(I meant to post this in January, but early 2021 was A Lot. Better late than never!)

Many of my 2020 goals were made irrelevant by the pandemic. “Exercise more while traveling”... oh my sweet summer child. What’s that saying about hindsight again?

Thankfully, one that stayed both relevant and achievable was “complete the Read Harder Challenge for the second year in a row”. Getting absorbed in a good audiobook became a prime coping mechanism in the face of the compounding stressors of These Uncertain Times. (Side note, can someone please write a covid pandemic-themed cookbook called “These Uncertain Thymes”? I’d crowdfund the heck out of that.) In more than a few cases, needing to finish a library audiobook before its due date kept me from doomscrolling.

When I could see that I was on track to finish the Read Harder Challenge way ahead of schedule, I gave myself an extra layer: for the challenge, read mostly authors whose work I’d never read. After all, the entire spirit of this reading challenge was to expand the realm of who and what I read. Nnedi Okorafor was the only author I’d read before, in the “last book in a series” category. I had seen Amal El-Mohtar speak at WisCon, and knew of Ruby Tandoh from “The Great British Bake-Off”, but hadn’t yet read their books.

One of my favorite discoveries to come out of this year’s challenge was the amazing amount of positive disability and neurodiversity representation that exists in romance, a genre I hadn’t read much. Helen Hoang is autistic and writes autistic protagonists in her novels, like Stella in “The Kiss Quotient”. In the second story in “Hamilton’s Battalion”, Coutney Milan writes a character who is strongly implied to have ADHD (though obviously it’s not labeled “ADHD” in the 18th century). After discovering Talia Hibbert via reading “Untouchable” – which has multiple characters with depression – for the “romance starring a single parent” category, I went on to pick up “Get A Life, Chloe Brown”, featuring Hibbert’s #OwnVoices portrayal of fibromyalgia.

Another revelation: the vast lineup of phenomenal sci-fi novellas in recent years! After reading “All Systems Red” last year, I continued devouring the Murderbot novellas, and years after being introduced to Nnedi Okorafor’s writing I read the “Binti” trilogy end to end. Even then, picking a book to designate for the “sci-fi/fantasy novella” category was a roll of the dice because I read four by authors who were new to me (the others were “Riot Baby”, “Upright Women Wanted”, and “The Deep”, all Hugo Award nominees).

As a testament to the lasting impact of expanding reading horizons, I also revisited a few authors whom I’d discovered thanks to last year’s challenge: Silvia Moreno-Garcia, Martha Wells,and Jacqueline Woodson.

My friend and I are going for a third year with the 2021 Read Harder Challenge! Watch this space. Hopefully before August 2022.

2020 Read Harder Challenge

1. A YA nonfiction book: All Boys Aren't Blue by George M Johnson

2. A retelling of a classic of the canon, fairytale, or myth by an author of color: A Blade So Black by L.L. McKinney

3. A mystery where the victim(s) is not a woman: Goldie Vance vol 1 by Hope Larson and Brittney Williams

4. A graphic memoir: Relish by Lucy Knisley

5. A book about a natural disaster: A.D.: New Orleans After the Deluge by Josh Neufeld

6. A play by an author of color and/or queer author: A Raisin in the Sun by Lorraine Hansberry

7. A historical fiction novel not set in WWII: Hamilton's Battalion by Rose Lerner, Courtney Milan, and Alyssa Cole

8. An audiobook of poetry: Milk and Honey by Rupi Kaur

9. The LAST book in a series: Binti: The Night Masquerade by Nnedi Okorafor

10. A book that takes place in a rural setting: Real Queer America by Samantha Allen

11. A debut novel by a queer author: Nimona by Noelle Stevenson

12. A memoir by someone from a religious tradition (or lack of religious tradition) that is not your own: We Have Always Been Here by Samra Habib

13. A food book about a cuisine you’ve never tried before: Eat Up by Ruby Tandoh

14. A romance starring a single parent: Untouchable by Talia Hibbert

15. A book about climate change: The Marrow Thieves by Cherie Dimaline

16. A doorstopper (over 500 pages) published after 1950, written by a woman: The Long Way to a Small, Angry Planet by Becky Chambers

17. A sci-fi/fantasy novella (under 120 pages): This Is How You Lose the Time War by Amal El-Mohtar and Max Gladstone

18. A picture book with a human main character from a marginalized community: I Am Perfectly Designed by Karamo Brown

19. A book by or about a refugee: The Map of Salt and Stars by Zeyn Joukhadar

20. A middle grade book that doesn’t take place in the U.S. or the UK: The Night Diary by Veera Hiranandani

21. A book with a main character or protagonist with a disability (fiction or non): The Kiss Quotient by Helen Hoang

22. A horror book published by an indie press: The Southern Book Club's Guide to Slaying Vampires by Grady Hendrix

23. An edition of a literary magazine (digital or physical): FIYAH Literary Magazine of Black Speculative Fiction (issue 13)

24. A book in any genre by a Native, First Nations, or Indigenous author: #Notyourprincess edited by Lisa Charleyboy

Other books I read

Fiction

• Akata Witch by Nnedi Okorafor

• Artificial Condition by Martha Wells

• Binti by Nnedi Okorafor

• Binti: Home by Nnedi Okorafor

• Bitch Planet, Vol. 1 by Kelly Sue DeConnick, Taki Soma, and Valentine De Landro

• Bitch Planet, Vol. 2 by Kelly Sue DeConnick, Taki Soma, and Valentine De Landro

• The City We Became by NK Jemisin

• The Deep by Rivers Solomon, Daveed Diggs, William Hutson

• Exit Strategy by Martha Wells

• Get a Life, Chloe Brown by Talia Hibbert

• Gideon the Ninth by Tamsyn Muir

• The Last Emperox by John Scalzi

• Magic for Liars by Sarah Gailey

• Mexican Gothic by Silvia Moreno-Garcia

• Red at the Bone by Jacqueline Woodson

• Riot Baby by Tochi Onyebuchi

• Rogue Protocol by Martha Wells

• Running by Natalia Sylvester

• Unexpected Stories by Octavia E Butler

• Upright Women Wanted by Sarah Gailey

Nonfiction

• An African American and Latinx History of the United States by Paul Ortiz

• Amazons, Abolitionists, and Activists by Mikki Kendall and A D’Amico

• Bad Feminist by Roxane Gay

• Everything’s Trash, But It’s Okay by Phoebe Robinson

• The Fire Next Time by James Baldwin

• The Fire This Time edited by Jesmyn Ward

• Gender Queer by Maia Kobabe

• Hood Feminism by Mikki Kendall

• How to Be an Antiracist by Ibram X Kendi

• I’m Still Here by Austin Channing Brown

• It’s About Damn Time by Arlan Hamilton

• March: Book 2 by John Lewis, Andrew Aydin, and Nate Powell

• Naturally Tan by Tan France

• Organizing Solutions for People with ADHD by Susan Pinsky (my only 1-star review of the year)

