Can’t begin to tell how happy i am to bring to you an interview with Alyssa Miller.
It was back in June when I got to know more about Alyssa when I came across her blog post ‘Ethics in Cybersecurity Marketing – Principles of Value Contribution’ which talks about plagiarism in the Cybersecurity and the history of it by EC-Council.
The post really is a wonderful if not a bit jarring given the respect I had for the company prior to the article and then recently the post ‘Plagiarism at EC-Council, an Open Response’ which is an open response to the apology/ statement by Jay Bavisi the CEO of EC-Council on the plagiarism which you can read here ‘Plagiarism Investigation’.
This is not the reason I wanted to speak to her though and I can imagine she is maybe sick of talking about it herself and I hate myself for opening the post like this but it’s the truth and I am glad to have been made aware of her because her twitter has awesome content and I loved her on H4unt3d Hacker podcast episode #37 which you can watch below.
“I’ve been a hacker all my life. After beginning my career as a software developer, I’ve spent the last 15 years working in cyber security. All views expressed on this site are my own and do not represent those of any other organization or affiliation.” – ALYSSA MILLER
In doing my research on her I was debating asking about how she find the different sections of Cybersecurity and how to choose a path BUT…
I stumbled upon a video she done with Infosec which pretty much covers it so here you go.
Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path.
In reading up about you and what you do its safe to say you are a very busy person, did you manage to get any brake the last 18 months with the world on more of a lock-down or was it just keeping busy?
I was very busy but yes, I did find ways to break away. I took a trip to the upper peninsula of Michigan with my sister. We did some hiking, some sight seeing and even went kayaking on Lake Superior. I found other ways to get out of the house as well, began hiking locally every day, had people over for outdoor, socially distanced BBQs and started going on regular evening walks. All of it just to break up the monotony of pandemic life.
I am obsessed with people’s stories, maybe because I have been doing my family tree for years or maybe I am just nosy but I love to try and understand what brings people to Cybersecurity\Hacking and such. When you were a kid what was the thing that got you thinking “I love this” 😊?
I always tell people I was a hacker from birth. I was always that kid that liked taking apart my toys to figure out how they worked and to try to make them do different things. At 4 years old, my father introduced me to computers when he brought his home from work over the holidays and let me play video games on it. From there I was hooked. In elementary school we had computers that I was able to use to teach myself BASIC programming and at age 12, I saved up and bought my own computer. Shortly after that I got myself a modem, learned about serial and asynchronous communications, and executed my first hacks against an dial-up community service.
When I was watching the videos and listening to the podcasts it dawned on me that you don’t have your own podcast or YouTube, have you ever thought about it given how good you are and the contacts you have?
I was the co-host of a podcast called The Uncommon Journey which aired via ITSP Magazine. We’ve recently ended that project but I am working on one, potentially two, new projects with ITSP. We are just getting ready to launch a weekly live stream show that I will co-host with another amazing host. The other is still in the works but if it happens, it will be a solo podcast aimed at continuing on the work we did with The Uncommon Journey.
Do you have any hobbies or things you like to do outside of Cybersecurity?
Oh yes of course, I have a couple of hobbies. First and foremost I am a soccer referee. I work all manner of matches from youth, to college, and even semi-professional leagues. Additionally, as those who’ve seen my office in the background of any of my virtual events already know, I am also a guitarist and a photographer. Lots of stuff to help distract me from work stress at the end of the day.
You are member of Women in Cyber Security (WiCyS) Racial Equity Committee which is fantastic, ‘Respect in Security’ launched the other week and there is ‘Mental Health Hackers’ who I am getting involved with now and will be writing about soon. Do you think Cybersecurity is getting better now at inclusion, has it changed a lot since you started and how can we do more?
