\"I'm glad that I took a chance with not knowing the new role 100%. I think sometimes people feel they have to know how to do the whole role before they even apply for it or entertain it.\"

• Sanju encourages stepping out of comfort zones.
• New roles bring new perspectives on cybercrime.
• Develops innovative security solutions.

\"I said, well, you're right. I don't have direct security experience, but I've worked with networks, I've worked with desktop, I've worked with UNIX Admins.\"

• Sanju leveraged her IT background.
• Transferable skills are valuable.
• Broad IT knowledge aids vulnerability management.

\"I can teach the security stuff.\"

• Steve believes in training staff.
• Emphasizes potential over experience.
• Addresses identity and access issues.

\"We grew out that team to help protect from viruses to going on with websites.\"

• Sanju covered viruses and web security.
• Combining efforts strengthens defenses.
• Comprehensive approach reduces vulnerabilities.

\"Over half of our staff were non-security people, meaning we move them into being security people.\"

• Steve highlights training internal staff.
• Expands team's skill set.
• Effectively addresses vulnerabilities.

\"Whenever I have new roles to fill, I always look internally first and I look for those folks that are in the desktop or network operations that want the next challenge or have a lot of, you know, creative ideas on how to resolve things and build out those relationships.\"

• Sanju prefers hiring internally for security roles.
• Internal hires understand company systems.
• They enhance identity and access management.

\"I find that people that have done desktop support, sysadmin or even help desk have been some of the best security analysts I've ever hired because they know the technologies and the tribal knowledge on how the processes work and how the technology is deployed.\"

• Steve values hiring from desktop support roles.
• They understand technology and processes.
• They can address vulnerabilities effectively.

\"And then we grew to PKI and certificates and Wi Fi and it just kept rolling one after the other.\"

• Sanju expanded security to include PKI and certificates.
• Strengthens identity and access management.
• Evolving security protocols are necessary.

\"You'll want a security person that's able to build those relationships with all these groups because security is part of everybody's role. And I have to build the relationship, build the trust and get people to do things that sometimes they don't wanna do.\"

• Building trust helps implement security measures.
• Security is everyone's responsibility.
• Effective communication encourages adoption.

\"I came in as a security engineer into the company and we grew out that team to help protect from viruses to going on with websites. And then we grew to PKI and certificates and Wi Fi and it just kept rolling one after the other.\"

• Sanju built a team addressing multiple cyber threats.
• Emphasizes adaptability and continuous learning.
• Highlights need to evolve security measures.