In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfilled by 2021, infosec is certainly a lucrative space for women.
However, over the past year, the tech industry has attempted to create more opportunities for women in tech. For instance, IBM and Florida International University invited more than 200 girls from seven different schools across Miami-Dade for “IBMCyberDay4Girls,” a one-day conference that educates young women in fifth grade up to eleventh grade about cybersecurity. Also this past year, RSAC, after facing enormous criticism for women representing just 20 percent of the speaker lineup at its last outing and 25 percent of keynotes), announced it would shy away from all-male panels and would be encouraging companies to diversify their representatives to the conference, among other changes.
Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.
For a lightly-edited transcript see below.
Lindsey O’Donnell: This is Lindsey O’Donnell with the Threatpost Podcast and I’m here today with Jessica LaBouve, Jessica’s a penetration tester at A-LIGN. Hi Jessica. How’s your week going?
Jessica LaBouve: Hey, Lindsey. It’s going great. Really excited to be here with you.
LO: Yeah. Thank you for coming onto the podcast. Can you tell us a little bit about yourself and A-LIGN and what you do there?
JL: Yeah, so I’m a penetration tester for A-LIGN. I’ve been here two and a half years. I graduated from a college in middle Georgia with a specialization in cyber security, I have my certified ethical hacker designation, and I’m really involved with the local infosec community and do a lot of volunteering there.
LO: Yeah, no, that’s awesome. Well, you know, today I wanted to talk about something that is a little different than what we usually – kind of the more technical topics that we discuss on the Threatpost podcast. And that is us kind of taking a step back and looking at the tech and cyber security industry as a whole, and the state of diversity in the industry, and kind of looking at your experience, Jess, and you know, any other kind of top trends in the cybersecurity space that you’re seeing even beyond that. So this is going to be kind of a more informal chat about your experiences in cyber security so far, just but just to start off, can you tell us kind of how you got into cyber security and hacking and kind of what first piqued your interest here?
JL: Yeah, I think my experience was pretty standard in that I was always on my computer and always getting told to get off of it right as a kid. And when I was going into college, I went into IT and wasn’t really sure what I wanted to do with it. But I was fortunate enough that I had a professor who wanted to do a local pen test for a company through the college, and I was a social engineer on that engagement and work with the Masters level students to do that pen test. And that was like, hook, line and sinker I was in, I immediately switched to the cybersecurity specialization, did all the ethical hacking classes, Linux, everything I could take, before I graduated and was able to come on straight to A-LIGN and work as a penetration tester here.
LO: That’s awesome. I know like from my experience, and I didn’t even start in the tech world until a few years, even after college. And I started as a general journalist, and then eventually from there, went into the tech world and then pivoted into the writing about the cybersecurity space. But you know, looking at my college years, I had never thought that cybersecurity is where I would be. So that’s, you know, feel like my experiences a little contrasted to yours. Did you know that cybersecurity was something you wanted to do from a young age? Was there any kind of “a-ha” moment there? Or was it more? You just really enjoyed kind of the skill sets that were necessary and that just, you know, happened and segwayed into your further career development?
JL: No, I wouldn’t necessarily say that I was immediately into cybersecurity. I was actually the first graduate of my collegiate program for cyber security. So it’s such a new and exciting field that I like, kind of like you didn’t even really know how to even get into it until it started that that ball started rolling, right. But I was able to get involved and once I was I was really into it. And it’s been exciting ever since.
LO: What are your favorite parts of being in the cyber security world? What what kind of like the day to day roles that you really enjoy doing and even back in college?
JL: Yeah, I’ve always loved to challenge myself. I’ve always been very competitive and a very mediocre athlete. I tried harder than anyone else right? But I think I take that mentality and then my work and I’m just really love to grow love to change, love to adapt and overcome, right. And that’s that’s that mentality, you have to have a cyber security, right. It’s everything is constantly changing. And if you’re not staying on top of that you’re already behind. And one of the few ways I do that is through certifications as well as being really involved in like local community events like BSIDES and things like that, as well as DEF CON in Las Vegas. So I kind of love that aspect of it where you have to really commit, you have to be involved.
LO: Yeah. Can you talk about more about those community activities that you mentioned, you know, BSIDES, DEF CON? And do you think that, at least from a perspective of a female in security, that those types of events play a role in trying to increase diversity or at least offer a window for I guess, like more opportunities for women in tech?
JL: Right, yeah. So I’m very involved with the local chapter of WITI, which is Women in Technology International and do volunteer events with them. And that’s a good way for me to kind of see that, hey, you know, we are out here. Because when you do attend those events like DEF CON, it can kind of be overwhelming. I’ll go past a long line of men waiting for the bathroom into an empty women’s bathroom. I think, one time I did see another woman and we kind of high fived and we went on our way, right? It is interesting, because you still see that there needs to be progress in this field. There’s definitely a huge divide and those conferences can be very eye opening in that regard.
LO: Right. It’s funny, you mentioned that because, you know, I’ve said like, you know, Black Hat and DEF CON are the only places where the male bathroom line is going to be longer than the women’s.
JL: Oh, yeah, that is that is the cool part though. Right? Yeah.
