There’s a mantra in the hacking community: Try harder.
ITPro Today spoke with white hat hacker Dawn Isabel about her career and the advice she has for pursuing ethical hacking roles. Isabel is the senior director of research and a penetration testing specialist for NowSecure, a mobile security company based in Chicago. Her prior roles include building and running a university penetration testing service, leading a mobile tools development team at Hewlett Packard Enterprise, and several years in consulting. Isabel has delivered talks and workshops at the DEF CON 30 Girls Hack Village, OWASP AppSec, WiCys, DefendCon, SUMIT, and VirSecCon. She enjoys hacking iOS and watchOS and has constructed jailbreaks on Apple watches.
This interview has been edited for length and clarity.
What first drew you to ethical hacking?
Dawn Isabel: I’ve always enjoyed puzzles and detective work. When I was in college, I realized that writing code is basically an endless series of riddles and puzzles to solve.
I initially worked in application development for several years before turning my full attention to hacking and cybersecurity. But the event that triggered my interest happened when I was still in school: My email account was hacked while I was away on vacation! At first, I was just mad (if I’m being honest, I’m still a bit salty about it), but after I recovered my account, I was really motivated to understand how the attacker got in and how it could have been prevented.
Dawn Isabel
What certifications and education have been most beneficial to your career?
Classes and certifications were very impactful early in my career when I was trying to land my first full-time role in security. I took several SANS courses and certifications at the time, which included writing a paper that was picked up by the Internet Storm Center handler’s diary. Unbeknownst to me, the director of security at my employer saw the post, read my paper, and connected it back to me! That lucky break eventually led to a job offer in his department, where I spent three years on a team responsible for incident handling and penetration testing.
What is the best piece of advice you’ve received?
There is a saying in the hacking community: “Try harder.” I was often frustrated by that mantra early in my career; it seemed like it was mocking me at times when I was stuck. But over time, I’ve come to interpret it differently. You have to get comfortable with failure. Building expertise in hacking definitely requires practice, but it also is imperative that you are willing to fail far more than you succeed. And when you do fail? You learn from it, you talk about it to anyone who will listen, and then you try again.
What is the most helpful guidance you’ve received from mentors?
I’ve been very lucky to have had a lot of mentors over the course of my career. The most influential ones have pushed me to think about my goals and have encouraged me to stretch past my comfort zone. They have also provided honest and objective feedback when asked – something that has been crucial to my growth.
For people just beginning their careers, what pitfalls should they avoid?
I think the biggest pitfall is assuming that others are responsible for advancing your career. You have to take the lead and be vocal about what you want in your career path. If you aren’t sure, that’s okay too! Just be clear with your manager, so you know that you are driving your career vs. your career driving you.
