The InfoSec Interviews > @0xdr3a

Andrea is a student who already has experience working in infosec. She also has a fascinating “origin story”. As with many who find their way into the industry, she didn’t follow a traditional tech education trajectory. Below, she shares her experience transitioning from business to IT.

/ The_Interview

> What’s your name/pseudonym?
Andrea Stehrer

> Where are you from/currently living?
Originally Austria, currently living in The Netherlands

> What infosec role are you in, currently?
Penetration testing and IT forensics intern at NFIR, as well as writing my thesis on cybercrime at Deloitte

> Have you ever worked in any other infosec or computer-related role?
At university, I participated in (and later led) a web development bootcamp organized by a student association — Turing Society Rotterdam. In addition, I was a teaching assistant for an introductory programming course.

Towards the end of my studies I did an internship at UL, researching the (in)security of IoT devices. After that, I was an intern at Deloitte’s security department, doing a variety of tasks such as pentesting web applications and working on a hacking demo.

> Did you pursue a post-secondary degree/diploma? If so, did you focus on something computer-related or specifically security?
BSc in International Business and currently finishing MSc in Information Management (neither IT/security related).

> How did you become interested in working in security?
Through coding, I slowly but surely became more interested in security. I started reading more about it, attended related events nearby, watched documentaries (Zero Days, Cyberwar by Vice)… It appealed to me for several reasons:

1) To me, hacking was like solving a puzzle, there will always be a way to exploit a system/network given enough time and effort.

2) I enjoyed figuring out how things work and how they may be used in unintended ways.

3) Aside from the fun of it, I believe that security is a vital field to be working in. We live in a digital world and are completely reliant on computers and mobile phones, but also (if not more) on industrial control systems and (soon) IoT devices. Similarly, crime and warfare are moving into the digital realm.

> How did you land your first job in the industry?
Attending companies’ recruitment events.

> Was there anything, in particular, that you really struggled with?
Getting started! Infosec is a very large and diverse field, and there are many courses and resources freely available online. In my case, I ended up starting with web application hacking (given a basic understanding of web development), and later looked further into fields like Malware Analysis.

> Do you have any favourite resources that helped you in your chosen infosec field?
Web Application Hacker’s Handbook and CS courses such as those on Open Source Society University (github.com/ossu/computer-science). What has also been very helpful is attending (and volunteering!) at conferences and other community events, as well as getting Twitter (yes, everyone in the industry appears to be an avid Twitter user and one can learn quite a bit through it :)).

You can find Andrea online at Twitter: @0xdr3a, Instagram: @andrea_infosec and LinkedIn: Andrea Stehrer.