Gabrielle is currently working as a security analyst at a consulting firm. She also works as a pentester, an instructor for CybraryIT, and a genetic scientist. As far as preferred technology, I use a variety of tools for different jobs, but I prefer Linux-based systems and tools that integrate well there.
What projects are you currently working on & what technologies (languages, frameworks, libraries and tools) are you using?
In my regular role, I am working on implementing an adaptive DNS/IP address management tool, so learning more about that and the technology behind it. As a pentester, I am working on becoming more comfortable with web application vulnerabilities, and developing a super deep-dive workshop on buffer overflows. On my own, I’m working on becoming more comfortable with scripting, and I’ve been using Python most frequently.
What does it mean to be a Security Analyst: What are the responsibilities and requirements for this position?
I do a little bit of everything. My main duty is to manage vulnerabilities and help the infrastructure and application support teams to understand and remediate them. I also work with patching, analyzing risk, assisting clients with implementing secure infrastructure, and incident response.
playing with some super basic quantum dev stuff to get the hang of it and making a “hello quantum world” function using a circuit composer. running against IBM’s qx4 simulator for 1024 shots, waiting on results. #quantumcomputing pic.twitter.com/qXXCG8j3Gs
— gabsmashh (@gabsmashh) July 10, 2019
What is the most sophisticated security attack case that you’ve dealt with/heard?
I didn’t deal with it firsthand, but the NotPetya attack that took down Maersk for a while was fascinating to me. So insidious and fast-moving, and it’s amazing how much of their operation it stopped outside of just computers. Definitely points to the uncertainty we have surrounding IoT devices, supply chain, and other embedded/connected technologies. Story here: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
What is the life of a pentester: What’s your daily routine and task management?
Pentesting is all over the place. There’s not really a set routine when working with my team. Sometimes we don’t have a ton of work, and we use that time to hold team development trainings and build courses and workshops that we present to companies. When we do have offensive security testing to do, we collaborate a lot and work off of each others’ skills, Different people on the team definitely have different strengths, and it is what makes our team successful. The rest of the time is a lot of research–looking at new vulnerability reports that come out, new tools that people develop, sometimes developing tools of our own to aid in the testing. It’s a very fluid job.
How big is the team that you’re currently working with & what are their positions?
My security team is three people in my regular role. As a pentester, we have 8 people. They specialize in digital forensics, web application pentesting, OSINT, hardware, networking. A mixed bag.
How did you become a genetic scientist AND an anti-human trafficking advocate? What do these responsibilities mean?
I originally went to school to study neuroscience and psychology, and worked in pharmaceutical regulation for a while. Once I left that job, I accepted an appointment to a biosafety board where I review studies using recombinant DNA and genetic engineering. It remains a side passion of mine! For the ant-human trafficking advocacy, I saw a talk done by a good friend of mine at the WiCys 2019 conference on cybersecurity and its role in human trafficking. This sparked my interest, and I started to study how I can use my forensics skills and security knowledge to combat the problem.
was just kind of a natural progression. i worked a lot with medical devices and data governance/compliance, became interested in the vulnerabilities that presented themselves and how to fix them, and then fell down the infosec rabbithole 🙂
— gabsmashh (@gabsmashh) June 5, 2019
day 2 of biosafety/biomed recert. talkin bout NIH guidelines for recombinant and synthetic nucleic acid molecules today 🧬 pic.twitter.com/xeRtTmWpdL
— gabsmashh (@gabsmashh) July 19, 2019
You said that you are a NASA racing driver, can you share with us more about this interest of yours?
I worked as a mechanic while I was in college, and cars have always been a passion of mine! I grew up with a dad and cousins that liked cars a lot, so I became interested by association. NASA is the National Auto Sport Association in the US. I did a few fun drag racing/track days, and worked the hot pit at a few global time attack races for a friend, and decided that it was something I wanted to try. Signed up and started doing high performance driving events, which are preliminary events you have to complete successfully in order to obtain your pro license. I love it because it’s hands-on, and the adrenaline rush is like nothing else.
What is your racing car of choice? Why?
I currently drive a MK7 Volkswagen GTI. It has a Unitronic Stage 2 tune and some other modifications, and is perfect for both track and street driving. I’ve always loved Volkswagens and have gravitated to them because my family always had them growing up. I would like to buy an older BMW E36 though, and swap a 2jz into it. Dream car of mine!
What’s your #1 simple rule for better security?
Just awareness. Be aware of your surroundings, of what you click on, and trust your gut feeling when something seems off. It probably is.