How Tarah Wheeler Uses Her Cybersecurity Skills to Help Others Hack Their Way to Success
Tarah Wheeler wrote Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories simply because no one else had done it yet.
“I wrote mad and edited more calmly,” she says. The book, published in 2016, topped the Amazon bestseller lists in Career Guides, Women & Business, and technology nonfiction.
Based in Seattle, Wheeler is an information security researcher and social scientist. She is a New America international security fellow, a cybersecurity fellow at the Harvard Kennedy School’s Belfer Center for Science and International Affairs, and a Fulbright scholar in cybersecurity.
Given her CV, it’s not that shocking that she hid a cryptographic puzzle in her Women in Tech book that took people four years to solve. “It was a callout to the gaming and puzzle culture I grew up in from the time,” Wheeler says. “I started playing HeroQuest when I was little, then Shadowrun on tabletop, then Earthdawn and D&D, and just kept going. I love cryptographic puzzles.”
With that in mind, it makes sense that one of Wheeler’s early positions was working at Halo.
“That role working on Halo’s web applications was my first role in web app security, even if I didn’t realize it at the time,” she says. “I was the person fixing all the holes in the community management software’s interface, from moving single pixels in CSS to changing sprocs to sanitizing db [database] inputs. Being a cocktail waitress taught me an awful lot about cybersecurity, as well.”
Previously, Wheeler was the cybersecurity czar at Symantec, a globally renowned cybersecurity firm, and the Head of Offensive Security & Technical Data Privacy at Splunk.
Wheeler has always been drawn to the field. “Technology and cybersecurity are simply different words to describe some of the tools people use to connect with one another in cooperative or adversarial ways,” she says. “Both those things interest me.”
Get Content Delivered Straight to Your Inbox
Subscribe to our blog and receive great content just like this delivered straight to your inbox.
So how did Wheeler carve out a career path to become one of the top cybersecurity experts in the country?
“I am barely an acceptable student yet, much less any kind of expert,” she says. “I strove for aggressive mediocrity at a lot of different topics and became someone who could explain a lot of different fundamental tech and security concepts to people outside the industry. I’m not an expert in much other than knowing exactly how to script cronjobs to look very much like an actual human is monitoring the network while I was playing Knights of the Old Republic. Here are two hints on how to do that: 1) randomly run scripts in a Fibonacci sequence to do things like check for updates on packages, and 2) use natural numbers and normal distributions when randomizing to look like human behavior. I was using some of the principles of creating a Turing test-passing avatar of myself to skive off. It makes you able to see when other people are doing the same kinds of things.”
Aside from gaming, another skill that has paid off for Wheeler is being a Texas Hold ’em poker player. There’s a key thing poker and cybersecurity have in common, she says: They’re both risk management as a high art form. In fact, her poker skills enabled her to acquire startup funds.
“My dad taught me with jelly beans starting when I was four,” Wheeler says. “He’s a poker pro. When we sit down at tables together in Vegas, we always tell people that I’m his daughter, and once or twice, someone’s made a remark like ‘how do we know you’re not colluding?’ And I say ‘Are you kidding me? That man took all my jelly beans at the poker table when I was four and I’m never going to be done trying to get them back. Collude with him? I’ll *murder* him at this table if I can.’ And then everyone looks at my face and realizes that I mean every word of it. And that’s how I learned poker. Cash to pay for cloud hosting was just a side benefit to my Hero’s Journey of trying to always outdo my father!”
Much like a poker game, one thing Wheeler relishes about her career is that every day is different — there’s no such thing as a typical day. “I can tell you that half my day is spent talking to people and figuring out how to use a two-syllable word for something that other people are using a five-syllable word to describe,” she says. “The next half of my day is spent listening to people. The last half of my day is learning things.”
In fact, Wheeler says the most rewarding aspect of her career so far is that she is now paid to learn.
For starters, she conducted research at Oxford University to define cyberwar crimes and reduce the consequences for civilians. “I just completed my Fulbright award in cybersecurity through the US-UK Fulbright Commission,” she says. “I focused on listening to the incident responders from WannaCry, the 2017 global cyberattack that took down the UK’s National Health Service.”
Currently, Wheeler is an Electronic Frontier Foundation (EFF) advisory board member, an inaugural contributing cybersecurity expert for the Washington Post, and a Foreign Policy contributor on cyberwarfare. She is also a Cyber Project Fellow, leading an international cybersecurity capacity building project at Harvard University’s Kennedy School of Government.
