There have been many lessons over this series so far, and now we are going back to class to re-learn all the things, as in this chapter of Unusual Journeys Into Infosec; we look at the academic perspective.
We are now a third of the way through our voyage of exploration into the backstories of many Infosec professionals and noobs.! It was halfway, but I’ve had so many stories in response to the previous chapters that I just had to include them!
It is great learning about new people, and I had the pleasure of learning about Emily Shawgo’s story, albeit brief, is insightful into the mindset of many who venture into our industry.
Emily responsed to one of my Tweets:
I have something of an indirect route to an Infosec career so I don’t know if that’s more or less helpful to you!
It certainly was! This is the Journey (so far), of Emily Shawgo
CyberSecStu (CSS): I’m writing an article on how people got into Infosec and plan to. Exploring routes, challenges and barriers. And what we can all do to make this better. So can you give a little background on your journey into Infosec so far?
Emily Shawgo (ES): Sure! My undergrad was in psychology and political science from a small liberal arts school. My Dad worked in cyber security so the profession was visible to me, but I was just convinced that I was going to be nothing like my Dad so I never even considered it as a career.
My last year of undergrad, I interned for a statistician at a neurobiology clinic, and she had me working on a lot of projects and picking up a lot of programming in a short amount of time. She remarked on how quickly I learned that type of thing and referenced it as a particular strength of mine.
This was my first inkling that maybe I would do well in a more technical field. I took a short time off to work after graduating (worked as a tutor and then as a database developer). I used the time to improve my programming skills and decided that I wanted to get into something that combined technical skills and my more soft skills that I had from undergrad, so I ended up in a cyber security policy program at Carnegie Mellon.
I started out on the less technical end but have gravitated more towards classes in things like penetration testing and network defense over time.
CSS: Did you have any challenges breaking into Infosec?
ES: I would have to say yes… and they were twofold. Initially, a big challenge for me was gaining the technical skills that I was lacking and trying to “catch up” (or that’s what it felt like) with people who had been tracking that way since undergrad or even high school.
Even now that I have made up a lot of that ground, I feel the biggest challenge for me at this point is overcoming the perception that I know less simply because I didn’t have the technical academic background.
ES: I have to work extra hard to “sell myself” and the skills that I have gained outside of classroom learning. This all was very daunting to me at the beginning, but it has become easier as I have come to understand the breadth and depth of the field of security and the fact that no one is an expert at everything within the field; everyone has their own niches and I am no different in that regard.
That realization really freed me to settle into the things I enjoy without feeling like I was trying to come back from a disadvantage.
CSS: What advice would you give to someone with a similar background looking to get into Infosec (given your experience)?
ES: Read and study on your own time — not just on technical skills, but also on current events in the profession.
Putting security in context is huge for someone coming in with a nontraditional background. Find your niche, even if it’s a temporary one — for me, it was report writing because I had so much writing experience from my social science background.
That was a skill I had that many others didn’t, and it was a springboard for me to find my place in the profession. Finally, get to know all the people you can. Be open to learning from people who have skills that you don’t, but also respect yourself and the skills you do have.
CSS: Thank you for sharing your perspective, I think you have a very bright future ahead of you.
Firstly, I think report writing is the amongst one of the most important skills in Infosec. Yes, you may be able to pwn all the things.. but if you can’t articulate the impact/risk and explain this to a technical and non-technical audience then all the good work put into the assessment becomes a lot less valuable.
As discussed in many, previous and future posts, there is pressure when starting out to learn all the things, knowing where to start or which community. And as rightly pointed out by Emily, its important to find your niche then expand from there.
I mentioned in an earlier article that I would provide a list of resources for communities and conferences for those starting out, as luck would have it, Waxwing (who’s Journey will be up soon), has produced a great list of resources for her 1337list project all contained in one place:
Main Image Credit : The awesome piece of artwork used to head this article is called 'Auto Portrait' and it was created by graphic designer Grei.