Our venture, Inspiring Journeys in Cybersecurity, is an attempt to showcase our member's journeys in the domain. We will continue to bring more inspiring journeys in the future.
Yansi Keim
Advisory Board- Student Cell, BBWIC Foundation
Linkedin: https://www.linkedin.com/in/yansi-keim/
Google Scholar: https://scholar.google.com/citations?user=FflgteUAAAAJ&hl=en
1. Introduce yourself.
Hello, everyone! Thank you for your interest in learning about my background. I am Yansi Keim, a Ph.D. Candidate in Cybersecurity at Purdue University, under the guidance of Dr. Marcus Rogers. In addition to my dissertation work, I serve as a Research Assistant at CyberTAP, an extension of Purdue. My responsibilities include designing and refining professional cybersecurity curricula and providing training to professionals. Beyond academia, I actively participate in BBWIC and WiCyS, both non-profit communities dedicated to supporting women in cybersecurity. These spaces allow me to assist women transitioning from academia to the professional realm.
2. What drove you to Cybersecurity?
There is a funny saying among Indian Engineers: “You decide what your passion is after you have finished engineering.” So, while I was an undergraduate in Information Technology (batch of 2011), it was still unclear what my calling was. What was clear, though, was my expertise in hard and soft skills. As a third-year student at a Tier 3 engineering university in India, I had a rare opportunity to publish a journal paper specifically focused on Software Cost Estimation Models and Techniques. Surprisingly, I emerged as the first woman researcher in the entire university to do so. The stages of research fascinated me at that time, leading me to explore topics beyond textbooks and lectures.
Subsequently, I joined a dedicated Graduate Program (M.Tech) at IGDTUW in Information Security (batch of 2015). The curriculum aligned perfectly with my passion for research, particularly in the field of “Digital Forensics”—a specialization that dealt with real-world scenarios. As Steve Jobs once said, “You can’t connect the dots looking forward; you can only connect them looking backward.” Since then, cybersecurity has always meant being actively involved in research. The research angle continues to keep me curious, even eleven years into the field.
3. Tell us about your journey in Cybersecurity, your ups and downs, and your accomplishments.
In the past 11 years, I have observed the growth of the cybersecurity domain in two different countries: India and the United States. Despite the geographical differences, my exposure to faculties, chapters, research collaborations, internships, and conferences has remained consistent. These varied experiences have significantly shaped my journey.
Allow me to share a remarkable memory: I served as the Host/Emcee and a Poster presenter (on QR Codes Security) at the IFIP 11.9 2018 conference. Engaging with IFIP 11.9 working group dignitaries was an honor I still cherish. However, like many others, my cybersecurity journey has also encountered its share of challenges. In 2018, I faced numerous rejections from Ph.D. programs. Unfortunately, at that time, the Indian Higher Education curriculum had not yet introduced Digital Forensics as a formal area of study.
On the bright side, Purdue University (USA) offered a program in this field, and I found a great fit with my advisor. One of my proudest accomplishments was leading the WiCyS Purdue Chapter to win the Best Chapter Award at the annual WiCyS 2022 conference. Through this achievement, I hope to inspire other international students: If I can succeed, so can you!
4. One thing you wish to change about the Cybersecurity domain? What is your take on the current job scenario in the cybersecurity industry?
There is a lack of clarity regarding the roles that can be pursued after completing a Master’s or Ph.D. degree specializing in Cybersecurity in the United States. My advice for young Ph.D. students in the cybersecurity domain is to continuously practice hands-on skills that enhance your resume. Engage in Capture The Flag (CTF) challenges, solve boxes on platforms like Hack The Box, or explore rooms on Try Hack Me. Additionally, consider whether you align more with the blue team (defenders) or the red team (offensive security).
Now, let’s delve into the fascinating world of colors within the infosec wheel. Beyond the traditional blue and red, there are five more hues waiting to be explored—so do your research! This exploration matters because there exists a significant gap between what you achieve in your dissertation and what the industry expects from recent graduates.The good news is that LinkedIn job postings now use slightly better terminology, reflecting the preferences of hiring managers seeking candidates with practical skills. Beyond technical prowess, other essential qualities include curiosity, creativity, authenticity, clear communication, business acumen, and an exponential mindset.
