Getting Into Infosec

Follow Getting Into Infosec
Share on
Copy link to clipboard

Stories of how others got into Information Security, their experiences, lessons learned, and advice about getting in. JOIN MY NEWSLETTER FOR ADVICE, TIPS, AND UPDATES!! Listen for an "Easter Egg" in each show! If you're looking to break into infosec, I wrote a little guide! Check it out: “I pur…

Ayman Elsawah (@coffeewithayman)


    • Aug 3, 2023 LATEST EPISODE
    • infrequent NEW EPISODES
    • 30m AVG DURATION
    • 62 EPISODES


    Search for episodes from Getting Into Infosec with a specific topic:

    Latest episodes from Getting Into Infosec

    DEFCON 2023

    Play Episode Listen Later Aug 3, 2023 5:03


    Hey folks, I'll be at DEF CON in Vegas this year! Would love to see you all there! Jack's Parties: https://twitter.com/JackRhysider/status/1686785376327987200 Checkout Miscreants at the Vendor Area: https://www.miscreants.com/ See omnystudio.com/listener for privacy information.

    Rana Khalil - From Cryptography to Pentester!

    Play Episode Listen Later Mar 11, 2022 39:02


    Rana Khalil. Rana is a senior cybersecurity assessment analyst and has a really diverse professional background. She has spoken at many different conferences, including BSides, ISSA OS, Ottawa, and hack fest. She's recently received the OSCP, a coveted security certification out there in the community. She has definitely written up and done tons of write-ups on the OSCP and different hack-the-box write-ups.  This episode will unravel how Rana discovered and journeyed through cryptography and pen testing despite attaining a computer science degree. LINKS: Linkedin: https://www.linkedin.com/in/ranakhalil1/?originalSubdomain=ca Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Security and Privacy Framework: iapp.org Full Shownotes: https://www.gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

    Norman Weekes— From Contractor To Security Ops Analyst

    Play Episode Listen Later Feb 24, 2022 33:11


    Norman Weekes is on the Security Operations Team at Salesforce. He is in charge of scanning their infrastructure and ensuring that everything is set up and operating properly. Norman already spent almost a year in the information security world. This is also his first official full-time security job. After going through different job contracts, he believes that if everything's shut down early, there's no reason not to just get in a good routine and go after whatever certification or whatever job you want. This episode will undoubtedly inspire and assist job contractors who are considering a career in the information security world. LINKS Linkedin:  https://www.linkedin.com/in/normanjr/ Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Security and Privacy Framework: iapp.org   Full Show Notes: https://www.gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

    Niru Ragupathy - From Almost Biotech to QA to Google Security Lead

    Play Episode Listen Later Aug 5, 2021 44:23


    Today we're joined by Niru Ragupathy. Niru is a Security Engineer at Google. She works as the Offensive Security Lead and manages part of the Offensive Security Team. She is currently the Tech Lead Manager. Niru sees managing as a challenging, interesting ride yet undervalued skill. She also considers it rewarding although it demands the investment of both time and effort.  She believes that it is important to start leading and take things slowly but not take the decision lightly. Having planned on taking Biotech in College but being persuaded by her parents, she was thrust to take on Computer Sciences since it has greater demands in society. In the face of her struggles, Niru has found her sense of belongingness in security management. This episode will surely encourage and benefit Engineers who struggle in transitioning on management.  LINKS Linkedin: linkedin.com/in/niru-ragupathy-99078233 Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Security and Privacy Framework: iapp.org   Full Show Notes: https://www.gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

    John Gates - From Car Mechanic to Lead IT Security Analyst

    Play Episode Listen Later Jun 16, 2021 36:44


    Today we're joined by John Gates, a Lead IT Security Operations Analyst for a global food brand. John has always liked to know how do things work - and that has proven to be a beneficial trait - from his first job as a car mechanic to IT consultancy and education to his current role. He's also an advisor and former board member at OpsecEdu, an organization educating technologists in state, local, and education agencies on security best practices.  LINKS Linkedin: https://www.linkedin.com/in/johngates/ OpsecEdu: https://www.opsecedu.com/ Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5   Full Show Notes: https://www.gettingintoinfosec.com/john-gates-from-car-mechanic-to-lead-security-analyst/ See omnystudio.com/listener for privacy information.

    Samantha Cowan - From National Parks Service To Head Of Compliance

    Play Episode Listen Later May 31, 2021 39:53


    Today we're joined by Samantha Cowan. Sam is currently the Head of Compliance at HackerOne. She's the former Director of Compliance at OneLogin and former Security Engineer at CoverHound, Cyber Policy, and Zenefits. Sam initially perceived Infosec as an "unhappy job", but later found herself taking her MBA and paving her way into the security industry. Despite having her master's degree, she was not an exemption to facing rejections when applying for cybersecurity. Her episode is mind-blowing as she shares how you can break into boundaries by being confident in yourself and by not compromising to being seen as a token hire. LINKS Linkedin: https://www.linkedin.com/in/samanthacowan/Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Security and Privacy Framework: iapp.org See omnystudio.com/listener for privacy information.

    Betsy Bevilacqua - From Almost Lawyer to CISO and Security Leader

    Play Episode Listen Later Feb 28, 2021 40:15


    Betsy Bevilacqua is the current VP of Information Security at Chainalysis. Initially, she had her mind set on law school until she did a self-audit and realized that she enjoyed computers and tech much more. Her journey into infosec led her to move from Kenya to the US to obtain a degree in Security and explore various companies involved in academia, food and facilities, healthcare, telephone communications, and finance to more traditional tech. Her interview is full of advice for those looking to break in and those already in infosec. Links, Detailed Show Notes, and Transcript: https://gettingintoinfosec.com/betsy See omnystudio.com/listener for privacy information.

    Dr. Eric Cole - Accidental CIA Hacker To Fortune 500 Security Advisory To Entrepreneur

    Play Episode Listen Later Jan 11, 2021 49:18


    Dr. Eric Cole's career has been a mixed of sixth-sense chance encounters and wisdom / foresight of the future. His uncanny ability while younger to see the opportunity in cybersecurity combined with the wisdom to listen to those smarter than him is why he is where he is today.He is an accomplished cybersecurity hacker and executive advisor. His interview is chock full of poignant advice and tips.Eric Cole's Quick List of AdviceAlways be respectful, Don't be an A**Hole to other people… but don't give a crap what other people say or think because we're unique and different. If you're an entrepreneur in cybersecurity, they're not gonna get ya.Listen to people that are smarter than you and have made the mistakes before you make them.Life will force you to repeat lessons until you learn them.Biggest gap is in the monitoring, detection, and analyst sideDr. Eric Cole has a creative side to him as well as a musician. French horn player  before and now a drummer. He's known as the Tommy Lee of cybersecurityQuotes"It's all about looking at calculated risk, understanding pro's and cons, and taking chances.""You've done the same thing six times in a row and it doesn't work, what makes you think if you do it a seventh time it's actually going to work?""Try different things.""Have advisory board members for you life.""If the best professionals in the world have coaches, why shouldn't we?""If people are not listening to your advice, 99% of the time it's because you didn't answer the right question.""Smart people know the right answer. Brilliant people ask the right question.""Good cybersecurity people solve problems. Great cybersecurity people solve the right problems.""Don't overlook the obvious.""It's never a lack of resources, but a lack of resourcefulness."Getting Into InfosecOther episodes, transcripts, a career guide to Getting Into Infosec:https://gettingintoinfosec.com/

    Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!

    Play Episode Listen Later Nov 23, 2020 41:46


    Lisa Jiggetts knew from an early age that she was going to be in tech an cyber. A navy veteren who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Checkout her journey into the cybersecurity field.NotesOriginally a cook in the military, then migrated to information security.Looked for opportunities to transition into information security by talking to people in and outside her social network.Networking can be hard, but it will turn in your favor.Lisa is an introvert, but know how to become an extrovert when needed.Quotes"When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up."“That's the biggest thing you can do. I think is networking because somebody knows somebody""So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door""[Networking is] hard, but, just do it because in the end, it's gonna turn out in your favor."LinksLisa on Twitter: https://twitter.com/lisajiggettsIntro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Women’s Society of Cyberjutsu : https://womenscyberjutsu.org/Getting Into InfosecBreaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribeAyman on Twitter: https://twitter.com/coffeewithayman

    Eric Strom - From Lawyer to FBI Cyber Division Unit Chief

    Play Episode Listen Later Oct 24, 2020 44:25


    Eric Strom is the Unit Chief of the Mission Critical Engagement Unit, Cyber Division. In this role, Mr. Strom oversees the FBI Cyber Division’s private sector outreach efforts to the 16 critical infrastructure sectors, forging partnerships with companies in those sectors to develop and share threat intelligence related to activities by sophisticated criminal organizations as well as nation state actors.NotesEric has been with the FBI for 21 years, since June 1999Originally a lawyer practicing criminal defense and civil defense then went to nonprofitEarly on in the FBI, they had to do a lot of workarounds. Cyber wasn't so straightforward.56 Field offices were all doing something different, then became consolidated centrally as a service organization.Quotes"No, it's funny. None of us really had a traditional cyber background. Tom started out his career as a geologist and Keith actually started out selling like furniture. He was a salesman.""But I mean, from the legal standpoint, you've got third party liability and other things. So we really had to walk a kind of a tight rope when it came to what types of malware we were infecting ourselves with. And then how far we'd let it go.""And so as we're taking it over, it was really interesting to sit behind one of the malware analysts and watch a Wireshark and watch the instructions coming out. I crossed the wire. It was really cool. And when it really kind of sunk in, because to me it was like a tangible thing. I can actually see it happening as it was going on.""It's (cybersecurity) probably the most rewarding thing you'll ever do in your life."LinksFBI: https://www.fbi.gov/Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Outro Music: https://freemusicarchive.org/music/KieLoKaz/Free_Ganymed/Alte_Herren_Kielokaz_ID_364Getting Into InfosecBreaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribeAyman on Twitter: https://twitter.com/coffeewithayman

