Women are eagerly needed in information security because we offer unique perspectives and there are so few of us. So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson--five different women from different parts of the English-speaking world and from different areas of IT. For my sixth and final interview, I spoke with Zoё Rose, an infosec professional who is now based in London. Kim Crawley: Hello Zoё! How would you describe your job and title? Zoё Rose: My job focuses on privacy and reputation threats that often come in the guise of cyber-attacks and data loss. I build and maintain secure communication platforms, research malicious actors online whether it be phishing campaigns, stalkers, etc. I also assist in building users awareness on Cyber security; from designing and running test phishing campaigns for clients to using open-source intelligence for ethical hacking campaigns. KC: So how did you get into computing? ZR: It's a funny story, actually. I started out as a botanist, but found out I was allergic to everything living. After leaving university, I needed a job and ended up as a personal tax assistant. KC: Wow! ZR: In that role I got to watch the IT team dealing with an array of technical and software issues and picked things up from there! At first I played a minor assist role but then increasingly took over IT duties whenever possible because I found it fascinating. I loved the troubleshooting and the challenge. KC: Were you good with computers as a little girl? ZR: Not really. We had one, but it was more my brother who used it. I played Barbies, GI Joes, and liked to wear tutus while playing in mud. KC: I was like that, too. A little bit "tomboyish," a little bit "girly." Do you think gender expectations had something to do with your brother using the computer more? ZR: Possibly. KC: Did you face any sexism while getting into IT? ZR: Oh, definitely! Prior to joining Schillings I once had an owner of a technology company tell me "I don't hire women because they're too distracting to the men." KC: Damn! ZR: Previously I’ve even had a manager tell me on our first introduction: "Women are only after a man's wallet." KC: That's really blatant. Wow. It's amazing how you put up with that. Do you think infosec suffers by discouraging women like that? ZR: Having made the move from Canada to the United Kingdom, initially I was shocked. I can honestly say that the UK is at the forefront when it comes to equality and respect in the workplace. I work at an amazing company, Schillings, that treats me as the professional that I am. I was hired as a cyber security specialist, not because I’m a woman in IT. KC: How do you think infosec benefits from having a better gender balance? ZR: I think it benefits simply because we're all from different backgrounds and we all think and react differently. Our history has shaped us to look at each situation in a unique way, irrespective of our sex, background or race. Being allowed to be different and to feel valued and respected allows one to be passionate about what they do and to constantly learn and grow. KC: What do you think is the biggest problem in infosec right now? ZR: Having to “know everything” or being an “expert.” Everyone is unique and good at different things. The best part of my job is sharing my knowledge and learning from others. Shortly I will be hosting a “Hacker Night” with people from work; where I get to share my insights and experience and ultimately what I’m passionate about. KC: How do you think the infosec field will change as time goes on? ZR: I think infosec will change to adapt to the fact that everything is online. We will require non-techs and techs working closer together. Our lives are out there for the world to see, which can be beneficial and fun, but also dangerous. I think the challenge is going to be accepting that we don't know everything and that success will require us to work with talent in other specialisms; in order to collaborate effectively. My current role sees me working alongside award winning lawyers, risk advisors, ex-military strategists and intelligence specialists. Each one of us is vital to our shared goal; namely defending the reputation and demanding the privacy of our clients. KC: If a little girl who was curious about an infosec career was reading this, what would you say to them? ZR: Ascertain whether infosec ignites a passion inside you and if so, pursue it with all your heart. I’ve certainly never looked back since making the switch in my early career. Finally, accept constructive criticism but also be sure to celebrate your achievements – whether it be as an individual or as a team. KC: Excellent! Before we go, do you have any last words about women in infosec? ZR: Being a woman in infosec doesn't make me interesting. What makes me interesting is my passion for what I do. Ultimately, gender does not decide intelligence or ability.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto. She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.