Imagine journeying from the opera house to an IT profession. That's exactly what our guest, Akira, did. With an intriguing transition from a classical opera singer to a successful Security Engineer, Akira generously shares their unique story. Their tale is one of resilience, grit, and the power of embracing change, even when it comes from an unexpected stint at a literal circus. You'll be inspired by their perseverance through mental health challenges and their ultimate triumph in a field they initially averted - technology.
Prepare to delve into the complexities of the opera and cyber world, as Akira expertly navigates the challenges faced in both sectors. They give us invaluable insights into the oftentimes treacherous journey to a cybersecurity career, including the importance of soft skills like effective communication. Their advice on building solid relationships with internal stakeholders and identifying key allies at the beginning of your career is priceless. These pearls of wisdom will not only aid those in IT but can be applied to any field.
Lastly, we discuss the essential role of bridging the gap between development and security. Akira’s perspective on this will reshape your thinking on what skillsets are most critical for a successful career in application security. We tackle the reality of imposter syndrome, exploring strategies to handle this debilitating feeling that many of us confront. This episode culminates with Akira providing a deeper understanding of the problem-solving nature of cybersecurity, leaving us with an appreciation for its solution-oriented aspect. So join us for this journey of resilience and innovation, with a guest whose path from opera to IT promises an enlightening and memorable ride.
LinkedIn: https://www.linkedin.com/in/akirabrand/
Website: https://akirabrand.com/
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, akira ?
00:00:02
It's been too long since we first spoke.
00:00:05
I mean, I think I like initially reached out in like
00:00:09
January or something at this point but, I'm really excited
00:00:13
for you to be on the podcast today.
00:00:16
Speaker 2: Thank you, I am so happy that we finally linked up.
00:00:19
This has like been a long time in the making, for sure.
00:00:24
Speaker 1: Yeah, it's been a crazy like six months for me.
00:00:29
Yeah, it's like yeah, crazy for you as well, I'm sure.
00:00:32
So you know, akira, I start everyone off with giving their
00:00:37
background of how they got into IET.
00:00:39
Maybe what piqued their interests, what made them, you
00:00:43
know, potentially even think that they could go down this
00:00:45
path.
00:00:45
Right, because I have a lot of my audience that are new to IET,
00:00:50
they're new to security and maybe they're wondering you know
00:00:53
, can I make this career change?
00:00:55
Can I?
00:00:55
Will this actually work out for me?
00:00:58
So what's your story?
00:01:02
Speaker 2: That is such a good question and I love that your
00:01:04
audience is maybe on the newer side of their journey.
00:01:08
So to start out with I want to say yes, you absolutely have a
00:01:13
place in this industry.
00:01:14
Keep going, keep grinding like, do what you got to do.
00:01:18
It's not an enjoyable time trying to break into it.
00:01:22
It's really hard.
00:01:23
I know I went through lots of trials and tribulations and
00:01:27
nights of like crying and you know all that good emotional
00:01:30
stuff.
00:01:30
But I'm here now and I'm really glad I didn't give up.
00:01:33
So don't give up, keep going.
00:01:36
There is definitely a place for you.
00:01:38
So I will say this I am a career changer.
00:01:42
I did not start out in IET.
00:01:44
That was not my MO at all.
00:01:47
I was actually a Luddite.
00:01:48
I hated computers.
00:01:50
I did not believe in technology .
00:01:53
I didn't own a computer.
00:01:54
I didn't own a smartphone.
00:01:56
I owned a flip phone and was very happy about it.
00:01:59
Back when I was looking to change careers from my previous
00:02:04
career to what I am in now, my previous job which may explain a
00:02:09
lot of why I was a Luddite was working in classical music.
00:02:13
I am a trained opera singer.
00:02:16
I performed and taught opera for 10 years and in there I also
00:02:23
did a very small stint in seminary school.
00:02:26
So that is a world where technology is not necessarily
00:02:34
frowned on, but it's very not a technologically advanced field,
00:02:40
as it were.
00:02:41
A lot of it is still acoustic instruments and you know you're
00:02:45
singing with your voice without a microphone, like you really
00:02:49
don't have to think about these kinds of things at all.
00:02:50
However, about like I said, about 10 years into that career,
00:02:56
I got really bored.
00:02:57
Like I got really bored, and I was also extremely depressed,
00:03:01
like I was just really miserable .
00:03:03
I was really unhappy, I was in a really bad place mentally and
00:03:10
the career was just not cutting it for me.
00:03:12
It was not leading to any kind of fulfillment.
00:03:14
It was actually becoming a huge drag like on my psyche and I
00:03:19
knew I needed to make a change.
00:03:21
So what I'll say to that is at the time, my former partner who
00:03:26
worked in technology suggested that I look into programming and
00:03:32
I laughed at him.
00:03:33
I was like no way, like that's crazy, like I don't do computers
00:03:39
, we don't do that here.
00:03:40
And then he essentially like just said like you know, akira,
00:03:44
like it would answer a lot of questions for you, it would give
00:03:48
you financial stability, like your brain would be engaged.
00:03:51
You wouldn't be bored.
00:03:53
If you can get over that.
00:03:55
You quote unquote don't like computers.
00:03:57
You would actually probably really like it.
00:03:59
So I found you a code school that have free weekend classes.
00:04:03
You need to go check out one weekend classes.
00:04:04
You can borrow my computer, I'll drive you, let's go.
00:04:06
So I'm actually really grateful to this individual, even though
00:04:10
we're no longer together, like he was just so seminal and
00:04:14
encouraging me to take this route.
00:04:17
I did do the weekend a little like coding boot camp thing, and
00:04:22
I fell in love with it.
00:04:22
We had two days.
00:04:23
One was a front end engineering day, one was a back end
00:04:25
engineering day.
00:04:26
The front end engineering day I was like, uh, this is like
00:04:29
crazy, I don't understand.
00:04:30
There's like three things going on Like why am I coding in
00:04:32
three languages at the same time as HTML, css and JavaScript, of
00:04:36
course?
00:04:36
And then the back end day we were doing we were posting to
00:04:40
Twitter via the Twitter API and Ruby, and I thought that was the
00:04:45
coolest thing ever.
00:04:46
Like I looked at the code and it like made sense to me, kind
00:04:50
of like in a beautiful mind with John Nash, where he can kind of
00:04:53
start to see the patterns and the numbers, I could actually
00:04:56
sort of see, like what was going on here with the, with the code
00:04:59
, and how things were working together.
00:05:00
So, because of, because of that experience, I enrolled in code
00:05:04
school.
00:05:04
I went to a school called the touring school of software and
00:05:06
design.
00:05:07
Um, and, yeah, my, my coding journey started there.
00:05:12
Flash forward now to about three years later Um, I actually
00:05:19
ended up leaving touring because of, again, I was still
00:05:22
just in a really bad mental place.
00:05:24
I actually was diagnosed with a really severe mental illness
00:05:26
later on.
00:05:27
So I had to take some time off and like, get better, as it were
00:05:30
.
00:05:30
Um, just take some time, get stabilized on medication and
00:05:33
whatnot.
00:05:33
I'm so grateful for Western medicine and I think, of course,
00:05:37
it has its limits, but it has saved my life 100%, like it was
00:05:42
a life threatening mental health issue and I am alive, so I will
00:05:46
take it for what it is.
00:05:47
Um, so I left touring.
00:05:50
However, I did continue to pursue um, coding.
00:05:54
I did continue to pursue the tech industry.
00:05:57
I took some time off, like I said to, to heal up and then, um
00:06:01
, this is really funny I joined the circus.
00:06:04
So, because?
00:06:06
So I joined?
00:06:07
Speaker 1: the literal circus literal circus.
