For the latest installment of Voices from Infosec series, Breaking Badness regular Tim Helming (@TimHelming) and Kali Fencl (@kalifencl) spoke with Tracy Maleeff about her background and passions within infosec.
This episode of Voices from Infosec is with none other than Tracy Maleeff aka @InfoSecSherpa on Twitter, Mastodon, and Bluesky! Tracy is the Principal of Sherpa Intelligence LLC and brings a wealth of knowledge and experience to the community.
We’re excited to share her path to infosec along with a few key moments we’re sharing here in the show notes, but please take a listen to the full episode for the unabridged conversation.
How To Start Your Infosec Career
On an initial discovery call, Tracy shared that there’s probably a lot of folks that know about her transition from being a law librarian to working in infosec, but as Kali is newer to the industry, she wasn’t familiar with that story, and was still eager to hear it.
Those thinking of a career in infosec might wonder if their current skill set is applicable, and the good news it most likely is. Tracy discusses how she just knew that her skills as a law librarian could apply to infosec. However, it wasn’t just those skills, but it was also having an interest in tech and the curiosity of pushing that interest further.
Of course, anyone looking to make a career change should note there will be some work that has to be done along with understanding how your current skills apply. Tracy notes that for a year and a half, she immersed herself in courses, podcasts, meet-ups (including the Women’s Society of Cyberjutsu), conferences, and more to learn everything she could before landing her first Security Operations Center (SOC) position.
The Importance of Empathy Within Infosec
While it’s not everyone, there is a certain amount of shaming and blaming users within the infosec community for clicking on phishing links, falling for a voice phishing (or vishing) scam, and more. The problem with that is, if those in infosec are unapproachable, users will not feel comfortable reporting what they have seen or experienced, which results in losing time to rectify a situation.
Tracy discusses how taking a humanistic approach will, in the long run, mean less work needs to be done. Defenders need to consider that users are the first line of defense; they are the extended eyes and ears of security, and should be seen as such, rather than as a liability.
While Tracy has seen some positive changes in the past few years, it’s still an uphill battle to encourage the infosec community to adopt this mindset, but she will continue to employ humanistic responses in her work and encourage approachability.
Infosec and Improv
We talk with Tracy about the benefits of trying improv comedy as people working within infosec. Tracy has done a few improv classes with her infosec colleagues and found so many correlations. When you’re troubleshooting, you don’t always know what you’re working with, but when you gather data from others, it can form a fuller picture.
When doing improv, there’s quite a bit of agreement and trust that needs to happen in order for a scene to work. The same can be said for infosec and cybersecurity: you’re only as good as the information you get, so you need to be open to new ideas and have a willingness to listen to one another. Doing so on an improv stage will mean the scene is coherent as well as hilarious. In infosec, it means faster time to a solution, which better protects an organization.
Fellow Hungarians
We like to talk to our guests about their outside interests and experiences, and something came up while Tracy and Kali connected to arrange this podcast episode, which is that they are both of Hungarian descent! Tracy correctly placed Kali’s surname and the rest is history.
This episode concludes with Tracy’s family stories on why they decided to leave Hungary, the circumstances in which Tracy traveled back, and her Hungarian penpal. And of course, we can’t talk about Hungary without mentioning all of the wonderful foods that go along with it.
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
