Part three: Q&A with hacker and maker Bia
BiaSciLab is a hacker, maker and international speaker. She was the youngest speaker at H.O.P.E. (Hackers on Planet Earth) and has spoken multiple times at DEF CON hacker conference. She received national attention when she hacked the voting reporting system at DEFCON 26, this work was recently highlighted at the U.S. Congressional Hearing on Election Security. BiaSciLab runs the official DEF CON youth initiative track DC NextGen. She is also the founder and CEO of Girls Who Hack, an organization focused on teaching girls the skills of hacking so that they can change the future. She has also started Secure Open Vote and is building a complete end to end election system. Recently BiaSciLab became the lead of C.Y.B.E.R. which is The Hacking Games youth board of advisors. BiaSciLab enjoys inventing things, giving talks, and teaching classes on making, programming and hacking.
interview
Hacking and cybersecurity have mostly been considered male careers. The stereotype used to be that men were better at math than women, but even though that has long been proven wrong, the stereotype still seems to have power. As a woman, how do you see your perspective as an asset to a cybersecurity team?
Science shows that a women and men’s brains work differently, but just observing the way women and men interact in different situations all the way down to grade level will show you that both parties can have completely different solutions to solve the same problem. Us girls are very thorough and observant allowing us to think about all factors and options when trying to find an answer rather than just picking the quickest and easiest option. For example when I was preparing to teach my first soldering class many years ago, my dad and the man who helped me design and produce the badge were going back and forth on how to distinguish the red LEDs from the amber ones as they were both clear. Their solution was to go around with a battery during the class to individually test each LED and set the red ones outside. I knew this would be tedious and suggested we just paint the bottom parts of the LEDs leads red with nail polish since those would just be cut off anyways.
Your organization, “Girls Who Hack,” has made a commitment to the White House Office of the National Cyber Director to teach cybersecurity to over 500 girls by 2026. You have also been very active in introducing girls to the tech world by providing opportunities for them to learn and explore. What barriers have you encountered in getting young women to consider a career in tech?
The tech field is not only vast, but very intimidating. Insecurity is an issue for a lot of teens, but especially girls since guys are taught to feel okay taking more risks at a young age. When I first started out and took some classes I felt like the odd one out, not just because I was one of the only girls but also since the information given is usually a lot all at once…even in the beginner classes. That’s why with Girls Who Hack I am striving to create an environment that encourages asking questions, even if they may feel silly. Plus with my “no girl left behind” motto I make sure everyone is moving forward smoothly in my labs since sometimes a girl will freeze out of fear of messing up and not try anything going forward.
Do you feel STEM programs are doing enough to recognize cybersecurity as a potential career? What are they getting right and wrong? How should high school-age girls begin preparing for a career in cybersecurity?
Over the last few years there has been a rise in tech programs including programming, computer science, and sometimes cyber security. I don’t think there are enough cyber security programs, especially in schools, and that’s probably because colleges just recently started creating and offering cyber security degrees. The worst part about this is that having general cyber security knowledge is essential for everyone, even if they don’t plan on working in the cyber sec space. Everything now is digital including our work and private information so learning how to actually stay safe online is an essential skill everyone should learn early on. As for working towards a career in cyber security the biggest piece of advice I can give, especially for young girls, is to create a name/brand for yourself. Most everyone in this field has a “hacker handle” (mine being BiaSciLab) and picking one is a good place to start. Participate in as many conferences and events as you can. Many of them are in person, but there are also others online. Some cons/events are free or affordable enough to go to without breaking the bank. Here you can make connections, discover different career paths, learn new skills through ctfs (capture the flag) and talks, and even speak yourself about any new projects you have been working on. All of this will help amplify your resume, knowledge, connections, and chances at getting internship opportunities.
What would you want parents to know about women in tech to help them support their child in considering it as a career?
When I was old enough to use a computer and a mouse my dad started to take me to security conferences that were local and had kids tracks where I was able to explore cyber field with other kids my age. Objectively speaking, especially for kids who are younger, tech can be boring because seeing a hack on a terminal requires a lot of context for it to seem cool. This is where hardware comes in. Playing around with projects and kits from Raspberry Pi, Arduino, and Adafruit can provide a visual representation of what computer input can do. Taking apart old computers is also fun and hands on giving you a chance to show what each component does and how they talk to each other. For kids/teens who are older helping them find resources and work through problems can be a big helping hand, especially when they are stuck in a Wikipedia rabbit hole.
In the past couple of years, I have seen an increase in girls getting involved in ham radio. Some are even constructing their own equipment for sale. I think there is a misconception that tech jobs are boring, repetitive, number-crunching assignments. What are the crazy-cool aspects of working in cybersecurity? Is there fieldwork involved?
