Last time, I had fun speaking with Beth Cornils. She has a pretty cool job that involves testing IoT cars. This time, I spoke with Claudia Johnson. A cyber attack got her into the industry, and now she helps answer people's questions about cybersecurity. Kim Crawley: Please tell me about what you do. Claudia Johnson: In my current, as well as, previous role, I am a so-called Sales Engineer overlay. KC: What does your work entail? CJ: Helping the account teams with security and cloud-specific topics they, the customer, or prospect may have – that includes some techy stuff, as well as data privacy. I am also a security and cloud evangelist, or someone who is active in social media and conferences to make the market more aware of the brand and products of the company I am working for. I am now working at Oracle; I just started last week. KC: Good for you! How did you get into cybersecurity in the first place? CJ: Good question! I actually got hacked about 10 years ago. I was already in IT at the time, so I spent some time figuring out how to get unhacked, which is not easy given all my computers at work and at home, including the rest of the family, had been compromised. After having figured it out, I was hooked! It's a totally fascinating topic. I actually had to turn my computer in at work because it was so compromised. At the time, I was angry and very determined. Now, I am thankful it happened. KC: So, you got into it the Brian Krebs way. CJ: Yes, I read about Brian Krebs' story much later! Of course, his story is more spectacular because he was hacked as a journalist. In my case, I think it was a nerdy guy interested in me, although I do not know for sure. KC: Were you interested in computers as a little girl? CJ: As a little girl, I was not yet interested in computers; however, math was my favorite subject. I learned to program when I was 17. I left high school a year early and started computer programming at university. Immediately, I loved it. KC: Which languages and IDEs did you work with? CJ: My first programming languages were Algol and Fortran. Later, I learned Lisp and Perl. No one knows those anymore except for Perl maybe. KC: Do you think programming know-how would benefit people in cybersecurity? CJ: Yes, I do. The more skills, the better. However, I do not belong to the school of thought that if you don't know how to program you cannot be good at cybersecurity. The field is so broad, and so many different skills are required. KC: I can do a bit of Python, web dev, and Java for what it's worth. CJ: That's more than me! I can do a bit of web dev too, actually. KC: Cool! Do you think it's easier for women to enter cybersecurity now than in the past? CJ: Yes, there's definitely a more positive environment for women in cybersecurity now than years before – lots of other women supporting one another. That really makes a difference. Women are now standing up openly in social media and face-to-face; they're calling men on their mansplaining and prejudice. That was definitely not the case when I was young. KC: What do you think the biggest problems in cybersecurity are now? CJ: There's not enough collaboration. The NSA's doing its own research and keeping its zero-day discoveries to themselves. Aside from that, I would have to say some other concerning issues are Russian cybercriminals, not enough awareness in the market, and time to market being much more important than security topics. KC: What do you think could be done to promote collaboration? CJ: Collaboration should be at a political and diplomatic level together with intelligence agencies. It would require a different mindset than what we have now. It would mean Europol and or INTERPOL having jurisdiction in Russia, for example. It has to be seen as a global problem. That awareness is not there yet. Another thing that would help cybersecurity is revamping the educational process. Both schools and universities should work to improve security awareness and hygiene for everyone and provide a better environment to really learn key topics like how to hack! When it comes to cybersecurity, universities need to be more hands-on and practical. KC: Is there anything else you'd like to add before we go? CJ: Just that anyone can get into cybersecurity if they are interested. There are lots of ways to learn without spending a lot of money, and there are lots of job opportunities. Of course, I would like to encourage young women in particular. KC: Excellent! Thanks for speaking to me today. For interested readers, Claudia did her own interview with a woman in information security back in February 2016. Feel free to check it out!
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
