The Hacker Mind Podcast: Hacking Diversity - Security Boulevard

SBN The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Hacking Diversity

Robert Vamosi

·

April 07, 2021

You’d think that having an amazing resume, a couple of bug bounties, or a CTF win would land you that dream infosec job. For many, though, that isn’t true.

DevOps Experience

That’s why Tennisha Martin founded Black Girls Hack, an organization designed to help the next generation receive the skills and experience they need to land jobs in the C-suites, and perhaps begin to address the acute shortage of infosec professionals with qualified people of color.

Vamosi: When I was last looking for a new job. I remember seeing that a company wanted 10 years or more of Kubernetes experience. That’s interesting. At the time of this podcast, Kubernetes hasn’t yet been around for 10 years. So, what, the company wanted one of the creators of Kubernetes?

There are studies that show that men are more likely to apply for jobs that ask for 10 years of Kubernetes experience than bluster their way through the job interview. Women Studies show that unless they meet all the requirements, they’re much less likely to apply. This is a generality of course there are exceptions, but even today there are just not enough exceptions.

In a moment we’ll meet a woman who has four graduate degrees in it, plus an MBA. She has 15 years of experience, and yet she’s not a CSO at any large organization, rather than curse her fate, she decided to help others, so that maybe they can become the CSOs, and just maybe start to address the diversity problem in InfoSec. 

Welcome to the hacker mind and original podcast from for all secure, it’s about challenging our expectations about the people who hack for a living. 

I’m Robert Vamosi, and in this episode I’m going to challenge this idea that InfoSec careers, advanced on merits alone than just having an amazing resume, a successful bug bounty, or a couple of capture the flags under your belt can and will get you that dream job. For many though that simply isn’t the case. And as a result, we’re missing out on some of the best and brightest rising young talent available today. It appears that skills alone aren’t enough to get everybody through the door. 

At a time when organizations are dealing with the SolarWinds breach and a persistent threat of ransomware throughout the world. There’s a serious shortage of InfoSec professionals. We’re talking about millions of jobs that are being left open. And it’s not getting better in 2019 is certification organization ISC squared, released a study showing the extent of the problem here CNBC.

CNBC: Around the globe, there’s a skilled labor shortage of about 4 million workers needed to properly defend organizations and about half a million of those workers are needed to fill roles right here in the United States

Vamosi: And three years later cybercrime magazine released a similar study showing there remains a shortage of 3.5 million InfoSec professionals, as of early 2021 How can that be part of the problem lies in the training pipeline, we really have to do a much better job with that. But part of the problem is also in recruiting new talent. There are talented men and women ready to work. Yet for some, getting that first or second interview remains very much an uphill climb. Consider Tennisha Martin.

Tennisha: I did my undergraduate at Carnegie Mellon University in electrical and computer engineering. I went on and did a master’s there as well. It was in healthcare policy and manage, I had dreams of going to med school at some point before I decided that I was going to just join the world of IT right there.

Vamosi: This might be enough for most people to consider advancing to Tennisha to the next round of interviews. I mean, undergrad at CMU, and then on to Johns Hopkins, but for Tennisha the bar just kept getting higher and higher. Fortunately, earning more degrees was not a problem for her.

Tennisha: When I joined the world of IT I was on the healthcare consulting team, and they kind of said, Hey, your healthcare Masters is great but we’d really think it would be better if you had a master’s in it. So I went and got a master’s in it from Johns Hopkins University, and continue there for a little while and then it actually ended up switching over to a job where I was working in information assurance and quality assurance for the government, I’ve been government facing for, you know, pretty much my entire career at this point. And then I went back to school and got another master’s degree from Johns Hopkins in cybersecurity, and then I thought that I was interested in digital forensics, so I went to University of Maryland and got a master’s degree in digital forensics, and I finished off with an MBA, because I realized you know in my world domination plan where I’m trying to end up as the Chief Information Security Officer of someone’s organization that you know I’m going to need some management skills as well.

