Amanda Rousseau, 31, is a senior malware researcher at San Francisco security shop Endgame. Her job involves researching and breaking down the technology used in cyberattacks. She was among the first handful of malware researchers in the world to reverse-engineer the infamous 2017 WannaCry ransomware attack that crippled hospitals across the United Kingdom.
Born into a military family, Rousseau spent much of her childhood moving around the country, attending up to 10 different schools. One constant in her life, though, was her knack for creativity. She loved to play with Lego and at age 12 built a hand-cranked printer using Lego blocks and a permanent marker. Her parents encouraged her to pursue art, which is how she ended up as a graphic design student at Texas State University.
Computer science calling
Rousseau thought that she would complete her degree and work as a web developer. Her plans changed, though, after she got a taste for computer science.
“My little brother was taking computer science at the time and my dad was like, ‘Hey, can you take the class with him so he doesn’t fail?’ He failed anyway,” Rousseau said. But she excelled.
“I found it so much more interesting than what I was doing because it was more concrete,” Rousseau said. “In computer science you can create something that’s interesting, you know how it will turn out in the end, and if you know how it works you can also take it apart.”
She shifted her focus to computer science and later got her master’s degree in information systems engineering at Johns Hopkins University.
Rousseau’s first job out of college was doing forensics tech for the U.S. Department of Defense, where she worked her way up to criminal investigations. She describes the role as a kind of apprenticeship that prepared her for later work in the private sector. Her job involved incident response, which required her to travel to sites where data breaches had occurred and quickly help pinpoint the problem.
“So if there’s a major breach — say, a bank got hacked — I would fly to the customer site with a team and we would do the forensic analysis and figure out what happened so the next team that comes in can do the cleanup,” Rousseau said.
One of her first breach investigations involved a client in Atlanta whose payment systems had been hacked. There were no outgoing flights to Atlanta the next day, so the client put her on a private jet first thing in the morning. Rousseau says this was her life for nearly two years: being notified of a breach, flying to the site, working as fast as possible to identify the source of the breach, then flying home on weekends.
“I’m glad I did that when I was young,” she said. After two years of living out of her suitcase, Rousseau decided it was time for a slower-paced job.
Sense of duty
Rousseau moved to San Francisco five years ago to do malware research, a job that she describes as less rushed than incident response. It gives her more time to dig deeper and figure out the root of a problem.
Last year when the WannaCry attack broke out in the U.K., Rousseau was one of the first malware researchers to reverse-engineer the ransomware attack and share her findings with the security community.
“I felt that it was my duty,” Rousseau said.
She doesn’t see malware research as just another coding job — she says it has a greater mission of protecting people from malicious actors, whether those bad players are trying to steal sensitive information or demand ransom from individuals or institutions.
One of the things that Rousseau says makes her excel at her job is that she’s a visual learner and is able to quickly spot inconsistencies.
A large part of her job is examining code and logs for outliers — anything that appears unusual could be a security vulnerability or suggest a hacker’s entry point.
“I’m able to recognize things quickly,” she said, likening the job to puzzle-solving.
She says that anyone who loves puzzles, Sudoku and strategy games could do well at spotting inconsistencies in lines of code.
“So even if I don’t know what it is, I’m able to bubble it up really fast. And once you get a good lead, you can go down that rabbit hole and figure out what it was.”
Going the extra mile
For much of her career, Rousseau was the youngest forensics expert or researcher in the room, which meant many people she worked with second-guessed her. She was also often the only woman on the job.
“Even when I was a forensic lead, I was briefing lawyers on what happened and they would assume I was the assistant,” Rousseau said. “It wasn’t until I opened my mouth that they were like, ‘OK, she knows what she’s talking about.’”
Doubters only fueled Rousseau’s drive to prove them wrong.
“Most of my career, I had to go the extra mile to prove I could do it,” she said.
She did it in college by passing challenging coding classes, she did it as a young investigator in the private sector and she does it now as a senior malware researcher at Endgame.
Never stop learning
Rousseau’s advice for anyone who wants to follow her path is to cast aside ego and focus on self-improvement. Even today, Rousseau keeps a regimented schedule, giving herself time in the evenings and on weekends to brush up on her skills and read what her peers around the world are working on.
“People have this ego where they think they know everything about their field and everyone else is wrong — that’s a bad way of approaching things,” Rousseau said. “You do have to have confidence in what you know, but also be willing to learn from other people.”
Rousseau lives in San Francisco with her husband and their two dogs. She recently started playing video games with her husband — he handles the fighting stages, she takes care of the puzzles.