Announcing Cybrary's Support of WISP


We are excited to announce that Cybrary is supporting Women in Security and Privacy (WISP) in 2019 with accessible educational content! We at WISP work to advance women in the fields through practical and technical workshops, TANDEM mentorship programs, leadership training, job board postings, speaker’s bureau, and conference, training, & educational scholarships. Cybrary will work with WISP to ensure women learn and practice the skills they need to advance, no matter where they live in the world.

Cybrary's core mission is to provide accessible cybersecurity and IT career development opportunities to anyone, anywhere.

As part of Cybrary's support of WISP, Cybrary will be donating:

  • 20 Cybrary Insider Pro subscriptions to women looking to advance in their careers and acquire new skills in cybersecurity and IT. They offer on-demand video courses, certification preparation materials, hands-on skill development tools, and job role-specific learning programs. Click here to apply for one of these subscriptions.

  • Cybrary will also be extending an exclusive discount to all WISP members.

    • 50% off Annual Cybrary Insider Pro with the promo code: WISP50

    • 40% off Monthly Cybrary Insider Pro with the promo code: WISP40

We are excited to work with Cybrary to support underrepresented communities in Security and Privacy to ensure there are advancement opportunities for everyone, regardless of location - from beginners to senior leaders.

Meet Our 8 WISP RSA Scholars


We are thankful for the support of our generous WISP sponsors and champions that allow us to make our scholarship program a reality. Meet our 8 RSA 2019 WISP Scholars below and hear what they are excited to practice at RSA!

Ruth A


What are you most excited to learn or practice at RSA?

Cloud Security & Operations, getting into CTF, red teaming



What are you most excited to learn or practice at RSA?

1. Anatomy of phishing Campaigns

2. NetWars CTF

3. Hacking 2FA

Clara Flores, @claralflores


What are you most excited to learn or practice at RSA?

GDPR, Compliance, Data Privacy.

Ayesha Rasheed, @akrasheed92


What are you most excited to learn or practice at RSA?

I'm excited to see how CA-based organizations are preparing for GDPR/CCPA compliance, to learn more generally about how/where tech companies work privacy and security planning into their product creation chain, and to learn about privacy concerns regarding biometrics.


What are you most excited to learn or practice at RSA?

I am most excited to learn about emerging issues surrounding legislation, potential new classes of vulnerabilities, and to explore the "Cybersecurity Future Proof: 2025" track.

Swati Handa, @swatihanda


What are you most excited to learn or practice at RSA?

Privacy impact on consumer choices, cloud security using a zero trust model, using analytics for effective governance

Irene Mo, @imokx


What are you most excited to learn or practice at RSA?

I am looking forward to learning more about privacy and data security law, AI and machine learning, and bridging the gap between cybersecurity and public interest technologies.

Keerthi Subash Koneru, @keerthiamigos


What are you most excited to learn or practice at RSA?

I am interested to learn about infosec skills on smart grids and smart cities, and cybersecurity and safety.

WISP 2018 Annual Report


WISP works to advance women in security and privacy. We accomplish this through practical and technical workshops, TANDEM mentorship programs, leadership training, job board postings, Equal Respect speakers bureau, and conference and training scholarships.

Major 2018 Accomplishments


  • WISP hosted 13 educational, technical, leadership, and mentorship events, featuring 22 subject matter experts this year.

Mentoring & Networking:

  • WISP provided 100+ WISP Tandem matches, who serve as dual mentors and mentees in 2018.

Scholarship: In 2018, WISP sponsored...

  • 57 women for DEF CON with travel and tickets covered;

  • 8 women for Derbycon with tickets;

  • 6 women for BlackHat with tickets;

  • 10 women for FireEye/Mandiant Reverse Engineering course tickets; and

  • connected 85+ Cyber Security Humble Bundle donors to women in the privacy and security fields.


  • New this year, WISP expanded from our San Francisco, California headquarters to support women internationally and across the nation with New York and Dublin, Ireland affiliate groups.

  • WISP’s social following has grown significantly in 2018. We currently have 6,050+ followers on Twitter, 1,420+ followers on Facebook, 1,620+ followers on LinkedIn and 1,500+ Mailchimp newsletter subscribers.

