Last time I spoke with technology marketing communicator Stacey Holleran. Our work is similar, but different. Moreover, she warned me about what I would expect from the tech industry in a few years, when I am 40 years old!
For my last interview until fall / fall I had the pleasure of talking to Yaz. She went from the army to a civilian career as a head-threatening researcher for Blackberry / Cylance, a company I also work for. We talked about recruitment managers who were wrongly obsessed with certs, Islamophobia and … Area 51?
Kim Crawley: Tell me about yourself and what you do.
Yaz: I am a recently divorced veterinarian. Registered in 2003, got out last year. I was a signal intelligence analyst. I always enjoyed being in a world that most people don't see. And know things that not everyone would know. I am currently a head-threatening investigator for Blackberry / Cylance.
KC: Were you interested in computers before joining the army?
Y: Yes – my adopted father is a software engineer and I wanted to follow in his footsteps.
KC: Were you a computer as a girl?
Y: I enjoyed following growing computer classes. We then had a few real standard programming lessons. (Late 90s)
KC: The first PC I ever worked with was a Commodore 64 at the end of the 80s. Your curiosity led you to follow those lessons?
Y: School made sure everyone took them. I just enjoyed it. And I'd add things to the code to see what happened. I've always done things to see what happens.
KC: That's the hacker mindset! Do you think you would be where you are now, working for such an innovative company, if you had been a citizen all your life?
Y: To be honest, I think I'd be farther. Before I became a member, I just started web development. And that led me to tinker with the vulnerabilities of web pages. I think I would keep pushing that area if I hadn't joined. I had just discovered spyware before I went in, and I thought it was the coolest. I had infected my own systems to see what happened. I started to get really curious. Joining the army pushed that off because I had to learn new skills and had less time to tinker. But the army taught me how to follow threats in the cyber and signal room. And that was really nice! I now use both skills. But I feel that my scripting skills and pentest skills would have been better if I didn't participate.
KC: When did you start pen testing?
Y: I started working on things around the age of 16. However, until 2014 I did not take the CEH (Certified Ethical Hacker) test. I didn't even know about pen testing and reverse engineering was a real job until 2012. I think the army protected me against buzzwords and certs. I know CEH was a success years ago. Everyone wanted that. And now I think it's CISSP.
KC: Yes, the CISSP is really hard to get. I also think that, unlike the CEH, it first requires years of experience in the industry.
Y: I'm not sure. I have no money for certificates, so I almost never look at it.
KC: Do you think employers are often too obsessed with certs? Sometimes I think companies have to pay to train a promising person for a CEH or CISSP instead of demanding it from the job market and then complaining that they can't find anyone qualified.
Y: I think some companies are too focused on certs. And I feel that those recruitment managers don't have a good understanding of things. If that makes sense. As a good manager knows that someone is kickass and broke.
KC: Yes, frankly, when companies complain about not being able to find qualified cyber security people, my eyes roll a bit.
Y: Same. A good company with a good understanding of the field will not require every cert. I feel that the more a recruitment manager does not understand the profession, the more they cling to the need for all certificates.
KC: And maybe you invest money in training certificates and paying for the exams of their employees! Crazy idea.
Y: I was hired for a malware analysis job with a focus on reverse engineering, and they wanted a CEH for that …
KC: I've always thought of the CEH as a red teamer / pen testing cert.
Y: It is! Haha. The personnel manager had no idea how to be used as an analyst for malware when I showed up the first day.
KC: Maybe HR managers don't often know what they are doing. What are some of the misconceptions about the work you do?
Y: People assume that I do things that are admin. Like handing out creds. Some people think that I sit all day and put malware in sandboxes.
I had a guy who basically told me that my job wasn't hard to do because I was a & # 39; girl & # 39; used to be.
My 16-year-old tells his teachers that I am a hacker … I called about it because they think I am doing illegal things. The assistant director told me that my child should stop talking about my job at school. I told him to grow up. My work is not illegal and I am not a hacker. Some people think I fix computers.
Some people think my job is DevOps stuff. Most people just don't understand the intelligence of cyber threats. (That's why I finally had a chat.)
KC: Oh god, I wrote about misconceptions about hackers for 2600 Magazine. I feel for you.
Y: One person thought I had taken alien things apart at Area 51! I said I do reverse engineering stuff, and the guy said that. "Oh, so do you take alien software separately at Area 51?" I thought: sure? Because at that point why not go along.
KC: What type of malware do you have reverse engineering?
Y: So many things. I have blogs on the Cylance portal. Malicious macros, encrypted up-theater, North Korean malware, point-of-sale malware, Emotet and more as standard.
KC: Is reverse engineering fileless malware more difficult?
Y: It was the first time. But it's just code that is injected into an ongoing process. So the hardest thing is being in the right place. Everything is difficult the first time. And sometimes the second and third time, depending on the malware.
KC: Has sexism ever affected your career?
Y: Ugh, yes. When I wanted to stop the implementation, I did my first cyber interview on US-CERT and the lady said she couldn't hire me because I would be a distraction for her team.
KC: From a woman? Wow. Internalized hatred of women.
Y: It was an older lady. And there was the guest who interviewed me in the room. He just gave me a look. She insulted both of us. I think her comment led me to want to wear hijab more. I wanted to cover myself. I wanted to go unnoticed.
KCSo you must also be influenced by Islamophobia.
Y: I treat men who do not want my answers or results at work. And my team leader must intervene and support me. My colleagues will use language to back up if we get men who don't want my answers. They will say, "I agree with Yasmine" or "as Yasmine mentioned." Thom, my team leader, understands the fight because his wife handles it. And he tries to be proactive to stop it at work. I get fewer people who care about my religion in this area. It's more like being a woman. We have one person who commented on us that we didn't hire enough white people. I changed it to HR.
KC: Wow. Yes, sometimes I honestly forget my white privilege. I have a face full of piercings and I am goth, and I am nowhere near the kind of fanaticism that I would get if I wore a hijab. (I know that white people can be Muslims, but Islamophobia is about perception.)
Y: I think it's easier to move forward in interviews if I wear a hijab. Because people have to pay attention to me. I give them nothing else to look at.
KC: I learned so much from you, Yaz. Do you have anything else you would like to add before we leave? I'd love to hear it.
Y: Nothing to add!
Publisher's note: The opinions expressed in this article about the guest authors are solely those of the author and do not necessarily reflect those of Tripwire, Inc.