From Opera to IT: A Tale of Resilience and Innovation with Security Engineer, Akira Brand

1 00:00:01
Speaker 1: How's it going, akira ?

00:00:02
It's been too long since we first spoke.

00:00:05
I mean, I think I like initially reached out in like

00:00:09
January or something at this point but, I'm really excited

00:00:13
for you to be on the podcast today.

00:00:16
Speaker 2: Thank you, I am so happy that we finally linked up.

00:00:19
This has like been a long time in the making, for sure.

00:00:24
Speaker 1: Yeah, it's been a crazy like six months for me.

00:00:29
Yeah, it's like yeah, crazy for you as well, I'm sure.

00:00:32
So you know, akira, I start everyone off with giving their

00:00:37
background of how they got into IET.

00:00:39
Maybe what piqued their interests, what made them, you

00:00:43
know, potentially even think that they could go down this

00:00:45
path.

00:00:45
Right, because I have a lot of my audience that are new to IET,

00:00:50
they're new to security and maybe they're wondering you know

00:00:53
, can I make this career change?

00:00:55
Can I?

00:00:55
Will this actually work out for me?

00:00:58
So what's your story?

00:01:02
Speaker 2: That is such a good question and I love that your

00:01:04
audience is maybe on the newer side of their journey.

00:01:08
So to start out with I want to say yes, you absolutely have a

00:01:13
place in this industry.

00:01:14
Keep going, keep grinding like, do what you got to do.

00:01:18
It's not an enjoyable time trying to break into it.

00:01:22
It's really hard.

00:01:23
I know I went through lots of trials and tribulations and

00:01:27
nights of like crying and you know all that good emotional

00:01:30
stuff.

00:01:30
But I'm here now and I'm really glad I didn't give up.

00:01:33
So don't give up, keep going.

00:01:36
There is definitely a place for you.

00:01:38
So I will say this I am a career changer.

00:01:42
I did not start out in IET.

00:01:44
That was not my MO at all.

00:01:47
I was actually a Luddite.

00:01:48
I hated computers.

00:01:50
I did not believe in technology .

00:01:53
I didn't own a computer.

00:01:54
I didn't own a smartphone.

00:01:56
I owned a flip phone and was very happy about it.

00:01:59
Back when I was looking to change careers from my previous

00:02:04
career to what I am in now, my previous job which may explain a

00:02:09
lot of why I was a Luddite was working in classical music.

00:02:13
I am a trained opera singer.

00:02:16
I performed and taught opera for 10 years and in there I also

00:02:23
did a very small stint in seminary school.

00:02:26
So that is a world where technology is not necessarily

00:02:34
frowned on, but it's very not a technologically advanced field,

00:02:40
as it were.

00:02:41
A lot of it is still acoustic instruments and you know you're

00:02:45
singing with your voice without a microphone, like you really

00:02:49
don't have to think about these kinds of things at all.

00:02:50
However, about like I said, about 10 years into that career,

00:02:56
I got really bored.

00:02:57
Like I got really bored, and I was also extremely depressed,

00:03:01
like I was just really miserable .

00:03:03
I was really unhappy, I was in a really bad place mentally and

00:03:10
the career was just not cutting it for me.

00:03:12
It was not leading to any kind of fulfillment.

00:03:14
It was actually becoming a huge drag like on my psyche and I

00:03:19
knew I needed to make a change.

00:03:21
So what I'll say to that is at the time, my former partner who

00:03:26
worked in technology suggested that I look into programming and

00:03:32
I laughed at him.

00:03:33
I was like no way, like that's crazy, like I don't do computers

00:03:39
, we don't do that here.

00:03:40
And then he essentially like just said like you know, akira,

00:03:44
like it would answer a lot of questions for you, it would give

00:03:48
you financial stability, like your brain would be engaged.

00:03:51
You wouldn't be bored.

00:03:53
If you can get over that.

00:03:55
You quote unquote don't like computers.

00:03:57
You would actually probably really like it.

00:03:59
So I found you a code school that have free weekend classes.

00:04:03
You need to go check out one weekend classes.

00:04:04
You can borrow my computer, I'll drive you, let's go.

00:04:06
So I'm actually really grateful to this individual, even though

00:04:10
we're no longer together, like he was just so seminal and

00:04:14
encouraging me to take this route.

00:04:17
I did do the weekend a little like coding boot camp thing, and

00:04:22
I fell in love with it.

00:04:22
We had two days.

00:04:23
One was a front end engineering day, one was a back end

00:04:25
engineering day.

