Sharing My Knowledge Is A Way To Give Back To The Community - An Interview With Gabrielle Botbol
[PenTest Magazine]: Hi Gabrielle! Thank you for agreeing to this interview, we’re honored! Can you please introduce yourself to those of our readers who might have not come across your publications just yet?
[Gabrielle Botbol]: Hello Bruno, thank you for having me. I am a former actress who became a pentester. I also have a blog where I shared a self study program I created along with pentesting tips. I am also a member of Synack Artemis Red Team. And I am involved in many Cybersecurity Communities.
[PenTest Magazine]: Today, women are still underrepresented in cybersecurity. You have received the prestigious Woman Hacker of the Year award, and you are a CyberGirls Fellowship Mentor. Do you have any advice for women in tech and for those who’d like to join the industry?
[Gabrielle Botbol]: The first tip I would give is that Cybersecurity is a large field and everybody can find their place. Our society has to fight against bias from the earliest age and stop directing girls to literary subjects and boys to scientific topics. But in the digital world in which we evolve, everyone must be aware of scientific subjects because science has no gender. The advice I would give is not to neglect transferable skills. We all have skills we obtained during previous experiences, which is an undeniable asset, especially since most of them are transferable in cybersecurity. It is also essential, in my opinion, to develop your professional network by going to conferences, for example, or volunteering in cybersecurity associations. It is also beneficial to regularly use content curation to learn about the latest technologies, hear about new trends and keep your knowledge up to date. Finally, do not hesitate to contact professionals and ask them questions. There are also a lot of opportunities to be mentored; it can bring a lot in a career and significantly can help save time and better understand the cyber ecosystem.
[PenTest Magazine]: Your path to self-taught pentester is well documented on your blog, and now you are involved in various activities focusing on teaching others. How do you see the importance of sharing knowledge? What do you gain by becoming a mentor to other pentesters?
[Gabrielle Botbol]: Sharing knowledge is very important to me. I was able to do my program because of the resources shared by the community. Sharing my knowledge, for me, is a way to give back to the community. And it's also a way to learn at a lower cost because I advocate for free content and education for all. I think it's vital that knowledge is made available because not everyone has the financial means to get an education. By sharing your knowledge, you also broaden the offer. Some contents will be more adapted to my way of learning. As we all have different learning profiles, what I'm going to share will speak to some but not necessarily to others, whether it's in terms of the way of explaining or in terms of support; that's why the possibilities must be various. To give you an example, one of the subjects I found the most difficult to learn was buffer overflow. I watched various content and talked to different people, but one day, I came across Heath Adams' videos. The way he explained it was completely adapted to my learning profile. As far as mentoring is concerned, I find it also brings a lot to the table as a mentor. It allows you to develop your listening and vulgarization skills. It also allows you to improve the way you transmit your knowledge. Finally, I would say that there are no comparable emotions when you manage to communicate your passion to someone.
[PenTest Magazine]: Your mantra is “Action for Cyberpeace”. What do you mean by that? What is the role of ethical hackers in today’s Internet, where the majority of the users lack technical skills and cybersecurity awareness?
[Gabrielle Botbol]: "Action for Cyberpeace" is a way to contribute at my humble level to protect our democracies and economy. For this, Cybersecurity plays an essential role. An ethical hacker will allow companies and institutions to be better protected against cybercriminals. Another aspect of our job is to help people who don't necessarily have the technical knowledge to be safer in cyberspace. We can share tips on how to protect ourselves better online; we can help our friends and family by offering help to associations like Hacker Without Borders. It can take many forms. Our duty as citizens is to protect each member of society as best we can. Without justice, we won't be able to have cyber peace.
[PenTest Magazine]: Many people overlook soft skills when it comes to their career path. What non-technical skills do you find essential in your career? Would you say they make you a better hacker?
[Gabrielle Botbol]: One of the soft skills that I think is essential as a hacker is persistence. Trying to get into a system can be frustrating if you hit some walls. Never give up, try different things, and also be creative. It definitely pays. Also, it's important to know how to vulgarize technical topics; I find it essential in the pentest reports, especially in the part dedicated to the executives, that the concepts are explained simply. A company will better understand the impact of a vulnerability if you know how to adapt your speech and explain the effects it can have in practice.
[PenTest Magazine]: Do you have any tools you wouldn't be able to live without? Any recent discoveries you’d like to share?
[Gabrielle Botbol]: A tool I could not live without would be Git. Before using Git for my blog, I used a CMS and found Git much easier and more efficient. It offers a lot of possibilities. It is also thanks to Git that I can propose my tips in my Gitbook, "CSbyGB Pentips." Another tool I use every day is Burp Suite; it's one of my favorites because of its flexibility and all the possibilities it offers. By the way, I like the labs that Portswigger provides via Web Security Academy. It's a great way to learn about web vulnerabilities. Sometimes when you need to refresh your knowledge or tackle a vulnerability you don't know well enough, you can try a lab to understand it better. More and more people are sharing their write-ups; Rana Khalil has a series of videos on labs where she explains everything step by step.
[PenTest Magazine]: What are your plans for the near future? Do you have any topics you’d like to focus on?
[Gabrielle Botbol]: I'm very interested in the cloud, and blockchain right now so I'm starting to find resources on those topics to educate myself.
[PenTest Magazine]: Any final words to our readers? :)
[Gabrielle Botbol]: One last piece of advice would be that self-study can be overwhelming at times, but breaking down a big goal into smaller ones helps to stay focused on the project and makes the process more digestible.
Thank you for reading me. Feel free to reach out on social media.