WISP is excited to introduce this year's Women in Security and Privacy (WISP) / RSA Conference Scholars! These five WISP members will be attending this year's RSA Conference in person in San Francisco, CA from June 6-9, 2022. Again we’d like to thank RSA for their continued support of WISP and our mission over the years!

Name: Marylyn H

Pronouns: she/her

Focus Areas: Marylyn is excited to learn more about Medical Device Security, IoT Medical Security, and Healthcare Cybersecurity.

Name: Ashley R

Pronouns: She/her

Focus Areas: Ashley is excited to learn about Application Security, Privacy, and Threat Intelligence.

Name: Zara A-P

Pronouns: She/her

Focus Areas: Zara is excited to learn about security automation, threat hunting, and lockpicking.

Name: Kara

Pronouns: She/her

Focus Areas: Kara is excited to learn about privacy in 2022, women in leadership, and SOAR topics (Security Orchestration, Automation, and Response).

Name: Julia R

Pronouns: She/her

Focus Areas: As a seasoned privacy professional and former diplomat, Julia is excited to explore the intersection of privacy and security at RSA. She's eager to find out about the RSA events connecting European and US policy implementation, and lockpicking is her favorite pastime as a loyal DEF CON attendee.

We are excited to announce that Cybrary is supporting Women in Security and Privacy (WISP) in 2021 with accessible educational content! We at WISP work to advance women in the fields through practical and technical workshops, TANDEM mentorship programs, leadership training, job board postings, speaker’s bureau, and conference, training, & educational scholarships. Cybrary will work with WISP to ensure women learn and practice the skills they need to advance, no matter where they live in the world.

Cybrary's core mission is to provide accessible cybersecurity and IT professional development opportunities to anyone, anywhere. 

As part of Cybrary's support of WISP, Cybrary will be donating 20 Cybrary Insider Pro scholarships to women looking to advance in their careers and acquire new skills in cybersecurity and IT. They offer on-demand video courses, certification preparation materials, hands-on skill development tools, and job role-specific learning programs. Click here to apply for one of these scholarships.

We are excited to work with Cybrary to support underrepresented communities in Security and Privacy to ensure there are advancement opportunities for everyone, regardless of location - from beginners to senior leaders.

Elena Elkina, Co-Founder of Women in Security and Privacy, was interviewed by Aviva Zacks of Safety Detective. She asked her how WISP helps women succeed in the cybersecurity industry. 

Safety Detective: What motivated you to co-found this organization?

Elena Elkina: Seven of us were all working in the privacy and information security field. Some of us were lawyers, and some of us came from an IT background. At some point, we started talking about the intersection of privacy and security and how you cannot be a subject matter expert in one of the industries and ignore the other one. Since we’d all been doing privacy and security for a while, we thought about that how the industries had changed over the previous ten years and how, when it used to be privacy or security, now the line was getting blurry and blurrier, and we thought about how we could combine our forces and help each other to be better experts in privacy and security field. We looked at different organizations across the globe, and we couldn’t find an organization that did both.

In addition, we knew that we were women and minorities, and we thought about how hard it is for women to enter the information security field and how hard it is to find resources because the information security club is mostly made up of men.

We wanted to organize something that could help other women enter the fields and help them grow and do something they really enjoy. We also wanted to combine privacy and security into one organization because nowadays you can’t do something well by ignoring the other side.

That’s how Women in Security and Privacy or WISP was born. It was surprising to see how many women felt the same way. There were many organizations that were focused on diversity and inclusion or generally provided knowledge for information security or privacy professionals. We didn’t want to reinvent the wheel. We wanted to combine those two industries in one.

SD: How does WISP help empower women to succeed in the cybersecurity industry?

EE: We have a few main areas that we focus on. We provide practical workshops. We focus less on presentations such as panels and discussion and more on practical knowledge where people can apply what they’ve learned during the workshop or they have a chance to take something home with them. So, we focus on practical workshops as education.

We also have leadership training where we offer an opportunity for people to either practice their presentation or share their career path and inspire others to follow or join.

We also have a mentoring program. We developed a peer-to-peer mentoring program called Tandem where we connect peers who have an opportunity to serve in both roles. We don’t have a mentor and mentee, per se, because we believe that every person has something to learn and has something to share. We connect two people who are looking for skills that the other person can share and looking to learn something that the other person can provide.

