WSC Blog
Blog Home All Blogs
The Women's Society of Cyberjutsu Blog. Come here for interesting facts about the WSC, security and other news and tidbits.

 

Search all posts for:   

 

Top tags: RSAC  amazon  amazon charity  analysis  b-sides conference  career  charity  competition  CTF  cyber  cyberjutsu  cyberlympics  cybersecurity  empower  empowerment  job  lead  negotiating  propel  salary  sans  shespeakssecurity  shespeakstech  SOC  tips  training microsoft free  tricks  value  womenincyber  womeningcyber 

Women Orgs Take over RSAC 2019

Posted By Mari Galloway, Sunday, March 10, 2019

ICYMI, Last week (March 4 - 8) the WSC family left its mark on San Francisco at the @RSAConference with various activities and events. We kicked the week off with #SheSpeaksSecurity hosted by the fabulous Jessica Gulick (@cyberrisklady), VP of WSC, CEO of Katzcy Consulting in partnership with @EWF, @WISPorg and @WICYSorg. #SheSpeaksSecurity was a 1/2 day seminar prepping women to gain confidence speaking and submitting to speak at conferences.

This event culminated with a panel discussion by all previous speakers on how to stay resilient in the male dominated arena and how to build confidence when presenting.

Speakers included:

  • Joyce Brocaglia, EWF @joyce_brocaglia
  • Elena Elkina, WISP @el0chka
  • Mari Galloway, WSC @marigalloway
  • Andrea Little Limbago, Virtru @limbagoa
  • Bobbie Stempfley, WSC @BobbieStempfley
  • Cameron Over, WSC - Panel Moderator

Details of each presentation here

Short Video Clip here

The evening finished up with the Women in Leadership Reception which had a packed house!! It was refreshing to see so many women, minorities, and allies in the room supporting each organization as major announcements were made. WSC made the announcement of a new CEO, Mari Galloway, marking the first transition of leadership since 2012. We also welcomed our 6 #cyberjutsursactribe pass winners to the family and got to meet a few of the ladies!

By Wednesday, we were Amping up our AM with Katczy and friends! The breakfast, hosted at the amazing Thirsty Bear was included a build your own mimosa bar and various sweets and treats to get your day going. Great conversations were had and new friendships were born.

We concluded the week Thursday with an Introduction to Capture the Flag (CTF) hosted by SANS Institute. With over 40 women in attendance to play SANS Netwars, fun was had all around! Thanks Max and Cecilia!

Despite all the rain that San Francisco had through the week, I would say that RSAC was a success. Partnerships were created, sponsors joined the WSC family and we had an all around great time. Special thanks to the WSC volunteers that stepped in to help set up, chat with table visitors, and break down all the 'stuff' we had for the conference. WSC is built on the backs of volunteers and we wouldn't be where we are today. 

Mansi @mansimusa (WSC COO), Fiona (WSC AMBASSADOR), Susan @v33na (WSC DC LEAD), Liz @city4liz (WSC SOCAL LEAD), Merissa (WSC PARTNERSHIPS) and so many more, THANK YOU!! You make my job easier!

Last but certain not least, thanks to Vince Vong for coordinating and organizing logistics and scheduling and all things D&I related. This was made possible because of his desire help change the game. 

Materials from the seminar will be available soon so please check back!

~Mari, CEO

 Attached Thumbnails:

Tags:  empowerment  propel  RSAC  shespeakssecurity  womenincyber 

Share |
PermalinkComments (0)
 

SANS Women Academy Graduates are First Time Speakers at RSAC 2019

Posted By Mari Galloway, Saturday, March 9, 2019
Updated: Friday, March 8, 2019

@RSAconference in San Francisco continues to bring fresh new faces to the conference circuit and cybersecurity industry each and every year. This year, with more focus on women and diversity in the program, it's no surprise that 1st timers Carlota Bindner (@CarlotaBindner) and Xena Olsen (@Ch33r10) made their speaking debut. Both ladies are graduates of the SANS Women's Immersion Academy, a multi week training program free to women looking to pursue a career in cybersecurity.

Bindner demonstrated common misconfiguration of U-Boot and strategies to harden embedded devices on Tuesday and Olsen spoke at several events throughout the week on the dangers of embedded devices as well as tactical threat intelligence. Before attending the Women’s Immersion Academy, Bindner worked as a technical researcher and Olsen was a real estate agent.

#Speaking at #RSAC was the highlight of my year! I really enjoyed the collaborative nature of my speaking engagements and I'm grateful for the people that participated in my talks and provided value with their sharing. Despite being new to the infosec industry, everyone was welcoming, kind and most of all embraced me as one of their own," said Olsen on her experience speaking at RSAC.

