Tribe of Hackers Spotlight: Wendy Nather
Wendy Nather is a mild-mannered threat intelligence research director by day and a former Analyst and CISO in the public and private sectors.
Warning: This interview may contain snark.
Don’t know what the Tribe of Hackers is? Check it out here!
If there is one myth that you could debunk in cybersecurity, what would it be?
The biggest one from my perspective is the idea that all of the users of our systems need to know as much as we do about security. Back in the early days, in the ’70s and ’80s, when we were first building these systems, we built them for each other. And everyone in the community had pretty much the same level of knowledge. When you designed something, you were designing it for yourself and for people who knew the same things you did. The description of an intuitive interface really made a lot of assumptions that somebody else had the same background that you did, and therefore, they would be able to intuit what you meant with something. That’s completely different now. The rest of the world is using technology, and none of them understand security or IT in the same way that we do. If I could, I would kill the idea that they do understand the same things we do and, furthermore, that they must understand the same things we do. I think it’s unfair to expect them to have the same level of knowledge.
What is the best book or movie that can be used to illustrate cybersecurity challenges?
There are so many books, and they all seem to cover different slices of what is a really expanded whole. I don’t really think there’s any movie that’s covered it well, and I know people who love the classics like Sneakers and Hackers and so on are going to disagree with me there, but as a professional who’s worked on the defense side all this time, I’ve never really found a movie that I could relate to. So, I think that’s long overdue.
From a facetious point of view, if I were to make a movie about the life of a CISO, a lot of it would be staring at Excel spreadsheets and turning off the notifications on your phone. It’s really hard to portray, but I wish somebody could do it in a way that wasn’t overly sensationalized. There are a lot of state actor attacks and sensational headlines that we see, but we don’t see the really boring stuff like, “Oh, Bob has been going to the wrong website again,” and “I’ve got to pull the logs and give them to HR, and I just hate my life right now.” It’d be really interesting to get this information from a lot of CISOs and see if you could put it together into an interesting enough movie that didn’t fall back into the sort of “hacker scene.”
What is a life hack that you’d like to share?
Sometimes I go on what I call a “data cleanse,” and I will just stop reading things, listening to things, and I put my phone away. I try to spend a lot of time without other people’s words and thoughts in my head. And I find that it’s pretty hard at first, but it becomes very relaxing the longer you do it. Today, we are so used to reading as much as we possibly can—because it’s so available and it’s at our fingertips—instead of picking one book and spending a week reading it and thinking about it. So, I just try to step away from all of that and try not to ingest as much data as possible all the time.
Also, in the past, the data that you got was maybe from the daily newspaper. Or it might have been from whatever discussions you were having in school, or from that one person who called you up during the day and talked with you on the phone. So, you had a much more limited incoming stream of information. You might watch one show on TV, or maybe a couple of shows, but that is so much less than the amount of information that’s sitting and waiting for you in all the tabs on your browser right now. Back then, I think people had more time to think about what was being said, and they had more space—instead of being bombarded by everything that we have now, with immediate texts and calls and messages and everything.
To read all of Wendy’s answers, sign up for our email list on the right and be the first to know when Tribe of Hackers is released.
Check out some of our other Breach and Attack Simulation and cybersecurity content while you’re at it:
- Breach and Attack Simulation vs. Pen test
- Tribe of Hackers Spotlight: Lesley Carhart
- Tribe of Hackers Spotlight: Dug Song