Last week, I was fortunate enough to attend the Women in Cybersecurity Conference (WiCyS) in Chicago! The event is a two day conference packed with information sessions, guest speakers and opportunities to network. The conference was hugely impactful in providing guidance that was specific to women, cybersecurity, and more broadly, my career. Here are my Top 5 Takeaways:
Develop your cybersecurity skills – and make them the right skills. Cultivating skills…pretty important. You’ve seen the news, you’ve read the articles: there is a strong need for cybersecurity professionals. High-touch cybersecurity knowledge won’t be enough to do the heavy technical lifting that the industry needs. Things you can do? Get involved in Capture the Flag competitions (CTFs), participate in Bug Bounties and Hackathons, start reverse engineering. Information on each of these is available online and will cultivate real-world experience building, hunting, and analyzing. Having certifications might help you get an interview, but hands-on experience in solving new challenges is sure to impress.
To maximize security efforts, the user needs to be educated. To receive truly diverse perspectives on technology and security, look no further than the billions of people on the planet using technology every day! The people who create the system do not have the perspective to break it – but users can and do. Users and security professionals alike are scared of hackers. This fear often deters people from talking about and facing security problems that exist today. Empowering users in every sector to understand and confront security challenges is more effective than forcing users to adopt policies and tools they don’t understand and see as bothersome.
Asking the right questions is more important than having all the right answers. This probably isn’t the first time you’ve heard this in your career — and that’s because it’s true! When it comes to solving technical problems and developing careers, asking the right questions is key. Asking questions is a great way to grow your knowledge base. Equally as important, listening is a skill that will connect you to new areas of technical knowledge and help to get you to the root cause of a problem that may not have initially been obvious. So stop, listen and ask questions! People who aim to provide an answer immediately are often missing out on key points.
Diversity of skillset > identical skillsets. Security flaws exist in the space between what a programmer wrote and what the programmer thinks she wrote. Writing good code is difficult and writing a small piece of a massive codebase that has existed for years is extremely difficult. Take this in to account when adding that on top of the levels of networking, the software managing a computer’s activities, both in user and kernel space, and then how the hardware works with software…and you get massive space for unintended, vulnerable actions! A flexible team with a variety of perspectives is better prepared to find gaps and creative solutions.
Pass on your passion. To become really great at technology, security, and computing, you need passion. This work is REALLY cool! Building things, breaking things, and building them back up again to protect people is a creative and rewarding field for someone who is tenacious, flexible, and willing to be wrong sometimes (ok… a lot!). If you genuinely want to learn about cybersecurity, if you enjoy solving puzzles, people will guide you and if you have the skills, there is a place for you—even if you don’t like video games or bitcoin! There is already a community of learners, working on skills and problems, fascinated by the unique challenges presented in cybersecurity and more and more of them are women. Be willing to learn, be willing to work, and pass on your passion.
Did you know?
‘Hacking’ existed before computers. The term “hacking” was first used to refer to procrastination pranks by engineering students in the 1950s. These pranks showed off technical mastery while poking fun at the authority of formal academic structures and culture.
Women led the charge when it came to the operation of computers (known as mainframes). It turns out that in the 1950s, when computing research facilities first started to operate, women ran the machines! At the time, computers were seen as “women’s work” because the typing involved was akin to secretarial duties. The number of women in computing didn’t drop until the 1980’s when computers became accessible to private consumers and marketing tactics were directed at the male gender.
The philosophies of hacking and feminism have a lot in common. They both even developed around the same time! Hacking and feminism are vocal about welcoming people based on skills and interests, recognizing affinity groups that are NOT separated by gender, and both critique traditional power structures. Hacking and feminism both gained mainstream attention in the early 1960s and in fact came together in “cyberfeminism” (c.f. “A Cyborg Manifest” by Donna Haraway)
Overall, the WiCyS was a wonderful experience and I hope to see more women inspired to dive in to a career in cybersecurity.
This blog post was re-published from the Protiviti Careers blog.