Real Editor Meets Guest Editor: Q&A with Sophia McCall

Written by

Today's guest editor Sophia McCall faces the questions from the real Infosecurity editor Michael Hill.

What is your favorite thing about Infosecurity Magazine?
As a university student wanting to have a career in security, the range of subjects and topics Infosecurity covers is amazing! The magazine is extremely informative and engaging and the coverage of the industry is brilliant. 

If your job as guest editor of Infosecurity became permanent, what new content stream would you introduce?
The magazine already has so much great content! I’d probably have to say (as a student myself) I think it would be good to introduce more student-centric pieces and topics. 

How do you describe to your (non-industry) friends what your job is all about?
A lot of the time when I tell people I am currently on placement in security, they usually bring up the most recent hack in the news and ask if I’m the one supposed to be defending us from ‘the hackers.’ In which case I respond: “more or less!” I try to break down my role in a way that explains that what I do (pen-testing) is learning to hack to deflect the hackers. I usually drop in that companies openly let us test their systems so they can find out what they need to fix to make their company more secure. 

What makes you really angry about our industry?
With my experience in the industry so far, nothing has made my ‘blood boil’ as such. However, what does aggravate me a little is the sometimes victim blaming we do within the industry targeting the victims of cyber-crime. Many of the articles I have read, and some of the people I have heard speak, have blamed the lack of understanding of the ‘normal’ people in this world and sometimes the stupidity of the lack of security procedure that led to a hack. With negative stigma already surrounding the rise of our use of technology in daily life, I don’t think this is entirely necessary – and instead we should be positively reinforcing security, helping people understand and raising awareness with the public. 

What gives you hearts in your eyes?
Seeing my peers from university succeed in industry is always incredibly heart-warming – especially knowing how hard they worked in university to try to achieve their career. Whether this be landing a job or placement, speaking at a conference or even completing a piece of research they had been working on. It’s always great to see them move from education into their profession. 

What’s the best conference talk/keynote/seminar you’ve ever attended?
That’s a tough one! I’ve been to so many good talks! I think my favorite talk so far was a talk I saw at Blackhat Europe 2017 delivered by Sheila Ayelen Berta and Sergio De Los Santos from Eleven Paths about breaking out of HSTS and HPKP. As one of my favorite topics is web hacking, this was extremely interesting for me – especially as it’s unfortunately so easily done! 

What infosec technology could you not live without?
Definitely two-factor authentication (2FA) – I have it on everything!

What’s your dream infosec job?
Probably what I’m completing my placement in now (junior security consultant/pen-testing intern) – I’m really enjoying the type of work I get to complete, and would love to pursue it as a full-time role. However, as I pick up a lot of managerial skills from my degree at university, I have also considered moving into the risk management and policy creation side of security in the future. 

If you could have founded any information security vendor, which would you choose?
Probably Rapid7, just because of the breadth of research they have done to produce such great tools and articles! I haven’t come across a single peer in the industry that hasn’t heard of them, and I think they are a highly respected vendor within security. 

What is the biggest unresolved information security challenge?
Due to our rise in the use of technology, every day we are producing masses and masses of data. The more of this we produce, I think the harder it will be to appropriately manage it in compliance to maintaining the privacy of individuals and consumers. Especially with GDPR now in full swing, I think this will be an ongoing challenge for us for the foreseeable future. 

What’s your guilty pleasure?
Although a metal-head and rock lover at heart – I do like to listen to K-Pop every now and then!

What’s your favorite Christmas movie?
I’ll have to be soppy here and say that it’s probably Love, Actually. 

What’s hot on Infosecurity Magazine?