Last updated on March 8, 2020
Keya was a public school teacher who stood out of the crowd. She loves problem solving and challenging environments. Keya was also a filmmaker and web designer. She’s currently a detection security engineer who get knee deep in malware on a daily basis.
- Knew she didn’t want to be a teacher her whole life
- Was the only one in the rational thinking group at her school.
- Enjoys rational thinking and the problem solving process.
- Prototyped a mock medical device with a Raspberry Pi and won a national competition!
- “Easy to get in to what you’re comfortable with… and I didn’t want to have a job like that.”
- “It was something that I enjoyed but I definitely feel more at home with the cohort that I work with currently and with what I do.”
- “… for me it was an amazing process because I hadn’t ever SSH’d into a device and I had to figure out how to get like ports scan.”
- “I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos I looked at a lot of GitHub accounts trying to figure out like I’ve got to make this move.” [14:24]
- “It was incredibly challenging. A lot of times I was trying to figure out… where sometimes the information that you get from the client is essentially just a hint of what’s going on in the network.” [17:07]
- ” You just have to be creative and keep going at it until you can do what needs to be done.” [18:08]
- “Yeah. It’s amazing, and especially coming from public school teaching where I had seen almost physical fights altercations happen over like reams of paper because there’s just not that much allocated towards schools to where snacks are brought in. Like it’s a very different environment…” [21:22]
- “You did great on the test, but I want to watch you take the test.” [23:06]
- Keya Online: https://twitter.com/keya_lea
- Edx: https://www.edx.org/
- NSF Project: https://nsf2015.fosslounge.org/
- Intro Music: Cascadia by Trash80 – https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons)
- Outro: Cosmetic Cosmos by Verified Picasso https://www.youtube.com/channel/UCqDmyXPJdrZjwUdWLyhyQRA
Getting Into Infosec:
Ayman: Hi Keya. Thanks for coming on the show.
Keya: Yeah. Thanks for having me.
Ayman: Awesome. Yeah. So maybe we could start off. Introduce yourself to the audience to let them know what you do in Information Security.
Keya: Okay. My name's Keya Horiuchi. I work at Red Canary as a Detection Engineer and as part of the research team have been in Infosec about four years now and it's been a really interesting ride for sure.
Ayman: Yeah. So basically I think you started off as a Teacher/ Filmmaker, correct?
Keya: Yeah, that's correct.
Ayman: You used to be Teacher filmmaker all right?
Keya: That's correct. I was a public School Teacher endorsed in secondary education, so I was endorsed in essentially Middle School through High School and worked at a few different places. I would intersperse that with the very first job that I had was actually in New Mexico and on the Navajo Indian Reservation and had the opportunity to learn video production and so sort of fell in love with that process. So, at that time, everything was going digital and it was super exciting because you could be an independent filmmaker so I would make a documentary during the summertime and go back to work or I would just like cash out my retirement and travel around the world and make other documentaries.
Keya: But that gave me the opportunity to learn about making Websites and promoting the film. And that led in to freelancing for small businesses, non-profits and there was a point about five or six years ago where I knew I had to make a choice because I when I got into teaching it was something that I thought I would do for a little while. It wasn't something that I do all my life and so I was looking at potentially web design or going more into computer networking because in doing websites I would have to also set up people's DNS and learn about zones and sort of go deeper into the network stack, versus the upper application layer.
Keya: And so I really wanted to learn more about those things. I got the biggest raise that I had ever gotten as a Teacher so in the state of New Mexico they just have three levels. I essentially went from the first level to the second level and you get a big pay raise, well for a Teacher. Big pay raise and they're like, yeah. Here's the contract for next year and I just said no I can't do it I need to make a change.
Ayman: Oh, why was that?
Keya: [2:33]: Well, I think being a Teacher is a really good and noble job. But you know we're all different people.
Keya: I am very more rational in thinking like there is one teaching job where we had to take personality tests and at that school, I think you've had a staff of about 40 or 50 people. And I was the only one and so then you know it was this exercise to get to know the other people and what drives their decision making and you know to go to your group. And I was the only person in the rational thinking group.
Keya: Because other people were more feeling, so I was like well I do think a little bit differently and I enjoy the rational process.
Keya: So, I thought you know I should make creating. I don't necessarily like being surrounded by people all day.
Ayman: So, you took this personality test and you found yourself that you're in the rational group. I mean how long were you teaching and were you getting enticed by technology or you know what was going through your head at the time?
Keya: I do enjoy the problem-solving process. I knew that I wouldn't teach for a really long time it was something that I wanted to do early in my career to give back to society.
