Last time, I had the pleasure of speaking with Roxy Dee. Her expertise is in vulnerability management, and she also loves to pay it forward by giving away books to her lucky Twitter followers. This time I got to speak with Jessica Hebenstreit. She’s worn an awful lot of hats in the cybersecurity field, and now she’s a senior security consultant. She also told me a bit more about the Diana Initiative. Kim Crawley: Hi Jessica! Please tell me about what you do and how you got there, Jessica Hebenstreit: Currently for my day job, I am a senior security consultant at a Security Firm. I specialize in assessing security operations programs for our clients and then designing and building their programs to achieve their goals. I work with them to ensure alignment with their overall organization and desired maturity. I've been doing information security for nearly twenty years. I started as an intern at Motorola doing a little bit of everything and have worked for a lot of companies in various roles. I've done everything from Security Operations (before it was really called that) to Architecture, Risk Management, Incident Response, and so on. I'm fortunate that when I started everyone kind of did everything, so I've had exposure to a lot of different areas. Most folks starting today make a specialization decision pretty early in their careers out of necessity. For my non-day job, I am the Chief Operation Officer for The Diana Initiative. I believe strongly in community involvement and have been working on diversity, inclusion and pipeline challenges for several years. KC: Do you think that having worked in a variety of infosec roles helps you in any particular infosec role? JH: Yes, I think the higher on the management ladder one goes, it helps to have had experience in multiple areas so that you can relate and understand what you're managing. I also really think it comes in handy for the concept of things like purple teaming. Red teams and blue teams working together to understand and respond to threats makes the overall security program stronger. Lastly, I am a big fan of interdisciplinary thinking and having experience in a number of areas allows one to borrow ideas from another area and apply it in a new area, and perhaps it hadn't been thought of before. KC: Were you interested in computer technology when you were a kid? JH: I was, but we were without means for much of my childhood. I was first exposed to computers when I was identified for the talented and gifted program at my elementary. The program was more focused on using a computer to write reports and such rather than coding. I was first exposed to coding in 7th grade; we had a single quarter exploratory program for coding using BASIC. From there, it really launched my interest. I started getting passes out of gym class to go spend time in the computer lab. We got a personal computer at home when I was a junior, but I mostly played games. I became really interested in cryptography in high school; I've always liked puzzles. KC: How do you think we can encourage more women to pursue cybersecurity careers? JH: This is a tough one that a lot of people have been talking about for a few years. Some think it is a pipeline issue, which I agree to a limited extent. I think the larger problem is not having an environment in which women are treated equitably to men. This leads to women leaving the industry, which then manifests as other women and young girls seeing as a lack of women being represented. There is a lot to be said for seeing a representation of yourself in a place you want to be. We need more women in leadership positions in cyber, both technically and management-wise. Women also need to be represented equally in speaking opportunities. Girls and women need to see others in positions of where they aspire to be. It helps them think, "Hey, I can do that too!" Also, things like the Diana Initiative aim to give a voice to and highlight the work of women in cyber security that may be otherwise overlooked. We welcome both newer folks and veterans of the industry to participate to foster relationships and networking that will help more women in the industry. KC: Please tell me more about the Diana Initiative. JH: The Diana Initiative is in its second year. We are a mini conference that runs the same week as DEF CON in Las Vegas. This year, our conference will run August 9 and 10 at Caesar's Palace. Our goal is to highlight and showcase the work of women, those who identify as women and our allies. We provide a space for these people to talk about, share and demonstrate the amazing work they do, not just focusing on the experience of being a woman in information security. This year, we will have two tracks. One is focused on technical discussions, and one is focused on non-technical discussions. Additionally, we will have a lock pick village, soldering village, and job fair. Lastly, we are hosting a quiet party and a loud party on separate nights. We provide a space for networking, exchanging of ideas and information and support. Too often, when women are approached to speak at a conference or event, the focus is on what it is like to be a woman in cyber security rather than about the amazing work they do. While the former can be an important part of the conversation, it overlooks and minimizes the amazing contributions women make to our industry every day. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
