Hey all!
Time for another edition of “twenty questions”, cybersecurity edition!
If you’re not familiar with how this works, I reach out to a blogger, content creator, business professional, etc. that reside within my realms of interest: fashion and style, and cybersecurity and InfoSec. I ask them twenty questions to get to know them, and their areas of interest better, and then I share what I learn with you. It’s a great way to network, and learn more about people.
Ready to dive in?
One professional, twenty questions. Let’s go!
NOTE: answers are in pink, both to match Tricia’s energy, and the color of choice in answering the questions. ‘Twas only fitting. 😊
Name: Tricia Howard
Where can we find you on the internet:
- https://www.linkedin.com/in/triciakickssaas/
- https://infosec.exchange/@triciakickssaas
- https://www.akamai.com/blog/security-research
Personal Background
1. What inspired you to start a career in cybersecurity/infosec?
ha okay a lot of backstory first: I got into tech by accident – was supposed to get my Master’s of Fine Arts (the artist’s version of the MFA acronym) in lighting design. At the last moment before graduating college i found out i wasn’t accepted into the program. I was devastated and panicked at the prospect of not having a job, so i put out some ✨ very ✨ millennial post on facebook about “no one caring about my artistic experience” *flips hair dramatically* and a friend of mine in the industry said he knew someone who would care and referred me in. 3 interviews and a week later I had accepted a job halfway across the country to be a cold caller for a value added reseller (VAR) selling just about any technology you can think of: unified comms to route/switch and beyond. during that time, the company decided to start a security practice and formed a team to specialize on the networking and security side and upon learning that side of the business i was hooked. defenders these days are the closest thing we will get to actual superheroes. our lives are so digital these days, the ones protecting the internet are some anime level heroes IRL.
2. How did you first become interested in blogging about cybersecurity?
spite and feminism 🤣 as aforementioned, my foray into tech was in sales. There’s a lot of bro culture in tech sales, especially back then. every week we would have a different vendor come in and present their product to us so we could sell it. every. single. one. of them would say “all you need to know is XYZ, set the meeting and we’ll get the smart guys in the room from there.”
first off, smart people. second off, just because i have sales in my title and function doesn’t mean i’m an idiot, and certainly doesn’t mean i can’t comprehend and communicate technical concepts to a potential buyer or anyone else for that matter. i understand things in metaphor and realized i was pretty good at using them for tech stuff, so i started writing my own stuff on linkedin the way I understood the technical concepts. the techies speak in 1s and 0s, i speak in unicorns. the industry responded positively, and it just snowballed from there.
3. What’s the story behind the name of your blog?
a vendor had come up with the pun “kick saas with xyz product this summer” and i thought it was funny. always been a pun hound and it was so relevant, i loved it. so, TriciaKicksSaaS came to be. admittedly, i don’t keep up with my personal blog at all anymore (which i should, maybe someday) but the handle/persona of TKS has remained.
4. What are your favorite topics to write about and why?
Social engineering will likely always be a favourite because it’s literally just acting/roleplaying (with a malicious purpose.) I made my personal brand on speaking to the normies about security awareness and speaking to brands about how they do awareness wrong. accepting and honoring diverse viewpoints and unorthodox entry into STEM is a big one also.
as of late it has been cool getting into the psychology behind the attackers and humans in general and understanding how that plays a role in security. it allows me to add a totally different angle to a piece, especially a highly technical one where our company has uncovered a massive botnet campaign, etc.
Career Insights
5. What has been the most challenging aspect of working in cybersecurity?
understanding that there are some big egos in the space and learning how to manage them. some of the OG security people have a weird god complex about them because of the amount of control they were allowed to have over the network and the people using that network. the “hot takes” and other general nonsense that showcase how out of touch with reality security people can be (and honestly kinda tin-foil hatty) create a huge disconnect from the general populace.
this makes it easier for a person to write security off as “something i’ll never understand.” security is everyone’s responsibility. we should be encouraging people to know security better, not making it seem completely unattainable. it’s a different form of fear, uncertainty, and doubt (FUD) which is a waste of time and effort in general.