Vamosi: So what am I missing here. Here’s an accomplished woman with five master’s degrees and 15 years of experience in it. What organization wouldn’t call her, at least for an interview. Apparently plenty

Tennisha: In my mind I’m saying, why aren’t they calling me back right. I don’t understand it myself but you know I realized that you know just with my background. When I look at my resume, like it’s pretty strong, you know, both in terms of my education. I’ve got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security. One of the things that I felt I was looking for in continuing to do greys was, I was looking for hands on experience, I wanted actual, you know, hacking actually touching a box, I didn’t actually use in nmaps to do a scan until maybe a couple of years ago, you know, when I did my first capture the flag, and you know there none of my master’s programs that we ever there was none of that hands on there was no discussion of a colleague at any point, we’re talking about cybersecurity but we were talking about it from a management perspective from a, you know policy from a, you know, this is how you go about the business of cybersecurity as opposed to, you know, in the weeds, you know, hands on, you know actually doing security for an organization actually doing penetration testing, so that you can make sure that the organization’s assets are secure. So there was not so much that as it was there and just like just having an overview, like I could probably pass all the tests that was going on like the foundation cybersecurity, but you know I found that I did not have the hands on skills,

Vamosi: That’s not to say her Masters in security was worthless.

Tennisha: It wasn’t some point I decided, alright, you know, well I can’t help myself, but I can definitely help. The hundreds if not 1000s of people out here who are trying to get into cybersecurity can have them learn from my experience from my lessons learned to allow them to have, you know, an easier path to get into cybersecurity, she started posting to social media, anything that she could find that would help others, trying to get into information security.

Vamosi: And it turned out there were a lot of people like Tennisha out there,

Tennisha: I realized that there was probably some people out there that were not as well prepared as I am, you know, they didn’t have the resources or the education that I had so you know I started putting out on just via Instagram page, a lot of different resources for people, you know included free books and free training so that people could kind of like self study and self prepare setting up home labs for example, to be able to practice their ethical hacking skills without having to pay 1000s of dollars to do it.

Vamosi: So she founded Black Girls Hack to help others.

Black Girls hack is a nonprofit organization we recently got our 501 C three designation. We bring training and study groups and resources and mentoring to try to get the next generation of cyber professionals into the field, we’ve seen, Like a lot of barriers to entry, such as financial training, for example, so we provide those services so that they can be better prepared to enter the job field and to do, like, on the job interviews or technical assessments, because we’ve given them, those hands on skills and the in the realm of ethical hacking.

Vamosi: Despite its name, to Tennisha makes it clear the organization is open to everyone.

Tennisha: Black Girls Hack is literally open to everyone. It doesn’t matter if you are male or female or non binary doesn’t matter what color you are, you literally Welcome everyone. And it doesn’t matter if you’re a beginner or if you’re advanced, you know, We literally want everyone to come and join us, you know all the black girls hack was founded to infer the interest of black women in cybersecurity. Our organization is maybe 70% women, probably 29% Men 1% other, and we’re not even all black, and I’d say maybe 80% literally have every color of the rainbow and we’ve got, you know, all of the gender options so you know, please feel free to come out and join us. We want to hack we want to, you know, learn when a girl this, the skill set so, you know, we don’t we’re not going to discriminate against people, you know, that’s what we’re seeing in the industry we see that there’s not a lot of women you see that there’s not a lot of black people we’re trying to, you know, be the change that we kind of want to see that journey begins by finding other people with similar interests and abilities just finding a tribe and finding people that have similar interests as you. I can’t tell you how valuable it is for, for me and a lot of other people to be able to have conversations and be like, you know, hey, like I’m trying to stabilize the shell. This is the issue I was having the other day, I’m like I’m trying to stabilize the shell. And if I talk to, you know, my friends, that grew up with. It’s kind of like they have no idea what I’m talking about, we tend to talk in terms of widgets, you know, just as work products or whatever it is we’re working about to kind of like normalize the conversations about like hey I’ve got these 10 widgets to do that I’m working on because you know they’re in other fields and don’t understand. You know what I’m saying but within the squad, you know, we have so many people who can speak to whatever it is that we’re trying to do.

Vamosi: So gathering people have like mindedness. What are you going to call them, collectively?

