13 Oct From Hacking Toys To Threat Hunter and Soccer Ref
CDW’s Alyssa Miller discusses her passion for technology
–Di Freeze, Managing Editor
Northport, N.Y. – Oct. 13, 2019
Alyssa Miller has always been curious about how technology works. Even as a young child, she would take apart her toys to study them. Sometimes, she’d modify them. She says that being in cybersecurity — she currently leads the Information Security Solutions practice at CDW — gives her that same opportunity.
“We’re always looking at new technology to figure out how it works and how it can be broken,” she said. “It’s a constant learning process. Technology is so dynamic, and to secure it properly is a challenge.”
When Miller was 4 years old, her father would bring home his computer from work over the Christmas holiday. “He was an accountant and had to close the books during that last week of the year,” she recalled. “He let me play games on it when he wasn’t working. After that, it was watching certain episodes of ‘Mr. Wizard’ in which he did different activities on his computer that really piqued my interest.”
Then, when Miller was 10, her school bought a bunch of Apple IIes and built a computer lab. “We played lots of educational games like Oregon Trail and Where in the World is Carmen Santiago. I stayed after school sometimes to learn basic programming.”
By then, Miller knew what she had to do. She got a paper route and began saving money for a computer, which she was able to buy when she was 12. “It took me about 16 months to save up the money, about $1,000,” she said.
She bought an Epson Equity II+, 8088 processor and a 10MB hard drive and a 24-pin dot matrix printer. She laughs at the memory. “When I brought it home, I didn’t know everything was preinstalled (this was 1989 after all). I read the manual and it said to install DOS you boot disk one and then run fdisk.exe. Well, I did and deleted the partition but then had issues getting a new one created properly. When I called the store, the guy freaked out and told me I didn’t need to do that. I ended up teaching myself how to install an operating system.”
Miller taught herself BASIC programming up to a pretty advanced level. “The computer didn’t have Windows, so I build a text-based multi-level menu system that allowed me to easily start my programs.”
Programming was something that came naturally to her. “I’ve always been more of a logically creative person. I also taught myself some basic hardware knowledge by installing an internal modem, upgrading the hard drive and even fixing the power switch when it failed. Once I had the modem, I learned the Hayes (AT) command set. I also got a Prodigy membership and started learning a bit about asynchronous communications.”
She started at Marquette University as a pre-med major, but after three semesters of college chemistry, she realized that wasn’t for her. She switched to a computer science major and worked part time doing tech support for a small software company. “It was there that I started teaching myself Visual C++ Programming,” she said.
Still in school, she applied for a full-time job as a programmer for a financial technology company. “Since this was during the dot-com boom, they didn’t care much about degrees; they were desperate for programmers, and I got the job at the age of 19.”
She got into cybersecurity when a manager from the information security team asked her if she’d like to join her security test team. “She and I had worked on a number of projects and apparently I impressed her enough that she felt I’d be able to pick up the pen-testing skills pretty easily,” she said. “We did network vulnerability scans, pen tests, application tests and later code reviews.”
Miller said that having been a former programmer, she was always strongest on the application security side. “On top of that, we were responsible for the organization’s vulnerability management program as well.”
Within a year, she was the team lead, and after 4 years, she took over as manager of the team. After 15 years with that company, she decided she wanted to see other industries outside financial services. “I applied for a managing consultant job with one of the consulting companies we contracted with for third-party pen tests.”
She got the job and has been in security consulting ever since. “I had a lot of technical and management background, so that benefited me, as most of the roles I’ve had in consulting, while being leadership roles, also still require me to perform tests as well.”
Miller is presently manager of CDW’s Information Security Solutions practice, the company’s consulting practice that handles security assessment and advisory services. She also leads the Threat Check assessment team. “The Threat Check is essentially a lightweight threat-hunting assessment that we offer as a complimentary service to our customers. We send them an appliance that is preconfigured with multiple security tools from our partners. It passively monitors traffic on their network for about two weeks and identifies threats and even some vulnerabilities that are present on their network. Ultimately, we provide them with a report that includes recommendations to address the threats we’ve found.”
Miller is also a public speaker. When asked if she had to overcome any fears to get up and talk to people about cybersecurity, she said that when she was first getting started, it was tough for her to accept that she had something to offer the community.
“Imposter syndrome is something I’ve always struggled with,” she said. “I know many others in our industry do as well. I was never known for dropping zero-day vulnerabilities or publishing massive research projects. However, I have a passion for discussing security with others and I love to share my ideas and experienced knowledge. Once I walk out on the stage, something takes over and it feels very natural for me. I never really feel like I’m ‘giving a talk’ so to speak. It always feels like a conversation, even if I’m the only one talking. Being able to help others learn and succeed in this field is really rewarding for me, so that helps me get past the feelings of impostor syndrome that I still get even after 15 years in this industry.”
As a woman in this industry, Miller says she’s enjoyed certain privileges in the development of her career that most women don’t get to experience. “I’ve been very successful, and because of that I feel a certain duty to give back and help other women succeed. That said, I have experienced discrimination because of my gender. I’ve been harassed both verbally and physically at conferences. So, as a result, those that follow me on social media will see me speaking out quite regularly against some of the toxic behaviors that exist in this industry. My goal is ultimately to make this industry more welcoming for everyone.”
To women who want to get involved in cybersecurity, Miller advises, “Don’t try to be anyone other than your authentic self. If you’ve got a passion for this work, you can and will be successful as long as you don’t give in to external pressures. We’re seeing more and more prominent women in security now; reach out to them. Try to find mentors who you can talk with from time to time about your goals, the struggles you’re facing, etc. It can be vulnerable at times, but it is so helpful.”
She said that even after being in the industry for 15 years, she still has mentors. “In fact, I just reached out to a new one today. Each of us brings a unique perspective to this community that everyone else can learn from. Don’t forget that.”
When she’s not doing something involved with cybersecurity, you might find Miller playing the guitar, snapping photographs, or out on a soccer field. She played soccer for eight years as a child and began refereeing when her kids were young and played in a recreational league. She is now a referee (youth, college and adult leagues) with the Wisconsin Soccer Referees Development Program. She also gives back to the referee community as a referee instructor and a referee assessor, helping other up-and-coming referees to be successful.
She started playing guitar in first grade, took lessons offered through school, and later took private lessons. She enjoys playing everything from “rock, to country, to metal, to even some blues.” She’s also a hobbyist photographer. “I did a lot of sports photography when my kids were in sports. I also did band photography for a number of years, including working for a regional band and doing live shoots for national acts as well. I also enjoy more scenic work. It’s nice to get out in nature and look for creative ways to capture it in photos.”