    ICS Gabe - Electrical Engineer to Accidental Cybersecurity ICS Expert

    Play Episode Listen Later Oct 10, 2020 58:53


    Gabriel Agboruche (@ICS_Gabe) is a senior ICS and OT cybersecurity consultant, helping organizations solve their most challenging industrial control security problems. And that was a mouthful, but that's what I do. Journey's unique one and almost didn't happen.NotesGabe was a math whiz in the Detroit Public school systemDuring college, he had some experiences unique to him as an African American one of which was due to him being top of his class.Gabe was an electrical engineer working at Nuclear facility, then #Stuxnet happenedThe demand for cybersecurity skills combined with his experience and love for growth paved the way for where he is today.Quotes"All these systems are air gapped by regulatory guidance.""I'm here for my education. I'm going to get this education. And not even necessarily prove this person wrong, but I'm going to be here and do what I have to do in order to get where I desire to be.""He's like, wow, you're the first black guy that I have ever seen in person.""I almost rushed with him for one that a frats."" I saw that I would gain a greater exposure to a lot more technologies within my field. I get to see different plants. I get to touch different areas."Getting Into InfosecBreaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    BONUS - Lisa Jiggetts - Salary Negotiations

    Play Episode Listen Later Aug 15, 2020 15:56


    Lisa Jiggetts is the founder of the Women's Society Of Cyberjutsu. After recording, we continued talking and the topic of salary negotiations came up. It was so good I started recording again. This topic is super important. I have seen both experienced and inexperienced people make these mistakes.LinksSalary Negotiation Tips: https://www.thebalancecareers.com/what-can-employers-say-about-former-employees-2059608 (see the video too)Lisa on Twitter: https://twitter.com/lisajiggettsA recruiter's comment on the topic: https://twitter.com/Zavala_CyberSN/status/1294398519994773505Getting Into InfosecAsk A Question: https://gettingintoinfosec.com/askWebsite: https://gettingintoinfosec.comAyman on Twitter: https://twitter.com/coffeewithaymanBreaking IN Book: https://gettingintoinfosec.com/bookJoin My Mailing List: https://gettingintoinfosec.com/list

    Switching Into Infosec Success Story And Lessons Learned

    Play Episode Listen Later Jul 16, 2020 9:42


    Original Reddit post:  https://www.reddit.com/r/ITCareerQuestions/comments/fw44sg/career_change_success_story_starting_my_first/Getting Into Infosec Links:Site: https://gettingintoinfosec.com/Book: https://breakingintoinfosec.com/Follow Me Twitter For More Resources To Help You On Your Journey: https://twitter.com/coffeewithayman

    Black Lives Matter

    Play Episode Listen Later Jun 1, 2020 0:42


    Black Lives MatterTranscript:Hey everyone… So as if this time was not hard enough as it was with Covid… the American Black community has been affected yet again.It's difficult to post motivating content while so many are feeling a sense of outrage and so much going on. So I'm going to pause, slow down, or at least take into consideration the posting of new content during this period. Of course people still need to work, so I can't stop completely and I do have episodes coming down the pipe.There's a personal story I want to share related to this…A friend and I were driving once, but he realized he left his wallet at home, which had his driver's license. I said, not a big deal, they can just look you up if you get pulled over. He then looked at me, and I then figured it out… he's black. It hit me then how privileged of a life I had. It then hit me how scary driving while back really is.I may not be white, Christian, and from the suburbs, but I'm not black and male.I may not have the best things to say at this moment, but I realize staying silent isn't an option. I don't have a TV and I'm not on Twitter often, but the little I did see made me realize silence or status quo is almost as bad.Diversity and inclusion are integral part of this podcast. I've never called it out, as I just wanted my lineup to speak for itself. Many of my guests are black. For the longest time it was rare to see brown or black person at a security conference… it was quite lonely.For listeners outside of the US, please try to empathize with whatever social divide you have in your country. It could be the religious minority in your country, the darker skinned, those of a "lower" social caste, the poor, or whomever it may be… there are always those that marginally suppressed or oppressed.So….I stand with the Black community against racism, violence, and hate. Now more than ever we must support one another as allies and speak up for justice and equality.#BlackLivesMatter******************************************Website: https://gettingintoinfosec.com/Twitter: https://twitter.com/coffeewithayman

    BONUS - Announcing Getting Into Infosec BITES

    Play Episode Listen Later May 13, 2020 3:31


    Hello! Wanted to let you know I'm creating daily (almost) videos on YouTube called Getting Into Infosec BITES: https://www.youtube.com/c/gettingintoinfosecPlease like, subscribe, and spread the word.The best thing you can do to support this media is to spread the word and let others know. Thanks!Links:Site: http://gettingintoinfosec.com/Book: http://breakingintoinfosec.com/Twitter: https://twitter.com/coffeewithayman

    Kavya Pearlman - From Hairstylist to CISO to XR Superhero

    Play Episode Listen Later Apr 18, 2020 43:13


    Kavya Pearlman is an Award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. Kavya is the founder of non-profit, XR Safety Initiative (XRSI). XRSI is the very first global effort that promotes privacy, security, ethics and develops standards and guidelines for Virtual Reality, Augmented Reality and Mixed Reality (VR/AR/MR) collectively known as XR.Kavya is constantly exploring new technologies to solve current cybersecurity challenges.Quotes:"Money, Money, Money. How much money you going to make? I was so put off. No, it's not about money. I really just want to learn." [17:03]"What would you become when you grow up? I would be a D.I.G. (Deputy Inspector General)" [18:10]"This country needs me. This world needs me." [19:21]"You owe it to yourself to explore this little itch, and figure out whether this is your passion or not." [20:05]"You will inevitably make (sometimes) bad decisions .:"Technical support IS security." [31:46]"I don't think anyone read that [report], but then it gave me some satisfaction that this is awesome. I can actually take what I'm learning and apply it to the job." [32:09]"Believe in yourself, not just for information security." [35:59]Links:Kavya Pearlman - https://twitter.com/KavyaPearlmanXRSI - https://www.xrsi.org/Caroline Wong - https://twitter.com/carolinewmwongSteve Hunt [22:17] - https://twitter.com/Steve_HuntGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    BONUS - Pandemic and The Coming Recession / Depression

    Play Episode Listen Later Apr 2, 2020 6:05


    We are in the middle of a worldwide pandemic (COVID-19), a recession is here, a depression might be coming, and everyone is remote! Everything has changed. What can you do? How can you find a job in these crazy times? What are the challenges? How can you make yourself valuable? What's going through the company or hiring manager's mind?Please share or leave an awesome review if you found this helpful.

    Syntax - Arrested Teenager to Motorcycle Racer To Pentester

    Play Episode Listen Later Mar 10, 2020 49:50


    Was arrested in High School for disclosing a vulnerability in the school IT systemSyntax is an internal pentester for a large organizationWent to college for Computer Science, but dropped outInspired by the Movie HackersFirst computer had a 1MB hard drive (Yes, not a typo!)Still went to Defcon even when he was not in IT or working in securityWas a professional motorcycle racerKept all his rejection letters as a way of motivation to keep goingHad some business and entrepreneurial experience in the past, which helped him get back into the fieldGot back into security through… IT!Quotes:"A lot of our time is spent arguing with the other departments and justifying our findings." [2:58]"Is this cross-site scripting really a problem.""I get stuck a lot… it's kind of the nature of the beast." [5:17]"I'm not going to work in tech again." [12:21]"You're a motorcycle mechanic… why should we hire you?"[19:07]"It's my hacker family. These are my people. Everyone in security, they make sense to me, cause they're all kinda like me." [19:41]"I kept getting this projects coming my way and I constantly said YES." [22:07]"Have you done this before… no, but I'll learn!" [25:06]""No, this is website scraping… because I had that mindset… I was seeing it different than other analysts." [26:00]Links:Syntax on Twitter:  https://twitter.com/syntax976DCZIA: http://dczia.net/Queercon: https://www.queercon.org/Outro Music: "Pure Decking" by Patient Zero from the album "Screen Saviour" her link is http://patientzero.bandcamp.com and she is @DoctorKraft on the twitterGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Bonus - Cyber Security Job Search Frustrations (Ivan)

    Play Episode Listen Later Mar 7, 2020 2:12


    These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.Getting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Bonus - Cyber Security Job Search Frustrations (Zoe)

