She started college at 16. Moved to another country at 19. And worked full-time throughout her years of higher education. Suffice it to say, taking on challenges is not a problem for Ani Agajanyan.
So it’s no surprise that she didn’t shy away from the male-dominated engineering field. Or that 10 years into her career as a software engineer, when presented with an opportunity to change fields to one that had long intrigued her, she went for it. Or that when Georgia Tech offered an online cybersecurity master’s program for the first time, she jumped onboard.
The challenges started early. Agajanyan was born in Armenia and moved with her family to Russia when she was a teenager, not an easy time to land in new territory. She rose to the occasion and soon was accepted to university in Moscow. But her parents were nervous about her being alone in an unfamiliar city, so she returned to Armenia for college. She then won the lottery - literally - when she applied for entry to the U.S. through a diversity visa program, also known as the “green card lottery,” and got it. This time, her parents weren’t as anxious about her striking out on her own, far from home. “Because I had proven I had a head on my shoulders and was responsible,” she explained.
Although her college credits didn’t transfer, that didn’t deter her. She packed up and moved to Ohio, where she started over, earned her bachelor’s degree, and began her career. “Both of my parents are software engineers. I followed in their footsteps.”
And then an opportunity appeared: a position with the security group where she worked, helping to build systems to protect applications. Agajanyan had been looking to specialize, and although this was a lateral move, it was a chance she couldn’t pass up. She joined the team and decided to make software security her focus.
“I find security engineering more challenging, creative, and fun,” she said. “A software developer's job is to construct a building with a treasure (the user’s data) locked inside. It should be built in such a way that authorized users have easy access to the treasure whenever they desire by using a secret key (their password). My job as a security engineer is to find a way to enter the building without the key. I need to be creative, like a hacker, and think of how I could possibly steal the key from the user, pick the lock to the main door, use the back door, climb through a window, go through the roof, or maybe dig a tunnel. There are countless possibilities. To be a great security engineer, I not only need to understand how applications and operating systems are built and work, but also to think outside the box in order to circumvent the existing security guardrails. Then I need to help software engineers patch the vulnerabilities to build more secure systems. That is why I find the specialty fulfilling and exciting.”
When she learned about the Georgia Tech's Online Master’s of Science (OMS) programs from work colleagues, she was immediately interested. But at the time, no cybersecurity OMS degree was offered. Agajanyan signed up for the newsletter and asked to be notified if a master’s in cybersecurity ever launched. “And then one day, I got the email saying the program was available, and I signed up for it right away.”
While she had taken a full course load and worked full-time as an undergraduate, she quickly discovered that doing the same at the master’s level was a different story. “It’s very challenging,” she said. To anyone starting out, her advice is “to take only one course per semester in the beginning, see how that works for you, and then start adding.” The flexibility that comes with virtual learning, she said, has been key.
“The program has given me a different understanding of certain aspects of security,” she observed. And while she may not be directly applying them right now, “knowing them helps me do my job better by understanding it on a deeper level. It’s not one-to-one - I learn something and then I use it at work right away - but certain courses help me do my job better and much faster.”
Combining software engineering with cybersecurity, she thinks, gives her an edge. “I find that as a security engineer, I have a niche skill set where now I understand security on a deeper level. If someone starts as a security engineer, they don’t do software that much. They know the complexity, but they don’t know it as well as I do because I have built software, and I know what developers do and the shortcuts they can take. I believe I am a better security engineer than people who just specialized in security engineering from the get-go.” And that edge paid off. One year into the program, Agajanyan applied for a security engineer position with Amazon and was hired.
She is passionate about the need for software engineers to be more aware of security. “Moving forward, companies need to hire software engineers who understand security and prioritize it. During the interview process, software engineers are tested on their knowledge of data structures, algorithms, and how to build user-friendly, efficient systems. However, they are not tested on their knowledge of how to build secure applications.”
“I strongly believe that, as a security engineer, I should not be spending my time catching basic vulnerabilities and teaching other engineers why data encryption is important and why secret keys need to be rotated periodically,” she continued. “Every engineer must understand and implement basic security controls. The job of a security engineer is to spend the majority of their time making sure all not-obvious edge cases are also covered. Because that is what attackers spend their time on.”
And if there is anyone is up to the challenge of taking on the ever-increasing threat of hackers, it is Ani Agajanyan.