00:06:10
Speaker 2: I joined, like a traveling trade show carnival
00:06:13
troop, um, and what I did there is I essentially sold trinkets
00:06:18
at trade shows.
00:06:18
Now, what the hell does this have to do with technology?
00:06:21
Well, I'll tell you right now.
00:06:22
When the pandemic hit, all the trade shows closed down and the
00:06:28
um mom and pop uh group that I was working for, that did all
00:06:32
this, did all this work.
00:06:33
I said, well, shoot, we need to transition our business to
00:06:39
online, otherwise we're not going to sell anything.
00:06:40
And my boss said to me he said, hey, I care like you do stuff
00:06:43
with computers, right, like you went to code school.
00:06:44
I was like, yeah, I mean I didn't finish, but I really want
00:06:47
to do it.
00:06:47
And he's like, can you build all our online stores?
00:06:50
And I said, well, hell, yeah, I'll totally build all our
00:06:53
e-commerce stores.
00:06:53
So I built all of our e-commerce stores.
00:06:56
I had no idea what the HI was doing.
00:06:58
Like it was very much trial by fire.
00:07:01
Um, I look back at my work now and I'm like, oh, oh, I mean
00:07:04
that looks okay.
00:07:05
Like it looks okay, it works, it's functional.
00:07:07
It's not the most like beautiful thing I've ever done
00:07:10
in my life, but it worked Right and that's what really got me in
00:07:13
the door.
00:07:13
So from there, um, I took essentially every and any
00:07:18
technology job I could find that was interesting to me.
00:07:21
That also like played on my skillsets.
00:07:23
So I've worked in e-commerce as a web developer.
00:07:26
I've worked as a software engineer for ed tech Um, I've
00:07:31
also worked as a teacher in ed tech.
00:07:33
Like, I created a coding bootcamp for full stack
00:07:35
JavaScript.
00:07:36
So as interesting as like learning full strap JS as I was
00:07:39
teaching it to other people.
00:07:40
Um, I've worked in developer relations for cybersecurity
00:07:43
companies, because I have that heavy performing and teaching
00:07:46
background from teaching music, um, and performing in opera and,
00:07:50
of course, marrying that with technical skills has worked
00:07:52
really well.
00:07:52
But I always, always, always, always, wanted to just go on the
00:07:56
engineering side of things.
00:07:57
So my, uh, current position now we're fast forwarding all the
00:08:02
way to now is as a application security engineer.
00:08:06
So, straight engineering with a company called resilient, which
00:08:10
is a for profit company that empowers and scales nonprofits.
00:08:14
What I'll say to that is that I was able to get this position
00:08:18
because I worked really hard, like at doing extra things at
00:08:25
every single job I did, to learn the engineering side of things.
00:08:29
Um, and I found my kind of like trick is that I can teach
00:08:35
someone else something that I will learn it.
00:08:38
So my entire career until now, I've been teaching other people
00:08:41
about technology and learning the technology as I'm doing it,
00:08:45
um.
00:08:45
So I've also like mentored people through code schools.
00:08:48
I've mentored people through hackathons Like I've done a lot.
00:08:51
I've done a lot of teaching and that is kind of like my
00:08:53
personal brain hack of how to teach myself engineering skills,
00:08:57
and so I just did that every single job I was at.
00:08:59
I did a lot of volunteering as well, um, and it all sort of
00:09:04
like kind of hit this tipping point where I was finally
00:09:10
prepared to take on a full engineering role, and that's
00:09:13
where I'm at now.
00:09:14
Now, what I'll say again is to the people that are new this
00:09:17
took me since 2018 and I didn't become like a full blown like
00:09:21
quote unquote like engineer until January of this year.
00:09:26
So it took me five years, um, from the beginning of enrolling
00:09:31
in code school, to like full blown security engineer.
00:09:34
So that's why I keep saying like, don't give up because it
00:09:38
can take some time.
00:09:39
Right, I took the scenic route, for sure, absolutely took the
00:09:43
scenic route, did a lot of uh, did a lot of tech adjacent roles
00:09:49
.
00:09:49
But if you want to be an engineer, like, just do whatever
00:09:54
job you're doing as best as you possibly can do it.
00:09:56
Um, let people know that you want to ultimately be an
00:10:00
engineer.
00:10:00
Um, apply for those roles, interview for those roles, help
00:10:03
other people reach their goals in engineering and you'll learn
00:10:06
a lot and I think it will work for you.
00:10:09
I mean, maybe it won't, but I'm pretty sure it will, so don't
00:10:13
come after me if it doesn't.
00:10:14
Speaker 1: I'm sorry, but yeah you know, I, I, I think the most
00:10:21
interesting part maybe for me that I didn't expect at all when
00:10:27
I started this podcast, was the extreme variety of backgrounds
00:10:33
that I would be talking with.
00:10:35
You know, with everyone, right, that everyone has it's um.
00:10:38
I mean, you're obviously the first one that came from the
00:10:41
circus, the literal circus.
00:10:43
Um, you're obviously, you know, the first opera singer I've
00:10:48
ever had on, probably the last.
00:10:50
I mean, that is probably the last thing that I would ever
00:10:55
guess for a security person to come from.
00:10:58
You know, and, um, it's extraordinarily interesting to
00:11:04
me the, the wide range of you know backgrounds that we have in
00:11:09
security and you talk about, um , you know, never giving up
00:11:15
right, and your journey was a little bit longer than than mine
00:11:19
actually probably double what mine was because it took me
00:11:23
about two and a half years and I even had it experience just to
00:11:26
break into security.
00:11:28
Um, and that's the important part, you know, when I'm
00:11:31
mentoring people and I'm talking to them about you know, my
00:11:36
journey into security, what it would take for them to get into
00:11:39
security, and you know things like that, as I'm sure you do as
00:11:42
well.
00:11:43
You know I try to even talk them out of it.
00:11:48
You know, because if I could talk you out of it over just a
00:11:51
conversation, you know, with some coffee or whatever, you're
00:11:54
probably not not cut out for it, because this field is extremely
00:11:57
difficult, it's extremely rewarding, you're always going
00:12:02
to be learning and if that isn't a fit for you, then it's just
00:12:04
not a fit for you.
00:12:05
You know, like, let's not try to fit a square into a triangle
00:12:08
hole, right, like it's not going to work.
00:12:10
But if my active persuasion of trying to get you to not commit
00:12:17
to it doesn't work, then this field is probably for you.
00:12:22
You know, like, if me telling you, you know, no, you're not,
00:12:27
you're not for this thing, you know it's not going to work
00:12:29
which, by the way, I would never , I would never tell anyone that
00:12:33
they're not for it, right, it would only be in an effort to
00:12:36
persuade them or dissuade them from doing it.
00:12:38
And if you come out of that and you say, hey, you know what,
00:12:41
like I'm still going to do this thing, it's like all right, like
00:12:45
my efforts worked.
00:12:46
Actually, let's do this, let's go down this road, do you also
00:12:50
approach it, you know, from from that same mentality, from that
00:12:55
same kind of effort, right, because of the difficult path
00:13:01
that you went down.
00:13:02
Do you also approach it that same way or do you approach it
00:13:05
differently?
00:13:06
Speaker 2: You know that's a good question.
00:13:07
Um, I was given that treatment actually in opera.
00:13:14
So in opera, like, there's a very pervasive sense of like, if
00:13:19
you can do anything else, do it , because opera is so freakin
00:13:23
hard.
00:13:23
Like you're on the road all the time, like you're hardly ever
00:13:26
with your friends and family, you have to live the life of a
00:13:29
nun or a monk.
00:13:30
Like you can't party, you can't drink, you can't smoke, you
00:13:33
can't have tattoos, you can't have dreadlocks, you know.
00:13:36
So I'm definitely in my rebellion phase right now.
