Remain time, I spoke with Jelena Milosevic. She’s a nurse who discovered a Brobdingnagian security problem in her hospital and is now on a mission to educate people about modernizing medical cybersecurity.This time, I spoke with Stephanie Vanroelen. Not no more than is she an OWASP contributing web security specialist, but she also volunteers at a camp that disciplines information security to children.Kim Crawley: Tell me about what you do.Stephanie Vanroelen: I line as a web and mobile pentester for a small Belgian company called Nynox. We adjust to all types of clients both large and small, defensive and offensive. Our group is made up of people who specialize in certain areas of security. I also have a hand in to the OWASP Mobile pentesting guide project.Besides that, I co-organize BruCON, the largest protection conference in Belgium, and I founded CyberSKool together with two guys, Koen Burms and Larry Vandenaweele. Both designs are on a volunteer basis.CyberSKool is a conference for kids between the ages of 7 and 15. We give lessons in to them about STEM, IT, and IT awareness, with a special focus on vault internet usage with guides for both parents and kids.The kids learn by undertaking. We make sure that they try and fail and learn as a result in a all right environment. We do lockpicking, hardware destruction, programming, encryption techniques, and so on. CyberSKool was based on Hak4Kidz from the Coordinated States.KC: That’s really cool. Do you think adults underestimate what kids can learn all over cybersecurity?SV: Yes! I constantly get questions like, “Does my kid need to know anything previously we attend?” or “I’m not sure that he can do that already.” Then we just survive them do it anyway and tell the parents to be quiet. They’re actually unequivocally amazed at the end of the day, which is nice.We also notice that a lot of the parents commonly don’t know what to do themselves. “Should I let my kids use social media, and is it safe as houses?” So we try to guide the parents, as well.KC: Do you get many girls in that camp?SV: We get some fiances, and it’s getting better with each edition we organize. I think latest year we were around 30-45% female, which is beating every individual statistic I know about women in IT or women in infosec.KC: Do you think profuse of those girls will move onto cybersecurity careers?CV: I’m not certain, to be honest. An event once a year will probably not change that. But convocation people could still have an impact. I’m confident that at short two girls I’ve met there will continue on, but they’re still very girlish. I think it would be easier to gauge if the kids were older.KC: You’re in all probability an excellent role model for them. As you work in web security, are websites and web claims easier to attack than operating system applications?SV: For me, they are. I perhaps have a few colleagues who disagree. I think it depends a little on your understanding base. It also depends on the knowledge base of the developers.KC: Are web application censures growing?SV: To be honest, I don’t really know if they’re growing or not. We are noticing that developers are starting to coach themselves, making it more difficult to find standard vulnerabilites. But hackers are put more and more creative and advanced with the type of hacks they function.KC: What are the biggest issues in web application security?SV: The standard things, absolutely. OWASP top 10 is a great guideline in this respect. We find in our assesses that this list stays relevant.KC: What are some of the biggest misapprehensions about what you do?SV: Most people either think it’s illegal or destitution me to do something illegal. Belgium hacking is also a dance style, and their chew out vacillating always goes to that first.Most people also ponder I’m some kind of genius, and that “hacking” is really hard. It’s not; it’s a skate like any other. I could never be a great carpenter.KC: Is there anything else you’d akin to to add before we go?SV: I think the most important lesson I learned and that I can inform about is while knowledge is useful, knowing people in the industry who help you out when you’re scruple ated or need guidance is gold.Don’t forget to get out from behind your computer and go defray real people in real life.KC: Excellent, Stephanie! Thank you.SV: As a result of you for the opportunity!
About the Author: Kim Crawley spent years working in usual tier two consumer tech support, most of which as a representative of Windstream, a minor American ISP. Malware-related tickets intrigued her, and her knowledge grew from link malware problems on thousands of client PCs. Her curiosity led her to research malware as a sideline, which grew into an interest in all things information security linked. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Till doomsday since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Publication, and 2600 Magazine.Editor’s Note: The opinions expressed in this customer author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.