Minerva recently hosted Career Boost, a one-day mentorship and career readiness event, in Vancouver for self-identified girls and gender expansive youth aged 15-24. One of the program highlights was the opportunity to connect with inspiring leaders from dozens of fields during the mentor roundtable discussions. One of these senior leaders was Nazanin Rezvani.
Nazanin is a Cybersecurity Advisor and Vancouver Community College (VCC) Instructor for a new post degree diploma program in Cybersecurity Governance, Risk and Compliance which is launching in January. As a Software Engineer with a Master’s degree in Information Systems Security, and over 10 years of experience in the cybersecurity field, she is an expert in developing and implementing security strategies for large-scale enterprises, including Aerospace, Financial, Retail, and Energy.
We spoke to Nazanin about her career path, experience as a mentor, and trends she is seeing related to the future of work.
Q. You worked at Microsoft Canada as a Senior Cloud Security Solutions Architect. You have also worked for KPMG, EY and Deloitte Canada in the area of Cyber Security. Upon completing your undergraduate degree in Computer Software Engineering, is this the path you expected your career would take? Has anything about your career surprised you?
A. My journey into cybersecurity and my current role as a cybersecurity professional were quite unexpected. After completing my bachelor’s degree in software engineering, I quickly realized that sitting behind a desk all day programming and designing software wasn’t fulfilling for me. I needed more tangible results and the delay of seeing the final results of my work made it hard to stay motivated.
Seeking a more hands-on approach, I explored the hardware side of computer science and completed courses such as CompTIA A+ to learn computer troubleshooting. This led me to join a medium-sized company in an IT help desk role. I loved the interaction with almost everyone in the company, and provided technical troubleshooting, whether it was resolving network connection issues, computer troubleshooting, or even printer problems.
I spent many hours in cold, noisy server rooms observing a colleague who managed the company’s network and servers. Watching him control traffic through firewalls and monitor internal communications fascinated me, sparking my deep interest in network security. To further my knowledge, I took CCNA and CCNP classes, learning how to configure Cisco routers, along with some Microsoft courses on server administration and Active Directory.
The ability to control and eliminate specific behaviors fueled my curiosity. My passion for cybersecurity grew, and I decided to continue my education in Canada, earning a master’s degree in Information Systems Security at Concordia University. There, I delved into cryptography and security from an academic perspective.
After completing my master’s and a short internship at Bombardier, I entered the consulting world, where I spent seven years at Deloitte, EY, and KPMG working on diverse projects across various industries. The fast-paced nature of consulting helped me discover my passion and align it with my strengths and personality. This journey has ultimately led me to work at Microsoft for more than three years and finally to where I am now, a cybersecurity professional who thrives on the challenges and dynamic nature of the field.
What has surprised me most about my career is how the cybersecurity landscape is constantly changing, and staying ahead of the curve requires a commitment to ongoing education and a willingness to embrace new challenges and opportunities.
Q. In our youth programs, we often say we are preparing youth for careers that don’t exist yet. How have you seen your career/work evolve in the past five years? What are your predictions for careers in the field of cybersecurity in the near future?
A. Over the past five years, my career in cybersecurity has evolved significantly, reflecting broader industry trends. With advancements in technology, and cloud transformation there has been a shift towards automation and proactive threat detection. For instance, the use of AI and machine learning has become integral in identifying and mitigating threats more efficiently.
Additionally, I have noticed the significant amount of attention that all sizes of organizations now pay to cybersecurity as they deal with more regulations and the critical importance of protecting personal data. Cybersecurity has become a top priority for everyone.
Furthermore, we are witnessing the expansion of cybersecurity roles, such as cybersecurity data scientists, to address the evolving threat landscape. The field is dynamic, with new threats emerging almost daily and technologies continuously evolving to counter these threats.
