Inclusivity in CyberSecurity

Hi, I'm Anna. I'm here to talk a bit about inclusivity in the IT sector, or more specifically in cybersecurity. I was not able to be present for the series Athens BSides, unfortunately. So instead we have opted to make a presentation where I will talk a bit about myself and then at the end I will link to a companion article where I go more in depth about various disability experiences in cybersecurity. Since we have a limited amount of time and I figured it was better for me to write an article where I, in my own time, laid out my thoughts and feelings. So I hope you will find that helpful. My name is Anna, Anna Batranovic, which is ironic considering that there is the word ran in the middle of my surname. I did not run. I go by Poki online. I'm 18, I'm Serbian. Right now I'm working as a junior penetration tester at UN1QUELY part time while I finish my studies. I enjoy CTFs. I like cats. I like drawing. I'm also technically a cyborg as of 2021, post spinal surgery. So I am in fact by definition a cyborg and I'm disabled. Obviously. I've been learning and studying Cybersecurity since late 2021. I had learned about Hack the Box from my friend earlier that year and I signed up for the website. I signed up for an account and I did not think about it until I got an email late November. I think there's a picture of the email and I thought it looked really fun. I needed a good reason to get out of bed since I had a back surgery that October, and obviously it takes a while for you to get back your stamina and to sit as you used to. So this seemed like a good opportunity because there were daily challenges and it would give me a good incentive to get up on my laptop. So that did not go well because I had never did anything even close to it before, so I was pretty stumped. And then I did lots of googling. I found out about the advent of Cyber, which is Try hackme's yearly December event, and I found it was very beginner friendly, I really enjoyed it and I basically just went down the rabbit hole. I did not look back and that was it, pretty much. I then immediately signed up for Hack The Box and I started watching IPsec videos, which proved to be very useful and very helpful. So. Thank you, IPsec. So in terms of difficulties, obviously at first it was very much just a lot of information at all sides. Like Cybersecurity is so broad and vast and there's so much to learn, so it's just very difficult to figure out how to prioritize everything and to just take it one step at a time. In terms of time management, I think that was the most difficult thing to get right because I did not really know how to properly pace myself at first, which meant I worked a lot, I pushed myself a lot, and I ended up getting very tired and fatigued, which is not a good way to go about it. So just learning to pace myself at. Was really important, which is something I will talk about in a little bit. Additionally, impostor syndrome, as I'm sure everyone has experience, is pretty bad. It's just like kind of debilitating overall, not knowing truly if your skills are up to par or if you're just a really good actor, oscar worthy actor who is fooling everyone. But I think over time it's just something that you just have to come to terms with, that you probably do know a lot and it's not just you fooling everyone. And obviously I still have those feelings, but I think I'm better at talking myself through them and having that internal conversation and coming out of it feeling okay, which is really important. In terms of what excites me, right now I'm focusing on Red Teaming. I am studying for my CRTO Certified Red Team Operator, but I do find a lot of things interesting and exciting. I really like my job, I like finding vulnerabilities, I like report writing and I enjoy talking to clients. I think it's interesting and dynamic to sort of see different tech stacks and see how various teams work. I definitely like to be active. In terms of the disability community, I think there's a lot of work to do in making cybersecurity accessible, which I talk about a bit in my article. I think a lot of tools are not accessible just by being open sourced. So just over time, working on that, making sure that as many people as possible are able to try and pursue cybersecurity. Because really, it's just fun, it's a really good career and it's interesting. It's just something that I think everyone should try and then if they like it, perfect another victim. In terms of lessons I've learned, I talked a bit about this, but I think pacing yourself is most important out of everything, especially in It. There's a big hostile culture, there's a lot of grinding, there is a lot of just feeling like you have to work all the time. If you're not working, you're just getting good at your job, through like hack the box or just studying or whatever, which is the reason I think that often burnout is such a big issue in cybersecurity. Often people feel like they don't have the right to pursue other hobbies or have their free time to just stare at the ceiling, whatever you want to do, just resisting that, making sure you have time for your own thing that isn't related to the laptop or your job. For some people, it might be like going out, hiking. I don't hike for obvious reasons, but I've heard it's a very good way to spend your time. And for me, that's art. I really enjoy drawing. I think that having something that you can fall back on when your job is in fact your job and not your passion that you would do for anything, is really good for you and really important. So I think that's my main lesson that I've learned over the last few years. Thank you for listening. I hope this wasn't too long and too rambly because I don't really have time to get into the nitty gritty of disability. I wrote a companion article, which is linked here. Or I guess. Hold on. Here. So if that's something that you would like to read more about, I would appreciate it if you took a look and hope you will find it insightful. So thank you for listening. Thank you for your time. I appreciate it. Have a good day. Bye.