In the field of cybersecurity, few content creators have made as significant an educational impact as Katie Paxton-Fear, better known as InsiderPhd. In fact, few cybersecurity professionals have made it as influencers in general. Not only has Katie accomplished this elusive feat, but she has achieved so much more. A dedicated API hacker, educator, and bug bounty hunter, Katie’s journey from frustrated software developer to respected cybersecurity expert offers a unique pathway available to anyone willing to put in the work.

An accidental fall into cybersecurity

Katie’s entry into the cybersecurity space wasn’t planned and began because of one influential teacher’s inaccurate advice: “When I was 16, my teacher suggested that I pursue a PhD and that I would love it. I didn’t think I was smart enough, but he kept saying how you don’t need to talk to anyone ever [as a PhD student]. He said doing a PhD was about working on one topic that you’re passionate about and becoming a world-renowned expert. It turns out that this advice was all lies, but I didn’t know that at the time and was convinced.”

She didn’t immediately take his advice. She says, “I finished school and decided to get a job as a software engineer. I was walking to get lunch one day when I realized I completely hated my job. I was working on a lot of different projects, but I lost focus on what I actually wanted, which was a PhD.”

This realization prompted immediate action. Katie applied to PhD programs the next day. Because of the time of year that she started applying, options were limited, so she found herself in a cybersecurity program. 

Her transition wasn’t seamless. “It took a while to find my love for cybersecurity,“ Katie admits. But when she did, she found that her background as a software engineer gave her unique advantages.

While many know Katie for her API hacking skills, she sees her true specialty a bit differently. “I really specialize in teaching and sharing my knowledge,” she says. “API hacking would be a close second though because I used to make APIs, and I realized that I can very quickly understand how they were built and how to break them.”

Katie’s approach to hacking is both minimalistic and highly programmatic. “I am definitely a low-tool hacker; my methodology is very focused on how I would have developed something wrong,” she explains. “I spend a lot of time programming though, so I understand how software is built. Just give me something that I can see requests and responses in, and that’s me sorted!”

The role of higher education in her hacking journey

Katie’s educational journey wasn‘t straightforward. After focusing primarily on computing in school, she pursued a BTEC in games programming, followed by a BSc in computer science, and eventually a PhD in AI and cybersecurity.

When asked if she recommends higher education, her response is mixed. “Yes and no. Yes, because I think it’s a good way to try adult life on easy mode a little, and I genuinely would not have been here without my friends from university,” she explains. “No, because it can never teach you everything. You need to put in extra work to get the most out of it, and in a lot of countries, it is cost-prohibitive. You can put in that extra work without it being attached to a formal degree.”

The value of community

For Katie, the security community has been instrumental in her growth and has allowed her to understand threats and incentives from multiple angles. “I am so grateful that I have had the opportunity to sit down and learn from some amazing hackers but also from bug bounty program owners,” she says of her conference experiences. “You learn a lot about why they invested in a bug bounty platform and what they see as the major advantages. It really opens your eyes as a hacker.”

She emphasizes the importance of mentorship: “I wouldn’t be where I am today without the direct or indirect mentorship of others. TomNomNom was actually the first hacker to share my first video, and I will never forget that.”

Beyond common vulnerabilities and AI

When asked about vulnerabilities that deserve more attention, Katie is quick to point out a unique one. “I think business logic issues,” she says. “They’re hard to talk about because they are so dependent on how an application works, but I love figuring them out because everything is new and different, and I can just fiddle around until something breaks.“

However, the challenge with business logic vulnerabilities lies in their uniqueness. “They’re not as easy to describe as other vulnerabilities, and it’s hard to express how to find them when compared to something like ‘just put <script>alert(1) in every input box you see,’“ she explains.

It might surprise some to learn that Katie has an extensive academic background in AI as well. Despite this, Katie admits her views have shifted and evolve constantly. “I will admit that for someone with a PhD in AI and cybersecurity specializing in natural language processing, I was very anti-AI, but Gemini really changed my mind, and I use it a lot more now,“ she says. “I think for folks who don’t have a programming background, it is an incredible tool for understanding why software is built the way it is.”

She remains cautious about certain applications. “One thing that does worry me is developers using AI. We have so many more examples of insecure code from history, and especially if you’re using AI with a language you aren‘t familiar with, you’re not going to know the pitfalls.“

Content with purpose

Katie’s approach to content creation sets her apart in an era of quick hits and instant gratification. She strives to bring the classroom to your screen, making education not only accessible but also thorough. “I have always wanted to be the ‘bug bounty 101 course’ you wish your university offered,” she says. “I want people to feel like they’re listening to a lecture, to sit and take notes, and to really dedicate themselves to an hour of study. I think content nowadays is too quick, too rushed, and too focused on top results first and learning later, and I want to be the antithesis to that.”

Her advice for aspiring content creators is refreshingly simple: “Make stuff, even if it’s bad, even if it’s unpolished, and even if no one watches or sees it. Do it anyway. Make the stuff past you needed.”

HackHERS who inspire: Leading the charge as a woman in cybersecurity

There is a lack of women in cybersecurity, but we’re seeing progress. Thinking on the evolution of hacking for women, Katie highlighted an unexpected aspect of the community as a whole: “Given how competitive bug bounty hunting is, you’d expect us to all be shielding our computer screens and hissing at you, but actually, I’ve found that the majority of top hackers really want to share—they’re as passionate about hacking as you are!”

She emphasizes the importance of diversity: “Women make up 50% of the population. If you’re not considering them, you’re missing out on threats—simple as that. We need diversity. The chances are your adversaries are not going to be White men in their 20s in San Francisco, but if that’s the only people you hire, you’re missing out on important knowledge.”

Katie’s approach to navigating challenges in the field is unapologetically authentic and powerful. “I won’t say that it’s been easy. I think you’d struggle to find anyone who is a minority in their field who doesn’t have a story about discrimination, about struggle, whether that’s directly or indirectly,” she says. “But I’ve always demanded a space for myself. This is my interest, my field, my career, and I’m going to own it.”

Maintaining balance

Katie does a lot of hacking, teaching, speaking, and content creation. It’s easy to see how she might quickly burn herself out. But to avoid that, Katie speaks on the importance of offline activities. “[I love to take] time outside of my enclosure,” she says. “I need hobbies that don’t involve looking at screens. If I stop being creative, I will get burned out.”

Her current goals reflect this balance: “Recently, I’ve been learning hardware hacking! I taught myself how to solder, and I recently finished an ink label project. Next, I am going to hack my weather station to integrate it into a home assistant.”

Something fun and unique about Katie is that she knits. “I gravitate toward turning string into stuff. I’ve been knitting for over 10 years—taught myself using YouTube. I crochet occasionally, I sew even less frequently, and I recently got a 3D printer, so I taught myself 3D modeling.”

In essence, Katie exemplifies how embracing one’s drive to pursue their dreams and leaning into a supportive community can lead to extraordinary achievements. Follow Katie for educational content and funny quips through her YouTube channel and on her social media.