Blogs & Opinions 14.04.2023

XX Hacking: Three Tips for Women Aspiring to be a Professional Hacker

Beth Robinson highlights the additional considerations that those with a double X chromosome may need to take if aspiring to be a professional hacker

Unsurprisingly, the steps that women need to take to carve out a career as a professional hacker are the same as their male counterparts. That said, Beth Robinson highlights the additional considerations that those with a double X chromosome may need to take

Last month was Women’s History Month, which gave us the opportunity to celebrate the brilliant women who work in the global cybersecurity industry. Quite rightly, this celebration also served up a dose of criticism, with calls for year-round acknowledgement of successful women in tech.

While cybersecurity remains one of the fastest growing industries in tech, female employees only make up 24% of the workforce according to the (ISC)2 workforce study. This is a welcome increase on 11% in 2017, but more needs to be done. To continue this positive trend, it’s important to turn the spotlight onto how women can carve a path for themselves in cybersecurity 365 days a year.

Why ‘hacking’?

Perhaps one of the most intriguing and impactful roles in cybersecurity is that of an ethical hacker. Don’t know what an ethical hacker is? Let’s try to explain it. Ethical hackers are security experts who look to discover security vulnerabilities before cyber criminals. In an era when cyber attacks have the potential to be both frequent and devastating, security controls are sometimes lacking. Research from Panaseer found that 79% of enterprises have experienced cyber incidents that should have been prevented by existing safeguards. With hackers evolving their tactics at lightning speed, organisations are rapidly adopting offensive security solutions that embody the ‘think like a hacker’ perspective. Penetration testing, red teaming and continuous attack surface management empower security teams to improve security preparedness by looking at the digital perimeter from a hacker’s viewpoint, identifying exposures, misconfigurations and vulnerable assets before attackers do.

Where to start

Organisations such as Women In Cybersecurity, Black Girls Hack, and The Diana Initiative offer resources for women seeking to build careers in the information security industry. New and aspiring cybersecurity professionals can lean on these organisations to network, find mentors, attend workshops and conferences, and learn about how to break into the industry.

Getting involved with women’s cybersecurity organisations also helps to build your profile in the community (not to mention expand your network) which can open doors to scholarships, training, and resources created by women who want to give a helping hand to the next generation.

The essential skills

But what does it take to be a successful professional hacker?

  1. Strong communication skills
    When working with enterprises and their boardroom decision-makers, it’s vital to be able to share complex information in a way that people understand, but also care about. Some of these professionals will have limited experience or knowledge of the cyber threat landscape and communicating risk in terms of business impact will be key. A good information security expert recognises the difference between saying ‘I have access to your data’ and ‘I can steal the personal information of everyone who has ever done a blood test at your facility’, for example. Knowing how to express the latter with the urgency it deserves will prove the value of your work in the eyes of these decision-makers.
  2. Doing trumps knowing
    In building practical knowledge, you don’t need to obsess over certifications. The cybersecurity industry changes so fast that it’s impossible to pinpoint which certifications are most valuable, and it’s likely that no two professional hackers that you meet will have the same qualifications. Certifications are good to demonstrate some early expertise in your career, but it is possible to go straight to the ‘doing’ and still be a success.
  3. A foundational knowledge of coding
    Having a foundational knowledge of coding will add a valuable string to your bow. Understanding how things are built, and how they should be built, will familiarise you with the environment you’ll be working in. As for which language, start with whichever you feel most comfortable with learning and build from there.

Knowledge is power

It may feel daunting to be a woman forging a path in cybersecurity, but rest assured that there are endless resources to support you along your journey. The modern cybersecurity industry needs to be powered by a diverse workforce, just as the modern cyber threat landscape needs continuous, offensive security measures to take on the ever-evolving challenges threat actors present.

Leverage these resources for more ideas on how women and girls can get into ethical hacking:

  • Defend Like A Girl webcast
  • Celebrating Women in Offensive Security

    Beth Robinson is security evangelist at Bishop Fox. Beth previously worked as a technical targeting analyst for the CIA and and NSA, and worked as a senior analyst at FireEye and content manager at Mandiant. She holds a Master’s in international policy studies from Middlebury Institute of International Studies at Monterey and has a BA in comms from the University of Santa Barbara.

Latest articles

Be an insider. Sign up now!