00:04:26
The front end engineering day I was like, uh, this is like

00:04:29
crazy, I don't understand.

00:04:30
There's like three things going on Like why am I coding in

00:04:32
three languages at the same time as HTML, css and JavaScript, of

00:04:36
course?

00:04:36
And then the back end day we were doing we were posting to

00:04:40
Twitter via the Twitter API and Ruby, and I thought that was the

00:04:45
coolest thing ever.

00:04:46
Like I looked at the code and it like made sense to me, kind

00:04:50
of like in a beautiful mind with John Nash, where he can kind of

00:04:53
start to see the patterns and the numbers, I could actually

00:04:56
sort of see, like what was going on here with the, with the code

00:04:59
, and how things were working together.

00:05:00
So, because of, because of that experience, I enrolled in code

00:05:04
school.

00:05:04
I went to a school called the touring school of software and

00:05:06
design.

00:05:07
Um, and, yeah, my, my coding journey started there.

00:05:12
Flash forward now to about three years later Um, I actually

00:05:19
ended up leaving touring because of, again, I was still

00:05:22
just in a really bad mental place.

00:05:24
I actually was diagnosed with a really severe mental illness

00:05:26
later on.

00:05:27
So I had to take some time off and like, get better, as it were

00:05:30
.

00:05:30
Um, just take some time, get stabilized on medication and

00:05:33
whatnot.

00:05:33
I'm so grateful for Western medicine and I think, of course,

00:05:37
it has its limits, but it has saved my life 100%, like it was

00:05:42
a life threatening mental health issue and I am alive, so I will

00:05:46
take it for what it is.

00:05:47
Um, so I left touring.

00:05:50
However, I did continue to pursue um, coding.

00:05:54
I did continue to pursue the tech industry.

00:05:57
I took some time off, like I said to, to heal up and then, um

00:06:01
, this is really funny I joined the circus.

00:06:04
So, because?

00:06:06
So I joined?

00:06:07
Speaker 1: the literal circus literal circus.

00:06:10
Speaker 2: I joined, like a traveling trade show carnival

00:06:13
troop, um, and what I did there is I essentially sold trinkets

00:06:18
at trade shows.

00:06:18
Now, what the hell does this have to do with technology?

00:06:21
Well, I'll tell you right now.

00:06:22
When the pandemic hit, all the trade shows closed down and the

00:06:28
um mom and pop uh group that I was working for, that did all

00:06:32
this, did all this work.

00:06:33
I said, well, shoot, we need to transition our business to

00:06:39
online, otherwise we're not going to sell anything.

00:06:40
And my boss said to me he said, hey, I care like you do stuff

00:06:43
with computers, right, like you went to code school.

00:06:44
I was like, yeah, I mean I didn't finish, but I really want

00:06:47
to do it.

00:06:47
And he's like, can you build all our online stores?

00:06:50
And I said, well, hell, yeah, I'll totally build all our

00:06:53
e-commerce stores.

00:06:53
So I built all of our e-commerce stores.

00:06:56
I had no idea what the HI was doing.

00:06:58
Like it was very much trial by fire.

00:07:01
Um, I look back at my work now and I'm like, oh, oh, I mean

00:07:04
that looks okay.

00:07:05
Like it looks okay, it works, it's functional.

00:07:07
It's not the most like beautiful thing I've ever done

00:07:10
in my life, but it worked Right and that's what really got me in

00:07:13
the door.

00:07:13
So from there, um, I took essentially every and any

00:07:18
technology job I could find that was interesting to me.

00:07:21
That also like played on my skillsets.

00:07:23
So I've worked in e-commerce as a web developer.

00:07:26
I've worked as a software engineer for ed tech Um, I've

00:07:31
also worked as a teacher in ed tech.

00:07:33
Like, I created a coding bootcamp for full stack

00:07:35
JavaScript.

00:07:36
So as interesting as like learning full strap JS as I was

00:07:39
teaching it to other people.

00:07:40
Um, I've worked in developer relations for cybersecurity

00:07:43
companies, because I have that heavy performing and teaching

00:07:46
background from teaching music, um, and performing in opera and,

00:07:50
of course, marrying that with technical skills has worked

00:07:52
really well.

00:07:52
But I always, always, always, always, wanted to just go on the

00:07:56
engineering side of things.

00:07:57
So my, uh, current position now we're fast forwarding all the

00:08:02
way to now is as a application security engineer.

00:08:06
So, straight engineering with a company called resilient, which

00:08:10
is a for profit company that empowers and scales nonprofits.

