The Women of Trustwave SpiderLabs
2021-03-06 09:00:00 Author: www.trustwave.com(查看原文) 阅读量:293 收藏

As the world celebrates International Women’s Day, it’s an unfortunate reality that cybersecurity, like many other industries, is often thought of as a male dominated field. Like so many other sectors of society, women sometimes struggle to break through and are still underrepresented in leadership positions. Despite the obstacles, many female cybersecurity professionals are breaking barriers and setting new precedents, serving as examples for the women who will follow in their footsteps.

One of the huge benefits of working as a global team is the benefits, diversity and different perspectives that are applied to solving difficult problems. Trustwave SpiderLabs is fortunate to benefit from this at all different career levels. From Analysts all the way up to Directors, we are proud gender is not a barrier to advance in a highly technical field. Five of our team members, Anna Oliveira, Olga Barinova, Tanya Secker, Eduel Neyra and Therese Mendoza, sat for this interview, so that we could explore their experiences in the cybersecurity industry and learn more about what motivates them. Find the full interview below.

Q: Could you briefly introduce yourself and describe your role here at Trustwave?

 Anna: My name is Anna Oliveira, I am the Director of Operations for our Global SpiderLabs practice. My main responsibilities are to manage our customer service, processes, product and service delivery, enhancing the bridge of our practice between our internal teams in favor of a delightful experience to our Customers.

Tanya: My name is Tanya Secker and I am the Practice Lead for EMEA. I also lead QA and the AppSec Think Tank globally. I have been in penetration testing for over 15 years, specializing in apps for over a decade and I have been at Trustwave SpiderLabs for 13 years.

Olga: My name is Olga Barinova and I\'m a Senior Security Consultant at Trustwave SpiderLabs. I\'ve been working here for 2 years now. My main responsibilities are to perform penetration testing against web applications, conduct source code review and communicate with clients helping them to fix issues.

Therese: I\'m Therese Mendoza, a Senior Security Consultant at Trustwave SpiderLabs. I’ve been working here for 5 years. I handle most of the Mobile and Web application penetration testing engagements.

Eduel: My name is Mary Eduel Neyra, a Managing Consultant of Trustwave’s SpiderLabs - Vulnerability Management Services. My daily responsibilities include delivery, QA and management. I’ve been in Trustwave for almost 5 years now. Our team does basic penetration testing, but our main responsibility is managed scanning for Network and Web Application, as well as database.

Q: Tell us about your career path and why you chose cybersecurity?

Anna: I have always had a passion to serve, understand other cultures, travel, and I thought I was going to be a chemist or a CIA agent. And then I decided to pursue one of them, which I have been evolving since I was 18, and the ones that enrich me the most. I started school in Rio, Brazil, in Hospitality Management, and I set out to see the world. This is when I fell in love with people even more, and I decided that anything I did in my career would have to include the art of understanding people’s needs and coming up with creative ways to serve and make their lives easier.

Olga: When I studied in Moscow State University, I had no doubt I was going to be a software engineer, because I was in love with coding. But at some point, I found a few friends who could do some mysterious things on their laptops and I wasn\'t completely unaware how they did it, so I started to look into it. It was hacking (mostly CTF)! When there is something that I don\'t know I always tend to delve into it. So, cybersecurity drew me in.

Tanya: I have always had a curious and somewhat logical mindset and this lent itself well to cybersecurity.

Eduel: This was not included in my plan. I just applied to a company that was looking for fresh graduates and got a job, then I was surprised what I got myself into. I just learned about this field when I started working, and who would have thought that I would love this. I find cybersecurity very interesting, fun and relevant. It is an ever growing field. I take pride in what we do and how we help/impact the world.

Therese: At a young age, I was fascinated with computers. I continued to take this path into university until I graduated with a bachelor’s degree in Information Technology. I started as a Java programmer, but opportunity knocked when there was a job offered for penetration testing. This really caught my attention and I decided to pursue this field. For me, it is a rewarding job. It\'s fun when you start digging into the application and you can find one vulnerability after another. It\'s gratifying to know you\'re helping protect people\'s privacy and security. It can also be a mentally engaging and exciting field.

Q: Were there any obstacles you felt you had to overcome in your career path?

Olga: This work requires creativity on a day-to-day basis. Sometimes when you have bad days, you just don\'t have the inspiration to produce creativity. In such moments I think about why I didn\'t choose the \"software engineering\" path in my career – which is more about solving a clearly defined problem. I would just need to solve it rather than improvise trying to find a way how to hack a system. Luckily, I don\'t have many of those days, so I certainly enjoy my work.

Therese: Absolutely. There\'s a handful of research work that needs to be done, especially with evolving technology. Then, having to test over and over again making sure you\'re doing it correctly or not overlooking any vulnerabilities. It can be a work that demands detailed attention, effort, and patience. Clients are another big part of the job. Some are genuinely interested in their security posture and others not so much. So as a consultant, you have to be firm with your findings and don\'t doubt yourself.

Q: What advice would you have for other women who want to work in cybersecurity?

Olga: Nothing is impossible. It\'s not as difficult as it sounds. Just take it one step at a time.

Therese: Challenge yourself. Don\'t fear a field that may seem intimidating. It\'s perpetual learning and if you\'re passionate about cybersecurity and technology, then do it. It\'s definitely a male-dominated industry, but once you get to where you want to go, it can be very fulfilling. Keep in mind that every small step counts and the insight of every person, women including, makes a huge impact.

Tanya: Compromise boxes/apps/networks but never yourself.  A good sense of who you are will help you achieve greatness in the industry.

Eduel: If others can do it, you can do it. Trust yourself! Know your strengths and weaknesses and work on it. Don’t be intimidated and overwhelmed, take one day at a time.

Q: What\'s your favorite career accomplishment? Any notable findings or discoveries?

Olga: In my modest career I wrote a couple of blogposts about interesting vulnerabilities I found (\"HQL Injection Exploitation in MySQL\", \"Jolokia Vulnerabilities - RCE & XSS\"), got a few CVEs (CVE-2019-11628, CVE-2018-1000129, CVE-2018-1000130, CVE-2017-12629) and obtained OSCP and OSWE certifications.

Therese: I have lot of favorites, but I’m very much interested in finding IDOR (Insecure Direct Object References) vulnerabilities. One instance is where I bypassed the OTP verification process of an application by manipulating the response from the server that led to a complete account takeover.

Tanya: Holding various CVEs, building up the appsec practice in EMEA for Trustwave SpiderLabs, being chosen as a Woman to Watch by SC Magazine in 2018.

Eduel: I was very happy when I first compromised a domain, I will forever remember that moment. I was very delighted whenever we won a deal, renewed a contract and gave the client the best service they deserve. I am most accomplished when I was able to help our organization improve its processes, services, and delivery thus helping more people understand not just our clients, but the importance of cybersecurity.


\"\"

FACT SHEET

New Vulnerabilities Discovered in SolarWinds Products by Trustwave SpiderLabs

Download our fact sheet on the SolarWinds vulnerabilities that Trustwave SpiderLabs has discovered. All three vulnerabilities are severe with the most critical one allowing remote code execution with high privileges.

Download Now


文章来源: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/the-women-of-trustwave-spiderlabs/
如有侵权请联系:admin#unsafe.sh