Getting Into Infosec

de Ayman Elsawah (@coffeewithayman)

Interviews with people who have transitioned and got jobs in #infosec and #cybersecurity so you can learn and be inspired from their experience. There is no linear path into the field of Information Security, so the hope is that you will resonate with at least one of the guests. Some of my guests were teachers, paralegals, librarians, military vets, developers, and IT help desk techs (to name a few) before transitioning. Also featuring "spoof" ads poking fun at the industry.

Episodios

Niru Ragupathy - From Almost Biotech to QA to Google Security Lead

por Ayman Elsawah (@coffeewithayman)

Today we're joined by Niru Ragupathy. Niru is a Security Engineer at Google. She works as the Offensive Security Lead and manages part of the Offensive Security Team. She is currently the Tech Lead Manager. Niru sees managing as a challenging, interesting ride yet undervalued skill. She also considers it rewarding although it demands the investment of both time and effort.  She believes that it is important to start leading and take things slowly but not take the decision lightly. Having planned on taking Biotech in College but being persuaded by her parents, she was thrust to take on Computer Sciences since it has greater demands in society. In the face of her struggles, Niru has found her sense of belongingness in security management. This episode will surely encourage and benefit Engineers who struggle in transitioning on management.  LINKS Linkedin: linkedin.com/in/niru-ragupathy-99078233 Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Security and Privacy Framework: iapp.org   Full Show Notes: https://www.gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

John Gates - From Car Mechanic to Lead IT Security Analyst

por Ayman Elsawah (@coffeewithayman)

Today we're joined by John Gates, a Lead IT Security Operations Analyst for a global food brand. John has always liked to know how do things work - and that has proven to be a beneficial trait - from his first job as a car mechanic to IT consultancy and education to his current role. He’s also an advisor and former board member at OpsecEdu, an organization educating technologists in state, local, and education agencies on security best practices.  LINKS Linkedin: https://www.linkedin.com/in/johngates/ OpsecEdu: https://www.opsecedu.com/ Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5   Full Show Notes: https://www.gettingintoinfosec.com/john-gates-from-car-mechanic-to-lead-security-analyst/ See omnystudio.com/listener for privacy information.

Samantha Cowan - From National Parks Service To Head Of Compliance

por Ayman Elsawah (@coffeewithayman)

Today we're joined by Samantha Cowan. Sam is currently the Head of Compliance at HackerOne. She's the former Director of Compliance at OneLogin and former Security Engineer at CoverHound, Cyber Policy, and Zenefits. Sam initially perceived Infosec as an "unhappy job", but later found herself taking her MBA and paving her way into the security industry. Despite having her master's degree, she was not an exemption to facing rejections when applying for cybersecurity. Her episode is mind-blowing as she shares how you can break into boundaries by being confident in yourself and by not compromising to being seen as a token hire. LINKS Linkedin: https://www.linkedin.com/in/samanthacowan/ Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Security and Privacy Framework: iapp.org   Read More about this episode at: https://www.gettingintoinfosec.com/Samantha-Cowan-From-National-Parks-Service-To-Head-Of-Compliance/ See omnystudio.com/listener for privacy information.

Betsy Bevilacqua - From Almost Lawyer to CISO and Security Leader

por Ayman Elsawah (@coffeewithayman)

Betsy Bevilacqua is the current VP of Information Security at Chainalysis. Initially, she had her mind set on law school until she did a self-audit and realized that she enjoyed computers and tech much more. Her journey into infosec led her to move from Kenya to the US to obtain a degree in Security and explore various companies involved in academia, food and facilities, healthcare, telephone communications, and finance to more traditional tech. Her interview is full of advice for those looking to break in and those already in infosec. Links, Detailed Show Notes, and Transcript: https://gettingintoinfosec.com/betsy See omnystudio.com/listener for privacy information.

Dr. Eric Cole - Accidental CIA Hacker To Fortune 500 Security Advisory To Entrepreneur

por Ayman Elsawah (@coffeewithayman)

Dr. Eric Cole is an accomplished cybersecurity hacker and executive advisor. His career has been a mix of sixth-sense chance encounters and wisdom/foresight of the future. His uncanny ability to see the opportunity in cybersecurity combined with the wisdom to listen to those smarter than him is why he is where he is today. His interview is chock full of poignant advice and tips. Dr. Eric Cole also has a creative side to him: he's a musician. He was a French horn player before and now, he's a drummer. He's known as the Tommy Lee of Cybersecurity. Eric Cole's Quick List of Advice Always be respectful, Don't be an A**Hole to other people… but don't give a crap what other people say or think because we're unique and different. If you're an entrepreneur in cybersecurity, they're not gonna get ya. Listen to people that are smarter than you and have made the mistakes before you make them. Life will force you to repeat lessons until you learn them. The biggest gap is in the monitoring, detection, and analyst side. Quotes "It's all about looking at calculated risk, understanding [the] pros and cons, and taking chances." "You've done the same thing six times in a row, and it doesn't work. What makes you think if you do it a seventh time [that] it's actually going to work?" "Try different things." "Have advisory board members for your life." "If the best professionals in the world have coaches, why shouldn't we?" "If people are not listening to your advice, 99% of the time, it's because you didn't answer the right question." "Smart people know the right answer. Brilliant people ask the right question." "Good cybersecurity people solve problems. Great cybersecurity people solve the right problems." "Don't overlook the obvious." "It's never a lack of resources, but a lack of resourcefulness." Getting Into Infosec Other episodes, transcripts, a career guide to Getting Into Infosec: https://gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!

