I recently had the pleasure of interviewing a fellow femgineer, Kate McKinley, a security consultant at iSec Partners. As I was waiting in line …
I recently had the pleasure of interviewing a fellow femgineer, Kate McKinley, a security consultant at iSec Partners. As I was waiting in line for my daily latte at Dana Street, Kate came up to me and complimented me on my new pair of leather heels from Greece. We struck up a conversation, and I was instantly curious to learn from this tall brunette about security, and what had inspired her to become a femgineer. So I took Kate out to lunch, and we gabbed about life, our passion for technology, and how we work.
Kate started playing with mainframe computers in high school. When she started college at the University of Minnesota she didn’t think of majoring in Computer Science, but naturally gravitated toward it. Perhaps it had been her early exposure to computers, or her desire to solve problems. Although she was interested in getting a degree, Kate decided to leave and start her career as a system administrator at American Express.
Years later a friend of hers who worked at iSec Partners contacted her, and asked if she was interested in applying for a position. iSec Partners was primarily interested in her programming and development skills. Kate joined after visiting, and falling in love with, San Francisco, and being impressed by the company’s social conscience. During her career at iSec, Kate learned much more about security. She enjoys her job at iSec, because it fosters an environment in which she can learn things she probably wouldn’t have pursued on her own; languages such as C#. They also give her the freedom to do research. She recently wrote the white paper Cleaning Up After Cookies and presented it at a conference.
Kate’s M.O. is to spend a lot of time looking at code, but she will context switch to keep her mind active. Her belief is that the mind can only be productive for 6-8 hours a day. Switching to play with a site, or looking at other modules helps keep it active, and eventually she will come back to her prior task. Unlike me (my entire career has been in-house development on one code base) Kate has had the unique opportunity of seeing and reading a lot of different and large code bases. She performs penetration testing, both black box, and looking at the code base to spot vulnerabilities. But she doesn’t read through the entire code base. Instead, she starts with some of the key entry points and works from there. She does go back to the code base after black box testing or to dig a little deeper. Most of her consulting stints last about two weeks, and after which point she will write up a list of vulnerabilities, areas for improvements, or her overall findings. Then its up to the companies to make the necessary fixes, and call her back for a follow-up consultation.
Being a consultant, she works on other company sites, and from a wide variety of settings: home, office, and coffee shops. She doesn’t like open floor plans because they can be distracting.
Her philosophy on coding boils down to doing things the right way even if it means pissing off superiors. She is committed to getting projects done on time, but will put forth the extra effort needed to make sure she delivers quality code, and fixes obvious issues that others may overlook in the interest of saving time or prioritizing tasks.
Over the years I’ve heard a lot about how people view Microsoft and other software giants approach to security. While most of it has been negative, Kate had a refreshing opinion. She thinks Microsoft is actually doing consumers a lot of good by releasing patches. They are cleaning up after themselves, unlike the open source community which hopes that people will eventually fix bugs just by keeping the code base open. I guess accountability is good for business.
As far as career growth goes, Kate keeps up with technology trends via bulletin boards and email lists. She doesn’t enjoy management, but prefers coding and working on tough engineering problems. Although, she can see herself doing a complete 180; transitioning from being a software consultant to going back to school to get a higher degree in cultural anthropology.
I enjoyed learning more about security, and her approach to it. Mostly, I was impressed by Kate for being so personable for a talented and knowledgeable engineer, and having strong convictions as a coder.