00:13:40
Um, when someone comes to me and says I want to do security, I
00:13:46
don't necessarily give them like too much tough love, because
00:13:49
that was given to me in opera and like it definitely motivated
00:13:52
me, but it only pushed me so far.
00:13:53
And once I actually like did the thing, I was like okay, I
00:13:57
did it.
00:13:57
Like now, what?
00:13:58
Like I kind of lost a little bit of my joy for it, like
00:14:01
through that sort of messaging.
00:14:02
Um, not to say that that's the same for everybody, but that's
00:14:05
just kind of what happened to me .
00:14:06
Um, what I will say is are you prepared for a long, arduous
00:14:12
road?
00:14:13
Like, so it's kind of the same message, but a little bit more.
00:14:20
Um, not like I try to talk someone out of it, but I do try
00:14:23
to give them the facts that, like the industry right now is
00:14:27
not necessarily the most accepting the newcomers, it's
00:14:30
really difficult to get your first job in cyber.
00:14:32
Um, at least from my experience and from a lot of anecdotal
00:14:36
experience of other people too, I've never seen anyone just like
00:14:38
get a job in it outside of you know, maybe they call, they go
00:14:42
to college for it or whatever.
00:14:43
I've never seen that, um.
00:14:46
So I guess I just have to say, like, do you have grit?
00:14:49
Like do you have the ability to persevere when things are
00:14:52
really really difficult and are you lit up by solving really
00:14:58
hard problems and learning all the time?
00:15:00
So I guess, joe, it is kind of so much what you're saying I
00:15:03
just give each of them like a slightly different, a slightly
00:15:05
different messaging medium.
00:15:08
Speaker 1: Yeah, I would say it's.
00:15:09
It's very similar.
00:15:11
Um, you know, like for me, right, like I do it in just that
00:15:16
first conversation, right, you pass the first conversation is
00:15:20
like all right, let's get to business.
00:15:21
You know, let's, let's get to work.
00:15:23
You know, I'm not, I'm not spending eight weeks trying to
00:15:27
convince someone not to do it, like that's a waste of my time
00:15:29
at that point you know, they're like okay, dude, I'm still here,
00:15:34
Like you can stop trying to convince me.
00:15:35
Right, right, that would never work.
00:15:38
Speaker 2: Right.
00:15:40
Speaker 1: But, um, you know it, it's interesting, right,
00:15:43
Because it's it's so extremely difficult, you know, to get in,
00:15:48
to learn the skills, to get the experience.
00:15:50
And I feel like a lot of times, you know, nowadays, right,
00:15:55
people kind of want that overnight success almost.
00:15:58
And I think that even potentially going through a
00:16:01
bootcamp or getting a degree in it, you know earns you the right
00:16:05
at that, at that position, at that role in the industry and,
00:16:10
you know, maybe it earns you the role at a very low level
00:16:14
analyst position at the right company that's willing to teach
00:16:18
you it, that's willing to work with you on your soft skills.
00:16:21
And a lot of companies don't have that mentality.
00:16:25
I mean, I mean, like 99% of the companies do not have that
00:16:28
mentality.
00:16:29
You know you're going into security and you're you're kind
00:16:32
of.
00:16:32
You know you're kind of going to war.
00:16:34
You've been to war before.
00:16:36
You already know what it's like to earn the respect of someone
00:16:40
else in the room that you know doesn't know you has less
00:16:44
technical knowledge or capabilities than you.
00:16:46
You know you're able to make friends rather than continue.
00:16:50
You know potentially a 10 year disagreement between your
00:16:55
organization, this other organization that you you just
00:16:58
started at.
00:16:58
You don't even know that that exists right, but you're
00:17:00
breaking down, breaking down barriers, and it is challenging
00:17:05
and I always tell people, you know, to start and help desk
00:17:09
first, because help desk, you know you're going to get all the
00:17:13
issues.
00:17:13
More importantly, you're going to be working through all those
00:17:16
soft skills that you learn.
00:17:19
You know, because, like for myself, I started with help desk
00:17:22
right out of college and you know I can't even tell you the
00:17:27
amount of times, even just in one day, where I'd pick up the
00:17:30
phone and the other person on the other line is already pissed
00:17:34
off at me.
00:17:34
They're already having a bad day.
00:17:36
I mean, like they've been struggling with my product for
00:17:39
hours and they decided to just call me now.
00:17:42
You know, even like it's 4pm, like I'm about to leave in 30
00:17:46
minutes and it's like, oh my God , like now I'm, now I'm going to
00:17:50
be here.
00:17:52
Surprise yeah, you know, and I and I may have just gone through
00:17:57
a difficult day, you know I may have just gone through back to
00:17:59
back calls of you know, nothing but unhappy people.
00:18:03
And you know, now I have to grow through that right.
00:18:06
I have to.
00:18:07
I have to learn how to handle that, how to not give up, how to
00:18:11
keep going, when to hand it off , when to escalate it.
00:18:14
Those things, those things are expected in security right.
00:18:20
Is that also your mentality with it or your experience with
00:18:23
it?
00:18:24
Speaker 2: Yeah, I mean wow.
00:18:26
Honestly, the biggest surprise in working in my current role
00:18:32
which I'm so glad that I've prepared for and I have so much
00:18:35
more room to grow with is the soft skills.
00:18:38
Like just the communication can influence like influencing
00:18:43
people to do what you're doing, to do is no joke.
00:18:47
Like it is no joke knowing how to do the political game of like
00:18:51
who do I talk to to talk to this other person, to talk to
00:18:55
this other person to make sure this thing gets done.
00:18:57
It's not necessarily like Game of Thrones politics like no one
00:19:01
is like playing the Game of Thrones and you live or you die,
00:19:03
it's just security training right.
00:19:06
But it can feel like that a little bit, though, right, like
00:19:09
how do I?
00:19:10
How do I do?
00:19:10
How do I do what I need to do so that other people are
00:19:13
motivated to do what they need to do, so that we're all secure
00:19:15
here, and that is not easy.
00:19:18
What I'll say is that my biggest boon in that area has
00:19:25
been my teaching experience, because a lot of teaching
00:19:28
involves motivating other people to do things that they may not
00:19:31
necessarily want to do but that are going to get them to a
00:19:35
better place, right?
00:19:37
So, for example, one mistake I made was like I just like gave
00:19:41
security training to the engineers in my company.
00:19:43
I was like, hey, do this training.
00:19:44
And they were like cool, what's in it for me?
00:19:50
Like why do I have to do this?
00:19:51
Like forget you, lady.
00:19:54
And now I'm learning, like how to like essentially frame this
00:19:58
truthfully, because this is the truth, that this will help them
00:20:01
in their career.
00:20:02
It will help them in their getting promotions, getting
00:20:06
raises, becoming more respected by their peers.
00:20:10
But I can't just give them a security training and expect
00:20:14
them to like fill in all those amazing gaps.
00:20:16
I know that, but they don't know that, and if I tell them
00:20:20
that it means one thing, but if I can get their engineering
00:20:22
managers to tell them that that is an entirely different
00:20:25
ballgame, and if I can get the lead engineer excuse me, the
00:20:30
lead event, the head of engineering to tell the
00:20:31
engineering managers, to tell them that that's even better, so
00:20:35
the more I can stack this in a way that is like look, this is
00:20:38
beneficial not just for our company or organization in being
00:20:42
more secure.
00:20:43
You know, we have better CIS scores Woohoo, cool.
00:20:45
But we're positioned better in the market where we are more
00:20:51
attractive to customers, and it's better for the engineers
00:20:55
themselves to have these skills.
00:20:57
And that is something that I did not realize was going to have
00:21:02
to be done with so much finesse.
00:21:03
Right, and I'm learning.