Her work there entails “in general, convincing people who aren’t usually listened to in international security policy that their voices matter,” she says. “There’s a huge call for diverse perspectives on the global stage for people who understand security from all perspectives. Countries and intergovernmental organizations like the OECD know they need to be listening, but their networks are often thin when it comes to women and people of color. I often translate the expertise of women and people of color into a bio that senior conference and workshop organizers can understand and would want on panels and in speaking roles. This is my public service.”
Speaking of public service, Wheeler has an interesting philosophy when it comes to mentoring, requesting that potential mentees help others first before approaching her.
“I am sorting for a couple of personality traits, and there are two sides to my request,” Wheeler explains. “One: People who have little self-confidence and think they have nothing to offer someone don’t need me to help them professionally; they need to do other work on themselves first. Two: People confident in themselves who know who they are and what they can offer will already be mentoring people and already be looking for a good person to learn from themselves, and I want to be around that energy. Ideally, people I’m helping professionally turn into friends, colleagues, and peers. One day I want to be hired by someone I’ve sponsored — I think that means I won at sponsoring people.”
It’s clear that Wheeler has paved the way for women to work in tech. For those who aren’t lucky enough to be her mentee, her advice for other women in the tech industry is straightforward:
“Don’t put fuzzy, cute mentorship energy out into the universe,” she says. “Choose three people underrepresented in tech who are one step behind you on the career ladder and deliberately sponsor them. Write them recommendations; find them jobs; when you can’t do talks, hand them off; make time; and publicly advocate for them.”
Ultimately, Wheeler’s words of wisdom are to fail more. “If you’re not failing at seven out of 10 things you try for, jobs you apply for, schools you try to get into, promotions you reach for, games you challenge yourself with, you’re not pushing yourself hard enough and using the law of averages to get big breaks,” she says. “Long term, if you’re trying to make the world a better place, no one cares about your failures but you anyway.”
To take a deep dive into Wheeler’s work, visit her portfolio site, Tarah.org, which she hosts with DreamHost. Wheeler has two takes on why she uses DreamHost.
First, there’s the “nerdy version,” as she describes it: “My WordPress install on a different cloud provider’s Ubuntu LTS servers wasn’t as LT as I’d hoped. After I stopped coding PHP as my daily driver in maybe 2014 or 2015 and really started moving to Python, I didn’t have the time to keep up with WordPress vulns, and IIRC one of my sites got popped through a vulnerable plugin I’d forgotten to update or add to my cronjobs for reminders. DreamPress has automagical WP plugin updates!”
But there’s also a longer history to it. “In reality, it’s a bit of a sad story,” Wheeler says. “I had gotten one site popped, as I said, but the truth was that a dear friend passed away unexpectedly in 2017. He had a beloved blog and a big digital presence, and I was the person the family and friends handed his laptop to in order to bypass his security measures to ensure control of his accounts and his site. I did it the day before his funeral in November 2017, and I’ve never cried so much while hacking. It brings a new meaning to ‘digital forensics.’ I now own that domain name and I keep his blog up on DreamHost, and I’ve never had to worry that someone would take advantage of any momentary lapse on my part with web security to mess with his legacy.”
Another element that keeps Wheeler loyal to DreamHost is the customer service. “The chat support is courteous and rapid,” she says. “I just say ‘shibboleet’ and they instantly just give me the code or reboot my server or fix the perms. I love those folks. They’re diverse and helpful and funny.”
We Support Your Dream
Whatever your online goals, we’ll be right there with you, making sure your site is fast, secure, and always up. Plans start at $2.59/mo.
“I like simple UI with clean interfaces,” Wheeler says. Ultimately, she hopes to accomplish more with Tarah.org than she does now, eventually expanding beyond a portfolio site. “I’ve started really coming back to the idea of blogging, but I also love to collaborate a lot,” Wheeler says.
It’s not just her website that Wheeler has big future plans for. “I optimize to prevent several poor outcomes and I maintain three or four skill sets that can pay the bills, and then I just ride this planet on whatever streak I can catch,” she says. “The last year and a half has taught me that I need to make time for joy every day, and that 10 minutes a day spent learning something puts me massively out in front of a pack of people in 10 years who try to catch up then. I will never stop learning.”
Images courtesy of Tarah.org.