When we started this series, our initial goal was to help women in cybersecurity get a feel of the opportunities, challenges, and rewards of this field.
We had plenty of help from:
- Laura Tamas – Technical Project Manager at TypingDNA
- Valentina Galea – Ethical Hacker at Bit Sentinel
- Jelena Milosevic – Nurse / Speaker / Independent infosecurity researcher
- Corina Nebela – Big Data & Cyber Security Architect at Atos
- and Alexandra Stefanescu – Co-founder of Security Espresso who told their stories with disarming honesty and in fascinating detail (you should really read the first part of this series).
They inspired us to make this series a regular occurrence on the DefCamp blog. This aligns perfectly with our commitment to make this blog a venue for the wildly diverse and deeply inspirational stories of the infosec specialists we look up to.
Lucky us, we’re surrounded by a huge number of generous people in the DefCamp community, who openly share what it’s like to experience the vast and surprising world of information security.
The true stories you’re about to read come from these awesome folks:
Featured specialists:
- Raluca Stanciu – Senior Software Engineer Bullguard [DefCamp speaker profile]
- Christina Lekati – Social Engineering Expert at Cyber Risk GmbH
- Dan Demeter – Security Researcher at Kaspersky Lab Romania [DefCamp speaker profile]
So let’s get into the nitty-gritty and hear from them how being in the trenches really feels like.
What helped me build a professional path in infosec
Raluca has over 12 years of experience in cybersecurity, so she’s seen the field evolved tremendously over more than a decade.
What helped her the most is work in various teams and get the big-picture view that helps one connect the dots in all matters infosec and beyond.
“Looking back in the past 12 years, I can assert that what has helped me the most was working in the antivirus industry, both in the Virus Research and in the Antivirus Development teams.
This is because it is highly important to understand how an operating system can be affected by rogue software. And the best way one can achieve the best expertise is by doing static and dynamic virus analysis.
This information is extremely helpful afterwards, especially in AV-software development, including architecting and automating ecosystems for engine and virus testing.”
Dan comes at this from another angle. His words pack a lot of wisdom and talk about the importance of building trust-based relationships with peers, superiors, and partners of all kinds.
What helped him the most while building his infosec career was (and still is):
“Being humble as well as helpful to other people so they are willing to cooperate with you in the future.”
When we read Christina’s perspective, we couldn’t help but notice how serendipitous the match between her opinion and Dan’s is:
“People and good relationships will forever be the enabling factor for figuring out the path within an industry, especially if someone is new in it.
Good relationships can bring a person closer to their goals and give them essential tips and insights for building a career, so that one will not have to go through the process of trial-and-error on all things.”
While some of these relationships start and grow online, facetime can’t really be replaced with anything (and I don’t mean the Apple kind).
Infosec is an industry packed with introverts (including myself), so I know what it’s like to not muster up the courage to go speak to your favorite people in the industry. Each year, the entire DefCamp team works hard to create a safe, comfortable, and fun environment to do just that.
Attending the November conference or Ladies in Cybersecurity is a great way to connect with likeminded people. Many DefCamp attendees became friends after meeting at the event because a shared goal and shared experiences make it easy to connect and discuss experiences.
The most challenging aspect to master in my infosec career was…
“Documenting and/or researching APT campaigns” for Dan.
“This is because each campaign is unique and one needs to think of new or creative ways to continue their investigation.
I think being able to use multiple technologies and know how to use the right tool at the right time makes a big difference.”
We’d add that analyzing APT campaigns is also a high-stakes endeavor which pushes a researcher to use their best know-how and skills for the job at hand.
For Raluca, the challenge came from a different context, one which many DefCamp speakers are very familiar with.
“From my point of view, this field is constantly evolving and changing, which makes it extremely interesting to explore.
But the hardest challenge I have had to overcome so far was not complicated virus analysis or AV-internal software engineering, but public speaking at infosec conferences or events. :)”
Whether you’re learning how to do reverse engineering or trying to get your heart rate down before going on stage, it’s important to know that each stage of your infosec career provides opportunities to show up and level up.