Tennisha: I call them that squad which is gender and racial neutral. And within the squad, you know, we have so many people who can speak to whatever it is that we’re trying to do what we’re struggling with, okay let’s hop on and see what’s going on, you know, let’s see, you know what kind of things we can use to exploit these vectors these threat vectors, you know, what is it that we can do, you know, so to have people that you can talk to about those things is absolutely like amazing especially in the middle of the pandemic, you know, when so many people are finding themselves isolated. I think it’s important to have like a tribe of people that you can, you know, talk to and relate to and just be able to converse with the organization has been growing organically, it’s been getting out there through word of mouth, one person at a time. But that’s changing. We actually just within the past month did our first, like, advertising, and that was a part of our help a hacker fundraiser, so we put out some advertising a part of as a part of that but as far as the organization is concerned, we have literally been spreading through word of mouth, you know, I’ve had people who have come to me and said, Hey, my professor told me I needed to join your organization because you know I needed some help with hands on skills you know I’m not sure what I’m doing I’m brand new, and that’s literally the story that you know echo so many people that in the organization, it’s largely through social media, we’ve got, you know, I think 1000 followers on LinkedIn, maybe a couple 1000 on Instagram, and, you know, also on Twitter so you know it’s largely people who are spreading word of mouth. I’ve mentioned before but InfoSec Twitter is a valuable resource. If you follow members and ask questions, you’re likely to get answers. There have been some absolutely amazing people on social media who have served to kind of amplify our voice you know who use their platforms that are much bigger in the in the field of information security and cybersecurity, who InfoSec Sherpa is one of those folks that you know literally will, you know, take the messages that I’m putting out and then like literally start tagging people like hey she’s trying to do this and in this place she’s trying to do this in this place she needs people here she needs people in this and, you know, in this specific sub domain within cyber security, and they will you know, throw people my way.

Vamosi: But then again, there’s this four letter word, you know, hack. You see how it’s been portrayed in the media, and it’s just not right.

Tennisha: You know, honestly I did not realize it was a problem until recently, my quick story. My husband was wearing a black girls hack buddy, and he went to our doctor, and our doctor was doing art for physical or whatever and she was kind of confused she was like you know what’s your sweatshirt about, and he was like, oh, you know, Tennisha has a nonprofit called Black Girls hack and she kind of had this this thought that you know hacking is not something that I’m proud of, she though there must be some irony somewhere or there must be something else besides behind the scenes because, you know, she didn’t understand why someone would actually like openly admit that they, they hacked so I think it has some, you know, a bad rap, especially like among non security or non technical people, especially as you get like towards the older age bracket, seriously, the word hack seems to trigger all sorts of negative reactions from people who don’t necessarily understand the word, or what we do. You know I think that we kind of get this bad rap or it’s kind of like, you know, hackers or, you know these lone wolves, wearing hoodies in the bottom of the basement, and we’re anti social but I can tell you there’s been nothing but, but love and you know help that I’ve received from, you know, the hackers on Twitter who have been absolutely amazing and helping to spread the word about the organization.

Vamosi: So how do you counter that image, how do you start to change people’s perception of hacking.

Tennisha: What I do is I, you know, try to approach it from a perspective of security right you know as a doctor for her, you know she doesn’t want people to have access to her records or to have access to, you know her notes for example she wants to keep that information secure for no other reason then you know for HIPAA, right, so, you know, what we’re doing is basically using the same skills that someone that might be malicious would to try to make sure the organization stays safe, right so you know it’s just basically like I’m using the same tools as they are but I’m doing it, good as opposed to, you know for nefarious reasons right so I’m just trying to change the perspective, or perception, so that people see that there’s something else, you know, behind it, you know, they hear information security is not that serious. Right. But like you said, you know, hacking always has, like, you know, a negative connotation. I’m hoping that we can change the perception, so that people will see that you know it’s something to be proud of.

Vamosi: Along with challenging our views of hacking InfoSec needs to challenge the view that IT security is dominated by white men. I mean, it still is, but that’s changing. And so we need to start showcasing the people of color, people of all backgrounds, who have made it to the top, who are good at what they do.

