Sunday, 20 May 2018

Profile of Veterans - Steph - WithYouWithMe

 

By Chief Editor and Blog Manager- Amanda-Jane Turner

Thanks to Amy O’Connor from WithYouWithMe for enabling this article series on veterans and to Steph for agreeing to be featured in this Profile of Veterans article.



In her twenties, Steph commenced software development as a hobby, while her navy husband was on extended deployment. A woman with an amazing variety of interests,  up until recently she played Women’s Roller Derby where her player name was “Secure Socket SLayer” (SSL) and her player number was 443. For those not into computer networks, this is a pun on port 443 the standard port  used for websites that use SSL. Embracing her creativity, Steph also does ballet and plays the violin. In addition to studying software engineering, Steph also completed  a course on computer networking which she really enjoyed. Learning about how networking components could be manipulated in certain ways to create unintended reactions, she became absolutely obsessed with learning about this and how hacking works. Subsequent to these courses, Steph then studied for a bachelor of Information Technology Network Security, where she was awarded as a gold disruptor in the Australian Computer Society’s Student of the Year Category, and completed a summer internship in a Security Operations Centre.  
  
Currently working full time as a Senior Security Analyst, she conducts a vast range of security activities, including incident response, vulnerability management, risk assessments and threat intelligence. She is enthusiastic about her role and shared that there is always something new to do every day in an ever changing environment and threat landscape. When asked what she sees as challenged in security, she explained that often organisations view security as a product to sell rather than everyone’s priority. Prior to her current role, Steph conducted penetration tests and vulnerability assessments as a WYWM Cyber pentester. She has had diverse experience in cyber security including working as a digital forensics analyst (acquisition, triage and analysis of digital evidence) and a delegate at the OECD in 2017 to conduct research into the financial sector’s global threat landscape.

Steph thoroughly enjoys pentesting and said that her dream job would be a role that includes penetration testing, red teaming and security research. With her primary passion in this work being offensive security Steph loves discovering ways to exploit systems and developing creative ways an attacker may compromise or interact with a system.  Ultimately she wants an amazing role in security to lead advance adversary simulations, crafting simulated attacks that will encompass social engineering, physical security, research into advanced persistent threats and in-house vulnerability and exploitation research and development. Steph loves learning new things and is currently obsessed with custom network protocol reverse engineering and vulnerability discovery through protocol analysis. Sharing challenges to her getting her dream job, Steph spoke about a lack of security maturity in Australia where organisations do not fully understand the looming threats globally and the best ways they can be mitigated. She stated that by combining strategic, operational and tactical threat intelligence with advance adversary simulations the we can place ourselves in a much better position to decrease Australia’s ‘cyber’ attack surface.   

Citing development and training from an employers as meaning a lot to her, she states that a big factor for her when seeking employment is one that offers the option to develop employee skills, gain certifications and offer highly skilled mentors. Mentors are important to Steph and she believes that there is a lack of technical mentors throughout Australia interested in mentoring up and coming pentesters and red teamers. Steph would love to see more involvement from mentors willing to assist with development in this area.

There are however organisations and people who are willing to support people gain employment in the cyber security field, and Steph stated that the biggest help she received in gaining employment was through WithYouWithMe. As a defence spouse she  moved around a lot and although she already had a lot of technical ability and passion in security she didn’t understand her worth within the job market – WYWM helped Steph understand this. Another big factor in helping Steph gain employment was immersing herself completely into security, taking every security course she could find and becoming active within the security community.   

Steph was asked if there was any individual or organisation she would like to promote and she shared the following:

“I want to promote the hackers helping hackers charity – they send disadvantaged and individuals from minority groups to security conferences around Australia. I also want to promote the amazing security community throughout Australia – all the security Cons (bsides, crikeycon etc) put on by volunteers from the security community. And the Security community events like SecTalks and InfoSec. “       
   

If you want to connect with Steph you can find her on LinkedIn.


(c) AWSN 2018

Disclaimer: The views and opinions expressed in this article are those of the author/s and do not necessarily reflect the official policy or position of any agency, organisation or association.