WISP 2018 Donations and Allocation


Words From Our Scholarship Recipients

WISP scholarship recipients around the country wrote many blog posts highlighting their experience with our conference and training scholarship programs this year. Learn about their experiences, learnings, and accomplishments below:

WISP 2018 Highlights and Photos

Screen Shot 2018-12-23 at 6.10.35 PM.png
Screen Shot 2018-12-23 at 6.11.15 PM.png

Thank you to our sponsors for making this possible!


WISP Champions


WISP DEF CON Sponsorship Winners 2018

It's that time of year again -- Black Hat and DEF CON are upon us! Thousands of security and privacy folks from around the world will be flocking to Las Vegas this week for "hacker summer camp". This year, WISP set a goal of sponsoring 2 women in security and privacy to attend DEF CON with a travel stipend and free entry badge. We reached out to the security and privacy community on Twitter with the idea and were overwhelmed by the generosity and support we received. Thanks to our donors, in just 7 days we were able to move from 2 full sponsorships to 57! Thank you to our sponsors (below) and to everyone who signal boosted our #WISPDEFCONSQUAD efforts online. 

We know you can't wait to meet our WISP DEF CON sponsorship winners, and they can't wait to meet you so we've asked them to share their thoughts below. Stay tuned to hear what they learned at hacker summer camp after we all return from Vegas.

Ian Coldwater

IMG_2124 - Ian Coldwater.JPG

What are your top 5 interests in security and privacy?
Container and cloud security, DevSecOps, red teaming, CTFs.

What are you excited to see/do/partake in at DEF CON?
I'm starting an OpenCTF team specifically for women who are newer to CTFs, to help create a supportive, low-pressure space where people who are often intimidated to start can play and experiment together. I'm looking forward to being able to learn and grow with them! I'm also really excited to meet and see people, and just experience everything and take it all in. I've never been to DEF CON before, so it'll all be new!

What do you hope to learn from this experience?
I'm hoping to meet up with others in the container security space, to share information and learn from them. But I suspect that a lot of the learning I'm going to do will be stuff I haven't thought of yet.

Other thoughts?
Thanks so much to WISP, the donors and sponsors for making it possible for us to be out there! It's been amazing to see the community coming together.


Mireya-Jurado - Mireya Jurado.png

What are your top 5 interests in security and privacy?
In no particular order, my top interests are system security, cryptography (both applied and theoretical), social engineering, network security, and web security.

What are you excited to see/do/partake in at DEF CON?
There's so much I want to see and do. I'm really excited to attend talks at the villages, especially the Packet Hacking village and the Crypto and Privacy village. I'm definitely going to spend some time at the Lockpicking village and try to improve my skills. I'm also hoping to watch the Social-Engineer Capture The Flag event!

What do you hope to learn from this experience?
In short, I want to learn what people are able to break and what tools they're using to do it. I'm hoping to learn about network security and reverse engineering in particular.

Sharon Lin

sharonl-200px - Sharon Lin.png

What are your top 5 interests in security and privacy?
I'm interested in reverse engineering, vulnerability research, cryptography, network security, and digital forensics.

What are you excited to see/do/partake in at DEF CON?
I'm excited to learn new skills at at the IoT, Packet Hacking, and Wireless Villages, as well as learn from competitors in the CTFs. I'm also excited to meet with hardware hackers and learn about new exploits and vulnerabilities in the hardware space, especially in IoT protocols.

What do you hope to learn from this experience?
I'm hoping to make new connections within the information security space, learn from some of the most experienced hackers, and gain new inspiration for pursuing security research. I also hope to learn some useful skills and become more aware of potential vulnerabilities and fallbacks of systems currently used in the embedded technology industry.



What are your top 5 interests in security and privacy?
1. Cyber Threat Intel- Tactical and Operational
2. Maldoc/Malware Analysis
3. Forensics- Everything
4. Purple Team
5. Reverse Engineering

What are you excited to see/do/partake in at DEF CON?
-Excited to volunteer for Diana Initiative and Blue Team Village
-Would love to meet other Cyber Threat Intel professionals
-Bug Bounty training thru WISP!!!!!!

What do you hope to learn from this experience?
Hoping to strengthen the community of women in infosec and to learn tricks from the experienced pros to improve my technical skills.