• Over the Top by Jonathan Van Ness

• Race for Profit by Keeanga-Yamahtta Taylor

• So You Want to Talk About Race by Ijeoma Oluo

• Technically Wrong by Sara Wachter-Boettcher

• Weapons of Math Destruction by Cathy O’Neil

• White Rage by Carol Anderson

My alarm goes off. I resist the strong urge to make it a lazy Sunday, though my larger cat makes a compelling argument by perching on my hip. A steaming plate of trash browns - tater tots loaded with bacon, queso, eggs, and peppers - awaits me at the end of a 9-mile group bike ride. After a week of invigorating yet long days at a local security conference, a Friday night out with former colleagues, and an ass-kicking pole class, my social battery is running a bit low, but the siren call of those warm cheesy tots lures me out of bed.

I pedal over to the coffee shop to catch the ride, breathing in the crisp 50-degree air reminiscent of those idyllic yet rare Midwest fall days. Instead of the autumnal scent of dried leaves, I catch a whiff of the Texas mountain laurels starting to bloom, their fragrance speaking of a winter that never came - and, oddly, artificial grape. Shit, I have not had nearly enough caffeine to be feeling this poetic about my adoptive city. As I approach Flat Track, catching a glimpse of Lady Bird Lake and feeling the sun on my face, one thought sticks in my head:

“First of all how dare the weather be this nice in the middle of January?”

Next weekend I’ll be back in the air… after an unusually high volume of travel this past fall, I’ve had six uninterrupted weeks at home and have savored every minute. Though I’ll never rid myself of the travel bug - staring at the scratch-off map on my wall and plotting future adventures always makes me smile - I feel less itchy since moving down here. (Well, except for that time I caught ringworm from a partner’s foster kitten - everything grows in a humid-subtropical climate, for better and for worse.) I just feel… comfortable in my surroundings. 

Nearly nine months in, I’ve barely scratched the surface of everything Austin has to see and do. If I’m craving interaction - a growing need in the evenings since taking a remote job - I can easily find ways to go be social or at least be around people even when those closest to me are busy. If I need time alone, I can be alone with the backdrop of breathtaking scenery. The constant urge to leave that would nag at me after a few consecutive weeks in A2 (and occasionally Madison) just isn’t a thing here, at least not for now. For a place with four months of temperatures that could be measured in Scovilles, that contentment speaks volumes.

We ride up and down the Shoal Creek path after posing with the giant grackle sculpture in front of City Hall. The slight incline as we head back east makes the subsequent trash browns taste even more delicious. Sated, I pedal home and slip into a tater tot and cycling-induced nap.

People have been asking me how Austin has been treating me so far. This is how. It’s good to be home.

Oh, and I got bitten by a fire ant back in September.

Back in the 90s, one of my dad’s cousins decided to switch careers and go to law school. She asked my dad, a seasoned legislative attorney, what advice he had for how to spend her summer preparing for the transition to law school life. His response? “Read novels.”

It wasn’t until I was in the thick of orchestrating my own career change into security that I realized how much my dad’s words rang true. While I’ve always been an enthusiastic reader, and would usually walk away from WisCon with a huge stack of books, my volume of reading for pleasure plummeted in the years when I was going back to school, hunting for a job, and then studying for certs while trying to wrap my head around a new role.

So when my friend Gail invited me to join her in tackling the 2019 Read Harder Challenge a year ago, I was thrilled. Here was an incentive to not only prioritize reading, on average, a book every two weeks, but to expand my reading horizons. 24 categories of books to read, with a notable focus on underrepresented groups, and an additive challenge rather than a restrictive one - I could still indulge my poorly-regulated attention span and read outside of the list. We’ve been keeping a spreadsheet of our respective progress all year long, and we both plan to take on the challenge again in 2020!

I’d read other books by a few of the authors on my list (Jo Walton, Neil Gaiman, Alan Bradley, and Mary Anne Mohanraj - and I’ve consumed a lot of Issa Rae’s screenwriting via “Insecure” and “Awkward Black Girl”), and a couple others had already been in my Goodreads queue (“Hidden Figures”, “Autonomous”) but over half of the entries on my list were books and/or authors I’d never heard of - I even took a few of my choices straight from their list of suggested books.

I read genres that were out of my usual realm: I rarely read true crime but I couldn’t put “Bad Blood” down. Despite growing up around shelves full of my dad’s Agatha Christie novels, I don’t often delve into cozy mysteries (the other mystery I read this year, “Head On” was anything but “cozy”, set in DC with an FBI agent protagonist and a violent opening scene). My grasp of Norse mythology had been mostly limited to Hemsworth and Hiddleston, so even a familiar author still introduced me to unfamiliar lore.

At its core, “read harder” is about exposure to new perspectives, broadening our understanding of the world. I can’t recall having ever learned Australian history in school, let alone from a wide range of indigenous writers via “Growing Up Aboriginal in Australia”. Addiction is rarely portrayed in an empathetic light, and rarely from the viewpoints of those with substance use disorders themselves; “Delicious Foods” took both of these a step further and made the addictive drug itself a point-of-view character. I’m very glad to have read the book “Hidden Figures”, having seen the movie - the movie warped the truths of the NASA women into fake white savior narratives, and falsely portrayed their husbands as roadblocks rather than partners.

Outside of the 22 books I finished for the Read Harder Challenge (there were 24 categories but I double-dipped twice), I read 11 other books this year, though I only finished 10 of those. With an hour and a half left on the audiobook, I unfortunately abandoned “Welcome to the Goddamn Ice Cube” out of self-preservation. Though I love the way Blair Braverman writes and can’t get enough of her sled doggos on Twitter, her depictions of her sexual assaults at the hands of her boyfriend hit way too close to home for me and I found myself inadvertently triggered for days. Books should make me feel uncomfortable from time to time - discomfort is an important part of growth - but when a book makes me feel unsafe it’s time to step away.

Life never did slow down - I moved to Austin in May, started a new job in October, and have been navigating turbulent family stuff all year. Having a tangible reading goal motivated me to carve out time for getting lost in a book and letting my brain recover from the chaos, whether reading to escape reality or to learn more about it. (Or both.) Read Harder 2020, here I come!