Tennisha: We do a thing on Fridays called Feature Fridays where we try to, you know, show the next generation of cyber security professionals black women specifically who are in the field of cyber security, who are doing big things like kind of like, so you can have someone to say hey this is what I want to be like when I grew up, so we’ve been showcasing for example lawyers and, you know threat hunters and pen testers and ethical hackers so that they can see you know cybersecurity is like this huge place it’s got so many things that you can do, and there are people who look just like you who are doing those things, you know, just because I believe the representation matters. This leads to an important topic. Imposter syndrome. We all think we don’t know enough, but the truth is we probably know more than the average person about information security.

Vamosi: This is made much harder. However, when the person talking about information security doesn’t look like the person you expect.

Tennisha: you know, like I’ve met people who, you know, look at me and say hey why don’t you keep adding initials behind your name. And, you know, I tell them, like I am literally on a quest for world domination, and as a black woman, you know, I think in order to be viewed with the level of respect within the industry. You know I think I need to have as many different ways of saying hey I deserve to be here. Still, if you don’t have a formal degree in cybersecurity, or even computers, one proxy for that knowledge remains certifications, having those extra initials after your name can result in higher paying job offers.

Vamosi: But for some, even the costs of taking the test is a financial strain.

Tennisha: One of the things that we’re trying to do is we’re trying to work with the vendors of the certifications to try to get these prices down so we’ve worked with so far security plus the Comp TIA folks. And we worked with EC council so we’ve gotten them to give us, you know at least a discount we said hey why don’t you give us some free, you know vouchers for the, for the squad to be able to take the exams but they’re giving us a discount which, you know we we accept. I think that the, the two biggest barriers for entry for the two people in the squad are number one, financial, the CEH is $400 Normally, this security plus which I think we can agree is the foundation level certification to get into cybersecurity, you know it’s probably the minimum is almost $400 Right, so, you know by the time, if you’re applying to, for example an entry level like Junior pentesting job, they want you to have a CH and see Security Plus, we’re talking almost $2,000 Just to be able to get in. So, you know what we’re doing is we’re providing a discount for them. My goal is to get to the point where they, you know actually see us and they say hey we’re going to give you guys some you know some free voucher so that you know we can eliminate the financial piece altogether.

Vamosi: If the test costs are reduced or eliminated, that’s one thing. There’s still the cost of test preparation. And that can also be out of reach for some people,

Tennisha: As far as the training themselves we have a Security Plus study group that has almost 100 people in it that we do every Saturday from 10 to 12, and this is our second cohort cohort for Security Plus, we have a Certified Ethical Hacker cohort. The first one just graduated a couple of weeks ago, the next cohort is starting, I think, in the mid mid April. So we’re, our plan is to, you know, train as many, you know professionals in these certifications, so that you know they can get jobs we have a study group starting up the study up last week for the EJ PT, which is the junior contester exam. And we also have one coming up for like Wireshark certification. After the EJ PT so you know we’re trying to focus on all the skills, so that, you know, give them the training so they don’t have to pay them 1000s of dollars for the training so that you know that’s another barrier. Plus we’re going to get them a discount on a certification. Once they get ready to take it. My goal is to get it to the point where, you know, we can give them the certifications and the only thing, the only thing they have to invest is time, which is the second barrier to entry, you know, because we have people who like myself are working 40 hour work weeks, like I have a nonprofit that I do like in my spare time, and still have to find time to increase my skills I’m still trying to do to hack a box to break in to someone’s computer legally Of course every night, you know I’m trying to grow my skills at the same time but you know, I’m trying to do all these other things. So, the second barrier is time so like if we can, you know, for example, give them a boot camp or not a boot camp the cost 10s of 1000s of dollars, all of our programming for Black House hack is free. That’s why we started offering in a lot of hands on workshops and I think at this point we do, maybe six days a week we’re offering hands on lab skills or training for certifications or something that’s going to help them to either get exposure to the field of cybersecurity and and hacking as a profession, or that’s going to get them hands on skills, or get them into the jobs and get them to the technical assessments.

Vamosi: One problem with glass ceilings is, you can see where you want to get to, but often you’re denied the tools to get there. So with hacking, you create your own.

