Why I Went “All In” for InfoSec

I’ve been a web developer for a long time, as in I remember when Netscape was the browser to use and connecting to the Internet at 56k was screaming fast! And it’s been a fun ride, this long and very strange trip I’ve been on for the past two decades. The problem is that there are only so many ways you can take user input, turn it into a database query, collect the results and squirt them back to the user. Been there, done that, bought the t-shirt, burned it in effigy, and recycled the ashes as firelighters.

Twenty years… That’s a long time to do anything, and burn out comes to many of us in IT. I knew I was in trouble when, faced with the prospect of adding yet another scripting language to my collection of web coding variants, I said to myself, “I don’t want to learn another language.” I kept my silence about it for a long time, soldiering on and doing my best to bring my best to the company I worked for and the team of developers who were my colleagues and my friends. But I knew the truth. I needed to find a new career path, one that would rekindle the spark of joy I once felt when staring down a snippet of code that was so close to doing what I wanted it to do.

I started looking at job boards, trying to figure out where to go from where I was, but I got no answers. Just more spam in my inbox and more aggravation for my soul. But the years have taught me the value of tenacity, so I kept at it, hoping, but not really believing, that I would find something that would reach out and grab me, that would reignite that sense of wonder and discovery web development had provided for so long. The answer came at me, as it always does, from left field.

In October 2016, I received an email newsletter from my alma mater, Saint Leo University (SLU), where I had gotten my Associate’s degree through their online program four years prior. The newsletter had the usual congratulatory bits for this person and that program, the typical pleas for donations, and the requisite hurrahs for the sports teams. But this particular newsletter also mentioned that they had expanded their Cybersecurity program to the Bachelors level.

I knew SLU had Masters-level programs in Cybersecurity, but the addition of a Bachelor of Science program in Cybersecurity was a definite news update. Something deep inside me shifted, subtly and undeniably. It was a given that I needed to finish getting my bachelor’s degree, and I knew I would do so in something computer-science related, but the prospect of getting a straight CS degree had left me cold for years. Reading about this new degree program struck a chord, though. It resonated with something so deeply buried it took me a while to realize what it was that I felt. That is how long it had been since I felt excitement and anticipation about starting a new project.

What most of my friends and colleagues didn’t know at the time is that I have a longstanding interest in security and incident response issues. I can’t help it. My dad was a firefighter with the Los Angeles City Fire Department for 40 years. One of my uncles served with the Glendale Police Department for at least 30 years. Another was a “mustang” in the Navy, entering the service as an enlisted man and retiring as an officer. So I understand the calling to serve on a visceral level. It’s in my blood.

While I haven’t served in the military or fire services, I did serve as a reservist with the Orange County Sheriff’s Department for eight years, working with full-time LEOs and with other geeks in the High Tech Services Reserve Unit, so I have a clue how law enforcement agencies work, and how ugly Internet-based crimes can be. I’ve also trained with the LAFD Community Emergency Response Team (CERT) program off and on since 2008. And I’m a disaster survivor, having watched as over 80% of my neighborhood was incinerated in the Station Fire in 2009. I understand the potential consequences of bad incident response and management, both personally and professionally, and I know without question that one person can make an enormous difference.

After wrestling a while with my doubts and insecurities, I made the decision to shift career tracks to InfoSec. I re-enrolled at SLU, declaring my major as Cybersecurity and started whittling away at classes. Then I learned about the SANS CyberTalent program and its Immersion Academy for Women. I took the aptitude test, filled out and sent in the forms, and was accepted as one of 24 participants in the 2017 cohort, out of around 300 applicants. As of this writing, I have completed two of three certificates offered through the Academy, and I expect to achieve the third in time for Christmas. (Update: I took and passed the GCFE exam before New Year’s.)

The ultimate step off the ledge, however, was when I quit my job last May, leaving web development behind so I could fully immerse myself in this strange new world of hackers and crackers and Red Teams and Blue. Since then I have overclocked my brain, blown my buffers, and melted my cortex more times than I can count, and I love it.

I love it because I’m able to leverage what I already know and apply it to a field that is both broad and deep.

I love it because the challenges I face have the potential to make a difference, even if it’s only a small difference in the grand scheme of things.

And I love it because of the people I have met and befriended since starting this new and bizarre path. They might not make me feel sane, but they understand my kind of crazy.

I don’t even mind that I have to brush up on some languages I haven’t used in a while, not to mention learning a few new ones.

I have no idea what tomorrow will bring. I am like Alice, peering over the edge of the rabbit hole, wondering how deep it really goes. This much I do know:

  • Information/Cybersecurity is becoming more important to our world by the minute. Don’t believe me? Does Equifax ring any bells?
  • Ordinary people, people like my mother, who is as non-geek as it is possible to be, who can’t find the “any” key on a good day, cannot protect themselves. They do not understand technology, and they never will. It doesn’t matter that they use it every day. Its inner workings are, and always will be, alien to them.
  • There are bad people out there who would gleefully strip my mother, all her friends, and even her dog, of everything they possess without a moment’s hesitation. It doesn’t matter whether their motivations are greed or ideology. The threat they pose is real, and the consequences they inflict on others grow more extreme all the time.
  • And there are other people, people like me who are willing and able to fight on behalf of the innocent, knowing that we won’t win every battle in cyberspace, but also knowing that the effort is worthwhile, regardless.

Looks like I found that spark.


(Note: Originally published on LinkedIn)

Leave a Reply

Your email address will not be published. Required fields are marked *