We started locally. We wanted to make sure people could connect with each other in person in the Bay Area, but then we expanded globally, and now our Tandem program is a global program where we connect women around the globe.

We also have a scholarship program that started with a couple of organizations giving us scholarships to conferences such as DEFCON.

About five years ago we shared the news that we were sending ten women to DEFCON, and we received ten scholarships. We were able to send ten women, and we wanted to share the news and congratulate them. People started responding and asking if they could sponsor one more woman, help with a flight, or hotel cost, etc. In the end, we sponsored about 75 women. It all happened because individuals and companies were providing us with help, helping support women and it has a butterfly effect that more organizations stepped in. And since that day, every year we sent about 100 women to DEFCON and about 20 to Black Hat.

With the amazing support of the community, our scholarship program had grown, and now we work with many organizations that provide scholarships. For example, just today we’re going to announce that we have ten scholarships from the IAPP, the International Association of Privacy Professionals. They are supporting ten women to get certification of either security, information, IT, project management, program management for privacy, European Union privacy certification—wherever they choose, the IAPP will support them. We have developed a great relationship with RSA who has been donating scholarships every year for the last 3 years.

In 2020, Craig Newmark Philanthropies helped WISP in our endeavor to support the #ShareTheMicInCyber community and cover training, certification, and education costs incurred by Black security and privacy practitioners with a $25,000 grant! During the #ShareTheMicInCyber campaign, WISP initiated a fundraiser to raise funds to pay for Practitioner’s training and certifications — and the response exceeded expectations. With the funds from this effort, we hoped to support other Practitioners in the #ShareTheMicInCyber event with training and certifications, as well. We are now hoping to be able to cover each and every certification and training cost needing coverage in the #ShareTheMicInCyber group!

We are working with the #ShareTheMicInCyber group to add up the fund size needed and currently with this $25,000 grant plus the $19,000+ donated by WISP sponsor individuals and corporate sponsors, we will be able to cover each and every education, training, and certification needed so far! We couldn’t be more excited. Thank you to Craig Newmark Philanthropies and each and every sponsor, we absolutely would never be able to make this happen without you.

SD: What do you feel are the worst cyberthreats out there today?

EE: In my professional career, I’m a partner at Aleada Consulting. We are a privacy and security consulting. We focus on our organizational piece of both privacy and security risk, and we work with technical partners to address more on the technical side. From what I’m seeing, because of the work from home situation, many companies have been challenged with building appropriate infrastructure and creating a system to monitor critical systems. Information security and IT teams have had to rethink their approach to work-from-home models, from policies and procedures and having appropriate controls such as VPN, BYOD, and everything else that aligns with it.

Social engineering remains one of the risks because this year either because people are working from home or just people are stressed, and the social engineering attacks have increased.

And another thing that is not directly related to attacks is that companies are struggling with creating processes because there is a lack of talent in the information security and privacy field. Organizations struggle to find people to help them. Just to be on top of all the possible threats and new requirements from the information security side or privacy side, it’s very hard to be on top of it. I think that continues to be a big problem for an organization—how to bring appropriate talent to their team to protect the company.

That’s why WISP is committed to finding opportunities to advance knowledge and experience and bring more people into the industry so we have no shortage of talent and provide more opportunities to others to grow and join the forces.

AVIVA ZACKS

Cybersecurity Expert and Writer

April 28, 2021

We are excited to announce that Lexeprint is supporting Women in Security and Privacy (WISP) in 2021 with accessible educational content and Lexeprint will be donating 50% of the proceeds of 6 courses to WISP! We at WISP work to advance women in the fields through practical and technical workshops, TANDEM mentorship programs, leadership training, job board postings, speaker’s bureau, and conference, training, & educational scholarships. 