6. Can you share a memorable success story from your cybersecurity career?
What does success even look like in cybersecurity? /s 🤣 the USPS phishing video is certainly a highlight – not only the overwhelmingly positive feedback, but mostly because i have had people reach out to me when they get a scam text that they didn’t click on. that is so heartwarming. a colleague across the world showed the video to their 7 year old who asked to watch it multiple times and was even quoting it of their own volition. making content that is enjoyed and respected both by industry pros and children alike is the apex of success for me.
7. What skills do you think are most underrated in the field of cybersecurity?
Might get hate for this one, but compliance/legal knowledge is actually really critical. attackers certainly know how to manipulate business processes and bureaucracy so getting a good understanding of the process can help you find places an attacker could insert themselves.
specifically for researchers and bug bounty hunters, having legal knowledge can also help keep you safe from legal turmoil down the line. know the law so you can tow the line of breaking it better 😉
8. How do you stay updated with the ever-evolving cybersecurity landscape?
I am in a unique position where my company sees so much traffic – malicious and benign – and have hundreds of researchers worldwide who interpret the swath of data we have. so by job function i keep up with the reality of security as well as the cutting edge stuff. externally, using social media to follow credible news sources are usually my go-tos.
Blogging Experience
9. What motivates you to keep blogging in such a competitive space?
it’s part of my job, so that’s a pretty strong motivator. however, i expanding beyond just blogging to include content creation as a whole. the short answer is that i love it. i love bringing my two worlds together in such a unique way. of course, the amount of views and reads is the ultimate goal, but getting to create it in the first place is the enjoyment that fuels the work. I’m a firm believer that even if a topic has been covered 100 times, if YOU haven’t covered it, the world hasn’t seen it.
our biases are unimaginably deep which allow us to see and experience things completely differently than the person next to us. have you ever had a piece of advice that someone has tried to tell you 100 times, but you hear it in different words and it instantly makes sense? letting the competition determine whether or not you’re creating is a good way to not create ever again.
10. How do you balance your professional work with blogging?
i gave up my personal blog because it got me to where my job IS blogging. truly, i just kinda brute-forced it. I knew there was a crossover between the two, so i just did it and asked for forgiveness if required. it all comes down to deciding what your goal is and taking actions that support that goal. my goal was ultimately to be able to create content for a living, so i found ways to rationalize doing it during the day.
11. What’s the most surprising feedback you’ve received from your blog?
it still surprises me when people say they’re going to use the content in their talks/presentations at work. it always comes down to practical application lol, it surprises me that a theatre girl can be creating cybersecurity content strong enough to be used in legit industry innerworkings.
12. Have you ever faced criticism for your blog posts? How did you handle it?
the harshest content criticism tends to come from me, ha, but i’ll be honest, the times that true criticism have happened, i did *not* handle it well – even when i asked for feedback. it’s very easy to become emotionally enmeshed in a project and believe your worth is tied to other people appreciating it. if you’re doing so, a simple piece of criticism feels earth shattering.
this was part of a larger mental evolution, but creating a real hard separation between me the person and the content creator really helped alleviate that. as an artist, it’s hard not to be passionate about a project, and i’d argue passion contributes greatly to creating good content. TriciaKicksSaaS can feel a way about someone not loving her content, she can even gripe about it- during working hours. Tricia Howard on the other hand enjoys what is in front of her and is present in the moment and doesn’t let someone’s opinion ruin her outside of work time.
Industry Perspective
13. What do you think is the biggest cybersecurity threat today?
it is and will always be people. not just attackers or human error either. humans are creative and resilient when they’re motivated, and a lot of cybercrime is based on a very strong personal motivator like money or perceived justice. the attackers don’t have to deal with bureaucracy and other red-tape that are part of a defender’s job which gives the attackers an advantage.
a more specific answer is the mental health crisis in security and beyond. computers are really fast versions of our brains. if the source code that we’re basing the new tools off of are flawed (our brains), the output will also be flawed. it also affects how much we “care” about something which has a direct correlation to how effective we are at our jobs.
