From Teacher to Hacker: Retraining in Infosec

all right so thanks so much sam um yes so i'm going to talk today about my experience of retraining in infosec um for this community channel um yes so here we go so the obligatory who am i um so my name is kimberly hendry and i'm currently studying a masters in cyber security um i'm a member of the tech mums group and also the co-founder of the northeast ladies hacking society so yeah i'm going to talk about sort of why and how i got interested in information security um so my journey through education trying to build skills and um and then how it ended up in a job so yeah the first thing i did was um i

took part in the tag mums initiative um they've they've moved online now but the aim of it was to have um events around the country trying to sort of teach women and mothers um sort of technical skills and sort of teach them tech thinking if if they could be more confident in technology they can then go home and teach their children it and and also encourage women into the community and to retrain and the course i did was over at gosforth and we did sessions on things like python safe um banking security social media use which was really interesting for a lot of the um older moms whose children were starting to get social media accounts

and didn't really know what to what to do with them or how to secure them i guess it it moves quite fast doesn't it really things like tick tock and snapchat and we also had a session on web design and so a bit of html tinkering about with that and also got to go to um hedgehog lab over in newcastle and do a few design sprints with some um so app design which was amazing that was so so fun so from there um we also got invited to a tech conference and um the one we went to was dynamo over in sunderland and that was pretty much i think where i fell in love with

cyber security there was um some live hacking demos and from students there that simultaneously terrified me also blew my mind i was just like what is this this is fascinating and just to see just see it happening in front of us so there was a few different ones but the main ones that stood out were um some students um using showdown and showing how they could scan and find different iot devices and um like then find the exploits for them and ones that were set with default credentials um it was also part of the talk on the collision of 5g and iot which i think before the pandemic was the big the big worry um and then also there was

a demo on some website spoofing so one of the students sort of showing us sort of behind the scenes of phishing campaigns and and did a live demo of spoofing a website and um yeah it was also i think like building on things like cambridge analytica and wikileaks that was still in the news so it was quite a timely thing so from there um i decided to start doing some online courses um i think i just pretty much googled cyber security courses um because i i love online courses i've worked them for years worked in education and then assessing and tutoring online courses writing them so um yeah i feel incredibly lucky living at a time where

we've got access to all this information online so yeah looked on futurelearn does a really good introduction to cyber security i think it runs quite regular and it's written by the open university so it's um of good caliber and it covers things like network security cryptography malware um like the importance of multi-factor authentication and um yeah so that was a great course i often refer back to it actually um udemy as well they do um some great some free courses and some page four ones as well and um cybere they have um they show career pathways so if you interest they do lots of introduction ones but if you're interested in say being a sock analyst

or threat intelligence they do a pathway of different courses all linked together to build your skills that way um and then building on from the python we did with techmoms and i joined code academy and now code first girls that um do lots of online programming courses so also as well um decided to sort of seek advice about retraining i'd worked in education for probably 10 years and um just yeah this is really like lit a fire inside me and so i thought actually let's see like where i can go from here and building on these courses and so spoke to um co-workers or friends who worked in tech companies and just said do you know anyone who works in cyber

security so got to chat to people um yeah there's lots of interesting articles online and webinars and with information and definitely utilize linkedin i think linkedin linkedin is wonderful there's a few people mentioned it yesterday and i'm i'm also not affiliated with it so don't worry but um i just think yeah you can there's some amazing articles posted and people really interact and i guess you don't even have to actually connect with people you can just follow people and people share articles and opportunities and we had channy on yesterday talking about the boot camp she did with um the shiso um executive course and actually got onto her bootcamp and got a scholarship for it

um a few yeah a few months ago and that was all coming through linkedin seen her posting about it and contacted her and applied that way so that was an amazing opportunity and to be on on training courses and webinars with um csos from around the world and also the opportunity to set up the northeast ladies hacking society that came through linkedin that was where i'd heard eliza may austin who runs the ladies of london hacking society she um i heard my podcast found her amazing then found her on linkedin and then she just posted um i'm thinking of expanding the society is anyone interested in setting up a chapter in the in newcastle other cities so i i

contacted her and from there got in touch with catherine cardos and so we we set up the northeast ladies sacking society and we've had two events so far

[Music] we've got obos newcastle um ise squad the new defcon newcastle as well um going to events like that chatting to people and people get their phones out and say oh we've listened to this podcast this episode's great this episode so um that's a good way of doing it yep on a note on podcasts and i was trying to explain to my mum what a podcast is and um i think i'd read somewhere that it's um a radio program that no one can stop you making which i thought was a good way of explaining them so from all that i decided um from doing the online courses and speaking to people i decided for myself to go down the

route of doing a masters um so yeah i'm near completion of the masters in cyber security and um it's been like really really hard but very very interesting as well i've put on screen a few of the um the modules we did we have four talk

much

like a good breath a breath of things really um but also on the side i thought it was important to work on my technical skills so i took part in things like um hack the box signed up to try hack me immersive labs that's good because that's um you can sort of run their virtual machines on their browser so um you don't even have to download anything um and yeah there's there's lots of beginner ones as well and starting to notice a few of the um meetups of um setting up groups together to start um like things like try hack me together i think our hacking society the ladies hang society we're setting up a new