Keya: It was something that I enjoyed but I definitely feel more at home with the cohort that I work with currently and with what I do. I mean I do work 10-hour shifts and I do by large enjoy it. Of late it's been going over that time but it is… like I got to a point where I just couldn't do it. Seemed like it was challenging but it in a different way.
Keya: But it's easy to get into what you're comfortable with. So, you sort of just hang on until retirement and I didn't want to have a job like that. And Infosec it's definitely not that way, I think Infosec is something where you're constantly learning and you're constantly challenged because the whole environment is moving so quickly.
Ayman: Yeah, there's plenty of problems to solve.
Keya: You have lots of problems to solve for sure.
Ayman: So, it seems like you were looking for that, you know, your brain tasting the problem-solving part of life or part of technology and it seemed like you wanted more of that? Is that right?
Keya: Yeah. And I think personality wise I've always been this way. In making that career change I decided, because we have a lot of online resources currently at X has a lot of really good intro to computer science type courses. So, I started taking some of those Harvard and M.I.T. and got a base underneath me and moved back to Colorado from New Mexico and I looked online and found different meet-ups, Linux meet-ups. And went to meet a group of people and they're like, oh hey, you're already playing with the terminal. If you have any questions you know we're on I.R.C. all day just feel free to like ping us and send us any questions that you have. And while I was there I was like, you know I can do what they do. So, the next day I went to the Community College and wanted to find out if they had any Computer Science courses, which of course they did. They had an Associate and I went to Financial Aid and they said, oh hey you just happened to come at a good time. We have one of the biggest scholarships that we offer is for Infosec.
Keya: And it's sponsored by the National Science Foundation. And actually, you should apply to it because we don't have that many applicants for it.
Keya: So, this was on a Friday so I quickly got in touch with people and asked them to write up a letter of recommendation, started the process of filling all the paperwork out so I could get everything into them by the following Monday.
Ayman: Wow, and were you working at the time?
Keya: Yes, I was still working freelance doing websites for clients.
Ayman: 6:13: Okay, so when you decide to move to Colorado you kind of stop teaching at that point. You were kind of just freelancing in technology?
Keya: Correct. And as a Teacher, you have that pay through the summertime.
Ayman: Oh, yeah.
Keya: So, I was looking for something to do and at the time I was looking at going into web development or should I go to networking and this sort of just fell into my lap.
Keya: Because there's a need for people to fill in Infosec. And I thought, okay so this is pretty interesting. Let's check it out. Yeah I mean I can't not do it if somebody says, oh here's this scholarship, they will pay for everything and give you some.
Keya: So I ended up getting it.
Keya: That was the end of summer, and so I started doing some research. Like what can I learn about this interesting world of Infosec? And so the biggest security/ hacker conference was happening in August at Daffcon Las Vegas. So, I did a little bit of more research and it seemed like women did not have that great of an experience there. And I would be going alone. But I thought well if you're getting into Infosec just go and check it out, and ended up having the most amazing time because I'd never been surrounded by such a large group of super smart people who were by and large incredibly just really nice people. You could strike up a conversation with people who reverse engineer viruses, people who are involved in all sorts of interesting projects. Sniffing all sorts of traffic, network traffic for various reasons, finding out all sorts of things interesting things…
Keya: So, I fell in love with it.
Ayman: How was it to go to this huge conference in Las Vegas, and you went alone? You know, describe that experience and tips for others that might want to go but not know anybody to go with?
Keya: So, it was an amazing process and it's an amazing venue and an amazing gathering of people. The very first time that I went it was not held on the Strip, you look on the Website like, where do I go to pick up tickets but I was staying in a hotel where there were lots of people who were obviously there for Infosec like you first started noticing everybody has these really bright blinky badges that they're wearing.
Keya: And I just was like, oh hey, do you know where we're supposed to go tomorrow to register? And they're like, yep wake up as early as possible and head and just follow the line of people wearing black.
Keya: So, that's what I did. And it was at the time where they still didn't open up registration until a certain time. I think it was like I don't know maybe nine or ten, so I was pretty far back in the line but made friends with all the people around me. So, we would hold our place in line, go grab some food, come back and it was like a big party scene, I guess.
Keya: But also where a lot of information is being exchanged. There’s so many different activities that you can be involved in.
