Updated on: September 25, 2024
SafetyDetectives recently interviewed Han Thazin Tun, a board member of The Diana Initiative. Han Thazin is a Security Engineer at Amazon, specializing in Physical Stores. With an impressive background in various aspects of cybersecurity, she has significantly contributed to the field through her expertise and dedication. In this interview, Han Thazin shares her journey into cybersecurity, her role at The Diana Initiative, and her insights on promoting diversity, equity, and inclusion (DEI) within the cybersecurity community.
Can you tell us about your journey into cybersecurity and what inspired you to enter this field?
My journey into cybersecurity was pretty straight forward once I knew I was going straight into grad school from undergrad. My interest in Information Systems started in my sophomore year when I took my BUS- K 201 The Computer in Business where I learned data management and Information Systems. I loved learning more about IS and my professor and mentor, Taryn Malher, definitely encouraged me to explore more into this field. Cybersecurity is always changing and as security engineers/managers, we always have to be on our toes and learn to adapt quickly. That thrill of learning new things excites me.
Can you give us an overview of The Diana Initiative and its primary mission?
The Diana Initiative aims to create a more inclusive information security industry where diverse individuals are represented at all levels. We host an annual conference where we bring a diverse group of individuals to discuss and explore topics on offensive and defensive security, purple teaming, and GRC.
How does The Diana Initiative promote DEI within the cybersecurity community?
We provide avenues for underrepresented individuals to get their feet wet in different fields of cybersecurity. We give financial support to our students who would like to attend TDI annually. TDI also aims to provide individuals who are looking to strengthen their red teaming skills through CTFs and coaching at villages.
Can you highlight some of the unique programs or workshops offered by The Diana Initiative?
TDI offers talks and workshops from industry speakers, career villages where you can get resume help and even professional headshots, CTF competitions, ICS and adversary villages, as well as a maker village. We aim to cater to a diverse group of individuals who are looking to get into or learn more about different fields in cybersecurity.
What are some of the biggest challenges The Diana Initiative faces in its mission to support underrepresented individuals in cybersecurity?
One of the biggest challenges is finding sponsors for our next TDI conference in Las Vegas or elsewhere. It is proving to be harder to find a company partner who is willing to support us in our mission to help underrepresented individuals in the industry. We definitely want to keep doing what we are doing and more – and for that to happen, we need our community’s support.
What are the key qualities you believe a successful cybersecurity professional should possess?
I believe that a successful cybersecurity professional should be curious, adaptable, and poised. Learning is always going to be an important aspect in cybersecurity – there’s new attack vectors everyday. SOCs operate in a follow-the-sun model and we should always be prepared to adapt to new changes in technology and threat landscape whilst coming up with new detection engineering and use of automation. Also, as cybersecurity engineers, we should be able to deal with fast-paced and even negative emotions while being able to think on our feet — no one likes when the whole house is on fire — but we will have to be calm and collected during security incidents.
About Han Thazin Tun
Han Thazin (she/her/hers) is a Security Engineer at Amazon, Physical Stores, with extensive experience across different cybersecurity domains. Her career spans email forensics, IT audit and risk assurance, threat intelligence, threat hunting, incident response, and purple teaming. An active speaker at notable conferences such as WiCyS, EDUCAUSE, and CPPC, she is known for her contributions to DEI work and technical threat hunting. Han Thazin holds several certifications, including SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Security Operations Certified (GSOC), and Certified Information Privacy Technologist (CIPT). She is currently pursuing her SANS GIAC Cloud Penetration Testing (GCPN) certification. Outside of work, she enjoys canyoning, mountain climbing, and hiking in the Pacific Northwest.
Can you tell us about your journey into cybersecurity and what inspired you to enter this field?
My journey into cybersecurity was pretty straight forward once I knew I was going straight into grad school from undergrad. My interest in Information Systems started in my sophomore year when I took my BUS- K 201 The Computer in Business where I learned data management and Information Systems. I loved learning more about IS and my professor and mentor, Taryn Malher, definitely encouraged me to explore more into this field. Cybersecurity is always changing and as security engineers/managers, we always have to be on our toes and learn to adapt quickly. That thrill of learning new things excites me.
Can you give us an overview of The Diana Initiative and its primary mission?
The Diana Initiative aims to create a more inclusive information security industry where diverse individuals are represented at all levels. We host an annual conference where we bring a diverse group of individuals to discuss and explore topics on offensive and defensive security, purple teaming, and GRC.
How does The Diana Initiative promote DEI within the cybersecurity community?
We provide avenues for underrepresented individuals to get their feet wet in different fields of cybersecurity. We give financial support to our students who would like to attend TDI annually. TDI also aims to provide individuals who are looking to strengthen their red teaming skills through CTFs and coaching at villages.
Can you highlight some of the unique programs or workshops offered by The Diana Initiative?
TDI offers talks and workshops from industry speakers, career villages where you can get resume help and even professional headshots, CTF competitions, ICS and adversary villages, as well as a maker village. We aim to cater to a diverse group of individuals who are looking to get into or learn more about different fields in cybersecurity.
What are some of the biggest challenges The Diana Initiative faces in its mission to support underrepresented individuals in cybersecurity?
One of the biggest challenges is finding sponsors for our next TDI conference in Las Vegas or elsewhere. It is proving to be harder to find a company partner who is willing to support us in our mission to help underrepresented individuals in the industry. We definitely want to keep doing what we are doing and more – and for that to happen, we need our community’s support.
What are the key qualities you believe a successful cybersecurity professional should possess?
I believe that a successful cybersecurity professional should be curious, adaptable, and poised. Learning is always going to be an important aspect in cybersecurity – there’s new attack vectors everyday. SOCs operate in a follow-the-sun model and we should always be prepared to adapt to new changes in technology and threat landscape whilst coming up with new detection engineering and use of automation. Also, as cybersecurity engineers, we should be able to deal with fast-paced and even negative emotions while being able to think on our feet — no one likes when the whole house is on fire — but we will have to be calm and collected during security incidents.
About Han Thazin Tun
Han Thazin (she/her/hers) is a Security Engineer at Amazon, Physical Stores, with extensive experience across different cybersecurity domains. Her career spans email forensics, IT audit and risk assurance, threat intelligence, threat hunting, incident response, and purple teaming. An active speaker at notable conferences such as WiCyS, EDUCAUSE, and CPPC, she is known for her contributions to DEI work and technical threat hunting. Han Thazin holds several certifications, including SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Security Operations Certified (GSOC), and Certified Information Privacy Technologist (CIPT). She is currently pursuing her SANS GIAC Cloud Penetration Testing (GCPN) certification. Outside of work, she enjoys canyoning, mountain climbing, and hiking in the Pacific Northwest.