Women in IT Security, Power players

Lesley Carhart: if the shirt fits, or even if it doesn’t, wear it

When Lesley Carhart joined a start-up in the early 2000s, she was the first woman there to work in a technical role. That became obvious when she went to the marketing office to pick up her company shirts, required for anyone interacting with clients.  

The company didn’t have shirts for women. Instead, there were men’s shirts sizes large through extra, extra-large.   

But the marketing office did have tube tops that the company gave the “booth babes” who worked at conferences. 

 “There was nothing to do but try to stitch the 2XL until it fits,” says Carhart. 

Click here for complete coverage of SC Media's 2020 Women in IT Security

Two decades later, it’s less about shirts for Carhart and more about wearing multiple hats. By day she does incident response for infrastructure security firm Dragos, where she’s a principal threat analyst, spending the majority of her spare time as a prominent online advocate for infosec, the hacker equivalent of an influencer.  

A lot of Carhart’s internet work is in defending the present against a past that didn’t have certification programs or cybersecurity college degrees, which still receive some backlash from the community. What it did have was a subculture most hackers came from and used to evaluate each other.  

“Mid- to late-career professionals like myself need to be very careful about whether we still have that residual feeling from when we were junior professionals, and it took street cred get in the field,” she says. “Did you look like the thing a security professional would look like? Are you a cool hacker or not? Did you play the right video games and go to Black Hat and go to the strip club?"

Carhart wants to be clear: she doesn’t want to put a stop to fun. Rather, she wants the industry to reap the benefits of its own success. Security is now a sustainable, professional industry. The new workforce shouldn’t be bound to an older, more cliquish culture.   

"Some of the barriers that gatekeeped people from becoming security analysts in the past aren’t there anymore. That’s good. We shouldn’t resent that. The junior people today are facing different challenges,” she says. "We shouldn't be bitter about that.” 

Carhart has used her online visibility to help newcomers prepare for an industry that can often seem pretty foreign to outsiders. It’s worse, she said, for people who try to understand what the industry is like based on platforms that amplify the best and worst experiences.

“What people see on TV and on social media can overdramatize it and really influence what people think they are getting into," she said. "So, it's trying to get a reality check out there about the good and the bad and the paths people can take.” 

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.