    Play Episode Listen Later Mar 6, 2020 4:29


    These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.Getting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Bonus - Cyber Security Job Search Frustrations (Jayesh)

    Play Episode Listen Later Mar 5, 2020 3:29


    These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.Getting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Bonus - David Zeichick - Cybersecurity College Professor

    Play Episode Listen Later Mar 4, 2020 11:23


    So as I was at RSAC, I was trying to keep an eye out for those looking to get into the field. RSA is not usually the place for that, but I saw the NetWars tournament and figured that might be a good place to start. On my way there, I met David Zeichick who had "College Day" on his badge. Intrigued, I asked about "College Day" and he told me all about it.I sat down with him for an impromptu interview on the topic.David on Twitter: https://twitter.com/dzeichickGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Tanya Janca - From Insecure Developer to Appsec, Diversity/Inclusion Advocate, and Mentor

    Play Episode Listen Later Feb 23, 2020 42:44


    Recast Link for sharing your favorite snippet: https://recast.simplecast.com/7d083a66-6e0a-4d1a-957e-cdf5afc99bb4BIO:Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, founding a new OWASP chapter in Victoria, and founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #MentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.Notes:Part of security is teaching securityStarted in software development then starting meeting hackers, and decided to switch into security.Tanya is extremely scholastically inclinedShe comes from a family full of Woman Computer Scientists, Technologists, and Mathematicians!Her aunt was the FIRST to graduate in CS from Ontario.Her mother was a mathematician.She had four uncles in Computer Science.Tanya's Quick List For Getting Into Infosec:Responsibility of a mentee: [30:29]Have energy and timeRespect your mentor's timeNeed to have already looked for the answer online before you ever ask them for somethingThey are not a free consultant, you shouldn't ask them to do your workYou shouldn't stand them up for meetingsRecognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry and they're trying to pay it forward.You want to actually do the exercises that your mentor gives youChoose your mentor wiselyDo not expect your mentor to find you a jobQuotes:"We're graduating people who don't know how to make secure software, but they do know how to make software!  So that ends up being insecure software." [4:57]"So if I was going to teach a software security course at a university, they would pay me as an adjunct professor and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35]"I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17]"A lot of penetration testers get a little depressed."[11:07]"People just don't know how many super awesome cool things there are out there!" [15:11]"The people I liked the best are the people in my computer science class." [22:24]"Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12]"You don't have to spend money at the beginning necessarily." [31:58]"Which certification should I get so that I can be a good pentester?" [31:34]"I don't know enough to be a mentor." [31:50]Links:Tanya OnlinePersonal Site: https://dev.to/shehackspurpleTwitter: https://twitter.com/shehackspurplePushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-centerOWASP: https://owasp.org/WoSec: https://wearetechwomen.com/wosec-women-of-security/Franziska Bühler https://twitter.com/bufraschGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Nick Vissari - Engineering Dropout to Math Tutor to Security Architect/Engineer

    Play Episode Listen Later Feb 3, 2020 37:42


    Nick Vissari went from being an engineering dropout (he didn't like creative writing) to tech consultant to math tutor. His penchant for fixing things homed him back into tech where he is now responsible for security at a large school district. He recently went back to school and received his cybersecurity degree as well.NotesAt 10 yro Dad had problems putting computer together, so he helped his dad with itFamily never stifled any inquisitiveness he hadStarted at a Math Tutor at the school systemNick talks about how he had the wrong attitude in security [11:38]Quotes:"Once you get into a position somewhere, do whatever you can to make yourself invaluable. Find the things people don't want to do and do them. The hard problems are the ones most rewarding." [8:55]"If you're not automating right now, it's probably because you have more resources than you know what to do with." [18:54]"There are a lot of people that are security professionals but they really don’t know about how a system works." [25:22]"Just got to have that passion to want to learn and you can definitely jump into security."[22:50]"My grandmother always said: 'Those who don't make mistakes, don't do much.' So get out there a make a bunch of mistakes." [25:35] Tweet This!"Don't be that guy that says 'No' to everything. You have to be somebody that says 'Yes… and'." [26:06]Links:Nick on Twitter: https://twitter.com/nickadamSSLstrip by Moxie: https://github.com/moxie0/sslstripFiresheep plugin: https://en.wikipedia.org/wiki/FiresheepGetting Into Infosec:Checkout My Book: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    Page Glave - Professor of Kinesiology to Cybersecurity Analyst!

    Play Episode Listen Later Nov 16, 2019 34:20


    Recast An Audiogram on Social MediaPage Glave was a tenured Associate Professor of Kinesiology with a focus in exercise science and was successful in her field. However she came to the realization that she can't see herself doing this for the rest of her life. This is her story. She offers lots of great advice on resume tips when switching, homelabs, certifications, and how she was able to break into the field.BIOI am an analyst, project manager, ethical hacker, and tech consultant with more than 10 years’ experience with research and project management. I spent awhile in higher education – long enough to get tenure and decide it was time to do something else. I have eJPT (eLearnSecurity Junior Penetration Tester), Security+ and Splunk User certifications. I love learning and tech, so digging into all of this stuff just makes me happy.Notes:5 Months in to her first security job!Being in a small environment, she gets to do everything from governance to pentesting.Previous to this she was a tenured associate professor in kinesiology with a focus on biomechanics and obesity.Quotes:"Pretty big adventure on a daily basis because no day is the same.""Really is an environment where security is everyone's job.""I think I'll always be in-house tech support for as long as I live." [7:08]"I kinda got bored… I didn't want to keep doing something that wasn't challenging." [7:28]"Do I really want to do this for the next 30 years?" [7:58]"…going through the headers, that should have been a clue that maybe tech would have been a good fit for me.""You'd be hard pressed to find anyone in Information Security who was just thrilled with their budgets.""Being able to translate that self-directed learning to something on my resume."Links:Page's Twitter: https://twitter.com/pageinsec (Thank her via Twitter)Brakeing Down Security Podcast: https://www.brakeingsecurity.com/Pacific Hacker's Conference: https://phack.org/Sam Bowne's Class: https://samsclass.info/Skadi VM: https://www.skadivm.com/ (by Alan Orlikoski https://twitter.com/AlanOrlikoski)Marco Palacios: https://twitter.com/MPalacios_CyberKeirsten Brager: https://twitter.com/KeirstenBragerIntro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Outro Music: https://www.youtube.com/channel/UCNXDIltPLbdcAavUtL00i7gGetting Into Infosec:Follow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: Breaking IN: A Practical Guide to Starting a Career in Information SecuritySign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosecWebsite: https://gettingintoinfosec.com 

    Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 2)

    Play Episode Listen Later Nov 1, 2019 50:14


    RECAST any part of this episode: https://recast.simplecast.com/da82c2e1-ef30-4f48-b169-b65846044be0Part 2 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years.BIO:Show Notes:SEE PREVIOUS EPISODE FOR COMPLETE NOTES & RECRUITING TIPS FROM NICK.Getting Into Infosec:Follow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: https://amzn.to/2HP2i25Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosecWebsite: https://gettingintoinfosec.com

    Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)