por Ayman Elsawah (@coffeewithayman)

Lisa Jiggetts knew from an early age that she was going to be in tech and cyber. A navy veteran who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of the Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Check out her journey into the cybersecurity field. Notes Originally a cook in the military, then migrated to information security. Looked for opportunities to transition into information security by talking to people in and outside her social network. Networking can be hard, but it will turn in your favor. Lisa is an introvert, but knows how to become an extrovert when needed. Quotes "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up." “That's the biggest thing you can do. I think is networking because somebody knows somebody." "So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door." "[Networking is] hard, but just do it because, in the end, it's gonna turn out in your favor." Links Lisa on Twitter: https://twitter.com/lisajiggetts Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Women’s Society of Cyberjutsu: https://womenscyberjutsu.org/ Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/  Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribe Ayman on Twitter: https://twitter.com/coffeewithayman Follow Us on Twitter:  https://twitter.com/getintoinfosec Follow Us on Instagram: https://www.instagram.com/coffeewithayman/ Join our community: https://community.gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.

Eric Strom - From Lawyer to FBI Cyber Division Unit Chief

por Ayman Elsawah (@coffeewithayman)

Eric Strom is the Unit Chief of the Mission Critical Engagement Unit, Cyber Division. In this role, Mr. Strom oversees the FBI Cyber Division’s private sector outreach efforts to the 16 critical infrastructure sectors, forging partnerships with companies in those sectors to develop and share threat intelligence related to activities by sophisticated criminal organizations as well as nation-state actors. Notes Eric has been with the FBI for 21 years, since June 1999 Originally a lawyer practicing criminal defense and civil defense, then went to non-profit Early on in the FBI, they had to do a lot of workarounds. Cyber wasn't so straightforward 56 Field offices were all doing something different, then became consolidated centrally as a service organization Quotes "Now, it's funny. None of us really had a traditional cyber background. Tom started out his career as a geologist, and Keith actually started out selling, like, furniture. He was a salesman." "But, I mean, from the legal standpoint, you've got third-party liability and other things. So we really had to walk a kind of a tight rope when it came to what types of malware we were infecting ourselves with. And then how far we'd let it go." "And so as we're taking it over, it was really interesting to sit behind one of the malware analysts and watch a Wireshark and watch the instructions coming out. I crossed the wire. It was really cool. And when it really kind of sunk in, because to me, it was like a tangible thing. I can actually see it happening as it was going on." "It's (cybersecurity) probably the most rewarding thing you'll ever do in your life." Links FBI: https://www.fbi.gov/ Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music: https://freemusicarchive.org/music/KieLoKaz/Free_Ganymed/Alte_Herren_Kielokaz_ID_364 Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribe Ayman on Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.

ICS Gabe - Electrical Engineer to Accidental Cybersecurity ICS Expert

por Ayman Elsawah (@coffeewithayman)

Gabriel Agboruche (@ICS_Gabe) is a senior ICS and OT cybersecurity consultant, helping organizations solve their most challenging industrial control security problems. And that was a mouthful, but that's what he does. His journey's unique one, and almost didn't happen. Notes Gabe was a math whiz in the Detroit Public school system During college, he had some unique experiences as an African American, one of which was due to him being the top of his class Gabe was an electrical engineer working at a nuclear facility, then #Stuxnet happened The demand for cybersecurity skills combined with his experience and love for growth paved the way for where he is today. Quotes "All these systems are air-gapped by regulatory guidance." "I'm here for my education. I'm going to get this education. And not even necessarily prove this person wrong, but I'm going to be here and do what I have to do in order to get where I desire to be." "He's like, wow, you're the first black guy that I have ever seen in person." "I almost rushed with him for one (a fra)." " I saw that I would gain a greater exposure to a lot more technologies within my field. I get to see different plants. I get to touch different areas." Links Twitter: @ICS_Gabe ICS with Gabe Podcast Darknet Diaries Triton Episode An Episode with Jack Rhysider Getting Into Infosec Info Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribe Ayman on Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.

BONUS - Lisa Jiggetts - Salary Negotiations

por Ayman Elsawah (@coffeewithayman)

Lisa Jiggetts is the founder of the Women's Society Of Cyberjutsu. After recording, we continued talking and the topic of salary negotiations came up. It was so good I started recording again. This topic is super important. I have seen both experienced and inexperienced people make these mistakes.Links Salary Negotiation Tips: https://www.thebalancecareers.com/what-can-employers-say-about-former-employees-2059608 (see the video too) Lisa on Twitter: https://twitter.com/lisajiggetts A recruiter's comment on the topic: https://twitter.com/Zavala_CyberSN/status/1294398519994773505Getting Into Infosec Ask A Question: https://gettingintoinfosec.com/ask Website: https://gettingintoinfosec.com Ayman on Twitter: https://twitter.com/coffeewithayman Breaking IN Book: https://gettingintoinfosec.com/book Join My Mailing List: https://gettingintoinfosec.com/list See omnystudio.com/listener for privacy information.