Tennisha: It’s like I look at this like one of those things like how do you get experienced if you don’t have experience, you know, kind of like one of those, how do you get ID if you don’t have ID type of things. So, I tell people that you know in order to get experience if your job is not giving you that you don’t have that in a professional means, Then you need to set up a home lab, you know, whether that be in the cloud or virtually using the technology debt is one thing, another is what you do with that platform. Black Girls hack is creating an impressive online lab to help its members. We teach people how to set up you know the type two hypervisors and virtual box where they’ve got, you know like a Cali attack box and then maybe two victim machines and windows and a broken webapp machine so that they can get skills in web application security they can get skills and ethical hacking, they can get used to the process of you know the scanning enumeration and determining what the vulnerabilities are. And then being able to take those vulnerabilities and figure out which one of these is going to allow me to, to get into the system to get into the system right because this as well, real world applications you’ll, you’re going to have to, once you join, you know, an organization, they’re going to want you to protect their organizations, they’re gonna want you to do vulnerability assessments, so that you can, you know, determine which one of their assets are vulnerable, and you know how would an attacker be able to exploit those right so as security professionals, we have to figure that out before the attackers do so, we keep the organization’s assets, safe,

Vamosi: There’s this term from the 1990s digital divide. It was used to describe people who had access to the internet in their home, and those who did not, that still remains. Even now, there are people who can’t legitimately afford a full power, laptop, black girls hack is coming up with ways to level the technology gaps that still exist.

Tennisha: We just set up a BG H cloud labs with Microsoft Cloud labs so that people who don’t have computers, like for example Chromebooks or they don’t have the ability to access because of resources on their computer, you know, a Windows VM is almost, you know 20 gigs right so if you can’t put that on your computer, then you know you’re not going to be able to practice at home, right, so we’re trying to eliminate some of those barriers so that we can get people actually in there so the only thing that they have to you know kind of spend at that point is, is time, you know, just find the time to get through your studying and so that you can, you know and hopefully we’ll, we’ll be able to take take over the rest, and teaching real world skills is important

Vamosi: Security moves fast so that textbook from five years ago, is already kind of out of date, having real scenarios online helps black girls hack members simulate what’s really happening today, not five years ago.

Tennisha: I’m teaching them as much as I know, so that they can, you know, go out and express those same skills in their labs and then take those to employers and be able to speak intelligently about them. And then when they get to the point where you know I can’t teach them anymore because you know I don’t know enough, you know, my goal is that we can start meeting with some of the more you know, elite people out there who can, you know, help them to learn what they know. And then this becomes an opportunity for hackers to give back to the community. Black Girls hack and other organizations are providing the platform for InfoSec professionals to teach or at least reach out to the next generation of hackers. You’re all just, you know, reaching back and sharing the knowledge that we have so that the next generation of cybersecurity professionals, you know, has our knowledge and then also you know a leg up because they’re, you know, probably a decade earlier in their, their job game, you know, so maybe we can start seeing some, you know, female and brown faces in the executive suites. Within cybersecurity so we have more parity within the industry.

Vamosi: Finding more people of color is certainly a problem for InfoSec, surprisingly, despite our best efforts, we still haven’t adequately addressed the gender gap and InfoSec either.

Tennisha: Yeah so I realized when I’m looking at the issue just I guess in terms of like my research at the issue of, of women in cybersecurity, we see that you know there are women who are, you know when they go to college who are doing STEM fields right. But at some point, they go, you know, to other options such as some of the pink options, as opposed to an engineering or computer engineering or computer science for example right

Vamosi: Glassdoor did a study in 2017, and it wasn’t very surprising. They found many college majors that lead the high paying roles in tech and engineering are male dominated. Well majors that lead to lower paying roles in social sciences in liberal arts, tend to be female dominated, placing men in higher pain career pathways, on average, it speaks to the perception that hackers are white men in black hoodies. Maybe that’s true and the bad guys. But what is it in the real world, with the good guys.