Sometimes, these transformative moments have a bigger impact on us than we realize. We only see their effects clearly when we look back at our work and realize how far we’ve come.
We hope you’ll take a moment to reflect on this as well before moving on to another key topic we probed our guests about.
This needs to change to make infosec more appealing for a wider range of specialists
With cybersecurity experts in high demand and a shortage of candidates to recruit from, it’s up to all of us to highlight the wealth of opportunities in infosec today.
However, that’s not enough to attract talented people to the field, hoping they’ll become our partners in this thrilling adventure we call security
Christina makes a case for openness and acceptance, which we fully stand behind:
“This comes down to people becoming more accepting towards different people and points of view. It is a matter of culture, mostly corporate culture.
But it is something that can definitely be developed and encouraged if the leadership decides to promote it.”
Plus, Christina (and not just her) has experienced first hand the benefits of working in a diverse team:
“Diversity brings value to teams because it brings together different perspectives. That helps uncover blind spots that would cause problems if the members of a group where to only have a common background and ethnicity/race.“
This is such a big issue that Dan made placed it at the top of his list of priorities:
“There are currently three major issues, in my opinion:
- Gender in-equality: Young ladies should feel equally comfortable approaching this field from an early age.
- The need for more “open-source” or free knowledge for people starting their career in this field.
- Aggregating APT actor names. 🙂 Some of them have more than 5-6 aliases and, for somebody new in this field, this can be *very* confusing!”
So many of these issues that our guests have observed have to do with access to several aspects of the field!
Simply talking to people about these issues can be illuminating and can provide an opening for a potential career in infosec.
Raluca focuses particularly on students and what might motivate them to consider cybersecurity as a professional path.
“It is my personal opinion that raising more cybersecurity awareness among students would prove extremely helpful.
First of all, understanding the high importance of security in all the steps of a company’s internal workflow and what the lack of it implies would give students a broader and more-detailed image.
This would not only be of use in attracting an increasingly diverse workforce, but would also aid in better code-writing with data protection in mind.
In fact, nowadays there are still programmers, architects and product managers who do not put a high emphasis on this aspect, even after many years of experience.
For example, if teaching mobile, desktop, cloud or web development would include security best practices, I truly believe that this would have as effect better software products in the future.
Secondly, most infosec events are paid and not all security communities are well known. Offering students and colleges volunteering opportunities and access to the latest field challenges would probably attract more people, who would otherwise follow the default path of programming.
Last, but not least, more internship opportunities could offer students architecture, development, and security information which cannot be taught through school projects and college courses.”
We’ve often discussed these topics in the DefCamp community and tried to find ways to address them, developing solutions where possible.
For example, our volunteers (some of which we’ve worked with for several years):
- get free access to the conference
- gain first-hand experience into what it takes to organize hacking competitions, which is a great opportunity to learn and improve their offensive hacking skills
- learn how to plan an event (which can come in handy for organizing meetups)
- can meet and interact with the speakers, the best D-CTF international teams who come for the final, and companies who often provide internship opportunities or part-time jobs.
However, our resources don’t match our enthusiasm, especially when “84% of organisations are challenged by IT security skills shortage”, according to a recent report.
That’s why we’re calling out for your support!
If you work in cybersecurity or are simply passionate about it, we encourage you to talk about it each time you have a chance.
Tell others about what it feels like to help someone get in control of their password management. Share with them the self-assuredness that comes from understanding how their data flows around the web and what they can do to keep it safe. Discuss with them why cybersecurity basics are a fundamental part of digital literacy.
We hope you’ll join us in this mission, so years from now, when we look back, we can point to these years as a key turning points for the industry and for the world.
PS: We’ll be back with part 3 of this series soon! Until then, share this article with someone who might make a great infosec specialist and they don’t even know it yet.