Interview: Jenny Potts

The information security industry has often welcomed new people with a fresh perspective, particularly when they bring enthusiasm and positivity with them.

Infosecurity first became aware of one such individual just over a year ago when Jenny Potts presented at BSides Cymru on the subject of Getting Ready for The Quantum World. Since then, she has moved on to complete her master’s degree in software engineering, built an enviable profile on social media and made the first steps in her career.

Having been involved in a number of jobs involving security already, Potts said she is “really keen to get involved in making courses to teach people how to write secure code” as part of her forward steps, as well as her current job of building Wordpress websites. “I am working on a Ruby on Rails blog engine which I do hope to host for a few friends that have businesses up and coming,” she said and aims to keep her many projects running, something she said is enabling her to maintain ownership of her code.

Potts completed her undergraduate degree in information security at the University of South Wales and since then, dabbled in penetration testing and policy writing. Her dissertation focused on creating an information security policy for SCADA systems, which she said involved her researching into the various vulnerabilities in control systems and how easy they are to hack, and “how a lot of the hacks can be mitigated.”

One of the people Potts connected with for her university dissertation led her to an internship, which led her to learn about Ruby on Rails and working on an intrusion detection system, written in C with a front end in Ruby on Rails. This was followed by roles involving content writing and policy writing in advance of GDPR, although Potts said these roles made her realize “I just want to be a good programmer.”

This led her to the National Software Academy.  “In three months they taught me everything I needed to know about backend programming” she said. Potts explained that the course was a one year master's, where you can go in knowing nothing and come out as a programmer, and whilst she admitted there was a downfall in the limited amount of security involved in it, “it is a really good course.”

“I want to cheer security on from the sidelines by teaching people from the internet”

The Academy is part of Cardiff University, and based in nearby Newport, where Potts has just left after a 13-month spell doing her master’s in applied software engineering. “It is different to a normal master’s in that your assignments are based on group projects,” she said. “You get paired up with the client who gives you a proposal, and you need to work out feasibility, core requirements – they teach you agile and then you use it in this role.” Her project was a machine learning micro service for a company that offers a chat service, with an API that can connect to the front end, to take in messages from users and order them in order of sentiment – to answer the unhappy customers first.

“That is where security came in, as I started to learn about the security of APIs,” she said, and this interest has led her to learn about the API Top Ten and create a course in API security. All of this keeps her very busy, combined with her interests in steam trains and music, and she admitted that from building a popular social media network, she finds she has more work offers than she can handle.

Is the teaching something she plans to pursue? Potts said her aim for the future is to go into secure code consulting, “and to do that I need to be really good at it and I only really started learning secure code about six months ago.” She said this was because, as part of an information security degree, you don’t really learn much coding, and she learned it herself and is now learning how to hack and secure her own code.

“So I feel that writing these courses and this course material whilst I am still learning means I will pick on points that someone else wouldn’t teach,” she said. “So making these courses online is what I want to keep on doing.”

Is security something she sees a future in? Potts said she doesn’t see herself leaving security, or working in security “through a regular route” as she determines other projects to work on, “but I want to cheer security on from the sidelines by teaching people from the internet.”

What’s Hot on Infosecurity Magazine?