Keya: And there's a lot of great, I don’t want to say treasure hunts, but various games that you can engage in. There are great talks like people who you read about online are there. I will say that I found the community overall really welcoming. And other women, we were sort of watching out for each other which was also very cool. I would definitely recommend it to anybody who is looking to get into Infosec but you do have to sort of have your wits about you and not be totally stupid. Because there's a lot of alcohol there, there's a lot of people who often don't get out to be around massive amounts of people. So, it's an interesting mix.
Ayman: Okay interesting. So, you went to this conference you're learning and you're about to start this Infosec program in September I'm assuming. And so you went through the program, how long was the program?
Keya: It was a two-year program.
Keya: You get your Associate in Computer Science with an emphasis in Cyber Security or Development.
Ayman: Okay, and you went through the coursework and you know it was hands on. How was that experience? And then what were you doing for just to stay, still freelancing on the side, I guess?
Keya: Yeah, I was still doing a little bit of freelancing through the coursework. It was at a Community College, Red Rocks Community College and so because I had gotten a previous degree it was a lot faster for me. So, I only attended for a year and a half. I am incredibly thankful in that there were a lot of opportunities in community colleges. So one summer I gathered a team together and there was a competition also through the National Science Foundation to create a project that filled a market need. And so they had a few different categories, and we created a medical device that could be taken out into the field. But we did it all off of a Raspberry Pi, those little microcontrollers. We built two prototypes and we were chosen as part of the top ten groups out of all the community colleges in the States. And went to D.C. for a summer to compete with our project and we won.
Keya: So, it was a really good process. There were three other people on the team and so we built prototypes where the first one, like for me, it was an amazing process because I hadn't ever SSH’d into a device and I had to figure out how to get like ports scan. The local environment access device and start programming it, so Raspberry pi is great because it uses python a very accessible language and so every project things will come up where you have to do more problem-solving. I think that you anticipate and so the programmer that we originally brought on didn't do any programming. So, I was tasked with figuring out how to turn a stepper motor that was connected to want the GPIO pins on the Raspberry Pi and create a logic. So, we essentially created a device that could read RFID so if a certain RFID tag was recognized then it would dispense medicine so it essentially turned stepper motor. And we made the outer gating and put it all together and it worked.
Keya: It was the most amazing thing I went through this, like okay I'm not going to sleep until I can turn the stepper motor and it was magical when it happened. Because if you're giving commands in a language that the device understands and it makes it do stuff, like for me that was magical.
Ayman: 12:44: Okay, reading a lot of documents and just kind understanding what each command did? All that right? I just…
Keya: I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos I looked at a lot of GitHub accounts trying to figure out like I've got to make this move.
Keya: And our second prototype we then integrated into a database that we can put in different types of medicine or different categories of things that we could better track what's being dispensed. So, those types of experiences all added to the different things that I was learning inside of the classroom.
Ayman: Okay. And are there any of those write-ups available online?
Keya: Yeah, I too believe that there's a site that's online that connects over I think it's a bit bucket account.
Ayman: Okay, we can capture that later. That would be great, so now you've graduated from the program and how was it finding your first Infosec job? Were there struggles? Was it pretty easy peasy?
Keya: It was really easy for me in the sense that the community sponsor for that particular project offered me an internship.
Ayman: Oh, okay.
Keya: And so I started working there while I was still finishing up school. I worked there I believe two to three times a week. And as soon as I finish school they offered me a job. And so I went directly into that job where it was with a security consultant. And so that was also a really good process and really good experience and that I touched all sorts of different networks.
Ayman: So, the internship, was it also in security?
Ayman: Okay great. And so now you're a Consultant and you're getting to go to various different companies. So it is basically trial by fire in a way?
Keya: Very much trial by fire in the sense that in school you learned about different concepts like, oh make sure you go on the VPN, a VPN is a private tunnel, it encrypts the traffic. And so at work they're like, okay you need to use this type of VPN for this client, you need to hit this jump post from there, you need to pivot into this particular IP, and then you need to do this. So, then you're actually doing all of those things that you once read about.
Keya: You'd get different tasks like, okay you need to jump into this environment check to see if this service is working and if it’s a production environment so be careful. And just let us know what you find out, you know. So, you document everything, it was doing those types of things, setting up different services within different networks. As well as pen testing them or going onsite to conduct assessments, so it is a really great experience.
Ayman: 15:17: And did you work in teams, or were you thrown out there by yourself?
Keya: I often worked with a team and we were given specific tasks within a larger job. And so it was great, to try out different pieces of it.
Keya: And And you really have to go in and understand like okay, so if nobody can log in, what is it? Is it the server that I'm looking at the VPN? The ASA appears up but something else is down in the network and it turns out, oh the LDS server is down. Which is why they can't log in, so it was a great experience and problem-solving, it's always an experience and problem-solving.