Today, Olsen is a Cyber Threat Intel Analyst for Fortune 500 financial services company, while Bindner is a Security Associate at Rapid7. WSC is pleased to partner with with SANS and the Women’s Immersion Academy initiative to increase gender diversity in cybersecurity by providing women with a passion and aptitude for cybersecurity the opportunity to learn in-demand cybersecurity skills, earn GIAC certifications, and start a career in cybersecurity. Women in the program are graduating, recently graduated, unemployed, or career changers.

Through this partnership, all women that are selected are granted a one year membership with Women's Society of Cyberjutsu. WSC membership allows women to build of community of supporters and find her #cyberjutsutribe. Members also get discounts on training, access to previous training recordings, access to the job and more.

Congrats ladies on your accomplishment! We look forward to hearing more from you. 

For more information on the SANS Women's Academy, please visit: https://www.sans.org/cybertalent/cybersecurity-career/womens-academy

Tags:  cybersecurity  empower  lead  RSAC  sans  shespeakstech  womeningcyber 

Share |
PermalinkComments (0)
 

PAID INTERNSHIP with the Las Vegas Sands Corporation in Las Vegas NV!!!

Posted By Mari Galloway, Thursday, January 25, 2018

BEFORE YOU APPLY – BE SURE their RESUME HIGHLIGHTS any relevant coursework, certs, degrees, & cyber competitions.

See the ATTACHED FILE for more details on what the position and requirements are. Don't be discouraged when applying. We are looking for more women to be in the internship program. 

For questions, please reach out to GLOBAL_Cyber_Security_Training@sands.com


Download File (PDF)

This post has not been tagged.

Share |
PermalinkComments (0)
 

Tips and Tricks to Negotiating a Better Salary

Posted By Mari Galloway, Friday, May 12, 2017
Recently, I got an email from a close friend talking about how a manager told her she wasn’t getting paid what she is worth because she wasn’t a male, the bread winner. So basically the manager insinuated that because she was a women she couldn’t be the bread winner thus the lower pay. Well what if she was a single mother or what if she was a widow? How does one justify saying these types of things in the work place? 

So I got to thinking, why are women often paid less than their male counterparts even if they have the same or better qualifications? I went back to my first contract job many years ago and realized, some women don’t negotiate their salaries from the jump. I DIDN’T. I just wanted to get the job and start getting that hands-on experience, so I took the first offer and that was it. I undervalued my skill set because I didn’t feel that it was up to par to what I THOUGHT the guys in my all male team had. That was a mistake that could have cost me higher salaries throughout my career. Learn from your mistakes and don’t make them again!

Salary discussions can sometimes get awkward because you shouldn’t really talk about it in the workplace. I had a job working for a young adult clothing store as an Assistant Manager years ago and we fired folks if we found them discussing what they were getting paid. It creates this environment of distrust between employees and management. What folks get paid should be kept between that person and the boss. But when you start moving away from those hourly jobs and into a salary position, it is sometimes hard to not talk about what you make. There are many different resources like Glassdoor and FederalPay.org that provide pretty specific information on folk’s salaries. There is no hiding what someone in the same job as you is making across the country. But for those jobs where the salary ranges aren’t readily available, what can you do?

Salary - a fixed regular payment, typically paid on a monthly or biweekly basis but often expressed as an annual sum, made by an employer to an employee, especially a professional or white-collar worker. 
Here are a few of my tips to help navigate the world of salary negotiations. These can be used for getting that raise that you deserve as well.

1.      Know your value. This is very important. If you are fresh out of college with no experience, don’t go in with guns blazing asking for $150,000 unless you are like a super genius or a rocket scientist and even still that is a stretch. Research salaries for the job you are applying for. Make sure to take into account, your education, skills, and other experience you have. This is includes unpaid experience as well. Be realistic in your expectations but don’t undervalue yourself.

2.      Don’t be first to disclose a number. You want to know what the company is offering. Ask them what the range is for the position. If they are hard pressed to give that to you, have a range in mind (discussed next). Don’t give the bottom of your range though, because that may be lower than the position the position offers and you may miss out on the extra money.

3.      Have a range. You want room to grow at your company but you also want to get what you are worth for that position. The bottom limit of your range should be at least 10% higher than your current salary, if you have one. This limit may be higher depending on what you are bringing to the table. The upper limit should be 10 to 20 thousand higher. This range is for you to know when to walk away and when to pull out a counter offer. These are your limits. As a side note if you are moving to another location for a job, make sure to do some research on that job market. A good place to start is the Bank Rate. This site helped me make the decision to move across country and leave the government.

