They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule.
In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond. All five have given excellent advice along the way.
In parts
one and
two of this series, we looked at
Dr. Jessica Barker and
David Prince. In part three, we’ll catch up with the highly technical and amazing
Holly Williams.
Holly and I met at BSides London. While watching her talk "Offensive Anti-Analysis," I was completely amazed at her pure technical skill. Holly stood out because she is so technical and passionate. Even better, she never looks down on others who are just starting out. Her passion carried through to every aspect of her being, and her friendliness made me want to join her adventures.
Oftentimes, you will hear of "women in technology/security" and how much of an inspiration they are to young women starting out. This is exactly what Holly and Dr. Barker are. They’re both passionate, inspiring women, yet they are always there to help clarify even trivial things.
When was a time you failed or felt like you did, and what brought you back?
I think it's important to remember that we fail everyday, but that doesn't have to set us back. Passionate people often set unachievable goals, and failing to meet those goals can be demoralizing.
I personally do this a lot. I'll have a project and set a mental deadline, but I'll often forget that I'm only a human and that I need to sleep. Consequently, these little deadlines get missed, and that puts a downer on a project.
For me, it's important to remember that we're all noobs. We all have progress we can make, and that progress can't be instantaneous. Set goals, be passionate, but remember to take breaks – your output will be better for it!
I write a lot, and I never feel happy with the work that I produce, but I force myself to put it out there because I know it can help people. Just little messages like, "Hey, I learned a thing, and it might be useful to you!" I'm never happy with my written work or my conference talks, but the good feedback I get always brings me back.
What are your motivators?
Learning and helping others. For me, I love to know how things work, so I tinker, pull things apart, look at the cogs, and try and work it out. Once I get there and I think I've made a little progress, I try and pass that on to other people.
My biggest motivation is helping others, and by getting under the hood myself, I might just learn something worth sharing.
Who’s inspired you?
Natalie Silvanovich and
Oona Räisänen. I've seen conferences talks from both; they stood out for the same reasons. They both spent hundreds of hours becoming intimately aware of the inner workings of their chosen systems. Natalie is well known for her work breaking Tamagotchi, and Oona is the same for her work on Radio and things like FM-RDS.
They showed that there's always something cool to learn if you just dig a little deeper and that skills learned messing around with a simple project can be reused for more serious things. Hacking a Tamagotchi sounds "okay" at first, but dig a little deeper and you've got hardware hacking, reverse engineering, protocol analysis and buffer overflow exploitation.
So they both inspired me to always dig a little deeper.
What do you feel is your greatest achievement so far?
My tiny pink blog. I won't link it here because I'm not after a shameless plug, but I genuinely feel it's my greatest achievement. Screw my Master's Degree; screw learning to code or becoming certified as a pentester. Those are all selfish things that help
me solely.
My tiny pink blog is a space on the internet filled with articles specifically designed to help others learn more about The Cyber. I write about web application hacking, infrastructure hacking, hardening active directory domains, cryptography – everything I stumble across in my day job gets summarized and put up there to help other people.
We're not an industry of individuals; we're all on the same team.
What advice do you have for others starting out in Cyber Security?
Read more. There are lots of things you can do like competing in CTFs,
attending conferences, networking with other professionals. These all help, but number one at the top of my list is to read more.
You can take huge tomes home like Ross Anderson's Security Engineering, you can flick through blogs like Schneier on Security, or you can just keep up with industry progress on Twitter. It doesn't matter what content suits you and your lifestyle. It doesn't matter what specific format suits you best. But find one that you like and read more!
If you could go back, what advice would you give yourself when starting out?
Don't listen to the disparagers. I remember my early career being filled with people telling me I'll never achieve the things that I wanted to. I'll never get X certification, or I'll never get a job as Y. You'll get that, people telling you you're not good enough. Just politely nod and carry on without them.
What advice do you have for others who may be or are feeling stale in their career currently?
It happens. You get comfortable or you burn out – and that's just fine. The industry is huge, and there's always something new. Always worked on "X" and it's just not making you happy right now? Guess what, we've got 25 other alphabetical letters out there, so there's plenty to mess around with, tinker with and generally, learn about.
Sometimes people get too caught up in their own specialization and forget to take a step back and work on something else or something new. You'll always find transferable skills when you look at something outside of your comfort zone. Don't ever worry about being a noob; there's always more to learn!
Hell, why not do something completely different? How about learning how to stream on Twitch? Can't see how that relates to The Cyber? Well,
OJ Twitch streams his exploit at development, web hacking and Metasploit development. It's a pretty interesting way of learning and sharing what you learn – and it just goes to show that every new skill is useful in some way to the day job.
What do you think are some key development areas for the Cyber industry?
Getting more people involved. We're a growing industry, and we're going to keep growing, so we should start worrying about getting the next generation of people involved in our developments. So let's cut the elitist, write articles that help people learn instead of making us look smart, and make sure that our conferences are friendly and open to experts and noobs alike.
Let's make our knowledge more easily accessible. It can take years to develop skills and knowledge, so when you find out something new and cool, why not write it down, publish it, blog about it, make a YouTube video about it, or hell even just stream your creative process so that others can benefit from your hard work too? We're all on the same team.
Any final thoughts?
I’m really sorry, but hedgehogs are cuter than ferrets.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