2019 Read Harder Challenge:

1. An epistolary novel or collection of letters: Between the World and Me by Ta-Nehisi Coates

2. An alternate history novel: My Real Children by Jo Walton

3. A book by a woman and/or AOC (author of color) that won a literary award in 2018: All Systems Red by Martha Wells

4. A humor book: The Misadventures of Awkward Black Girl by Issa Rae

5. A book by a journalist or about journalism: Autonomous by Annalee Newitz

6. A book by an AOC set in or about space: Hidden Figures by Margot Lee Shetterly

7. An #ownvoices book set in Mexico or Central America: Signal to Noise by Silvia Moreno-Garcia

8. An #ownvoices book set in Oceania: Growing Up Aboriginal in Australia edited by Anita Heiss

9. A book published prior to January 1, 2019, with fewer than 100 reviews on Goodreads: Silence and the Word by Mary Anne Mohanraj

10. A translated book written by and/or translated by a woman: My Lesbian Experience with Loneliness by Kabi Nagata

11. A book of manga: My Lesbian Experience with Loneliness by Kabi Nagata

12. A book in which an animal or inanimate object is a point-of-view character: Delicious Foods by James Hannaham

13. A book by or about someone that identifies as neurodiverse: The Reason I Jump by Naoki Higashida

14. A cozy mystery: A Red Herring Without Mustard by Alan Bradley

15. A book of mythology or folklore: Norse Mythology by Neil Gaiman

16. An historical romance by an AOC: The Prince and the Dressmaker by Jen Wang

17. A business book: The First 90 Days by Michael D Watkins

18. A novel by a trans or nonbinary author: All the Birds in the Sky by Charlie Jane Anders

19. A book of nonviolent true crime: Bad Blood by John Carreyrou

20. A book written in prison: Doing Time edited by Bell Gale Chevigny

21. A comic by an LGBTQIA creator: The Pervert by Remy Boydell and Michelle Perez

22. A children’s or middle-grade book (not YA) that has won a diversity award since 2009: Brown Girl Dreaming by Jacqueline Woodson

23. A self-published book: The Book of Ann Arbor: An Extremely Serious History by Richard Retyi

24. A collection of poetry published since 2014: Brown Girl Dreaming by Jacqueline Woodson

Other books:

• 100 Demon Dialogues by Lucy Bellwood

• The Collapsing Empire by John Scalzi

• The Consuming Fire by John Scalzi

• Crazy Rich Asians by Kevin Kwan

• The Five Dysfunctions of a Team by Patrick Lencioni

• The Geek Feminist Revolution by Kameron Hurley

• God Save Texas by Lawrence Wright

• Head On by John Scalzi

• The Manager’s Path by Camille Fournier

• Moneyball by Michael Lewis

• Welcome to the Goddamn Ice Cube by Blair Braverman (didn’t finish)

Warning, contains some swearing.

These are all actual questions that I’ve encountered as an interviewee for security roles, and they’re all ones that I avoid like the plague as an interviewer, as they not only rarely provide meaningful insight into what kind of coworker the candidate would be, but can be loaded with various flavors of bias.

What’s your greatest weakness?

I’m constantly afraid of dying! What’s yours?

I see that we’re still taking interview questions from dating profiles, and the answers you can expect from candidates will be every bit as disingenuous. Allow me to introduce you to my old friend stereotype threat. I have an immense amount of privilege, coupled with a dwindling number of fucks to give, and I’m still in a demographic whom much of society believes is naturally bad at computering. When I’ve got a stranger trying to assess my capabilities in 45 minutes, I’m unlikely to admit any weaknesses that play right into that hand. This question is also tiptoeing very close to probing for invisible disabilities, which you are most definitely not allowed to ask about. 

If you’re asking me this to see how I perform under pressure, all this shows me is that you, and by extension others in your org, have very little regard for psychological safety. Was the 8-hour bender of questions with my future hanging in the balance not “under pressure” enough?

My therapists, close friends and partners get to have a window into my actual greatest weaknesses. Occasionally I get super vulnerable on Twitter about things like having ADHD, dealing with financial insecurity during the Great Recession (it wasn’t that great), surviving a traumatic relationship in high school, and processing my dad’s death. Those topics are all highly inappropes for a job interview.

Do you have any security certs?

I have the GSEC, GCIH, and GCIA, which were free via a scholarship. In related news, I still can’t be in the same room as post-it tabs. I plan to let my certs expire, because that renewal fee is much better spent paying down my student loans. While I have no regrets about the time I spent earning the G-things, if they had cost me any money, I probably wouldn’t have any certs.

My question to you is: why do you care how I got the knowledge that I have?

I leveraged the educational resources that I had at my disposal and could conceivably use given my constraints of time, money, and location. The particulars of an educational path depend so much on an individual’s circumstances - being prescriptive about the one true correct way to learn about security gets us nowhere.

I would also bet cash money that if I’d said the words “Certified Ethical Hacker” you would’ve silently judged me.

What’s your favorite SIEM?

Slack. Yes, you heard me. You’re probably looking for exposure to expensive proprietary detection tooling that promises to be a single glass of pain, or something. The specific tools change (not to mention the specifics of the problems they solve), so why focus on tools rather than mindsets? As for the mindset: the process of combing through alerts and building automated response actions sucks, and the party-corgi emoji makes it suck less. Next question.

What does your home lab look like?

It’s my phone and it’s full of audiobooks. Here’s a thought: I spend my day immersed in security. When I have precious time and mental capacity to learn things after hours, maybe, just maybe, I want to learn about things other than security.

Plus, shit’s expensive. When I was going back to school, it took months for me to own a “home lab” computer - my old laptop didn’t have enough memory to run VMs or handle dual booting well. I was working so hard to get into security and felt demoralized every time someone would say “you really need a good home lab”.

Recite the cyber kill chain(™).

1. Breaches

2. Are

3. Never

4. This

5. Linear,

6. Assholes

7. (™)

Did you take apart your parents’ computers when you were a kid?

Ah, so this is an unstructured interview and you somehow managed to veer even further off-script from the infosec interview question list that you googled on your way in.

What you’re really asking is 1) whether my parents earned enough money to afford a computer when they were still really expensive, 2) whether I was confident enough in avoiding harsh consequences for breaking my parents’ expensive possessions, 3) whether you can bond with me over a shared childhood hobby - a sense of camaraderie which might cause you to gloss over my red flags.

My parents were civil servants; we never lacked food or shelter but didn’t live in the lap of luxury either. They both grew up working-class and generally approached expensive technology with the attitude of “we’re doing fine with what we already have.” We got our first computer in the late 90s, and at that point what I most wanted to do with it was play Epic Pinball and type up my stories using every font imaginable, with some artisanal late 90s clip art for good measure.

What port does ping use?