Switching Into Infosec Success Story And Lessons Learned

por Ayman Elsawah (@coffeewithayman)

Today's episode features a story that was sent to me by a listener.  He reached out to me on LinkedIn, telling me of his success story posted on Reddit. This is the audio version.  I think you're going to be really interested in what he had to say.  He talks about his struggles and what he went through in his journey to Information Security. Original Reddit post:   https://www.reddit.com/r/ITCareerQuestions/comments/fw44sg/career_change_success_story_starting_my_first/ Getting Into Infosec Links: Site: https://gettingintoinfosec.com/ Book: https://breakingintoinfosec.com/ Follow Me Twitter For More Resources To Help You On Your Journey: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.

Black Lives Matter

por Ayman Elsawah (@coffeewithayman)

Transcript Hey everyone…  So, as if this time was not hard enough as it was with Covid, the American Black community has been affected yet again. It's difficult to post motivating content while so many are feeling a sense of outrage and so much going on. So I'm going to pause, slow down, or at least take into consideration the posting of new content during this period. Of course, people still need to work, so I can't stop completely, and I do have episodes coming down the pipe. There's a personal story I want to share related to this. A friend and I were driving once, but he realized he left his wallet at home, which had his driver's license. I said, "Not a big deal. They can just look you up if you get pulled over." He then looked at me, and I then figured it out: he's black. It hit me then how privileged of a life I had. It then hit me how scary driving while back really is. I may not be white, Christian, and from the suburbs, but I'm not black and male. I may not have the best things to say at this moment, but I realize staying silent isn't an option. I don't have a TV, and I'm not on Twitter often, but the little I did see made me realize silence or status quo is almost as bad. Diversity and inclusion are an integral part of this podcast. I've never called it out as I just wanted my lineup to speak for itself. Many of my guests are black. For the longest time, it was rare to see a brown or black person at a security conference. It was quite lonely. For listeners outside of the US, please try to empathize with whatever social divide you have in your country. It could be the religious minority in your country, the darker-skinned, those of a "lower" social caste, the poor, or whomever it may be. There are always those that are marginally suppressed or oppressed. So…. I stand with the Black community against racism, violence, and hate. Now, more than ever, we must support one another as allies and speak up for justice and equality. #BlackLivesMatter ****************************************** Website: https://gettingintoinfosec.com/ Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.

BONUS - Announcing Getting Into Infosec BITES

por Ayman Elsawah (@coffeewithayman)

Hello! Wanted to let you know I'm creating daily (almost) videos on YouTube called Getting Into Infosec BITES: https://www.youtube.com/c/gettingintoinfosec Please like, subscribe, and spread the word. The best thing you can do to support this media is to spread the word and let others know. Thanks! Links: Site: http://gettingintoinfosec.com/ Book: http://breakingintoinfosec.com/ Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.

Kavya Pearlman - From Hairstylist to CISO to XR Superhero

por Ayman Elsawah (@coffeewithayman)

Kavya Pearlman is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. Kavya is the founder of the non-profit XR Safety Initiative (XRSI). XRSI is the first global effort to promote privacy, security, ethics, and develop standards and guidelines for Virtual Reality, Augmented Reality, and Mixed Reality (VR/AR/MR), collectively known as XR. Kavya is constantly exploring new technologies to solve current cybersecurity challenges. Quotes: "Money, money, money. How much money [are] you going to make? I was so put off. No, it's not about money. I really just want to learn."  "What would you become when you grow up? I would be a D.I.G. (Deputy Inspector General)." "This country needs me. This world needs me." "You owe it to yourself to explore this little itch, and figure out whether this is your passion or not."  "You will inevitably make (sometimes) bad decisions." "Technical support IS security."  "I don't think anyone read that [report], but then it gave me some satisfaction that this is awesome. I can actually take what I'm learning and apply it to the job."  "Believe in yourself. Not just for information security."  Links: Kavya Pearlman - https://twitter.com/KavyaPearlman XRSI - https://www.xrsi.org/ Caroline Wong - https://twitter.com/carolinewmwong Steve Hunt [22:17] - https://twitter.com/Steve_Hunt Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Stay in touch and sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

BONUS - Pandemic and The Coming Recession / Depression

por Ayman Elsawah (@coffeewithayman)

We are in the middle of a worldwide pandemic (COVID-19), a recession is here, a depression might be coming, and everyone is remote! Everything has changed. What can you do? How can you find a job in these crazy times? What are the challenges? How can you make yourself valuable? What's going through the company or hiring manager's mind? Please share or leave an awesome review if you found this helpful. See omnystudio.com/listener for privacy information.

Syntax - Arrested Teenager to Motorcycle Racer To Pentester

por Ayman Elsawah (@coffeewithayman)

