Unusual Journeys Into Infosec featuring @O3Awesomesauce

Its time to fire up the Jet Engines, grab your co-pilot and prepare to flyby another unusual journey into Infosec (I tried)!!

If you are new to the Unusual Journeys into in Infosec articles, the vision for the series is to provide stories and inspiration for those who may have not considered, or may be struggling to find a path into Infosec!

This time we have Courtney O3Awesomesauce. When I first tweeted about the concept of this series of interviews in January, I got a lovely message from Courtney who wanted to share her journey so far, but also the challenges she has faced trying to break into the industry!

I really wanted to share this story because it shows that although there are unconventional routes, there are also challenges when trying to break into Infosec! I hope you find this as interesting, and insightful as I did.

CyberSecStu (CSS): You have an interesting background, could you possibly share your story with me?

O3Awesomesauce (O3): Starting from the very beginning or when I discovered that Infosec was an obtainable career path in the civilian world?

CSS: If we could start at the beginning please that would be great!

O3: After high school, I always thought it would be neat to get into computers and that I had an interest in them. At the time though, I thought you had to get a degree in Computer Science in order to make it in the field, in addition to that, I thought you had to be super proficient in maths. Lacking any real quality in mathematics I shied away from IT, yet it seemed to always follow me.

My first jobs while I was in college was as a sales associate in the computer/technology department at a retailer. I had a basic grasp on technology already, but interacting with the product and learning more about the product information really helped. This was also around the time when they started to kick off their tech hub to compete with Geek Squad (which was starting to gain traction) and they started tasking me to do light work on customer’s computers that were brought in.

My dream job was to be a photographer, but my dedication to school was not so stellar and I was beginning to lose traction. Since the retail life was not the one I wanted, I joined the Air Force on a whim in hopes to become a military photographer. I applied for the job, but fate and the Air Force had different ideas, my secondary job choice was desktop support. I figured since I had exposure from Staples that it wouldn’t be too out of my league.

So IT followed me through 6 years of working in the Air Force. There I did desktop support, helpdesk managing, and asset management. The first smatterings of InfoSec coming into my life was when we were required to obtain a certification for our job. The AF gave us a choice between A+ or Security+. Though the job I was doing fit the A+ cert, I absolutely hated it. Simply put it was boring and bland. The Security+ cert on the other hand was where it was at! It was interesting and fun to learn about.

Another time I was lucky to go outside my lane and run forensics on a potentially compromised computer and in a different mission I got to participate in exercises as OPFOR. Looking back all of these are applicable to InfoSec careers.

After 6 years of doing IT in the military, I was starting to feel burnt out. I took this to think that maybe the IT life was not for me and started to look for other managerial/administrative jobs in the civilian world. I landed a gig working business administration and processing purchasing requests and contracts. This was ok work, but pushing paper starts to suck at your soul…

You can take the girl out of IT but you can’t take IT out of the girl. I started a rapport with the IT manager and luckily there was an opening which I quickly applied for. I got the job and started back into the world of IT and desktop support. It was my boss who noticed that I seemed to have an interest in security, he started to encourage me to get expose to it, and that’s when I started to seriously look into the InfoSec world. I was looking at different conferences to attend and a co-worker told me if I was going to go to any of them that I should make a point to attend BSidesLV and Defcon.

Without hesitation I booked my flight and dove head first into the world of InfoSec. I went to both conferences with the mindset to better learn more about the broad world of InfoSec and which avenue/career path I wanted to pursue.

Things started to click into place as I sat in on talks regarding pentesting and red team objectives. I reflected back on my military days and was started to see the connections. It all hit me truly, when I went to the SE Village. There the skies parted and the heavens descended and there I realized fully, that this is what I wanted to be. This was where my passion was. And that I had found my people.

I also, neglected to include towards the end of my AF time when the burn out was strong, I got my BA in journalism and mass media, thinking that it might be a good fit for me.

CSS: I know the perils of burnout.. its not cool! What has been your biggest barrier to entry into infosec?

(O3): I am still not in an Infosec position. The biggest barrier is entry level positions requiring experience in the security field or a certification. Also it’s very limited for a person who is already in IT to change lanes. I am not eligible for graduate internship/apprenticeships and I don’t have the field experience in the Infosec positions.

CSS: What would want to see from the industry to change this?

O3: I think I would want the industry to ease off on the laundry list of requirements for entry level jobs. Have positions where within 6 months certs be obtained or technical training is provided (or is a jr role after all).

That it not be a CS degree or a cert or don’t bother applying. Be willing to take new hires from different job fields and see how their aptitude and skills can be interwoven into an Infosec position.

I understand that some positions require a certain level of expertise (like say in coding) where you (as an employer) don’t want to start off from scratch. But when it’s challenging for people in other IT career tracks (like me coming from desktop support) to get into Infosec you know there’s a problem and companies are being unrealistic.

The Twitter community has been great providing insight, materials/resources, and guidance on how to get into the right career track. When I first started I was inundated with suggestions from people and completely blown away by the support for a beginner and will always appreciate the warm reception.

I am eternally grateful for @infosecsherpa and @_sn0ww. Their mentorship has been invaluable and I am lucky that they’ve taken me under their wing.

What is clear from Courtney’s story is that she possess a lot of passion for Infosec, and that she has found her chosen field. She has a very interesting background with a diverse set of skills that will certainly help in solving complex Infosec problems.

I have discussed with many noobs about how to break into the industry, especially if your experience on paper does not reflect your Infosec knowledge.

Create a blog and publish regularly any research, projects, exploits, or topics that showcase your expertise. When attending conferences, try and volunteer as this helps you not only raise your profile, but it show a willingness to give back to the community which in turn gets you noticed.

Finally, finding a mentor that can not only guide you, but start to make those connections in their network to further raise your profile.

In summary I think Courtney (O3 Awesomesauce) has a bright future in Infosec and I look forward to following her career and future successes closely.

Main Image Credit : The awesome piece of artwork used to head this article is called 'Maverick' and it was created by graphic designer Kristian Grljevic.