Unusual Journeys Into Infosec Featuring @J3llyPh15h

After what seems like an extremely long break we are back with another series of Unusual Journeys into Infosec.

Unusual Journeys Into Infosec Featuring @J3llyPh15h

After what seems like an extremely long break we are back with another series of Unusual Journeys into Infosec. Where we will take a voyage of discovery and uncover the unconventional, unusual and interesting paths some of us take on our adventure into infosec.

If you are new to the Unusual Journeys into in Infosec articles, the vision for the series is to provide stories and inspiration for those who may have not considered, or may be struggling to find a path into Infosec!

This time I interviewed @J3llyPh15h who reached out to me on Twitter after I posted about writing this new series of stories. What's interesting about @J3llyPh15 is that she studied Criminology and is now on the path to becoming a Pentester, her passion for infosec, whilst fighting against Impostor Syndrome makes this a very powerful addition to the series.

CyberSecStu (CSS): My vision for this article (or series), is to help break the illusion that you have to follow a certain route to have a career in Infosec. Where did your journey begin?

J3llyPh15h (JPH): So it all began at college. I was quite a creative person and originally I wanted to go into graphic design (or something similar!), and so picked A-levels in Art, Media, Photography and IT! However, very last minute I was told I couldn't do both Photography and IT, so had to choose something different. So thankfully I stuck with IT, and chose Law just to stick with a friend!

I ended up really enjoying Law (and actually ended up dropping Art!), and so decided to apply to do Law at University. I really found criminal law exciting and interesting, and could see myself becoming a criminal defence lawyer.

Another change of heart happened around a month before I was due to go to Uni, and I decided to apply to do Criminology instead. I didn't fancy having to study through the more drier areas of law.

It wasn't really until my final year of uni that I decided what I wanted to do with my career. We had a number of lectures from different people in different professions - one being a guy from the fraud investigation team at DWP (Department of Work and Pensions). I was really interested in how they investigated people for these crimes, and he showed us all the different surveillance tools they used too!

From then I decided to do a bit more research into this field, which then lead me down a rabbit hole towards cyber crime. I started reading up on different high profile hacks and actually ended up doing my dissertation on Anonymous.

I had no idea about the different roles in Infosec at that point, and just assumed I needed to apply for police roles to have any involvement with cyber crime. After applying for different grad schemes (most that required a techie degree), I stumbled across one that was willing to accept applicants with other degrees such as psychology or criminology (perfect!).

So I applied, thankfully during the process they were looking for individuals who could apply an analytical mindset to solving any problem, as opposed to someone with lots of technical skills. I was accepted onto the program (was so shocked for ages and convinced they had got the wrong person).

Which is probably when the imposter syndrome kicked in, as they also accepted someone to start with me who had a degree in computer science! On the scheme I spent 6 months in the Red Team and 6 months in the Blue Team, and at the end of the year decided I wanted to stay with the bad guys in the Red Team.

CSS: Infosec is much about analytics and human science, as it is technical skills.

JPH: Yes I agree 100%, it's been really useful in terms of predicting how people are going to act in different situations.

After about 6-9 months in the Red Team, we moved towards being more of an AppSec/Vulnerability management team. Which was when I decided to follow my career aspirations and applied for a role in Pentesting (which I will be starting on Monday!).

CSS: Awesome!! How long have you been working in Infosec now?

JPH: Two years :)

CSS: Congrats for your 2 years in Infosec! What have you found the most useful resource, community, forum etc on your journey so far?

JPH: Thank you! Definitely the people and the community. It took me about a year to pluck up the courage to go to a meet up (I think it was the OWASP London chapter!), and it was the best decision. I was too nervous to go at first because I didn’t think I’d be able to hold a decent conversation with people who seemed to know so much! But actually there is a complete range of people that go to these events with different technical abilities and in different roles!

Other people inspire me so much and give me so much motivation to learn, I always leave the events beaming over the conversations I’ve had with different people. It’s also been really good in the sense that you can learn different things from people in different sectors, that you can bring back to your own job!

I would also say I’m 10 times more confident in myself just from going to these events.

CSS: Having a non technical degree, what would be your advice for those looking to join the industry who maybe have an "unconventional" background?

JPH: Stick to what you enjoy the most. There’s no way you can learn every single thing, and it’s so easy to get caught up in that thought at the beginning. Also try not to compare yourself to others, because at the end of the day you are only hindering your own progress. Focus on your own goals and believe in yourself :)

Don’t ever think you can’t do something just because you don’t have experience, anything is possible! Just might be more of a challenge, but the reward is even bigger :)

You mentioned that you suffer from impostor syndrome (I'd include myself here as well), what has helped the most to combat (OR) cope with this?

JPH: This is tricky because I don’t think I’m ever going to be able to get rid of those feelings! But staying focused on my own goals as I mentioned above and celebrating my own successes definitely helps.

And again not comparing yourself to others. It’s so easy to work yourself down when you are constantly think about what certs you need to have, what experience you need, how you should be acting etc. Definitely keeping positive and having a good support network around you (mentors, colleagues, family etc) helps massively!

CSS: Couldn't agree more here, it's easy to judge ourselves on the accomplishments of others, the reality is we're all on our own journey, and should take comfort in that.

So final question, what is the best advice you've been given by someone in Infosec on your journey so far?

JPH: So definitely the fact that no one knows everything in security. But also ‘be successful being you and not what someone else tells you to be’. Someone told me once that I needed to act a certain way in order to be noticed and to be successful, and that meant changing an aspect of my personality. This really got to me for a while and almost set me back a couple of steps instead of moving forward. Then a mentor assured me that I shouldn't have to change my personality for anyone and that I could be successful for being me! Which actually helped me be more confident and hasn’t stopped me since!

CSS: Thank you so much for this, really interesting story you have, and I'm sure it'll inspire loads of people! Just so you know, I studied Ceramics (Pottery) at uni, that didn't stop me, although it took a long time to overcome my impostor syndrome about it

In summary there are some great lessons we can extract from @J3llyPh15h story, firstly be yourself, don't let others try and mould you in to their style of learning or working, its okay to be unique, and its 100% okay to be you!

As I've mentioned before learning is a skill and an attitude! It doesn’t matter if you don’t have the required technical baseline skills, what matters is you have the positive attitude to pushing through those barriers of fear and doubt to learn! Telling yourself it's alright not to know everything, can help reduce those outbreaks of imposter syndrome.

Finally, something I'm a massive advocate of... get actively involved in the Infosec community, go to meetups, reach out to people on Twitter, because you’ll be surprised how helpful this community is!

I'll hope you'll agree that @J3llyPh15 has a bright future ahead of her, and I for one cannot wait to see where that takes her.

The awesome image for this post is Jellyfish, and is by Marko Stupic - check out their other work.