Ayman: Yeah that's awesome. Any interesting war stories during that time?
Keya: Yeah. There are so many things that I can necessarily talk about but there are always challenges and you just need to figure them out ,something that you have like a plan that you have in your mind may not always work out. And you just have to pivot just like, any adversaries like they're within different networks and environments but you just have to be creative and keep going at it until you can do what needs to be done.
Keya: I mean that sounds so like cliché.
Ayman: So, now you are consulting and how many jobs from that to what you're doing now?
Keya: I went from one to the other but there was a gap of time in that consulting is hard work and I was pretty burnt out.
Ayman: That is right.
Keya: So, I took a break and traveled.
Keya: During that time did other, you know those war games online. There's so much fun.
Keya: And kept on advancing my skills and was traveling at the time I happened to be in Canada and started to apply for different jobs and going in Cold5 was a lot different. I found that I had to be pretty aggressive in sending out applications. So, I have both the networking plus and security plus at that time on certifications. I don't know if it's because being a woman but I found that if there was any sort of technical aspect of the interview process. Like when you had to either fill something out or answer a few different questions but those I got the furthest in. We returned back to Colorado because I was like you know if I'm going to be Infosec I pretty much have to be in the United States for a lot of different positions.
Ayman: Why is that, why the United States?
Ayman: Just the field is better?
Keya: No, I think it's that if I'm applying to American corporations in Infosec they're doing IP filtering or they should be to see where applications are coming in from.
Ayman: Oh, I see.
Keya: So, for example, the company that I worked with now, we're under contract to customers to have all the workers within the United States because of the information that we potentially touch and the systems that we touch. So, I knew that was a requirement and just being in the industry. And so because of that, we came back to Colorado, and I would say that starting cold, it took about a month to go through the interview process and at that time and I put a bunch of different feelers out and so I had about five different potential jobs that were at the same point where any one of them could come together, at that time. So I was lucky for sure, and I think when you're at that point you've already jumped over the different hurdles because a lot of people say that they know a lot of things and they haven't actually done them. So once you're at that point then it became really competitive to sort of choose between the different jobs. And even after I had started the current job that I have other people that I had interviewed with would get in touch with me like, "hey just wanted to see how you're doing? Are you happy with your position? We have an opening at our place."
Keya: Wanted to see if you wanted to come and talk to us again, and open up discussions. So, it's an interesting field, like that would never happen in teaching. I mean the private sector is definitely more competitive.
Ayman: Yeah, it's like night and day.
Keya: Yeah. It's amazing, and especially coming from public school teaching where I had seen almost physical fights altercations happen over like reams of paper because there's just not that much allocated towards schools to where snacks are brought in. Like it's a very different environment…
Ayman: Oh my God.
Keya: Where you have you know a stipend to buy desks and, anything that you need for the job.
Keya: So, yeah, it's very different.
Ayman: Yeah, wow. And so were there any challenges as you were interviewing for these different positions? You know what were some of the hardest interviews that you had to go through?
Keya: Let's see. I actually enjoyed the process of getting questionnaires. Some of them had like 80 questions of multiple choice and then you had to write up a proposal.
Ayman: Wow. Really?
Keya: Yeah. So, other consulting companies as well as other companies that offer some sort of service around, security and websites. I really enjoyed the ones that well I would say they were between two to four different sort of hurdles, where you talk to a specific person. They then give you a technical questionnaire, there was even one that was, she was like okay you did great on the test, but I want to watch you take the test.
Interviewer: Wow. Did they not believe it?
Keya: Well, I don't know. I was like you should have algorithms that look at how much time a person is spending on it and being able to because it was an interesting one where they're like match up shapes. So, I don't know that you could even cheat with something like that but the background on that particular company, it wasn't an environment that I would want to work in.
Keya: You know there are all sorts of companies and I really enjoy where I am currently.
Ayman: 21:15: Okay, do you find yourself still learning right now?
Keya: Oh, I'm learning so much.
Keya: Yes, I'm definitely learning right now.
Ayman: Cool. Describe a day in your life at your current job.
Keya: The detection engineering team works in 10-hour shifts. So, we work four days on and then have three days off. When I am working, I am pretty much in front of the computer the whole time because we're working a queue. So, we're pulling different events, so let me back up a little bit. The work that I do, we work with essential endpoints. So we have managed endpoint detection and response.
