It’s difficult not to be impressed when talking to BiaSciLab or listening to her. If you wouldn’t know her age, you’d definitely think she’s older than 14, as her understanding of security concepts and their implications is quite extensive.
For the DefCamp #11 interview series, we wanted to highlight the wealth of diverse insights and perspectives for people and we’re happy that Bia is part of it!
Everyone’s welcome – the role of diversity in infosec
Even though it may not seem so to industry outsiders, anyone can contribute to cybersecurity, no matter their background. Infosec sits at the intersection of a wide range of disciplines and it’s so deeply ingrained into everything we use (many things which our society depends on). To be able to safeguard our evolving world, there’s one key thing we need more of, as Bia highlights.
“One of the most important topics right now is diversity in the cyber security field, and in all fields worldwide for that matter.”
To explain why making infosec a more inclusive industry is essential, Bia shares the personal story of what got her interested in cybersecurity and how that impacted her path.
“Over the past 14 years that I have been alive, I have seen great progress in getting more girls started at a younger age in the computer field.
One of my greatest inspirations, Reshma Saujani, started the not for profit Girls Who Code that gets girls started in basic programming so that they have a good foundation for being in the tech community. After watching Mrs. Saujani speak at one of my dad’s work summits, I was inspired to start a company like hers but make it for young hackers!
So I started Girls Who Hack! I provide free online classes at GirlsWhoHack.com and I teach classes in person at different conferences as well.
This past year I gave a number of classes online, it’s not as fun as a real conference, but I got to reach more girls than I would have at a normal conference!
I hope that in the near future diversity will be the new norm and that my generation will continue to break boundaries such as that.”
Bia’s evolution in the field is a key example that inspires us to continue with even more enthusiasm to show how much opportunity there is in this industry.
Walking the talk – the foundation for any hacker
At DefCamp #10 (in 2019), Bia announced her new project, one that she is constantly developing into an essential solution for the US voting process. The way she’s building this project is as impressive as the challenge she took on! It’s also an example for other makers in infosec and beyond.
“Right now I am working on my Secure Open Vote project, a complete end to end election system with a full, secured analog back-up for the votes.
Something I am doing with this project that every organization should do is start with security! I am talking with security experts to make sure my stack is built correctly and we have all the proper tools in the pipeline. That way, we don’t have to worry about all the work later to bolt it on at the end. (Also, later never comes!)”
The fundamentals are essential, as Bia insists, because they ensure a strong foundation for any project, product, or service. These security golden rules apply to anyone and everyone who has the responsibility of keeping an organization safe, no matter how big or small:
“In talking with my pentesting friends, the biggest three things are still the basics:
Update your systems
Unique and long passwords
and segment your networks!”
Bia also offers an approachable starting point anyone can use to see if they resonate with the more technical aspects of cybersecurity:
“If you are looking to get started, I have 2 classes on my Girls Who Hack site: “Building a home lab” and “Introduction to Web Application Hacking”.
These classes focus on getting you started with the OWASP Juice Shop. Once you are started there, you can keep learning and hacking at the juice shop!”
Working from home – a different perspective
It’s interesting to see the turn the world took in 2020 through Bia’s eyes. It provides a silver lining we all need to remember going forward and that decision-makers especially need to hear.
“The biggest two things are remote workers with VPN access and the adoption of video meetings.
Now you have employees working from home on company machines that could be compromised by the employee checking their personal email and getting malware. This is a new challenge for security people, and hopefully they all were able to adopt it quickly!
I am hoping companies realize that remote work is OK and allow people to continue to work from home! It saves a lot of time and energy. Many of my friends and I are happy that our parents are around more!”
3 key takeaways to build on:
- Get inspired and start your own thing – it’s never too early (or too late)!
- Talk about your work and keep learning from more experienced community members
- Teach what you can because somebody needs what you know and what you’re making.