What do you do on a day to day basis?
My day to day… is different every day! I’m still a student, so I go to classes like everybody else. But after the homework is done, I usually work on personal projects that are infosec related. This summer, I was interested in database server security so I spent a weekend or two writing vulnerable webpages and working my way from SQL injection through a database server all the way to command execution on the server. I also work through CTF challenges or play around on HackTheBox in my spare time. I’ve been part of my university’s Mid-Atlantic Collegiate Cyber Defense Competition team for the last three years and captain for the last two years. During competition season my focus shifts to learning windows incident response and active directory security and leading the team!
What attracted you to information security?
I was attracted to information security by the fact that the field is always changing, so I’ll be learning new and cool things for the rest of my career. I’ve been a huge nerd my whole life, sooo… it’s a good fit!
Do you have a degree and/or certifications?
I don’t have a degree yet! I’m a senior studying Computer Science with a “cognate” (basically half a minor) in Cyber Security. I don’t have any certifications right now, but I plan to work towards certifications after I graduate to help keep my skills sharp!
Do you think that they are necessary to work in information security?
I don’t think that a degree in computer science or a related field is required to work in information security. If you have enough passion to learn things yourself and are able to convey that to a potential employer, then you should be fine! In some companies, you may start with a lower salary without a degree, but you can work your way up! Certifications aren’t required for most positions, but they can help you demonstrate your level of knowledge and commitment to the field. Some of the most technically competent infosec professionals either do not have degrees or have degrees in a different field of study.
What are some of the biggest challenges that you have faced in your career and how did you overcome them?
One of the biggest challenges I face in the workplace is knowing when to ask questions. I’m a pretty persistent person, so it’s easy for me to work on a problem for two or three days when I could ask someone and get the problem resolved in a couple of hours. Finding the balance between feeling like I’m always asking questions and trying everything I can think of is something I’m still working on!
How do you achieve a work life balance to avoid burnout?
I set aside time for hobbies and activities completely unrelated to infosec or cyber security. I love reading, so sometimes I take an afternoon to read a cool new book instead of working on homework or personal projects. One thing I’ve learned is that you don’t have to work on something with 100% of your free time to “prove” your passion for it. It’s ok to take breaks, breathe, and enjoy other parts of your life!
What is some advice that you would like provide to girls participating in STEM?
Community is incredibly important for in the quickly evolving field of information security! Getting involved in a group of like-minded peers can help you grow your technical skills and maintain your interest! You should never feel obligated to change yourself, personality or otherwise, to fit in with a group of peers. If you feel that you have to change to fit in or be accepted, odds are that they aren’t a super healthy group of people and you don’t want to spend time with them anyway. Instead, go build a group of friends for yourself who will support you and accept you for who you are!
Also, it’s totally ok to be the only girl, don’t let that scare you away. You will bring valuable insights and perspective
What resources do you recommend for women who are interested in breaking into your specialty area?
I don’t have much of a specialty area, but here are my favorite resources.
For learning python or other programming languages:
For learning the Linux command line in a CTF-like challenge-based manner:
For learning how to hack all the things: