March 1, 2019

InfosecSherpa - From Travel Agent to Law Librarian to Security Analyst!

Little does the Information Security community know, but among us are experts at OSINT. They lurk behind friendly faces, waiting to be asked questions. Some even are or used to be librarians!

Apple Podcasts podcast player badge
Spotify podcast player badge
Google Podcasts podcast player badge
Amazon Music podcast player badge
Overcast podcast player badge
Castro podcast player badge
Stitcher podcast player badge
iHeartRadio podcast player badge
PocketCasts podcast player badge
Podchaser podcast player badge
TuneIn podcast player badge
YouTube podcast player badge
RSS Feed podcast player badge

Tracy Maleeff (@InfosecSherpa) was a professional law librarian and at the top of her game. Looking for change and meaning, she searched until she found the field of Information Security. This is her journey.


Tracy Z. Maleeff (/may-leaf/), @InfoSecSherpa, is an independent information professional providing research and social media consulting with a focus on information security. She is a frequent presenter on best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC–your guide up a mountain of information.


  • There is a condition called the "Librarian Face"

  • Librarians who have a Master's Degree in Library Science are taught to be approachable

  • Was never a public librarian; she worked in "special" libraries. This made her really good at finding and accessing data

  • Tracy shares some social engineering tricks she did earlier in her life

  • Didn't grow up with computers around her

  • Advice: "Know yourself"


  • "If you are out in public… people are likely [going] to come ask you questions because you look like you know things."

  • "I did fail, but I did not fail as badly as I thought I would!"

  • "I don't regret the path that I took."

  • "For someone like me who does come from a technical background... having the certifications is what people want to see."

  • "They need to see some receipt!"

  • "Even if it turned out to be nothing, don't be afraid to speak up."

  • "I don't think I realized it was social engineering;  I just knew it was something that I wanted."

  • "Managed to talk my way not only on the plane, but also into business first."

  • "They had me at port scanning."



Getting Into Infosec

Follow Ayman on Twitter

Breaking IN: A Practical Guide to Starting a Career in Information Security