00:21:06
I'm learning a lot.
00:21:07
Like that is a big area of like oh, I can't just like plop
00:21:11
something on someone's desk and expect them to be a excited to
00:21:13
do it Because, like, if someone did that to me, like I wouldn't
00:21:16
be, like I don't care, like cool , thanks to this extra work.
00:21:19
And B.
00:21:20
I can't expect people to just intrinsically know why this
00:21:23
benefits them.
00:21:23
I have to tell them.
00:21:26
Speaker 1: Yeah, that is.
00:21:28
You know.
00:21:28
You bring up a really good point of not being able to just,
00:21:31
you know, hand something over, plop it on their desk, so to
00:21:34
speak, and expect them to get it done and be okay with it, right
00:21:38
, you know?
00:21:40
It reminds me of a time when I worked for a credit bureau and
00:21:46
the security team that I was on had a very bad relationship like
00:21:50
extremely bad with the database admin team or database
00:21:55
engineering team and, like I set it out as my personal mission
00:22:00
because I was the lead on this team to you know, kind of mend
00:22:06
some broken pathways there.
00:22:08
And you know I spent probably a month, maybe two months, of
00:22:15
taking their team out to lunch, buying them drinks, you know,
00:22:19
stopping by their desk daily, seeing how they're doing maybe
00:22:22
not daily, weekly, definitely seeing how they're doing.
00:22:26
Before I ever asked them to do anything right, when I asked
00:22:30
them to do something it wasn't a get it done immediately.
00:22:35
I kind of need this.
00:22:36
You know, maybe within a couple of days, right, and it just got
00:22:40
plopped on my desk and so I need your expertise.
00:22:43
You know that sort of thing.
00:22:45
Speaker 2: Yeah.
00:22:47
Speaker 1: And it was interesting because a couple of
00:22:50
months down the line you know me and my team we were performing
00:22:53
an upgrade and we ran into an issue that was very specific to
00:22:56
the database.
00:22:57
It was something that, you know , none of us would have known to
00:23:02
how to resolve.
00:23:03
Right To them, it's a 30 second issue.
00:23:05
They know exactly how to do it, like this is just normal
00:23:09
everyday things for them.
00:23:11
For me it's not.
00:23:13
And whenever we're talking about a database, I get nervous
00:23:17
because I've dropped too many databases in my lifetime and I
00:23:20
know what that's like.
00:23:24
And you know my team had someone from my team had called them
00:23:27
basically into our conference call.
00:23:28
It was trying to get them to help and they were very
00:23:33
standoffish, very against it and whatnot, and I was just busy at
00:23:36
the time, right.
00:23:36
But when I heard that they were , you know, being very difficult
00:23:40
to work with, I chimed in and I said, hey, you know, this is
00:23:44
Joe.
00:23:44
You know we need your help.
00:23:45
We called you because we don't have this expertise, we don't
00:23:48
know what we're doing and we just simply, you know, need your
00:23:51
help.
00:23:52
And the whole conversation changed as soon as I chimed in,
00:23:54
as soon as I was present.
00:23:56
They knew I was there, they knew that I had exhausted all of
00:24:00
my resources, that, like, I wasn't even Googling the right
00:24:05
things, right, like it was at that level, yeah, and they were
00:24:10
much more willing to help me Once I put in that work though
00:24:15
of the previous months.
00:24:16
I was, like I'm not going to give up that work though of the
00:24:18
previous months of stopping by again to know these guys, taking
00:24:21
them out to lunch, learning what their favorite beer is
00:24:25
right, buying them a six pack of it over the weekend and, you
00:24:27
know, bringing it to them on Monday.
00:24:30
You know, like that sort of stuff, right, and this is all
00:24:33
coming out of my own pocket, like I'm not using it on a
00:24:35
company card or anything like that, like I'm putting in
00:24:38
genuine work here.
00:24:39
Speaker 2: Yeah, yeah, I mean, the more you can build, the more
00:24:45
relationships, the better.
00:24:47
I'm so glad that you just told that anecdote because like I
00:24:51
feel like that's above and beyond, like I haven't even
00:24:54
thought about like, oh, like, what's someone's favorite XYZ
00:24:55
thing?
00:24:56
Like maybe we can like get it for them or whatever.
00:24:59
I love that.
00:25:00
It's almost like what I'll say is this when working with
00:25:03
internal stakeholders to be like corporate about it internal
00:25:07
stakeholders a good way to think of it is that you are doing
00:25:11
customer service.
00:25:12
Internal stakeholders are your customers, right?
00:25:15
And when you do white glove customer service, that's when
00:25:21
really magical things start to happen.
00:25:23
And then I think this for me personally, the second I start
00:25:27
to think of my internal colleagues or internal
00:25:29
stakeholders is not customers, but just like coworkers.
00:25:32
Where we all have to do this thing is when it loses a lot of
00:25:36
the magic right.
00:25:36
It loses a lot of the spark.
00:25:37
One thing that I found this is actually a cool lesson my father
00:25:42
taught me.
00:25:42
My dad worked in oil and gas and then he worked in insurance
00:25:46
sales for like a really long time and he did really well for
00:25:48
himself.
00:25:48
And one thing he always did for people is, he said, do the
00:25:53
extra work.
00:25:54
That's like the paperwork for them so they don't have to do it
00:25:57
, and that will go a long way.
00:25:58
So, for example, like when I gave out my secure coding
00:26:02
training recently to the engineering managers, I like
00:26:04
made them all tracking sheets.
00:26:06
I was like, hey, like you know, we can't.
00:26:07
We, I looked into if we can do this through a particular piece
00:26:10
of software.
00:26:10
We have to track who's doing it .
00:26:12
We can't, so here's like a sheet for it's.
00:26:15
I just made it for you.
00:26:16
It's like did this person do it , yes or no?
00:26:18
The end and they were like, wow , this is really great.
00:26:20
Now I don't have to go make this sheet.
00:26:22
And like figure out a way to track this.
00:26:24
And it's like off their mind.
00:26:25
If you can do little stuff like that, I guess that's my
00:26:28
equivalent of like buying someone a six pack of beers.
00:26:30
Like please, let me help you make your job a little bit
00:26:33
easier.
00:26:33
And, yeah, like the more personable you can be, the
00:26:38
better.
00:26:38
The best person I have ever seen in the security space, the best
00:26:43
person.
00:26:43
I'm going to give her a major shout out.
00:26:44
Her name is Tanya Janka.
00:26:45
She was my former boss at Bright Security.
00:26:48
Her people skills are ridiculously good.
00:26:52
They are exceptional.
00:26:53
She is so good with people and she's so effective at her job
00:27:00
and I think part of like I mean, she just that's, that's her
00:27:03
special trick, right.
00:27:03
She's just so dang good with people and people want to do the
00:27:07
thing for Tanya.
00:27:08
They want to do it for her because she's so fucking great.
00:27:10
Pardon, my friend, it's true and I that was really inspiring
00:27:14
to me too, like just to see her, like just how good she is with
00:27:17
people and I mean that's, that's all this is.
00:27:20
It's just we're just engineers in the people business, right.
00:27:23
Like that's all that's all this boils down to, yeah.
00:27:28
Speaker 1: I think that's actually really important.
00:27:31
What you said you know offering like a white glove treatment,
00:27:34
because I think a lot of times when you're an internal, you're
00:27:38
an internal employee just dealing with internal customers.
00:27:42
Right, you think of white glove treatment typically with, like,
00:27:46
a CEO, cio.
00:27:48
You know the executive suite.
00:27:49
Yeah, rarely do you start thinking about white glove
00:27:53
treatment with internal stakeholders that you know
00:27:58
assist you to keep your product running.
