Women in Information Security: Valerie Thomas

In my last interview, I spoke with Jen Fox. She’s a Senior Security Consultant who specializes in compliance.

This time, I had the pleasure of speaking with Valerie Thomas. She has a lot of expertise in both penetration testing and industrial cybersecurity.

Kim Crawley: Please tell me about your cybersecurity role and how you got there.

Valerie Thomas: My current role is an Executive Consultant with Securicon, which equates to the lead technical consultant of the penetration testing group. The majority of my time is spent performing penetration testing and vulnerability assessments of various software and hardware, also known as hacking all the things. Securicon is heavily involved in industrial control systems (ICS) and supervisory control and acquisition (SCADA) spaces, so I spend a lot of time in power plants and other critical infrastructure facilities. My niches are physical penetration testing and social engineering, which means that I get paid to break into buildings.

I wasn’t aware that ethical hacking was a career option until my senior year of college after reading The Art of Deception by Kevin Mitnick. I graduated with a Bachelors Degree in Electronic Engineering and immediately began seeking a network security position. However, this was in the early 2000’s before cybersecurity was a mainstream career field, so a lot of knowledge was obtained by knowing someone who could teach you about ethical hacking and vulnerability assessment. I entered into a Department of Defense internship program for network engineering and basically sought out those who could educate me.

KC: ICS and SCADA security is very niche and poorly understood. And yet, we’re all directly affected by it. We all use electricity and water, for instance.

What are some of the challenges that are specific to keeping ICS and SCADA secure?

VT: Many of the systems (Read more...)