Women of the Fox Den: A Security Roundtable

Historically, cybersecurity has been an industry dominated by men. But that’s been changing – and here at Bishop Fox, we have some of the most badass women in the industry working with us. No matter their background or how they ended up in security, these women are all united by a true passion for helping people stay secure. So, in honor of Women’s History Month and the paths our ladies are forging, we talked to Foxes about their cybersecurity journeys, their experiences at Bishop Fox, and any advice they have to other women who may be new to the field.

Featuring…

• Kelly Albrink, Application Security Practice Director
• Felicia MacArthur, Attack Surface Analyst (Cosmos)
• Berenice Flores, Security Consultant
• Kate Broussard, Senior Security Consultant
• Shanni Prutchi, Security Consultant
• Ashley Ruiz, Security Consultant

What Inspired You to Enter Tech – Specifically, Cybersecurity?

Kelly A.: I’ve always been someone who loved to tinker with electronics and met a lot of cool security people at Noisebridge Hackerspace in San Francisco, while working on a smart mirror project. As soon as I found out that people were paid to hack into things and didn’t go to jail, I knew I found my calling. From that point on, I dove into the deep end of the pen testing pool and landed my dream job at Bishop Fox.

Felicia: I was working in tech for a while before moving into cybersecurity. Originally, I went from tech and into an abuse department, handling all the bad things the internet could throw at a hosting provider. My move was motivated by wanting to put away "bad people" and contribute to internet safety, as I had been the victim of an internet predator as a teenager. This is how I was introduced to cybersecurity because I discovered things like phishing and malware in this process.

Kate: While I was a web developer, some of my friends and colleagues entered information security. I was frequently the guinea pig or sounding board for those folks – the person they explained things to, the person who attempted to follow a vulnerability exploit, the person who asked, “but what if you did this instead, wouldn’t that be a problem?” When I was considering future paths after my kids were born, it occurred to me that I had the same skillset as those friends and several years of learning experience, thanks to being the guinea pig. Given the job and financial security provided by the field, it was an easy choice to make.

Berenice: I decided to pursue a technical career as I was an excellent math student in high school – and not so good at more theoretical subjects. Turned out tech was the best fit for me! Then when I was in college, I found out that I enjoyed doing different things, like using the Linux terminal, managing or configuring servers, and networking or programming. My first job was at an internet service provider, which involved monitoring and configuring internet services. After a while, I wanted to do more. I did some research and discovered cybersecurity, which involved doing a little bit of everything I enjoyed!

Shanni: My dad is a biomedical engineer and encouraged my interest in STEM. Growing up we did all sorts of science projects together, including building a radio telescope in our backyard and writing a book about quantum physics together! I wasn’t interested in computers at first and started off college doing electrical engineering, but I had some exposure to the cybersecurity community via the hardware hacking community. While on medical leave from college, I took a cybersecurity course at the local community college and was hooked!

Ashley: I became interested in cybersecurity as a result of seeing news about increasing cyberattacks. I became curious to know how "the bad guys" did it and what I could do to stop them. Over time, I attended different conferences, and I took an introductory course to the field, which confirmed that this was where I wanted to be.

What Brought You to Bishop Fox?

Kelly A.: I love gadgets, so when I saw the Danger Drone that Bishop Fox presented at DEF CON I knew there were other makers and innovators here who were doing cool research (Kelly has also presented her own research since joining the Bishop Fox team!). Bishop Fox also had some really cool people on the team who I was drawn to; I saw that Bishop Fox had badass women on the team and that I would fit in as someone with tattoos and rainbow hair. There were also Foxes from diverse backgrounds like the healthcare field. So I thought to myself – if they’ll take a doctor hacker, maybe they would take an art dealer hacker, too. (Note: Kelly Albrink was an art dealer before Bishop Fox. Read more about that here.)

Felicia: I came to Bishop Fox after working for two large corporations, so I was seeking something different. The culture and the opportunity to grow within a part of the field I hadn't been exposed to very much was enticing. I wanted to meet smart, talented people and learn from them.