As part of Lexeprint’s support of WISP, Lexeprint will donate 50% of the proceeds to WISP for people who take any of the following courses listed below on Lexeprint:

1. Cybersecurity: Latest Legal Developments Around Cybersecurity Attacks and Data Breaches in Healthcare Sector

2. Steps Lawyers And Their Clients Can Use To Prepare For Cyber Attacks – Expect The Unexpected

3. An Overview of the California Consumer Privacy Act

4. Cybersecurity: Deep Dive into the SEC New Regulations — What Lawyers Need to Know for their Clients and for the Board

5. Attorney’s Guide to Effectively Advising the Board in the Event of a Data Breach

6. Cybersecurity: Advising Law Firms with Healthcare Service Clients on the Cybersecurity Risks and Regulations

To learn more: https://lexeprint.com

We are excited to work with Lexeprint to support underrepresented communities in Security and Privacy to ensure there are advancement opportunities for everyone, regardless of location - from beginners to senior leaders.

Let’s get to know you! Who are you and what do you like to spend your time on? 

I am Najla L. I spend my time learning about ICS security, volunteering with the DEF CON Biohacking Village, sharing resources whether security or personal development related, tweeting and enjoying a glass of wine.

What was your path to your current role in security and/or privacy, or other role? What made your path unique? 

Although I do not have an official role in the industry, I am always integrating myself into the community to increase my knowledge and hone my skills. My path is unique because I am a career transitioner and do not have an IT background as the starting point. Plus I started my journey at 29.

What are some challenges you’ve encountered in your life or career? How did you overcome them?

I have faced burnout, several times. It is not just burnout of learning new information but a mental burnout. Furthermore, for the amount of time that I have been learning, I have been unsuccessful in achieving an actual role. I have had interviews with various companies and even gone through several rounds, only to be told that they want someone more senior for the role. To overcome this, I consistently take breaks to refocus and to allow myself to rest, as I cannot learn and retain if I am mentally burned out. 

How did the ShareTheMicInCyber scholarship impact your life? Which certs, exams, or classes did you take? What are your achievements you would like us to highlight? How did they go! Feel free to include any future plans here, too. 

ShareTheMicInCyber was one of the best campaigns I have ever been a part of and I was a part of the first round. Aside from having Rachel Tobac as my partner, I got to tell my story to a wider community along with building a personal relationship with Rachel AND learning of other black practitioners in the industry as well. This allowed me to learn and increase my network. I also was awarded a SANS Scholarship for a course of my choice, a $2,000 WISP scholarship to cover the preparation for the OSCP, PMP and CISSP. I took the GCFE and PMP exam and have successfully passed both. The CISSP and OSCP are still on my list to achieve and I WILL achieve them. I have also been fortunate enough to take another SANS course, ICS Active Defense and Incident Response and will be taking the companion exam, GIAC GRID. My goal for 2021 is to officially obtain an information security role and to successfully obtain clients for my business.

What are your goals and aspirations? What are you working towards? If there is a way others can support you in those goals, feel free to include that here! 

My goal is to become extremely knowledgeable about networking and critical infrastructure environments, domestic and internationally. I like to work with my hands and directly with people so I aspire to be in a consulting role that allows me to do both. I will continue to volunteer with the Biohacking Village and I will be doing some drone photography & videography on the side. If you are interested in talking with me about a role or about hiring my Documentation & Technical Writing services, please email me at [email protected].

Anything else you would like us to highlight about you in this blog post? 

I recently was a speaker for the Women In ICS Security panel on the Unsolicited Response Show on YouTube. I can be reached via Twitter @ForSci_Q or Najla L on LinkedIn. You can check out my blog at forensicsandinfosec.tech.

Let’s get to know you! Who are you and what do you like to spend your time on? 

My name is Elyse Robinson and I am a Black American woman that lives in Mexico. I am the Director of Information Technology at NewsIn.IT which helps individuals start an IT career or helps those already in IT increase their salary. Before COVID, I spent my time exploring Mexico and adding to my website, blog, YouTube channel, and podcast about life in Mexico as a Black American woman.

What was your path to your current role in security and/or privacy, or other role? What made your path unique?

I am a self-taught programmer and started at the age of 10. I attended college and started in computer science but couldn't find an internship after applying to over 1,000 jobs so I switched to accounting. I became an Auditor which gave me project management, writing, communication, and data analysis skills. I had to quit my life to take care of my mother and family during her battle with blood cancer. I moved to Mexico to mourn and fell back on my IT skills and learned about the Cloud. In the past 4 years, I consulted here and there putting people into the Cloud. Then, I decided during my stay in the house due to COVID that I would learn a new programming language and that reminded me of my first love...technology. I then created NewsIn.IT since I was already searching for resources for myself and built a business around my successes of not paying for courses and certifications. I recently accepted a position as a Cloud Engineer and am awaiting a start date.