14. Which cybersecurity trends or technologies are you most excited about?
i’m excited to see where quantum takes us. it’s fundamentally different – to the level of granularity of how we consider the ability of a machine. a wonderful quote in this article about quantum vs. “classical” computers (our current computers) “One analogy to understanding superposition is to consider flipping a coin. A classical computer can represent the coin as being heads or tails after the coin lands. A quantum computer, on the other hand, can represent the coin as both heads and tails at the same time while it is still flipping in the air.”
this is a great example of just how different that landscape will be. seeing how quantum interoperates with the classical is going to be a fun journey.
15. If you could change one thing about how cybersecurity is approached globally, what would it be?
i wish we looked at security as more of a people problem than a technology problem. we talk about social engineering a lot and the soft skills of security, but we don’t talk about it like our brains themselves are the ransomware.we’re treating the symptom, not the problem. we default to fixing a configuration or building a new tool to fix some niche threat. we then end up with too much to do, not enough budget or people, and the already suffering mental health gets even worse. it’s a nasty cycle.
we make decisions based on emotions a lot, even when we have convinced ourselves it’s logic running the show. it’s logical to you in your brain based on the pathways that have been built from your experiences. if the initial pathways were built based off a fear response (not wanting to get hacked and lose your job) was it actually a logic-based decision? or is it only logic-based in the sense of a flowchart or if/then logic? the source input has to be devoid of emotion in order for it to be a truly, wholly logic-based decision. the likelihood of that is almost nonexistent, so let’s work WITH our emotion-laden decision making rather than against it.
16. How do you think AI and automation will impact the cybersecurity industry in the next decade?
the technical barrier to entry is lessening which opens up the pool quite a bit for both defenders and attackers. there are so many tasks that can now be quickly automated, which will change where the effort is placed. prompt engineering is going to be a valuable skill to cultivate for just about any aspect of the field you’re in.
AI and automation IMO is not that different from any other major transformational “thing” that humans have created. we still have horses even though cars are a standard nowadays, we just use them differently now. change scares people, but our whole existence is change. the resistance to it just makes things harder. AI and automation are tools in our toolbelt. we may have to redesign the toolbelt to accommodate, but that’s how we progress as a species.
Personal Preferences and Advice
17. Who are your favorite cybersecurity experts or influencers?
Marcus Hutchens (malwaretechblog) is a fave for sure. john hammond has excellent content too. tanya janca and rachel tobac are also up there – i love the way they present their content.
18. What’s one piece of advice you would give to someone starting in cybersecurity?
it is worth the effort to find what aspect of security excites you and do that- if there is one at all. of course, not everyone is going to be passionate about their job, or even like it, but it’s worth trying to figure out. security is so vast – it’s worth trying to figure out if there is something that actually excites you and motivates you to learn and do more of it.
a fraction of security is “fun” as it’s portrayed in the media and online. it’s a lot easier to do the mundane stuff if there is some level or potential for an exciting project down the line.
19. Are there any books, courses, or resources you recommend for aspiring cybersecurity professionals?
LinkedIn Learning or coursera etc. is a nice place to start if you have zero idea about anything security. it can help determine whether you’re into something or not at the very least at a fraction of the cost of some of the more formalized training and certs out there. otherwise, compTIA’s networking+ and security+ is a good baseline.
personally, i enjoyed reading security researchers’ personal blogs above all else. they’re typically less polished but the content is some of the best out there. also reddit subs like r/cybersecurity are a great start to seeing what the community cares about.
20. What’s the best piece of advice you’ve received in your cybersecurity journey?
the real imposters don’t believe they’re imposters, so if you feel like a poser, you’re probably not one. imposter syndrome is what will kill your career, not your lack of skills. skills can be taught, but only if you believe you have the capability of learning them. imposter syndrome is rooted in some pretty sinister self-esteem issues that can impede our ability to learn. it then becomes a self-fulfilling prophecy. your lack of ability to learn will make you less flexible in an industry that requires agility. that will in turn make you less marketable. believe in yourself. ask questions. make mistakes, and make them loudly. that’s how we learn.
And there you have it! I hope you enjoyed it. If you know someone who should be featured, or if you would like to be featured, please feel free to reach out at:
terry@secureinstyle.tech
Leave a Reply