Hopefully, the first cyber-attack that MacKenzie Brown helps you survive will be a fake one. Otherwise you’ll end up calling her and her colleagues at Optiv Security when you’ve already been compromised by a hack.
As an incident response consultant, Brown helps clients prepare for, or recover from, intrusions from hackers. And as the founder of the non-profit Ms. GreyHat, Brown provides training and networking for girls and women studying and practicing cybersecurity. We talked to her about her infosec work and her best security advice.
Location: Boise, ID Current gig: Incident Response Consultant, Optiv Security Current computer: MacBook Pro, Surface Book Pro, Pi 3 for hobby-hacking Current mobile device: iPhone (Apple addict) One word that best describes how you work: Flip. As in coin flip. It’s really a toss-up between being frantic or in the zone/on auto-pilot.
First of all, tell us a little about your background and how you got to where you are today.
When I was a little girl, I thought I was going to become a famous movie star like Audrey Hepburn or Julia Roberts. After my first year of college as a theatre major, I realised that reality was far-fetched, and honestly the “little Idahoan moves to the big city” is a bit cliché anyway.
I had no direction after that. I’ve always been a little anal-retentive in nature so I was in heaven when I got an IT support temp job. I was able to learn new things and organise equipment and documentation like it was like my own personal Disneyland.
But it wasn’t until I dove head first into the environment that I truly understood how technology infrastructure is the backbone to business operations. I was asked if I wanted to participate in an IRS audit for information security. A NIST 800-53, essentially the encyclopedia of procedures, assessments, and security controls for federal institutions, was plopped on my desk and it was all downhill from there.
It was a promising start to my career in information security and led to a lot of self-studying, certifications, and valuable impact. I suppose I could still be the Julia Roberts of infosec.
Take us through a recent workday.
I woke up in my hotel and reviewed client materials. I then spent six hours onsite interviewing the client’s internal information management team and reviewing data for a playbook development project. I then worked side-by-side with the client team on executing the tasks in that playbook in live time scenarios so they can be prepared should their organisation ever be compromised in a cyber-attack.
I work from home when I’m not on the road. My cats aren’t great at water-cooler talk. My days with Optiv, whether at home or on-site, are always different, and I’m surrounded by incredibly talented coworkers. I try to immerse myself locally for public speaking engagements and projects. I’m blessed to have a job where no days are bland and they encourage and support my work in the non-profit I founded for women and young girls in cyber security, Ms. GreyHat.
What’s a typical work process at Optiv?
We run tabletop exercises, which are essentially “breach” simulations, to evaluate, from both a strategic and technical response perspective, a client’s procedures, technical capabilities, and communication plans in responding to real life cyber threats. These help our incident management team assess the current state of a client’s response proficiencies and offer actionable steps to close the gaps and improve their incident response programs.
What apps, gadgets, or tools can’t you live without?
Probably my iPad. Because I spend a good amount of time on planes, and shoulder surfing by nosy neighbours makes working while flying a struggle, the iPad is a necessary carry-on for binge watching Amazon Prime and Netflix.
Of course the normal social networking feeds and the black hole that is Pinterest. Just like most, I’m sure, I have a love/hate relationship with technology. It blows my mind when features make life move quicker and more conveniently, and how they also really can be a hindrance on quality of life. If only Buddha quoted, “there’s an app for that,” we would all be a bit more balanced.
What’s your workspace setup like?
My workspace has to be pristine, minus the occasional cat hair and coffee stains. My desk is filled with some study books and items for inspiration. I have my laptop and 25" monitor with multiple windows open and Spotify on full blast. I have a candle with Ada Lovelace on the front and my Pi 3 and Pineapple Nano next to it. A dirty fish tank that seems to never stay clean.
Finally, I have a board above me that reads “Well-behaved women rarely make history.” However, because I’m always on the move, my MacBook has everything I need to make any location my workspace.
What’s a piece of security advice you frequently give?