Thank you again to all our sponsors for making it possible for WISP to send all these amazing women to DEF CON!

*If you can only see Hewlett Foundation above, please swipe or click the right arrow to see the rest of our sponsors.

WISP will have a booth at both BlackHat and DEF CON along with several events planned for the week. Feel free to come say hi and pick up some WISP swag! We will have brand new shirt designs and the Pac-Man shirt from last year.

New Women in Cybersecurity Report Highlights Voices from the Field


Alexandra Ross - Senior Global Privacy and Security Counsel, Autodesk and Founder, The Privacy Guru


download (1).png

The new 2017 report, “Women in Cybersecurity: A Progressive Movement” is a must-read for those invested in the future of diversity in the security and privacy sector. Spearheaded by Caroline Wong, CISSP, and Vice President of Security Strategy for Cobalt, the report summarizes findings from over 300 women actively engaged in a cybersecurity career.

Many of the report’s findings challenge common misconceptions about women in cybersecurity. Some surprising findings from the report include:

  • 36% of those surveyed have been working in cybersecurity for 10 or more years, suggesting women in cybersecurity is hardly a new phenomenon.
  • Fewer than 50% of respondents entered cybersecurity through a background in IT or computer science, meaning women without IT or Computer Science backgrounds should not cross a career in the industry off their list.

While never losing sight of the major diversity challenges within cybersecurity, the report also provides some encouragement looking forward. Among the key takeaways: it’s clear that women in cybersecurity are thriving, the best teams in the business are diverse, and that the talent shortage might be best addressed through a combination of broadening the hiring process while reinforcing the education pipeline.

In addition to the numbers, the survey provides direct quotes from women in a variety of cybersecurity positions, as well as an inspiring sample of free-form insights and advice from women in their own voices.

Kudos Caroline Wong and all of the women who stepped up to contribute to this timely, necessary survey.

For more information on resources for women in security and privacy, check out the WISP Resources page and be sure to connect with WISP.

Maximum Overdrive: A Discussion on Self-Driving Vehicles


Caroline Wong, Vice President, Security Strategy,


Women in Security and Privacy (WISP) and KPMG recently hosted the “Maximum Overdrive: A Discussion on Self Driving Vehicles” event featuring a stellar panel of top tech, cyber, and automotive leaders. In an environment of rapidly changing regulatory requirements, industry standards, media coverage, and consumer trust, these experts helped to shed some light on what’s actually going on right now and what to expect in the future.

Sarah Pipes, Manager of Cyber Strategy and Governance at KPMG, kicked off the discussion by sharing a story of parking her own car in Brussels while working there on rotation - to the amusement of her local friend who has become used to everyone around her using their intelligent parking assist systems (IPAS).

Left to right: Sarah Pipes (KPMG), Chenxi Wang (Jane Bond Project), Steffi Bryson (Uber), Michelle Avary (Aeris)   Photo credit: Caroline Wong

Left to right: Sarah Pipes (KPMG), Chenxi Wang (Jane Bond Project), Steffi Bryson (Uber), Michelle Avary (Aeris)

Photo credit: Caroline Wong

Perception versus reality

Michelle Avary, Vice President of Automotive Products & Strategy at Aeris Communications and founder of Women in Automotive in Technology, set the stage by explaining SAE International’s Levels of Automation for Defining Driving Automation in On-Road Motor Vehicles. There are five levels of automation, starting at Level 0 (No Automation) and going up to Level 5 (Full Automation). One example of Level 2 automation is autonomous parking technology, as featured on The Oprah Winfrey Show in 2006. This is the same level of automation that Sarah’s friend in Brussels uses.

The problem with the SAE system is that the levels lead many to assume that driving automation is linear, and that’s not true. Uber's Steffi Bryson says that’s actually an inappropriate way to look at it. The linear frame of mind makes people think that a fully autonomous car will be on the market in the next 5-10 years, and that’s probably not what’s going to happen. Mobility as a service is much more likely to become part of the average person’s day-to-day experience (particularly if you live in certain cities). The most common question that Steffi gets is, “What happens when all the cars turn left at the same time?” This is, of course, a highly unlikely scenario and doesn’t represent the best starting point for a fruitful conversation. Chenxi Wang, founder of the Jane Bond Project, points out that “Humans make mistakes too. In some scenarios, machines are actually smarter.” 


