Every month, WISDOM highlights the achievements and perspective of inspirational colleagues in the field as part of a Q and A series. Our December role model and trail blazer is Katie Paxton-Fear, a Ph.D. student in Cyber Security and Machine Learning, a bug bounty hunter, and educational YouTuber.
Katie started out hacking in June 2019 during a HackerOne mentorship program and now hopes to be a mentor to others by creating YouTube videos. In her videos, she attempts to bridge the gap between “I know what bug bounties are” and “bug bounty hunter”, giving advice specifically tailored to bug hunting. She has now produced over 40 videos on bug bounty hunting for an audience of over 20,000 subscribers. Aimed at beginners, these videos progress from finding your first bug, to how to use specific tools, to how to find specific bug classes. During her time bug hunting, Katie has been to 4 HackerOne live events and has found bugs in the systems of some of HackerOne’s biggest customers, including the US Department of Defense.
1. What do you think is the most challenging aspect of information security?
I think, as a field the most challenging part of information security is actually getting into it – finding all the possible career paths and choosing one that interests you. I think a lot of people misunderstand how wide the field is and therefore struggle to recruit the right people, specifically when it comes to the varied backgrounds of individuals.
2. What has been the proudest moment of your career to date?
My proudest moment was when I first started getting messages from people telling me how my work helped them in their career. Although it’s nice to help yourself, I think helping others is extremely rewarding.
3. What are the most enjoyable parts of your work?
The most enjoyable part of my work is simply how many people I meet and talk to. No one has the same background, everyone has done something unique and different and that really helps.
4. What are the most challenging parts of your work?
I think my biggest challenge is always getting the balance between my work and my hobbies, as my job is as a PhD student and my hobby is YouTube and Bug Bounties. To do everything well requires careful balance.
5. What lessons have your learnt as your progress through your career?
Consistency and reliability is key. Be the kind of person others can rely on, and consistently rely on. And that boundaries are important – there is nothing wrong with having them!
6. In your view, how can we increase diversity and inclusion in information security?
Hire diverse voices, and work hard to keep them. I’m not sure why this still needs to be said. Infosec puts up walls of degrees, certifications, years of experience, and claims unless you have them, you’re not delivering value. Diversity of background is value in itself. Listen to what these diverse voices need, so you can keep them.
7. What advice would you give to someone just starting their career?
Learning everything isn’t possible, but to be widely read is. You don’t need to understand everything immediately or deeply, but you should have an idea of how all the cogs work together, and know where to find out more information should you need to.
8. What advice would you give to recruiters for your field?
It can be very tempting to look for individuals that meet a certain mould, but I’d urge people to look outside of that mould and consider individuals with different backgrounds.
Thank you Katie! If you have someone you’d like to nominate for the WISDOM blog’s ‘Trailblazers and Role Models’ series, please get in touch with amy.ertan.2017@live.rhul.ac.uk