00:28:00
Yeah, right, and that's kind of the the important distinction
00:28:04
to make, right, security is very different.
00:28:07
Where security people, they typically know exactly what's
00:28:12
going on with their system at any one point in time.
00:28:14
They're they're very good at understanding.
00:28:16
Let's just say, you know Windows Server 2016,.
00:28:19
Understanding the ins and outs, what a DLL should be doing,
00:28:23
what it shouldn't be doing, things like that.
00:28:25
They'll probably even know how to deploy a database, how to set
00:28:28
up the database.
00:28:29
You know maybe even read the database logs, right, it's a
00:28:33
totally different ball game when we start looking at database
00:28:36
logs, determining what is wrong and then figuring out the
00:28:40
command on the database that resolves it without destroying
00:28:43
the database.
00:28:44
That's a very different skill that takes database engineers
00:28:48
years of experience to develop, and so it's important for us to
00:28:54
understand where our limitations are and making those
00:28:58
relationships right where, where we need them to be.
00:29:02
You know, like I had to make a relationship with the database
00:29:04
team.
00:29:04
Thankfully it paid off, you know.
00:29:06
But I've had to make relationships with systems teams
00:29:09
, infrastructure teams, networking teams.
00:29:12
Because, you know, maybe I'm doing a different project.
00:29:14
You know like currently at my current workplace, I'm doing a
00:29:18
cloud WAF deployment.
00:29:19
Right, I've never done a cloud WAF before.
00:29:22
I've deployed other technologies that are similar to
00:29:24
it.
00:29:24
I assume it'll be, you know, roughly the same difficulty
00:29:28
level as a proxy or whatnot.
00:29:30
Right, but I still need the networking team input.
00:29:32
I need their help because I don't know, you know, are we
00:29:36
doing, I don't know, bgp or some other protocol between this
00:29:40
endpoint and that endpoint?
00:29:41
Do we need to intercept to the different way?
00:29:43
I mean, there's a million things that I don't know right,
00:29:47
right, and I'm not a network security person to save my life,
00:29:50
right, like we can start talking about, you know,
00:29:53
encryption and stuff, but like that's kind of where it cuts off
00:29:55
.
00:29:56
And so it's important to identify who you know, not in a
00:30:04
disingenuine way, but who you need to befriend and who you
00:30:08
need to kind of give that enhanced treatment to early on
00:30:12
for you to be successful in the role.
00:30:14
Speaker 2: Yeah, absolutely.
00:30:15
And like I know, if I ever go to a different company and do
00:30:20
the same kind of job again, that'll be my first priority,
00:30:22
Like now that I know that right, like and I guess that's
00:30:26
something else that I would say to all of our listeners is, like
00:30:28
, if you are also like wondering , like how do I get into this
00:30:31
career?
00:30:32
What's a good skill to develop?
00:30:33
Like I know how to hack everything, I know everything
00:30:35
about SQL injection.
00:30:36
Like why don't I have a job?
00:30:37
Um, maybe practicing that kind of like white glove treatment
00:30:43
with maybe the people you're interviewing with, like one
00:30:46
thing that is really good to do is like go look at their
00:30:48
LinkedIn and like learn about them and be like hey, like I saw
00:30:51
you, I saw you volunteer at such and such, blah, blah, blah.
00:30:54
Like my uncle volunteers at whatever it is right.
00:30:56
Like find commonalities, like learn how to make friends and
00:31:00
build those relationships with people in your networking excuse
00:31:03
me, in your network that already exists, and then you can
00:31:05
take those skills into your new job and that's definitely
00:31:09
something that I am really looking forward to like doing
00:31:14
again, getting better at and you're so right, joe.
00:31:17
Like when I first started, I was like oh my God, I need to know
00:31:21
everything.
00:31:21
Like how am I possibly going to do this job?
00:31:23
Like I'm going to need to be like a programming wizard and
00:31:26
like a network engineer wizard and like know everything about
00:31:30
every single help desk ticket.
00:31:31
Like I was like there's no freaking way, like I don't know
00:31:35
that I can do this job, and like you just pointed to.
00:31:37
What I realized quickly is my job is not to do everyone else's
00:31:42
job.
00:31:42
My job is to empower people to do their job in a secure manner.
00:31:48
That's it.
00:31:48
That's all my job is to do.
00:31:50
And I need to know about the security.
00:31:52
I need to read the security books.
00:31:53
I need to do the security courses.
00:31:55
I need to futz with the DAS tool that's giving me a headache
00:31:59
and having me tear my hair out.
00:32:00
That's my job, right.
00:32:04
I need to go through the particular pain points that I go
00:32:07
through and let other people do their job, to not try to not
00:32:10
try to overstep my bounds.
00:32:12
At the end of the day, the big theme is stay in my lane Right.
00:32:15
Speaker 1: Yeah.
00:32:16
Speaker 2: Yeah.
00:32:17
Speaker 1: It's a good point to kind of, I guess, shift gears a
00:32:21
little bit.
00:32:22
But, you know, maybe maybe some of the most difficult people
00:32:29
that I have encountered to get to do something, really anything
00:32:33
, is developers.
00:32:34
And it wasn't until a recent role, where we actually had an
00:32:39
app sec team that handled all of that stuff, that I saw what
00:32:45
success was like from that perspective.
00:32:48
The reason why they were so successful is because they were
00:32:52
all this is a team of all like previous developers, they all
00:32:58
knew how to develop an application, how to write code.
00:33:01
You know, inside and out, they spoke more coding languages
00:33:04
fluently than they spoke English even.
00:33:06
I mean, like you know, I'm saying like their skill level
00:33:10
was extremely high with coding in ways that I'll never achieve.
00:33:15
And so there was a skill gap slash, like communication gap,
00:33:21
that I had with developers that I just couldn't fill, you know,
00:33:25
because I didn't.
00:33:26
I mean I didn't know like, if you put some Python in front of
00:33:29
me and said it did this, I couldn't really challenge you on
00:33:32
it.
00:33:32
I mean I couldn't say yes or no .
00:33:35
It'd be like, okay, yeah, that's what it does.
00:33:37
You know, these guys were able to, you know, step into the
00:33:44
situation and not only describe the code of exactly what they
00:33:49
wanted, you know the developer to write, but they were able to
00:33:55
properly explain the security implications of doing it that
00:33:59
way.
00:33:59
Yeah, and having that bridge is I mean it's, it's absolutely
00:34:06
required, especially nowadays, right, because we're not only
00:34:11
developing more things faster than we ever have before, but
00:34:15
we're putting them up into the cloud, and in the cloud, you're
00:34:18
typically separating everything out right, which is a totally
00:34:21
different way of developing something on prem legacy way
00:34:25
that you know was was normal when you and I started in it
00:34:31
right, of developing it all in one stack on one server.
00:34:33
Maybe you have a database server that's separate, but you
00:34:37
know it's all together right, in the cloud.
00:34:39
It's all separate and it's completely different, and so
00:34:43
it's.
00:34:43
It's so extremely important, you know, if you're going to go
00:34:46
down the app sec route, to honestly, in my opinion, be a
00:34:50
developer first right is that?
00:34:53
is that what you've run into as well, you know, in terms of your
00:34:58
developer skill set really paying dividends, in terms of
00:35:03
how you engage with other developers, how you get them to
00:35:07
do things that you know they would normally push back on a
00:35:10
lot?
00:35:11
Are you able to answer questions more effectively?
00:35:14
I guess I'm asking too many questions right now All at once,
00:35:19
right, because I'm kind of, I'm kind of fascinated, though, you
00:35:22
know, like these guys, you know that I encountered.
00:35:25
They were I mean, they were the smartest people I've ever met
00:35:29
in security, and that's really saying something.
00:35:31
Speaker 2: Right, yeah, no, security is full of really smart
00:35:32
people.
