When Christina Morillo found her way to information security, the field didn’t even have a name.
“There was an identity and access management role within the security division of a financial services firm that required the handling of very sensitive accounts and applications, so they were looking for someone who understood system administration,” explains Morillo. At the time, she already spent ten-plus years working in the enterprise technology space. “That role was my door into security, before it was called information security.”
Morillo used her knowledge of systems and networks as a stepping-stone to a full-fledged information security career. She now acts as a principal security consultant at enterprise security company Trimarc, leading the Microsoft Cloud Security Assessment (MCSA) service. Her role includes, but isn’t limited to, performing security reviews and providing recommendations on how to optimize cloud security. And she does so all while still carving out time outside of work to express her creativity and increase tech industry representation.
After landing that early identity and access management role, Morillo spent several years growing her security experience within the financial sector. She then had a chance to dive even deeper into cloud, while working at Microsoft.
“When I first joined the company, I had no idea how cloud security worked, but because of my excitement for absorbing as much as possible, I translated my prior background and learned quickly,” Morillo says. “I’m more focused on cloud security and identity today because of my time at Microsoft.”
In her current role, Morillo oversees and documents Trimarc’s MCSA service. She also performs assessments at big-name enterprise clients and offers recommendations as to how those companies can optimize their cloud security. “I run some proprietary tools and scripts to assess their environment, and I make sure that all of the doors are locked and all of the windows are closed,” she confirms.
To feed her creative side, Morillo assumed several side projects in the media realm. She partnered with influencer campaigns; authored, curated, and edited 97 Things Every Information Security Professional Should Know and other O’Reilly Media texts; and created the highly successful Women of Color in Tech stock photo collection. “I realized that there weren’t enough photos of folks who look like me in tech,” she says of the latter initiative, which entailed multiple photo shoots of diverse tech professionals.
Morillo also drives representation through the #ShareTheMicInCyber campaign as a fellow and advisor. The campaign will soon launch a fellowship in collaboration with think tank New America.
“I think I juggle things so well because I’m actually invested in the goals, the campaigns, and the people,” she says. “It doesn’t feel like it’s taking time away; it feels more like it’s filling my cup.”
She encourages other women in information security to see their passions as opportunities, narrow in on specific areas of interest, and learn to filter signal from noise when forging a path in the field.
“What works for some people may not work for others,” Morillo emphasizes. “Not everybody has the same level of experience or expertise, but there is always a way to translate prior experience into a career in security.”