    Play Episode Listen Later Oct 25, 2019 36:48


    RECAST Any part of this episode: https://recast.simplecast.com/7eb82844-74aa-4e1e-9c1b-e7a6653da300Part 1 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years.BIO:I've been in infosec for 8 years, and in various IT roles since 1996. Developer -> Sales Engineer -> BD Specialist -> Security BD -> Security Recruiting -> Dir. Corp Dev. However, whatever role I've had, I've also been one of the top recruiters for each company I worked at.Show Notes:Internal recruiters != external recruitersBackgrounds are differentExternal recruiters come from varied backgrounds, virtually zero from infosecMuch like BD peopleInternal recruiters are more likely to have a greater understanding of infosec or at least ITA recruiter that doesn't understand security is more likely to make bad placements with higher turnoverMotivations are far differentI want to choose people to spend a career withThey want to make a commission and meet SLAsAttention to detail is very differentA tiny detail that could betray a hidden skill set or flaw would likely be overlooked by a 3rd partyI have an interest in understating the person, not just the resumeWhat is their desired career/life trajectory?How will our company enrich/hinder that life?You are in competition with an army of low-skilled counterfeitsYou need to be able to demonstrate raw skills, not just list your certsHave a body of work available for review on GitHub, your own site, etc.Internships are a nice touch, but they cut both waysYou interned with unnamed-big-4-biz-consulting firm? Don't drag that culture in here. I fear for what you learned.Can't talk about where you interned because it was a non-DOD three letter agency? Communicate that point to me in your way. If that is the truth, I'll trace you back and verify.Always be client facingI have seen many recruits passed over for poor hygiene, arrogant treatment of interviewers, disclosure of illegal activity, and just generally obnoxious behaviorYou couldn't act like this on a client site and not get sent home; don't do it on the interviewYes, you are talented...there's always someone cooler than youInterview your interviewersYou should have a standing list of questions for interviewersWhy do you stay with them?What is the intended growth path? Organic? IPO? Channel?Is there any merger/acquisition activity going on? Planned? Intended impact?Is there any rebranding activity going on? Planned? Intended impact?What conditions are driving this open role? Turnover? Internal restructuring? Organizational growth?Will I be supported in my security research? How?Does your company have a defined mentoring path? Why not?How does the company support continuing infosec education?Meet your teamWatch the team interaction closelyCan you see cohesion? Are they supportive or adversarial? Are they authentically happy with their jobs?Understand the org chart you are stepping intoTo whom does security answer? CXX? IT Director? General Counsel?Understanding this will help mitigate surprises laterUnderstand the company cultureBig corp? Big corp problems.Boutique? Founder problems.Is there a "tree house" mentality among the senior employees?Never forget who you areI know you want a job, but don't take a job that is sure to kill you slowly from the insideLike doing offensive security? Don't start in the SOC.Did you walk away from the interview(s) thinking that this company understands the care & feeding of hackers?If you can already see the point at which you will outgrow the company, is it the right place to start?Maybe! If you have a goal of entrepreneurship, or of working for a specific team, this first step just needs to support that eventual goal. This may be detected by an astute interviewer, though.Resume tipsOne page.My dad started at the bottom, and worked up to EVP of a Fortune 50 corp. One page.Focus on your relevant work experiences and extracurricular infosec workI'd rather read about 0days and CVEs than certsI want to know about your community involvement2600, local DCs, TOOOL, OWASP, etc.Presentations at cons matter to me, especially if I can watch you deliver information to an audienceLike a free audition, and believe me I watch every one people link in resumesI don't care about your GPA, fraternity/sorority, who we know in common, what sports you enjoy, or what you look like. At all.Seriously, don't add a photo.General tipsCode. Know it. In several languages.Despite semantic differences, you should have a pretty good working knowledge of the most widespread VMs, coding languages, and compilersWeb apps are your paycheckKnowing the OWASP Top 10 is like knowing your middle name...not impressive in and of itself, but if you don't know them, there's something wrong.Many composite "red team" projects will involve some Web app hacking, and even the most specialized consultancies will agree to a Web app assessment for an established clientThink holistically, and make yourself more valuableIf you can't write a report, of what value are your assessment activities?Seem to always have interpersonal conflict? Time to read up on Empathy and EQ. Be the go-to on your squad.Get comfortable with an audience. Toastmasters is there for you.Learn the value of "the Halloween Mask" as Henry Rollins called itSure, you're a young security professional. We all expect eccentricity from you. We're all also trying to make money and be taken seriouslyDon't forget: in boardrooms of white haired old men across the nation, we're still the same guys who lost them millions of dollars on ERPs and useless Y2K preparationsI'm not kidding about this.Don't wield your difference like a blunt object. A little bit goes a long way when you're also scaring the hell out of everyone with pen test reports.My life is far more complex and wacky than my coworkers know, and I talk a lot. I just know how much to let through the mask.Getting Into Infosec:Follow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: https://amzn.to/2HP2i25Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosecWebsite: https://gettingintoinfosec.com

    September 2019 Update

    Play Episode Listen Later Sep 23, 2019 2:03


    Summer was crazy, my day job is keeping me super busy, and I've been really mentally occupied lately dealing with kids, family, and school. I miss producing shows, and will be getting back into it, have some really good shows queued up. I've still active on Twitter when possible, so we can stay in touch there in between shows.Oh and by the way, it's been a year since I started podcasting! Pretty cool. So many things I want to do with the show like animating my spoof ads and transcribing the shows.Anyway, just wanted to update you and let you know I didn't forget about you. I can't wait to release some of these amazing shows.As we depart, here is a preview of draft a spoof ad I put together real quick. It talk about my love of the word "cyber". See you next time. Getting Into Infosec:Follow Me on Twitter: https://twitter.com/coffeewithaymanSign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosecSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book - Breaking IN: A Practical Guide To Starting A Career In Infosec - https://amzn.to/2HP2i25Website: https://gettingintoinfosec.com

    Fareedah Shaheed - From Tech Curious to Information Security

    Play Episode Listen Later Jul 31, 2019 35:10


    Fareedah, a lifelong learner, was always interested in technology and grew up reading her father's Cisco books. His influence led her to the field of information security where she stepped up and is always tackling new challenges.BIOFareedah Shaheed was born in Maryland but spent most of her childhood outside of the US. She returned to the States in 2013 and attended the Community College of Baltimore County (CCBC), where she majored in Cybersecurity.Her experiences with different cultures and the tech field led her to combine her interest in psychology with cybersecurity and thus, her passion for security awareness was born.In 2018, she founded Sekuva with the mission to educate and support small business owners and families with understanding how to secure their sensitive information.She currently works as a Security Control Analyst at a financial firm in Maryland.Notes:Currently works with Security Awareness and Threat Intelligence.Must break down concepts for both executives and associates.Saw that there was a lack of cyber-security awareness for "regular" people, especially with parents.Got thrown into leading "lunch & learn" events and experienced imposter syndrome due to her lack of her experience.Her lack of experience became a benefit to the audience as they were able to relate!Father was in tech. Changed her major in college based on his advice.Wanted to teach but didn't want to be a teacher.Read 2000 books since childhood.Fareedah had really good role models growing up.Quotes:"I vowed never to have anything to do with math whatsoever.""I was a broker, I did an internship, I did teaching... and through all of that I realized I didn't really want anything but tech.""Whatever your parents' field is that kind of is in the back of your head, whether it's a yes or no.""Let me do it. Let me try this out.""Cybersecurity is new, it's upcoming. I really believe that your skills would be good for cyber. There's not a lot of women there. Especially not a lot Muslim women there, who look like you.""I remember just lying awake at night just thinking about how does WiFi work."" Instead of guards we have guides." [21:12]"You have to do it afraid, you can't wait for the perfect moment." [25:35]Links:Fareedah on Twitter: https://twitter.com/cyberfareedahFareedah's Company- Sekuva: https://sekuva.mykajabi.com/Year Up: https://www.yearup.org/Getting Into Infosec:Follow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: https://amzn.to/2HP2i25Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosecWebsite: https://gettingintoinfosec.com

    BONUS - Updates, Defcon, More

    Play Episode Listen Later Jul 26, 2019 4:10


    Transcript Hey everyone! It's been awhile, I know! Life has been busy. Lots of transitions, so schedule has taken time to get used to. Feedback has been amazing, so a big thank you to every one of you. I've been busy trying to get ready for Defcon as well. Super excited about being there! Look for me in the Getting Into Infosec t-shirt and please say hi. I'll be attending Bsides, The Diana Initiative, and Defcon. I'm actually planning on having a meetup for listeners on Friday August 9th, at Defcon, with many of the guests from the show. Details still being worked out. I also plan on bringing stickers! I ordered 1000 stickers (not cheap by the way) and will be going to the unofficial Defcon sticker swap! Also working on some other schwag as well like T-Shirts and Mugs. Feel free to send in any ideas you may have. If you missed it, checkout a recent Darknet Diaries episode were both the GUEST and HOST were on this show. That's kind of exciting! It's Episode 42, mini stories Vol2. Link in the notes. Make sure to check my twitter feed (@coffeewithayman) for updates. Lastly, checkout the Security Sandbox podcast by Sean Sun (https://twitter.com/seanqsun). I had the pleasure of meeting him in person, and he's an all around cool person. He also runs Hacker Culture FM (https://www.hackerculture.fm/) as well, so I'd keep an eye on that. Your support and energy has been awesome. Please continue telling your friends about the show and showing your love like you have been. It's really appreciated. Ok! That's all I have. Back to editing episode 25 and getting ready for Defcon. If you've never been, I highly encourage you to go. See you next time. Links: Security Sandpox Podcast: https://podcasts.apple.com/us/podcast/hacker-culture-fm/id1453203447 Sean Sun: https://twitter.com/seanqsun Hacker Culture FM: https://www.hackerculture.fm/ Defcon Sticker Swap: https://twitter.com/dcstickerswap Outro Music: https://soundcloud.com/southlondonhifi Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com

    Keya Horiuchi - From Teacher, Filmmaker, and Website Design to Security Engineer!

    Play Episode Listen Later Jun 14, 2019 32:16


    Keya was a public school teacher who stood out of the crowd. She loves problem solving and challenging environments. Keya was also a filmmaker and web designer. She's currently a detection security engineer who get knee deep in malware on a daily basis.Notes:Knew she didn't want to be a teacher her whole lifeWas the only one in the rational thinking group at her school.Enjoys rational thinking and the problem solving process.Prototyped a mock medical device with a Raspberry Pi and won a national competition!Quotes:"Easy to get in to what you're comfortable with... and I didn't want to have a job like that.""It was something that I enjoyed but I definitely feel more at home with the cohort that I work with currently and with what I do.""... for me it was an amazing process because I hadn't ever SSH’d into a device and I had to figure out how to get like ports scan.""I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos I looked at a lot of GitHub accounts trying to figure out like I've got to make this move." [14:24]"It was incredibly challenging. A lot of times I was trying to figure out... where sometimes the information that you get from the client is essentially just a hint of what's going on in the network." [17:07]" You just have to be creative and keep going at it until you can do what needs to be done." [18:08]"Yeah. It's amazing, and especially coming from public school teaching where I had seen almost physical fights altercations happen over like reams of paper because there's just not that much allocated towards schools to where snacks are brought in. Like it's a very different environment…" [21:22]"You did great on the test, but I want to watch you take the test." [23:06]Links:Keya OnlineEdx: https://www.edx.org/NSF Project: https://nsf2015.fosslounge.org/Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons)Outro: Cosmetic Cosmos by Verified Picasso https://www.youtube.com/channel/UCqDmyXPJdrZjwUdWLyhyQRAGetting Into Infosec:Website, Show Notes, Transcripts: https://gettingintoinfosec.comFollow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: https://amzn.to/2HP2i25

    BONUS - Audiobook Sample!