How did the WISP ShareTheMicInCyber scholarship impact your life? Which certs, exams, or classes did you take? What are your achievements and how are your goals going?

I was racking my brain on how I would pay for the certifications to transition into an IT career as a Cloud Engineer. I found out about ShareTheMicinCyber on Twitter and applied for a scholarship and got it! I am now studying for my CISA (Certified Information Systems Auditor), ISO 9001 and ISO 27701 Lead Auditor training. I completed ISO 27001 Lead Auditor training.

What are your goals and aspirations? What are you working towards? If there is a way others can support you in those goals, feel free to include that here!

My goal is to obtain a leadership role in the future as the Director of Security, Risk, Audit, and Governance. Right now, you can support me by subscribing to NewsIn.IT on my website, and following my blog, YouTube channel, and podcast for my new life as a Cloud Engineer. And if you're looking for a future leader in your organization, I'm your woman!

We are thrilled to announce that Craig Newmark Philanthropies is aiding Women in Security and Privacy (WISP) in our endeavor to support the #ShareTheMicInCyber community and cover training, certification, and education costs incurred by Black security and privacy practitioners with a $25,000 grant! 

On Friday June 26th, the security and privacy community came together to honor and amplify the stories and work of Black practitioners on Twitter and LinkedIn. Organized by Google’s Camille Stewart and Harvard Belfer Center’s Lauren Zabierek, the #ShareTheMicInCyber campaign brought together professionals from Microsoft, the New York Times, Brookings Institute, Cisco, Ernst & Young, the Aspen Institute, Verizon Media, Amazon, Netflix, New America and more - all united by a commitment to elevate underrepresented voices and catalyze real change in the industry. This was a unique social media moment when prominent allies leveraged their social media platforms and networks to spur a conversation around systemic racism in infosec, privacy, and national security. 

During the #ShareTheMicInCyber campaign, WISP initiated a fundraiser to raise funds to pay for Practitioner’s training and certifications -- and the response exceeded expectations. With the funds from this effort, we hoped to support other Practitioners in the #ShareTheMicInCyber event with training and certifications, as well. We are now hoping to be able to cover each and every certification and training cost needing coverage in the #ShareTheMicInCyber group!

We are working with the #ShareTheMicInCyber group to add up the fund size needed and currently with this $25,000 grant plus the $19,000+ donated by WISP sponsor individuals and corporate sponsors, we will be able to cover each and every education, training, and certification needed so far! We couldn’t be more excited. Thank you to Craig Newmark Philanthropies and each and every sponsor, we absolutely would never be able to make this happen without you.

Thank you to our WISP #ShareTheMicInCyber sponsors:

Craig Newmark Philanthropies, @JBizzle703, @NSQE, @rj_chap, @adamely, @PhilHagen, @chandlerhowell, @scba, @Riana_crypto, @emjohn20, @bjohn20, @UUallan, @Mattdevost, @tijuanera, @jposhea3, @georgevhulme, @mckennak44, @bethlogic, @B1N2H3X, @nailaa, @dougbarbin, @schellmanco, @stevegoodwin, @brendancboyle, @5urvivatrix, @selenalarson, @partrickhammond, @blowdart, @nerdpyle, @bryanbrake, @brakesec, @m3sweatt, @zcobb, @Riana_crypto, @apjanke, @all_davenport, Central NJ Infosec, @RobDuhart, @redteamwrangler, @CdubbsDT, @SansJen, @BabyBoomerWriter, @BabyBoomerWriter, @TheSweetKat, @alexstamos, @jessedpate, @_whatshisface, @techwithtaz, @garysoccer2, and 25 Anonymous donors.

Another round of ShareTheMicInCyber is happening!

This time on October 23rd.

More information here: https://sharethemicincyber.splashthat.com/

The campaign is still accepting a new group of Practitioners for this round in October, sign up here to participate and get signal boosted by Cyber Allies!

After you #ShareTheMicInCyber, what’s next?

