Sam Jarman

View Original

Security and the Future with Laura Bell

Laura Bell. Security Nerd.

Introduce yourself! Who are you? Where do you work?

I’m Laura Bell, you might have met me on the internet or at conferences or as part of my work at SafeStack. I’m a 33 year old security nerd from Auckland, New Zealand with two missions in life:

  1. Make sure everyone has the right to be safe on the internet

  2. Help people build amazing (secure) things, really, really fast

I founded SafeStack in 2014 as a way to change the way we do security in fast paced environments and to bring some innovation to the way we do security.

 

Who or what got you into security?

I’d just graduated university and took a job doing Java development for the UK government. It was not as much fun as the brochure promised and soon I had many feelings and opinions about the quality of the code I was writing.

Eventually these feelings and opinions reached the ears of the security team who gave me an option other than get fired. I moved to work with them and switched from development to penetration testing and red teaming (hacking for good not evil).

 

Why should developers worry about security?

There are two ways to see this.

Most developers aim to build high quality code that minimises defects first time around. By doing so they can move onto more exciting challenges and provide an excellent product. Security is a quality measure in the same way that scalability and performance are. We need these things as much as we do functionality.

Secondly, thinking about security as a developer can mean embracing simplified designs or removing ambiguity, confusion and complexity. These are the places that security vulnerabilities like to hang out. When we start working in this way our code is better quality, easier to maintain and more secure. This all means we can go even faster.

 

I recently heard that security jobs will outlast programming jobs. Do you think this is true? Why?

I don’t agree.

Security jobs in their current format will cease to exist soon enough. The future won’t need isolated specialists for most roles, it will need proactive hybrids.

I think the reality is all of our roles are evolving. The best of us will just adapt and evolve along with them.

 

How has conference speaking (we’ve all see you around!) impacted your business and career? What’s the strategy there?

Hahahah Strategy?

Honestly, I started speaking internationally as a bet to myself. I wanted to find a way to get better at speaking and so in a sudden burst of enthusiasm, I applied to some massive USA conferences in the dead of the night. I then promptly forgot all about it.

Four months later, my inbox filled with acceptances and I had to step up and give it a shot.

SafeStack is a tiny bootstrapped company without a marketing team or budget. Conference speaking has given us a chance to show our approach globally despite the lack of resources.

It’s been great for the business obviously but on a personal level it led to the book (Agile Application Security by O’Reilly) and a network of peers around the world that I can learn from and share with.

 

What has been your toughest lesson to learn in your tech career so far?

That it’s ok to have a different approach to those around you and that it’s ok to fail. Security is a field that likes to play it safe. We have stuck with the same ways of doing things for years without challenge. Trying new things is scary but it means we can learn and grow. Embrace failure as part of this process.

 

When you mime programming to somebody, do you use T-rex arms, or wiggly fingers?

Wiggly fingers for life.

 

What would be your number one piece of advice for a successful tech career?

Embrace serendipitous discovery. Don’t plan your career, the world is changing to quickly. Embrace the challenges around you, take risks and see where you end up.

 

Have you got any hobbies outside of your job? Do you think they help your tech career in any way?

I have a 4 year old daughter so I spend a lot of time learning about animals and dinosaurs right now. I’m also an amateur photographer, surfer and do Yoga.

Does it help my career?

Directly? probably not. However security is a very stressful space (as is being a company founder) making room for hobbies outside of technology gives you the headspace and relaxation to tackle hard challenges in your day job. If you don’t have an outlet, you get a little broken.

 

What books/resources would you recommend?

Of course you should all be checking out the latest OWASP Top 10 that was released in November 2017 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project but here are a few books and things that you might also find interesting.

Books:

The Tangled Web

The Art of Software Security Assessment

(Oh and I guess my book but that feels gross to talk about)

Videos:

https://www.ted.com/talks/apollo_robbins_the_art_of_misdirection

https://www.youtube.com/watch?v=kZr-8_9zuqM

 

Finally, make your shoutout! What would you like the readers to go have a look at?
 

At this time of year, go look at something other than your work. Go out and get a break. Reconnect with the world and your loved ones.

If that’s not your jam however you might want to give some love to your favourite open source projects. Every OS project needs extra hands and we need to all get stuck in to make them safer to use and more sustainable.