Tennisha: There’s a perception that you know someone that’s an ethical hacker or someone who’s a computer science is generally male, you know, having gone through a computer engineering program myself, I didn’t see any other, you know, black female faces. It was very rare that we had, you know even black faces. So it was, you don’t see a lot of a lot of people who look like us, so you know we started looking at the problem from the perspective of, you know, how do we get exposure to it, like you said, the younger generation the K through 12. So if we’re going to address diversity head on, then we need to start young, very young. We need to counter the stereotypes, with more positive role models for Black History Month. Every day we did a kid, and an adult who was doing big things in STEM, and how their early exposure to stem allowed them to achieve great things. So I think that that, if nothing else that anecdotal evidence of early exposure to stem shows the kids can do amazing things so we exposed them earlier on in their lives than ever I think we’ll start to see get more people who are passionate about it and, you know, if you imagine if you’re starting instead of in your 20s or 30s Like most of the squad is, you know, if you’re starting for example in your teens, and you’re getting started, you know, programming, you’re getting started trying to get into break into things have an interest in taking things apart, I think that that’s going to make the next generation of cybersecurity professionals that much better, and well rounded because they’ve been preparing for this literally for years,

Vamosi: Though some change can happen immediately, lasting change might take a decade or more, and to achieve that, that requires a concerted focus today on The Next Generation DEF CON for example has roots asylum, which helps teach kids ages 8-16 basic hacking skills. Black Girls hack is starting its own outreach to the youth.

Tennisha: We’re actually rolling out a program to summer called black kids hack, which is focused on the K through 12 populations, we’re going to start off with those in high school, because we realized that, you know, in order to get people who are passionate about this we need to get them exposed much earlier in life. So we’re actually building off of the cyber.org curriculum, you know, which is basically gives you a cybersecurity Foundation, and then we’re going to add to that components of ethical hacking, you know, cybersecurity, outside of the realm of just the general cybersecurity and then like maybe some Capture the Flag, as well components as well just so they can get exposure because, you know, like you said, people like to play games, you know, and these are Cyber Games and when I introduce you know for example the squad to cyber games that we do, like, capture flag competitions or like over the wire series to mature, like, you know, they call them cyber games but they’re basically like Linux primers or web application security primers depending on which series you do, then you know people have an interest and they realize that this is something that interests them.

Vamosi: I’ve talked before about the value of playing capture the flag on the hacker mind. It seems that a lot of hackers today got their start either in gaming like Mario Kart, or in CTF, like pico CTF, or seesaw. Gamers solve problems. Hackers solve problems. It seems like tapping this audience makes a lot of sense and filling some of the open positions that we have today in InfoSec and it’s not just that group of boys in the back corner of the classroom who are always playing games, girls play games to.

Tennisha: I hope to be one of the best at least Capture the Flag, people in the world if not one of the best hackers in the world so like that’s that’s something that I’m trying to work at, you know I love playing games, I love that they’re Cyber Games and I love at the same time that I’m, you know, solving the problem

Vamosi: CTF time is a website that tracks team performance and individual skills, and perhaps the best CTF team in the world today is the plaid parliament of ponying or PPP at Carnegie Mellon, but there’s a long list of challenges, and add to that list to Tennisha.

Tennisha: My goal, especially as an alumna of Carnegie Mellon is to one day CB GH at the top of CTF time replacing the PPP, so like, Watch out guys, I’m on my way. I’ll see you in a couple years just know that I’m coming.

Vamosi: It’s a confusing time for high school students with COVID-19 disrupting years of their critical education. Universities are taking the CTS and other tests option, even more confusing than it is to talk from Google and Facebook, the applicants no longer need to go to university to get higher paying salaries. That almost sounds too good to be true. 

Tennisha: A lot of these organizations are giving a lot of lip service they, they talk a lot of good things they say hey, you know, we’re going to appeal to people who don’t have degrees, we’re going to appeal to people who don’t have certifications, we’re going to give people a chance right, but then when you look at the job requisitions, you know that’s not what they’re saying, you know they want to have people who have a degree, if not multiple degrees they want people who are experts in their field there are actually some big tech companies that won’t even hire Junior and mid level people, they only hire for example, you know, people who are leaders within their industry. So it’s like, you know, how is that helping people to get in and we need the, the Googles of the world we need like the Microsoft’s of the world, to you know kind of generate a pipeline to get people who are more entry level into the industry pipeline then is a huge problem for InfoSec organizations spend a lot of effort in mapping out their businesses into the future, but often failed to consider where the talent needed will actually come from, who are the future job candidates for those roles are those organizations even preparing the youth today, for those future open positions. We need that, the big corporations to kind of like reach back and actually put their money where their mouth is and, you know, work on these diversity initiatives so that we can get more, you know women more black people more people of color in there, you know, a lot of organizations don’t report on their diversity numbers, so if they actually did then you would see that they’re not doing a great job. Right, so you know it’s one thing to say, Hey, I’m not going to require a degree for this job and if you look at the people that they’re hiring you know they’ve got PhDs in mathematics, who, you know, working in data science for example, it’s, you know, actually putting into play what it is that you’re saying that you want to do, you know, it’s not just talk about it, you know like, let’s actually see some change. Let’s see you hiring people.