Look, fam, I already told you that I have a GCIA, so let’s assume that I know my ass from a hole in the network layer. If I didn’t know the answer, would that make me a bad teammate? I know you’re expecting me to use this question to flex my very impressive knowledge of rote security trivia that I have absolutely never used in a security job - or, if I fail the question, you get to feel self-important for knowing that ports are associated with the transport layer, congrats, you get a cookie - but can we please ditch this in favor of more interesting trick questions, say, what port does PingID use?

Can you write a fizzubuzz on the whiteboard?

Ma’am this is an Arby’s.

What do you do in your spare time outside of security?

Oy vey, lots to unpack here. We’ve reached the “culture fit” portion of the interview! This is where you get to ask all of those illegal questions without really asking them, like finding out my age or whether I have any dependents. Whether or not you realize it, you’re searching for someone who looks like you, favoring the candidates whose responses make you feel good - and the candidates who HAVE SPARE TIME. You love to hear about spare time consumed by side projects, travel, and quirky hobbies… not so much working second jobs to make ends meet, going through a messy divorce, caring for a sick parent, or desperately trying to recharge spoons due to a disability.

For my part, allow me to disappoint you. If you’d asked me this three years ago, I’d have told you that my free time was not free, it was quite expensive because I couldn’t work (and had no paid leave) while recovering from major surgery - and the pulmonary embolism that the surgery caused - so forgive me for not having the energy to do a CTF from my sick bed in between doses of painkillers. And now? You wouldn’t expect a thirtysomething to be mired in elder care, but it’s an increasingly soul-sucking part of my world and the phrase “personal IR” has become a staple of my lexicon. But hey, I don’t have any kids, so I can totally be on-call over the holidays.

Oh and I pole dance. Is that quirky enough?

Where do you get your security news?

Cue thinly-veiled over-indexing on “the community”. These days, in addition to Twitter I tend to get my news largely from coworkers and other people in the industry - which is a thing that you’ll probably like to hear, but is also an unfair advantage that newbies or those who don’t or can’t attend conferences or meetups are less likely to have.

I’ve made a choice to be very visible both on Twitter and at cons - the former was a matter of career survival when I lived in a city that lacked much of a security community, and now, well, a big part of my job is being visible on my employer’s behalf (not here though, this is just me talking). But I’ve had teammates who were much less entrenched in the security community and - spoiler alert - they were still very good at their jobs.

If you’re using this question to gauge my depth of knowledge in your problem space: I read your company blog about 15 minutes before this interview. Bear in mind that before my last gig, I had never even heard the phrase “zero-trust” and in short order I could confidently take off my analyst dress and put on my thoughtlederhosen* about it.

Where do you see yourself in five years?

Um. Apparently not working for you. 

What’s your current salary?

Okay yeah we’re done here.

*h/t @swagitda for introducing me to the word “thoughtlederhosen”

(Before you ask: I’m not switching jobs, just going closer to the office that has the tacos.)

“It just started quietly and grew”

You know how sometimes when you start to fall for someone, everyone around you knows it before you do? Your conversation constantly drifts toward them; you can barely contain your excitement at the mention of their name. I’ve lost count of how many times that’s happened to me with people, but this time, to my complete surprise, it happened with a city.

The signs were all there: my phone started autocorrecting “talk” to “y’all”. I found myself searching for excuses to take trips there and always came back feeling energized. And at some point, the amount of time I spent singing the praises of Wisconsin cheese curds and ice cream was overtaken by my apparently not so subtle cravings for barbecue and breakfast tacos.

2018 is the year I fell in love with Austin.

“I don’t feel all turned-on and starry-eyed”

I’ve been in Ann Arbor for about a year and a half, and I have zero regrets about having made the move. Coming to a city where I had never been before my interview and didn’t know anyone was a gamble, but it was absolutely worth it for my personal growth. I survived the move despite difficult circumstances and a crazy tight timeline (protip: don’t take a SANS course that runs till the day before moving). I had previously only lived away from Madison during college in Illinois and my study abroad in Mexico; coming to Ann Arbor proved to me that even when I love my hometown of Madison, I’m capable of living in other places and enjoying them too.

Ann Arbor broadened my horizons. Living here, I discovered my love of Korean food and session mead, rediscovered my love of craft beers and a high-quality cup of tea, and took up cardio drumming and pole dancing. I have a coffee shop and tea shop where I walk in and they know my name. Above all, I got to have a job that it feels like I’ve been in for far longer than a year and a half just by the sheer amount that I’ve learned and gotten to accomplish. I’ve met so many amazing friends and discovered new passions through the job that brought me to Ann Arbor.

But I’ve also struggled to find my stride here, in a very “it’s not you, it’s me” way. Living here has always felt strangely temporary, like I’ve just been away at college again. There are things that I’ve missed more than I thought I would, like walking out of my apartment into a vibrant neighborhood, going to concerts, and riding my bike (I haven’t even bought a bike in A2 because the bike infrastructure leaves much to be desired). Being on the edge of multiple lake effect weather regions means way more cloud cover than I expected, which takes a toll on my mood in the fall and winter. Outside of my coworkers, I’ve had trouble figuring out how to insert myself into what feels like a very insular community. Weekends can get pretty lonely. Plus, some of the friends I made in Ann Arbor have since moved away - including a few who’ve landed in Austin.

Ann Arbor has a lot going for it and I wouldn’t rule out coming back someday. But this year, as I worked on trying to establish routines and figure out where I fit in here, my attention started to shift.

“I just feel a sweet contentment deep inside”

In March, I spent a week working from our southernmost office - my second Austin trip of the year, and my fourth time in Austin overall. The first couple days of the trip coincided with the culmination of the tragic serial bombings. While I was upset by what was happening, I also didn’t want to leave. I felt a connection to the community that was refusing to let hate win.

In spite of the turbulent situation, you still couldn’t wipe the smile off my face at the end of the week… a friend later referred to it as my “happy Austin glow”. Getting up early every day to take a leisurely walk across Lady Bird Lake into the office with Jo’s Coffee in hand and the sun on my face just felt natural. (I even saved the punch card from Jo’s just in case I came back.) I didn’t have a name for those feelings at the time; I just chalked them up to my love of travel and excitement over spending time with my Austin coworkers.

“Growing stronger”

As my team had its first Austin hire in April, and then as three people in my life, including another teammate, prepared to move to Austin in June and September, I found myself having more conversations about Austin. Apparently I have a terrible poker face because I’m told that I would light up whenever I talked about it. It wasn’t until I went back down to speak at LASCON in October that it dawned on me: being in Austin didn’t feel like being away from home. Did I mention that you literally couldn’t drink the water that week? That should’ve made any sane person want to nope right out of Texas, but I stood in the rain, snapped a photo of the disgusting chocolate river, and knew that this too would pass.

