Women’s History Month: Zoom Manager on Her Cyber Career
Danielle Meah chats about her path in cyber, leading a team, and role models throughout the process.
While every month of the year should be dedicated to women of all races and backgrounds, March is specifically dedicated to highlighting women who have made a difference in history, opening up possibilities to young girls.
To kick off Women’s History Month, we spoke with Danielle Meah, Senior Manager of Threat Intelligence at Zoom, to learn about her background, path into cyber, and how she leads a team.
Strategic Cyber Ventures: What were you doing before you were at Zoom?
Danielle: Before I was at Zoom, I was the Director of Threat Intelligence for Trustworthy Accountability Group, which is a firm that basically tries to mitigate advertising fraud.T here’s a lot of cyber threats in the fraud, digital advertising space, so I was in charge of developing essentially a threat sharing network for digital advertising. And before that I was the Global Head of Threat Intelligence at Citi Bank.
SCV: How did you get started in cybersecurity? Was that something you were always interested in or did you kind of fall into it?
Danielle: A long time ago, I had an internship with Congress that I got in the door based on my language skills, nothing cyber related, but while I was there, I was exposed to a lot of different cyber projects because the big controversy at the time was how is cyber warfare differ from kinetic warfare. I got exposed to the concept of threat intel, cyber, and geopolitics. And it just piqued my interest. So I decided I was going to try and pursue more serious career in it at that.
SCV: And you clearly succeeded! What did you study in college? What were you planning to do before you got to where you are now?
Danielle: I studied Chinese language and world politics, so I had no concept of what I was planning to do. Originally, I wanted to be an author which is a completely different deviation from where I am now. I did want to use my language skills and I was determined to incorporate that in my day to day if I could somehow because I just loved learning languages. And it was an important time in my life.
SCV: And how did you learn everything? What did you do to read up and get knowledgeable on everything in the industry?
Danielle: I pursued a higher degree, so I went for graduate degree in digital forensics just to understand the computer itself — how you understand file changes, evidence, identification, things like that. And then I just read everything that I could, and I was asking a lot of questions and trying to get trained by people who were much more knowledgeable than me on those subjects. But I’ve been exposed to a lot of different cyber teams, like different dynamics. Cyber threat intel is one kind of small silo of the overall program anywhere. So I always make a priority of understanding what the other programs are doing. And that’s exposed me to a lot of different technical skillsets.
SCV: If someone is trying to get into cyber and learn more, what kind of books or podcasts would you recommend that they start with?
Danielle: I think everyone’s always going to recommend the SANS Courses, just to understand your discipline area. It’s really good to do a deep dive on what you’re planning to go into as a career or how you want to apply that skill set to your career. But networking with cyber professionals is the most direct, efficient way to go.
I mean, I can’t tell you the number of people who were willing to just have conversations with me. About what they were passionate about and how they do their work and learn much, much more that way, just shadowing those individuals so don’t be afraid to reach out.
SCV: What do you think is the most interesting component of cybersecurity is so far?
Danielle: It has to be threat intelligence. That’s what I’ve been doing for so long. I enjoy that problem — it’s really complex. I think a lot of orgs understand the value of intel, but they don’t necessarily know how to apply it in a meaningful way. So actually actioning the intel that you get and making sure that other teams understand it and use it in a meaningful way is really complicated in many instances, but I enjoy that problem.
I also think there tends to be an overemphasis on technical and technology solving problems that only humans can really solve. The emphasis on using tools to identify threats is one area of that. But I also think just relying on this technology to perform analyst assessments and to be doing the work on behalf of teams is the wrong direction to be going in. I think people are critical resource for any good cyber program. I would advocate for anyone who’s running a program or hiring for programs really spend a lot of time invested in developing your staff, making sure they’re not burnt out, their skill sets are being enhanced, they are happy and motivated to be there because I’ve seen instances where burnt out cyber teams aren’t necessarily just not effective, they’re actually a negative to the organization in terms of security posture. So that’s really important. It’s something that I’m passionate about is making sure that people feel like they’re being invested in as part of this industry.
SCV: Throughout your career do you have any defining or memorable moments that you’re particularly proud of?
Danielle: I’ve been able to travel a lot, so I’ve been exposed to different organizations globally, and I think I’ve been fortunate to have conversations with executives about their programs and how they approach the problem of security, how they approach cyber.
That’s been immensely valuable just as a learning opportunity. I think back fondly on that, but everyone I’ve met in this field has been super interesting and I’ve learned a lot from them. I’ve maintained some good relationships and good friendships from that.
SCV: What kind of advice would you pass along from your mentor to young people trying to break in to cyber?
Danielle: I would say having the skillset to kind of back up what you’re able to talk about. I think a lot of people go in with a strong understanding and they can articulate the concepts well about problems in cybersecurity and how to solve them.
For example, going into threat intelligence, I understood a lot about intel the discipline. I didn’t understand a lot about how it’s used in an organization and why it might be useful for decision-making or impacts on costs, impacts the business.
So making those connections is really important and that usually only comes from people who have been in the [space for a long time and understand the dynamics of that world.
Also, don’t be afraid to apply to things because they can be very intimidating, the job descriptions, but people bring skillsets to the roles that aren’t necessarily what the hiring manager had in mind, but are infinitely more useful.
And a lot of the focus is on technical skills obviously, cause it’s the cyberspace, but there’s more than just technical skills. I would draw on your entire your tool bucket too in those interviews to help describe how you might leverage your own skillset and your diverse experience into your role.
I would also encourage women in these types of interviews when they’re starting out in their careers — make use of what you think you’re good at. You don’t have to completely change your skillset just to feel like you’re going to fit in to the org, to the role. And if you’re good at operations use that and whatever you’re doing.
SCV: Is there any woman in tech or any role models in general that you look up to?
Danielle: Honestly, the women who are juggling a personal life on top of having a full high powered career have always been inspirational to me, just because it’s difficult to understand how you can do both. There are probably a lot of challenges and opposition. And balancing a family it’s incredibly difficult!