One of the most surprising aspects of this evolution has been the increasing importance of interdisciplinary skills. Cybersecurity professionals now need to understand not just technical aspects, but also human psychology, legal implications, and business strategies to effectively protect organizations. This shift has led to a more collaborative approach, where teams with diverse expertise work together to develop comprehensive security solutions.
Q. You recently participated as a mentor at Minerva’s Career Boost event and you also serve as a mentor for the UBC Computer Science tri-mentoring program, where you help students develop their skills and pursue their career goals. What are the main challenges/concerns you are hearing from youth about taking the next steps in their career journey?
A. First of all, well done to Minerva for organizing such a high-quality Career Boost event! When speaking with youth, there are two main things I have noticed. First, many are concerned about not having technical skills. Second, there is a lot of ambiguity and uncertainty about what they want to do in the future.
Some recommendations I have for youth include: If you are preparing for an interview, try to demonstrate your soft skills and give examples that are authentic to you and your experience at school, in life, or during volunteer work. I don’t want to hear only that you love cybersecurity because it is trendy. Show how your unique experiences have shaped your interest and skills.
Beyond technical skills, there will be a growing emphasis on communication, critical thinking, and risk management. These skills are essential for effectively navigating the complex cybersecurity environment.
Also, be flexible to change. Don’t be afraid of taking risks. If you find out you don’t like what you initially choose, it’s okay—you can change direction. It’s never too late to pursue what you love and what you are passionate about. Remember, all your past experiences won’t be useless; they will add value as you explore new opportunities.
Q. For women interested in a career in cybersecurity, what advice can you offer?
A. Think of starting as a journey, and the first steps are key. There are plenty of training programs and online courses tailored for people new to cybersecurity, even without a technical background. It’s a broad field, so explore areas like data protection, risk management, or threat hunting and security monitoring. Finding your passion is crucial. Do you lean more towards solving puzzles and analyzing patterns? Then, diving into a security analyst role could be for you.
Stay curious. The cybersecurity landscape is always changing, and continuous learning will keep you ahead of the curve. Connect with other professionals, join communities, and don’t hesitate to ask questions. Your unique perspective is valuable in this field.
Q. VCC is known for programs that promote job readiness and academic skills that can be applied in the real world. Many cybersecurity programs require a technical background, why is it not so for the VCC program?
A. The VCC program focuses on cybersecurity Governance, Risk, and Compliance (GRC), which is about policy development, risk assessment, and compliance with regulatory standards. In GRC, the focus is less on technical skills and more on understanding organizational needs and managing risks in a way that aligns with business goals. As I shared earlier, cybersecurity in this field takes an interdisciplinary and collaborative approach.
To give an example, imagine a situation where a company is setting up a cybersecurity framework:
Governance is like laying down the company’s cybersecurity “road rules.” A GRC professional develops guidelines for data protection, like who can access certain files, to ensure employees follow safe practices. This could mean implementing policies for strong passwords or reporting suspicious activities.
Risk Assessment then identifies and evaluates potential “road hazards.” The GRC professional assesses risks to understand where the company might be vulnerable to cyber threats, like phishing or data breaches, and prioritizes which risks to address first. Just like mapping out accident-prone areas, they help prevent security incidents.
Compliance is about making sure the company follows these “road rules” and meets regulatory requirements. A GRC professional ensures that the organization adheres to legal standards, like data protection laws, so it avoids penalties and maintains its reputation.
This is why programming or coding skills are not required for a career in GRC. Instead, success in this field relies on a strong sense of business acumen, attention to detail, critical thinking, communication skills, and an understanding of industry standards and regulations. People with these skills can thrive in GRC by helping organizations navigate complex cybersecurity landscapes and protect their assets.
VCC is launching a post-degree diploma in Cybersecurity in January. Graduates will be prepared for roles like cybersecurity risk analyst, security specialist, IT auditor, and other related professions. Thanks to support from the Ministry of Post-Secondary Education and Future Skills, VCC is offering a limited number of seats at a significantly reduced (50%) tuition rate.
To find out more: