I’m Lindsay, a malware analyst and reverse engineer, with a special enthusiasm for obfuscation and anti-reverse engineering techniques used in malware! I am also a woman in the field of cybersecurity. I am often asked “How did you get into cybersecurity?” or “What advice would you give young women interested in cybersecurity?”
There are many paths that one can follow to get into cybersecurity, whether into a more technical discipline, one focused on geopolitical issues, or tracking trends in the cybersecurity landscape. Here are five tips that helped me grow my knowledge and advance my career, and succeed as a woman in an area I’m passionate about.
1. Explore the Variety of Cybersecurity Careers
“Being in cybersecurity” looks different for everyone. Threat intelligence, the industry I work in, is incredibly diverse in terms of the types of careers one can have. An analytical mindset is important, but beyond that, there is a broad range of applicable skill sets.
As a malware analyst, I provide one perspective on a cyber threat: the technical one. But this is just one aspect of the threat. To fully understand it, I need input from my teammates who specialize in numerous areas, including:
- Geopolitical knowledge
- Language and culture of the adversary
- Identifying trends in the cyber threat landscape
- Subject matter expertise around the way tools and data are bought and sold on the dark web
- Campaign tracking expertise
Having strong writing skills is also incredibly important. You must successfully communicate the magnitude of the threat to a wide audience, including executives, highly technical people and other decision-makers.
The good news is that you don’t have to have a certain skill set to get into cybersecurity. When I first started college, I had zero programming experience, while many of my peers had extensive backgrounds in it. The first few classes were challenging for me, and while I did alright in them, I struggled to catch up. The key, though, was to keep on going—as I had the chance to practice what I learned more often, I became better at it over time.
2. On-the-Job Education
As far as cybersecurity certifications go, I do not currently possess any. Instead, I got an engineering degree, then worked as a software engineer and later pivoted into reverse engineering. As a software engineer, I spent my time writing all kinds of code, from mobile apps to C++ and Java programs.
I didn’t really get into cybersecurity until 2014, when I began learning reverse engineering and found out I loved it. I had the chance to learn from others on the project, and would take on small, project-specific tasks that grew in size and complexity over time.
While I took training classes in specific topics, they were never a huge part of what ultimately allowed me to get the repeated, real-world exposure to—and experience with—these topics. There are tons of accessible resources out there, some of which are created by women in the field. They include this set of workshops by MalwareUnicorn and these resources identified by hasherezade.
3. Build a Strong Foundation
Prior to developing my skills in reverse engineering, I had the opportunity to build a strong foundation of skills that made learning some of the principles easier. This is by no means mandatory, and the definition of a “strong foundation” will look different for every specialty, but these skill areas often pop up when I reverse engineer code:
- Basic software engineering principles
- Low-level programming
- Data structures
This is a short list—if you’re particularly interested in malware analysis or a very technical cybersecurity career, having the ability to read and write code (especially C and C++) is extremely helpful, along with an understanding of networking principles, and, to a degree, computer architecture.
4. Never Stop Learning
Cybersecurity is a fast-moving field, and the latest threats—ransomware, state-sponsored activity, or a new vulnerability—can evolve rapidly. Take the opportunity to continue to enhance your skills, whether that means learning to program in Python, reverse engineering a new type of obfuscation technique (my personal favorite!), or enhancing your expertise in another language.
There are so many opportunities out there that you should take advantage of, especially those outside of a more traditional training class or certification. They include webinars, lunch-and-learns taught by coworkers, or podcasts.
And it’s often worth trying something new. Taking a new opportunity, whether a new project or role on a current project, can often be a great way to learn a new skill, and find out if it’s something you want to pursue further in a relatively low-risk way.
For example, learn some basic Python programming to build a simple game you’re passionate about, or try a Raspberry Pi project that interests you. A great way to get started in learning software development, electronic engineering, or finding interesting project ideas is the Adafruit Learning System. This was created by Limor Fried, a woman who’s a key figure in electrical engineering and the open-source movement.
5. Find a Sponsor
There’s a lot of talk about identifying a “mentor” who can help provide guidance or advice. Early in your career, guidance can be incredibly helpful, especially in determining knowledge gaps and how you can fill them, and being exposed to different specialties to determine what you want to pursue more deeply.
Then consider going further, and pursuing someone who could be a sponsor. A sponsor not only provides what a mentor does, but more actively works to promote you and your achievements to others. It’s helpful to have a person to identify opportunities for growth. Even more powerful, though, is a sponsor who can actively help you grab these opportunities. Early in my career, I found a sponsor who both helped me develop my reverse engineering skills and advocated for me to obtain research funding and a position on a new project. This made it easier to find new opportunities in both of those areas and build my skills over time. This gave me confidence and motivation that ultimately helped me build my credibility and reputation in the field.