October 28, 2021

Privacy in Action: Kim Crawley, Cybersecurity Researcher and Author

Interview with Kim Crawley, cybersecurity researcher and author, discussing cybersecurity, career tips, and privacy.

One of the best things about being in the data privacy community is working alongside other communities to improve the overall experience for Internet users. One of those communities is the Cybersecurity community so shoutout to all our ethical hacker friends!

In this community building work, we’ve had the pleasure of working with Kim Crawley. If you’ve been a loyal reader of the Privacy Please! blog, you may remember her guest blogs. Or you may remember her fantastic privacy memes shared on Twitter and Reddit. In honor of Cybersecurity month, we thought it would be fun to revisit with Kim and interview her!

Kim Crawley is a cybersecurity researcher and author. She was featured in the first Tribe of Hackers book and run Hack The Box’s blog. Kim has a new book out now, 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business. Give it a read and follow her on Twitter @kim_crawley.

Interview with Kim Crawley:

Startpage: What does privacy mean to you?

Kim Crawley: Privacy means empowering people to maintain control of information about them. We’re in the Information Age, so privacy is the difference between being able to maintain one’s safety and thrive, or to be exposed to danger and be victimized.

Startpage: One a scale of 1 to 10, how private are you?

Kim Crawley: Ha, probably 7. I’m somewhat of a public figure in my cybersecurity research and writing work, so I’m not super private. Sometimes I can be a bit too open about myself on Twitter. But I understand cybersecurity operational security, and I’m careful to keep anything that could be used as an access key or PII safe from exposure.

Startpage: What drew you to the world of cybersecurity? How did you get started?

Kim Crawley: Computers have always fascinated me, ever since I saw my first Commodore 64 as a young child in the late 1980s. A lot of my tech support work in my 20s involved removing malware from people’s Windows PCs, so that’s how I caught the cybersecurity bug.

Startpage: What are some of the challenges and opportunities you’ve experienced in your career?

Kim Crawley: There was a brief scary period in the few months after the pandemic started. The companies whose cybersecurity blogs I was working for panicked and “downsized.” I require income from my research and writing work. Fortunately, by Summer 2020, there was a lot of demand at different companies for my work again. I collaborated with Phillip Wylie to write The Pentester Blueprint. Lots of more opportunities grew from there. I now have a great full time salaried position at Hack The Box, running our blog. My first solo book 8 Steps to Better Security was published by Wiley very recently. And I have continued to do cyber threat intel work for Canada’s financial sector.

Startpage: At a glance, the cybersecurity community seems overwhelmingly male. What advice would you give women and non-binary folks starting careers in cybersecurity?

Kim Crawley: Unfortunately, sexism and transphobia is very common in our industry. Reach out to women and nonbinary people who have been successful. They can give you tips. Also, their success may be an indication that the companies they work for are better places for women and nonbinary people to work.

Startpage: You’re associated with Hacking is Not a Crime and Hack The Box, can you tell us more about the organizations and communities?

Kim Crawley: I belong to an organization called Hacking is Not a Crime and I work for is Hack The Box. One is a nonprofit organization which works to dispel misconceptions about the word “hacker.” The other is a commercial entity which innovates in the cybersecurity training space. I run Hack The Box’s blog. Hack The Box is the best place for people to start learning about cybersecurity! We offer a fully online and gamified training platform. Some of our content is free, the rest is pretty affordable.

Startpage: What’s the number one piece of advice you’d give to someone new to privacy and cybersecurity? How can they learn more about cybersecurity?

Kim Crawley: Keep an open mind and learn something new everyday. Follow the #infosec hashtag on Twitter. Join the Hack The Box community. Check out The Pentester Blueprint if you’re interested in how to become a pentester, someone who gets to pretend to be a cyber attacker for a living. Read 8 Steps to Better Security if you want to learn how to explain basic cybersecurity stuff to a business.

Startpage: Do you use any privacy tools? If so, what are your favorite privacy tools?

  • Search Engine: Startpage, of course! Where else can you enjoy Google search results with complete privacy?
  • Browser: Tor Browser is still the most secure web browser available. All traffic is tunneled through the Tor Network, whether you’re on the clearnet or .onion sites.
  • Email: StartMail is the best private webmail platform.
  • Messaging: Signal.
  • VPN: Deploying your own VPN with a Raspberry Pi and OpenVPN software is best.
  • Password Manager: Honestly, I just use the password managers built into Firefox and Safari. I use Google Authenticator for MFA.

Startpage: Are there any other tools or best practices that you consider essential?

Kim Crawley: As long as you never make your password retrieval answers based on reality, you can talk a little bit more openly about yourself on social media. For example, I was born in “Candyland” and my dog’s name is “vflibjhflibjfbkf.”

Startpage: Would you rather share your search history or give up video games for a month?

Kim Crawley: Oh my gosh, tough question. I’m such an avid gamer. I spend dozens of hours every week playing JRPGs on my PS4 and Nintendo Switch. But my search history is precious, so I would give up video games for a month. Painfully.


Privacy in Action is a series of interviews with privacy-minded Startpage users from diverse backgrounds. If you are interested in participating in the Privacy in Action or would like to nominate someone to be interviewed by us, reach out to us at [email protected].

The views expressed in this Q&A are those of the interviewee and do not necessarily reflect those of Startpage.

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default