Syntax, an internal pentester for a large organization, had an interesting ride into infosec, filled with pitstops, detours, and countersteering along the way. At an early age, he was influenced by his father, got started hacking, and was wrongfully arrested for reporting a vulnerability in his High School. Hear his exciting journey into infosec, filled with life lessons. Shownotes Was arrested in High School for disclosing a vulnerability in the school IT system Went to college for computer science, but dropped out Inspired by the movie hackers His first computer had a 1MB hard drive (yes, not a typo!) Still went to Defcon even when he was not in IT or working in security Was a professional motorcycle racer Kept all his rejection letters as a way of motivation to keep going Had some business and entrepreneurial experience in the past, which helped him get back into the field Got back into security through… IT! Quotes "A lot of our time is spent arguing with the other departments and justifying our findings." [2:58] "Is this cross-site scripting really a problem?" "I get stuck a lot… it's kind of the nature of the beast." [5:17] "I'm not going to work in tech again." [12:21] "You're a motorcycle mechanic… why should we hire you?"[19:07] "It's my hacker family. These are my people. Everyone in security, they make sense to me, cause they're all kinda like me." [19:41] "I kept getting [these] projects coming my way and I constantly said, 'YES.'" [22:07] "Have you done this before? … no, but I'll learn!" [25:06]" "Because I had that mindset… I was seeing [from a] different [perspective] than other analysts." [26:00] Links Syntax on Twitter:  https://twitter.com/syntax976 DCZIA: http://dczia.net/ Queercon: https://www.queercon.org/ Outro Music: "Pure Decking" by Patient Zero from the album "Screen Saviour" her link is http://patientzero.bandcamp.com and she is @DoctorKraft on the Twitter Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Bonus - Cyber Security Job Search Frustrations (Ivan)

por Ayman Elsawah (@coffeewithayman)

These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020. Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Bonus - Cyber Security Job Search Frustrations (Zoe)

por Ayman Elsawah (@coffeewithayman)

These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020. Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Bonus - Cyber Security Job Search Frustrations (Jayesh)

por Ayman Elsawah (@coffeewithayman)

These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020. Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Bonus - David Zeichick - Cybersecurity College Professor

por Ayman Elsawah (@coffeewithayman)

So as I was at RSAC, I was trying to keep an eye out for those looking to get into the field. RSA is not usually the place for that, but I saw the NetWars tournament and figured that might be a good place to start. On my way there, I met David Zeichick, who had "College Day" on his badge. Intrigued, I asked about "College Day," and he told me all about it. I sat down with him for an impromptu interview on the topic. Links David on Twitter: https://twitter.com/dzeichick Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Tanya Janca - From Insecure Developer to Appsec, Diversity/Inclusion Advocate, and Mentor

por Ayman Elsawah (@coffeewithayman)

BIO Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security.’ She is also the founder of We Hack Purple, an online learning academy, community, and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats: startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday Notes Part of security is teaching security Started in software development, then starting meeting hackers, and decided to switch to security. Tanya is extremely scholastically inclined She comes from a family full of women computer scientists, technologists, and mathematicians! Her aunt was the FIRST to graduate in CS from Ontario. Her mother was a mathematician. She had four uncles in computer science. Tanya's Quick List For Getting Into Infosec Responsibility of a mentee: [30:29] Have energy and time Respect your mentor's time Need to have already looked for the answer online before you ever ask them for something They are not a free consultant; you shouldn't ask them to do your work You shouldn't stand them up for meetings Recognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry, and they're trying to pay it forward. You want to actually do the exercises that your mentor gives you Choose your mentor wisely Do not expect your mentor to find you a job Quotes "We're graduating people who don't know how to make secure software, but they do know how to make software!  So that ends up being insecure software." [4:57] "So if I [were] going to teach a software security course at a university, they would pay me as an adjunct professor, and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35] "I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17] "A lot of penetration testers get a little depressed."[11:07] "People just don't know how many super awesome cool things there are out there!" [15:11] "The people I liked the best are the people in my computer science class." [22:24] "Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12] "You don't have to spend money at the beginning necessarily." [31:58] "Which certification should I get so that I can be a good pentester?" [31:34] "I don't know enough to be a mentor." [31:50] Links Tanya Online Personal Site: https://dev.to/shehackspurple Twitter: https://twitter.com/shehackspurple Pushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95 NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center OWASP: https://owasp.org/ WoSec: https://wearetechwomen.com/wosec-women-of-security/ Franziska Bühler https://twitter.com/bufrasch Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Nick Vissari - Engineering Dropout to Math Tutor to Security Architect/Engineer

por Ayman Elsawah (@coffeewithayman)

Nick Vissari went from being an engineering dropout (he didn't like creative writing) to a tech consultant to a math tutor. His penchant for fixing things homed him back into tech, where he is now responsible for security in a large school district. He recently went back to school and received his cybersecurity degree as well. Notes At 10-years-old, his Dad had problems putting the computer together, so he helped his dad Family never stifled any inquisitiveness he had Started as a math tutor at the school system How he initially had the wrong attitude in security Quotes: "Once you get into a position somewhere, do whatever you can to make yourself invaluable. Find the things people don't want to do and do them. The hard problems are the ones most rewarding."  "If you're not automating right now, it's probably because you have more resources than you know what to do with."  "There are a lot of people that are security professionals, but they really don’t know about how a system works." "Just got to have that passion for wanting to learn and you can definitely jump into security." "My grandmother always said: 'Those who don't make mistakes, don't do much.' So get out there a make a bunch of mistakes." "Don't be that guy that says 'No' to everything." Links Nick on Twitter: https://twitter.com/nickadam sslstrip by Moxie: https://github.com/moxie0/sslstrip Firesheep plugin: https://en.wikipedia.org/wiki/Firesheep Getting Into Infosec Checkout My Book: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.

