Posted on 2023-04-14 by Volkis in Feature
Welcome back to Hacker Origin Stories! We’re excited to continue sharing personal experiences from professionals in the hacking and cybersecurity industry. Our goal is to highlight the diverse paths individuals take to get where they are today and motivate the next generation of hackers to join in.
In this instalment, we’ll be diving into the story of Yianna Paris. From retail to co-founder of a web development business to packaging designer to teaching assistant to security engineer. She’s here to share her story and inspire you with her journey.
So, without further ado, let’s jump right in!
I never really thought of myself as a hacker - I thought I was going to be a video game developer. I also wanted to be a fashion designer, VFX artist, pastry chef… you get the idea. In fact, I trained in art, design and animation for a significant chunk of my life. It’s where I developed an appreciation for creative problem solving, working with different people, communicating ideas and experimenting.
Growing up, I was curious about everything and had a new hobby every few months (still do). It also reflected in the jobs I had - I worked retail, co-found a web dev business, designed packaging, was a teaching assistant for my favourite classes at uni… it wasn’t a straight-forward pathway into security. I didn’t even think it was a career option for me. People who look like me don’t always get taken seriously in tech - it was something I was told in my work, even when I ran a business! I was the girl who didn’t finish high school, left home at 15, and didn’t even think I’d be interested in formal education. I just knew I liked exploring, learning technical details about everything, and pushing the boundaries.
I really got to explore and push the bounds of this curiosity in video games. Looking back at how many times I would speed run Super Mario Bros or Crash Bandicoot, I was training for something that would later help me with hacking - practice and persistence.
Video games have always been a different kind of puzzle for me. You have objectives told to you by the game developers, and then there are the objectives you aren’t really meant to find - the bugs, the unfinished stuff thanks to budgets and deadlines, the forgotten gap in the wall that lets you breach a boundary (sound familiar?). Sometimes you need to press a series of buttons or enter a game menu a few times, maybe equip and unequip an item, or just swim far beyond what the developers think you would go - and suddenly you’re in another area, you’re more powerful, or you’ve found yourself falling through a map forever. When you’re pushing video games beyond their limits, you don’t always get the immediate feedback you’re on the right track, but if you’re persistent enough, you eventually find the reward. I didn’t realise it at the time, but I was already hacking.
I still remember sneaking on to the computer, infecting the PC with viruses to see what would happen, editing system files to see what they did - it was putting things back together I wasn’t very good - not even slightly good at (yet). Although I got pretty good at reformatting my computer because of it. I would pull apart EVERYTHING - my toys, my bike, the PC… The “why” was just as important as the “how”. The how eventually encouraged me to start building stuff, to learn more and go deeper - custom PC’s, coding websites, making video games and furniture…
It wasn’t just exploring tech or building things - I also liked pushing the bounds of physical security. Finding all the sweet spots in the house that didn’t trip the motion sensors (you figure out why), how to open windows from the slightest gap, or learning about body language - a skill that I still use in my work. Noticing those little details, the things that are slightly weird, that thread to pull on, those are what kept me interested and learning.
My first job was in retail and it was always filled with surprises - and learning a lot of patience. I remember working at a new store opening. It was crowded, I hadn’t seen so many people in such a small space just to buy auto parts. I was scanning and observing what people were bringing to the counter - I felt robotic but it was important I didn’t miss the details.
Someone wanted to buy a bag we sold - it looked big, hanging heavy beside them. They were acting a little sus, not wanting to put it on the counter. I asked a few times to hand it over, and they were reluctant, trying to give me just the tag to scan - I pretended I needed the whole bag, and eventually they got it close enough. As they lifted it up, I grabbed it, put it on the counter and scanned it. It felt heavy, so, very casually, I opened it.
Dread. That’s all I could read on their faces.
I didn’t want to scare them too quickly, but I could see they were panicking - the bag was FILLED with tools. What could happen next was running through my head - they could try grab the bag and run, get violent, or purchase it all (all things I had encountered before). I had to think quick. I stayed calm, looked them in the eyes, totally deadpan, like I hadn’t noticed anything weird - they technically hadn’t stolen it (yet). So I started scanning each and every tool. When I finally told them the total, they still had a look of disbelief, and slight horror…. They left quickly, didn’t take any of it and I didn’t see them again. It was a mix of quick thinking and judging the situation so nobody would be in danger - it was a rush. It might sound funny but all the adrenaline I felt in fast paced games, where I had to keep my cool because the slightest mistake could lead to game over… it was the same feeling, but real life. And I wanted more of it!
Fast forward a few years and you’ll find me tired of running my own business, I was building less and talking with clients more. But I wanted more of a challenge, I wanted to learn more about programming, building systems, why it all worked the way it did. So I started studying Computer Science - it wasn’t a clear goal, I really didn’t know what I wanted to do for the rest of my life.
There were two reasons I decided to enrole - one, it sounded cool (to me); and two, I wanted to learn something in a different way than I was used to. See I was used to working on my own, researching what I needed to learn, being in charge of my own schedule. This was a total shift and yet ended up being more of what I enjoyed - I chose interesting classes, met intelligent people who weren’t afraid to question things, and they always encouraged me to just give things a go, even if I thought I’d be wrong.
At this point, I had worked for small engineering firms, large ones, freelanced and I was ready for the next role. Towards the end of my degree, I joined SEEK as a software developer. But I couldn’t quite shake my interest in security. We learned to hack wifi within our first few weeks thanks to one of the awesome hackers there (Jeff) and I was hooked - you can do this as a JOB?!
My interest grew. I ran small CTF’s for my developer team which later led to running the company wide CTF, I created scavenger hunts for the team to discover how our apps worked, find broken things, and I generally tried to learn as much about security as I could. I didn’t need to be a Security Engineer to be in a security career - just the fact that I prioritised it and helped my team learn more is exactly what I’d find myself doing a year later as an Application Security Engineer.
I had learned how we build things at scale, the infrastructure it runs on, the everyday problems I run into as a developer and the disparity between the needs of security and the needs of the business. I had also learned how to talk security to people who weren’t in tech, people other than developers, and a lot of the time, those were the people making the big decisions for the business.
It was thanks to another great hacker that I got the chance to join the Security team and see if it was for me - Dr. Pamela O’Shea. Without that opportunity, I’m not sure I’d ever think I was good enough. But belief, a nudge, and the opportunity to say “yes” was what I needed.
Since then I’ve worked across Application, Product, Cloud, and Offensive Security, continued to write tooling, scripts, pentested, bug hunted, worked with the talented and multifaceted Threat Intelligence lead Molly Day (who is legendary), collaborating with our SOC, learning more about threat hunting, reverse engineered apps, and even got to do some physical security testing.
But I never forgot how much I liked to build things, so I still do. I like to teach others to look behind the veil, that it’s not just magic or that coding is reserved for a subset of people. Everybody can build something, but not everybody knows how to build it securely. That’s where I come in.
I’m now all the way in the Netherlands, continuing my journey as a Security Engineer, a researcher, and I volunteer everywhere I can. Because there was a time where I didn’t think I could do it, and it was thanks to other people seeing something in me, that I even had the chance to find out for myself. While I love what I do, I love seeing people succeed more - so I try all I can to make sure I help give opportunities to people who otherwise wouldn’t get the chance. It’s honestly the best part of my job.
There isn’t always a clear path or a reason why. Sometimes you just have to give it a go. For me, it all started with being curious, trying it out - and being willing to say yes.
Share your hacker origin story
Thank you for reading the second in the series of Hacker Origin Stories by 🤖 Yianna Paris!
Here’s to the next generation of hackers! See you next time!