Hacking into Security - Career Talks

In this episode, we catch up with Jacqui Loustau, the Founder of the AWSN (Australian Women in Security Network) and Principal Security Consultant for Cynch Security. Jacqui gained excellent experience working overseas in security was planning to come back to Australia and had more difficulty than she expected in landing a job. We walk through Jacqui's story of getting into security, her challenges in landing a job, what got her to start what would become such an influential security community, the future for AWSN and how organisations can do more to attract a more diverse culture. Knowing Jacqui over the years has given me some insight into the incredible demand in starting a security community. Impressively, Jacqui decided "to take 6 months and get it (AWSN) up and running properly!" and is now getting paid for her AWSN work.

In this episode, we catch up with John Jackson (@johnjhacking) an Application Security Engineer at Shutterstock. John never thought he would have a career sitting at a computer, let alone in cybersecurity. We walk through John's journey from being a Petroleum Engineer in the United States Marine Corps to eventually working in application security, penetration testing, security research and bug bounties. We also discuss the reality of applying for hundreds of jobs to land something, taking different roles to help him progress and a story that highlights some of the dangers that can happen to curious security researchers.

In this episode, we catch up with Charl van der Walt (@charlvdwalt), Head Of Security Research at Orange Cyberdefense and one of the original founders of SensePost. We talk through the origins of how SensePost got started, what it was like to build a business over 20 plus years and eventually sell and become part of a much larger company. Charl also spoke about a personal topic he is driving around gettings organisations to think differently in their approach to gender diversity.

In this episode, we catch up with Keith Hoodlet (@securingdev) Senior Manager, Application Experience at Thermo Fisher Scientific. Keith has a strong background in application security and is the former host for 55 episodes on the Application Security Weekly podcast. I saw a tweet by Keith and wanted to dig deeper in that. The tweet was responding to Dino Dai Zovi who said "Security" as a single dimension of expertise increasingly makes no sense. Saying that you are a "security expert" is like saying you are a "computer expert." Computing is a part of everything we do and we don't isolate expertise on all of it within the "computers team.", Keith said "Agreed; in the same way that Ops became part of the Software Engineering team, we need Security to become part of the Software Engineering team. This is why I say that Security is a Feature, because features are: - Funded - Have time allocated to them - Are tested and maintained" We also walk through Keith's journey into the industry and also share advice to companies looking to mature their Application Security and DevSecOps. You can watch Keith's keynote talk at OWASP AppSec Day Melbourne 2018 https://www.youtube.com/watch?v=QT_omddhJzo&list=PLPvxR0i93gjQjrIJK0PdMdFkUbnHhRBRN&index=2&t=0s

In this episode, we catch up with Toni James (@_tonijames), Security Advisor and CHCon co-organiser. Toni was a snowboarder, managing a large team but wanted more. She decided to go back to university as a mature student and mum. Not easy to juggle! She went on to finish her Computer Science degree, an Google Anita Borg Scholar, then Software Engineer and started getting into the security community. Toni talks very openly about her journey, the challenges she faced and shared excellent advice to others out there.

In this episode, we catch up with @mubix (Rob Fuller), a is red teamer turned purple teamer. He started his career in the United States Marine Corps working with explosives and has gone on to have a highly successful career in the security industry working at companies like Rapid7, GE, Uber, Cruise Automation and now Balck Hills Information Security, as well as contributing back in many ways to the security community and speaking at many conferences around the world.Mubix shares his journey, stories along the way, as well as going deeper into both red and purple teaming.

In this episode, we catch up with Michael Skelton (@Codingo) Global Head of Security Operations and Researcher Enablement at Bugcrowd.Codingo has a non-traditional career path and he shares his journey on how he got to where he is, including the challenges of breaking into the infosec industry. As someone who got to be a Top 20 bug hunter on Bugcrowd and now the Global Head of Security Operations and Researcher Enablement at Bugcrowd, Codingo shares not only career advice but also tips on bug bounties.

In this episode, we catch up with Chloé Messdaghi, VP of Strategy at Point3 Security. Chloé is a humanitarian Advocate in the Cybersecurity space. She started her career in marketing but got the opportunity to move into infosec in 2017. Chloé shares some of the experiences that led her to nearly quit the industry but instead has gone on to become a voice in the community. As well as speaking many conferences, Chloé is the founder of WeAreHackerz (formerly known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.

In this episode, we catch up with Baptiste Robert, who goes by the handle @fs0c131y.Baptiste is a Security Researcher based in France with a big focus on android. We walk through his journey from graduating with a network and telecommunication to finding vulnerabilities and creating a large following. We also cover how has a security researcher, Baptise finds his projects and his plans for the future around battling disinformation.