    Play Episode Listen Later Jun 4, 2019 3:49


    Listen to the retail audio sample of my book: Breaking IN - A Practical Guide to Starting a Career In Information Security The book is narrated with a female voice, Kati Fredlund. She did an amazing job! You can read a sample or purchase the whole book here: https://t.co/DDXxfVwpD7 Full Audiobook to be released soon!

    Hossam Mohamed - Young Hacker to "Not A Security Researcher"

    Play Episode Listen Later May 26, 2019 31:38


    A 19 year old "not a security researcher". Facing limitations because of his age and not having the right "prerequisites" Hossam has had to make his own path. He also dreams in code and is one of the youngest OSCE's in the world!BIO:Hossam Mohamed is one of the youngest OSCE in the world and currently working in cyber security domain for a financial company in Istanbul. His area of interest includes exploit development, offensive security, secure web development, malware analysis and he is a big python loverNotes:On the organizing team of BSides IstanbulBest friend is a computer.Just finished high school last year!Was doing freelance web design and security projects for clients.Taught himself assembly.Developing offensive security labs.Hacked his way to getting a job. :)Quotes:"Because I love code.""I wanted to understand how these games work." [5:56]"I developed a project for my school. They liked it, but no one cared actually.""No one in infosec doesn't play a little bit (hacking)." [8:04]"Technical interview was great... didn't work because of my age and my education. I was only 18." [10:22]Do you ever dream in code? "Actually... how did you know that?" [12:35]"People think when it's about assembly and reverse engineering, omg it's untouchable.... No I'm telling you there is much more lower level than that.""I feel bad when I get sick because I don't go to work... I don't (get to) open my laptop and looking to code.""When I'm far from my computer for two or three days... I'll be depressed.""You can make it part of your day." [22:52]"I wanted to send them the new domain controller password with the report. " [25:23]Links:Hosam on Twitter: https://twitter.com/wazehellHosam's Website: https://wazehell.io/BSides Istanbul: https://bsidesistanbul.com/Upcoming talk "Hunting For Windows Remote Zero-days": https://bsidesistanbul.com/hossam-mohamed/Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons)Outro: Weak Knight by Devon Church - https://www.youtube.com/watch?v=LEOYtxvlnAYGetting Into Infosec:Website, Show Notes, Transcripts: https://gettingintoinfosec.comFollow Me on Twitter: https://twitter.com/coffeewithaymanSubscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ACheckout My Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    BONUS - Consuming VS Producing

    Play Episode Listen Later May 21, 2019 1:59


    My thoughts on consuming vs production and how it relates to Getting Into Infosec. Sometimes we get stuck learning, consuming security news, trends and etc... but we forget to produce something. Whether it be testing a new exploit we heard about, trying something new in our lab, or applying something we learned the day before. Finding the write balance is important. If we're stuck, take little steps - better than no steps. Links: https://www.google.com/search?q=producing+vs+consuming https://lifehacker.com/start-every-day-as-a-producer-not-a-consumer-5887345 Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Izzy - Random and Unplanned: From Annuities to ISO!

    Play Episode Listen Later May 12, 2019 39:24


    Ismaelle Vixsama (aka Izzy) has a knack for finding strategic flaws and speaking up about them. Doing so helped her get her first full-time job as well as have repercussions for defensive egos. Her whole career is a war story.BIO:Izzy is an ISMS manager with 7 years of experience. She has worked in FinTech, Government, and Security R&D. Her work has allowed her to work on several mainstream products and services with some of the most well recognized brands.Notes:ISMS - Information Systems Security ManagerCreates a security program around a company's information systems.Played the CISO role initially, very CISO like roleFirst role in security was in RiskIzzy comes from a very traditional Haitian backIzzy came up benefits at her job for an opportunity to learn something new and be in a non-toxic environment.First heard/learned about hacking at 15 from an AOL chat with a "hacker".At 23 decided to speak up in a meeting a provide feedback, which led to her being hired Full-Time.Quotes:"At the time I was 22 years old, the pay wasn't that great but for me it was amazing because I was doing something I hated, I had benefits at my previous job but this company was giving me an opportunity to learn something new. To me that was so exciting.""He looked at my resume and he said 'I realize you have no cybersecurity experience.' By starting the conversation like that it took some pressure off of my shoulders." 10:00"I was so nervous that he was going to drill into me about all these topics I had no clue about.""I didn't even [know] I had sisters.""Everyone just kinda wrote me off." 16:20"Who is the audience, what do we want to say here?" 21:13Worst comment ever... "We have to really train you on your critical thinking skills." 22:45"A good idea is a good idea, regardless of who it came from.""My whole career is a war story." 32:05Links:Izzy on Twitter: https://twitter.com/Is_VixHer story: - Her story is on Twitter: https://twitter.com/Is_Vix/status/1079218656138149889Izzy's BUsiness, VixCyber: https://vixcyber.co/NIST Cybersecurity Framework: https://www.nist.gov/cyberframeworkIntro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons)Outro Music: "Feather Duster" by Geographer: https://www.youtube.com/channel/UCcB_tnqYHwPzADwUdeppIIQGetting Into Infosec:Twitter: https://twitter.com/coffeewithaymanYouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ABook: https://t.co/DDXxfVwpD7

    David Scrobonia - Lifelong builder, Appsec Engineer, Creator of ZAP Heads Up Display

    Play Episode Listen Later May 3, 2019 37:39


    From Zero to One, David is a lifelong builder. Wherever he goes he just builds things. From an electric car to adhoc android apps to ZAP HUD, an awesome heads up display for ZAP Proxy, a game changer imho. We discuss the lack of UX in the security tooling community, how contributing to Open Source got him his job, and even about imposter syndrome.BIO:David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and leads development for the OWASP ZAP Heads Up Display project.Notes:Mostly interested in architecture and mechanical engineering when younger.Built his own electric car with his dad, out of a Porsche 914!!David explains XSS and why certain languages are better than others, such as react.David gets lost in El Segundo. Yes.Quotes:"It's just a program that listens on these silly protocols.""Playing with my hands I wanted to do more hands on stuff, quickly fell in love with the coding side as a lot of people do.""I was like... what's GET? what's POST? What do you mean?""Before you know it right it seems so daunting.""Still plenty of opportunities out there. Will be a long time before the world is perfect and secure.""With all those things, I've been working in the security industry, but I didn't really feel part of any security community.""I have nothing but good things to say about the open source community.""...they're (security tools) just not built with user experience first.""I think people underestimate what they are able to contribute."Links:David on Twitter: https://twitter.com/david_scroboniaRube Goldberg Machine: https://en.wikipedia.org/wiki/Rube_Goldberg_machineDan Boneh's Cryptography Course: https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/OWASP Appsensor Project: https://www.owasp.org/index.php/OWASP_AppSensor_ProjectZap Proxy Heads Up Display (HUD): https://github.com/zaproxy/zap-hudArticle by David on Zap HUD: https://segment.com/blog/hacking-with-a-heads-up-display/Brakeman Pro: https://brakemanpro.com/https://samsclass.infoMy talk at Sam's class: https://www.youtube.com/watch?v=KJvPHZGtGdMIntro: Cascadia by Trash80 (https://trash80.com) Licensed Under Creative CommonsOutro: Cancun by Topher Mohr and Alex ElenaGetting Into Infosec:Twitter: https://twitter.com/coffeewithaymanYouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ABook: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    BONUS - Cliff's Notes To The First 20 Episodes!

    Play Episode Listen Later Apr 27, 2019 30:50


    Having completed 20 episodes, I decided to take a moment to go over each episode briefly. Thanks to call my guests! Ep01 - Dan Borges: https://twitter.com/1njection Ep02 - 0daySimpson: https://twitter.com/0daySimpson Ep03 - Christina Hanson Ep04 - Matt Toth: https://twitter.com/willhackforfood Ep05 - Rob Carson: https://twitter.com/robcarson05 Ep06 - Robin Stuart: https://twitter.com/rcstuart Ep07 - Clay Wells: https://twitter.com/ttheveii0x Ep08 - Elvis Chan: https://twitter.com/FBISanFrancisco Ep09 - Virtual Kyle Kennedy: https://twitter.com/Kyle_F_Kennedy Ep10 - InfoSteph: https://twitter.com/StephandSec Ep11 - Yaron Levi: https://twitter.com/0xL3v1 Ep12 - Jack Rhysider: https://twitter.com/JackRhysider Ep13 - Marcus Carey: https://twitter.com/marcusjcarey Ep14 - Nipun Gupta: https://twitter.com/nipungupta Ep15 - Adrian Kaylor: https://twitter.com/AdrianKaylor Ep16 - InfosecSherpa: https://twitter.com/InfoSecSherpa Ep17 - InfosecJon: https://twitter.com/InfoSecJon Ep18 - Masha Sedova: https://twitter.com/modMasha Ep19 - Jared Folkins: https://twitter.com/JF0LKINS Ep20 - Leron Gray: https://twitter.com/mcohmi Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    BONUS - MCOHMI New Song, Trap Music, and Domain Song Background

    Play Episode Listen Later Apr 17, 2019 3:55


    MC OHM-I (Leron Gray) talks about his next project about tabs in the browser, trap music, and some background on his awesome song Domain. Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Leron Gray - From Navy E6 to Pentester, SANS Mentor and Nerdcore Rapper!

    Play Episode Listen Later Apr 12, 2019 42:43


    Leron Gray is a man of many talents. Not getting really into computers until much later in life, but always having a creative side, he now finds himself as a pentester working from home and nerdcore rapper producing amazing beats! BIO Leron is currently a penetration tester and a ten year Navy veteran with four years experience as a Cryptologic Technician (Networks), focusing primarily in offensive cyber operations. He holds a Bachelor's degree from Dakota State University in Cyber Operations. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more and pass on knowledge. He always enjoys competing in as many Capture-the-Flag events as possible and also often performs as a nerdcore rapper. Leron currently holds eCPPT, eWPT, GPYC, GPEN, GAWN, GCFE, and GICSP certifications. He also maintains a blog and maintains an active Twitter discussing music, information security and wrestling. Notes Went to a high school that made you choose majors. Grew up poor, was not allowed to go out much. Technological learning came from school. Didn't really get into computers until he was 25. Has been in music sister Jr. High School. Marching band, jazz band, and concert band... all the bands. Networking is the biggest thing that Leron says would help. Leron offers his passionate opinion on "aptitude". It's a pet peeve of his. Quotes "I learned a lot... I made sure not to waste any opportunity for learning..." "Job searching in general is a pain." "I don't think I would be where I am right now if I hadn't gone out and made that effort." "One of the big deals that people had were degrees, I wasn't really sure why; I have 10 years of IT/Cyber experience." "It turned out the company no longer owned that server. Their DNS was still pointing to it though." "I took Java in high school and was really bad at it and I found out everyone is bad at Java so it doesn't really matter." "It's so much easier to learn when you have a problem to fix." "It's not even just information security that learning pyt hon could help... it could be anything you do.. .often enough to warrant not to do it manual." "Nobody does a CTF and expects not to learn something by the time they leave ." "Job searches shouldn't be like that. They should be based on you merit. But..." "Maybe the person can't get OSCP, but maybe they have the skills or knowledge..." "The idea of aptitude... raises too many borders." Links Leron on Twitter: https://twitter.com/mcohmi Leron's Blog: https://daddycocoaman.dev/ Leron's GitHub: https://github.com/daddycocoaman Class that Leron Is Mentoring: https://www.sans.org/mentor/class/sec573-seattle-19mar2019-leron-gray Visual Studio Code: https://code.visualstudio.com/ PyCharm: https://www.jetbrains.com/pycharm/ IPython Notebook: https://ipython.org/notebook.html San Antonio's Hackers Association: https://satxhackers.org/wp/ MC OHM-I: https://www.mcohmi.com Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons) Outro Music: https://soundcloud.com/mc-ohm-i/domain Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Jared Folkins - 18 YRO Manager To Education Security To Human Hero

    Play Episode Listen Later Apr 3, 2019 57:56


    Jared Folkins understands people, technology, and the world around him. He can smell a toxic environment from a mile away and has used that EIQ spider sense for good. Jared shares with us some VERY personal stories (tear jerker warning!) in integrity and life decisions as well a bunch of on the job war stories including a famous one featured in the news! This is probably my most dramatic episode yet. Notes: At 18 got promoted to manage a team of 50, because he wasn't lazy. In hindsight was able to see indicators of the dot com crash, but didn't realize that. Had a fork in the road where he had a major decision to make. Jared shares with us a VERY personal story and the life lesson from that which he applies in his professional life. Having low tolerance for toxic relationships, Jared has been able sense toxicity and it's been a driving force for good for him. Quotes: "I believe in the power of admitting when you're wrong." "I carry my guilt between my shoulder blades." "When I make that mistake; When you have a team that you can trust or a team that honors you, you have the freedom to say stuff like that." "You can only control you." "Constraints can be healthy." "Stepping outside of your comfort zone... super healthy too." "If someone tells me this person... is not a good person, I'll actually go meet that person. I want to asses it for myself." "You get rejected, don't get super emotional... just work with what you have and move on." Links: Jared's Blog: https://www.acloudtree.com Jared's Twitter: https://twitter.com/jf0lkins Jared's GitHub: https://github.com/jaredfolkins Opsec Edu: https://www.opsecedu.com KayPro Computer: http://oldcomputers.net/kayproii.html Donkey Kong Clone: https://ostermiller.org/ladder/ Grand Mal Seizure: https://www.mayoclinic.org/diseases-conditions/grand-mal-seizure/symptoms-causes/syc-20363458 Project Dir Fu: https://www.dir-fu.com/ TorHound: https://github.com/jaredfolkins/torhound Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Masha Sedova - From Generations of CS to Behavioral Science and Entrepreneurship

    Play Episode Listen Later Mar 22, 2019 45:41


    Masha Sedova comes from a history of computer scientists! Her grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! She loves challenges and is now utilizing what she thought was a waste of time in Liberal Arts to conquer challenges in Information Security using behavioral science, emotional intelligence, and other human factors. BIO: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black-hat, RSA, ISSA, Enigma and SANS. Notes: Grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! Her Grandma taught her dad and her dad taught her programming around the 6th grade. Had access to a computer only through the local University. Masha began her search into 3 disciplines Game Theory Positive Psychology Behavioral Science Leaderboards are better for only a small subset Quotes: "You can't patch a human being." "We've taken a technology solution to a human problem, and I think that's totally wrong way of going about it." "Without the human interaction we would not have been able to get that alert." "Focus on failure as an eventual outcome." "I like picking hard challenges and very tall mountains to climb and computer science seemed like a tall mountain." "If you give people the correct amount of challenge, that is a state of happiness." "I found that leaderboards are effective for a small subset of people." "The reasons people don't do things is not because they don't know." Links: 6:1 Positive Feedback Ratio for Performance: https://medium.com/@Praiseworthy/harvard-research-finds-employees-need-a-6-1-positive-feedback-ratio-to-perform-their-best-8f14160a8fbd Dr Gottman: https://en.wikipedia.org/wiki/John_Gottman Reality is broken by Jane McGonigal: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 Flow by Mihaly Csikszentmihalyi: https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics/dp/0061339202/ BJ Fogg: https://www.bjfogg.com/ Opower Report: https://www.povertyactionlab.org/evaluation/opower-evaluating-impact-home-energy-reports-energy-conservation-united-states Predictably Irrational by Dan Ariely: https://www.amazon.com/Predictably-Irrational-Hidden-Forces-Decisions/dp/006135323X Intro Music (Cascadia by Trash80): https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music (Quincas Moreira - Entire): https://www.youtube.com/watch?v=DoKpuXyIyVs Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    BONUS - InfosecJon Learns Trust But Verify The HARD way

    Play Episode Listen Later Mar 20, 2019 6:50


    InfosecJon expands on some CRAZY follies he experienced during his times in the Navy. He learns through trial by fire, literally, trust but verify! Notes: Jon almost gets crushed inside the engine of Naval Ship A boiler explodes and Jon, a Jr Engineer, was left in charge of the situation and had to give orders Jon got soaked with engine Oil on a running ship resulting in the loss of pitch control Luckily Jon was wearing a PEP suit Tag-out manual: https://www.public.navy.mil/NAVSAFECEN/Documents/afloat/Surface/Rsrcs/References/TUM_REV_07.pdf Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    InfosecJon - From Rudderless Youth to Navy Engineer to Security Professional

    Play Episode Listen Later Mar 15, 2019 48:51


    InfosecJon runs a website cataloging his learning and dedicated to helping others get in the field. He shares his personal story from a directionless youth to enlisting in the Navy (and it's follies) and his tribulations getting into the field. He also shares some interesting Navy stories. Lookout for the bonus episode.BIO:Jon is a father, husband and a veteran. He went from aimless youth to enlisting into a career path he never liked. After 7 years as an electrical engineer, he got the chance to pursue his dream of working in information security. Now, he runs a website devoted to helping others.Notes:By almost getting crushed in a two story engine, Jon learned to be adaptable to the situation.Got exposure to computers by working with dad at his computer store.Was an engineer at heart who fell in love with the inner workings of things and how they work.Became the go to person for technology in his department.Always had a knack for helping others, even before the military.Quotes:"Biggest skill I got was to be able to figure things out quickly and troubleshooting.""You can't troubleshoot something until you know how it works.""I just wanted to learn as much as I could.""I want to work with technology, I want to help people.""Going to a traditional school, being more mature, was a negative.""Everybody doesn't know everything. That's why most security teams are... teams!""I want to help people, I want to protect people.""The networking knowledge, the sysad knowledge, and then the drive to learn new stuff... is what they were attracted to.""Nobody wanted to do it. I volunteered and stepped up.""One thing that attracted me to the school 100% was they advertised hands-on labs.":Links:InfosecJon (Twitter): https://twitter.com/infosecjonInfosecJon (Website): https://infosecjon.com/Navy C-School: https://www.quora.com/Whats-a-Navy-C-schoolJon on the different types of hackers: https://infosecjon.com/types-of-hackers/Intro: Cascadia by Trash80: https://trash80.com/#/content/133/weeklybeats-2012-week5Outro: White Smoke by Endless - http://www.endlessslove.com/Resources:SEED Labs by Syracuse University : http://www.cis.syr.edu/~wedu/seed/index.htmlDavid's CTF Post: https://bsidessf.org/news/2019/03/running-the-bsides-sf-2019-ctfGetting Into Infosec:Twitter: https://twitter.com/coffeewithaymanYouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4ABook: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    InfosecSherpa - From Travel Agent to Law Librarian to Security Analyst!

