5 minute read
Lisa Jiggetts
Founder, Women’s Society of Cyberjutsu
I’m a pentester, aka an ethical hacker. I assess an organisation’s system/network to find and exploit vulnerabilities for the purpose of identifying any weak spots that malicious attackers could take advantage of.
I enjoy the hunt, and the challenge of finding misconfigurations and vulnerabilities: knowing I am directly helping a customer secure their environment gives me great satisfaction.
The great thing about pentesting is that it can be done remotely full-time. If anything positive can be said about the pandemic, it is that it opened people’s eyes and presented opportunities to implement change in how we communicate securely, as well as how to co-ordinate recovery from a serious compromise when staff are in multiple locations.
I’m also the founder of the Women’s Society of Cyberjutsu (WSC). I started it in 2012 because, at the time, there wasn’t a space where I felt comfortable and safe learning, in an area typically seen as a “guys thing”. I wanted to be able to geek out and do some hacking, or build a new lab, but such a space just wasn’t there, so I created one. I also wanted to share my knowledge of pentesting with other women with the hope of getting more qualified women into the pentesting workforce. I believe seeing more women in atypical roles encourages upcomers, especially young women and girls, to aspire to those roles. WSC is a non-profit whose mission is to advance women and girls in cybersecurity. We have affordable membership for women (those that identify as women or nonbinary), veteran/military and men. We are an inclusive organisation that aims to level the playing field and increase diversity in cybersecurity. We do that by hosting a variety of mostly hands-on workshops, webinars, conferences, hacking events, study groups, and—my favourite—happy hour/ networking events.
Many of us have become family and close friends and I like to believe that’s what differentiates and drives WSC. We just want be a support platform—one I did not have when getting started—to help women get into cybersecurity and advance their careers in cybersecurity.
I don’t think, in general, women’s contributions are valued equally with men’s. We’re getting there, but I think it’s a mindset that will take years to change. And diversity is more than simply having equal numbers of men and women, it’s about having diverse people. At the end of the day it boosts the bottom line. You’re going to get a variety of inputs when developing solutions.
And I think there will be even greater demand for pentesters. As we’ve seen very recently with the attacks on infrastructure and government systems, companies are changing their tune to become more proactive rather than reactive, which should include regular pentesting. Having pentesters on deck ensures they keep up with the latest attacks and countermeasures.
The most challenging aspect of being a pentester is keeping up with all the things you need to know. You have to know a little bit of many things, but alot of a few things.. With new technologies being implemented, on top of the breaches, trying to keep up with everything and have a decent work life balance is, for me, the most challenging aspect of my role.
Staying involved in the security community helps. You may have all the skills in the world and have no issues finding a new job, for example, but there are times when you’ll need to inquire with someone, whether it’s a technical thing or personal/job related thing. Networking and building relationships is priceless.
However, for me, being able to mingle and communicate with my peers at events or building my relationships for networking is always a work in progress. I’d rather stay in the background and just be a fly on the wall but that’s not realistic, so I put myself in situations to “practice”. I’m competitive by nature in many aspects of my life, so I’m constantly challenging myself to do and be better.
Many times I have put myself in positions to take on security work that, at the time, wasn’t my primary duty. Fear can make us turn down new opportunities. I believe I have got to where I am today by overcoming my fear and throwing myself into new opportunities. because we’re doing a lot of Kubernetes pentesting in cloud environments. I’ve also been able to leverage some great research and talks available online to identify some serious findings. Showing those to the customer and helping them has been really fulfilling.
I think, as the cloud space grows, there’ll be a lot more usage of container orchestration tools. So it’s a nobrainer to have these skills in my toolbox, which will in “The most challenging aspect of being a pentester is keeping up with all the things you need to know. You have to know a little bit of many things, but alot of a few things.” turn help with progressing my career as a pentester. However, I feel I still need to acquire some coding skills to be a well-rounded pentester. I wish I had stayed the course and gained a good foundation in coding when I was enrolled in a computer science degree program back in the day, but I was terrified of all the math and programming courses, so I took the easy way out and did an IT degree.
I’ve recently become a Certified Kubernetes Administrator (CKA). It was really challenging, because Kubernetes was brand new to me. I decided to buckle down and spend some time studying and learning it. The exam is practical, so you have to know the concepts as well as the commands to get through it. I ended up passing the second time, and this certification has been for me the most fulfilling to date: I went from knowing nothing to becoming really comfortable in the space.
www.linkedin.com/in/wsccyberjin
I’m planning on taking the Certified Kubernetes Security Specialist (CKS) program next. For me, it’s the natural progression to getting the skills and credibility for pentesting Kubernetes.
womenscyberjutsu.org
cyberjutsugirls.org
Kubernetes knowledge has been extremely useful,
CAREER PERSPECTIVES