Cybersecurity is an odd animal that way. I grew up in hacker culture and it was this dichotomy of gatekeeping but also acceptance. We didn’t really care (or even know) what you looked like, what gender you were, what ethnicity you were, the only thing that mattered was could you hack. I think a certain level of that acceptance has persisted and grown in our community. However, there are still many loud voices in the community that are not accepting and not inclusive. There is a lot of bias against women still and we see that in the numbers. This community is still inordinately dominated by hetero-cis-white-males. Unfortunately, that means that some members of that dominant demographic act with malice in an effort to try to keep others down. I think it has gotten better, allies have become more vocal and the problems get talked about an acknowledged far wider than in the past. However there is still a long way to go.
I have a question regarding certificates and how you feel about them. I thought for the past few years I would HAVE to get them and I am talking the Security+ CySA+ etc to get a foot in the door. I worked towards them and done other courses that were either free or very cheap and though this site and a couple very good interviews I managed to get a job (5th week there now). My plan is to book my Security+ for later this year, the CySA+ for early next year then concentrate on my CISSP. How do you feel about certificates and should potential employees really need them BEFORE starting?
Personally, I feel like prospective employers abuse and mis-use certifications. A research I did last year, I found that the vast majority of job postings state the requirement for a certification. So this leaves people feeling like they must have one to get a security job. But as you pointed out, it makes no sense for someone to have a cert before they start working in the industry, and many of the commonly requested certifications actually require a certain number of years of work experience before someone can qualify. The over-emphasis on certifications is an unsustainable model because it is rooted in the unwillingness of many organizations to develop people. Everyone wants to hire that seasoned veteran while few if any will hire a true entry level candidate and skill them up. The supposed skills gap this creates is mostly if not entirely self-inflicted.
A couple of big questions there so ill ask a few quick ones, favorite place you have went for a speaking event and where would you like to go when the virtual all stops?
Favorite place, as in city, was probably Victoria, British Columbia. It’s a gorgeous town on Vancouver Island and I really enjoyed every bit of it. However, if we’re talking from the conference perspective, I’d say Naples Next in Naples, Florida. It was a truly amazing conference and I got the opportunity to appear on a panel with a former director of the CIA our moderator was a highly recognized editor from The Atlantic. I met some of the most influential people in the US at that conference and it was a joy being able to share my views on cyber security with them.
Ever been to the UK (I am in Scotland) and did you like it/would you come back/do you want to come?
I’ve only been to London, never Scotland. I’d love to return and definitely would love to spend some time in Scotland. In particular I’d like to travel to Edinburgh to do some site seeing and of course check out some of the amazing shore lines as well.
With so many in Cybersecurity looking up to you nowadays, is there any you look up to and have a great deal of respect for what they are doing just now?
Well I always like to say they’re not looking up, they’re looking over. I don’t like to be put on a pedestal because I’m no different or better than anyone else. I truly am humbled and appreciate that so many people are inspired by my work and come to me for my thoughts on many different topics. That said, there are a few people whose work I truly admire as well. Jayson Street for instance has been a great influence on my career for many years. He’s a constant advocate for others and is truly one of the most genuine people I’ve ever met. I also have massive respect for the work that Maria Markstedter does. Her work on ARM exploitation and reverse engineering is so brilliant! There are literally hundreds of others but I don’t think we have time to go through them all right now.
Lastly what have you planned for the rest if 2021 and then into 2022?
Thankfully I have a number of in-person talks at conferences coming up over the remainder of the year. College soccer returns for me this fall so I am looking forward to a very full schedule of matches that I’ll be working, including a few in one of the top college conferences in the US. Other than that, it’s simply about settling into my new role that I started at the beginning of this year and really trying to make some positive and lasting changes in our security posture.
Actually this Is lastly as I just discovered your store, can I get discount as sop many cool tops 😉?
I can definitely make that happen. Be aware, I moved it to etsy, so if you’re looking at the old one on TeeSpring check out the new store at https://alyssa.link/store
Thank you so much for reading and check her out at the places below.
Website = https://alyssasec.com/
LinkedIn = https://www.linkedin.com/in/alyssam-infosec/
Twitter = https://twitter.com/AlyssaM_InfoSec