Getting into Security

As a kid, I always had a love for breaking things. Nothing delighted me more than tearing apart gadgets and discovering how they worked. I was never that interested in putting them back together again - much to my parent’s dismay, who were regularly stumbling over bits and pieces of CRT monitors and old gaming consoles.

When I first discovered hacking shortly after starting high school, I became obsessed. I spent countless hours scouring online resources on information security and playing wargames. I sank more time into it than homework - or sleep. Unfortunately, with the attention span of a 12 year old and all the personal problems of an awkward high school girl, I hit a brick wall of difficulty with security and gave up. I didn’t have much to show for it apart from some basic SQLi and XSS knowledge (and some not-so-ethically acquired currency in the online games I played).

Hacking, I concluded, was for people far more clever than myself.

I didn’t touch security again until my 3rd year of university, when I took Richard Buckland’s Security Engineering course at UNSW. I’d love to say that I did it with the intention of rekindling my security passion - but in all honestly, I had long forgotten about hacking, and mostly enrolled in the course because I thought it’d be what us UNSW students call a “WAM booster”.

During one of his lectures, Richard Buckland mentioned that training was beginning for CySCA, a national information security competition. I figured there wouldn’t be much harm in at least checking it out, and tried my hand at the wargames UNSW was using for the CySCA team selection progress. Within a day, I became absolutely possessed by it and my coursework effectively flew out the window. Remember how I thought Security Engineering would be good for my WAM? Not a chance.

When the deadline for CySCA UNSW team registration came up, I ranked just barely enough to get into a team (I was literally the last one selected). I was placed in UNSW4, and we later came 17th place in CySCA out of 72 teams - unimpressive by UNSW standards, but not too bad for a team of mostly first-timers.

Since CySCA, I’ve become much more involved in security and eventually found myself in UNSW Security Society’s executive team. I spend a lot of my time learning how to break things - and running workshops in the Sec Lab where I teach others how to break things. There’s nothing more satisfying to me than finally figuring out how to bring down a system after spending a few hours (or days) scrutinising it - apart from maybe seeing someone else do it after showing them how.

There’s still a limitless amount of things I’m yet to learn about security, and it’ll be a long time before I consider myself “good” at it. But until then - I know that 12 year old me would be pretty happy.

Katerina Borodina-Petrovic