In this episode, we catch up with Shubs (Shubham Shah, @infosec_au, @notnaffy), CTO of Assetnote.A passion for hacking grew early in Shubs' life. He was demonstrating good skills in hacking but faced with a tough decision at an early age. Follow his parents wishes and attend university or his own path and get a job. We talk through Shubs's incredible journey which saw him land his first job in the industry at 17 years old, his success in bug bounties and going on to co-found the company Assetnote. Shubs also shares some practical tips for aspiring hackers and bug bounty hunters. Recommended blog by Shubs on bug bounties - High frequency security bug hunting: 120 days, 120 bugshttps://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/

In this episode, we catch up with Brendan Seerup, or sometimes better known as SparkleOps.Brendan is currently a Senior Security Advisor at REA Group, but less than 5 years ago he was working as a Quality Assurance Manager. Brendan talks about how he always saw security as part of QA, hardware hacking and how he went from not presenting to speaking at six security cons in a year.He gives practical advice for people with a similar background and talks about what the future looks like and how he can make an even bigger impact combining his skills and experience.

In this episode, we catch up with Mike Monnik, CTO of DroneSec, offensive security professional and Co-organiser of SecTalks Melbourne. Mike was advised early in his career to pick up a specialist area. That area turned out to be drones, and a passion was formed. Starting as a side hustle and whilst working as a penetration tester, Mike started building a (not-for-profit) drone security company. This eventually turned into a business and Mike walks us through this story and what the drone security industry looks like. He discusses what the future could look like for the industry and how others who share a similar passion could pivot into a full-time role in drone security.Here are some resources Mike recommends:DroneSec UAV Threat Intel Platform: https://dronesec.com/pages/notifyCREST ASSURE Program: https://www.crest-approved.org/assure/index.htmlChristchurch Mosque shooter used drones to surveil target site: https://www.stuff.co.nz/national/christchurch-shooting/122232602/christchurch-mosque-terrorist-used-drone-over-mosque-before-march-15-attackISIS fighter killed by own drone: https://www.thesun.co.uk/news/9797095/isis-fighter-killed-by-drone-bomb/Gangs using drones to infect pig pens: https://www.businessinsider.com/chinese-gangs-are-spreading-african-swine-fever-to-profit-2019-12?r=AU&IR=T (editors note: swine flu not bird flu as mentioned in the podcast)Pig pen farms disrupt aviation with drone jammers: https://www.reuters.com/article/us-china-swinefever/commercial-pig-farm-in-china-jams-drone-signal-to-combat-swine-fever-crooks-idUSKBN1YO0JECartels using drones as temporary airstrips: https://www.washingtonpost.com/world/2020/07/05/guatemala-cocaine-trafficking-laguna-del-tigre/A journalist uses a drone to exfiltrate hard drives: https://www.bbc.com/news/technology-49689833Researchers use drone projectors to disrupt smart vehicles: https://thenextweb.com/cars/2020/02/05/teslas-autopilot-dangerously-fooled-by-drone-mounted-projectors/DJI Bug Bounty Program: https://security.dji.com/policy

In this episode, we catch up with Iain Dickson, ComfyCon AU Founder, Cyber Technical Lead for Leidos Australia.Iain walks us through a presentation on the origins of Hackers and defines the different types of threat actors,

In this episode, we catch up with Claire Pales. Claire is the Director and Founder of 27 Lanterns, author of The Secure CIO book, host of The Secure CIO podcast and mum of four. We cover Claire's unique insight as she comes from a security leadership background and now advises organisations in hiring their first CISO. We also discuss the challenges of coming back to Australia with overseas experience.

In this episode, we catch up with Ofer Schreiber, Partner & Head of Israel Office at the American-Israeli venture capital firm, YL Ventures. We talk about the cybersecurity from the lens of a venture capital firm. Ofer shares his unique background and experience having come through Unit 8200 and now looks at and manages investments on the behalf of YL Ventures.Ofer talks about what his firm looks for when investing in entrepreneurs and provides advice for people who aspire to build the next cybersecurity startup.

In this episode, we catch up with Steve Katz, the World's first CISO. Steve became the CISO of Citigroup in 1995. We discuss Steve's journey leading up to the role, how it came about and with no blueprint to follow, what he did in the job. We also discuss Steve's approach to how he dealt with boards and there is plenty of advice for current and future CISOs.

In this episode, we catch up with Craig Templeton, CISO & GM Technology Platforms at REA Group.Craig is very open about the role of a CISO and what his job looks like. He shares advice to people wanting to progress in their career and the experiences that helped him get to where he is today.

In this episode, we catch up with one of the original co-founders and organisers of BSides.Jack talks about the origins and growth of BSides, what makes a BSides conference so unique and what it takes to run a conference.We also hear Jack's thoughts on the current state of conferences during a global pandemic and what the future looks like for BSides.

