely cheesy skit on attacker-defender role playing. I was playing the attacker role, and one of our SOC engineers was playing the defender role. We played out an attack demonstrating why it’s so difficult to prevent or detect or respond to these attacks.”

“This was the cheesy part,” Jagdale jokes.

With a talent gap of over 3.5 million open cybersecurity positions, PJ believes that the cybersecurity industry has to tackle ongoing misperceptions about working in the field. 

“There are definitely a lot of misperceptions about cybersecurity out there today,” said PJ. “One of the biggest ones is that as cybersecurity professionals, we are just off by ourselves in dark corners trying to break into something or to keep it secure – when that is definitely not the case. Cybersecurity depends on open discussions and partnerships to work, so we are constantly out in the world building partnerships with the rest of the business. We need to do a better job of highlighting how cybersecurity is a collaborative space, not a solitary one.” 

PJ also noted the importance of dispelling the myth that women and diverse candidates are not welcome in the cybersecurity space. 

 “Everyone’s experience is different, but from my experience in the space – and I may have been extremely lucky – people put aside the fact that you are a certain gender or what your background is. They want to welcome anyone that is genuinely interested and passionate about the cybersecurity field,” said PJ. “Most of my mentors have been guys. I would just say to women in particular who are looking to get into cybersecurity that the majority of the men in the field are not going to care that you’re a woman, as long as you’re good at what you do. That said, if it becomes an issue, you just have to quickly act on it – you don’t have to suffer through anything.” 

And that pattern has stayed with me throughout my career. Every role change that I’ve gone through or every employer change that I’ve gone through, I have applied for a role or interviewed for a role that wasn’t in my comfort zone, that wasn’t something I’d done before. And that’s one of the things that we talked about misperceptions, why it might seem tough and it might seem confusing that, “Well, I know so little, how am I going to let them know that I can do it?”