hack the box team i think and another thing i didn't realize is actually once you become a student um you actually get access to other courses um which i didn't realize actually so as part of the masters we were invited to take part in a boot camp that was run by the institute for coding and digital union in in newcastle um so that was um it was using um what was it so it's like working with developers so lots of computer science graduates and um working on solving business problems so went around a few different um local businesses so we went to orange bus which i think is gone now um hedgehog lab um i think drummond yeah drummond

central they came to speak to us um sunderland software city and cool blue so a few advertising agencies um just to talk about working in the tech industry and and then we did a project for nbs the construction company and had to present at their headquarters um see that was a that was a fascinating experience because i'd never worked with developers and um to be in a room with them and hearing the language i mean like programming language not bad language but yet hearing the language um was quite a challenge but um a really really good experience and also the institute for coding do lots of online courses still so the the constantly running and python

courses and app courses um web app security i think was the last one and i mentioned earlier code first girls they um they do lots of paid for courses that anyone can join but actually if you are a student at a uk university you actually get access free access to some of their courses so this this week i'm about to start a new web development course um feels like taking me back to my um myspace days and um using html to make things pretty in css so see i think um it's it's important to think if you're retraining i guess you're different from just being a student or you're not really just starting from fresh you're not starting from

no skills you can often transfer the skills you've got um so i think that's that's quite valuable um i put on the screen ones from speaking to people what they think and is needed in the industry um for the different roles um definitely say curiosity um is is quite key as well um yeah these are just some skills that people have recommended

yeah so in summary of the actual masters i'd say yeah it's been an amazing experience and with it being a year-long course and which i did um side by side while i was working um it was good to like take time to read things and being an adult learner is like such a privilege when you see people there who have gone straight from school to college to uni and um yeah they don't even want to be there or something you just think oh my goodness you're so lucky to be here and to be such um almost being indulged with chatting to people and learning things in such an amazing environment um yeah the ability to make mistakes there and

not have it bring down an entire system that was um yeah really really valuable and also there was definitely quite a diverse group on my course i wouldn't say diverse in gender because it was just me and one of the girl it was all men but diverse as in there was lots of police um data scientists um lots of computer science graduates um but yeah like an interesting mix of people and also it definitely teaches you um like a high level of um report writing skills and we have to design lots of infographs which we use a lot we've always used a lot in education sort of trying to distill down complex issues into something quite

accessible which i think's um quite needed and used in this industry and then obviously presentations as well but do lots of those and the only the only bad side is that you don't often hear like oh you don't need a degree to do this and do that which is totally fair and totally is you see it don't you because even like ben was talking yesterday about him not technically being qualified for all the things he's done um technically as in like doesn't have the actual pieces of paper um but that is still a route as well if people want to do that myself i'd always fancy doing a masters um and so yeah there was lots of people on

there who whoever building on current work experience um or just wanted to retrain and use it as like a conversion course they seem quite popular at the moment sort of um computer science or cyber security conversion courses um but i would say that as again it was touched on yesterday with um sam and ben talking about qualifications and experience like that is definitely seems to be needed for a job i think um it seems like even entry-level jobs at the moment there's quite a few once some sort of experience so um i definitely say it's it's good to chat to people and try and get some work experience while you're doing all these studying as

well so yeah i'm actually currently working um in research so doing threat intelligence research mainly into energy industry and um yes i use things like meter attack and then using this research to write white papers um and that's just to say that it's the first time actually that i've been a little bit scared and of all the things i've been learning about i've always been like oh well this is what it is but actually i think um yeah the threat landscape the energy industry is actually quite quite scary there's there's lots going on like um there's actually an interesting episode of cyber war on um vice tv that talks about um ukraine and russia and their use of

um cyber war using an energy plant um so yes things like um activists and cyber terrorism and state-sponsored attacks it's all quite um yeah it's quite scary but um very very very interesting and just um quite an eye-opener to be part of it so yeah so i think in conclusion i would say um from from my experience and speaking to people it is such a fast-paced industry which people spoke about yesterday about sort of bring on a bit of imposter syndrome and i guess even more to people joining the industry but actually i think that also makes it um of like an accessible part of it because it's so fast-paced that someone worked in one part might not

have been exposed to another so things like cloud and cloud security that's a really good way of getting into it because it's still quite new and evolving um and it feels like there's a real push for diversity diversity of thought and people's experiences as well um so i think that's a good time and i'll definitely say um look out for events like this like b sides and cyber fest um even yeah lots of there's lots of online virtual ones isn't there now because the pandemic um and then use up use the online resources the it's infinite really the stuff on there and the varying quality but again if you look at what people are posting on linkedin

and twitter there's usually sharing some decent stuff um i definitely say try and get some work experience if you can um lots of people are encouraged to sort of speak to people in the security team where they work because i work for different colleges and i used to it wasn't very practical to um to do that myself um but i might get work experience from sort of joining the community and speaking to people um and also keep an eye out for things like role models and mentors and even some unofficial ones there's so many people i've reached out to and just been like this is really interesting what you've posted um like how do you get to do what you're doing

and people are usually very willing to chat and like happy to share with what they're doing um yeah i think that's it really so i've i've put on my linkedin and twitter because i could talking about community um and i've spoke about speaking to people but if anyone would like to speak to me and or send me a message i'm very happy to talk and yeah anything like that so thank you for your time do you have any questions