After starting out in journalism with stints covering cybersecurity and privacy at CNN, The Daily Dot, and VentureBeat, Selena Larson has hit her stride over the past four years as a staff threat researcher at Proofpoint.
What led Larson to a career with a cybersecurity company was that as threat hunters, researchers and analysts, the job is to protect people from hackers and make it possible for users to defend their data, money — and digital wellbeing.
“I’ve always loved writing and research and asking questions of data,” said Larson. “Journalism is in many ways similar to intelligence analysis in that way. Becoming more technical required learning many different skills and tools, but it was just a new challenge for me. We aim to make cybercriminals’ lives difficult by preventing their tricks from working — and honestly that’s a very fun mission.”
Larson has become a leading contributor and editor to Proofpoint’s threat blogs, which offer insights into Proofpoint’s threat telemetry. These blogs have been featured in top media outlets, including Bloomberg, CNN, NBC, and BBC News. Larson is also the host of Proofpoint’s, "DISCARDED: Tales from the Threat Research Trenches," a podcast geared for security practitioners, intelligence analysts, and threat hunters looking to learn more about threat behaviors and attack patterns. In 2024, DISCARDED recorded 33,500 downloads.
Larson said she’s especially proud of Proofpoint’s research on the ClickFix social engineering technique. Posted on June 17, it involves hackers using social engineering so people think their software is broken or needs updating. But when the target follows the mitigation instructions, they end up infecting themselves with malware.
This technique has been used by multiple threat actors and can originate via compromised websites, documents, HTML attachments, and malicious URLs. In most cases, when directed to the malicious URL or file, users are shown a dialog box that suggests an error occurred when trying to open a document or webpage. This dialog box has instructions that appear to describe how to “fix” the problem, but actually will copy and paste a malicious script into the PowerShell terminal, or the Windows Run dialog box, to eventually run a malicious script via PowerShell.
Proofpoint has observed threat actors impersonating various software and services using the ClickFixtechnique, including common enterprise software such as Microsoft Word and Google Chrome, as well as software specifically observed in target environments such as shipping and logistics. Larson said combating these attacks requires some very specific training, but security teams can integrate them into their awareness training programs.
When asked about how the industry how to attract and retain more women and minorities, Larson said we need to actively recruit them, promote them, and offer equal pay for equal work.
“There’s still a culture in many organizations where security is a ‘boys club’ and that mindset needs to change," said Larson. “When we build teams and culture by only hiring people we know, from our own networks, it never lends itself to any type of diversity and the result is a monoculture. It takes work and effort to specifically recruit and retain diverse talent and unless organizations are committed to it, and actually track and measure the success of their efforts, it will not change.”
