I started my degree at Carnegie Mellon University in finance, and took my first computer science course in my second year. I went on to graduate with a BSc in Business Administration and Management, with a minor in Computer Science.
I came to hear about the Stroz Friedberg Cyber Associate Program from a friend when I had just come back from the hacking conference DefCon, where I had participated in a capture the flag exercise which had really ignited my interest in the field even further.
On being accepted to the program in the New York office, I started my rotation with the Digital Forensics team. I learned how to efficiently run client projects on various machines, and the importance of being disciplined about keeping detailed notes, and clearly presenting facts and complex information to clients. I also learned more about using Python, for example, when a client wanted to get a frequency list or histogram of web pages visited. Then I moved to Incident Response, where I really enjoyed the variation and frequency at which the projects move – we learned a lot about handling discs, imaging hard drives, using tools, and fixing various errors we encountered along the way.
When I moved to Security Science, we worked on a giant case for a client who required us to create a custom cybersecurity framework for their organization. This involved a lot of intense technical document review of other existing frameworks, as well as measuring how much risk the company was exposed to and how well they were doing at remediating it. As well as these large, rigorous cases, I also spent time reviewing security programs and products, and cracking passwords. Using tools and dictionaries to crack passwords is still one of my favorite elements of the job – it is so exciting when you get the answer.
During the program, I would be working in close teams with managers who would define the scope and direction of the project, and help direct the Cyber Associates and set objectives, for example, to parse data and create visual representations of our findings. We were also involved in presenting our conclusions to the client.
Since graduating from the Cyber Associate Program, I have continued to work on a huge range of projects, from building our in-house password cracking machine from scratch, to testing clients’ physical security measures, to creating security policies, to developing risk frameworks, to analyzing clients’ network security. Every day presents a new set of problems – a new game with new rules.
My advice to future Cyber Associates is to embrace the atmosphere of learning by doing – during the Program, we were constantly confronted with something we didn’t know, but luckily, the chances are that somewhere in your lab will be someone who has done it before. I would also suggest picking up skills and becoming an expert in something, so that you can be a resource to others.