What does it mean to be a tech changemaker in the cybersecurity field?
Essentially, being a changemaker is being someone who can’t sleep at night if they know there’s an issue that needs to be fixed. So for me, being a changemaker is working with organizations and executive teams to improve their organizations or the ways they execute things. A big area I’m working on is an organization that I co-founded – “Hacking is NOT a Crime”. Here, we work to push for hacker rights and try to change public perception of the hacker community. We work to get organizations to have vulnerability disclosure policies, and for legislation to be updated as most of it was created in the 80s and hasn’t been touched since. Finally, I advocate and take actions for marginalized genders in security and tech through We Open Tech. We Open Tech is an open community of folks who support one another to support all marginalized genders to obtain any position and title while working in security and tech.
You mentioned that you’re working to advocate for hacker rights. Can you provide more information on this?
The majority of the public doesn’t know that there are two distinct groups – hackers and attackers. Hackers are really just security researchers, but they’ve been labeled as attackers by the media, legislation, and companies. Public perception is that they’re the same thing, but in reality, they use the same skill sets but hackers respect boundaries. Attackers focus entirely on malicious gain.
You believe that information security is a humanitarian issue – can you provide more detail?
Before I went into infosec, I was doing work for tech startups and non-profits in management consulting. I realized quickly that in this role, you really never stop learning.
Right upon starting, I realized that all these conversations are about privacy protection, data, data rights, but also about your security. And I start recognizing at the very beginning of my career in security that non-profits are especially targeted. It’s usually easier, as they don’t have a security team. They’re much more likely to have one person that does IT and does it all. And the problem is that when there’s a breach, and donor information gets out publicly, it makes donors not want to give again. When you don’t have funds as a non-profit, you can’t meet the mission’s goals. When I saw this coming up, I got really concerned about non-profits because we don’t talk about security. We’re more worried about the people that we’re serving, and making sure that we’re completing our mission. This was the eye-opening moment when I realized that this is a humanitarian issue – because there are non-profits that can’t feed people that are starving, or provide medical attention if there’s a shut-down of their services. These are really real, humanitarian issues. This is why I see security as a humanitarian issue.
What do you see as the future of cybersecurity and information security?
These are all things that I hope will happen!
First – I want the representation of marginalized persons throughout organizations. This means C-level and in-board positions. Right now, we’re less than 20% of underrepresented persons, and we want to get it to 50% if we want this. We truly need representation at the top. If we don’t get it at the top, we aren’t going to see it trickled down.
Secondly – burnout. I want every organization in our entire industry in infosec to recognize that we have a problem with burnout. We run on 24/7, round the clock, we never know when we’ll be called and we’re at the edge of our seat. We look at burnout and start having that work-life balance, and everyone is aware that we have to do that.
The last thing – gatekeeping. Gatekeeping is such a huge problem in tech in general, but especially in infosec. Various different groups in the hacking community won’t let someone else join because of background. When it comes to employment, they’re looking for certain years of experience. And so even if the person can do the job, they don’t get it – and that’s gatekeeping.