What are the risks?

The 2015 Jeep Cherokee hack exposed vulnerabilities in already existing and deployed cars. Bryson says, “We’re not talking about technology that’s going to be developed in the future. This applies to the cars people drive today.” 

While the highly publicized story generated a fear in the public that Bryson argues has been associated with self-driving cars in a way that’s not accurate, everyone on the panel seemed to agree that the industry as a whole did learn lessons from the demonstration and have since adopted more security best practices. In August 2015, the Auto-ISAC was formed by automakers to establish a global information sharing community to address vehicle cybersecurity risks.

Whether we’re talking GPS routing, info-tainment, or safety critical systems, things don’t really become interesting until there’s connectivity involved. Consumers love connectivity. Wang warns, “Connectivity is orthogonal to autonomy. For security discussions you need to take that into consideration.” Wang believes that the most common risk does not actually lie in remote attacks, but rather in the integrity of the automotive software and the software supply chain controls that may or may not be in place. Just as cars source physical parts from different suppliers, software is often composed of many different third party components. “How do you know that the manufacturer who gave you this piece of software actually did their job in proper vulnerability management, security updates, etc.? All of that becomes a security risk.” 

Hypothetically speaking, consider a scenario where a group of company executives are being transported in a self-driving car. This presents a potential opportunity for that company’s competitor to conduct a denial-of-service (DOS) attack on the car in order to cause those execs to be late to an important meeting, or worse.

As in every type of consumer software, there’s often a trade-off between ease of use and security. What happens when your car asks you if you want to install a software update? Do you choose to do it now or later? Hopefully you pick a time when the car is not moving. The slower, more expensive option would be to drive the car to the dealership every time you need a software update installed.

Avary adds, “You’ll never get the software right the first time. You can [and will have to] patch it later.” Over the air updates from car manufacturers present an interesting case. A car’s electronic control unit ultimately decides if a new software update is trusted or not. It is critically important that access to the keys controlling new software updates is appropriately restricted and does not make itself into the hands of a malicious individual or group. The scariest piece of the puzzle here is not the technology, it’s the human who controls it.


How to secure autonomous vehicles

As with any software product, the best approach to reducing the risk of software connected vehicles and vehicular systems is to assess and monitor during the product development lifecycle. “Are you doing pen testing? Are you bringing in outside experts to look at and assess the security before the system or vehicle is released to the public?” Wang asks. “To a security person, these things are common sense.” Monitoring to track software patterns and anomalies is also an important component to ensuring the security of automotive software while it’s in operation.

Another key security principle is to shut down access where it’s not absolutely necessary. One of the main vulnerabilities exploited in the Jeep hack was an open port on the Harman Uconnect system. “It was left open to allow access for testing, and should have been closed,” Avary mentioned. The Harman system contained the ability to communicate over Sprint’s cellular network, and the hack leveraged vulnerabilities existing on the wireless network that should also have been locked down.

Wang stresses the importance of the zero trust principle - “Just because this communication came from the system right next to you, treat it as a suspicious internet connection.” She recommends that vehicle technology makers vet and authenticate connections with the same security controls in place that are required for dealing with an untrusted internet connection.


What do we have to look forward to?

“The first time you experience an autonomous vehicle probably won’t be when you buy it,” insists Bryson. The cars we see on the road right now are not non-autonomous; they are not completely manual. Many of them already have capabilities that are connected, semi-autonomous, or assisted. Lane assist, parking assist, collision warning and avoidance systems, anti-lock brakes, cruise control - all of these features are widely available in cars right now.

Individuals who do not own a car will be able to get around a lot easier with the help of autonomous vehicles. Mobility services will especially benefit the elderly and the disabled. Car ownership is expected to decrease. “A lot of people won’t own cars anymore,” says Bryson. “Today, a privately owned vehicle costs about $1.60 per mile. That cost is expected to drop to $0.08 per mile for shared mobility as a service.”

Join WISP at Hacker Summer Camp 2017!

Every year, security professionals, hobbyists, and aficionados take on Las Vegas for what’s come to be known as “Hacker Summer Camp,” built around three primary conferences: Black Hat, DEF CON, and BSidesLV. Over the years, more events including Queercon and TiaraCon were added, creating a 10-day period of talks, trainings, workshops, and networking in a variety of settings. 