4.      Be direct with what you want. The difference between some men and women here is that men just flat out say “I want to make X amount of dollars.” While women tend to beat around the bush and not come right out and say what they want. I was guilty of it. Again, just trying to get in the door. Make it known what you are willing to take. Don’t imply anything as this may cause you to get less money. This is where knowing your range helps out tremendously. Go with the higher of the range and work backwards.

5.      Be willing to walk away. Sometimes, an employer just won’t budge on the salary they are offering. Know when to walk away from that opportunity. One common mistake that is made is accepting the first offer. You don’t have to do that. Remember your salary range!

6.      Negotiate beyond salary. Once the base salary is determined, the rest of your compensation should be discussed. Things such as moving expenses, transportation expenses, food allowances, student loan repayment are just a few examples of things to discuss with the employer before making a final decision. Benefits are not always firm and can be negotiated if you have the right information.

7.      Ask questions. Above all else, ask questions. If you are curious about the salary or the benefits, ask those questions. Get answers to make an informed decision. Starting a new job is hard work. Do go into blind.

There are tons of articles and information out there for negotiating salary. The internet is a powerful tool that should be utilized the effectively negotiate your entire compensation package. These are just a few of my top tips and what I used to get the job I am in today. Great pay with even better benefits! Women, negotiate your worth and don’t settle because it is the first offer on the table. Men you can use this information too!!

If you have tips and tricks to negotiating salary, let us know! Sharing is caring.

Tags:  job  negotiating  salary  tips  tricks 

Share |
PermalinkComments (0)
 

Shmoocon Ticket

Posted By tennisha martin, Friday, January 13, 2017
I've got a ticket to shmoocon (starts today and goes through this weekend) but i had surgery on my back and can no longer go. $100 amazon gift card gets you a barcode.

This post has not been tagged.

Share |
PermalinkComments (0)
 

My First Cyber Competition

Posted By Mari Galloway, Thursday, November 10, 2016

My First Cyber Competition

For whatever reason, cyber competitions have been on my mind. So, I thought that I should share my experience as well as provide a few resources to those on the fence about participating in these cyber competitions.

Cyber competitions are a great way to gain valuable hands-on experience in various areas of cybersecurity such as pentesting and digital forensics. There are various types of competition in a few different varieties: Challenge-based, where you answer questions/challenges to gain points; Attack-Defend, where you must defend your 'castle' while trying to attack others; and Wargames which are online CTF competitions.

My first competition was back in 2013 with Cyberjutsu Women at the Global Cyberlympics, a competition hosted world-wide by EC-Council. This competition is an online team-based competition consisting of 3 qualifying rounds (Forensics, Penetration Testing, and Computer Network Defense (CND)) and a final round (Capture the Flag) usually hosted at the annual HackHalted conference.

Going into this competition, I had no freaking clue what to expect or even how to begin. The team consisted of 6 women lead by Lisa Jiggetts, the founder, CEO, and head Cyber Ninja for Women's Society of Cyberjutsu. We went into a conference room and immediately started the first round. We weren't organized and none of us knew what was going on but we trekked through it, together.

See with this competition, you can only have one person logged into the scoring server which meant that this person either had to perform all the tasks for each round or we had to figure out a way to collaborate quickly and efficiently to get the points. Even though we started off scrambling, by the end of round 1 we had found our groove and started racking up the points. Mind you, Lisa was the SME of the group and she had to provide a lot of insight.

I was scared because I didn't want to fail but was relieved to know that we were a team. We advanced to the next round. By the end, we all walked out of the room a little bit smarter and with ideas to help with round 2.

Fast forward a few weeks, we made it past round 2 but not without a few bumps in the road. I think round 2 was harder than the 1st one and for good reason. EC-Council wanted to make sure that people knew what they were doing. We spent that Saturday afternoon moving through challenges and troubleshooting and praying we get enough points to advance to the finals. When we recieved news that we made it to the final competition, we were beyond ecstatic. We were the only all women team (All cyberjutsu competition teams are all women) to advance to the final competition. Unfortunately, I was unable to attend the Final event due to work, but I learned a lot about myself and my love for this field. We all love a little challenge here and there. And, the prizes are definitely a motivator to participate in these types of games.

For me the Global Cyberlympics was the start of something great. Participating in and winning competitions gives you confidence in your skills and boosts your ego a little bit. Although, I haven't won a competition, I have participated in a few of them each year (both on a team and individually). They are a lot of fun. You learn a lot of things by doing them. If you are interested in participating in these games but don't know where to start, don't fret. There are numerous resources available to help you get your feet wet and prep for success. Some of my favorite individual games include SANS Netwars (paid), OverTheWire (free, online), and Enigma Group (free, online). These games force you to research topics and try new things, some of which can be used in the real-world depending on the job that you do. Some of these competitions are even at various conferences and are free to participate in.