“Rethink what security means for you.” I use this because it’s broad enough to relate to whatever audience I have and also helps to remove the uncertainty and complexity surrounding today’s cyber landscape. Whether it’s a client with in-depth technical experiences who is looking to prioritise their challenges, or an executive level chief information officer (CIO) or chief information security officer (CISO) who is looking for some “ah ha” moment of realisation, it allows professionals to take a step back and view security as part of the broader corporate goal.
Our industry is so flooded with buzzwords and hot new tools that businesses and decision makers are swamped with noise. The Optiv team and I engage with simplicity and approach security from the inside out, or emphasise being proactive with a security strategy, as opposed to always operating in response to threats and vulnerabilities.
Who are the people who help you get things done, and how do you rely on them?
My work shadow partner Curtis Fechner. He has helped me grasp the art that is enterprise incident response, and also to enjoy digging up the “dead bodies” you’ll find along the way. It’s extremely captivating to be able to lead our clients in crises, whether it’s an exercise or real-time, and open their eyes to how hackers do what they do.
With Curtis’s help I’m poised in pointing out to very high level and experienced information security professionals this is where you are weakest, this is how the bad guys get in, this is what they want, and this is how I’m going to help you make sure that doesn’t happen.
How do you keep track of what you have to do?
OneNote notebook list for everything project and personal wise, then a separate white board for critical to-do items for the week, then a chalkboard of the month that breaks down travel, gigs, appointments, and the necessary recharge days. I am addicted to making lists.
How do you recharge or take a break?
I suck at recharge. My gym sessions and naps are how I unwind. Now a true recharge is unplugging and getting away. In the winter I enjoy snowboarding, or taking a summer day off and going mountain climbing.
Alas, recharge is difficult to schedule. But, I do think it’s important to unplug and allow time for just ourselves.
What’s your favourite side project?
The Ms. GreyHat Organisation. We empower women, educate students and develop professionals in all things cybersecurity. Understanding the risk, and reward, of an always-innovating digital world is a must for everyone. We aim to guide a more resilient and less fearful interpretation of cybersecurity, while also addressing the gender and diversity gap in tech. We do that by providing training courses, hosting workshops, and speaking at conferences.
What are you currently reading, or what do you recommend?
Steal the Network: How to Own the Box by Ryan Russell. I found myself struggling to develop realistic scenarios for tabletop engagements. In short, I wasn’t thinking like a hacker. When we develop these scenarios for clients, we want it to hit home and hit home hard. A nefarious mindset is that secret ingredient.
I kept thinking like a security practitioner, very process oriented and all about specific control usage. But real security incidents aren’t like that. They are dirty, unpredictable, and at times even randomly motivated versus targeted. This book has helped immensely with opening myself to that enemy’s perspective.
Who else would you like to see answer these questions?
Women in executive level positions. Few and far between getting a chance to meet them, let alone hear about their experiences, their drive, and inherent passion. Those are the types of experiences I like to read, because I want to relate and be inspired.
What’s the best advice you’ve ever received?
I can always hear my mother saying “change the channel.” When I’m in my own head, I’m overanalyzing a problem, or I’m replaying on a loop something I can’t do anything about, change the channel. Even typing it out gives me warmth. Through tough times and hard talks we learn the most about ourselves, but if it no longer is serving you or positively impacting your behaviour, then stop dwelling on it.
What’s a problem you’re still trying to solve?
My confidence. I know it’s completely normal and common to hold insecurities throughout different aspects of your life, but I personally feel like mine sometimes hold me back. A lot of my drive is because I want to be as good as or up to speed on everything as the people I surround myself with. I find myself saying yes to too many projects or trying to meet unrealistic expectations of others.
I have to remind myself every day that I am exactly where I need to be. That it’s OK to say “no” and accept the things I cannot control or meet. I have to remind myself to be patient with my own progress and ability. And most importantly, I have to recognise the things that make me different and valuable in order to exude a healthy balance of confidence and humbleness.