Epic Women in Cyber — Katherine Cancelado
Katherine Cancelado (Kat) is a computer science engineer and cybersecurity specialist born and raised in Colombia. She’s also a dedicated bookworm and animal lover, who enjoys DIY and spends the rest of her free time gardening, cooking, baking, cycling and gaming.
How did you get into the cybersecurity field?
Everything began when I was about 12 years old and I started learning RedHat and Debian Linux. This meant I got involved in several Linux-based communities to improve my technical skills (a.k.a. deal with kernel panics), and further down the line to support people who were in the same situation I had been in. This led me to join and actively participate in EsDebian (Debian community for Spanish speakers). Soon I became a moderator in the community, where working with great Debian lovers around the world became my way to spend nights and weekends.
Learning and sharing knowledge of Debian Linux also meant I soon started “talking” about cybersecurity without even noticing. I learned so much about how to create secure and optimal configurations for different systems and applications, and was this what caused me to move towards cybersecurity as a way to make things better and not to simply make things work. I soon moved from Linux for desktops and got a little obsessed with servers and services, when I noticed I had actually been doing defensive security and was earning money doing so! OMG!
My knowledge and passion for properly configured systems and optimised services took me to discovering vulnerabilities, and once I’d discovered a couple I was deeply in love with finding more and more of them. It seemed fitting to become a penetration tester and started working in the services industry as a cybersecurity consultant.
Since then, cybersecurity has been a major part of my life. I love offensive, defensive and security architecture without leaving people, governance and processes behind. I firmly believe that by developing plain language to explain complex issues, I take to heart the sharing of a basic understanding of cybersecurity and risks, so that no one gets left behind. The only way to combat the “bad guys” long term, is to arm everyone with the right information at the right time.
What are the main challenges in this field?
- We (people in cyber security) like to talk “techie”, and this creates a massive barrier when communicating issues and risks. We forget people are the main cybersecurity resource (and threat), and cybersecurity is not strictly a tech issue.
- Lack of diversity, which leads to situations being dealt with a default / one size fits all solution.
- Tool focused environments, where solutions are seen through platforms and systems that are to revolutionise how everything works but lack understanding of the actual situation.
What are the things you’ve learned being a woman in cybersecurity?
If history has proven anything to me as a woman in cybersecurity, it’s that societal changes aren’t perceived from one day to another, and it is important that we (women in cyber) continue paving the road for future generations. What I’ve learned throughout my career can be summarised in the following points:
- It is better to be the only woman in the room, than knowing there were no women at all.
- Speaking up when disagreeing with something can make the other person feel uncomfortable, but not doing so could continue making YOU feel uncomfortable, at least for the time being.
- That feeling excited when I see other women in the field is okay, as well as a friendly reminder of the work I need to continue until our presence and input is the norm rather than the exception.
- Women at public events are the role models we need.
What advice would you give to women who would like to join the industry?
Open your mind and be ready to share your experience with everyone in the field. Sometimes our male peers don’t know when their comments are hurting us, and sometimes our female peers don’t know it’s not okay to accept these.
Just because, statistically speaking we (women in cyber) are a minority, does it mean it’s a “boy’s club”. The more open and less gender-based conversations we have, the better and easier it will be for anyone to join us on this journey.
Who are your role models?
- As cheesy as it might sound, my first role model is my mother, who taught me maths and to speak up in a respectful but direct manner.
- Female writers and female characters in books who allowed my imagination to build role models when there weren’t enough in the media.
- Katherine Johnson, who was not only a brilliant mathematician but also a lovely human being, and reminded girls and women that we are capable of doing anything we want.
- Rachel Riley, who breaks stereotypes of maths lovers and geniuses looking like…well, you know the stereotype I’m talking about!
- Georgia Weidman, entrepreneur, penetration tester, security researcher, speaker, trainer, and author. Who from the very first moment noticed there weren’t enough women in the cyber security field, decided to become a role model herself!
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
Speak up.
If you are a founder or a member of a community for women in security, can you introduce it?
OWASP Women in Cyber (WiA) https://owasp.org/www-committee-wia/
