On the occasion of International Women’s Day, InfoSec Write-ups brings to you an exclusive series of interviews with women in security and technology.
In the third interview of the series, we have with us, ethical hacker Vandana Verma currently working as a Security Solutions Architect with IBM. She has been actively encouraging more women to build a career in Infosec and is the moderator of Infosecgirls — a community for women passionate about cybersecurity.
- Hello Vandana. It’s a pleasure to have you here with us. Please introduce yourself for our readers.
I am currently working as a Security Solutions Architect with IBM and part of multiple security communities such as Volunteer Coordinator — Asia Pacific for OWASP Women in AppSec (WIA) & OWASP WIA Secretary, Women Cybersecurity Society, OWASP Bangalore Chapter Leader and Heading InfoSec Girls. I given talks and workshops at many colleges and security conferences including Global AppSec Europe, AppSec USA, BSides Delhi, NullCon, AppSec California and c0c0n (Kerala Police Conference). I am one of the co-founders of a conference named OWASP Seasides.
- Congratulations on being named among the top women in cybersecurity in India. Can you tell us a bit about your journey and how you got started in Infosec?
Thank You so much, I am really glad that I got recognised by the community as the one of the cyber secuirty women in India. My first step in Cybersecurity was not by choice and I didn’t have a specific choice in my school days as well that I wanted to pursue cyber security but I always wanted to be in the tech domain. As I happened to be in my first job, which is when I realised my passion for Information Security and took it very seriously to build my professional career.
- What would you consider the turning point of your career as a security researcher?
The turning point came to my career after joining the cybersecurity communities like null, owasp, and infosecgirls. These communities introduced me to the broader security domain and domain experts.
- In the current cybersecurity scenario, what do you think needs to be changed?
Cyber Security should be introduced from the school itself which is very important in the current technology era.
- What are some tools that can’t be left out from a hacker’s arsenal?Nmap, whireshark, bursuite/owaspzap and kali linux
- Is there anything you would do differently if you could go back in time?
I would want to start early in my career and focus on learning the fundamentals of computer science such as Operating System Concepts, C Programming, Assembly Language, Networking Concepts, etc and then move on to learning Information Security related things. As I keep learning, I would suggest document your learning in the form of blogs because that can help someone else learn quicker and also help you to retain your learning. I would also suggest that giving back to the community in the form of presentations at meetups, conferences and writing blogs and whitepapers should be a big part of your career while you are learning.
- When did you first start public speaking? How has the experience changed from the first time until today?
I did my first public speaking at owasp/null Bangalore meet. I was very nervous but everyone in the community was very supportive which gave me the confidence and trust to speak more and more. Now, I have been a speaker at multiple global conferences and looking forward to many more.
- What are some hobbies you cherish apart from hacking? How have they shaped you as a person?
Although due to the nature of professional work and community efforts, I get very less spare time. But whenever I have spare time, I like to spend it with my family and do some reading around cybersecurity like reading technical articles and books.
- With regards to your choice of career, have you ever felt you were at a disadvantage because of your gender?
No I never felt so. Information Security Community has always been very supportive and I don’t feel I am any less. If any women feel so, we should connect.
- What are your views on the gender diversity in the global cybersecurity scene?
People are supporting Gender Diversity big time. Every organization and conference is supporting the initiative. I also run a community called Infosecgirls which promotes diversity in Cyber.
- I know you must be tired of hearing this, but any advice for newbie hackers, especially women?
Anyone who has a curiosity towards every aspect of technology is probably the most suited person. You need to build on that curiosity and need to spend a lot of time understanding the working of these technologies. An information security expert should be equally well versed with the software side.
- Is there anything else you would like our readers to know, or any topic you wish to speak about?
Information Security domain can be glamorous as well as tiring at times. The key in this domain is that one should constantly focus on how security can be improved by learning and applying the necessary skills. Rest, everything (career advancement, etc.) falls in place. Also, I would like to add that one should always consider giving back to the community by ways of teaching, writing blogs, etc. There are some wonderful free and open communities in India such as null community, OWASP chapters, etc where you can participate.
Follow Infosec Write-ups for more such awesome write-ups.