On the occasion of International Women’s Day, InfoSec Write-ups brings to you an exclusive series of interviews with women in security and technology.
In this belated post, we have the final interview of the series. Today, we have with us, ethical hacker Chloé Messdaghi — one of the founders of Women in Security (WoSEC) and Security Researcher Advocate & PM for Bugcrowd.
1. Hello Chloé. It’s a pleasure to have you here with us. Please introduce yourself for our readers.
Hi everyone! My name is Chloe Messdaghi. I am a Security Researcher Advocate & PM for Bugcrowd. Also one of the founders of Women in Security (WoSEC) formally known as Technology (WIST), and head the WoSEC S.F. Bay Area Chapter. Currently, sit on 4 nonprofit boards and founded a nonprofit called “Drop Labels”. When I am not doing the above, I mentor underrepresented persons entering InfoSec or already in InfoSec, spread the word about disclose.io, and a pawrent to Sherlock the Shiba Inu.
2. You have been pretty vocal about cybersecurity needing to be seen as a human rights issue. Can you explain a bit more about that?
Of course! Data is incredibly sacred. When personal information is stolen, it’s a violation of privacy. I think we all know someone who has been impacted by breaches. It happens to our neighbors, family, friends, colleagues, and partners. In return, it can severely, negatively impact lives to those who had their personal information leaked. Leaving us worried and anxious when online. The other situation that I have witnessed is when nonprofits have been destroyed by a single breach of their donors information. When this occurs, donors will no longer provide donations and causing missions to end. In return, those who used to receive services from nonprofits are now left without them. So tying back to cybersecurity as a human rights issue, it truly is because breaches negatively impact people and organizations.
3. How did you get started in Infosec?
Before entering InfoSec, I was a growth management consultant for humanitarian organizations and tech startups. Started to miss the office environment and working with colleagues, so I started to look around for potential roles. One day a recruiter connected with me about an InfoSec company that does vulnerability management for a marketing manager role. I accepted the role, and instantly fell in love with the field since it’s massive and there’s always something new to learn. Plus, the constant on your toes feeling can be such an adrenaline rush.
4. What would you consider the turning point of your journey as a security researcher?
Last year at the RSA Conference, I was in a room of hundreds of men and only two other women. And I was hoping they were not executive assistants, but were. After the talk, I went into the woman’s bathroom and no one was inside. That’s right ladies, join infosec. There’s never a bathroom line for us.While across the woman’s bathroom, the men’s bathroom had a very long line. And I just felt off for some reason. When returning to the hotel room, I remember suddenly being flooded with emotions because it was the moment where some sort of blindfold was removed, and everything that I read and heard about women facing discrimination in InfoSec had been happening with me the entire time, and I didn’t realize it till that moment. I didn’t feel included in the infosec community at that time, and felt very alone and isolated. And it was this time that I was planning to leave infosec. However, I attended an all women’s conference called “Day of Shecurity” in June of 2018. There were 200 women in a room, and suddenly I had hope because I realized that I wasn’t alone anymore. It was after the Day of Shecurity conference when I made a promise to myself that I would do whatever it took to change the situation of underrepresented persons face in infosec. A few months after the conference, few connections sponsored me for an entire week in Las Vegas for 6 conferences. My career prospered from there, along with getting a job with Bugcrowd. Since then, Bugcrowd has supported me in trying to make an impact and positive change in the community. I also connected with Tanya Janca at this time, who wanted to start a women’s infosec support and empower organization around the world. I joined forces with her and other women to build it out. And now we have chapters all over the world and they continue to inspire and support women in infosec so they never feel alone in the space ever again. So by finding a better support network, there was a massive shift in my career in infosec. I am truly thankful and feel lucky to be where I am and that I didn’t give up. It wouldn’t have happened if it were not for the people who supported and believed in me, such as the donors for my las vegas summer camp, WoSEC chapter leaders, Bugcrowd, and the infosec community.
5. In the current cybersecurity scenario, what do you think needs to be changed?
We need better inclusion practices in the infosec industry. Since 2013, only 11% of the workforce are women in InfoSec, and remains the same till this day. This is disturbing since we are now in 2019 and it looks like an industry from the 50s. Also, minorities only account for less than 12% of the InfoSec workforce. Not only that, but less than 4% of hackers are women. When I see these statistics, sometimes it leaves me face palming. It just shouldn’t exist at all anymore, especially with our growing infosec shortage of personnel.
6. What are some resources that you recommend for beginners for bug bounty?
Get comfortable with Burp Suite. Check out Bugcrowd University. It has a lot of educational material to help get one started in bug bounty. Lastly, Web Hacking 101 by Pete Yarworkski is a great read and resource!
7. Is there anything you would do differently if you could go back in time?
None. I tend to believe everything happens for a reason. Even in the worst of times, it does make one stronger in the end. It was from the terrible events that occurred last year that I learned my own worth. So anytime you are faced with a challenge, just know it’s a lesson that will end up opening doors.
8. When did you first start public speaking about Infosec? How has the experience changed from the first time till today?
I would say my first real talk in InfoSec was during Summer Camp in Las Vegas 2018 for the Hacking Diversity Conference. It was from this conference that I met other powerful women who wanted to change the statistics. It was from giving a talk about fixing the diversity gap that I realized I had a voice and capable of giving a talk that people were interested in. If it weren’t for that opportunity I would’ve never be where I am today. So I am incredibly thankful to Hacking Diversity Con for accepting my CFP because it started me on my journey around the world to motivate and inspire change.
9. With regards to your choice of career, have you ever felt you were at a disadvantage because of your gender?
Yes, hands down yes.
10. What are your views on the gender diversity in the global cybersecurity scene?
That it needs serious work from everyone to change the situation. I strongly believe it has a lot to do with stereotypes and biases that are holding our community back from integrating and becoming better at inclusion. It really does take a crowd to make a change.
11. I know you must be tired of hearing this, but any advice for newbie hackers, especially women?
Yes! Contact me for mentoring. I think mentoring helps tremendously in reaching one’s career. The other advice I have is to check out Bugcrowd University to learn valuable skills to help begin one’s journey to becoming a hacker. Bug bounty is a way to develop skills and get paid while doing so. Plus, it is evidence of having the ability to do pentesting when applying for jobs. Lastly, my father once told me that there is nothing more intimidating than a woman who is empowered. Don’t forget that, ladies!
12. Is there anything else you would like our readers to know, or any topic you wish to speak about?
If you are looking for a supportive network, please reach out to me on Twitter or LinkedIn. I know what it’s like to be alone in this space, and it doesn’t have to be that way at all. That’s for anyone. Also, if you are a woman looking for a support group or want to form a support group with WoSEC, DM me on Twitter. We are always looking for new chapter leaders and attendees!
Learn more about Chloe and see if she is speaking near you at https://www.chloemessdaghi.com
Follow her on Twitter: @ChloeMessdaghi
Follow Infosec Write-ups for more such awesome write-ups.