CyberWire Daily - Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
Episode Date: May 7, 2023Shelley Ma, Incident Response Lead at Coalition sits down to share her story, starting all the way back when she was a kid and fell in love with playing the game "NeoPets" that ended up paving the way... for her future in cybersecurity. After starting this journey, she shares how she became intrigued with crime and mystery shows, which ultimately spawned an interest in forensic science. She ended up signing up for an internship program that she was able to get into, which she says was a pivotal change for her that provided her the chance to begin her career. She shares the advice that if anyone is looking to get into this career, she highly recommends looking into the career before beginning. Following some advise given to her by a professor and mentor, she says that telling the truth helps her deal with adversity in the workplace. Shelley says "In our industry, there are so many opportunities for our opinions and testimonies to be coerced and swayed. I refuse to do that and every time I come back to what my professor said, if you don't want to spend the rest of your life looking over your shoulders, just simply tell the truth." We thank Shelley for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Shelley Ma. I am an incident response lead with Coalition Incident Response.
Whenever I talk about the inception of my interest in the field of digital forensics and incident response, I always feel like the story is generally incomplete without my mentioning of Neopets,
because Neopets is really what started it all for me.
It's this virtual pets website, primarily for kids and teens, and maybe some adults, where users can own virtual pets or Neopets.
Beyond the whole pet part, which was great fun, it has its own little economy and marketplaces that for me was a fantastic introduction to the fundamentals of capitalism.
to the fundamentals of capitalism.
I'm like 11 years old at this point.
I didn't know anything about social engineering or phishing, hacking, website manipulation.
And those words were nowhere close
to entering my vocabulary,
but that's what I was doing effectively.
And I'll spare you the details
of my short-lived hacking career,
but suffice to say,
I was driving that proverbial Ferrari in Neopets.
I had a lot of time on my hands, so I became obsessed with crime and mystery shows on TV.
My favorite shows were like Law & Order, CSI, and Forensic Files, and I really
enjoyed the mystery. That curiosity spawned an interest in forensic science. Fast forward
several years, I came face to face with a university application, and I discovered that
I couldn't find forensic science as a course anywhere in my country.
I never gave up that dream of pursuing forensics.
So one day, there was this guest lecturer that came in to do a presentation
and he was considered a celebrity forensic scientist in South Africa.
So I attended this lecture, hoping to, I guess, live vicariously through his stories.
And at the end of the talk, I raised my hand and I asked him for his wisdom on how I can become a
forensic scientist. And his response was, go to America. So it wasn't the advice that I expected.
So the prospect of going to the United States to pursue an education was a far-fetched reality for me.
But I still held on to, you know, a glimmer of hope.
And I kept looking for gateways and opportunities that would take me a step closer to forensic science.
And that's when I discovered the Fulbright Scholarship.
This was a scholarship program that sponsored international students to study at a
United States graduate school. And my attitude back then was to apply to everything under the sun.
By some miracle, stroke of luck, good juju, whatever you want to call it, I was selected
as a scholarship recipient. So what happened after that was on the very first day of the semester,
So what happened after that was on the very first day of the semester, all of these new students were advised to attend the forensic department's orientation.
And I remember sitting there in the front row and watching and listening to the heads
of all these forensic programs do their presentation.
And I had no idea what digital forensics was, but I was hooked.
And I was so excited because I knew that's what I needed
to be doing for the rest of my life. So the first thing I had to accept was that I was making a
pivotal change in my life. It was pretty drastic. So the first thing I needed to do was actually
get approval from the scholarship folks and try and get into the program in the very first place.
And I remember when I spoke with the program coordinator, she asked me if I had any ties to
China and Russia and the Middle East. And I said I didn't. And then she said,
okay, well, that brings you one step closer. A lot of the university professors were in government,
like from the DOJ and the FBI and the DEA. And so I think there was a lot of like,
concerns around the sensitivity of the stuff that they were teaching us.
I ended up moving to Virginia to be closer to that campus.
And then there was a lot of groundwork and a lot of foundational work that I had to do
to learn the basics.
And then from there, you know, it was a pivot into an internship and a career ultimately. I would advise that before you invest significant time and or money on a new career trajectory to
first do a deep dive into the topic
by yourself. I don't just mean reading Wikipedia articles. I mean really doing the research into
the granularities of the subject matter. So I tend to say that doing a solo deep dive and tinkering
is warranted before taking a bigger step. If something tickles your fancy and you're interested in it more than just
a hobby, but as a possible career, then look into what you need from an accreditation or
education standpoint to get there. I also recommend speaking to as many people as you can who are
already in the career that you're interested in and ask them about not only things that they love
about what they do, but also the
things that they find challenging and difficult and see if there's an opportunity for you to
work shadow them so that you can get an accurate glimpse of what their day-to-day is like.
Oftentimes in my field, I come across adversity in the form of entities or people who want to sway my opinion or sway my
conclusion. The advice that I always carry forward with me is if you want to sleep well at night,
always tell the truth. My forensics one professor had imparted that advice onto me
and it's one that I repeat very often to my peers. We are analysts and we live and breathe data.
The evidence is in the data
and any professional opinion that we give
has to be backed up by the evidence.
In our industry, there are so many opportunities
for our opinions and testimonies to be coerced and swayed.
I refuse to do that.
And every time I come back to what my professor said,
if you don't want to spend the rest of your life
looking over your shoulders, just simply tell the truth.
A very rewarding aspect of my career is teaching others.
I feel like so many of the world's problems could be
solved if we just shared more information with each other. The fact of the matter is that hackers
and their techniques are continuously evolving. Technology is continuously evolving. And so in
our industry, being in a constant state of learning is not just a nice to have, but an
absolute necessity. And the last
thing I want to be is surprised or blindsided and immobilized when we receive those outlier cases.
There's no place for stagnancy in my career, and I hope that I could continue to teach others
and leave behind knowledge into the world.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.