In cybersecurity, we often celebrate the flashy stories—the red teamers, the zero-day hunters, the high-profile breach responders. But there’s another story we need to tell more often: the quiet, powerful evolution of builders who become defenders.
Linda Fay is one of those builders. A Head of Product Security and chapter leader for OWASP Nashville, Linda has over 13 years of application security experience, built on many years in development, QA, and project management. She’s not just leading secure product initiatives, she’s living proof that a deep understanding of how software is developed can shape how it’s secured.
Before Linda became a product security leader, she was steeped in the day-to-day challenges of software delivery. Her early career spanned roles in development, QA, build and release, and project management, providing a rare end-to-end view of the product lifecycle.
“Security wasn’t an afterthought, it just made sense. Once you’ve seen how things are built, you start to see how they can break. That curiosity led me to application security.”
At the time, there weren’t many formal resources or structured pathways into security. Like many self-driven professionals, Linda had to create her own curriculum, and that’s where she discovered something unexpected: cyber ranges.
Her first exposure wasn’t particularly glamorous.
“I sort of stumbled through a CMD+CTRL cyber range,” she laughed. “It wasn’t easy. I struggled. But I came back.”
That curiosity eventually led her to a LASCON event, where she participated in her first structured cyber range competition. Shadow Bank gave her the space to push boundaries, learn through trial and error, and get support when she needed it most. Its realistic challenges reflected the complexity of real-world applications, making each breakthrough feel hard-earned and meaningful. She didn’t walk away with a trophy, but she gained something better: real-world experience and a welcoming community.
Cyber ranges aren’t just places to test skills. They’re safe spaces to practice, ask questions, and connect with others. It doesn’t matter if you are an experienced pentester or a curious developer, everyone is there to grow.
“You start out struggling, but eventually it clicks. You find people to collaborate with. You start forming teams. You show up to more events.”
That progression mirrored her broader career: start where you are, commit to learning, and keep showing up.
For Linda, cyber ranges offer something that books, videos, and traditional training can’t replicate: context and confidence.
“They helped me understand vulnerabilities at a much deeper level, I got better at explaining issues to developers because I could actually show them what an attack looked like.”
That shift from theoretical understanding to practical insight also improved her tooling. In particular, Linda credits her range experience for improving her fluency with Burp Suite and Burp Intruder, tools that are notoriously difficult to master through static training.
But the benefits go beyond tooling. For developers who may be unsure about their role in security, cyber ranges provide a way to engage, experiment, and learn without risk.
“I encourage developers on my team to participate. Once they see how an exploit works, they care more about fixing it. It’s not just a ticket in Jira anymore, it’s a real problem they know how to prevent.”
That insight is a game changer. It builds empathy between security and engineering, breaks down the fear of participation, and reinforces the idea that everyone has a role to play in product security.
As Linda continued to participate in cyber range events, she found herself becoming a connector, someone who didn’t just compete, but helped others feel comfortable joining.
This community-first mindset led her to OWASP Nashville, where she now serves as a chapter leader. In this role, she organizes local meetups, mentors newcomers, and champions events like CMD+CTRL’s Summer of Cyber Ranges to help people get started.
“People think cybersecurity is all hacking and pentesting. But it’s so much broader than that.”
With OWASP, Linda helps expand that perspective. She regularly speaks about the many roles in cybersecurity: from governance, risk, and compliance to security operations, secure coding, and beyond.
“Not everyone has to be ultra-technical. There’s a need for writers, communicators, analysts, and strategists too. If you’re curious and willing to learn, there’s a place for you here.”
Linda admits that cyber ranges can be intimidating at first—especially for those without a formal security background.
“My advice is to just do it. You don’t need to be an expert to get started. I wasn’t.”
She compares it to running simulations in a lab environment: safe, isolated, and designed for experimentation. No production systems will go down. No data will get exposed. The only thing at risk is your ego, and that’s exactly where the learning happens.
Cyber ranges also offer something that’s often missing in training: support. The communities around these events are filled with people willing to help, share hints, and answer questions.
“You’ll be surprised how many smart, kind people are out there rooting for you.”
It’s this blend of technical challenge and emotional safety that makes the experience so impactful, and so sustainable.
As a director-level security leader, Linda has a clear message for her peers: cyber ranges aren’t just for newbies or red teamers. They’re a valuable investment for your entire team.
“Security is changing constantly. Threats evolve. Tech stacks shift. The best thing you can do for your team is give them a place to keep learning.”
She recommends integrating cyber ranges into broader team training, using them to reinforce real-world attack paths and develop hands-on skills across AppSec, cloud security, and defensive strategy.
It’s also an opportunity to break silos between teams. Developers, QA engineers, and DevOps teams can all benefit from seeing what attackers see, and learning how to defend against it.
One of Linda’s key insights from her career journey is that cybersecurity needs to be more inclusive, not just demographically, but professionally.
“There’s still this narrow idea that security means hacking into things. But that’s only one part of the picture.”
She champions the idea that policy makers, communicators, project managers, and generalists all have a place in the industry. Cybersecurity thrives when there’s diversity of thought, and that means welcoming people with varied backgrounds.
Linda is proof of this: a developer-turned-director, a cyber range participant-turned-mentor, and a community leader committed to helping others see themselves in security.
This is the first in a series of articles from CMD+CTRL highlighting the unsung heroes of software security. Check back for more insights from battle-tested cybersecurity pros.
To help more people start their own journeys, the CMD+CTRL team is inviting learners of all skill levels to the Summer of Cyber Ranges, a free, hands-on training series.
These interactive events are designed to simulate real-world attack scenarios in a safe, gamified environment. You’ll learn by doing, connect with others, and build the skills that matter, whether you’re in development, security, or just exploring the field.
Here’s what you can expect:
The next event is happening on Thursday, July 24 at 7pm ET. And yes, it’s completely free to attend. Ready to get started?