In the two weeks between LASCON and my next Austin trip to onboard a new teammate, I had tea with a very wise work friend and got the question I’d been wanting to hear but had been afraid to pose to myself: “You talk about Austin a lot - have you ever considered moving there?” Boom. Clocked.

Throughout my week in Austin in November, I started reaching out to various coworkers asking about the city, both those who’d been there for a while and recent transplants. I also consulted with my relatives who’d been in Austin since Lady Bird Lake was Town Lake. I think that I was searching for permission… having only ever moved for school and work, I didn’t know how to navigate moving for myself. As I was enumerating all of my reasons for being intrigued by Austin to a close friend, she put into words exactly what I’d been feeling: “You’ve already made up your mind.”

When I returned to Ann Arbor, I told my manager and director that I was considering moving to Austin. Neither one of them was the slightest bit surprised.

“Warm and wilder”

So what am I excited about? ALL THE THINGS! The abundance of live music, biking, walks along the river, a thriving tech community… actual taco trucks on every corner. The list goes on. Even before I left Madison, I found myself wanting the pace of a bigger city - and Madison is more than twice the size of Ann Arbor. There are elements of Madison that I’ve missed that Austin has, like lots of green space even in urban areas, and that infamous “weird” vibe; at the same time there are things that Austin has to offer that I lacked even while living in Madison, like more diversity and any kind of cohesive infosec scene. Austin seems to strike a good balance for me of being big enough to satisfy my needs without me feeling like I’ll be swallowed up. There’s something remarkable about a big city where you can still see the stars at night (and yes they are indeed big and bright… clap clap clap clap). I nearly teared up in November when I saw the Leonid meteor shower from downtown.

I’m looking forward to more sunlight and milder winters. For someone who has to work significantly harder during cold cloudy winters to maintain the same baseline mood and energy level, having the shortest days of the year be the ones where I can be the most active outdoors might do me some good. This may sound trivial, but I also can’t wait to be back near water. I noticed that I missed it during college too, when suddenly I went from an isthmus to the Illinois cornfields. In the nine years that I spent in Madison after college, I never lived more than two blocks from a lake (in other news, my older cat is now really good at killing spiders)… bodies of water were always woven into my routine and my identity in many ways.

I recognize that there’s no perfect city. Austin has some of the worst traffic in the country, summers hotter than the ninth circle of Hell, and significantly creepier bugs than the Midwest. It has all of the growing pains you’d expect from a city undergoing a population explosion. I’m open to the possibility that living in Austin will feel very different from visiting, as well as the possibility that I’ll grow apart from it one day. Yet I find myself drawn there right now… just as with any job or any relationship, compatibility is largely a matter of finding the imperfections that you can accept. To quote Rent, “I’m looking for baggage that goes with mine.”

That brings me to the biggest reason of all for moving to Austin, and the hardest to quantify: I feel a sense of belonging. That’s worth listening to.

“Getting better everyday”

I won’t have an exact timeline until I have a place to live, but I’m aiming toward sometime in the spring - after SxSW and before the weather gets to “punched in the face by an angry flamethrower” levels of heat. I’m hoping that giving myself a few months - instead of the few weeks that I had last time - will ease at least some of the inevitable moving stress. While I’ll miss my Ann Arbor team, my Austin coworkers have already been incredibly welcoming. I feel very lucky that I’ll able to move to a city that I’ve been gravitating toward for a long time without having to look for a new job in order to get there. I’m grateful for my time in Ann Arbor and now I can’t wait to embark on my new adventure.

Hold onto your ten-gallon hats, ATX - I’m coming home.

(Song lyrics: Mama Cass, “It’s Getting Better”)

People occasionally ask me how I keep track of CFPs, talk ideas, and past presentations. Your mileage may vary, of course, so I want to share what’s currently working for me and why, with the caveat that, as they say, the best project management tool is the one that you will actually use.

Most of my public speaking tracking lives in a spread in my bullet journal. I used to use a kanban board for tracking conference talks, but found that that didn’t offer a good way for me to properly capture things that weren’t directly in scope of the project of writing and delivering a single talk (such as my higher-level speaking goals or upcoming CFP dates). Starting from a blank page lets me strike a balance of structure and flexibility, and having everything in one place helps with attention management. Plus, it gives me an excuse to play with fancy fountain pens. The fields in my current spread are as follows:

Strategic goals

These aren’t specific talk ideas, but rather values that drive why I speak: what I want to get out of the speaking experience for myself, what I want to share with others, what I want to accomplish. Spelling all of this out helps keep me focused when I have too many disparate ideas bouncing around in my head, and also helps recenter me when I feel like I have no ideas. When speaking on behalf of work, it can also be helpful to figure out how to align some of these with the mission of your team or the larger organization. I try to keep in mind my various audiences too - what problems am I trying to solve when I build a presentation for a room full of security professionals vs a non-security audience, or for a group of colleagues vs a non-work setting?

Idea backlog

Occasionally, in a wave of ADHD hyperfocus I get an idea for a talk, grab a pen and churn out a draft immediately. But more often than not, talk ideas take a while to percolate. I needed a place to store the half-baked talk ideas that came to me in the shower or on a long walk that I haven’t yet had time to fully flesh out. As with any good backlog, it gets groomed regularly - if something’s been sitting in there for a while, eventually I evaluate whether it’s still interesting or relevant to me and decide whether to drop it or try to develop it into a talk proposal.

Potential venues

Mapping a talk idea to the right venue is one of those topics that only seems to come up in the wake of a talk being rejected (I’m currently drafting another CFP-related post on finding a venue when writing a talk proposal). So as I attend various security cons and hear about others from friends, coworkers, and the Twitterverse, I try to make a note of which ones look intriguing based on my strategic goals and idea backlog, as well as what time of year they typically run so that I’ll know when to keep an eye out for their CFP opening. Also on the list: some non-security conference venues that might be open to security content - tech meetups, developer cons, libraries, even some sci-fi cons (I was on a security 101 panel at the feminist sci-fi convention WisCon in 2017!).

CFPs in flight

When I hit “submit” on a talk proposal, I don’t want to lose track of its state. So I record the talk title, the conference I submitted it to, and an empty checkbox, to be filled when I know whether I’ve been accepted. This can be particularly useful for proactively balancing your workload when you feel inclined to apply to a large number of conferences… I’ve seen too many people lose sight of how many proposals they’ve submitted, only to have every single one of them accepted. And, as I advised a friend this summer, when you’re prepping multiple talks, the stress is multiplicative, not additive.

One addition here that I plan to put into future iterations: the date when applicants will be notified of acceptance or rejection. Not all conferences list this, and not all meet their deadlines, but it never hurts to have a general sense of when you can expect to hear back - it frees up mental bandwidth till then to worry about other things!

