Women of the Fox Den - A Unique Hacking Perspective

Every woman's success should be an inspiration to another. We're strongest when we cheer each other on. - Serena Williams

These are words that we live by at Bishop Fox and look forward to honoring every year on International Women’s Day. This year we’ve celebrated by hosting a roundtable livestream, Defend Like a Girl: Hacking Your Way to Cyber Success, with a small group of ladies from the Fox Den that shared their perspectives on all things ethical hacking. If you didn’t get a chance to tune in live, you can still catch host Alethe Denis with guests Shanni Prutchi, Lindsay Von Tish, Katie Ritchie, and Jessica Stinson to hear how their individual career journeys culminated in offensive cybersecurity, learn what they bring to the table as ethical hackers, and get lots of great advice to help map your own cybersecurity pathway. This blog offers highlights from the first-ever Bishop Fox Women’s International Day virtual panel event.

An Interview with Women That Hack

Have you always wanted to work in cybersecurity?

Jessica: No! It took about 10 years of school and military service to discover this about myself. I was planning to work in the mental health field but found it was tough to find a job with only an undergraduate degree. So, I decided to move into technology and found cybersecurity to be interesting.

Katie: I’ve always had an interest in this field. In fact, the month that I graduated from college with a degree in Psychology, I stumbled across an article about social engineering. I’ve always been technologically inclined and was lucky enough to have a friend that was a pen tester that helped me find my way.

Lindsay: I was planning to major in violin performance in college. I thought that I should try some other things, too. So, I enrolled in a computer science class and entered a CTF. I quickly figured out that making things is cool, but breaking things is so much more fun!

Was there any certain aspect of the career field that attracted you to your offensive specialty?

Jessica: I like to put on the hat of a malicious actor because I have an interest in how people behave.

Katie: I like the idea of being on a scavenger hunt and finding vulnerabilities in applications. I love thinking about what applications should not do (worst case scenarios) and trying to make that happen.

Lindsay: I love puzzles and challenges. With the prevalence of applications and smart-connected devices these days, it is important they are explored and secured aggressively.

Shanni: It is really fulfilling to look at the infrastructure behind web applications. I enjoy threat modeling and architecture security assessments because I can look at the design not just the implementation of applications.

Let’s talk about useful skill sets in offensive security. What types of skill sets are practical assets for professional pen testers?

Shanni: An appreciation for proper documentation is important. We break things, so it is critical that we correctly document our work for our customers and ourselves to help us improve our techniques over time. Also, taking complex information and being able to share in a way that makes it meaningful to customers is key in this career field.

Jessica: Learning to code isn’t necessary, but it is extremely helpful.

Lindsay: I recommend learning to understand code and building your foundational knowledge of how it works. You can’t go wrong with learning Python since it is commonly used.

After breaking into the industry, how did you ensure that you continued to grow and challenge yourself?

Jessica: I am always willing to learn something new. I do research and am not afraid to jump into things that are unknown to me.

Katie: I am intentional with my time prioritization. I dedicate blocks of time to learning new security topics like coding languages.

Shanni: I follow my curiosity and am not afraid to go down rabbit holes to learn about new things.

Any advice you would like to share with aspiring security practitioners and leaders?

Jessica: Networking! Go to meetups and local security groups. Meet as many people in the industry as you can. For any veterans out there – use your GI Bill education benefits! You can use it for certifications and traditional education. SANS Academy offers the VetSuccess Academy which is scholarship based and tuition-free for students. AWS also offers programs for veterans.

Katie: Consider being the leader of a study group. It is easy to focus on all the things you don’t know in security, but having a solid group of peers to corroborate with can help you focus on the growth in your journey.

Shanni: Put your work out there! GitHub and blog websites are great ways to showcase your competencies to employers and the security community.

Lindsay: Give a presentation on a topic that you love to learn about. You don’t have to be an expert to share your passion.

What types of resources have you used to increase your involvement in the cybersecurity community? Have you used CTFs, local chapters of cybersecurity groups, and conferences, for example?

Lindsay: I was very fortunate to learn about several cybersecurity groups in the Dallas-Fort Worth area. I also currently run the Dallas DEFCON group. There are DEF CON and B-Sides groups across the globe that you can join. You receive what you put into these sorts of groups, so don’t be shy about meeting new people!

Alethe: I have participated in many CTFs since the start of my career. While CTFs are fun, they are not representative of a normal day in the life of a pen tester. However, they are great for networking!

Can you share your advice for women and girls interested in STEM?

Lindsay: Look for scholarship opportunities. I received a scholarship to attend the national Women in Cybersecurity conference, and it was very influential for me. Experiencing the power of a community of women that I could see myself being a part of in the future was worthwhile.

Shanni: The Diana Initiative granted me a scholarship to attend Black Hat during the COVID-19 pandemic while I was still a student. I would not have had this opportunity without this organization that is dedicated to promoting and engaging women in STEM.

What is one thing you would like to be known for?

Jessica: I want to be known for finally making it to my dream job after a lot of hard work.

Katie: I would love to be known for being good at exploiting logic flaws or undocumented features.

Shanni: It would be an honor to be known for making complex information more accessible to a broader audience.

Lindsay: I am proud of my work that I get to showcase on episode 2 of our What the Vuln series, EDR Bypass with LoLBins.

Start Planning Your Cybersecurity Career

For more information about breaking into the cybersecurity industry, tune into this event and check out a list of related resources on Bishop Fox YouTube and LinkedIn channels. Here are additional related resources to hear from more women in the Fox Den:

• Women of the Fox Den: A Security Roundtable
• The Women Behind the Writing
• 21 Questions with Bishop Fox