It will take a paradigm shift to defend our national security moving forward. Women and people of color should be at the forefront of this effort. Demystifying Cybersecurity, a #ShareTheMicInCyber and Ms. magazine monthly series, spotlights women from the #ShareTheMicInCyber movement—highlighting the experiences of Black practitioners, driving a critical conversation on race in the cybersecurity industry, and shining a light on Black experts in their fields.
Tennisha Martin is the founder and executive director of BlackGirlsHack, a national cybersecurity nonprofit dedicated to providing education and resources to underserved communities and increasing diversity in cybersecurity. She has worked in a consulting capacity for the government and in the private sector for over 15 years doing security testing, quality assurance, penetration testing and project management.
In her spare time, Martin is a mentor, a professor of computer science and cybersecurity at Voorhees University and an advocate for diversity in cyber.
Lauren Zabierek and Camille Stewart: What do you do? What does a normal day look like for you?
Tennisha Martin: I am a “penetration tester” and executive director of BlackGirlsHack. A normal day for me involves working with underserved communities in helping them to take over the world by finding a place in cybersecurity. I help make strategic partnerships with organizations that are hiring, find dope inspiring people to talk to them and help them get certified and trained for careers in cyber.
As a penetration tester I consult with companies that need their web and mobile applications tested to make sure that they do not expose their users data to vulnerabilities. If you think about your favorite social media sites and the information they contain about you: pictures, your connections to people and your family and information about your day to day life, it’s important to those companies that that information stays private. My job is to test and review those sites and mobile applications to make sure a malicious actor is not able to get access to your private information.
Zabierek and Stewart: How does your work keep people safe?
Martin: When developers make systems, they typically base them on user stories or expected ways that they think a user will use the system. For example if you’ve ever used a web application and it told you to not press the back button but to use the in-app navigation buttons, that’s probably the result of someone who used the system in a way it wasn’t designed.
As a penetration tester, your job is to consider all of the things that the developers may not have thought of and to find out if you can use those methods to get data out of the system. We act as a “bad guy” to figure out how someone could find and exploit weaknesses in a systems design or implementation. Unlike the bad guys though, after we’re done we tell the system owners about what we did so that they can fix the issues they’re exploited. You can think about this like baby-proofing a house. Penetration testers find all the ways a baby can hurt themselves and fix it before they actually can.
I help make strategic partnerships with organizations that are hiring, find dope inspiring people to talk to them and help them get certified and trained for careers in cyber.Tennisha Martin
Zabierek and Stewart: You call yourself an “ethical hacker.” What does that mean?
Martin: Hacking has historically had a negative connotation and is often associated with the unauthorized access to data in a system or computer. For those of us in ethical hacking, it is a professional career that many people don’t understand.
As an ethical hacking advocate, I work to provide exposure to careers in ethical hacking and to provide awareness to the general population to get more women and kids interested in hacking as a profession.
Zabierek and Stewart: How did you get into cybersecurity?
Martin: Kicking and screaming and fighting my way in. I started BGH because of the struggles I was having getting into the industry. When I decided to make the transition into cybersecurity I assumed that based on my technical testing skills, certifications, and a masters in cybersecurity that I shouldn’t have a problem. I have 5 masters degrees but I would only put on the one that was most relevant to the job that I was applying for along with my bachelors in electrical and computer engineering. I applied for jobs and would either hear exactly nothing or not a good fit. If I did get feedback it was that I needed more hands-on experience so I started teaching myself hacking in “tryhackme”, “hackthebox” and whatever Capture The Flag games I could find. As I learned more, I started hosting weekly lab classes to work with other people who were also trying to learn. I didn’t have all the answers and I couldn’t get through all the rooms but I built a community of people on the online site Meetup.comwho faithfully came out and learned how to hack with me.
Around the same time I started an instagram page with the intention of sharing resources such as inexpensive training classes, sales on books, and information on careers in cybersecurity. I also joined #ShareTheMicInCyber and through the community email list I got my first job as a penetration tester. It was through this process that I found that I had been going about getting into cybersecurity all wrong. I had been trying to out learn, out educate, out everything the competition alone when the secret was in using my network and working together with like minded people.
Women only represent 25 percent of the industry and that number gets even lower once you start getting into some of the fields like penetration testing. Our voices need to be heard. We need diversity of thought as much as we need diversity of people.Tennisha Martin
Zabierek and Stewart: What do you wish people knew about working in cybersecurity?
Martin: People look at cybersecurity as some mythical place that you can’t get to unless you’re highly technical, a master developer and aced all your high school math classes—but that’s not the case.
The cyber landscape changes every day and you have to work at it everyday. It’s not just something that you take an exam and you’re in there. You have to understand that it’s a moving target and you have to understand that while it’s changing, you need to continually learn and understand those changes.