Speaking logs - work and external

This is where I write down every time I speak. I track the talk I gave as well as the date(s); for external presentations I also list the venue. Even though the presentations that I give at work are almost never public-facing beyond my coworkers, they’re still time spent speaking in front of a crowd. I presented 50 (!!!) times this year, 43 of which were at work - logging all of that speaking time at work made me a much stronger presenter.

Writing down all of the times I’ve presented also helps combat the ever-present impostor syndrome. Much of the work that I find most fulfilling - teaching, mentoring, communicating security - is work whose impact is often hard to measure; when I worry that I haven’t been doing enough, it helps to have evidence to the contrary written in the notebook that I carry around every day.

For a future version: milestones and timelines

Every talk, from the initial idea to the live presentation, is a project with predictable milestones, such as writing an outline, building a slide deck, checking the A/V setup with the venue, and doing dry runs. While I currently capture some of this ad-hoc when writing out weekly tasks, it will become more of a repeatable process in my next bullet journal. I also want to work in some timing; everyone has varying opinions on how far out to prepare for talks, but I can say with certainty that hitting all of the milestones 24 hours before you go live is never a good idea. (Not that I would know anything about that, of course…)

Make it your own

My system of tracking public speaking is always a work in progress, but this is its current state. If you do a fair amount of public speaking - or would like to - definitely consider exploring tactics to organize it all in a way that works for you. Happy writing!

Between gearing up to co-chair CircleCityCon’s CFP, and working on a panel submission with a couple of first-time CFP submitters, this month’s program has been brought to you by the letters C, F, and P. (CFP = call for papers or call for proposals, depending on who you ask. Applications for speaking at a con.)

In the two-ish years that I’ve been volunteering for infosec cons (in various capacities), I’ve come across many would-be presenters who feel intimidated by the process of developing a talk and submitting to a CFP. Often times, anxiety is fueled by uncertainty. So I want to do my part to try and demystify the CFP process. More posts will follow, but for now, let’s start with the absolute basics: defining the main components of a CFP submission.

(By the way, if you’re not yet convinced to speak, I recommend reading Snipe’s post “Why you should stop stalling and start presenting”. For a good panel talk that covers a broad range of CFP prep topics, watch “CFPs 101” from BSidesLV 2016.)

When I was developing my first talk ever for the BSidesLV Proving Ground track in 2013, my presentation mentor Javvad gave me advice that’s stuck with me in every subsequent CFP: “Create an engaging story.” The way you structure and deliver your content matters, whether your medium is comedy, thriller, sci-fi, or musical theatre. Your talk’s title, abstract, and outline are the building blocks of your story. (As are your slides, but that’s another show.) Your bio adds context for your perspective as the storyteller. Each conference may have slightly different expectations (follow their directions!), so tailor accordingly.

Title

This isn’t academia -- keep it short and to-the-point. If the title isn’t descriptive, make damn sure your abstract is. Tying in humor or a pop culture reference is fine, but know that certain references have been done to death in presentation titles. Expect some reviewers to side-eye a talk titled “_____ for Fun and Profit” or “_____: How I Learned to Stop Worrying and Love _____”.

Biography

Of the four main components of a CFP, THIS IS THE ONLY PLACE WHERE YOUR NAME GOES. There’s usually a word limit of around 100 to 250 words. This can be a good place to include “cred” for why you’re qualified to speak on your topic; it’s how you introduce yourself to attendees who are unfamiliar with your work. However, because many CFP committees do blind reviews, don’t expect your bio to be the deciding factor in your acceptance -- your outline and abstract should demonstrate your credibility without referring to you by name.

Abstract

This comes from academic papers; it’s the TL;DR of your talk. An abstract is a paragraph or two (usually less than 250 words) that sums up the main points of your talk and, more importantly, draws your audience in. I’d recommend doing at least a draft of your outline before tackling the abstract -- that way, you know what you’re summarizing. You’ll probably be word-limited, so find ways to be concise. “We are planning to have a discussion about” easily becomes “we discuss”. Remember that an abstract is supposed to be just that: abstract. Don’t go into specifics.

Detailed outline

The skeleton of your talk, in the form of a bulleted or numbered list with sub-sections. Four or five lines is not sufficient -- make it granular. While complete sentences aren’t usually necessary, one or two words per line doesn’t say much. Reviewers aren’t mind-readers; we should be able to look at an outline and get a good feel for how your talk will flow. Furthermore, since you probably have knowledge in an area that not all of your reviewers will be familiar with, someone who’s not a subject matter expert should still be able to understand what you’re saying.

Even if a CFP doesn’t ask for an outline, it’s good to have one drafted by the time you submit. Strategizing how you want to structure your talk is time-consuming, so do the hard work early on… your future self will thank you. Bonus points if you include a time estimate for each section.

Based on the CFP submissions I’ve reviewed in past years, people perennially struggle the most with the concept of the outline. It occurred to me that many people lack a frame of reference -- unlike the abstract and bio, which are published on conference websites, most people never see anyone else’s outlines. So as an appendix, below I’ve written up a sample outline of a very familiar story.

In conclusion

Being able to construct the basic components of a CFP doesn’t guarantee you acceptance (particularly in very established, competitive cons), but it will take you a great deal of the way there, and like anything else, it gets easier with practice.

Stay tuned for a sequel.
 

Soul Asset Management in Nihilistic Rock Suites

1) Introduction: Real life vs fantasy (1 minute)

-Overview of the problem

   -There is a landslide

   -Reality cannot be escaped

-Actions prior researchers have taken

   -Opened eyes

   -Looked toward skies

-My background

   -Poor boy

   -No sympathy needed

   -Easy come, easy go

   -Little high, little low

-Main points of this talk

   -Previous research assumed that wind direction was statistically significant

   -(Side note: See, for example, "Blowin' in the Wind" (R. Zimmerman, 1962), which posits that answers correlate with wind direction)

   -My findings reveal that nothing matters, regardless of wind direction

2) What happened in my research (2 minutes)

-Killed a man via cranial gunshot wound

   -Additional detail: discarded a life that had just begun

   -Unintended consequence: caused Mama to cry

   -Call to action restating main point: nothing matters; continue course of action

-Medical side effects of time coming

   -Spinal shivers

   -Constant body aches

-Next steps

   -Leaving the audience behind

   -Facing the truth

-Disclaimer: while I don't want to die, I occasionally wish to not have been born

-Live demo: Guitar solo (will provide a backup demo recording)

3) Dealing with the aftermath (1 minute)

-Key stakeholders bidding for soul

   -Scaramouche: a little sihouetto of a man

   -Fandango: thunderstorm conditions causing fright

   -Galileo: Galileo

   -Figaro: magnifico

-Soulholder rebuttal

   -As stated in the intro, I am merely a poor boy

   -Additional information: nobody loves me, and my family is poor

   -Rules of monstrosity state that life should be spared

-Introducing new stakeholders and their challenges

   -Bismillah: refuses to let go, despite soulholder requests

   -Beelzebub: handling allocation of devils

4) Limitations (1 minute)

-What you can't do

   -Stoning

   -Ocular spitting

   -Loving and then leaving for dead

-Steps to overcome the limitations

   -Just get out

   -Get right out of here

5) Conclusion (1 minute)

-Reiteration of main takeaways

   -Nothing matters - by this point, audience should be able to see this

   -Wind direction also does not matter

 -Audience Q&A

2016 was a milestone year for me: I landed my first job in infosec. A real live security internship. A new world opened up for me, and at the same time, as I started to settle into my brand new role, I couldn’t help but get the feeling, “Hey, I’ve done this before”.

