Unusual Journeys Into Infosec featuring Nicole Beckwith

Welcome back after a short break from the series, but we are back on target for the next 10 articles, spotting stories from afar, to judge their velocity and impact in the infosec community.

Because this week we have a Graphic Designer, Mum, LEO, come Ohio’s first female Sniper and DFIR expert-Nicole Beckwith.

If you are new to the Unusual Journeys into in Infosec articles, the vision for the series is to provide stories and inspiration for those who may have not considered, or may be struggling to find a path into Infosec!

Not a lot scares me or intimidates me but if it does I do it anyway. One of my favorite quotes is “A ship in its harbor is safe but that’s not what ships are built for.”

There have been a range of stories in the first 10 chapters of this series that show off the perseverance, drive and attitude that makes the infosec community so powerful.

This back story of Nicole, who in my opinion is a rising star, is another example of how hard work, dedication, and facing into challenges really pays off. This is Nicole Beckwith’s unusual journey into Infosec!

CyberSecStu (CSS): My vision for this article (or series), is to help break the illusion that you have to follow a certain route to have a career in infosec.

Although you just posted some great content (in reference to a Twitter post), where did it all start for you?

Nicole Beckwith (NB): My love of computers started when I was 11 and got my first computer. A shiny new Tandy 1000 from Radio Shack.

Complete with a dot matrix printer which I can still hear the sounds of. After tearing it apart and putting it back together (much to my fathers dismay) I started trying to teach myself the programs, and how not to die of dysentery in the Oregon trail.

I stayed involved in computers and taught myself everything I could. I had a few teachers that helped throughout school. Then in high school I started dating a hacker who did it for work and a little for fun. He taught me a lot of what I know now and pushed me to challenge everything.

I started teaching myself programming (C, Java, VB) and then took some programming classes in college. My instructor at the time told me I really needed to focus on the programming because I was writing at a level he hadn’t seen before.

Of course I didn’t listen and continued down the graphic and web design path. Flash was all the rage back then and I was good at it. Out of school I got a job at a Fortune 500 office doing IT, good old phone punch downs and network infrastructure, and quickly fell in love.

CSS: As many know throughout this series, I have an art background. What attracted you to graphic design?

NB: I’m pretty artistic and had a father who really pushed art. It was a great stress reliever for me. I still paint for fun, mostly oriental watercolor, and design on a volunteer basis for folks who need something.

After seeing what that first IT company paid me and what they billed me out at I decided I could make more on my own. I started a graphic and web design company which did really well for the 6 years I had it. It paid my bills and allowed me to be flexible as a new Mom and stay at home while my ex worked.

CSS: Excellent!!

NB: After a nasty divorce and seeing how expensive health insurance was I put my resume out there and got picked up by a defense contractor as a marketing communications manager. I really started seeing the problems with cybersecurity there.

We had folks talking about secure projects over Facebook messenger. So I wrote the first social media policy for our office and I’m told headquarters adopted it shortly after I left.

CSS: Was that the turning point for you?

NB: Yes. I thought everyone knew how unstable and insecure these apps and programs were.

Its a longer story as to why I decided to go to the Police Academy but it has paid off in spades. Shortly after the police academy I was quickly recognized as one of the only officers who really understood technology and computers so naturally I was given all the computer crimes and technical cases.

CSS: Wow — that’s a great accolade. How did you deal with that?

NB: Yes, and it was apparent to me what a skill shortage there was in law enforcement in that area. The local Secret Service office also picked up on this and invited me to go to NCFI, the National Computer Forensics Institute. Which of course I was extremely excited about.

So I spent the next 18 months training in every course possible on the computer (dead box) and network intrusion side. As of now I don’t do mobile forensics, it doesn’t really interest me.

Hoover Alabama was my home away from home, my dogs even came down with me! They gave me tens of thousands of dollars worth of equipment and sent me back home. I’m the only person in my state office who does forensics but locally we have a strong task force and several really smart people who rely on each other for help. I continue to grow every day.

Our office started seeing a spike in ransomware among local governments and my boss, the state auditor, asked me if there was anything we could do to warn our governments. We decided to put out a best practices newsletter, a press release and develop a training program. The first two rounds hit 16 locations and trained over 1500 people. (Update: It is now over 6000 officers and government employees trained at over 60 locations)

This third round that is getting ready to start is the basic class but I also received feedback from law enforcement asking how they respond to these calls when they come in. So I developed a three hour basic training for officers on cyber crime response and investigation. I have over 47 classes planned so far this year. My goal is to get Ohio out of the top 10 for cybercrime.

CSS: That is seriously inspirational- and some task ahead of you!

NB: And I just registered for classes to go back to college for computer and network security, unfortunately people want the piece of paper.

CSS: So what advice would you give to people who might want to follow your path?

NB: Don’t give up. Find that one person who believes in you (even if it’s yourself), and keep going no matter what. Mine is my son, he’s constantly telling me I’m awesome. Never stop learning, read at least 5 articles a day and 1 book a month. There is no such thing as an “expert” in this field because it is ever changing. Find your niche and go with it.

CSS: This is great! What do you think the biggest challenges are for new people trying to break into the industry?

NB: For me it was the lack of consideration if you don’t have multiple certifications. I think most people who are serious and have been in the industry know that a piece of paper does not tell the story. But for those who don’t understand it results in great candidates being turned down.

Not everyone can start out with certificates and I’d rather hire someone who is passionate and willing to learn than a person with a masters with no practical application experience.

CSS: What can the industry do to help new people?

NB: Offer training and professional development which most already do, but also offer incentives or compensation based on getting those certifications within a year of being hired. It’s a win win for everyone.

CSS: This is definitely something that has been discussed before in the series. Is there anything else you’d like to add?

NB: There is one major trend I have seen though teaching that I would like everyone to think about, and that is that cybersecurity is not just an IT function, it's an everyone function. It takes everyone in an office to keep the bad guy out.

Also, I’ve been fortunate and have had great people back me up, from my bosses to the tremendous staff at NCFI and the Secret Service. I love what I do and love helping in any way possible.

I think we need to realize we are all on the same team, red team, blue team… at the end of the day we all want to make the world a safer place. So no matter what your path to infosec was, if you are passionate and want to make a difference, we can do it! Go Team!

And yes I am a certified sniper but I only do competitions.

CSS: That is simply amazing!! I have one more question, how do you balance work with being a mum?

NB: My Son is my biggest fan and keeps me grounded.

CSS: That’s awesome!

NB: The balancing act is hard, I also take care of my Dad who is disabled. I have split custody with my ex husband, my son’s Dad so on the weeks that he is with his Dad I work non-stop to get everything possible done that way when I have him I can take him to school and pick him up.

I typically work some at nights and weekends so that I can spend as much time as possible with him when I have him.

I guess I really don’t sleep a whole lot now that I’m thinking about it.

My Dad helps out also. If I have something that can’t be scheduled on the days I need he will take care of my son. I am really lucky he is around.

CSS: Well it’s clear that you are an inspiration for those who know you, and I imagine those who will get to learn your story after this is published.

The key takeaway from Nicole’s journey into infosec is that have a “can do attitude”, and getting stuck into new opportunities really is vital if you want to succeed.

What I have also noticed recently with these interviews and discussions within the industry, is that there is a perception that you need to have a Compsci or CyberSecuirty degree to get into infosec. The reality is that application of knowledge and skills are as, or in most cases, more important that academia.

But most of all, the commitment, drive and attitude displayed by Nicole is an inspiration to us all, and something I have taken away from this interview. No matter what your circumstances, there is always a way to achieve your goals- if you want them enough, and that something we can all learn from.