I encourage communities to discuss how these non-technical skills can transition from an academic background to a professional setting. And here’s a crucial reminder for students: Not all cybersecurity roles require security clearance. While applying to National Laboratories, be aware that most of them do mandate security clearance.
5. Do you think communities play a role in uplifting someone in this domain or does one need to play solo?
You may have heard the saying, “If you want to go fast, go alone; if you want to go far, go together.” Having learned this lesson early in life, I became shameless in seeking help. And if you follow my advice, you can do the same. In my opinion, communities help us become better versions of ourselves. Their members bring their own expertise as well as flaws. I believe communities teach you to embrace your flaws, regardless of what they may be.
Communities often invite subject matter experts who might be challenging to reach individually. Through community interactions, members get the opportunity to learn about diverse backgrounds—much like mine in this case. These interviews and shared experiences inspire individuals to stay committed to their cybersecurity journey.
Personally, I find inspiration in people who demonstrate leadership, offer different conflict resolution approaches, and remain open to new ideas. At BBWIC (Black Women in Cybersecurity), I’ve witnessed such demonstrations, which make me feel even more connected to the community.
6. Have you done anything in the Cybersecurity domain that has enriched the diversity and inclusion scenario? If yes, mention it briefly.
Recently, a close acquaintance of mine was laid off from a large multinational company. Notably, she is both a woman of color and part of the LGBTQ community. I had assumed that such a talented group of individuals would always find a place in cybersecurity due to the rich experiences and innovative ideas they bring to the table. However, I needed a reality check.
I stood up for this woman and shared her story, hoping that my network might offer her some opportunities. This situation made me realize the importance of representation in the cybersecurity field. We cannot afford to lose individuals whose critical thinking skills are on par and whose adversary mindset surpasses what textbooks can teach.
7. One challenge, according to you, that women face in the cybersecurity domain. How did you overcome it?
Maybe this challenge is not limited to just women but to everyone trying to find their place in cybersecurity. Educators must train people in scenarios that heavily involve critical and adversarial thinking. While there is a lot of hands-on training available, filter out the ones that closely resemble real-world use cases. This advice is crucial because interviews will undoubtedly test these skills, and inadequate training won’t be of much help.
Hence, I’ve become selective about the labs I participate in. I no longer say yes to every free training opportunity. My approach is to examine the curriculum and determine if it aligns with real-world scenarios. For instance, when it comes to network scanning, go beyond merely knowing different types of scans. Design a roadmap for what you’d do after discovering an open port using Nmap. Consider which scans you would run if it’s an FTP port or an HTTP port. Additionally, explore which directories might hold secrets in Windows and Linux environments. Essentially, you should be able to navigate like a hacker would.
8. How has your experience been with the Breaking Barriers Women In Cybersecurity Foundation?
Breaking Barriers Women in Cybersecurity Foundation is a place that made me feel right at home. As I mentioned before, I admire BBWIC’s leadership style. The women here genuinely help and look after each other. It’s like a small family making a worldwide impact. To anyone new to this community, trust me, you won’t feel left out. Aastha, our beloved founder, and I go back to our M.Tech days together—it’s like an old-age friendship. Saman, whom I met at WiCys 2023, is incredibly helpful and responsive. I fondly remember meeting Rachna, Ruchira, Harini, Sarba, Meghan, and Krity at the same conference last year; our little BBWIC party was a blast. Although I haven’t met Sana and Seema in person, I can already sense their wonderful friendship through our online interactions.
Despite BBWIC members being scattered across different geographical locations, one thing remains constant whenever we connect: our discussions. We chat about mentorship, reaching out to faculties, improving our community, helping with certifications, fostering intra-university research collaborations, exploring internship opportunities, and navigating conference applications. These topics shape everyone’s experience at BBWIC for the better.
Interviewed and edited by Dr. Sana Fatima
(Sana is an advisory board member of the BBWIC Foundation. A dental surgeon, a writer, and a full-time editor in a publishing house, Sana is a cybersecurity enthusiast herself.)