Page Glave - Professor of Kinesiology to Cybersecurity Analyst!

por Ayman Elsawah (@coffeewithayman)

Page Glave was a tenured Associate Professor of Kinesiology with a focus in exercise science and was successful in her field. However, she came to the realization that she can't see herself doing this for the rest of her life. She offers lots of great advice on resume tips when switching, homelabs, certifications, and how she was able to break into the field. This is her story.  BIO I am an analyst, project manager, ethical hacker, and tech consultant with more than 10 years’ experience with research and project management. I spent a while in higher education – long enough to get tenure and decide it was time to do something else. I have eJPT (eLearnSecurity Junior Penetration Tester), Security+ and Splunk User certifications. I love learning and tech, so digging into all of this stuff just makes me happy. Notes: 5-months into her first security job! Being in a small environment, she gets to do everything from governance to pentesting Previous to this, she was a tenured associate professor in kinesiology, focusing on biomechanics and obesity. Quotes: "Pretty big adventure on a daily basis because no day is the same." "Really is an environment where security is everyone's job." "I think I'll always be in-house tech support for as long as I live." [7:08] "I kinda got bored… I didn't want to keep doing something that wasn't challenging." [7:28] "Do I really want to do this for the next 30 years?" [7:58] "…going through the headers, that should have been a clue that maybe tech would have been a good fit for me." "You'd be hard-pressed to find anyone in Information Security who was just thrilled with their budgets." "Being able to translate that self-directed learning to something on my resume." Links: Page's Twitter: https://twitter.com/pageinsec (Thank her via Twitter) Breaking Down Security Podcast: https://www.brakeingsecurity.com/ Pacific Hacker's Conference: https://phack.org/ Sam Bowne's Class: https://samsclass.info/ Skadi VM: https://www.skadivm.com/ (by Alan Orlikoski https://twitter.com/AlanOrlikoski) Marco Palacios: https://twitter.com/MPalacios_Cyber Keirsten Brager: https://twitter.com/KeirstenBrager Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music: https://www.youtube.com/channel/UCNXDIltPLbdcAavUtL00i7g Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: Breaking IN: A Practical Guide to Starting a Career in Information Security Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 2)

por Ayman Elsawah (@coffeewithayman)

Part 2 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years. Show Notes SEE PREVIOUS EPISODE FOR COMPLETE NOTES & RECRUITING TIPS FROM NICK. Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)

por Ayman Elsawah (@coffeewithayman)

Part 1 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years. BIO: I've been in infosec for 8 years, and in various IT roles since 1996 (Developer -> Sales Engineer -> BD Specialist -> Security BD -> Security Recruiting -> Dir. Corp Dev). However, I've also been one of the top recruiters for each company I worked at whatever role I've had. Show Notes: Internal recruiters != external recruiters Backgrounds are different External recruiters come from varied backgrounds, virtually zero from infosec Much like BD people Internal recruiters are more likely to have a greater understanding of infosec or at least IT A recruiter that doesn't understand security is more likely to make bad placements with higher turnover Motivations are far different I want to choose people to spend a career with They want to make a commission and meet SLAs Attention to detail is very different A tiny detail that could betray a hidden skill set or flaw would likely be overlooked by a 3rd party I have an interest in understating the person, not just the resume What is their desired career/life trajectory? How will our company enrich/hinder that life? You are in competition with an army of low-skilled counterfeits You need to be able to demonstrate raw skills, not just list your certs Have a body of work available for review on GitHub, your own site, etc. Internships are a nice touch, but they cut both ways You interned with unnamed-big-4-biz-consulting firm? Don't drag that culture in here. I fear for what you learned. Can't talk about where you interned because it was a non-DOD three-letter agency? Communicate that point to me in your way. If that is the truth, I'll trace you back and verify. Always be client-facing I have seen many recruits passed over for poor hygiene, arrogant treatment of interviewers, disclosure of illegal activity, and just generally obnoxious behavior You couldn't act like this on a client site and not get sent home; don't do it on the interview Yes, you are talented...there's always someone cooler than you Interview your interviewers You should have a standing list of questions for interviewers Why do you stay with them? What is the intended growth path? Organic? IPO? Channel? Is there any merger/acquisition activity going on? Planned? Intended impact? Is there any rebranding activity going on? Planned? Intended impact? What conditions are driving this open role? Turnover? Internal restructuring? Organizational growth? Will I be supported in my security research? How? Does your company have a defined mentoring path? Why not? How does the company support continuing infosec education? Meet your team Watch the team interaction closely Can you see cohesion? Are they supportive or adversarial? Are they authentically happy with their jobs? Understand the org chart you are stepping into To whom does security answer? CXX? IT Director? General Counsel? Understanding this will help mitigate surprises later Understand the company culture Big corp? Big corp problems. Boutique? Founder problems. Is there a "treehouse" mentality among the senior employees? Never forget who you are I know you want a job, but don't take a job that is sure to kill you slowly from the inside Like doing offensive security? Don't start in the SOC. Did you walk away from the interview(s) thinking that this company understands the care & feeding of hackers? If you can already see the point at which you will outgrow the company, is it the right place to start? Maybe! If you have a goal of entrepreneurship, or of working for a specific team, this first step just needs to support that eventual goal. This may be detected by an astute interviewer, though. Resume tips One page. My dad started at the bottom, and worked up to EVP of a Fortune 50 corp. One page. Focus on your work experiences and extracurricular infosec workrelevant I'd rather read about 0days and CVEs than certs I want to know about your community involvement 2600, local DCs, TOOOL, OWASP, etc. Presentations at cons matter to me, especially if I can watch you deliver information to an audience Like a free audition, and believe me I watch every one people link in resumes I don't care about your GPA, fraternity/sorority, who we know in common, what sports you enjoy, or what you look like. At all. Seriously, don't add a photo. General tips Code in several languages. Despite semantic differences, you should have a pretty good working knowledge of the most widespread VMs, coding languages, and compilers Web apps are your paycheck Knowing the OWASP Top 10 is like knowing your middle name...not impressive in and of itself, but if you don't know them, there's something wrong. Many composite "red team" projects will involve some Web app hacking, and even the most specialized consultancies will agree to a Web app assessment for an established client Think holistically, and make yourself more valuable If you can't write a report, of what value are your assessment activities? Seem always to have interpersonal conflict? Time to read up on Empathy and EQ. Be the go-to on your squad. Get comfortable with an audience. Toastmasters is there for you. Learn the value of "the Halloween Mask" as Henry Rollins called it Sure, you're a young security professional. We all expect eccentricity from you. We're all also trying to make money and be taken seriously Don't forget: in boardrooms of white-haired old men across the nation, we're still the same guys who lost them millions of dollars on ERPs and useless Y2K preparations I'm not kidding about this. Don't wield your difference like a blunt object. A little bit goes a long way when you're also scaring the hell out of everyone with pen test reports. My life is far more complex and wacky than my coworkers know, and I talk a lot. I just know how much to let through the mask Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