As I mentioned in Part 1, and in my un-talk at CircleCityCon, broadcasting the fact that there are countless paths to a security career will help bring in more people with a wide variety of life experiences. This is glossed over way too much in the way hackers are presented to the world -- prevailing narratives frame us as having special l33t skillz that no one else has. Some of it I’m sure is internally-generated -- I think that some people who have only worked in one field perceive their job’s processes and learning curves to be unique to their industry. But those of us who started in other fields bring knowledge and skills from our “past lives” that are not only incredibly transferrable to infosec, but often lacking in the current infosec workforce.

So where did I come from? Hi, my name is Kat, and I’m a recovering political staffer.

When I graduated from college, I wanted to work in politics, having already put in a lot of thankless volunteer work during previous elections. I brought a solid writing background, a knack for doing independent research, and a healthy dose of cynicism -- plus, it was an election year and it seemed like a good idea at the time. Over the course of the next few years, I worked both on the campaign side (finance and fundraising, more specifically) and the legislative side, working my way from page to legislative aide. However, in addition to it not being a great fit for my personality, the job market was limited and incredibly volatile. After my and several others’ jobs disappeared as a result of an election, I decided that politics and I should see other people.

It was a couple more years before I got the idea to learn how to code (if you’re curious, it was Ruby, and there was a lot of nervous crying), which led me to “I’m not a dev, but this tech stuff is interesting. Hey, this security stuff is really interesting. But all of the security people have been hacking since childhood, so I guess maybe I’ll try to get a non-tech job at a tech company.” I had gone to a few security cons, speaking and volunteering but feeling like I didn’t have a real claim to be there. I was legitimately embarrassed by my resume. A turning point was watching Eve Adams’ and Johnny Xmas’ presentation at DerbyCon in 2014 -- all about how to break into infosec from other fields. As I re-watched that presentation, and as I started to meet more people in security, it started to sink in that I was not a blank slate.

Though most of my technical knowledge is a few years old at most, I -- without realizing it at the time -- built up an arsenal of skills during my days as a political staffer. Among them are:

Communication with diverse populations: I wrote a lot of words, and I spent a lot of time on the phone with strangers whose lives were vastly different than mine, many of whom hated everything I stood for. Being a legislative staffer is simultaneously behind-the-scenes and very public-facing: I made thousands of constituent contacts without having my name attached to any of the correspondence. Security work can be similarly invisible-yet-impactful, and the sheer amount of communication that security work requires can’t be overlooked. Whether you’re a pentester writing a report, an analyst responding to a user, or a manager justifying your budget to the C-suite, we are tasked with communicating security to those who are not in a security state of mind. The ability to understand the viewpoints and values of others and get our message across accordingly is a vital skill for promoting better security.

Staying current: This is a skill that often gets downplayed compared to other non-tech like writing, teamwork, time management, etc. I don't think it even fully occurred to me to label it a job skill until I started interviewing for tech positions, when the question of how I kept up with infosec news reliably came up. Political staffers would religiously read feeds like WisPolitics and the Wheeler Report the way security professionals would with threat intelligence feeds. Twitter wasn’t very big yet when I left, but I’d imagine that nowadays every legislative and campaign team has eyes trained on Twitter as much as any security team. Working in politics got me into the mindset of seeing a news release, evaluating how it affected our environment, and figuring out what actions to take as a result.

Working under pressure: I would invite anyone who thinks that “soft skills” come easily to spend a day answering the phones for democratic leadership in a conservative state during budget season. Or work on a campaign when you know that the political winds are not in your favor. Being able to keep a clear head and triage when it feels like everything is imploding is not an innate skill -- it takes practice, as well as a fair amount of desensitization. And it’s a vital infosec skill, particularly for those in areas like incident response. As they say, it’s not a matter of if your organization gets breached, it’s a matter of when. My political work wasn’t glamorous, but it prepared me well for keeping calm and carrying on in security. (Well, most of the time.)

Politics to infosec may seem an odd path, but many others have found ways to connect their past work to their practice of security. If we hope to move forward as an industry, we need to make more of these connections. Security affects everyone in the world, therefore we need to bring in perspectives from all kinds. Homogeneity does not serve us well.

Coming into security with a background in another industry doesn’t show that we’re indecisive or lacking dedication -- it shows that we’re adaptable, and that even if we didn’t get it quite right on the first try, we’ll keep hacking harder.

This is more motivational-speaker than I usually go, but for the sake of those who are new to being in front of an audience, I wanted to document this as a way of saying, "I survived, and so will you". 

I've been a performer for as long as I can remember. I grew up doing theatre, music, and occasionally (terrible) dance. Though I'm newer to public speaking than the performing arts, I've now presented seven times at security conferences, served on several panels at the sci-fi convention WisCon, and taught lockpicking to groups of strangers. I'm far from perfect at any of these, but I've had years to learn a thing or two about stage presence.

Last Friday at CypherCon, midway through my talk -- a talk I've successfully given before -- I had a panic attack onstage.

I'm no stranger to anxiety (though I manage it infinitely better than I used to); people who saw me earlier that day can tell you how shaky I was. The perfect storm had been building: I came to CypherCon having just taken three midterms that week. I was letting myself get psyched out by my timeslot (sandwiched right between the keynote address and Johnny Xmas and Lesley Carhart's talk). The room was loud, which made it hard to deliver a talk that had audience engagement built in. However, I was completely not expecting something of this magnitude to happen, so public. As I bolted from the room, guilt and fear of the consequences immediately overtook my original presentation anxiety... what if the organizers hated me for not finishing? What if people thought I was just doing this to grab attention? How was I supposed to be a BSidesLV Proving Ground mentor this summer if I couldn't even get through my own talk? Why were people coming out into the hallway and being nice to me? Panic became the loudest voice, and it took a while for me to calm down.

