Tribe of Hackers Spotlight: Kelly Lum
Kelly Lum has “officially” worked in information security since 2003 and is currently a Security Engineer at Spotify—where she brings over a decade’s worth of application and network security experience from the financial and government sectors to the startup space.
Additionally, she teaches as an Adjunct Professor of Application Security at NYU.
Don’t know what the Tribe of Hackers is? Check it out here!
If there is one myth that you could debunk in cybersecurity, what would it be?
One thing that I have observed is that there is still this preconception that InfoSec is some sort of mystical art that can only be done by the rare, chosen few. It isn’t just non-technical people, either. I’ve walked intimidated developers and students through proof of concepts (POCs), and it’s always cool to see their reaction when they get it working.
What qualities do you believe all highly successful cybersecurity professionals share?
Curiosity, passion, and maybe—most importantly—humility. A willingness to give back to the field as you grow in it.
What is the biggest mistake you’ve ever made, and how did you recover from it?
I think my biggest mistake was falling into the misconception I described in question one. I’ve always been surrounded by incredibly smart InfoSec folks, and for the longest time, had insane imposter syndrome. One day, I was sitting next to one of those incredibly smart people, and he couldn’t figure out how to exploit a vulnerability he had found. I did. People tend to broadcast their successes, not the hours they spent banging their head on the desk trying to get there. When you compare yourself to other people, you’re comparing yourself to that outward image and doing yourself a disservice.
Also, one time I put an OR rather than an AND in a conditional and took down a production website for about three minutes.
To read all of Kelly’s answers, sign up for our email list on the right and be the first to know when Tribe of Hackers is released.
Check out some of our other Breach and Attack Simulation and cybersecurity content while you’re at it:
- Breach and Attack Simulation vs. Pen test
- Tribe of Hackers Spotlight: Lesley Carhart
- Tribe of Hackers Spotlight: Emily Crose