Cybersecurity has largely been an area of expertise dominated by men, but in recent years, more women are making their mark on the field.
Gillian Morris jumped headfirst into cybersecurity at the coaxing of one of her high school teachers. She earned a bachelor’s degree in cyber operations and a master’s degree in cyber defense from Dakota State University. Now, she’s one of the Defense Department’s best and brightest, having been named to the inaugural U.S. Women’s Cyber Team.
Right out of graduate school, Morris, 24, moved to Washington state to take a civilian position with the Naval Undersea Warfare Center, Keyport Division. As an information systems security engineer, she takes the DOD’s risk management framework and applies it to customer computer systems to make them secure.
Morris is one of 12 women selected to be part of the U.S. Women’s Cyber Team — a group of female ambassadors assembled to inspire women to pursue careers in the field.
How did you get into the field of cybersecurity?
I really wasn’t planning on doing anything with computers; however, the computer science teacher at my high school, she was like, ‘You should go to this camp.’ And this camp was called Rocket Girls, and they sent a couple of girls from the Midwest mostly … to Florida to the Kennedy Space Center. We got to learn about a bunch of different sectors in cybersecurity. One that they went over was forensics, which I thought was so cool, because essentially, they were just like, ‘Okay, go around the Kennedy Space Center and take some pictures.’ Then, when we came back, we analyzed those pictures. Some of them had the location of where you took them, and some didn’t. So, we learned that pictures save more information than you think they do.
How did you qualify and get selected for the U.S. Women’s Cyber Team?
I participated in some capture the flag events — CTFs. I do some cybersecurity research outside of work, solving puzzles and challenges on the interweb. By doing that, I was able to apply for the women’s team, and I got an interview. After that process … they go through all the interviews — all the stats of what you’ve turned in — and they’ll ask for a kind of player report of some of the CTFs you’ve been in. [They ask about your] GitHub, which is a developer platform where people essentially store their code that they’ve programmed, if they do that. I’m not sure how many people applied, but they interviewed 50 people.
You’re one of two Department of Defense personnel on the team. The other woman is Naval Surface Warfare Center Dahlgren Division, Cybersecurity Specialist Shiloh Smiles. With heavy competition from the private sector, do you think that’s a big deal?
It’s really awesome that there are two DOD people on the team. That shows we’ve got people in the government that are good at what they do.
Outside of work, how do you train for competitions, and what are they like?
After work or on weekends, we’ll meet up online and we’ll learn from each other. There’s a CTF almost every weekend, and you can pick and choose which ones you want to do. We’ll meet … to teach each other what we know. It’s kind of like a big sister/peer mentor thing, where we can learn from each other and build our skills. … So, you’re problem solving, you’re critical thinking — figuring out a way around whatever you’re working on — which I think is pretty awesome.
The challenges that we [tend to] see are web, forensics, cryptography, reverse engineering and binary exploitation, or PWN. PWN is when you get something like a software program that’s vulnerable. You have to figure out where the vulnerability is to exploit it to effectively get the flag or complete the goal around that.
Competitions can be hours long. What’s your strategy for combating fatigue?
If you’re staring at a problem too long and you’re just not getting it, take a break. Have someone else look at it. Go look at a different challenge or take a lunch break. Go get some water. Come back refreshed, and usually that really helps solve the problem. Maybe you just needed a little food, and then you’re fresh, good to go — looking at it with new eyes. Things just click.
There’s notable gender disparity in the cybersecurity field. Has that affected you?
It definitely has affected me. It’s actually a little bit of the reason why I got into cybersecurity. I was just like, ‘There needs to be more women in STEM, so let me do that.’ But also, in college, I was one of maybe two or three women in the classroom. Everyone else was a guy, and I think it’s harder to have your voice be heard in those situations. You can definitely speak up, but sometimes you still aren’t being heard. … There are getting to be more women in the field. It’s by no means equal, but it’s better. There’s progress.
What advice do you have for other young women looking to get into the field?
Do it. Try it. There’s so much to do in this field, so don’t feel like you need to tie yourself down to one thing. And if there’s one thing that really interests you, grab it and run with it. Cybersecurity encompasses so much. I don’t think people really understand that.
What is something that everyone should know about cybersecurity and how to protect themselves?
I think the best things people can really do to secure themselves online is to not reuse passwords. Use a password manager if you can and use complex passwords. Don’t have anything that’s like your name or related to someone you know, or a pet.
This article by Katie Lange was originally published on DOD News.