Building on the cybersecurity community’s united stance against systemic racism 

On Friday June 26, the cybersecurity community came together to honor and amplify the stories and work of Black practitioners on Twitter and LinkedIn. Organized by Google’s Camille Stewart and Harvard Belfer Center’s Lauren Zabierek, the #ShareTheMicCampaign campaign brought together professionals from Microsoft, the New York Times, Brookings Institute, Cisco, Ernst & Young, the Aspen Institute, Verizon Media, Amazon, Netflix, New America and more - all united by a commitment to elevate underrepresented voices and catalyze real change in the industry. This was a unique social media moment when prominent allies leveraged their social media platforms - and in some cases literally gave their accounts over to Black practitioners - to spur a conversation around systemic racism in cyber and national security. 

The campaign unravelled the inspiring journeys of (and roadblocks faced by) Black practitioners, invited participation and forged new connections across professional networks, and revealed the sheer generosity of the cybersecurity community. Some of the highlights of the #ShareTheMicInCyber campaign included:

• Black Practitioners were asked to join calls and advisory boards

• The cybersecurity community raised $16,000+ to sponsor certifications, training, and educational expenses for all participating Black Practitioners

• A combined reach of at least 1.5 million Twitter users based on the number of followers of the campaign’s participants, as well as their organizations and campaign amplifiers

• An emerging conversation around a possible virtual DEFCON village or other means to convene the #ShareTheMicInCyber group

• Several prominent professionals contacted organizers Camille and Lauren to ask how they can better serve the campaign and beyond

It started with a tweet

The #ShareTheMicInCyber movement on social media evolved organically. Inspired by Instagram’s #ShareTheMicInCyber campaign, Camille and Lauren  found inspiration in the entertainment industry’s efforts to honor Black voices. With the ongoing civic unrest across America, there was a renewed and urgent need to address the historic disenfranchisement of Black people. Camille has written on the inextricable link between systemic racism and national security, and posted the idea of launching a campaign similar to the Instagram one for the cyber and national security world. Her request caught the attention of Lauren who was thinking along similar lines. What transpired was a natural partnership to spur a meaningful conversation on race in their field. 

Using operational lessons from a similar event hosted by Diversity in National Security Network, Camille, Lauren, and Belfer Center intern Sahar Kazranian worked behind the scenes to reach out to Allies and Practitioners and provide instructions and materials for the event, as well as potential organizers and influential figures to amplify.  By the launch on June 26, all the pieces were in place, and we shared, retweeted, liked, commented with the community.  

To our surprise, Rachel Tobac, CEO of SocialProof Security,  initiated a fundraiser via the Women in Security and Privacy (WISP) organization to raise money to pay for her Practitioner Partner’s SANS & PMP training and certifications--and the response exceeded expectations. With the funds from this effort, we hope to support other Practitioners in the #ShareTheMicInCyber event with their training and certifications as well, so we encourage our other Practitioners to apply. All #ShareTheMicInCyber practitioners can apply (not just those who use she/her pronouns). 

Information on the WISP #ShareTheMicInCyber Scholarship Opportunity 

WISP’s fundraising efforts started initially with a goal of $2k to cover forensic scientist Najla Lindsay’s PMP, OSCP and CISSP certifications and exams - and morphed into a wider initiative to cover as many training, certification, or learning/advancement expenses for Black practitioners in the #ShareTheMicInCyber campaign.

Rachel Tobac of WISP is planning a Twitch stream where she plays Overwatch live to raise money for the #ShareTheMicInCyber fund, and the WISP team will also be raising funds during WISP BlackHat virtual events (stay tuned on Twitter -- @wisporg and @racheltobac for more details). 

Update: We're so close to reaching our ShareTheMicInCyber fundraising goal to meet all certification and training cost needs! Every donation counts, thank you to our 70+ ShareTheMicInCyber donors, so far!

The credentials and trainings that we are raising money to cover include:

• CISSP

• OSCP

• CIPM 

• ITIL4

• COMPTIA

• Security+

• Professional Cloud Architect

• and much more!

For more information about the mission of ShareTheMicInCyber that Camille and Lauren built, and the folks in the ShareTheMicInCyber group, check out: https://sharethemicincyber.splashthat.com/