This image is public domain. Hooray for public domain!
Last fall, I interviewed six women and non-males who have exciting careers in cybersecurity. Those articles were all published in Tripwire’s State of Security blog.
Ideally, all people in our field, regardless of gender, race, ethnicity, age, nationality, and sexual orientation, would simply be regarded as “people who work in information security.” Unfortunately, we work in a male dominated field, and sometimes dealing with sexism affects our careers.
I think it’s especially important to encourage more women and transgender people to consider careers in cybersecurity. So my interview series shines a spotlight on some of the brightest minds in our field — who just so happen to not be male.
My series was very well received. So, as spring arrived I decided to continue it. The first new interview for 2017 is now on Tripwire’s State of Security blog. Check out my new interview with Dr. Jessica Barker here.
I’ve decided to republish my interview series from last fall here. Please enjoy them!
And if you can spare a few bucks, please consider contributing to my Patreon. I don’t get paid for my Medium published articles, and the trickle of money here and there that I receive from my generous patrons helps keep me going. Thank you!
There’s also a way you can help me that won’t cost you any money at all. Click on the little green heart if you like my article, it’ll help with my visibility. Most appreciated!
Women are vital to the information security field, but there are relatively few of us. Speaking to women in our industry gleams insights about how we’ve ended up in that male dominated field and perhaps how to attract more of us.
I first interviewed Tiberius Hefflin, a Scottish security analyst who’s working in the United States. Then I spoke to Tracy Maleeff, otherwise known as @InfoSecSherpa on Twitter. After years of working in different fields, including as a legal librarian, she found infosec and her own business. Then I spoke to Isly, who’s a penetration tester for a defense contractor.
For my fourth interview, I spoke to Kat Sweet. She’s an example of how learning to code may sometimes open doors.
Kim Crawley: Hello, Kat! How would you describe your job and title?
Kat Sweet: I’m a full-time network security student, and I also recently started a job as an information security analyst.
KC: That’s impressive! How did you get the analyst job?
KS: At the entry-level, it seems like what matters most is showing dedication and a desire to learn. I had also just finished up interning in a SOC, so I’m sure having that technical experience helped.
KC: Did you show technical aptitude as a little girl?
KS: I’m a latecomer to tech. As a kid, I had qualities that were transferrable to tech. I like to create things, and I was curious about the world around me. But tech wasn’t a huge part of my life. We didn’t have a computer in the house until the late 90s.
KC: How did you get into computing?
KS: A few years back, in the midst of trying to figure out a new career, a few friends suggested that I try learning to code. I struggled with it quite a bit, but it opened up a whole new realm of things for me to learn about.
I knew a few people who worked in security, and the more conversations that I had with them, the more I got intrigued by what they were working on. Of course, I still had it in my head that it was too late for me to work in security because I hadn’t started hacking as a child. It wasn’t until about two years ago that I realized I could make a career of it.
KC: Do you think you would’ve gotten into it earlier if you were male?
KS: Maybe the option would have been presented to me somewhere along the way. The influence wouldn’t have come from my parents, though. They were never tech-forward people, and I don’t think it ever occurred to them that tech was something they could push me or my brother toward.
KC: Did you face any sexism while pursuing code and IT?
KS: While I’ve been fortunate to have a great group of friends, men and women, who’ve supported me throughout my career change into security, I’ve encountered my fair share of sexist behavior. One of the first things that happened to me at my first security convention was get hit on. When I was still new to the community, various people would mistake me as just someone’s non-technical “plus one.”
(Which is not true, by the way. Non-technical does not mean “not worth talking to” or “not worthy of respect.”)
KC: What sort of development did you get into when you started to learn how to code?
KS: The first language I started learning was Ruby. In hindsight, it’s not a very friendly first language to learn. Later I started learning some front-end web development. I took a class and went through some tutorials on HTML, CSS and JavaScript. I found myself wanting something broader than just code… I wanted to learn more about all of the systems that my code was controlling. I wanted to see how it fit into the larger picture of computing.
KC: Was it pretty much all web development? Frontend and backend?
KS: Mainly, though I was having trouble figuring out how to bridge the gap between doing introductory-level tutorials and being able to think like a programmer. It’s only recently that I’ve been able to start taking a problem-solving mindset and apply it to scripting.
KC: What helped you with that epiphany?
KS: I had an instructor last semester for System Administration Security (basically Bash and PowerShell scripting) who was very good at imparting that problem-solving process. Taking a large, overwhelming problem and breaking it down into granular steps. But on a larger scale, another part of that epiphany came with not being so scared to fail at technical tasks anymore. When I first started getting into tech, I felt so much pressure to be a beacon of perfection, like my whole gender was on trial.
KC: So, that was one way that sexism in tech may have affected you.
KS: Absolutely. We need to be given license to fail in order to learn and grow. When we feel like we can’t do that, it helps no one.
KC: I think impostor syndrome is very common in us. Do you think there are advantages to being a woman in infosec?
KS: It is to infosec’s advantage to have more women involved. Studies have shown repeatedly that everyone problem-solve better in more diverse groups, and having a wider range of life experiences gives people a more complete picture of the security landscape.
KC: How did web dev (eventually) lead you into infosec?
KS: I should clarify that I never worked as a dev; this was always just self-teaching on the side while working in a non-tech job and trying to figure out the next move.
KC: But you were learning it.
KS: Yup! As I mentioned, I kept wanting the larger picture, and security is great for that. It touches every field of technology. I knew a few people who worked in security and started going to cons. My fascination with it really took off when I started playing around with CTF practice sites like Hack This Site and Over the Wire. I loved the puzzle aspect of it, and I loved that every challenge prompted me to go learn something I didn’t know. I could spend hours getting sucked into solving challenges, and I still do!
KC: That’s awesome. Did you need any credentials for your current analyst position?
KS: I don’t know whether it helped that I already had a bachelor’s degree, (Not in a tech field; it was gender and women’s studies.) but I think the degree and certs probably fell into the category of “nice to have, but not required.”
KC: Now, you’re in Wisconsin. Is that really a tech hot spot?
KS: Madison has a growing tech presence. It’s the state capital and the home of a large research university, so those are two big tech employers. Epic, the medical software company, is just outside of Madison. In recent years, more dev shops, startups and game development companies have started to pop up here. Google even has a small office in Madison.
KC: You learn something new every day!
If a young girl was reading this who was curious about an infosec career, what would you say to her?
KS: “Get in, loser. We’re going hacking.”
KC: Nice. What do you think is the biggest problem in infosec these days?
KS: Empathy, both within infosec and in interactions with the non-infosec world. We spend so much time trying to understand how technology works and forget to understand how the humans behind the technology work.
KC: Yeah. Social engineering’s a huge problem. Laypeople assume that “hacking” is a guy in a hoodie typing 100 words per minute. I find social engineering’s the biggest vulnerability by far. Trojans are exploding.
Do you have any last words about women in infosec?
KS: Oh man, I have so many words! But I will say, if you’re a woman of any age who’s interested in infosec, we want you to succeed, and we want to give you the tools to help make that happen. There may be roadblocks along the way, but to quote one of my favorite drag queens Latrice Royale: “It’s okay to make mistakes; it’s okay to fall down. Get up. Look sickening. And make them eat it.”
You can follow Kat Sweet on Twitter at @TheSweetKat
If you enjoyed my article, there are two ways that you can help me.
First, you can click on the little green heart to recommend my article.
Secondly, you can make a small donation to my Patreon. Thank you!