    Play Episode Listen Later Mar 1, 2019 47:02


    Tracy Maleeff (@InfosecSherpa) was a professional law Librarian and at the top of her game. Looking for change and meaning, she searched until she found the field of Information Security. This is her journey. BIO: Tracy Z. Maleeff (/may-leaf/), @InfoSecSherpa, is an independent information professional providing research and social media consulting, with a focus on information security. She is a frequent presenter about best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC – your guide up a mountain of information. Notes: There is a condition called "Librarian Face" Librarians, who Master's Degree in Library Science, are taught to be approachable Was never a public librarian, worked in "special" libraries. This made her really good at finding and accessing data. Tracy shares some social engineering tricks she did earlier in her life. Didn't grow up with computers around her. Advice: "Know yourself" Quotes: "If you are out in public… people are likely to come ask you questions because you look like you know things." "I did fail, but I did not fail as badly as I thought I would!" "I don't regret the path that I took." "For someone like me who does come from a technical background... having the certifications is what people want to see." "They need to see some receipt!" "Even if it turned out to be nothing, don't be afraid to speak up." "I don't think I realized it was social engineering, I just knew it was something that I wanted." "Managed to talk my way not only on the plane, but also into business first." "They had me at port scanning." Links: Infosecsherpa: https://twitter.com/infosecsherpa Women’s Society of Cyberjutsu (WSC): https://womenscyberjutsu.org/ Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music: JR Tundra - Natty Roadster Resources: Art of Improvement: https://www.youtube.com/channel/UCtYzVCmNxrshH4_bPO_-Y-A Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Adrian Kaylor - From Network Admin to Trainer to Sales Engineer for Life

    Play Episode Listen Later Feb 21, 2019 38:26


    Adrian is a Sr Sales Engineer with Splunk who focuses on security. He has worked for various security startups in the bay area for the past 15 years from vulnerability management, to endpoint investigation, to ML based threat hunting. Notes: Had an interest in security early on, starting with opening binaries on Sierra's King's Quest games and looking for hints. Took any opportunity he got to get exposed to security His job as an instructor was very useful during support and later as a sales engineer Keeps a Trello board for his lab!! Adrian expenses (deducts) what he spends on his lab from his taxes. (Consult a tax attorney) He mentions an awesome hack for installing Kali on a chromebook (~22 mins) Quotes: "I remember the first time I found Phrack, my mind exploded a little bit." "Experience is experience, everything that you use [skills] will get used later on." "...figure out what pieces their missing, so you can fill them in." "Go through the CIS top 20 critical controls" "Be less focused on the whizbang fun stuff, and more focused to get you the most return." Links: Please thank my guests for sharing their time with us and let them know if this episode helped you. Adrian Kaylor on Twitter: https://twitter.com/AdrianKaylor Adrian Kaylor on LinkedIN: https://www.linkedin.com/in/adriankaylor/ Phrack Magazine: http://www.phrack.org/ Lack Rack: https://www.google.com/search?q=ikea+lack+rack&source=lnms ISS: https://www-03.ibm.com/press/us/en/pressrelease/20468.wss Splunk Dev License: http://dev.splunk.com/ CIS 20 Controls: https://en.wikipedia.org/wiki/The_CIS_Critical_Security_Controls_for_Effective_Cyber_Defense JA3: https://github.com/salesforce/ja3 Irongeek: http://www.irongeek.com/ Netsec Reddit: https://reddit.com/r/netsec SANS Holiday Hack Challenge: https://www.holidayhackchallenge.com/2018/ Garage Door Hack by Samy Kamkar: http://samy.pl/opensesame/ Sam Bowne's Class: https://samsclass.info Adrian's Presentation on YouTube: https://www.youtube.com/watch?v=8LF96Oq_pgo (Picture of lab at 24:05) Intro Music by Trash80: Outro Music (Liberation Theology - Exploitation is Sin): https://open.spotify.com/album/0oc93ZsbMluxL8H994U9MW Learning Resource Mentioned: https://www.youtube.com/watch?v=6MYF6Zo6i6A based on: https://www.coursera.org/learn/it-security Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Nipun Gupta - From Security Consultant to Security Innovator

    Play Episode Listen Later Feb 9, 2019 25:23


    Nipun graduated during the recession, but found a job as a consultant which helped him gain experience quickly. He was in fact discouraged to pursue a career in information security due to his immigrant status. Nipun is now a Cyber Security Executive focused on innovation. BIO: Nipun Gupta is a Cyber Security Executive at a large global financial institution focusing on innovation. Armed with many years of experience helping Fortune 500 companies solve cyber risk challenges, Nipun is tasked to help his employer discover, asses & adopt new cybersecurity solutions protecting against emerging threats. In the past two years, Nipun co-founded and ran the global Cyber Innovation Ecosystem strategy at global consulting company, with a specific focus on US and Israeli startups. He offers a strong network of security executives, startup founders, and the Venture Capital community in the West Coast and abroad. Technically proficient in network and application security, Nipun is a trusted advisor for many financial service institutions, technology, and telecom companies contributing, to solutions worth tens of millions of dollars. Nipun completed his Masters of Information Technology and Information Security from Carnegie Mellon University, and has been collecting industry certifications like CISSP and SABSA ever since. Notes: Was discouraged to go into cyber security due to his immigrant status Graduated in a tough time during the 2008 recession Discusses burnout and having to work odd hours for 6 months of the year The show "24" was an influence in sparking the interest in information security Shares an interesting war story where he accessed tons of files Discusses the personality traits needed to be a consultant Quotes: "The biggest problem security professionals will continue to face is how to bridge that gap between technical conversation and business conversation." "You have to be technical to understand the depth of the issue, but at the same time you need to be able to express it in business language so non-technical people can make those decisions." "I think you have to talk in terms of risk. Every business professional [in a] large or small company understands risk, because risk can put them out of business." "While I'm an introvert when it comes to working, I'm an extrovert when it comes to expressing my work related conversations or expressing my work related issues." Links: Nipun on Twitter: https://twitter.com/nipungupta Nipun on LinkedIN: https://www.linkedin.com/in/guptanipun/ SecurityTube: https://www.youtube.com/channel/UCBRNlyf9lURksAEnM-pyQdA Hak5: https://hak5.org Nullcon: https://nullcon.net BayThreat: http://baythreat.org/ Intro Music - "Cascadia" by Trash80: https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music - "Put This Rap Together " by Bobby Cole: https://www.audioblocks.com/stock-audio/put-this-rap-together%C2%A0-98857.html

    BONUS - My Book is OUT: Breaking IN: A Step-by-Step Guide to Starting a Career in Information Security

    Play Episode Listen Later Jan 25, 2019 0:25


    My book is out! Breaking IN: A Step-by-Step Guide to Starting a Career in Information Security https://www.amazon.com/gp/product/B07N15GTPC http://book.gettingintoinfosec.com

    Marcus Carey - Childhood Builder/Breaker to Navy Cryptologist to Founder and Mentor