The other thing I wish people understood is that there are not enough women in cybersecurity. We need more, but to do that, we have to make it a place that is more accepting of all the others that are out there wanting to get in.
More than education, more than practicing and getting hands-on experience, I’d say that if you’re trying to get into cybersecurity, you need to find your tribe.
Zabierek and Stewart: Why is cybersecurity important for women?
Martin: Because there are not a lot of us in this space and we need to let people know that we are there! Women only represent 25 percent of the industry, and that number gets even lower once you start getting into some of the fields like penetration testing. Our voices need to be heard. We need diversity of thought as much as we need diversity of people.
Zabierek and Stewart: What do you wish you knew when you were trying to get into cybersecurity?
Martin: I tried for several years to get into cybersecurity on my own. I paid to get my resume done, I tailored my resume for each job and sometimes I even took the time to write customized cover letters. I spent days and hours hacking through boxes and recorded videos of myself teaching ethical hacking principles all in an effort to raise my profile in the industry.
What I found through all of that is that while putting the time in “the gym” matters to making you a better hacker, that I didn’t begin to see any real change in my job search until I started developing and using my people network.
If I were to advise someone new of one thing that is the key to success for getting into cybersecurity, it’s to start talking to people and telling them what you’re trying to do. Developing and increasing your network helps to extend your reach of where you’re able to get to and it’s vital to your success. More than education, more than practicing and getting hands-on experience, I’d say that if you’re trying to get into cybersecurity, you need to find your tribe. Get a group of people that you can bounce ideas off, and talk about your experience and extend your reach. The more eyes you have looking for jobs the better.
Cybersecurity, like many tech specialties, has very good salary prospects and a shortage of qualified people.Tennisha Martin
Zabierek and Stewart: How does BlackGirlsHack fit into the larger cybersecurity community?
Martin: There are a lot of great nonprofit organizations out here that are doing great work to help increase diversity in cybersecurity. Most organizations are aware of their shortcomings when it comes to diversity and inclusion and if this applies to your organization, reach out to organizations that are near and dear to your employee’s hearts and use the opportunity to not only support causes your workforce cares about but increase your diversity and inclusion efforts as well.
BlackGirlsHack welcomes community partners and strategic partnerships to help increase diversity. We’d love to help you increase your diversity efforts and help you give back to help improve the future of cybersecurity.
Zabierek and Stewart: Self care is so important in the security world. What do you do to unwind or relax?
Martin: Self care is soooo important. I think in my effort to take over the world and help other people take over the world, I often forget about taking care of myself so it’s important that your plans for world domination include self care.
I use travel, gardening, poker and bad TV to help keep me sane. When I can, I like to travel to a new place and spend time with my husband disconnected from devices and I try to get all the massages and spa services I can. I also started gardening. I grow tomatoes, peppers, spinach, onions, broccoli, and zucchini. When I was new to gardening I’d name my tomatoes but as I got better they became too many to name. Gardening is strangely relaxing and I enjoy seeing the changes day after day to my fruits and vegetables. One of my favorite activities to unwind is playing poker—I love Texas Hold’em. My day to day guilty pleasure is bad TV. I watch all the first responder and legal shows no matter how bad. My favorites are the 911 and Chicago (Fire, PD and Med) shows.
Zabierek and Stewart: If you could wave a magic wand to change anything about the cybersecurity industry, the law or technology ecosystem, what would you change and how would you do it?
Martin: At any time there’s something close to a million cybersecurity positions open, many of which are looking for highly skilled professionals. On the other end of the spectrum there are probably hundreds of thousands of people who are new to the industry and are looking for jobs. Cybersecurity, like many tech specialties, has very good salary prospects and a shortage of qualified people.
With my magic wand I would convince more companies to train entry-level workers and provide them with the skills necessary to do the job and the insight into their specific business. By training entry-level workers to grow in the positions, these companies can reduce their payroll expenditures while increasing their training budgets and guarantee that they’ve got a skilled workforce that is knowledgeable about their business.
At BlackGirlsHack, we’re working with companies to help develop pipelines to employment where the companies set up internships to train newer employees. These employees can then get the certifications and knowledge specialized to their experience and be able to fill a large number of critical roles.
U.S. democracy is at a dangerous inflection point—from the demise of abortion rights, to a lack of pay equity and parental leave, to skyrocketing maternal mortality, and attacks on trans health. Left unchecked, these crises will lead to wider gaps in political participation and representation. For 50 years, Ms. has been forging feminist journalism—reporting, rebelling and truth-telling from the front-lines, championing the Equal Rights Amendment, and centering the stories of those most impacted. With all that’s at stake for equality, we are redoubling our commitment for the next 50 years. In turn, we need your help, Support Ms. today with a donation—any amount that is meaningful to you. For as little as $5 each month, you’ll receive the print magazine along with our e-newsletters, action alerts, and invitations to Ms. Studios events and podcasts. We are grateful for your loyalty and ferocity.