Wendy Zenone quit her job as an aesthetician at 38, learnt to code and has progressed to working at her dream company, Netflix.We have a fun chat discussing Wendy's journey from a very non IT role, learning to code, being a mom, landing her first job in security to where she is today.Wendy shares her experience, tips for others wanting to move into the industry as well as advice on interviewing and the value of perseverance.

In this episode, we catch up with Security Researcher, pentester, trainer and Principal Security Engineer Eldar Marcussen.Eldar built the source code auditing tool graudit (grep rough audit). We discuss what it's like to build a tool and some of the unknowing benefits it's led to in his career.Eldar also shares advice for any aspiring pentesters.

Bobby Stoskopf is a Security Manager at Mailchimp, a company where he started as a Customer Support Agent. We discuss Bobby's journey and how he became the company's first security employee and help build a security team. Bobby also shares tips from a hiring manager's perspective.

In this episode, we catch up with Zachary Mikus a Threat Detection Engineer.Zach left school at a young age, worked in his family business as a landscape gardener, become a cook and is now working hunting bots. Zach shares his personal story about how he got his break into the industry, working in a SOC for one of Australia's largest banks and what he does in his current role.We discussed the skills Zach used working in a SOC and what he uses to hunt bots. Zach is passionate about supporting others and advises on what others can do to help in their career.

We catch up with Prashant Venkatesh, a specialist in Application Security and an OWASP Bay Area Chapter Lead.With over 10 years of experience in building teams and uplifting environments in Application Security, we discuss what Application Security means to Venkatesh, how he got started in the area, how others can get started and advice for organizations that want to increase their security.

In this episode, we speak with Afterpay CISO Marc Bown.Marc's career started on the technical side as a Penetration Tester and has progressed to become CISO for one of the fastest-growing e-commerce payment companies in the market.We discuss the differences between working in the Bay Area and Australia, how he moved in his career and share advice for aspiring CISOs.

In this episode, we catch up with Maxie Reynolds, a specialist in Social Engineering. Maxie left Scotland at a relatively young age and has gone on to work around the world. She worked offshore on oil rigs, become a penetration tester at a big four consulting company, started her own business and is now working as a Social Engineering Consultant. We get to hear what about the type of engagements Maxie has worked on, the skills involved and advice for others wanting to learn about social engineering.

In this episode, we catch up with Abbas Kudrati. Abbas has an impressive career which has seen him work around the world and is now operating as a Chief Cybersecurity Officer at Microsoft. Abbas started off his career in a technical role and then progressed to working as a CISO for various organisations. He is incredibly generous with his time and gives back to the community in many ways, including as a part-time Lecturer for "Masters in Cyber Security" program at La Trobe University. In our conversation, Abbas gives practical advice for others working in technical roles that aspire to work in a CISO position.

We catch up with Casey Ellis, founder of the number one crowdsourced security platform, Bugcrowd. Through our conversation, we go through the journey of starting a business, moving countries, multimillion-dollar raises and more. Casey also shares his advice to future founders.

Ian shares the insight of someone that has transitioned from working a Recruitment Consultant to General Manager of XZ Security, one of New Zealand’s leading penetration testing companies.He talks about his journey into security, discusses the skills required for a non-technical person working in a security company and what his company look for when hiring.

This episode is with Francisco “Disco” Morales who works in Talent Acquisition at Canva. Disco has helped Canva hire over 100 people and prior to this had a background in agency recruitment. He shares the views of someone working in a team that receive over 50,000 jobs applications a year.Disco recommends some tips that can help someone standout ad improve their chances when applying for a role.

This episode is with Cairo Malet.Cairo is a Cyber Risk Advisor working in Cyber Security Risk and Advisory for a major mining company. That isn't where her career started and we get to hear Cairo's journey from barista to working in an organisation that could have her performing security assessments on mining sites and ships.

This episode is with Louis Nyffenegger, founder of PentesterLab, one the best training grounds for newbies and experienced professionals to enhance their web application security skills.Louis shares his story of how he got into security and then what it took for him to convert a passion into a business whilst working as a Security Engineer at Fitbit.

This episode is with Chris Rock.Chris has been active in the security industry for over the last 25+ years. Chris presented I will Kill you at Defcon 23 and How to Overthrow a Government at Defcon 24. Chris ran a security penetration testing company for 10 years.Chris Rock is now CISO and co-founder of SIEMonster. SIEMonster was started in 2015 by a team of hackers.After years working in penetration testing, they realized that there was a gap in the SIEM market for an affordable scalable open-source alternative to existing solutions.Chris talks about his journey from an 11-year-old hacker to working in banks, pentesting around the world and starting his own company which is now global.