September 2019 Update

por Ayman Elsawah (@coffeewithayman)

Summer was crazy. My day job was keeping me super busy, and I've been really mentally occupied lately dealing with kids, family, and school. I miss producing shows and will be getting back into it. Have some really good shows queued up! I've still active on Twitter when possible, so we can stay in touch there in between shows. Oh, and by the way, it's been a year since I started podcasting! Pretty cool. So many things I want to do with the show, like animating my spoof ads and transcribing the shows. Anyway, just wanted to update you and let you know I didn't forget about you. I can't wait to release some of these amazing shows. As we depart, here is a draft of a spoof ad I put together real quick. It talks about my love of the word "cyber." See you next time. Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book - Breaking IN: A Practical Guide To Starting A Career In Infosec - https://amzn.to/2HP2i25 Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

Fareedah Shaheed - From Tech Curious to Information Security

por Ayman Elsawah (@coffeewithayman)

Fareedah, a lifelong learner, was always interested in technology and grew up reading her father's Cisco books. His influence led her to the field of information security, where she stepped up and is always tackling new challenges. BIO Fareedah Shaheed was born in Maryland, but spent most of her childhood outside of the US. She returned to the States in 2013 and attended the Community College of Baltimore County (CCBC), where she majored in cybersecurity. Her experiences with different cultures and the tech field led her to combine her interest in psychology with cybersecurity, and thus, her passion for security awareness was born. In 2018, she founded Sekuva with the mission to educate and support small business owners and families with understanding how to secure their sensitive information. She currently works as a Security Control Analyst at a financial firm in Maryland. Notes: Currently works with Security Awareness and Threat Intelligence Must break down concepts for both executives and associates Saw that there was a lack of cybersecurity awareness for "regular" people, especially with parents Got thrown into leading "lunch & learn" events and experienced imposter syndrome due to her lack of her experience Her lack of experience became a benefit to the audience as they were able to relate! Father was in tech. Changed her major in college based on his advice Wanted to teach, but didn't want to be a teacher Has read 2000 books since childhood Fareedah had really good role models growing up Quotes: "I vowed never to have anything to do with math whatsoever." "I was a broker, I did an internship, I did teaching... and through all of that, I realized I didn't really want anything but tech." "Whatever your parents' field is, that kind of is in the back of your head, whether it's a yes or no." "Let me do it. Let me try this out." "Cybersecurity is new. It's upcoming. I really believe that your skills would be good for cyber. There's not a lot of women there. Especially not a lot Muslim women there, who look like you." "I remember just lying awake at night just thinking about how does WiFi work." " Instead of guards, we have guides." [21:12] "You have to do it afraid; you can't wait for the perfect moment." [25:35] Links: Fareedah on Twitter: https://twitter.com/cyberfareedah Fareedah's Company- Sekuva: https://sekuva.mykajabi.com/ Year Up: https://www.yearup.org/ Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

BONUS - Updates, Defcon, More

por Ayman Elsawah (@coffeewithayman)

Hey, everyone! It's been a while, I know. Life has been busy. Lots of transitions, so schedule has taken time to get used to. Links Security Sandbox Podcast: https://podcasts.apple.com/us/podcast/hacker-culture-fm/id1453203447 Sean Sun: https://twitter.com/seanqsun Hacker Culture FM: https://www.hackerculture.fm/ Defcon Sticker Swap: https://twitter.com/dcstickerswap Outro Music: https://soundcloud.com/southlondonhifi Getting Into Infosec: Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 Sign up for updates and commentary: https://mailchi.mp/467573a314e5/gettingintoinfosec Website: https://gettingintoinfosec.com See omnystudio.com/listener for privacy information.