Yet, much like the security industry as a whole, diversity and inclusion remain serious challenges for the world’s largest security gathering. WISP is committed to changing that by encouraging women to take a more active role and we’re partnering with a few other organizations to bring more women-centric opportunities to Hacker Summer Camp.

Below is this year’s schedule of WISP-hosted events. 

Please use our discount code for $200 off Black Hat badges: WISPus17

Cybersecurity Diversity Foundation Reception (Co-hosted with the Women’s Society of Cyberjutsu, and International Consortium of Minority Cybersecurity Professionals.)

Tuesday, July 25
5:30pm - 7:00pm
The Border Grill, Mandalay Bay
Registration required (Sign up here

Women in Cybersecurity Mixer (Co-hosted with Optiv)
Wednesday, July 26
6:30pm - 8pm
RM Seafood Lounge and Bar, Mandalay Bay
Registration required (Sign up here)

Enjoy cocktails and light appetizers while our distinguished panel of experts from Optiv and LogRhythm leads us in a discussion on the growth and development of women in security. 

Enter a drawing at the door for a chance to win great prizes, including an Apple Watch, Beats Solo3 wireless headphones, and more!

$5 will be donated to Girls Who Code on behalf of every attendee. 

WISP Peer-to-Peer Mentoring
Thursday, July 27
2:30pm - 3:30pm
Black Hat, Banyan D, Level 3

Join Women in Security and Privacy at Black Hat to mingle and network with privacy and security professionals. Also, consider becoming part of WISP Tandems, a peer-to-peer mentorship program that connects you with people from different background, expertise, and a different network. Every woman brings unique value, knowledge, and experience to her peers at every level of her career. Find your Tandem partner at Black Hat or sign up to be matched in our next round of the program, starting in September!

DEF CON Hackathon (Co-hosted with Security Innovation)
Friday, July 28 and Saturday, July 29
10am - 6pm both days

Security Innovation and Women in Security and Privacy (WISP) are teaming up to bring you two new vulnerable websites that participants will be competing to find vulnerabilities in. We'll have easy vulns and reference material for beginners as well as more difficult challenges to stump experienced hackers. The sites contain over 100 vulnerabilities including XSS, SQLi, password cracking and more. Vulnerabilities are automatically detected and award points when they're exploited. 

Becky Bace, President/CEO, Infidel, Inc.; Chief Strategist for the Center for Forensics, Information Technology, and Security (CFITS) at the University of South Alabama

The WISP career series highlights extraordinary women working on security and privacy issues.  The third installment in this series features Rebecca “Becky” Bace and her career path, work, and advice to young professionals.

When most of us think of universally celebrated mathematicians, an early figure that comes to mind is Hypatia of Alexandria. Hypatia made her way past traditional societal norms to become the first known woman philosopher, mathematician, and academic. In addition to being a widely respected figure, Hypatia never ceased learning and being curious.  Similarly, against all odds, Becky Bace from the small town of Leeds, Alabama forged a path for herself to become a leading mathematician and computer scientist.  She started on her path as the only woman in the School of Engineering at the University of Alabama at Birmingham in 1973 to becoming a widely respected analytical thinker, mathematician, and academic – and most important of all, she has never ceased to learn and stay curious. 

Career Path

When Bace first began her education, she focused on becoming a doctor.  However, one thing that Bace could not ignore was that she always excelled at math.  Although Bace was not interested in being a career mathematician, she decided to pursue engineering in her desire to explore other careers related to mathematics.  During her first year, one of her professors took her under his wing and suggested that she learn programing, specifically how to run then state-of-the-art computing on IBM mainframes for nuclear energy.  Although Bace completed most of her degree in civil engineering, she always felt drawn to courses in math, analytics, and computing – so she switched paths and finished her degree in computer science instead of civil engineering. 