Kate: I was ready to transition from being a freelancer to working for a company that would do the HR & sales work for me, so I could focus on improving my technical skills. Bishop Fox’s focus on hands-on testing and supported learning from co-workers and experts, along with a flexible and fun company culture, was clearly the right place for me.

Berenice: While on Twitter, I saw a retweeted article from Bishop Fox Labs and was intrigued by the fox in the profile pic, which I thought was cool. I went to the Bishop Fox Labs website and ended up at the careers page. After reading it, I knew I found what I was looking for in an employer.

Shanni: I was working as an intern for a large third-party logistics provider doing internal information security and really wanted to explore the offensive side of the field. Samy Kamkar, a cybersecurity researcher, reached out to me on Twitter about past work I did on quantum physics. I offered my help but told him that I no longer did research in that area. He offered to talk to me about infosec, and after expressing my interest in offensive security, he put me in touch with a friend of his who might be able to mentor me. That friend was Gwen Castro, Chief of Staff at Bishop Fox! She was so kind and answered my questions, and then suggested that I meet with one of the Bishop Fox technical recruiters, who set me up with Kelly Albrink! Soon enough, I had an interview for an internship position. I’ve been a Fox for over a year now.

What Do You Find Meaningful About Working in Cybersecurity?

Kelly A.: What we do is so critical. When I am on a project that helps secure our water supply systems or devices that regular people use every day, I feel like my individual curiosity is being put to good use. I’ve tested devices that my parents have in their homes, so I know that my work is helping to make my family and community safer.

Felicia: Helping people and businesses become and remain secure is one of my drivers in cybersecurity. Outside of work, I like to inspire others to grow in their passion for cybersecurity. I also do my fair share of educating family, friends, and neighbors on safe internet practices like identifying suspicious emails and scams as well as protecting themselves from internet stalkers and bullies.

Kate: I value the collective sharing of knowledge in this field. I love sharing what I know and have learned with folks a few steps behind me, so that their experience is better and more effective. I’ve taken on a mentoring role and have spoken at several conferences focused on getting less represented folks into the industry; those are definitely my favorite and most rewarding roles.

Berenice: I find cybersecurity to be like solving a puzzle, and I enjoy solving puzzles! I like being able to do something I’m so passionate about while helping companies have more secure environments. Each day, I get to work on complex and technically challenging security engagements, and it’s a truly rewarding experience.

Shanni: I find value in helping other people, and in an increasingly interconnected world, the cybersecurity industry can make in impact in protecting not just companies, but individuals, too. I truly feel fulfilled when I discover a way to help our clients become more secure.

Ashley: For me, it’s having the opportunity to help secure data, information, and organizations. Having a hand in that effort makes my job rewarding and worthwhile. Another thing I enjoy about working in cybersecurity is that it’s so dynamic; you learn something new each day!

Do You Find Bishop Fox to Be a Supportive Environment?

Kelly A.: Absolutely. I had a baby recently, and my team really made it possible for me to take time to focus on my new family. It’s unfortunately rare for women to feel supported when they have kids, so I was happy to have my boss and peers have my back while I was on parental leave.

Felicia: Bishop Fox has never failed to provide a supportive environment for me. I am surrounded by people with varying career paths and so many different insights; I love that I can both learn and teach from experience.

Kate: Bishop Fox is always trying to be better, which I appreciate. It’s difficult to support every employee equally, or to provide the same opportunities to everyone given that we are all here with different skills, experiences, and goals. As the company has scaled, we’ve had to formalize a lot of things that used to be ad-hoc and casual. At the same time – by starting a legitimate process to support different endeavors, they are actually more accessible, especially to new consultants or folks who never heard through the grapevine about various opportunities. It’s a different place than when it was smaller, but Bishop Fox still has “Be Excellent to Each Other,” “Aim Higher,” and “Never Stop Improving” as everyday company values.