Keya Horiuchi - From Teacher, Filmmaker, and Website Design to Security Engineer!

por Ayman Elsawah (@coffeewithayman)

Keya was a public school teacher who stood out from the crowd. She loves problem-solving and challenging environments. Keya was also a filmmaker and web designer. She's currently a detection security engineer who gets knee-deep in malware on a daily basis. Notes: Knew she didn't want to be a teacher her whole life Was the only one in the rational thinking group at her school Enjoys rational thinking and the problem-solving process Prototyped a mock medical device with a Raspberry Pi and won a national competition! Quotes: "Easy to get into what you're comfortable with... and I didn't want to have a job like that." "It was something that I enjoyed, but I definitely feel more at home with the cohort that I work with currently and with what I do." "For me, it was an amazing process because I hadn't ever SSH’d into a device and I had to figure out how to get like ports scan." "I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos. I looked at a lot of GitHub accounts trying to figure out like I've got to make this move." [14:24] "It was incredibly challenging. A lot of times I was trying to figure [things] out... sometimes the information that you get from the client is essentially just a hint of what's going on in the network." [17:07] " You just have to be creative and keep going at it until you can do what needs to be done." [18:08] "Yeah, it's amazing. Especially coming from public school teaching, where I had seen almost physical fights altercations happen over, like, reams of paper because there's just not that much allocated towards schools to where snacks are brought in. Like, it's a very different environment…" [21:22] "You did great on the test, but I want to watch you take the test." [23:06] Links: Edx: https://www.edx.org/ NSF Project: https://nsf2015.fosslounge.org/ Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons) Outro: Cosmetic Cosmos by Verified Picasso https://www.youtube.com/channel/UCqDmyXPJdrZjwUdWLyhyQRA Getting Into Infosec: Website, Show Notes, Transcripts: https://gettingintoinfosec.com Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://amzn.to/2HP2i25 See omnystudio.com/listener for privacy information.

BONUS - Audiobook Sample!

por Ayman Elsawah (@coffeewithayman)

Listen to the retail audio sample of my book: Breaking IN - A Practical Guide to Starting a Career In Information Security. Kati Fredlund narrates the book. She did an amazing job! You can read a sample or purchase the whole book here: https://t.co/DDXxfVwpD7 Full Audiobook to be released soon! See omnystudio.com/listener for privacy information.

Hossam Mohamed - Young Hacker to "Not A Security Researcher"

por Ayman Elsawah (@coffeewithayman)

A 19-year-old "not a security researcher" facing limitations because of his age and not having the right "prerequisites," Hossam has had to pave his own path. He also dreams in code and is one of the youngest OSCEs in the world! BIO Hossam Mohamed is one of the youngest OSCE in the world and currently working in the cybersecurity domain for a financial company in Istanbul. His area of interest includes exploit development, offensive security, secure web development, and malware analysis. He is a big Python lover. Notes On the organizing team of BSides Istanbul His best friend is a computer Just finished high school last year! Was doing freelance web design and security projects for clients Taught himself assembly Developing offensive security labs Hacked his way to getting a job :) Quotes: "Because I love [to] code." "I wanted to understand how these games work." [5:56] "I developed a project for my school. They liked it, but no one cared actually." "No one in infosec doesn't play a little bit (hacking)." [8:04] "Technical interview was great... didn't work because of my age and my education. I was only 18." [10:22] "Do you ever dream in code?" "Actually... how did you know that?" [12:35] "People think when it's about assembly and reverse engineering, omg it's untouchable... No, I'm telling you there is [a] much more lower level than that." "I feel bad when I get sick because I don't go to work... I don't (get to) open my laptop and... code." "When I'm far from my computer for two or three days... [I get] depressed." "You can make it part of your day." [22:52] "I wanted to send them the new domain controller password with the report. " [25:23] Links Hosasm on Twitter: https://twitter.com/wazehell Hossam's Website: https://wazehell.io/ BSides Istanbul: https://bsidesistanbul.com/ Upcoming talk "Hunting For Windows Remote Zero-days": https://bsidesistanbul.com/hossam-mohamed/ Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons) Outro: Weak Knight by Devon Church - https://www.youtube.com/watch?v=LEOYtxvlnAY Getting Into Infosec: Website, Show Notes, Transcripts: https://gettingintoinfosec.com Follow Me on Twitter: https://twitter.com/coffeewithayman Subscribe To YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Checkout My Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.

BONUS - Consuming VS Producing

por Ayman Elsawah (@coffeewithayman)

My thoughts on consuming vs. production and how it relates to Getting Into Infosec. Sometimes, we get stuck learning, consuming security news, trends and etc, but we forget to produce something. Whether it be testing a new exploit we heard about, trying something new in our lab, or applying something we learned the day before, finding the right balance is important. If we're stuck, take little steps—better than no steps. Links: https://www.google.com/search?q=producing+vs+consuming https://lifehacker.com/start-every-day-as-a-producer-not-a-consumer-5887345 Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.

Izzy - Random and Unplanned: From Annuities to ISO!

por Ayman Elsawah (@coffeewithayman)