Cyber security is a larger field than most realize, and not all of it requires one to work at a computer full time. Penetration testing is the first thing that comes to my mind since it is such a large branch within this space. Companies will hire a penetration tester to test out their online security (like their network and website), but sometimes you really get to live out the life of a spy by testing on site! This involves social engineering (a form of less evil manipulation) your way in to the building. Especially as a girl you can be even more unsuspecting. Maybe a nice guy will hold the door open for you so that you don’t need to scan into the building using a keycard. When inside you can target the wifi, lockpick your way into the server room, grab a picture of a sticky note containing someones password they left on a desk, and all while pretending to work for the company.
One of your passions is working on effective and secure solutions for modernizing how we vote. Along with that, you bring awareness to how social media is being compromised using weaponized tech to disrupt elections. It sounds ambitious and very challenging. What work needs to be done to make voters savvy enough to identify fraud? How can we trust AI to help us navigate to the truth when AI is also being used to create deception?
If the last year showed us anything is that the general public is terrified of technology and we can’t blame them. There are more and more bots, AI images, and deepfakes spread on the internet now than ever. Though big companies are working on taking things down as well as marking posts that may be AI, having discernment and a good eye falls on the users. This is where good education comes in. One thing that all fake news and posts are tying to do is get a reaction out of you. If something makes you feel any way strongly, whether good or bad, it’s time to take a step back and analyze. Look closely at the image, does it look strange? Can you find any other photos like it? Have you tried a reverse image search? As for written things, who is the author? Is this a real or qualified person? What other things have they written about? Who do they follow? As for elections specifically, less and less people want to go and vote as they feel the system will just be hacked anyways. Our system isn’t and will never be un-hackable or perfect. We need our voting equipment to be physical and have hand marked paper ballots. We need to have more testing and faster patches. We need the votes to never be transferred over the internet and they need to be stored securely. Until those things happen it’s important to realize that no matter what your vote still matters. Voting by mail has been proven as a more secure way of voting if your area doesn’t provide machines with a paper trail.
You’ve given talks to young girls, as well as teaching them to solder and engage in other tech activities. What got them the most excited? Was there something, in particular, that sparked their interest in learning more?
The best part about teaching is always the “spark” moment. That’s when you watch a girl realize she understands what she is doing, she accomplished what she is working on, and all the pieces finally clicked together. My Girls Who Hack classes are designed to give them the absolute basic foundational skills girls need in order to do ctfs, labs, challenges, their own projects, and more. I am an advocate for small wins since they give a steady stream of dopamine that keeps one going while silencing the insecurities in their mind telling them they are too dumb to understand technological things. This is why most of my classes start of first by explaining tech terms that seem scary but are actually more simple at the surface level (such as malware or virus). Next we do something hands on such as soldering or learning about ciphers since getting the LEDs to turn on or solving what looks to be a very complex message are skills that can be learned quickly. When playing in a terminal during my Intro to Terminal class we go over simple commands that can still be used to find information on someones computer quickly in ways that they may not have been able to find manually through the UI. Sometimes we use tools like Wireshark to capture packets that contain password information. All of these things may be simplistic and only take a few minutes to do, but these skills will be carried throughout their career and encourage the girls to persevere.
What is your 15-second elevator pitch to a young girl who wants to explore technology? What is your pitch to their parents?
For girls: The tech space is huge and you will find your place here even if it doesn’t happen right away. Don’t give up at the first brain block or sign of adversity, in this field you need to learn something at least twice in different ways and from different people in order to fully grasp and understand it. Technology is constantly evolving and growing which may make it a challenge, but also makes it super fun and engaging.
For parents: Nurture every little interest. Make time for what seems important to them. Find and put your daughters in spaces with people who have the same interest as her or work in the field she wants to work in. Never ever doubt her even if it may not come naturally to her. Determination that comes from a dream will always be stronger than that which comes from natural talent.
Is there a technique for dealing with those who feel that, as a woman, you are less qualified?
Actions always speak louder than words. Gain the knowledge, win the competitions, finish the projects, speak at conferences, collect the certifications, and use everyone’s doubt as fuel and ammunition. Usually those who doubt you don’t really think you can’t do it, they are scared you will do it so push on. You know you know, what you know and you need to stand by that fact.
It has not gone unnoticed that “hackers” can be identified by the multitude of stickers on their laptops. Is there a history or significance to the stickers?
Hacker culture dates way back and many of the oldest traditions have carried on to this day. Band and self image are some of the most important things to hackers especially as most of us remain anonymous. Our names usually come with images that we love to put on stickers in order to trade with others saying “look I have this sticker because I met this person”. Different conferences, groups, and events will have their own stickers allowing others to share where they have been to or what they are a part of. Stickers allow us hackers to represent ourselves in a language only we can identify and understand. Plus sometimes inside jokes make it into sticker form leaving Trevor Forget stickers of a cockroach wearing a top hat to make it into circulation.
@BiaSciLab @GirlsWhoHack @SecureOpenVote
www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com