I had a professional mentor. He was a friend who was a hacker and he spent 1.5 years trying to get me to join InfoSec. I he taught me quite a bit, but more importantly he advocated for me. He gave me my first contract, and then helped me get my first full-time, permanent position in InfoSec. I learned a lot on my own (I read and worked through about 1/2 of all of the following books: Shell Coder's Handbook, Web App Hacker's handbook, Hacker's Playbook), I read every book in the library, took 3 courses at Maryland university online (usable security, software security and web app hacking), recruited speakers for OWASP for things I wanted to learn, started speaking at conferences so that I could get in free and learn, spoke at every meetup that would take me, and attended meetups constantly, asked for book recommendations and read them, volunteered for every possible security task at work until the security team let me join, etc., etc. Etc. I kept learning until I knew more than my teacher, then got a better teacher. Then another teacher. Then started the OWASP DevSlop project, and got even more mentors, plus created a crap-ton of proof-of-concepts. I attended a capture the flag, then decided I would run my own for the next three years. I can't remember what else. I tend to be obsessive in nature when I'm really into something. I do not think this level of dedication was necessary though. I honestly think that having a professional mentor, getting an entry level job (the hard part) and then studying anything that you don't understand at work until you know it well, is more than enough. You don't need to be world-famous or better than everyone else you know; you just need to know enough to do a good job.
Yes it was tough to get my first shot, but luckily I had a lot of wonderful humans from Ottawa that work in InfoSec that helped me a long my way. I did get some flack for being a woman (once even from a woman), but mostly I just made myself indispensable at every job until I had people's respect and was given more responsibility.
I was invited to sit in on an incident and I figured out that I could read the obfuscated code during the meeting, and explained the attack to the investigators. #indispensable
If you ever don't know something or feel unconfident, ask or study it until you DO feel confident. It will beat imposter syndrome AND make you awesome.
Because I've coded most of my life I never felt like I was starting from scratch, but it was unnerving at times to feel uncertain of myself. I had previously been the "senior tech" everywhere I had worked, for about ten years, stepping down was hard on the go. I recall a director telling me to "try sounding more confident in meetings, even if you don't feel it, then come back and check with the rest of the team. If you were wrong, correct yourself, confidently. If you were right, carry on. Eventually you will almost always be right." Smart guy.
Ty, we need more people in our industry, please join us.
Hey Tanya, thanks a lot for this reply. The small details involved in this type of career shift are often overlooked, but hearing your story is inspiring! I knew you must have put in a ton of work from a technical standpoint, but hearing the details is helpful. It’s also really interesting to see how much community and quality mentors played a role in your story. A great reminder that we are not on this journey alone!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Ty,
I had a professional mentor. He was a friend who was a hacker and he spent 1.5 years trying to get me to join InfoSec. I he taught me quite a bit, but more importantly he advocated for me. He gave me my first contract, and then helped me get my first full-time, permanent position in InfoSec. I learned a lot on my own (I read and worked through about 1/2 of all of the following books: Shell Coder's Handbook, Web App Hacker's handbook, Hacker's Playbook), I read every book in the library, took 3 courses at Maryland university online (usable security, software security and web app hacking), recruited speakers for OWASP for things I wanted to learn, started speaking at conferences so that I could get in free and learn, spoke at every meetup that would take me, and attended meetups constantly, asked for book recommendations and read them, volunteered for every possible security task at work until the security team let me join, etc., etc. Etc. I kept learning until I knew more than my teacher, then got a better teacher. Then another teacher. Then started the OWASP DevSlop project, and got even more mentors, plus created a crap-ton of proof-of-concepts. I attended a capture the flag, then decided I would run my own for the next three years. I can't remember what else. I tend to be obsessive in nature when I'm really into something. I do not think this level of dedication was necessary though. I honestly think that having a professional mentor, getting an entry level job (the hard part) and then studying anything that you don't understand at work until you know it well, is more than enough. You don't need to be world-famous or better than everyone else you know; you just need to know enough to do a good job.
Yes it was tough to get my first shot, but luckily I had a lot of wonderful humans from Ottawa that work in InfoSec that helped me a long my way. I did get some flack for being a woman (once even from a woman), but mostly I just made myself indispensable at every job until I had people's respect and was given more responsibility.
I was invited to sit in on an incident and I figured out that I could read the obfuscated code during the meeting, and explained the attack to the investigators. #indispensable
If you ever don't know something or feel unconfident, ask or study it until you DO feel confident. It will beat imposter syndrome AND make you awesome.
Because I've coded most of my life I never felt like I was starting from scratch, but it was unnerving at times to feel uncertain of myself. I had previously been the "senior tech" everywhere I had worked, for about ten years, stepping down was hard on the go. I recall a director telling me to "try sounding more confident in meetings, even if you don't feel it, then come back and check with the rest of the team. If you were wrong, correct yourself, confidently. If you were right, carry on. Eventually you will almost always be right." Smart guy.
Ty, we need more people in our industry, please join us.
Hey Tanya, thanks a lot for this reply. The small details involved in this type of career shift are often overlooked, but hearing your story is inspiring! I knew you must have put in a ton of work from a technical standpoint, but hearing the details is helpful. It’s also really interesting to see how much community and quality mentors played a role in your story. A great reminder that we are not on this journey alone!