00:35:33
That is so interesting and I want our listeners to understand
00:35:40
that this is a matter of opinion.
00:35:42
If you do not fall into a particular background, it does
00:35:47
not mean you're doomed and you can't do this job.
00:35:50
Like like Joe said earlier, people come to this job from all
00:35:54
kinds of backgrounds.
00:35:54
Right, I have not had a ton of development experience.
00:36:00
A lot of my experience has been in more like teaching, like so,
00:36:04
teaching tools and things like that.
00:36:07
I can read code really well.
00:36:09
I can write code okay.
00:36:10
I would not say that my sweet spot is in writing applications.
00:36:18
I can code, I can write software and like I, my personal
00:36:28
, like genius, is being able to explain why something matters in
00:36:35
a security mindset.
00:36:36
So, for example, like you were talking about, like your
00:36:38
developers, like they could like refactor a piece of code, let's
00:36:41
say they could be like you know you should try it this way and
00:36:43
it'll run it.
00:36:43
You know X times better with.
00:36:46
You know X memory.
00:36:47
You know just, it'll be better, it'll be more performant, it'll
00:36:51
be, you know, easier to read, whatever it is right.
00:36:53
So I can do that, but I can also.
00:36:56
What I can really do is explain why this matters for security,
00:36:59
for example, like, well, if we refactor this code, then we're
00:37:02
going to have less of what's called an attack surface, and an
00:37:05
attack surface is blah, blah, blah, blah, blah, blah, blah,
00:37:07
blah, blah, blah, blah.
00:37:07
And then I will explain these security concepts so that people
00:37:10
can then be like, oh, not only am I getting rid of technical
00:37:13
data and refactoring whatever, but because it just will make my
00:37:15
code more performant, it'll make my code more easy to read,
00:37:18
it'll, you know, lead to some like resiliency in the code base
00:37:22
.
00:37:22
But also there's now this security thing called attack
00:37:27
surface that I can also now be mindful of, and I'll be able to
00:37:29
explain what that means to them really, really well.
00:37:33
So, like I said, I've learned that I need to stay in my lane.
00:37:37
I can't come into a developer space and be like, oh, I know
00:37:39
how to write this better than you, because for stuff I haven't
00:37:42
been working in their code base for as long as they have, like
00:37:45
I can't write it better than them.
00:37:46
I'm not like a freaking wizard, like I'm not a genius I know
00:37:49
there's coding geniuses out there, but I'm not one of them.
00:37:52
But I can give them extra tools in their tool belt to make sure
00:37:56
that what they are doing is being done in a secure manner.
00:37:58
So that's kind of my zone of genius, as it were.
00:38:01
So I definitely want to say, like you know, like does it help
00:38:05
to be an amazing developer?
00:38:06
Hell yeah, like I wish I was a better developer a lot like.
00:38:10
I'm constantly learning, I'm constantly like taking classes,
00:38:14
I'm constantly trying to write my own stuff, like with varying
00:38:18
degrees of success.
00:38:19
One thing I want to do, as well as like start contributing to
00:38:22
like open source, so that I can like have a little bit more of
00:38:24
like a regular practice, and like it's also more important,
00:38:29
at least for me in my viewpoint, to learn about the security
00:38:33
implications of like things like secure code review, things like
00:38:39
DAS tools, things like SAS tools, things like oh gosh, what
00:38:43
else Like doing like audits of all of our particular pieces of
00:38:49
software that we're using?
00:38:50
Like how can we do third party integrations in a secure manner?
00:38:53
Like there's so much more aside from just writing code that
00:38:57
goes in the app stack that I was completely unaware before I
00:39:00
started doing this job, and the things that would differentiate
00:39:04
me are those particular things Like it's not, like oh, I'm
00:39:09
going to be a better coder than you are.
00:39:11
It's, oh, I'm going to have a more security oriented mindset
00:39:15
than you are, that I can teach you so that you can be a better
00:39:18
coder.
00:39:21
And what I'll say again to all your listeners is, like
00:39:23
everyone's different, like that may not be your approach, that
00:39:26
might not be your zone of genius .
00:39:27
Maybe your zone of genius as you are an extremely proficient
00:39:30
coder and you can do like you just know about security headers
00:39:36
and you always do the right thing with input, validation and
00:39:38
that's just like in your second nature and that's like what you
00:39:42
can do.
00:39:42
But maybe you're coming to it much from like a programmer
00:39:45
mindset first and a security mindset second.
00:39:47
I come to it from a security mindset first and a programmer
00:39:50
mindset second.
00:39:51
Have I had success?
00:39:52
Yeah, do I know any different?
00:39:55
Could I be more successful if I was another way?
00:39:57
Maybe, but I don't know.
00:39:58
I just I'm only me and that's my limited viewpoint of it.
00:40:02
Speaker 1: So, yeah, yeah, I think you bring up a really good
00:40:08
point of knowing your skillset, knowing your strengths and then
00:40:13
really learning how to lean on other resources to make up the
00:40:19
difference, right, and I think that that is something as new
00:40:24
people are coming into the field , they have to kind of learn and
00:40:28
understand that you're not going to be an expert in
00:40:32
developing an application and go laying than a developer, right,
00:40:37
like you don't need to be that.
00:40:38
You need to understand the code , you need to understand what
00:40:42
you're looking at.
00:40:42
You can maybe even write some right, but you're not supposed
00:40:48
to be the expert in that.
00:40:50
You're supposed to be the expert in how to secure whatever
00:40:52
that is in that code.
00:40:53
You know, and it's an important distinction because I think as
00:40:57
security professionals, we're a little bit more curious than
00:41:00
other people.
00:41:00
We're a little bit more even self-conscious in ways, right,
00:41:05
of knowledge, of skillset, of imposter syndrome, right, and
00:41:13
it's important to know where those boundaries are.
00:41:15
You know, for yourself and even for your team when you become
00:41:18
more senior and directing them through this process as well.
00:41:22
You know, have you encountered very much imposter syndrome?
00:41:28
And I ask because your background is an opera singer,
00:41:31
right, so I would imagine me personally, I mean, I would
00:41:35
definitely be struggling with imposter syndrome on a daily
00:41:39
basis.
00:41:39
You know, if I was an opera singer, which I do not have the
00:41:42
voice for, I don't have the skillset for, my wife is a
00:41:45
violinist and, like she's the talented one in the family, you
00:41:50
know, oh, that's so cool.
00:41:51
Speaker 2: Yeah, oh, wow.
00:41:54
Imposter syndrome there is a lot to say about that, wow, and
00:42:02
we only have like 10 minutes.
00:42:04
Speaker 1: Should we have a part two for imposter syndrome?
00:42:07
Speaker 2: I have thoughts, man.
00:42:08
I have some serious thoughts.
00:42:10
I'm going to say it this way Imposter syndrome is twofold,
00:42:15
fold number one true imposter syndrome.
00:42:17
Actually threefold, sorry, threefold, whoa, true imposter
00:42:21
syndrome, which is a feeling of deficiency or not being good
00:42:25
enough or feeling lesser than I think that is a psychological
00:42:29
thing, that is part of the human condition.
00:42:33
I think everybody has it in some area in their life and if
00:42:37
they say they don't, they're lying to you.
00:42:41
And if it shows up in your professional life, that's just
00:42:43
where it shows up and that's what we call imposter syndrome.
00:42:46
Do I deal with that?
00:42:47
Yes, do things to mitigate that ?
00:42:50
Absolutely yes.
00:42:52
Like, I seek help dealing with that through many different
00:42:56
channels and avenues.
00:42:57
Otherwise it will completely cripple me and it's not good.
