"The Only Winning Move Is to Hack: Playing Capture the Flag to Learn Security", The Recompiler, Issue 3
"We're Not Second-Class Students", Medium on behalf of the Anita Borg Institute
How to Build, Measure, and Scale Your Security Engagement Program, on behalf of Duo Security
Podcasts and interviewS
Working on a Corporate Security Team at Duo, CyberSecJobs
CFP Success (Episode 30), Advanced Persistent Security podcast
"Women in Information Security: Kat Sweet", The State of Security (Tripwire)
"Rethinking Role-Based Security Education"
LASCON, October 25, 2018
DEF CON Packet Hacking Village, August 10, 2018
How do we scale a deeper level of security awareness training without sacrificing efficacy? This talk will explore strategies and tactics for developing security education based on employees’ roles, access, and attack surface while designing not only for efficiency but also for effectiveness. By prioritizing the highest-risk teams, pooling teams to collaboratively threat-model, and contextualizing universal truths of security hygiene to those threat models, we can deliver training that leverages employees’ roles, fosters retention via active participation, and eases the burden on trainers within the security team. Attendees will walk away with a roadmap for building scalable, contextual, and collaborative role-based employee security education within their organizations.
"Using Lockpicking to Teach Authentication Concepts"
BSidesLV, August 8, 2018
When we teach security, we often face challenges in conveying our knowledge to a non-security audience. Ideas such as authentication bypass, password uniqueness and complexity, and defense-in-depth are abstract and can be difficult to grasp for those who aren’t already well-versed in the language of security. We need novel approaches to teaching security that go beyond language.
Driven by the educational theory of embodied cognition — using hands-on, concrete metaphors to build a better understanding of abstract concepts — I explore teaching lockpicking alongside teaching authentication and security concepts. As security professionals, we deal largely in abstractions, but experiencing physical representations of those abstractions helps solidify understanding of them, both for us and for end users.
"Intro to CFP Writing"
HOPE, July 20, 2018: Unrecorded
For those who have never applied to speak at a security or hacker conference, the CFP process may seem nebulous and overwhelming, so let’s combat that fear by breaking down what the CFP process entails and getting words onto paper. We will brainstorm and fine-tune presentation ideas, walk through how to structure and deliver content, and write drafts of talk abstracts and outlines. Bring an open mind and a desire to transform your talk ideas into viable conference proposals. Be prepared to deliver constructive peer feedback!
"Talky Horror Picture Show: Overcoming CFP Fears"
I see you shiver with anticipation. For those who have never submitted a talk to an infosec conference, the process can seem nebulous and overwhelming. Fear is driven by uncertainty, so let's combat that fear with facts. Come hear a reviewer break down what the CFP process actually entails, including what goes on behind the scenes once you've hit "submit". You'll also learn about resources to help you along the way. Performing a risk analysis of every step of the CFP lifecycle - from developing your initial idea, to writing and submitting a talk proposal, to preparing to speak once you've been accepted - we'll see that the downsides are minimal and the benefits are numerous.
As a certain mad scientist put it: "Don't dream it. Be it."
"Parlaying Education and Experience into an Infosec Career" (Panel)
A group of former students, current students, educators and seasoned infosec professionals discuss how to bridge the educational gaps whether starting out in infosec or pivoting into a new infosec specialization. We will touch on resources that current students can leverage, the transition into working in infosec, and ways that the infosec industry can help foster new practitioners. Additionally, we will shortly explain the paths we took and how we dealt with the obstacles we faced. We then evaluate these problems to find room for improvement in the industry and give our perspective on what either side could do to make the transition more seamless.
"Hacking Our Way Into Hacking"
CypherCon, March 11, 2016: Unrecorded
BSides Las Vegas, August 4, 2015: Unrecorded
It may seem like everyone in infosec has always been a hacker. However, many of us have come to hacking from other industries, and as we make our way through the infosec community it’s often hard to find others like us. This is a conversation for every hacker who started as a mechanic, a kindergarten teacher, or a gender studies major: let’s talk about where we came from, how we got here, how we leverage the skills from our previous careers, and some of the unique challenges we’ve come across as hackers with “past lives”.
"I Amateur Radio (And So Can You!)"
BSides Indy, February 21, 2015: Unrecorded
Ham radio: it’s the 100 year-old technology that refuses to die. Whether you’re a wireless enthusiast, electronics tinkerer, or just someone who wants to be able to communicate during the zombie apocalypse, having a ham radio license can open a new world of possibilities for any hacker. Come learn how and where to get your license, what you can expect to study, how you can work radio into your everyday hacking, and anything else you ever wanted to know about ham radio but were afraid to ask.