When I was 15, I read an article in Wired about disappearing in the digital age. Writer Evan Ratliff attempted to shed his identity and hide from a legion of internet searchers who were trying to hunt him down in exchange for $5,000. The hunters were using publicly available data - geotags from photos, social media accounts, past addresses, etc. I was fascinated by the idea of being able to track someone down purely based on public data, as well as the idea of being able to successfully vanish in such a technologically inter-connected world. When I realized that this type of research was a full-time job, not just a side project, I knew I wanted to pursue it.

After working in Threat Intelligence for several years, I transitioned to working in Security Architecture, which focuses on internal controls. If threat intelligence is all about looking at the external threat landscape and helping the organization to prioritize which threats they need to protect against, Security Architecture is about looking at internal controls and deciding how to build more secure systems (based on which threats are most salient to the organization). A good threat intelligence team works hand in hand with a security architecture team to effectively protect an organization against threats.

I typically start my workday by reviewing a number of intelligence sources - open source intelligence (newspapers, blogs, Twitter, etc.), information sharing groups populated by other security folks, government-provided data, and security vendor alerts (often threat intelligence specific security vendors). This review helps me decide what to focus on first - has there been a breaking news story that will impact my organization? A new vulnerability that we need to assess? Geopolitical tensions which may cause cyber retaliation measures?

Recently, I founded, with the help of some incredible women, a Women in Cybersecurity (WiCyS) Affiliate in New York. We host high quality training that is open and welcoming for all, and create opportunities to connect. It’s been one of the best things I’ve worked on in the past year, as I’ve been able to meet some incredible people across the industry. We’ve been able to help students find jobs, offer helpful training, and connect folks who otherwise wouldn’t have met – in a safe, supportive environment. I also enjoy creating security-related content for Free Code Camp, a non-profit which works to help make technology education accessible to all, volunteering with New York Cares, Big Brothers Big Sisters, and Read Ahead Mentors.

Cybersecurity is a constantly evolving field. In order to keep up, you need to have a deep passion for the work that you do. Everyone has side projects they’re working on, books they’re reading, or content they’re creating. You should do the same - figure out what you are passionate about and get involved - create a GitHub repository, write a blog, join a Capture the Flag team, or go to tech meetups in your city. If you’re looking to get into Threat Intelligence and have questions, I’m always happy to chat. You can reach me on twitter @megansdoingfine.