Information security is the fastest growing area of IT. It affects more people in more ways than ever before. It affects not only our public records, our utilities, our white-collar work, and our entertainment. Now that we carry small computers in our pockets and in our cars, talk of the Internet of Things (IoT) is also starting to become reality. That's no laughing matter. IoT is probably the biggest challenge information security has ever faced. Despite the growth of information security, we've actually seen a decline in women computer science graduates. According to Deloitte, 37 percent of American computer science graduates were women in 1985. Although microcomputers or PCs had been around since about 1976, there were still many offices without them at that time. But Bjarne Stroustrup published the first edition of The C++ Programming Language. The MIT Media Lab was founded. Things were looking up! Fast forward to 2013. Most adults now had touchscreen smartphones, a relative luxury in 2007. Intel had been producing 22nm CPUs for two years. The large majority of households in the developed world had been enjoying internet access for years, and that tempted younger generations to begin cutting landlines and cable television. But what percentage of American computer science graduates were women? Eighteen percent. That's less than half of 1985's figure! The truth is clear: we must get more women into information security. We must get more non-binary gender people, as well. I'm a woman who writes about information security, and I figured that speaking to other women would be a great place to start. How did they get into the field? What's it like for them? The first woman I spoke to was Tiberius Hefflin, a security assurance analyst who's spoken at Open Source Bridge, PyConAu, PyDX, BSidesPDX and other industry conferences. KC: How did you get into computing? TH: My dad is a network architect. He made sure I had a computer from a young age, and I helped him a lot when I was growing up. I actually only went to university to do IT when I was 25, though. I was doing a welding apprenticeship out of high school and eventually ended up in HR (human resources) before deciding to do IT. KC: You probably had other motives for getting into IT other than your father's footsteps? TH: I get to help people a lot more in IT. Not only that, but IT is something I really enjoy. I like the technical aspects of it. Even so, following my dad was a large part of it. He's been pretty inspirational in my life. He's all network, so I did my HND in networking. I hated it. I thought for sure I'd made a huge mistake taking this risk to go to university so late in life. Then I stumbled into infosec and fell in love. Haven't looked back since. KC: How exactly did you stumble into infosec? TH: I had a security-related assignment. It changed everything for me. I had always been interested in security-related news items, so I think it was a natural inclination. Also, what kid from the 90s didn't love the movie Hackers? KC: Yeah! Are you allowed to describe the nature of your security assignment? TH: At the time, it was super low-level. My team was creating a network proposal and had to consider the security elements. I was able to intern with the Scottish Police Services Authority the summer after, and I got to work a little with their security team. That really cemented my interest. KC: So there was an element of digital forensics? Metadata, stuff like that? TH: I think that assignment was mostly referencing firewalls and user group permissions. I wasn't able to do digital forensics stuff until university. I really enjoy that part of security, though. It's fascinating. My digital forensics course was one of the first in the country, so we had to agree to a lot of clauses about what we would and wouldn't use our knowledge for. It was kinda like Jedi training. KC: That's really cool. What was the gender balance like in school? TH: There were two women on the course out of about 40 students. My course leader was a woman, but I think she felt she had a lot to prove. I think as women in a male-dominated field, we are pushed to excel. I also think that women who feel impostor syndrome push themselves harder than we need to. What I mean is that being aware that we are seen differently, that we are the odd ones out, so to speak. So we work harder to try to fit in. KC: You're absolutely right.
Conclusion
Tune in next time for my next interview with a Tracy Maleef, another woman in information security.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute's CISSP and CEH certification exam preparation programs. Ever since, she's contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto. She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