Vamosi: Maybe we’re going about hiring all wrong. Maybe the traditional job application and interview process works well for say a sales position. But what about an InfoSec job. Maybe we should consider alternatives.

Tennisha: I suggested yesterday, that they someone put together like a huge capture flag like technical assessment like and allow people to join the game and then let the cream rise to the top, you know, the people who do well in the exercise, you know, regardless of whether they’ve got a degree or certification or whatever the case is, they’ve obviously got the technical aptitude hire those people give them a job, you know, let them grow within your organization, you know, because some people are not test takers, some people are not, you know, like, can’t make it for years and in college or maybe they just don’t want to. So, you know, give people the opportunity, I like the idea of technical assessments, just because of the fact that it allows you to demonstrate what you have, they may not be shown on your CV or your resume, it allows you to actually show your skills, your ability to to break in, and I think if I have the ability to break into your computer system, then I should have the ability to get a job there.

Vamosi: So organizations like black girls hack need support from the community. What can you do to help?

Tennisha: if you’re advanced, and you have a skill set in a particular area, we would love for you to come give some workshops, just to provide exposure to to the squad, we do a bring a hacker to work days every Sunday, where we get exposure to different areas within cybersecurity. So we have someone come and tell us about what they do in their job right so we can put some action some, you know, actual faces to some of these jobs so we did cybersecurity engineering last week. We’re doing secure app development this week. Next week we’re doing social engineering. So we want exposure so if someone has, you know, advanced level skills they’re like hey I don’t think there’s anything that you know you can teach me. Perfect, please come and do a workshop and teach, you know, do an hour here or be a mentor, we need mentors. We need volunteers. You know, we’re trying to take over the world and we literally want everyone to come and help us.

Vamosi: And with more exposure will we see black girls hack at this year’s Black Hat or DEF CON.

Tennisha: I would absolutely love to like let them invite me anywhere I’m there, like, I’ll be there with my mask on and my Kali.  My Kali box like I would absolutely love to be involved, you know, we see way too often these conferences where they are very, you know, older white men and is the norm, you know, you don’t see a lot of women you don’t see a lot of black women’s especially, you know, I usually go to schmo con and like I’m always amazed by the fact that there’s so many women with like pink and purple hair like living their best life and you know I always like think like, I’ve always wanted to dye my hair purple, you know, and I’m like, you know, once I become, You know, a hacker 100% of the time, like no one’s going to care, that if I have purple hair so like, it’s kind of like my goal I’m going to get to the place where I can do that but you know I would absolutely love to you know be involved or even to like have a booth, you know, at any of those, of those events we would absolutely love to So, but it’s just a matter of exposure, you know, one day, I’ll see you at RSA or I’ll see you at BlackHat and they’ll be like, Hey, I made it.

Vamosi: I really want to thank Tennisha Martin for taking the time to talk about her past and her organization. If you want to know more go to black girls hack on the web, or follow them on Twitter or Instagram.

Maybe we can’t change the world overnight, but what’s stopping us now from making those gains every day.

Hey, before you go. Remember to subscribe to the hacking live and never miss another episode. You can find us on Google, Apple, Amazon, Spotify, so many different platforms, check us out.

This podcast has been brought to you commercial free by ForAllSecure.

For The Hacker Mind, I remain, Robert Vamosi.

Stay Connected


Subscribe to Updates

By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.

*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by Robert Vamosi. Read the original post at: https://forallsecure.com/blog/the-hacker-mind-podcast-hacking-diversity