You know her as the old man serving coffee but “Security Intern” is actually…..a woman! That’s right! Not only is Jackie “Security Intern” Arlen is a real person but she’s agreed to be interviewed for the D-List.
Q: Tell us a little about yourself.
I am the security intern at Liquidmatrix Security Digest, however I am currently on hiatus as I went from part-time to full-time student last fall. I miss contributing more than I imagined I would. New semester, new schedule, I’m hoping to fit in a day or two a week again. In addition to that, I’m a mom and a person who teaches, learns and shares.
Q: How did you get interested in information security?
People contain information. Loads of information. People interest me greatly. And I’m surrounded by smart people who hold important information. I am also surrounded by dumb people who hold even more important information. I’m interested in helping the first group excel and succeed and ensuring that the second group are well contained and effectively managed. I suppose that really means “human resources”, actually, and I think there is a fairly large contingent of people in information technology who would like to deal less with traditionally educated human resource type folks. I am fairly certain that is where my future lies. The kind of specialist who can mediate and integrate smart technical people with organizations who need their smarts.
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?
I am currently working on my undergraduate degree, though I do have 40 years of life experience. I believe that because I’m focusing more on people hacking that I do need formal education to get my foot in the door. From what I’ve witnessed however, people don’t necessarily need a Comp Sci degree to make a name and place for yourself in information security. Ultimately though, parenting has taught me much about how to manage people, especially those who persist in acting like children after they have offices and suits and shiny computers.
Q: What did you want to be when you grew up? Would you rather be doing that?
Oh brother. Shoot me. Nao. I wanted to be an accountant. Or rather, I thought I did. That said, I was far more interested in playing euchre in the student center than I was attending any of the pre-requisite courses for accounting in university. Turns out, one cannot earn credit for garnering both bowers and going alone. So now, 20 years later I’m continuing that education but in a different direction. I’ve never really lost the desire to create order from chaos, and isn’t a project team just like a shoe-box full of receipts at tax time?
Q: What projects (if any) are you working on right now?
My degree is the big one. And finding my niche. Also, I need an original idea or ten and a thesis to follow. Oh, and training a cadre of miniature hackers suitable for deployment in any situation requiring equal parts social engineer and cuteness.
Q: What is your favorite security conference (and why)?
I think that because Notacon (Cleveland, OH) was my first conference, it’ll always hold a special spot. I like it’s intimacy and the variety of content. I really enjoyed DefCon though I was at times a little overwhelmed by the sheer volume of people there. Ask me this question again in a few weeks after I’ve had a ride on the mechanical moose at Shmoocon.
Q: What do you like to do when you’re not “doing security”?
Parenting, homework, DDR, perezhilton.com, scrabble, fighting the laundry pile, the twitter and it’s internets and watching movies.
Q: What area of information security would you say is your strongest?
The hacking of the people. Social engineering. For certain.
Q: What about your weakest?
Every other.
Q: Can you share with us a story of your social engineering prowess?
I’ve always been able to tell a convincing story. Ditch day comes to mind, I assured my Mom I was not one of the 4 people in the bank on ditch day… but I digress. One of the earliest and most memorable occurred after a football game when I was in high school. Earlier in the week, a friend and I had been to the Army Surplus store and bought neon orange construction vests and hard hats. That Friday evening just before the game was over, we parked our cars perpendicular to the intersection leaving the school, completely blocking one of 2 roads out of the parking lot. The other road led to the bowling alley parking lot. With flashlights in hand, standing in the middle of the road with nothing other than a sense of mischief to guide us, we directed the entire population leaving the game into parking spaces at the bowling alley. A harmless prank though I learned that night that simply acting the part can reap stunning results.
Q: What advice can you give to people who want to get into the information security field?
Me giving advice is about the funniest concept ever but I will say this: there is a place for everyone. You may find yourself looking in from the outside and having no idea where to start. Make contacts. Contacts are endlessly useful. When you ask a question, shut the hell up and listen to the answer. Seek advice from those smarter than yourself. IE: not me. 😉
Q: This is a fairly male dominated industry. How do plan to blaze your own trail upon completion of your degree and do you think your gender will help or hinder that plan?
I’m optimistic enough to think I’ll do just fine. I’m realistic enough to know that not only do I have gender going against me, I also have age. I’m not a fresh-faced graduate. Some will think that’s a benefit, others probably will not.
When I first began the “intern gig” liquidmatrix.org, people assumed I was male for a long time and I did not dissuade anyone of that. Women face challenges that men do not. As a “young male”, the intern was accepted by most. As an “old(er) female”, I was fairly sure people would view me with a more critical eye and dismissive attitude. Women often struggle to be taken seriously, I’d never been wholly accepted and with few exceptions @securityintern was a trusted entity. That was new for me and oddly satisfying. Having said all that, I have knowledge and insight to bring to the table. I’m also old enough to know that choosing battles carefully is a skill, almost an art-form, and which weapons to use in order to gain ground. New graduates don’t have that. Hopefully, someone(s) will find value in what I offer.
Q: How can people get a hold of you (e.g. blog, twitter, etc.)
Twitter: @securityintern
Email: infosecintern@gmail.com