Fox sitting with laptop

Share

TL;DR: There’s no single path into cybersecurity—just ask the Foxes at Bishop Fox. From cloning RFID badges to hacking parental controls, their unique journeys highlight how curiosity, problem-solving, and unconventional experiences can lead to impactful careers in security.

The cybersecurity landscape is as diverse as the paths that lead professionals into the field. At Bishop Fox, our team members, affectionately known as "Foxes," exemplify the myriad ways one can embark on a cybersecurity career. 

Their unique journeys highlight that passion, curiosity, and a willingness to explore can open doors to impactful roles in cybersecurity. Check out a few of their stories:

Andrew Klaus: RFID Cloning

“Back at a previous job, we paid for monthly parking. But to get into the parking garage, we had to use our work-provided RFID badges. It was common to forget your RFID badge occasionally, but the expectation was that you'd have to pay for parking on those days. I didn't like this. I wanted a second badge to keep in my car permanently and had read that badges be cloned. I came across a project that claimed I could do just that – clone my RFID badge.

I already had some of the necessary hardware and just needed a few more things to read my RFID card and clone it. It wasn't much to look at, but I had to test it. The first time I scanned it at the office, I was so anxious, but it worked! It felt exhilarating. And the best part was this knowledge came in handy later with other projects at my company. I always enjoyed getting my hands into edge cases and weird things. Projects that needed some weird skill set were always something I enjoyed sinking my teeth into. Things that others either weren't interested in, or were too complicated, were right up my alley.

Fast forward a few years, and I started poking at some ISP-provided modems and Wi-Fi extenders. I learned to exploit my very first vulnerabilities this way. Many of these findings ended up becoming CVEs that would get patched and made these devices safer for anyone using them.

Shortly after I took the OSCP exam, passed, and realized I could make a career out of improving security for everyone.”

Katie Ritchie: Technology Columnist

“I was the de-facto IT guy for a small, local newspaper I worked at, which led to me writing a technology column for the newspaper. My elevator pitch for the column was that it was like Dear Abby, but for iPhones. Our weekly print newspaper had a largely senior citizen reader base, and I wrote columns on everything from how to troubleshoot problems with keyboards and other peripherals and answering reader technology questions to 'Please don't download attachments from strangers' type warnings about scams that were circulating in the area.

I reached out to a friend I had known for a long time who had a degree in cybersecurity for a quote for an article and she was like: 'Hey, if you're interested in this stuff, you should totally do what I do. You're smart enough.' - She was a pen tester. I didn't know that pen testing existed or what it was, but we chatted a bit. It turned out her company had an opening in the reporting and QA department.

While working in the reporting department I got approval to pursue my Security+ which would allow me to provide better (technologically sound) QA to reports I was working on. While I was studying for that, the same friend reached out because she heard about the SANS Immersion Academy designed to get more Women in Tech.

I applied for that program, got in, and got 3 certs. I started at Bishop Fox 3 years ago just before I had earned my 3rd certification as part of the program -- and I've been doing the thing ever since.”

Hear more from Katie Ritchie in her 21 Questions video segment.

Gerben Kleijn: Moving to America

“I used to work for an American company in the Netherlands until they closed their international office in 2009. I was offered a chance to continue working for them in the U.S. and I figured “why not”. I moved in October 2009 with nothing but a few suitcases and no place to live other than a 2-week hotel reservation. The first couple of months in the U.S. were crazy, but then … I figured it out.

I probably would have never found myself in the security field if I hadn’t been pushed into going back to school in 2012. I knew several friends who studied at UAT, and I was interested in doing a technology-oriented major, such as programming. When I looked more into UAT, I found out that they offered classes in network security and digital forensics, and that seemed interesting. The idea of becoming a hacker was exciting, so I figured “Why not?” and enrolled. I didn’t know as much about the field as most of the other people in my major, so I had a lot of catching up to do. I worked hard though, and it paid off. 

Thanks to UAT, I worked as a volunteer at Black Hat. There was another UAT alumni volunteering who was working for Bishop Fox. He introduced me to their recruiters and the rest, as they say, is history. I’ve been hacking away here at Bishop Fox for over 10 years now.”

Nathan Elendt: Bypassing Parental Controls

“I broke the program that stopped my brothers and I from playing WoW at 2 a.m. instead of sleeping on school nights. Basically, my parents (rightly) used TimeWatcher to limit computer time for non-homework purposes. An older version was vulnerable to several kiosk escapes, the dumbest of which was a simple "kill it via Ctrl-Alt-Del and Task Manager" vulnerability. Eventually they patched them all, and so I learned how to first boot into safe mode (eventually patched with my uncle's sysadmin expertise), or boot from a Linux disk (never patched because disk encryption was not common at that time) to mint untraceable time tokens that I could use whenever I wanted.

Kept it up until I went to college for computer science, did security research outside of class, and eventually landed at Bishop Fox.

Whether driven by personal challenges, academic exploration, or sheer curiosity, each journey underscores the value of diverse experiences and perspectives in strengthening the security landscape.

Catch Alissa Gilbert, Solutions Architect, dive into her career journey at CactusCon 13! And read more about our Foxes experiences and perspectives at the following resources:

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Gerben Kleijn

About the author, Gerben Kleijn

Managing Security Consultant

Gerben Kleijn (OSWE, CISSP) is a Managing Security Consultant for Bishop Fox, where he oversees a team of penetration testers. His focus areas include cloud penetration tests, external network penetration tests, and web application assessments as well as cloud deployment reviews for Amazon Web Services (AWS). He has advised Fortune 500 brands and startups in industries such as media, retail, and software in addition to popular websites, credit reporting agencies, and marketing platforms.

More by Gerben
Default fox headshot blue

About the author, Nathan Elendt

Senior Security Consultant

Nathan Elendt is a Senior Security Consultant at Bishop Fox. Nathan's primary areas of expertise are web application penetration testing, secure system design, and product security reviews, including Internet of Things (IoT) assessments.

Nathan is an avid IoT researcher and is considered an internal subject matter expert on embedded device security. He has designed and led trainings on hardware hacking, has authored an article on IoT security best practices, and was quoted in CSO Online on IoT security. His IoT work for Bishop Fox includes a review of a suite of connected home security systems for a leading smart lock developer.

More by Nathan
Katie Ritchie BF Headshot

About the author, Katie Ritchie

Security Consultant II

Katie (Kat) Ritchie is a Security Consultant II at Bishop Fox focused on Application Security. Katie is an accomplished penetration tester and holds several offensive security certifications including GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), and GIAC Web Application Penetration Tester (GWAPT). Katie graduated from James Madison University with a B.S. in Psychology and a Minor in Writing and Rhetoric.

More by Katie

Recommended Posts

You might be interested in these related posts.

Nov 17, 2022

How to Go from Active Duty to Civilian Cybersecurity

Aug 29, 2022

Pathways to Security: A Look at University, Military and STEM Programs

Feb 28, 2024

Unlocking Job Opportunities with LinkedIn and Artificial Intelligence

Jan 10, 2025

Navigating Workplace Security: Red Team Insights for the Return to Office

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.