00:43:00
So if you're feeling like, genuinely like I'm lesser than
00:43:05
I'm not worthy, I'm not good enough, like honestly, the best
00:43:10
thing I can say to counteract that is like talk to a mental
00:43:13
health professional, talk to a trusted friend, take psilocybin
00:43:18
mushrooms and have an experience about it.
00:43:20
Like you know.
00:43:21
Like do what you need to do to like really take care of
00:43:24
yourself and realize that you are in fact worthy and have
00:43:27
inherent value.
00:43:27
That is very important, not only for a job but for just a
00:43:30
good quality of life.
00:43:31
Right, the second thing I'll say of the trifecta is genuine
00:43:39
imposter.
00:43:39
Like maybe you just don't have the skills Right, like maybe
00:43:44
you're in a job and the skills required of you you just don't
00:43:47
have.
00:43:48
I love that section of imposter syndrome because that's easy.
00:43:51
You just go get the skills, you just go get the training.
00:43:54
For example, at one of my jobs I was a developer relations for a
00:43:58
company called Fusion Auth man.
00:44:00
That job was way over my skill set.
00:44:02
Whoa, holy moly.
00:44:04
I was like not up to par for that job and I had to teach the
00:44:08
shit out of myself how to do a lot of that job.
00:44:11
And I learned a lot.
00:44:15
Like holy crap, I learned a lot .
00:44:17
And so if you're internal like clock or your internal compass
00:44:21
is like hey, like you may not really be up to this task
00:44:24
because you don't, you have a big skills gap.
00:44:26
Listen to that and close the skills gap.
00:44:29
It's okay, like it's okay to not know.
00:44:30
That's why you're in this job.
00:44:32
I think in tech, everybody also has imposter syndrome because
00:44:34
there's a huge skill gap.
00:44:36
There's always something new that you need to be learning and
00:44:39
applying just as soon as you learn it in order to do your job
00:44:42
.
00:44:42
So I think that's also why we talk about imposter syndrome a
00:44:45
lot in tech is because, yeah, like true to fact, we're all
00:44:47
kind of imposters because we just don't know what we need to
00:44:50
know ever right, and then we know it and then the next
00:44:53
problem comes.
00:44:53
That's why we get paid the big bucks is because we're solving
00:44:56
problems that no one has ever solved before.
00:44:57
So, yeah, that's going to lead to some psychological like oh
00:45:00
shit, like maybe I don't know what I need to know.
00:45:03
The problem then is when that goes into the psychological side
00:45:06
of like I'm not good enough.
00:45:08
It doesn't mean you're not good enough, doesn't mean you're
00:45:10
less worthy, it just means you don't know the thing and you can
00:45:13
go learn the thing because that's in your capability to do.
00:45:15
If you were in this field, you have that capability.
00:45:19
It's proven.
00:45:20
You can do it.
00:45:21
You can do it.
00:45:22
I promise you can do it.
00:45:23
The third section of imposter syndrome is living inside of a
00:45:29
flawed system that is genuinely not designed for you.
00:45:34
This is especially true if you're a minority group in
00:45:37
technology, if you're a woman, bipoc, lgbtq, maybe you have a
00:45:42
disability, maybe you are neurodivergent the world is not
00:45:47
necessarily designed for that and you can be operating in this
00:45:50
world that is not designed for you and that can lead to a lot
00:45:54
of feelings of inferiority and you have to realize no, I'm just
00:45:58
working inside of a flawed system.
00:45:59
A lot of people did the very best they could to create this
00:46:04
very flawed system and a lot of people are doing not the best
00:46:08
they can and they're actually making it worse.
00:46:09
And that's just a part of life, right.
00:46:12
Learning how to maneuver in a jacked up system and changing it
00:46:17
where you can and accepting where you can, like that whole
00:46:20
serenity prayer, right, god, grant me the ability to change
00:46:24
the things I can and accept the things I can't change.
00:46:26
That is almost like a spiritual practice of work or spiritual
00:46:31
practice of life.
00:46:32
Right, it's like learning to accept that you may have these
00:46:36
feelings because you're working in a system that is probably not
00:46:39
designed for you, even if you are one of the people it's
00:46:42
designed for.
00:46:43
Everyone is different, everyone has tough times in their life,
00:46:45
and it's just.
00:46:47
Life is hard right.
00:46:48
So that's what I'll say.
00:46:50
That's the three pronged view of imposter syndrome.
00:46:53
I could go very deep into all those three topics where we
00:46:56
don't have enough time.
00:46:58
Speaker 1: Of course you bring up.
00:47:01
I think a lot of it has to do with mental health as well as,
00:47:09
like you said, identifying that the environment isn't
00:47:11
necessarily made for you.
00:47:14
It's more about you figuring out how to potentially be
00:47:20
yourself and be successful in this environment.
00:47:23
That's not an easy thing to do for anyone and I've talked about
00:47:30
it before on this podcast.
00:47:33
I haven't talked about it too recently, I guess, but mental
00:47:37
health is extremely important.
00:47:39
This past weekend I went and did a float session at float 60.
00:47:44
It was fantastic.
00:47:47
I have one of my personal goals for the year is to actually do
00:47:50
it between six and 12 times.
00:47:51
I'm a little bit behind, so I got to rank it up, start going
00:47:56
with that a little bit more.
00:47:59
But working out regularly, right, going for walks, getting
00:48:02
away from your computer, kind of detaching, all of those things
00:48:08
they help and they kind of stack on each other over time, right,
00:48:11
like.
00:48:12
So you start feeling better and better and I guess the
00:48:18
unfortunate side effect of that right At least for me with my
00:48:22
mentality is like it'll build up .
00:48:24
It's like, oh okay, I can stop for a while, right, and so I
00:48:27
stopped for a while, and then I stopped for too long and then
00:48:30
these issues kind of like reemerge and it's like, oh wait,
00:48:33
I need to go for walks again.
00:48:35
Oh wait, I need to go work out.
00:48:38
I haven't worked out in a while .
00:48:39
For me, it's those hard for me.
00:48:43
It has to be like a really difficult workout, right?
00:48:48
It has to be something that I'm starting to question why am I
00:48:51
still moving?
00:48:51
That's when I get the most benefit from it.
00:48:57
And as security professionals, it's easy for us to get caught
00:49:01
up in a world of you have to know everything, you have to
00:49:06
know everything, you have to be better, you have to be
00:49:09
continuously growing and whatnot , and that'll wear on you for
00:49:12
sure.
00:49:12
And it's extremely important for you to be mindful of your
00:49:17
mental health and work on it.
00:49:20
Right.
00:49:21
And I think even a part of that is like what you mentioned with
00:49:25
the serenity prayer, right?
00:49:27
Just understanding your sphere of control.
00:49:34
What do you have direct control over?
00:49:36
What do you have no control over?
00:49:38
And only focus on the things that you have control over,
00:49:42
because it's not fair to yourself to be focused on things
00:49:45
that you can't control, because what are you supposed to do in
00:49:48
that situation?
00:49:49
For me, I'm very solution oriented, right?
00:49:51
So when my wife presents me with a problem, like, well, when
00:49:57
I present you with a solution, don't be thrown off by it.
00:50:00
Or when I'm knocked down so many times, it's like, okay, you
00:50:04
tell me how to solve this, because that's just how my mind
00:50:07
is right.
00:50:07
I'm very solution oriented and I think a lot of us in security
00:50:12
are.
00:50:12
So, it's just yeah.
00:50:17
Speaker 2: That's why they pay us the big bucks or the $80, I
00:50:20
mean whatever.
00:50:23
Speaker 1: Yeah, you bring up another good point.
00:50:25
I have a friend that I made this friend early on in my
00:50:31
security career, thankfully, and he told me that you know, we
00:50:36
earn our paycheck maybe at the very most two or three times a
00:50:41
year.
