Wendy Zenone is not only a Hackbright Academy success story; she’s also a testament that coding bootcamps are not a “quick fix.” Wendy’s journey shows that it takes hard work, determination, and grit to make a successful career change into tech. We chat with Wendy about her experience at Hackbright, her advice to other women breaking into the Application Security field (don’t worry, Wendy also explains what App Sec entails), and how her calculated risks are paying off.
Tell us what you were up to before you started at Hackbright Academy.
Before I got into tech, I was working as an aesthetitian at MAC Cosmetics, but that was not my dream. I had a small child at the time, the pay was low, and it was overall underwhelming. I was encouraging my son to go into tech, and I lived in Silicon Valley- I had to find a way to improve my life.
I had gone back to school late in life, doing an online Bachelors in Communications at the University of Massachusetts. Education is very expensive, and as I started calculating, I realized it would take me six years to graduate at $1,500 a class. So I started looking at internships where I could get experience without having graduated. I found an internship at a public relations firm where we represented small Silicon Valley tech startups. I worked directly under the founder, Xenia, and she just taught me so much. I learned terminology that was very specific to tech and startups and that I had never learned before, and it opened my eyes to the possibilities in tech. At one point, we represented Zoom, when they were just starting as a video conferencing company!
From there, I took a job at Facebook in their ads department, creating a tool that helped customers customize their ads. The role was not technical, but I worked with a team with engineers. Essentially, I sifted through ad topics to ensure that they followed our global legal policy.
What drew you to wanting to work in Security?
At Facebook, it was very new and exciting to be at such a big tech company, and it fueled a fire. I didn’t just want to work for the tech company, I wanted to be part of the tech team. My husband has worked in the security industry for a long time, and through osmosis, I had learned to love and appreciate cybersecurity and information security.
I reached out to Jen Henley, who is the Director of Security Operations at Facebook, and told her about my dream. Remember that at this point, I have no formal education or tech background. Her advice to me was to get involved and volunteer with Facebook events for cybersecurity awareness month. I got more involved by volunteering, but I was still looking for the perfect position in security.
Eventually, I found a social media job with WhiteHat Security, an application security company. It was still in the communications marketing area, but I was able to work closely with the founder, Jeremiah Grossman. Once he found out that I wanted to do more, he said, "You should learn to code. It's magic."
How did you factor Hackbright Academy into your journey to learn to code?
While I was working at Facebook, I actually started my Hackbright application. Once I started at WhiteHat, I got an automated email asking me to finish the application. I talked to my husband, and we had some concerns- Hackbright is in San Francisco; it costs a lot of money; it would mean three months without a salary. But ultimately, his opinion was that coding is the future, and it’s something we needed to make happen.
How did the Hackbright application go for you?
The first time I applied, I got through to the second interview, but I was not accepted. When I got that rejection email, my heart just dropped. It hurts regardless of how old you are, but I was in my late-thirties, and I knew I didn't have another four months to get started!
I wrote my interviewer an email, and said honestly, "I was very nervous. I do not feel that my interview properly conveyed who I am and my interest in Hackbright. Please just give me another chance to do another interview."
The Hackbright team said that they have never given someone a second interview after being declined (and they’ve since changed the process- you must reapply if you’ve been rejected), but they admired my persistence and gave me another interview. This was my last chance. I did the interview, and I was much more prepared, calmer, and had a little bit more pressure.
Tell us a little more about that interview process- was there a coding challenge?
The application itself was a series of essays and then a small coding challenge. When I applied, they say the coding challenge is “optional,” but here’s a tip: it wasn’t! If you skipped the coding test, it showed that you aren’t up for a challenge. Since then, the coding challenge has actually been made mandatory.
Note: for an updated look at the Hackbright application process, check out Cracking the Bootcamp Interview: Hackbright Academy!
What other resources did you use in your journey to learn how to code?
Prior to Hackbright, I had taken Girl Develop It courses. I also did Codecademy and some free classes offered at Facebook.
Why not continue with those free resources? What made a coding bootcamp worth it?
I am a creative person, but I was not born with a super logical brain. I needed discipline, structure, and to have everything else in my life shut down so I could just focus on learning to code.
Girl Develop It is a great resource for someone who really wants to immerse themselves for a weekend. But if you want to learn a language, you can't go to class once a week. You're going to have to move to Italy, buy bread every day and figure out how to speak the language.
The online classes don't teach you how to structure your code from scratch or even the basic things like how to get your environment set up. At Hackbright, you’re learning everything you need to work as a developer.
Was the fact that Hackbright Academy is all-women particularly appealing?
I actually didn't look at any other coding bootcamps. I thought back to PE class in high school, and I thought about how there were certain activities that I felt intimidated doing in front of men. I knew I would be more comfortable in an environment learning with all women.
I didn't grow up loving video games and building Legos. I have female friends and relatives that have that background. They love computers and games, and they are totally fine going in with a blended cohort, but for myself, I wanted that comfort of not feeling intimidated or pressured. Hackbright was better for me.
Once you graduated from an all-female bootcamp, were you caught off guard by the “real world” gender imbalance in tech?
There are two parts to that answer. The first part is in regards to the gender ratio. I came from a few tech companies prior, and I saw that there were very few women. My team at Facebook had only two females out of 25 people. I was used to it. Specifically, the security field has even less females in general. I was used to working with just men and so I was comfortable with it. It didn't bother me.
