Lola Kureno is an Israeli-born cybersecurity engineer living in Tokyo and working for IT training and certifications provider INE. An expert pentester and ethical hacking advocate, Lola shares cybersecurity career tips and discusses how a single event changed her life forever and set her on an unexpected professional path.
Interested in more cybersecurity career insights? Discover what makes a state-of-the-art SOC.
You have quite an amazing career story. You set out on a very different path, and then a major event changed everything. What happened?
It’s quite a long story. My background was not in tech at all. Since I was three years old, I was a classical ballerina. That’s what I was set to be my whole life, or so I thought. I was a professional. I was with dancing companies and had all my life centred around classical ballet. That’s all I knew how to do.
And then I had a very bad car accident. I spent six months in the hospital, plus two years of rehabilitation just to get back on my feet. It was really bad. I was a passenger in my coworker’s car. She broke a couple of bones but was okay. But it was a frontal impact for me, and it was not only the physical side of things. It is not good for your mental health to think that all that your life is about can end in a second.
After I was kind of physically recovered, I really didn’t know what to do. That’s why I left the US, where I was living, and went to Europe. I spent about a year not doing anything. I didn’t know what to do with my life.
Later I went to Lisbon and that’s where I met my husband and got married. We moved to Tokyo, and life here was very different from anything that I was used to. And eventually, I had to get a job, but I didn’t know how to do anything else besides ballet.
So, I got a normal job in a company, like 8 to 5, but I wasn’t happy. It paid, but it wasn’t anything that let me be ambitious, be competitive, learn and study. It was boring. Get back from work and watch TV, go to sleep and repeat. The same routine. It didn’t make me happy.
And then you found tech. Why did you go into IT and pursue a career in cybersecurity?
Computers were always a hobby for me. My father was an engineer, and I got my first computer when I was really young. But it was just something I did when I had time.
And I shared with my husband that I was feeling like I was a waste, that I wasn’t doing anything. And he said “well, you shouldn’t. You’re smart just do something with the computer. You like computers.”
But, you know, I had that image, that thought that if I didn’t have a degree in engineering or computer science or something related, I couldn’t do anything. And I was in my early 30s, I was not a kid anymore.
I didn’t know what to do, so I started researching about maybe getting a first degree, something like that that I could do. And I came across something along the lines that you could actually hack for a living. And I was like really, hack for a living? That was very intriguing to me. I was very curious about it. So, I started researching and that’s when I learned about cybersecurity and something got into me. I started researching more career options and that’s how it started.
So, how did you actually get started in your cybersecurity career?
After discovering all of this, I couldn’t think of anything else but that. I still had my full-time job, but I would come back from work and be back on the computer. I did that on the weekends.
And, talking to people, I met someone who was studying for the eLearnSecurity Junior Penetration Tester (eJPT) certification. And he said, well, there is this platform where you study and, when you feel ready, you just buy the test, take it and can get certified. I had read about some other certifications, but I didn’t feel qualified to take any of them. I was just starting, you know.
So, I would study every day using materials from the cyber mentor Heath Adams. He was my first big source of information. And then I started looking at cyber security content from Neal Bridges. That was another community that really gave me lots of information. From there, I met many amazing professionals like Phillip Wylie, an amazing pentester who now is a personal friend of mine besides being a colleague in the industry.
And yeah, that’s how it started. I eventually took the eJPT test and passed it. Later, I got an internship, being an intern for Neal Bridges’ personal consulting company. I spent some months being his intern and learned a lot of things.
I was learning continuously. It was an everyday thing. I didn’t do anything else, just study. And then the opportunity to work at INE was presented to me, and I took it.
What does your current position as a cybersecurity engineer involve?
Actually, penetration testing is just a small portion of my current job tasks. I do much more than that. I would say that penetration test is maybe like 15% of it all, 20% perhaps.
Lots of what I do involves talking not only to coworkers but talking to clients. If you don’t know how to talk to people, you’re behind. So, you need to have those soft skills.
Are programming skills a must for a successful cybersecurity career?
You don’t need to be a developer, you don’t need to be a coder. But it helps to at least to understand what’s going on in a piece of code. You use Bash, PowerShell, Python, Go, Ruby. Those are some of the languages that we are always using.
You don’t need to know how to use these languages at a development level, but knowing what’s going on helps. If you come from a development background, it helps. Absolutely, very helpful.
What skills would you recommend others to focus on to advance their cybersecurity career?
would say that it’s wonderful that you’re focusing on all your hacking and pentesting skills, but know that you need some other skills to go with that.
Right now, a big part of my routine is learning cloud. My job is a lot in the cloud. Of course, I’m still studying pentesting, but I am studying cloud because I need it for my job. I know the fundamentals, but I still feel that’s not enough, and cloud it’s now a crucial skill for the whole cybersecurity world. It doesn’t matter what your job is in cyber: you need to know some cloud.
What other advice would you give to people pursuing a cybersecurity career?
There is always room for improvement. It doesn’t matter if you are someone who’s one year into the industry or 10 or 20. There is always something new to learn. It doesn’t stop.
Talk to people. Don’t hide behind your computer screen. Network.
Also, make sure to have an active LinkedIn profile. Many people think that LinkedIn is only for job hunting, so after they finally find a job, they let their LinkedIn profile die, and that’s a big mistake.
The fact that you already have a job doesn’t mean you shouldn’t be open to opportunities. There are always things to do, not only your full-time job. So, keep networking, keep talking to people.
Go to conferences. If you can’t go to a conference, volunteer for them. Volunteering for conferences gives you the opportunity to be in contact with wonderful people. Brush your soft skills.
And if you’re not in the industry yet, if you’re still hoping to get your first cyber job, finding a mentor is a good idea. Plenty of people would be very happy to help you out. Don’t be afraid of connecting to people.
Lastly, don’t give up. Many times, when I was job hunting, I came very close to giving up. But, since I had networked so much, I had so many people who knew that I was job hunting. And they didn’t let me give up. That’s another benefit of networking. These people have your got back, they keep you accountable, they keep you on track. So, don’t give up.
It’s hard. You will get many noes for silly reasons. You will get 10, maybe 15 or 100 noes. But you will get that yes.
For more tips about pentesting and cybersecurity careers, make sure to follow Lola on Twitter and LinkedIn.