The following is my winning essay submission for Internet Identity‘s cybersecurity scholarship. Minor edits have been made and links have been added. I thank Internet Identity for their generous scholarship.
When I was a child, my mother would find my toys and electronics disassembled and hidden under my bed. In elementary school my mother scolded me for trying to pry apart a AA battery with pliers to see how it worked. One summer I took a class through the park district on coding in QBasic. In middle school I bought my first soldering iron and rewired my electric guitar. In high school I wrote my first website in HTML. As an intelligence analyst in the Army, I learned all about personnel, physical, and information security threats and countermeasures. I taught myself to pick locks to pass time while deployed. As a student at Tacoma Community College, I learned about electronics and software development.
I spent my time doing a lot of different, seemingly unrelated things. It wasn’t until I began at the University of Washington Tacoma that I finally saw how I could put them all together.
I joined the Grey Hat Group, UWT’s cybersecurity club, within my first week at UWT. I was drawn in by the allure of becoming a “hacker” and interested in meeting people at my new campus. I quickly found my place among the group. People were working on the most interesting projects: home automation, cracking RSA, getting involved in competitions and conferences. I started to learn everything I could from anyone who would teach me.
Within a year I was elected chief technical officer. I was introducing Linux to new members, teaching Bash, and giving talks on the ins and outs of Secure Shell. We went the the Pacific Rim Collegiate Cyber Defense Competition in Renton and I got to administrate the Linux servers, setting up iptables and locking things down. We spent two days defending our network from attacks and we held our own.
Meanwhile, I was starting the computer engineering program at UWT. I learned about computer architecture, analog signals, digital design, embedded systems, circuit analysis, FPGAs, microprocessors, and operating systems. I was finally getting deeper into the hardware side. But I still couldn’t see how to bring it all together.
Then we went to DEF CON.
DEF CON was a life changing experience, if only because I was surrounded by so many like-minded individuals for the first time. I finally connected the dots of what I had been working towards. There was hardware, social engineering, packet hacking, programming, Capture the Flag, everything. I saw talks on mimicking the NSA’s tools with open source hardware. My friend and I placed third in a competition to defeat tamper-evident seals. I learned a hardware description language. I attended a presentation on getting a root shell on home electronics over UART. I spent a day writing on a hotel mirror with dry erase markers trying to solve a multistage encryption puzzle. I earned my amateur radio operator’s license. I reprogrammed the Parallax Propeller microcontroller in my badge to flash ASCII-encoded messages on its LEDs. I met people from iSEC Partners, Facebook, Deja vu, and Google.
I understand now that the intersection of hardware, software, and cybersecurity is exactly where I want to sit. In a world where processors are built into more and more devices which are more and more frequently being networked, vulnerabilities are becoming more numerous, more obscure, and more dangerous. A full analysis of a device’s security now requires a gamut of knowledge, from the gate-level physics of the circuitry to the high-level abstractions. I believe that my experience, training, and education in cybersecurity, computer science, and engineering have prepared and invigorated me for such work and I am excited to begin.