00:50:41
I mean at the absolute most.
00:50:43
Right, I said well, what do you mean?
00:50:45
Like I go to work every single day, I'm working hard, he goes.
00:50:48
No, you earn your paycheck because we're paid way more than
00:50:55
what other people in IT are.
00:50:57
Typically, you earn it when everything's going wrong, when
00:51:03
your system's guy has no clue of what's going on with the server
00:51:06
, when the networking guy has no clue of what's going on, when
00:51:09
the database guy doesn't understand the logs that he is
00:51:13
reading.
00:51:13
You're the type of person that has to be able to come in and
00:51:18
sort out the chaos, direct the team, develop a plan of action
00:51:24
and move forward and resolve that issue, because your company
00:51:27
is more than likely losing money every single minute that
00:51:30
that issue goes on, and so that's how we actually earn our
00:51:33
paycheck, and that's very true.
00:51:39
You earn it when everyone else is in disarray.
00:51:42
There has to be some major issues going on, and hopefully
00:51:47
that doesn't happen three times in a year, because people are
00:51:49
probably losing their job if it happens three times in a year,
00:51:51
yeah, Ew Right, oh, shoot.
00:52:00
Speaker 2: No, that's true, joe, and one thing I'm really
00:52:05
grateful for that I found cybersecurity in my career path
00:52:09
is that that was also my sweet spot when I worked in opera.
00:52:14
Like I was the person people would call if a soprano got
00:52:17
really sick at the last second and they needed someone to come
00:52:20
and fill in in two hours.
00:52:22
Right, I was literally known as the last minute queen.
00:52:26
Like if people needed a sub.
00:52:28
Like right, effing now for really hard music on like Holy
00:52:33
Week or something, when there's like thousands of people,
00:52:36
whatever, right, like that was me and I love that shit.
00:52:42
Like I love that experience.
00:52:45
And like you also pointed to earlier, I think that mental
00:52:49
health is really important and you have to be consistently
00:52:52
doing things that bolster your resilience.
00:52:57
And this is a gross overgeneralization.
00:53:00
I could be totally wrong, but I don't think I am.
00:53:02
I think people that work in security love adrenaline.
00:53:05
I think they are like adrenaline junkies.
00:53:08
Right, like there's something about security.
00:53:11
People that like we just love that edge.
00:53:13
right, we're like yeah, like I'm going to dye my hair purple and
00:53:15
put it in dreadlocks and like F society and I would like learn
00:53:18
how to hack and I'm going to know all the things.
00:53:20
And when shit goes down, I'm the one that's like, yeah, I can
00:53:24
fix it.
00:53:24
Like we love that adrenaline rush right, and if we aren't
00:53:27
careful, that will overtake us, especially in my case I'm not 20
00:53:32
years old anymore.
00:53:33
Like my body is like you better take care of me or I'm not
00:53:37
going to take care of you because your lifestyle is a
00:53:39
little extreme, like you're a little bit of an extreme person.
00:53:42
So, yeah, I think that you're right, we do earn our paycheck
00:53:47
in that we can, like essentially make sure the entire company
00:53:50
doesn't implode, which is good.
00:53:53
So, like a lot of people rely on us for their livelihood, right,
00:53:57
they rely on us for the company's reputation, for the
00:54:03
data you know the whole CIA triangle like this
00:54:06
confidentiality, integrity, availability of customers, data
00:54:09
like these are big responsibilities.
00:54:11
They are like they wait and they can weigh heavy if you
00:54:13
think too much about it and if you don't take care of yourself.
00:54:16
Like you got to take care of yourself.
00:54:18
Otherwise, it's like this will just get in your head.
00:54:20
Man, like I had my first existential crisis about working
00:54:24
in security a few months ago where I was like, oh my God,
00:54:26
like if I mess up my job, like so many people are going to be
00:54:31
affected in a non-trivial manner , and I talked to a friend of
00:54:36
mine who's a CISO and they were like yep, did you work out today
00:54:41
?
00:54:43
You know, like that was kind of their response.
00:54:45
I was like no, I'm going to go to the gym and pick up something
00:54:47
really heavy and like not think about it.
00:54:49
But yeah, and it's good that we want to learn all the things,
00:54:53
because we have to have that kind of drive, we have to be the
00:54:55
kind of person that does have our tendrils and a little bit of
00:54:58
everything right, like that has our my silly old network
00:55:01
throughout the entire company.
00:55:02
We're constantly getting information and putting
00:55:04
information out and like we have to be that type of a
00:55:06
temperament, like there is a temperament and that's I'm so
00:55:09
glad I found cyber, because I'm like, yes, my people, my people,
00:55:12
I try, but yeah, if you don't take care of yourself, man, like
00:55:16
forget it, yeah.
00:55:18
Speaker 1: So yeah, absolutely Well, kara, you know we're at
00:55:23
time, unfortunately, so I'll definitely just have to have you
00:55:27
back on it.
00:55:28
We'll talk more about, you know , mental health and imposter
00:55:31
syndrome and all that good stuff .
00:55:33
But before I let you go, how about you tell my audience, you
00:55:36
know where they could find you if they wanted to reach out to
00:55:38
you?
00:55:39
Maybe you know the company if there's a website?
00:55:42
I know you're on the security weekly podcast now for
00:55:45
application security weekly.
00:55:46
So if you just want to, you know, say where they can find
00:55:50
you.
00:55:50
That'd be great.
00:55:51
Speaker 2: Yeah, so you can find me.
00:55:53
A good way to get in touch with me is just to email me.
00:55:56
You can find me at the T-H-E Akirati A-K-I-R-A-T-I.
00:56:03
It's like the Illuminati, but the Akirati, you know.
00:56:06
So that's an email address I use just for correspondence with
00:56:11
you know people that hear me on podcasts and want to ask
00:56:13
questions and whatnot.
00:56:14
I'll do my best to reply.
00:56:15
Sometimes I get swamped and it's just like you gotta just
00:56:19
kind of catch me on LinkedIn.
00:56:20
Linkedin is another good place to follow me.
00:56:24
I like to write a lot of like long form posts on cybersecurity
00:56:27
and also just life and philosophy and music and stuff
00:56:29
like that.
00:56:30
And lastly, I do have a website .
00:56:33
It's akirabrandcom.
00:56:35
It is very in need of a revamp, so a lot of the information is
00:56:40
kind of old.
00:56:40
But every time I go on a podcast I'm like man, I really
00:56:43
need to update my website.
00:56:44
So check it out.
00:56:45
By the time you're listening to this, I may have gotten around
00:56:48
to it, which is very exciting.
00:56:49
So, yeah, and also, I guess, sorry.
00:56:51
One last thing you can find me on application security weekly.
00:56:54
I don't host every week, but I host about once or twice a month
00:56:56
and you can hear just my hot takes on all things cyber.
00:57:00
I'm I podcast with the gods, right.
00:57:03
Like the people that I do the podcast with have been in the
00:57:06
industry for like a bazillion leaders and they're so
00:57:08
knowledgeable so I'm the person that's like hey, like explain to
00:57:12
your less ha ha ha.
00:57:13
So you can kind of.
00:57:13
If you're a beginner, it's really good for you to listen to
00:57:16
this podcast because I'm also coming to it from beginner mind,
00:57:19
right, so you'll get a lot out of it.
00:57:21
Actually, on the, on the shows I'm on, you're going to hear a
00:57:23
lot of like bringing in perspective.
00:57:24
So that might be that will prove useful to you.
00:57:26
So that's how you can find me.
00:57:29
Speaker 1: Awesome.
00:57:29
Well, thanks Kara for coming on .
00:57:31
I really enjoyed our conversation and I hope everyone
00:57:34
enjoyed this episode.