Coming into my job right now, on my specific team, I'm the only woman. In the larger Info Sec organization, there are definitely fewer women than there are men. I don't personally have an issue with it, but talking to other alumni that I graduated with, it’s clear that some people can have a hard time with that transition. They can tell that it’s a boys club, and aren’t comfortable being the only female in a meeting. From my perspective, the only way that women can change that ratio is by continuing to become developers. We have to continue and push forward, and eventually there will be an even ratio.
Did Hackbright Academy include a lot of “soft skills” training, or was it a strictly technical program?
The first 10 weeks is a very technical program. You also have a career services meeting every Thursday and your advisor goes over your resume and job skills, how to look for a job, and update your LinkedIn. You’re also learning how to negotiate your salary. The one piece that was missing for me was preparing for what it's really like to start a job. We were prepared to write code, to understand how to build software, etc, but nobody could prepare you for your first job and you’re alone in your new company, and you feel completely inadequate.
I actually spoke to the Hackbright team about this, and I went back to speak to Cohort 13 about how lost you can feel at your first job. I'm going on five months at Lending Club and I'm still learning a ton, but I was fortunate enough to choose a company that appreciates that I have very little experience.
We all go in with different learning abilities, different brains, different backgrounds, so everyone goes into their first jobs differently. Some take off and fly, while others are doubting themselves, and their new career is foreign and scary.
So where are you working now and what's your job role?
I am an Associate Application Security Engineer at Lending Club.
Did you feel technically prepared for your first job?
Once you graduate, you will feel like you've been prepared enough- at least as well as they could prepare you in 12 weeks. In that 12 weeks, I learned so much that I didn't know before. I learned how to create a piece of software, what the full stack is, what a database is, how to query a SQL database.
How did you find your first job after graduating?
What got me to this position was acknowledging what I didn't know and having that desire to learn. A lot of companies look for that. If students graduating from any bootcamp go in with that mindset, it will make things a lot easier instead of feeling like you have to pretend.
When I graduated, I was only the third person out of the Hackbright Academy history to go into security. The field is becoming a little more prominent at Hackbright now- for example, they have a small Security Study Group.
One very important thing in tech is who you know. Graduates need to not only initially rely on sending in resumes, but also to network and meet people in the industry. Go to Meetups and events that are focused on what you want to do. Those connections will greatly improve the trajectory of your career going forward. My job was found by networking and not solely relying on the partner company network of Hackbright. Bootcamp grads need to lookout for themselves and learn to stand on their own without using the bootcamp as a crutch. Go out, meet people. You never know, you may connect with someone down the road for job #2 or 3!
I think you’re the first bootcamp grad I’ve talked to who is working in Application Security! What does your job entail?
On the application security team, we work with everyone who creates the Lending Club website and the platform- engineers, developers and the QA team. We look at internal and external applications to ensure that they are secure. We make sure the code is secure and that there aren't any holes in the applications that could allow our data to be compromised. Basically, my job is to keep the hackers out.
How does the Security team interact with application developers? Are you involved in the entire development cycle?
Ideally, developers work with App Sec team before they even start a project. With that being said, products need to roll out, and meet deadlines, so sometimes we'll have to jump in mid-cycle and take a look at things and advise. Unfortunately, sometimes things will get caught in the end of the cycle as well.
Security is a mix between trying to educate and evangelize. But security is gradually becoming more prominent in companies as you see people getting hacked. We do have to convince companies that security is something you need to put time into- companies are just starting to see the benefits.
What did Lending Club do during your first month on the job that helped you ramp up into your new role?
When I started at Lending Club, they were very patient. They understood that I basically knew nothing. I knew Python from Hackbright but security is a whole separate field that I was not familiar with. They started giving me small projects, integrating me into little things, but not overwhelming me. For example, I had never worked with Jira, which is our ticketing system. When I first started, I was constantly in a state of sweating because I had no idea what anyone was talking about.
During my first few weeks, I asked to be invited to every meeting that I could be invited to. I write down things that people talk about, and I Google them. Every day I learn a little bit more, and what helped me the most was being honest in the beginning about what I didn’t know. My manager, Paul, gave me that advice during my interview, and I believe that part of why I was hired was that I had that ambition, I had that drive, and they saw that.
For other women (or people) who want to break into security, what are some good resources to get started?
Applications Security has a group called OWASP (Net Open Web Application Security Project). On that website, there are tons of resources for people that just have questions about application security in general. It is a great resource.
Then there are meetups all over the United States but specifically there’s one in San Francisco Bay Area with a mentorship program for those who are new to security.
Another resource is Women in Security and Privacy (WISP), where you’re assigned to a mentorship called a “tandem.” You put in what your skills are, and they match you with someone that matches the skills that you're looking for.
Looking back on your time at Hackbright, what is your advice to other women who want to change careers and get a technical role?
My main advice is to ignore the self-doubt. I had a lot of self-doubt, but every time I felt that doubt, I would replace it with, “What's the worst that can happen?” Just try everything you can- from applying to jobs to internships, all they can say is no. Apply to a coding bootcamp, try Girl Develop It classes. There will be times when you feel like you don't belong there, but you’ll realize that everyone started somewhere. Every day that you stay on this new path in your life is one step closer to becoming a senior developer or senior security engineer.
I never thought I would finish my final project at Hackbright because I felt like I never would know enough. I never thought I would be a security engineer and here I am. I still feel like I’m Jon Snow and I know nothing. But I am still here!