LO: Definitely an advantage but looking at diversity in the cyber security space in general, what do you see being the state of diversity right now? I mean, what can we do to promote diversity and what are the challenges or drawbacks that you’ve seen, you know, being a female in this industry, you know, from your own experiences or from colleagues experiences, just anything that stuck out to you?
JL: Yes, I think one of the biggest thing is I also am involved with the Girl Scouts. I went and volunteered there and was trying to recruit them away from being astronauts into being cyber security analysts, right, it wasn’t as effective. But I tried to be a presence right? I tried to be effective, I have a younger female coworker as well, that I work with and I try to be a mentor for her and I try to work closely and it’s just about not feeling alone. Right? I think that’s really important for women, especially in an industry where it’s absolutely dominated by men, right. And I’ve been fortunate enough to have a pretty good experience, I would say overall, working with my company at A-LIGN. I definitely one of the guys, I feel very comfortable interacting with them and not feeling like I’m being you know, or being stepped around on tiptoe.
LO: Right. Right. And that’s really important. I feel like and it’s interesting that you bring up, you know, working with Girl Scouts and kind of the, the younger generation because, you know, thinking back to when I was younger of a younger age, part of the reason cyber security never really stuck out to me was because kind of the stigma around cyber security, doesn’t talk to skill sets that are actually necessary. When I used to think of cyber security I would think of, you know, maybe like a male dominated industry full of black hoodie, people in their parents’ basements.
JL: Yes and that stereotype still lives on right? There’s definitely a reason it’s still around and I constantly get that, “Oh, you don’t look like a pen tester.” And I’m like, “Well, what do you think a pen tester looks like?” That is the thing is like we’re changing, you know, especially as we have these programs, and we’re able to do these Girl Scouts events, it was so incredible. They were already programming Raspberry Pi’s using Linux and Python to control them through these sensors, right. And being involved like that. I can’t imagine like if I had been able to have that experience at a young age, and be really hand held through that process and understand, like you said, it’s like, you almost think like, “Oh, I couldn’t do something like that. The people who are doing that look nothing like me. They’re nothing like me.” And I think that’s one of my strengths, right in this industry, is the fact that I think differently, and I am not like a lot of the industry standard, right? Especially with the social engineering engagements. You know, with those, you’re trying to bypass physical security, you’re trying to convince people to let you into things that they’re not supposed to and when you’re a young woman it’s a lot easier than when you’re a hacker in a hoodie, right?
LO: Right. No, I love that. And I think your point too brings up another really interesting aspect of it, which is mentorship and making sure that young females who are entering the workforce or even just at a younger age, have access to some sort of mentor in the cyber security space or even just someone – doesn’t have to be even in the in the tech world – just someone who’s there to, you know, kind of bounce career ideas off of. And I feel like that’s such a big important piece of promoting diversity in the security landscape too, I don’t know if you’ve had that same experience, but it sounds like you’ve been playing kind of the role of mentor for for some other younger females.
JL: Yeah, so that’s really important to me because I actually worked Help Desk at my university and I had an amazing female mentor. I’m going to say her name so she can get her a little shout out but Misty Keirnan was one of the three people who really believed in me and really inspired me to continue a career in IT and having her as a resource and being able to understand my struggles and that kind of like – because you are very often underestimated you are very often treated like, you won’t understand this and it’s like seeing a woman who was strong and capable and knew the material and was technical, it kind of added to my belief that I could do the same and that’s why it is so important for me to provide the same through Girl Scouts you know, through my co workers that I do have that are female.
LO: What advice would you have for other young woman who are just entering the security world either in their first job or who are maybe looking to pivot from a another job outside of the security or tech landscape and stepping into the tech world; what recommendations or advice would you have for them?
JL: I know that sounds kind of cheesy but I would definitely say just believe in yourself, right? That mentality that you do, you do deserve to be here, you are smart enough, you are capable enough, you are hired for a reason. I think women are definitely prone to those thoughts of self doubt. And they’re going to notice all of a sudden that I’m an idiot, you know, I’ve been here two years, and I still have that, like, Oh, God, when is the curtain going to be, you know, ripped off. But that mentality of you have to be confident, you have to know what you’re talking about. And know that you know, because there are going to be doubters, there are going to be people who look at you and say, you don’t look like a pentester. You know, and you have to have that mentality to get you through that.
LO: Right. I feel like that’s so important. And looking forward do you have any goals either having to do with your own career or kind of promoting diversity in the security landscape from a more generic standpoint? Do you have any kind of goals moving forward within your career?
JL: Yeah, for sure. I definitely want to be more involved in giving presentations and public speaking. I hope to submit a talk to the local BSIDES this year and build that presence in the industry and kind of provide that, “hey, she’s out here doing it. I can too.”
LO: Right? Yeah. So Jessica, thank you so much for coming on to the Threatpost podcast. It’s been really great to kind of hear about your story and your thoughts around the state of diversity in cyber security.
JL: Yeah, thank you so much for having me. This is such a pleasure and honor.
LO: And once again, this is Lindsey O’Donnell with Threatpost talking with Jessica LaBouve with A-LIGN. Catch us next week on the Threatpost podcast.