On the occasion of International Women’s Day, InfoSec Write-ups brings to you an exclusive series of interviews with women in security and technology.
In the first of the series, we have with us, Magda Chelly who identifies herself as a cyberfeminist hacker. She has been nominated among the TOP 50 International cybersecurity influencers, top 10 cybersecurity experts in the world to follow on Twitter in 2018. In this exclusive heart-to-heart, she shares her experiences as a woman in Infosec.
- Hello Dr. Magda. It’s a pleasure to have you here with us. Please introduce yourself for our readers.
Thank you very much for the invitation and I am very happy to be able to inspire women in this particular day. I am currently a CISO On Demand. Most of my days, I review technical architectures, cloud migrations, and digital transformations around their security and privacy requirements. From my background, I am a telecommunication engineer with a PhD in the same field and then specialization in cybersecurity. I support companies across their governance and cybersecurity programmes to incident management trying to build resilient businesses. My latest two projects covered the roles of a Regional ISO Lead Implementer for a Fortune 500 (ISO 27001:2013) and a regional business information security officer for a MAS regulated company in Asia Pacific. I have been also very lucky to be nominated: TOP 50 International cybersecurity influencer, internationally 10 cybersecurity experts to follow on Twitter in 2018 58 Women In Cybersecurity To Follow On Twitter Top 17 Cybersecurity Influencers in 2018 You Must Follow.
- Congratulations on being named among the world’s top cybersecurity influencers. How has the journey in Infosec been like? When did you first get introduced to security?
During my assignments, I also try to hack my clients hahaha — for the good cause — to help them secure themselves. But, let’s be realistic and understand that you do not become a hacker from one day to another. Neither did I. I became a cybersecurity professional at first and still am. My passion for cybersecurity started in the early days, within my school days. I wanted really to break things and find a way to get into things. That being said, I have started being a script kiddie and I did not think about security in a serious way. I had also at that time the opportunity to work with international companies which did not focus on security assignments but general IT and digital transformation. My first professional interaction with security was through a project with a bank. That said, it was not focused only on security and the main objective was enhancing customer service through building a resilient IT system.
- What would you consider the turning point of your journey as a security researcher?
The turning point in my career was attending BSidesTLV in 2017. I have met amazing professionals and passionate hackers, including Keren Elazari. I understood how much I had to learn and how much hackers had to give to the community. I had an absolutely fabulous time. I have been a speaker at the conference and attended all the other fantastic speeches. For the first time, I was only learning and not hearing concepts that I already knew about. That event also definitely enforced the idea that no system is 100% secure, like there is no 0% risk in real life. That is how it works.
- You identify yourself as a cyberfeminist hacker. Can you elaborate for our readers what that means?
I am encouraging women into cybersecurity — That is what I call cyberfeminist movement. Currently, we have only 20% of women, and I am very happy that the number increased over the last year. It is though still not enough. I would like that percentage to represent our worldwide community and encourage more diversity and inclusion. This does not limit itself to gender only. Diverse teams bring better results and amazing innovation. This has been proven through various researches across industries.
- In the current cybersecurity scenario, what do you think needs to be changed?
Currently, our cybersecurity landscape is medium to poor. Companies within the ecosystem that are in need to be compliant with local regulators, will apply controls and enable cybersecurity programmes. However, the other companies, do not follow even industry’s best practices when it comes to security and privacy. We are moving into an interconnected ecosystem where all companies are interacting and will interact and create more data transfers. This therefore needs to be designed with security and privacy by default and not as an option.
- What are some tools that can’t be left out from a hacker’s arsenal?
I found one scanning tool that I am loving very much ! A security tool for multithreaded information gathering and service enumeration. This tool is just amazing to enable organized information gathering of your target. https://github.com/codingo/Reconnoitre … You will not be able to hack if you do not gather enough information about your attacker.
- Is there anything you would do differently if you could go back in time?
I would start working heavily in cybersecurity as a professional sooner and not keeping it as a hobby. I would also start studying for my OSCP long time ago :)
- With regards to your choice of career, have you ever felt you were at a disadvantage because of your gender?
Being a woman in a male-dominated industry is never that easy, however, I made my path and I challenged my colleagues with my knowledge.
I have also evolved within roles that others had taken much longer to get. I believe this is only the result of my hard work. Therefore, the challenges brought me success. it should do as well for all the women out there.
- What are your views on gender diversity in the global cybersecurity scene?
The global skills shortage in cybersecurity is getting worse as companies are increasing in maturity. The gap has reached 3 million, according to (ISC)2. WIth the technami that we are experiencing, security teams need a variety of skills not limited to hacking but to other skills like communication, psychology, education, law, etc. Companies can encourage change and inclusion. It is their choice and their strategy to build a cyber-resilient and cyber-ready business. The recruitment strategy needs to bring more transparency and diversity without unconscious biases and unnecessary judgments.
- What is your vision for the platform you started: Woman In Cyber?
Our movement goals are: Encouraging young women to start a career in cyber security, Encouraging women in cyber security to expand their potential and grow in their career, Creating role models for cyber security professionals who are men and women, and Building curiosity and passion within the millennials to think about a career in the field !
- I know you must be tired of hearing this, but any advice for newbie hackers, especially women?
Hack, hack and hack. Avoid commercial and marketing conferences and go to the real hacking ones :) and prove yourself through challenges. It is so cool when you hack a new machine :) I honestly enjoy it every-time and I am still learning! It is a never-ending intellectual challenge bringing you self-confidence and assurance that nothing else would, in my opinion:)!
Follow Infosec Write-ups for more such awesome write-ups.