Berenice: I’ve never been in a workplace before that truly cares about individuals’ career paths and takes the time to really train people. I love learning new things and acquiring new skills, and here at Bishop Fox I have many resources where I can always go and do that, like the Bishop Fox Academy.

Shanni: One of the first things I noticed at Bishop Fox was not only how kind everyone was, but how willing they were to share their time and expertise. I could ask anyone for help, and they’d happily offer it. Bishop Fox encourages our growth, and I’ve been able to train in my fields of interest. Outside of work, they also offer interest-based social groups where we do activities together, like the book club and a cooking club. Even if we’re remote, there’s an inclusive and welcoming culture here.

Ashley: I work with incredibly smart people! One of the things I love the most about my peers is that they are always willing to answer any questions or lend a hand. This environment has shaped me into a better consultant, not only with respect to growing my technical knowledge but also as a team player.

Do You Have Any Advice for Other Women Who May Be Interested in Pursuing Cybersecurity Careers?

Kelly A.: Have the confidence to put yourself out there. Many women won’t apply for a position unless they meet 90% of the job listing requirements, while men will apply if they meet just 50%. So don’t eliminate yourself before you even apply to a job. If you’re already in the industry, keep in mind that women often get pushed into soft skill roles early in their career, and this can hurt their technical progression. Make sure that you’re advocating for yourself to participate in tough technical challenges, so you can grow your skills.

Felicia: Don't be afraid to ask questions because that means you're curious and that's how you learn best. Some good advice I got from another woman who has been in the field for over 20 years: always speak up but pick your battles strategically. I’d also like to add that you don’t need to change yourself to fit into the cybersecurity world. I encourage continuous learning, but don't let your fire (so to speak) burn out. Not everyone you'll encounter in your cybersecurity journey will be welcoming or accepting of change. Don't take these things to heart; instead, use them to push yourself more.

Kate: There are so many ways to be a part of information security. The typical ethical hacker path is not the only option, nor do you need a computer science or programming background to be a “legitimate” infosec person. Does offsec knowledge or programming experience help? Sure! But the most valuable skills are curiosity, persistence, and communication. If you see a strange application behavior and say, “Huh! I wonder what happens if…”; if you are willing to try the same thing a dozen times to get a different response; if you can help others understand a complex specialized step-by-step process: these are the skills that we can’t easily teach. Details about networks, hardware, APIs, or cloud platform configurations are easy to learn; firmly but politely explaining for the fifth time to a client why their request is out of scope – and getting them to agree with you – can be challenging. If you can do that? You can go anywhere and name your price.

Berenice: Don’t be afraid of what others may say if you need to speak up or ask questions. I used to think that hacking was as difficult as rocket science. But as I’ve found out in my experience, it’s actually not. All it takes for success in this field is the willingness to do the things, to always keep learning, and to never stop improving. Nowadays you can find resources and help online if you’re not sure about something. When all else fails, there’s always Google!

Shanni: I cannot stress enough the importance of having good mentors. I’ve learned so much from my mentors including how to navigate the industry and how to improve my technical skills.

Ashley:  Always believe in yourself and be confident. Being a woman in cybersecurity can be intimidating at times due to the lack of female representation in the field but that doesn’t mean you should feel insecure or inferior. Never be afraid to stand out and always challenge yourself to do new things. Look for organizations/groups that focus on tech and cybersecurity. Those organizations have resources like study groups, mentorship programs, conferences, and you get the opportunity to network with other women. Some organizations I recommend checking out are Women in Cybersecurity (WiCyS) and the Women's Society of Cyberjutsu.

Smashing the Glass Ceiling (and Beyond!)

Just like Ada Lovelace pioneered the way for computer programming, and Hedy Lamarr’s patented communication system that inspired technologies like Wi-Fi, Bluetooth, and GPS – we strive for our Foxes to not only break the glass ceiling but soar to new heights in their impact on the cybersecurity industry. In fact, 42% of our Foxes are women. And 50% of our leadership team are women!

Interested in exploring opportunities at Bishop Fox? We are hiring! Check out our careers page.