After graduation, Bace came across an ad in Byte magazine for a role with her skillset –for what turned out to be a job at the NSA.  Bace later transferred to the Department of Defense’s National Computer Security Center (NCSC), a branch that conducted a lot of fundamental work on computer security and policymaking, including releasing the Rainbow Series.  At the time, most security solutions focused on security by design and advanced math modeling.  Noting a gap in the primary focus on front-end solutions and use of math concepts, Bace came upon a project at the NCSC on intrusion detection systems (IDS).  Bace tackled the project and reached out to one of her mentors for advice - Jim Anderson, the person who had built the initial IDS architecture.  This early work and mentorship helped to Bace’s career, and her focus on IDS, to take off.   

Even though Bace did not come from a traditional career path, she flourished once she embraced her interest in computing.  Bace went on to serve as the Deputy Security officer at Los Alamos National Laboratory and held a number of roles in the private sector, including as the Lead Faculty on IDS at the Institute for Applied Network Security; the Chief Strategy Officer of Neohapsis; as a venture consultant for Trident Capital; and the Vice President of the Security Practice at In Q Tel.  Bace is currently the Chief Strategist at the Center for Forensics, Information Technology and Security at the University of South Alabama and the President/CEO of Infidel, Inc.

Advice to Young Professionals

Bace acknowledges that it is hard to advance in your career alone.  While perceiving a problem in the traditional approach to security, Bace not only tried to solve it herself, but like a philosopher hosting a salon, she built up a network of peers to join her in her journey and discuss relevant issues to learn about diverse perspectives. Her efforts in community building not only helped her create a shift in information security and the use of IDS, but also on a personal level and in her career.  Bace says that both “peer support is extremely important” as well as “having a mentor.” When she faced adverse situations in her life, she was able to overcome them with the support of her “community of peers” – people that will “stay longer with you than your employer.”  A few of those strong mentors present throughout Bace’s career were Robert Abbott (who led the first commercial security practice, as modeled in the movie Sneakers, and a senior scientist at Livermore National Labs) and Ruth Nelson (a mathematician whose work includes much of the formal mathematics underlying secure protocol design).

Career Advice to Women in Security and Privacy

For women interested in the field, she provides candid advice stating that it’s important to “balance between mastering the theoretical view of security and understanding the math.” Pulling from her own experience, she points out that “you don’t have to be pinpoint focused to be successful” because most careers require a “broader swath of expertise and exposures.”

Becky Bace is a pioneer for women in security, having been mentored from the creators of early computing systems and some of the first women in the field.  With the experience of a professional and ease of a strategist, she has bridged together math and theory to create and advance solutions that have been a boon to the security industry.  In line with WISP’s principles of advancement and inclusion, Bace advises WISP members to keep in mind: “professional links make all the difference.”


Data Minimization and Anonymization: Essential Tools for Reducing Privacy and Security Risk and Enhancing Trust

This post will examine a couple of case studies in data innovation, specifically companies that have developed new ways of using data minimization and anonymization to address regulatory requirements, as well as potential security and privacy concerns of their consumer base.

Equal Respect Speakers Bureau

Equal Respect and Women in Security and Privacy are proud to partner together to launch the Equal Respect Speakers Bureau. This joint initiative seeks to foster diversity for professional conferences in the security and privacy fields. Register as a potential speaker or request a speaker for your upcoming event.

A Note From Our Head of WISP Tandems

Dear WISP Community, As the Head of WISP Tandems, I am happy to share the story of our Tandem Program, the vision behind it, and exciting news about the future of Tandems. Our peer-to-peer mentoring program connects security and privacy professionals who have different backgrounds, expertise, and different networks. Why? We believe that you bring unique value to your women peers, no matter which career stage you’re at.

Hacking for Security

On June 21st, Women in Security and Privacy (WISP) partnered with Security Innovation, Inc. (SI) and the Wikimedia Foundation to put on a fun, educational “find the vulnerabilities” game. The “Hackathon” was a technical workshop on web application security, with a hands-on approach geared at teaching effective website security and secure coding habits to WISP members.  

WISP - From 7 to 700

Dear WISP Community, WISP’s seven founders first convened in 2014 to further a shared mission – promoting the development, advancement, and inclusion of women in the information security and privacy fields. In two short years, with the dedicated support of our membership community, WISP now has over 700 members nationwide. We’re excited by this growth and the potential it holds for WISP’s future. As WISP Project Director, I’m proud to announce another critical milestone. WISP has achieved official status as a fiscally sponsored project of Community Initiatives, an SF Bay Area 501(c)(3).