Cat Cura, Application Security Analyst at Vend by Lightspeed

Having never imagined herself working for a tech company and destined to follow her parent's path into accounting, a conversation with her brother convinced Cat to explore Computer Science instead.

We caught up with Cat to learn more about her career journey into working as an Application Security Analyst at Vend by Lightspeed, her day-to-day role, and her take on some common misconceptions about working in the cyber security space. Cat also share some career advice that has helped her along the way.

Thanks for sharing your story, Cat.

Firstly, how would you explain to a five-year-old what it is you do?

Imagine you’re collecting toy cars that come in a limited set edition release. You asked your dad to buy it for you on your birthday. To get this toy, your dad needs to purchase it from your favourite Toy Shop online and it will get delivered right in front of your house.

However, there are bad guys out there who want to purchase those toy cars before you by stealing your dad’s money, and we prevent those bad guys from doing it.

And for the adults, what does that translate to in regards to your day-to-day?

My day-to-day includes daily stand-ups and virtual coffee chats within my team. Being part of the retail security team allowed me to work with different stakeholders and engineers in understanding threats and impacts of security issues on our environment.

I help the team in our vulnerability management program which includes managing our public and private bug bounty programs. We invite security individuals with unique perspectives and skillsets to help us identify issues with security impact in our application.

Running these programs allowed us to scale our security testing efforts in a more cost-effective and efficient way. I also get involved in responding to security incidents internally that help us improve our existing processes, controls, and the way we handle our retailers’ data.

We help delight our retailers by making it our top priority to protect and keep their data secure which include their business and customers’ information.

What are some of the common misconceptions about working as an Application Security Specialist?

When I say I work in cyber security, people ask me, “Can you hack someone’s Facebook or Instagram for me?” People who don’t know that ethical or white hat hackers exist always think that hacking is bad because it has been stereotyped as an illegal or criminal activity.

Another common misconception is when people think they can no longer pursue a career in cyber security because they are not good with programming or did not have a degree in IT or a similar field.

Although acquiring a degree is a prerequisite for some companies, everyone has an opportunity to embrace programming and learn more about this field through available tools such as online course tutorials, videos, coding and hacking projects in a safe environment.

The last misconception is when people think only men get to become successful in this career. Women can code and can hack, too (in a good way). With training, dedication, and network support, women can succeed in cyber security as well.

Was working in tech something you dreamed about doing as a kid, if not what was?

I have never imagined myself working in a tech company.

As a kid, I enjoyed problem-solving, doing puzzle games, and trying to figure out how things work. I began to recognise that there are always different and endless possibilities for solving a puzzle game or math problems.

I saw myself pursuing a job as an Accountant like my parents which, was my first choice of degree. When applying for universities, my brother convinced me to take a degree in Computer Science because the IT industry was one of the most in-demand jobs.

I listened to my brother’s advice. As a freshman student, I experienced the culture shock of adjusting to a university and saw an uneven ratio of men and women in my classes which affected the way I connected with people during my first semesters. I thought I was good at solving problems, but I struggled with my programming classes.

In my second year at uni, we were required to choose a specialisation where I chose Network Engineering because the program track looked promising. It offered a good balance of hardware and software courses related to network devices and Cyber Security.

Courses such as ethical hacking, security web development, and forensics were included in this specialisation which sparked my interest to pursue a career in tech. One of my lecturers told me that jobs in cyber security will eventually start to spike over the next decade and that’s when I started to dream of pursuing a career specifically related to cyber security.

Tell us a little bit more about your career journey and ultimately about how you ended up working at Vend?

After finishing my degree, I was invited to join a Hackathon event for new graduates. It was a two-day free event of learning from the work experiences of “white hats” or certified ethical hackers, including a capture the flag (CTF) competition, a game designed on how to hack in a safe environment.

Luckily, I was one of the top three teams who won the CTF prize of getting offered a job to be part of the company’s software security team. I was so happy I was able to secure my first job. I got assigned to a security team that validated weaknesses or vulnerabilities in web applications and security issues in source codes.

Two years later, a former colleague invited me to join a research team of ethical hackers called SpiderLabs, where they provide pen testing services. I wasn’t testing pens by the way. I performed security testing against business organisations by trying to get in or break into their internal systems before a real hacker does.

A few years later, my sister convinced me to look for work in New Zealand, her dream destination country. With a few online applications, I got offered a role to join Datacom’s cyber security team as a Security Analyst which led me to move to New Zealand as a migrant.

After a couple of months, I had the chance to explore NZ’s capital city, Wellington and it felt like home to me so I decided to live there to take a new job offer with an independent security company. I continued performing specialised security testing in different government agencies and the bank industry.

I stayed half a year in Wellington when I heard about Vend by Lightspeed’s vacant position within the security team from a headhunter on LinkedIn. As I was browsing through Vend’s website, I instantly had positive vibes and told myself, “ I want to be part of this company someday, it seems like a happy workplace here.”

Joining Vend in 2019 is one of the biggest highlights of my career journey. Not only that I found a deeper purpose in my career, but I also found a new home with the Vend by Lightspeed family. This was the best career move decision that I made.

What is the best piece of career advice you have ever received?

When I was studying for a security training course as part of my learning and development, my manager told me not to focus on the destination – not even the practical exam day or results of the exam; but to focus on the journey.

Oftentimes, we have tendencies to fix our eyes on the destination and on our expectations to meet our desired end results, only to find ourselves losing track of the journey. While it is great to pursue a goal with the intent to reach our desired destination or place where we want to be, it is about going through the journey that’s more important.

Lastly, never compare your journey with others. The more you start trusting the process and owning the journey, the less you feel the need to compare yourself to others that helps you avoid unnecessary anxiety along the way. Embrace the career journey that is unique to you and make the most out of it.

What do you love about working at Vend?

The very core of Vend by Lightspeed’s heart and who it is as a global company is its people and customers. It’s evident in the values and culture within the workplace that highly promotes diversity, equity, and inclusion initiatives.

Everyone is supportive and encouraging especially when it comes to personal learning and development. I also love how everyone takes time to celebrate small and big wins and is able to recognize each one’s contributions. No matter how big or small, every contribution counts and makes an impact on our retailers. I

t was when I joined Vend by Lightspeed that I found a true purpose in my career – delighting our retailers by ensuring their data is safe with us and that’s my biggest takeaway.

Lastly, Vend continues to grow and evolve, what are the key traits and characteristics of people that will be well placed to work there?

When there is growth and continuous evolvement in technology, ultimately, there are changes. It’s in our nature to feel worried and scared when there’s a chance. The ability to embrace change in the workplace would be an excellent key trait that can bring growth to yourself both personally and professionally.