So, get to it and start refining your skills!

For more information or to participate in team based competitions, join the WSC Competition Group at www.womenscyberjutsu.org

Additional links with good information:

ctftime.org - lists competitions going on around the world and you can join teams

Capture the Flag Competitions - Basic info on CTF's as well as different ones for each type

Tags:  competition  CTF  cyber  cyberjutsu  cyberlympics 

Share |
PermalinkComments (0)
 

Know Your Value

Posted By Tammy Torbert, Saturday, December 26, 2015

The holidays give me a chance to catch up on reading.  I happened across a book "Knowing Your Value: Women, Money and Getting Your Worth", by Mika Brzezinski.  It's one of these easy reads, a business book told mostly as interviews with successful women in a variety of industries.  There are also interviews with successful men that talk about the difference between men and women in industry.  

 I wish I had this book when I first started my career.  It discusses the way that women shoot themselves in the foot and don't get what they want.  The book won't tell you how to negotiate a better salary, but it might show you the things you are doing that cause our own failures. 

  

Happy holidays!

Tags:  career  value 

Share |
PermalinkComments (0)
 

Shopping Amazon & Supporting a Good Cause

Posted By Tammy Torbert, Wednesday, August 26, 2015

Do you shop amazon?  I do all the time, and about six months ago amazon asked do you want to support a good cause.  I thought why not?  So, from that moment forward I started shopping amazon.com, through smile.amazon.com.  This gave me a way to donate to my favorite charity at no cost to me.  With smile.amazon.com, the Amazon team donates a percentage of your total purchase to the charity you've designated.  What could be easier?

I just found out that WSC is one of many good causes that you can donate to by shopping through smile.amazon.com.  If you shop Amazon, I hope you'll consider shopping through their smile.amazon.com portal and donate to the charity of your choice. 

For more information about the smile.amazon.com program, visit the about page at https://smile.amazon.com/about.

Tags:  amazon  amazon charity  charity 

Share |
PermalinkComments (0)
 

Why Didn't We Catch It?

Posted By Tammy Torbert, Saturday, August 22, 2015

If you've spent any time working in a Security Operations Center (SOC) whether as an analyst, engineer, or incident responder, there is nothing worse than getting asked by your manager "Why Didn't We Catch It?"  The "It" is some incident or badness that occurred in the environment you are supposed to be monitoring or protecting.

Imagine a situation where a denial of service event occurred, but this was detected by the customer realizing that there site was responding as expected.  For security teams, having the customer tell you there is an incident typically means the SOC missed something they should have seen.  I was brought in to take a look at the Security Information and Event Management (SIEM) tool and see what was available leading up to the event.  Ultimately, I didn't find much to indicate a denial of service, that doesn't mean there was nothing there, it just means I didn't see anything obvious.  Next up, I start working with the networking and security engineers.  I need to understand how traffic flowed, what devices would have inspected the traffic, and what could possibly tell me something happened.  This is where understanding networking and how routers, switches, firewalls and IDS tools work.  I realized that there were a few devices that had security controls on them, whether it was the intrusion detection sensor, the router, or the firewall.  I then had to work with the team to decipher the configurations, make sure that traffic was moving to security tools that could have caught the attack, make sure that the right policies were in place to detect the attack, and make sure that logging levels were appropriate.

Ultimately, if you plan to work on the defensive/detection side of security, it's vital to have a broad knowledge set.  My knowledge of networking and a variety of security tools give me instant credibility in the room.  The best security people for defense/detect are those that understand how things work, but also how things should work together.  You don't have to be able to configure the router, but understanding how it will handle traffic will be helpful.  Defense/detect roles are challenging because the wide breadth of knowledge you'll need, but it's also a great starting point to security specializations, like reverse engineering, forensics, or security engineering. 

Tags:  analysis  SOC 

Share |
PermalinkComments (0)
 

B-Sides DC

Posted By Tammy Torbert, Sunday, August 16, 2015

Anyone get tickets for B-Sides DC yesterday?  I forgot that tickets went on-sale at midnight, and alas missed the first round.  I'm getting ready for round 2 on September 1.  

If you haven't been to B-Sides, it's a fun local event that is relatively inexpensive.  I hope to see you there. (Link for B-Sides DC).  It's a great way to get CPE credits for your CISSP, and also a great time to network and socialize with security geeks.

Tags:  b-sides conference 

Share |
PermalinkComments (2)
 
Page 1 of 2
1  |  2