On Saturday, though, something else happened that I wasn't expecting: The feelings of suckitude pretty much went away. I didn't dwell on my failure the way I thought I would. I got up and enjoyed the rest of the con. Friends checked in on me to make sure I was okay, and I surprised myself that I actually was okay... once the panic died down, I knew logically that people had survived worse, and this didn't signify the end of my ability to present at future cons. When I got home I decided to submit the talk to the CFP for CircleCityCon so that I could maybe have another go at sharing it. 

This is where I think practice with being in front of an audience helps tremendously. It leads to more opportunities to fail, and more opportunities to practice recovering. I've survived (to name just a few) my video dying during my SkyTalks presentation, botching a Brandenburg Concerto in a solo/ensemble competition, and saying "fuck" onstage at a voice recital. Weathering those smaller public-facing setbacks made it easier to weather a large one.

We try to get all of our failures out of the way in a private, controlled environment so that we'll be flawless by the time we're presenting in public, but it doesn't always work that way. The way to build resilience is to fail forward and fail repeatedly until it becomes mundane. Whether the demo gods are smiting you, or your neurotransmitters pick that exact moment to kick you in the ass, whether you're a first-time presenter, or you've been onstage for the better part of three decades, things can go south in unanticipated ways. When that happens: Recognize that it happens to everyone. Cry. Have a drink and a hug. Then get back up. Rinse, spin, repeat. The world won't end.

A few things prompted me to finish this post, which has been in draft form for months: 1) My presentation “Hacking Our Way Into Hacking”, about infosec latecomers, was accepted to CypherCon in Milwaukee (I originally presented it in BSidesLV’s Underground track); 2) Infoperspectives published an excellent, very comprehensive post on the state of women in infosec, which ended with an inspiring quote from Cheryl Biswas about mid-career women coming to infosec; and 3) I keep going to conferences and coming back with ideas, and I think I finally reached a critical mass of half-baked blog post drafts after GHC -- it was time to dust off the dormant blog.

An important part of getting new people into security is showing that there are many different paths to get here. Public perceptions have the power to bring people in or drive them away, regardless of the underlying reality. And as someone who didn’t start out in security or even in tech at all, I spent a long time fearing that I’d missed my chance to work in a technical job, thanks to the narrative that all good hackers started as kids. (It wasn’t entirely inside my own head -- various folks suggested that I should be an office manager or technical writer instead.) It is telling that just searching “too late” on the learnprogramming subreddit yields so many results. We need to change the narrative: there is no “too late”, and our pre-infosec pursuits were not wasted time. I want to elaborate on how I bring knowledge from my “past life” to infosec. I’m working on additional posts about my past employment. This one focuses on my undergraduate education.

(Side note: This is not about the value of formal education vs. other educational methods. There is plenty of good discussion on that topic, and it’s certainly a discussion worth having -- it’s just not germane to this particular post.)

While my BSidesLV iteration of “Hacking Our Way into Hacking” wasn’t recorded, I’ll share part of my introduction from that talk, where I describe my undergrad experience:

“I really started to tap into my passion for trying to solve fascinating and challenging problems, deconstructing things to see why they did what they did, taking time outside of class to self-teach, questioning authority, staying up late banging my head against my laptop. Pretty typical hacker story, right?

“Wrong. I majored in gender and women’s studies.”

At first glance, the jump from gender and women’s studies to security seems like a non sequitur. However, I love finding connections in unexpected places, and while I certainly didn’t declare my major thinking “when I grow up, I want to work in infosec!”, I owe a great deal of my security brain to my gender studies education. After all, deconstruction knows many forms. Here are a few common threads that I’ve brought with me from gender studies to my security education (and, if all goes well, my eventual security career).

Critical thinking: Asking questions and being willing to seek out information carried more value than knowing all the answers (a welcome change from high school!). This definitely mirrors security -- any degree of troubleshooting or researching requires being comfortable with open-endedness and willingness to be wrong. But more specifically, gender studies taught me how to think critically about systems and power structures. Understanding the players, their dependencies, and what they could gain or lose featured prominently in gender studies, and it features prominently even in my introductory-level security classes. Analysis of power structures seems particularly important for those going into security policy, compliance, or any kind of project management.

Breadth: One of the things that attracts me to security also attracted me to gender studies: the interdisciplinary nature. I like learning about many different things -- it gives me a fuller picture of the world around me. Gender studies, more than a discipline unto itself, is a lens through which to study anything from psychology to history. Similarly, security exists in every level of computing (networks, systems, applications, etc.), and even beyond the bounds of hardware and software (social engineering, anyone?). It’s important to understand the pieces of the puzzle and how they fit together, even if not all of the pieces are our particular domain. Which brings me to...

Empathy: Gender studies programs were developed to bring in perspectives that were missing from college curricula. My own program exposed me to viewpoints that I might not have otherwise come across; it also gave me the chance to discuss them with other students, further broadening our understanding. It wasn’t always easy. There were times throughout my gender studies coursework when I was genuinely uncomfortable because I had to confront my own privilege, and other times when I was uncomfortable simply because I had to question what I had always known to be true. Empathy breaks us out of taking things for granted, and when we move beyond a singular perspective, we become better problem-solvers. Security needs empathy. Since the systems being secured are used by so many different kinds of people, it’s vital for those designing, testing, and maintaining those systems to be able to recognize the validity of other worldviews.

I’m just one person, but I’m hardly the only person in infosec with a non-STEM degree. (I’m not even the only person in my netsec cohort at school with a non-STEM degree.) We’re everywhere. We all apply aspects of our past education to our security practice in different ways, and having a variety of foundations upon which we build our technical skills is absolutely a good thing.

If technologies are a reflection of the societies in which they’re developed and implemented, then there is merit to studying societal patterns. If our machines are only as secure as the people who use, build, break, and fix them, then there is merit in studying people. If technology is integrated into every facet of our lives, then there is merit in studying many different facets -- philosophy, music, literature, art history, sociology, and yes, gender studies.

Or put another way: until the robot overlords come and humans leave the equation, all majors have a place here.

2014 has been a year completely devoid of dull moments, to say the least, and as a result, this blog has been too long neglected. Stay tuned for updates within the next few weeks.

Welcome to the inside of my head! 

After much heel-dragging, I've finally joined the rest of the world and set up a blog and personal website.  (Let me apologize for the Spartan surroundings -- I'm still in the process of tweaking the page styles.)  While in the past I've been somewhat shy about having an online presence beyond Facebook and Twitter, this is a logical next step, and one that I'm very glad to be taking.

Now that the site is up and running, expect plenty of posts about life, work, and other random-ass things that I may be thinking about.  And, in a few days, an announcement most unusual... ;-)

Thanks for reading!