Ismaelle Vixsama (aka Izzy) has a knack for finding strategic flaws and speaking up about them. Doing so helped her get her first full-time job as well as have repercussions for defensive egos. Her whole career is a war story. BIO: Izzy is an ISMS manager with 7 years of experience. She has worked in FinTech, Government, and Security R&D. Her work has allowed her to work on several mainstream products and services with some of the most well-recognized brands. Notes: Creates a security program around a company's information systems Played the CISO role initially, very CISO like role First role in security was in Risk Izzy comes from a very traditional Haitian back Izzy came up with benefits at her job for an opportunity to learn something new and be in a non-toxic environment First heard/learned about hacking at 15 from an AOL chat with a "hacker" At 23, she decided to speak up in a meeting to provide feedback, which led to her being hired full-time Quotes: "[By] the time I was 22 years old, the pay wasn't that great but for me. It was amazing because I was doing something I hated. I had benefits at my previous job, but this company was giving me an opportunity to learn something new. To me, that was so exciting." "He looked at my resume and he said, 'I realize you have no cybersecurity experience.' By starting the conversation like that, it took some pressure off of my shoulders." [10:00] "I was so nervous that he was going to drill into me about all these topics I had no clue about." "I didn't even [know] I had sisters." "Everyone just kinda wrote me off." [16:20] "Who is the audience, what do we want to say here?" [21:13] Worst comment ever: "We have to really train you on your critical thinking skills." [22:45] "A good idea is a good idea, regardless of who it came from." "My whole career is a war story." [32:05] Links Izzy on Twitter: https://twitter.com/Is_Vix Her story is on Twitter: https://twitter.com/Is_Vix/status/1079218656138149889 Izzy's Business, VixCyber: https://vixcyber.co/ NIST Cybersecurity Framework: https://www.nist.gov/cyberframework Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons) Outro Music: "Feather Duster" by Geographer: https://www.youtube.com/channel/UCcB_tnqYHwPzADwUdeppIIQ Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://t.co/DDXxfVwpD7 See omnystudio.com/listener for privacy information.

David Scrobonia - Lifelong builder, Appsec Engineer, Creator of ZAP Heads Up Display

por Ayman Elsawah (@coffeewithayman)

From Zero to One, David is a lifelong builder. Wherever he goes, he just builds things. From an electric car to Adhoc android apps to ZAP HUD to an awesome heads up display for ZAP Proxy, he's a game-changer, IMHO. We discuss the lack of UX in the security tooling community, how contributing to Open Source got him his job, and even about imposter syndrome. BIO David Scrobonia is part of the Security Engineering team at Segment, working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and leads development for the OWASP ZAP Heads Up Display project. Notes Mostly interested in architecture and mechanical engineering when younger. Built his own electric car with his dad, out of a Porsche 914! David explains XSS and why certain languages are better than others, such as React David gets lost in El Segundo. Yes. Quotes "It's just a program that listens to these silly protocols." "I wanted to do more hands-on stuff, [and] quickly fell in love with the coding side as a lot of people do." "I was like... what's GET? What's POST? What do you mean?" "Before you know it, right? It seems so daunting." "Still plenty of opportunities out there. [It] will be a long time before the world is perfect and secure." "I've been working in the security industry, but I didn't really feel part of any security community." "I have nothing but good things to say about the open-source community." "They're (security tools) just not built with user experience first." "I think people underestimate what they are able to contribute." Links David on Twitter: https://twitter.com/david_scrobonia Rube Goldberg Machine: https://en.wikipedia.org/wiki/Rube_Goldberg_machine Dan Boneh's Cryptography Course: https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/ OWASP Appsensor Project: https://www.owasp.org/index.php/OWASP_AppSensor_Project Zap Proxy Heads Up Display (HUD): https://github.com/zaproxy/zap-hud Article by David on Zap HUD: https://segment.com/blog/hacking-with-a-heads-up-display/ Brakeman Pro: https://brakemanpro.com/ https://samsclass.info My talk at Sam's class: https://www.youtube.com/watch?v=KJvPHZGtGdM Intro: Cascadia by Trash80 (https://trash80.com) Licensed Under Creative Commons Outro: Cancun by Topher Mohr and Alex Elena Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.

BONUS - CliffsNotes To The First 20 Episodes!

por Ayman Elsawah (@coffeewithayman)

Having completed 20 episodes, I decided to take a moment to go over each episode briefly. Thanks to call my guests! Ep01 - Dan Borges: https://twitter.com/1njection Ep02 - 0daySimpson: https://twitter.com/0daySimpson Ep03 - Christina Hanson Ep04 - Matt Toth: https://twitter.com/willhackforfood Ep05 - Rob Carson: https://twitter.com/robcarson05 Ep06 - Robin Stuart: https://twitter.com/rcstuart Ep07 - Clay Wells: https://twitter.com/ttheveii0x Ep08 - Elvis Chan: https://twitter.com/FBISanFrancisco Ep09 - Virtual Kyle Kennedy: https://twitter.com/Kyle_F_Kennedy Ep10 - InfoSteph: https://twitter.com/StephandSec Ep11 - Yaron Levi: https://twitter.com/0xL3v1 Ep12 - Jack Rhysider: https://twitter.com/JackRhysider Ep13 - Marcus Carey: https://twitter.com/marcusjcarey Ep14 - Nipun Gupta: https://twitter.com/nipungupta Ep15 - Adrian Kaylor: https://twitter.com/AdrianKaylor Ep16 - InfosecSherpa: https://twitter.com/InfoSecSherpa Ep17 - InfosecJon: https://twitter.com/InfoSecJon Ep18 - Masha Sedova: https://twitter.com/modMasha Ep19 - Jared Folkins: https://twitter.com/JF0LKINS Ep20 - Leron Gray: https://twitter.com/mcohmi Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.

BONUS - MCOHMI New Song, Trap Music, and Domain Song Background

por Ayman Elsawah (@coffeewithayman)

MC OHM-I (Leron Gray) talks about his next project about tabs in the browser, trap music, and some background on his awesome song, "Domain." Getting Into Infosec Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.