Keya: So, there's a sensor that's on the endpoint which is workstation server or laptop. That's collecting all the processes it's sent through an engine, and so it throws out everything that is normal and then sends anything that's interesting to a detection engineer. So, in understanding what's normal on a computer and what is abnormal, we will essentially dive into those in a pretty timely manner because we want to make sure that we get those alerts to customers, fairly quickly. And so we just pull events out of the queue, and so there's an algorithm that gives the item of most severity and as well as there's a time factor in there and serves it up to the detection engineer. And then we work through them, everything is also pre-reviewed. So, we're working with slack, and so anytime we're pinged we immediately focus on the detection that's going out, pre-review it and essentially give the okay and then the person who wrote it up can then ship it.
Ayman: Are you doing, life response too?
Keya: Another team is actually working with the customer and depending on the relationship with the customer; they can work with the customer or potentially take actions on their behalf. So, I'm part of the detection engineering team and other part of the search team, they're the incident handlers who they then work with the customers…
Keya: On a remediation.
Ayman: Great, great. So describe to us maybe the worst network you've ever seen in any job? You don’t have to be specific but like…
Ayman: What's like the worst network you've intrude in?
Keya: So, we work with an incident responders so they are sent to various breaches of various verities and we are often dropped right into those. And so when there's something raging in their network it creates a lot of noise because for one reason or another they just haven't had that insight into their network and something just got carried away. A breach happened and it just spread through their network, those are the worst because they are so noisy and so we've been working out different like for example something like a worm. There are so many different kinds [inaudible 23:59] or cryptic or a trick bot or anyone of those that has the ability to change its structure so it's highly polymorphic.
Myth-making external net cons it's creating new files on the system. So there are those very noisy ones, and then there are those very quiet ones, where something is slightly unusual but it's being very quiet. There's some lateral movement and then all of a sudden you see Alsace being dumped on a domain controller. Those are where your fight or flight instincts kick in because you know something is wrong, and you're trying to understand the depth of what's occurred so you can convey it to the customer put it on the detection. I don't know necessarily what is worse, the super noisy ones I would say the quieter ones are. I don’t want to say more rewarding but they're interesting and when you do catch them.
Keya: I mean it's always sort of a cat and mouse game I think.
Ayman: That's right. Yeah.
Keya: Also with red team teams that are, actively pen testing. They also vary but so yeah definitely interesting, definitely opportunity to learn lots of new exploits happening or just things where a lot of point of sale devices that are also being popped.
Ayman: 25:12: Yeah. Do you think as a Teacher and you taught I think Elementary School. Is that right?
Keya: Middle school to high school but also some elementary I taught a lot of different audiences.
Ayman: Okay. What would you recommend for those who teach in those environments or the students in those environments to learn more about Infosec?
Keya: I think as long as someone is curious and wants to understand how something works they will do okay in Infosec. I mean you have to be fairly aggressive whether or not that's being quiet and constantly reading, playing war games online, setting up new servers because it's really easy to play with these things. I have talked to students who've wanted to go into it or sons and daughters of friends and the ones who are actively seeking out things and doing things are the ones that are successful. I think that it's one thing to read and get the certifications like I had mentioned earlier that I do have some certifications and those are sort of like a bar of legitimacy.
Just within the answering questions and knowledge sense which is important to have you. But I think that you also have to really dig into something and not be scared of doing that. I think of the successful people who actively problem solve and who just dive into things and really want to understand how things work to others who they say that they really want to do it and they've been interested in it but they just won't take that first step because you're like you know you can go to Digital Ocean. You can set up servers on Amazon, you do this all for free and like just play with it and figure out how things work, like the different layers of the network interact with one another. Or you know see if you can compromise it, you know, install an operating system and just start playing with one of the flavors of Linux. It's all open source, it's also accessible, well not everything is open source, a lot of Linux is open source …
Ayman: But it's all out there. It's about the mindset and kind of just hopping into it? Right?
Keya: Just diving into it and playing with it. Yeah, sniffing your network.
Ayman: Sniffing, your own network.
Keya: Sniffing your own network.
Ayman: Or a network that you're authorized...right?
Keya: Correct, correct. Yes, those things are really good in helping you learn how communication occurs because it's magical, it's amazing that the internet even works. It's amazing that we send all this data, like we're communicating, sound also over the internet.
Keya: And it's been recorded and stored in I think the cloud. So, it's fascinating.
Ayman: That's awesome. Well said Keya. Thank you so much for coming on the show. I really appreciate your time and look forward to talking in the future.
Keya: Yeah sounds good. Thank you for having me.
Ayman: Alright. Thank you.