    Play Episode Listen Later Jan 11, 2019 45:59


    Marcus Carey has been hacking since we was five. A true MacGuyver he had to make due with little resources available to him. He later enrolled for the Navy, worked for 3 letter agencies including the NSA, and now has his own security startup. Marcus shares a TON with us in this episode. BIO: Marcus is renowned in the cybersecurity industry and has spent his more than 20-year career working in penetration testing, incident response, and digital forensics with federal agencies such as NSA, DC3, DIA, and DARPA. He started his career in cryptography in the U.S. Navy and holds a Master’s degree in Network Security from Capitol College. Marcus regularly speaks at security conferences across the country. He is passionate about giving back to the community through things like mentorship, hackathons, and speaking engagements, and is a voracious reader in his spare time. Notes: Marcus had an opportunity to play college basketball, but couldn't since it was only a partial scholarship After taking the ASVAB test had the choice of nuclear engineering or cryptography. He chose cryptography. Marcus made a olympic sized track pit, up to spec as a child. Marcus like many other security professionals, had a strong artistic side. Achieved first chair in just a few weeks in Jr. High. Marcus teaches us "How to Learn". Marcus achieved over 115 college credits, on his own, without attending college! Open source tools Marcus created ended up being used be used to save people's lives in other parts of the world. Quotes: "[I] Told them all I wanted to do was work with computers." "I've always been a tinkerer. I built stuff, I was a science fair geek... the whole nine." "I was the poorest person growing up... so anything I did was a hack. I made my own hackey sack. I used to make my own toys." "You can't learn how Marcus learns, because everyone is different.... Nobody can tell you how to learn as good as yourself." "So now, I'm like a finely tuned weapon when it comes to learning... cause I know exactly how to learn." "Never be surprised how your work turns out to be used for good... it actually blew my mind that my stuff was being used to do that [saving people's lives]. " "Show externally that you've mastered those concepts in some way." "Sometimes your employees are going to go rouge, and hopefully you can detect when they do." "If you're focusing on a specific set of skills that are evergreen, and if you work that long enough, it doesn't matter your aptitude, you can become an expert at that." "There's people out here that are celebrities and they act like they know everything. Don't be one of those people." "Aptitude allows people to learn stuff faster. I think the military requires you to learn stuff fast." Links: Marcus Carey Twitter (@marcusjcarey) Marcus's Company: Threatcare ASVAB Test MacGuyver Python The Hard Way Sub-Vocalization Book: "How to Measure Anything in Cybersecurity Risk" Clep Test DSST Excelsior College Examinations Book: "Never split the difference on negotiating" Threat Agent and Honeydocs Intro Music: Cascadia by @Trash80 Outro Music: Coupe by @yungkartz Resources Mentioned: The Paradox of Choice by Azeria Labs Cyberseek Pathways

    Jack Rhysider - From Odd-jobs to Network Analyst to SOC Architect to... Darknet Diaries!

    Play Episode Listen Later Jan 1, 2019 50:36


    Jack Rhysider's origin story. With an engineering background Jack found himself doing odd jobs at first. Looking to get back into tech he "certed" up and got a job in the NOC (Network Operation Center) and eventually became a SOC architect building a SOC from scratch. Looking to do something different, he started Dark Net Diaries and it's been an adventure since! BIO: Jack Rhysider started his professional career in a NOC and then became a network security engineer. Doing a lot of work around hardening the network and detecting threats in the network. He became a security architect and successful built a SOC for an MSSP. Currently he's the host of the podcast Darknet Diaries where he interviews hackers or those who've suffered a major attack. The podcast has experienced phenomenal growth so Jack now works on it full time. Notes: A glimpse into the life of a security analyst and a Managed SOC Takes about 3-6 months for an analyst to baseline and come up to speed First hack was hacking the Sim City savegame file. Dad was thrilled! Several years of blogging his journey in Infosec helped Jack with his communication skills and explaining difficult concepts to people. Quotes: "As a Security Engineer, I need to know a little bit about everything." "I would do things like remove (rm -f /) the whole root directory, just to see how many files I could delete before the whole operating system would crash!" "Be fearless grandma!" "I think there is a lot of shaming that goes on of people that do security wrong... that kind of makes things stressful." "I think what us as security people lack sometimes is good communication." "Taking on tasks when nobody asked them to take it on... in the eyes of ... wherever you work... this is amazing!" "...I would keep corrupting files over and over but eventually I figured out which byte in the file was for the amount of money and I was able to give myself a Billion Dollars!" Links: Darknet Diaries Podcast @JackRhysider CFP Time Intro Music by Trash80 Outro Music by Mid-Air Machine

    Yaron Levi - Entrepreneur to Security Architect to CISO and Security Champion

    Play Episode Listen Later Dec 25, 2018 37:15


    Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City. We talk about what he looks for in people when hiring in Infosec and a time when he took a chance on someone (against the opinion of his peers) and his chance was a big success. We also discuss a breach he had to deal with only 3 months into his job! BIO Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City (Blue KC). In this role he manages a team responsible for information risk management, cyber defense, regulatory and compliance, architecture and engineering, and identity and access management for an organization that provides health insurance for about 1 million members and over $2B in annual revenue. Prior to joining Blue KC, Yaron was a Director of Information Security for Cerner Corporation; an Information Security Business Partner for Intuit; an Information Security Architect and Product Manager for eBay; and a Director of Cloud Security for ANX. Yaron is a Research Fellow for the Cloud Security Alliance (CSA). The Research Fellow designation is the highest honor and distinction that can be given to a CSA research volunteer who has demonstrated significant contributions to CSA research. Yaron is a co-chair and lead architect of the Cloud Enterprise Architecture. Contributor to the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix and Promoted the CSA as best practice in various cloud projects with various Fortune 500 companies. Yaron is the co-founder of the Kansas City CISO forum, B-Sides Kansas City, and is a frequent speaker on Cyber Security Architecture, DevSecOps and Cyber Defense. Yaron holds a B.A in Social Sciences and Management and is a graduate from the FBI CISO Academy. Notes: Created his own IT company to pay his way through college A SOX Compliance project was his first exp First computer was a Sinclair ZX81 Had to save up to by his own Commodore 64! Yaron's discussion with youth whether a laptop is more dangerous than a gun? What about 2nd Amendment? 3 Months into his job, he experienced a breach! Quotes: "Security is one of those areas that you can be part of something that is bigger than yourself." "Having a real calling for something ... that can make a difference." "It's one of those communities that people really want to help each other." "I think for many people, there isn't a prescription, if you will, of how and where to start." "Are you the type of person who likes to crack codes and puzzles and bang your head against the wall for 16 hours...that may lead you to a dead end or nothing? Oh no, I like to talk to people." "...First and foremost, we are educators." "Sometimes when we look for people, we tend to look for people based on a very specific mold or template [unfortunately]" "Usually I hire for character first, then skill." "At the end of that record is a person... a human being." "I think people need to realize that it can be a very thankless job, not just hoodies and hackers all day long. If you google a "Hacker" today... it's kind of depressing to everyone with hoodies like that... that's not the reality." "It's all about defense... protection... enablement of the business securely. When everything goes well, nobody really think of you, nobody thank you for that. But when something bad happens, everybody looks for a head to chop." "It's in my opinion one of the more rewarding careers one could have and being part of something bigger than just themselves." Links: Yaron Levi on Linked IN Yaron on Twitter Women in Security KC BSides KC Sec KC Intro Music: Cascadia by Trash80 Outro: A Rising Wave - Jeremy Blake

    InfoSteph - From Journalism to IT Support to Security Analyst

    Play Episode Listen Later Dec 18, 2018 57:54


    Steph is brand new to the infosec field! We go over her interesting and eventful path into Information Security, reflections on her role today, and some really interesting war stories! BIO: Steph is a Security Analyst for a retail company as a team of one. She has a background in journalism and web hosting. She is the creator and editor of StephAndSec.com, a blog focused on technology, inclusion and lifetime learning. It is Stephanie's life work to encourage and fight for more diversity and inclusion in tech spaces for more innovative and original collaboration. She spends her time mentoring high school students, hosting virtual labs via Women In Tech-a-thons, and learning as much as she can about any and everything. Stephanie believes that giving back to the community at every stage is very important. In addition to technology, Stephanie has a secondary passion in Psychology, so don't be frightened if you hear her discuss cognitive distortions or attachment styles. Her hope is to develop research that explores the dichotomy between human beings and technology. She is currently on a mission to speak at three events in 2019 and has already been booked for one event. Notes: Dreams of Creative Writing, but chose Journalism for practicality Encouraged to Computer Science by mom Had her eye on Security, through IT or Web Hosting... eventually. A story of being so close, yet so far Was very close to giving up on the whole industry due to the difficulty and lack of encouragement... but was NOT comfortable with quitting. Quotes: "You have to talk to strangers about their story... you want me to walk up to a complete stranger as an introvert? Uh.. what?" "The type of person I am I can't fully commit to something without getting my hands dirty." 12:57 "The way that I learn is situational." "We had a vulnerability scan tool and so I just tried to work with that." 17:45 "It's kind of like what doctor's have to do before they have to become a doctor." 18:24 "So many people are trying to get into the industry and facing the same issue. I've done all these things people have told me to and it hasn't gotten me anywhere." "Just do a bunch of stuff until it sticks!" "Twitter was one of the best... decision I made." "Get a champion that is more senior than you." 23:30 "Don't count yourself out, before someone else has counted you out." "The lessons that are best learned are the ones that resulted in catastrophic failure." "When you want to be a lawyer, you go to law school, you sit for the bar. There ya go! There's a plan." 24:43 Links: Steph's Website: https://stephandsec.com/ Speaking engagement next year: https://2019.tabgeeks.com/speakers#steph Steph's Tech a Thon's: https://mailchi.mp/70c8010c3320/tech-a-thon-comeback WISP - Women in Security and Privacy: https://www.wisporg.com/ Intro - Cascadia by Trash 80: https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro - That Night In Your Car - Spazz Cardigan: https://www.youtube.com/watch?v=1yzuoAOd238 Resources: HackEDU: https://hackedu.io/ Open Bug Bounty.org: https://www.openbugbounty.org/ Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

    Claim Getting Into Infosec

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel