22 October 2020

Cyber Ramblings of a Middle-Aged Woman: The Hysterectomy

Michelle Welch Fuller

Personal reflections from a Synack customer success manager

By Michelle Welch Fuller

What’s this all about? This evolution of women in cybersecurity? To be honest, I have no idea, but I can relay a personal (attempted humorous) account of my middle-aged challenges while working in today’s cybersecurity world.

Foreword

So, setting the scene: As a 44-year-old woman, I work as a senior customer success manager remotely from the UK for a global cybersecurity company straight out of Silicon Valley. I’ve also just had an abdominal hysterectomy (bad timing as i just bought a Peloton!) which has the equivalent pain level of giving birth naturally.

This blog is a quick (and humorous) reflection on how I process and equate work and life experiences. There are literally no barriers in my life. I can do anything I want to do (invincible) and I am 100 percent supported as a woman, as a wife and as a mother.

Before I go any further, I want to talk briefly about the company I work for: Synack — just awesome! (Total Americanism!) Just look at our website: www.synack.com — I’ve been part of the Synack team for nearly two years, and of course they think I’m great! (I told you it would be brief). While Synack is not painful like a hysterectomy, there are some striking similarities. Please humor me and appreciate the comparison of my operation to Synack’s processes:

Pre-Op versus Client Onboarding

Patient: So I ask myself, “Am I getting a middle-age spread? Is it the wine?” Nope, actually it’s massive fibroids that make you look 28 weeks pregnant. After consultation and prodding, I am informed that at my age the only option is major surgery. I say “fair enough.” Then I ask for my checklist for preparation: Wash bag, pyjamas, Idler magazine.

Security: A client’s preparation to onboard onto Synack’s crowdsourced security platform is equally simple (and we don’t worry about “age”):

Consultation: What do you want tested? It must be important to you right?
Prodding: What’s under the hood and what’s the initial discovery analysis?
Options: Do you think your assets are vulnerable or not?
Expectations: Expect to be exposed by our crowd of security researchers, these are the best in breed. Once onboarded, you will have access to real time actionable results from the Synack Saas Platform.

During-Op versus Security Testing

Patient: At this point I am out of it! An epidural and local anesthetic means I have no idea how my insides are being exposed and what could be extracted post operation.

Security: Anyone new to Synack crowdsourced testing will often be concerned by the volume of researcher activity and how this impacts operations and services. In reality, all your publicly available assets are exposed all the time, so you are fair game to come under attack by any adversarial attacker. The difference is Synack uses a controlled and trusted crowd of ethical hackers. So, with Synack, the testing is very controlled.

During any security test with Synack you have real time visibility through the Synack portal. This means you will know your weaknesses or vulnerabilities while testing is underway. The real time results are visible via a client portal while the testing is active. It would be like sitting on the operation table watching the doctors fiddle around inside my stomach.

Post-Op versus Remediation

Patient: The most important part to ensure recovery:
What just happened? I was literally so high that I was making faces with my plate of food given to me by the nurse.
Well, I never expected this, but my body is under attack and trying to recover.
Compression socks and big pants — a woman’s ideal wardrobe.
‘Swelly belly’ caused by constipation and fluid retention.
Naming your faeces after chocolate (ferrero rocher and mini mars bars).
Weeks of recovery, which means a delay in Peloton levelling up!

Security: Don’t be oblivious to the results. In the wrong hands, your assets can come under attack and cause significant damage to your organization. Any company exploited by hackers and or that experiences a breach would undergo reputational damage, which can lead to lost customers and profits. Litigation is also a threat with users seeking monetary compensation. Regulatory bodies may also go after companies with hefty fines.

Put that security wrapper around your assets (not comfortable or sexy clothing).
Monitor your results and develop your fixes (don’t build up to bursting with a swell of vulnerabilities).
Remediate and get your vulnerabilities retested by Synack researchers to limit your exposure (shit happens but do your utmost to prevent it).
Continuously test and fix to reduce any exposed attack surface.

Afterword

Even though I wrote this at 3:30 a.m. while dosing up on my next set of painkillers, the hope is that this reflection resonates with individuals and organizations and inspires confidence that anyone can overcome daunting challenges with the right approach and the right tools. In fact, often the circumstances may be a bit crazy when you are engaging a security company; racing because of a new release, a third party engagement, or a new partnership or a new threat.

Synack meets the demands of its customers all while supporting their resources. We can respond and deploy within 24 hours when that “operation” is deemed necessary. You can be proactive, too. Help prevent adversarial attacks on your assets by using the world-class knowledge and experience of Synack’s resources, platform and security researchers.

Finally, if you want to have a more detailed account of an hysterectomy Synack, why we test and how we do it, please feel free to reach out for more information. The onboarding, testing and remediation phases are all easy to achieve. The ultimate aim is for you to derive the benefits of securing your assets using a service that works for you!

Keep safe and secure and thank you for reading!

Michelle