I Am a Mackenzie Brown Cybersecurity Consultant and This Is How I Work
Let’s hope the first cyberattack Mackenzie Brown helps you survive will be fake. Otherwise, you will end up calling her and her colleagues at Optiv Security if you’ve already been hacked. As an incident response consultant, Brown helps clients prepare for or recover from a hacker invasion. And as the founder of the non-profit organization Ms. GreyHat , Brown provides education and networking for girls and women learning and practicing cybersecurity. We spoke to her about her work in cyber security and her best security advice.
Location: Boise, ID Current gig: Incident Response Consultant, Security Optiv Current Computer: MacBook Pro, Surface Book Pro, Pi 3 for the hobby of hacking Current mobile device: iPhone (Apple addict) One word that best describes how you work : Flip. Like tossing a coin. It really is a fight between insanity or on / on autopilot.
First of all, tell us a little about your past and how you got where you are now.
When I was little, I thought I would become a famous movie star like Audrey Hepburn or Julia Roberts. After my first year in college with a degree in theater, I realized that reality is far-fetched, and to be honest, “little Idaho is moving to a big city” is a bit of a cliché anyway. After that, I had no direction. I’ve always been a little anal by nature, so I was in heaven when I got a temporary job in IT. I could learn new things and organize equipment and documentation like it was my personal Disneyland.
But it wasn’t until I dived into the environment for the first time that I really understood how technology infrastructure is the backbone of business operations. I was asked if I would like to participate in an IRS information security audit. NIST 800-53 , essentially an encyclopedia of procedures, assessments, and safety precautions for federal agencies, lay on my desk, and from that moment everything went downhill. This was a promising start to my information security career, which has led to a lot of self-training, certification, and valuable influence. I guess I could still be Julia Roberts from cyber security.
Tell us about a recent work day.
I woke up in my hotel and went through the client materials. I then spent six hours onsite interviewing the client’s internal information management team and reviewing data for a tutorial development project. I then worked side-by-side with a team of clients to execute the tasks in this book in real-time scenarios so that they could be prepared to have their organization ever compromised by a cyber attack.
I work from home when not on the road. My cats can’t talk about water coolers. My days with Optiv, at home or at work, are always different, and I am surrounded by incredibly talented colleagues. I try to immerse myself in the local community for public speaking and projects. I’m fortunate to have a job that doesn’t have boring days, and they encourage and support my work for the non-profit organization I founded for women and young girls in the cybersecurity field, Miss Grayhat.
What is the typical workflow at Optiv?
We conduct tabletop exercises, which are essentially “hacking” simulations, to assess, both strategically and technically, the client’s procedures, technical capabilities and communication plans in responding to real-world cyber threats. This helps our incident management team assess the current state of the client’s response skills and propose actionable actions to close the gaps and improve their incident response programs.
What apps, gadgets or tools can’t you live without?
Probably my iPad. Since I spend a lot of time on airplanes and surfing is too much for nosy neighbors to keep me busy while in flight, iPad is a must-have carry-on bag for roaming Amazon Prime and Netflix.
Of course, the usual social media channels and black hole are Pinterest. I am sure that, like most people, I have a love / hate for technology. I am simply amazed when functions make life faster and more convenient, and how they can really interfere with the quality of life. If only Buddha had quoted “there is an application for that,” we would all be a little more balanced.
How is your workplace arranged?
My workplace must be spotless, save for occasional cat hair and coffee stains. My desk is crammed with textbooks and items for inspiration. I have a laptop and a 25 ” monitor with multiple windows open and Spotify at full blast. I have a candle with Ada Lovelace on the front and my Pi 3 and Pineapple Nano side by side. A messy aquarium that never seems to stay clean. Finally, there is a plaque above me that reads “Well-Mannered Women Rarely Make History.” However, since I’m always on the go, my MacBook has everything I need to make any place my workspace.
What safety advice do you often give?
Think about what safety means to you . I use it because it is broad enough to apply to any of my audiences, and it helps remove the ambiguity and complexity that surrounds today’s cyberspace. Whether it’s a customer with deep technical experience looking to prioritize their tasks, or a Chief Information Officer (CIO) or Chief Information Security Officer (CISO) looking for a moment of aha-ha awareness, it allows professionals to take a step back and consider security as part of a broader corporate goal. Our industry is so inundated with buzzwords and hot new tools that businesses and decision makers are inundated with noise. The Optiv team and I work with simplicity and approach security from the inside out, or emphasize that you need to be proactive in your security strategy and not always act in response to threats and vulnerabilities.
Who are the people who help you achieve results, and how do you rely on them?
My shadow work partner is Curtis Fechner. He helped me understand the art of incident response in the enterprise, as well as enjoy the “dead bodies” excavation you find along the way. It is extremely exciting to be able to guide our clients in crisis situations, whether exercise or in real time, and open their eyes to how hackers do what they do. With Curtis’s help, I’m ready to point out very highly professional and experienced cyber security professionals: this is where you are weakest, this is how the bad guys get in, this is what they want, and this is how I’m going to help you make sure it isn’t. will happen.
How do you keep track of what you need to do?
A list of OneNote notebooks for everything project and personal, then a separate whiteboard for important things for the week, then a blackboard of the month, broken down by travel, concerts, appointments and recharging days needed. I am addicted to making lists.
How to recharge or relax?
I suck on recharge. My gym workout and sleep is how I relax. Now the real recharge is disconnect and go. In the winter, I like to snowboard or relax in the summer and go mountaineering.
Alas, recharging is difficult to schedule. But I really think it’s important to disconnect and only give yourself time.
What’s your favorite side project?
Miss Gray Hat Organization. We empower women, educate students, and prepare professionals in all areas of cybersecurity. Understanding risk and reward in an ever-changing digital world is a must for everyone. We strive to provide a more flexible and less intimidating interpretation of cybersecurity, as well as bridge the gender gap and diversity in technology. We do this through training courses, seminars and speaking at conferences.
What are you reading now or what do you recommend?
Steal the Net: How to Own Ryan Russell’s Box . I found myself struggling to develop realistic tabletop battle scenarios. In short, I didn’t think like a hacker. When we design these scripts for clients, we want them to hit houses and hit them hard. This secret ingredient is vile thinking. I kept thinking like a security professional, very process oriented and all about the specific use of controls. But real security incidents are not like that. They are messy, unpredictable, and sometimes even accidentally motivated rather than targeted. This book helped me a lot to discover the point of view of this enemy.
Who else would you like to see to answer these questions?
Women in leadership positions. Few manage to meet them, let alone their experiences, their aspirations, and their innate passion. These are the kinds of experiences I enjoy reading because I want to share and get inspired.
What’s the best advice you’ve ever received?
I always hear my mom say “change channel.” When I’m in my head, I overestimate the problem or repeat in a loop what I can’t do anything about, change the channel. Even typing it keeps me warm. Through tough times and tough conversations, we learn the most about ourselves, but if it no longer serves you or positively affects your behavior, stop obsessing about it.
What problem are you still trying to solve?
My confidence. I know it’s perfectly normal and often to feel insecure about various aspects of my life, but personally, I feel like mine sometimes hold me back. For the most part, I strive to be as good or fast in everything as the people I surround myself with. I find myself saying yes to too many projects or trying to live up to unrealistic expectations of others. I have to remind myself every day that I am exactly where I need to be. That I can say no and accept what I cannot control or meet. I must remind myself to be patient with my own progress and abilities. And most importantly, I must recognize what makes me special and valuable in order to radiate a healthy balance of confidence and humility.