00:08:14
What I'll say to that is that I was able to get this position

00:08:18
because I worked really hard, like at doing extra things at

00:08:25
every single job I did, to learn the engineering side of things.

00:08:29
Um, and I found my kind of like trick is that I can teach

00:08:35
someone else something that I will learn it.

00:08:38
So my entire career until now, I've been teaching other people

00:08:41
about technology and learning the technology as I'm doing it,

00:08:45
um.

00:08:45
So I've also like mentored people through code schools.

00:08:48
I've mentored people through hackathons Like I've done a lot.

00:08:51
I've done a lot of teaching and that is kind of like my

00:08:53
personal brain hack of how to teach myself engineering skills,

00:08:57
and so I just did that every single job I was at.

00:08:59
I did a lot of volunteering as well, um, and it all sort of

00:09:04
like kind of hit this tipping point where I was finally

00:09:10
prepared to take on a full engineering role, and that's

00:09:13
where I'm at now.

00:09:14
Now, what I'll say again is to the people that are new this

00:09:17
took me since 2018 and I didn't become like a full blown like

00:09:21
quote unquote like engineer until January of this year.

00:09:26
So it took me five years, um, from the beginning of enrolling

00:09:31
in code school, to like full blown security engineer.

00:09:34
So that's why I keep saying like, don't give up because it

00:09:38
can take some time.

00:09:39
Right, I took the scenic route, for sure, absolutely took the

00:09:43
scenic route, did a lot of uh, did a lot of tech adjacent roles

00:09:49
.

00:09:49
But if you want to be an engineer, like, just do whatever

00:09:54
job you're doing as best as you possibly can do it.

00:09:56
Um, let people know that you want to ultimately be an

00:10:00
engineer.

00:10:00
Um, apply for those roles, interview for those roles, help

00:10:03
other people reach their goals in engineering and you'll learn

00:10:06
a lot and I think it will work for you.

00:10:09
I mean, maybe it won't, but I'm pretty sure it will, so don't

00:10:13
come after me if it doesn't.

00:10:14
Speaker 1: I'm sorry, but yeah you know, I, I, I think the most

00:10:21
interesting part maybe for me that I didn't expect at all when

00:10:27
I started this podcast, was the extreme variety of backgrounds

00:10:33
that I would be talking with.

00:10:35
You know, with everyone, right, that everyone has it's um.

00:10:38
I mean, you're obviously the first one that came from the

00:10:41
circus, the literal circus.

00:10:43
Um, you're obviously, you know, the first opera singer I've

00:10:48
ever had on, probably the last.

00:10:50
I mean, that is probably the last thing that I would ever

00:10:55
guess for a security person to come from.

00:10:58
You know, and, um, it's extraordinarily interesting to

00:11:04
me the, the wide range of you know backgrounds that we have in

00:11:09
security and you talk about, um , you know, never giving up

00:11:15
right, and your journey was a little bit longer than than mine

00:11:19
actually probably double what mine was because it took me

00:11:23
about two and a half years and I even had it experience just to

00:11:26
break into security.

00:11:28
Um, and that's the important part, you know, when I'm

00:11:31
mentoring people and I'm talking to them about you know, my

00:11:36
journey into security, what it would take for them to get into

00:11:39
security, and you know things like that, as I'm sure you do as

00:11:42
well.

00:11:43
You know I try to even talk them out of it.

00:11:48
You know, because if I could talk you out of it over just a

00:11:51
conversation, you know, with some coffee or whatever, you're

00:11:54
probably not not cut out for it, because this field is extremely

00:11:57
difficult, it's extremely rewarding, you're always going

00:12:02
to be learning and if that isn't a fit for you, then it's just

00:12:04
not a fit for you.

00:12:05
You know, like, let's not try to fit a square into a triangle

00:12:08
hole, right, like it's not going to work.

00:12:10
But if my active persuasion of trying to get you to not commit

00:12:17
to it doesn't work, then this field is probably for you.

00:12:22
You know, like, if me telling you, you know, no, you're not,

00:12:27
you're not for this thing, you know it's not going to work

00:12:29
which, by the way, I would never , I would never tell anyone that

00:12:33
they're not for it, right, it would only be in an effort to

00:12:36
persuade them or dissuade them from doing it.

00:12:38
And if you come out of that and you say, hey, you know what,

00:12:41
like I'm still going to do this thing, it's like all right, like

00:12:45
my efforts worked.

00:12:46
Actually, let's do this, let's go down this road, do you also

00:12:50
approach it, you know, from from that same mentality, from that

00:12:55
same kind of effort, right, because of the difficult path

00:13:01
that you went down.

00:13:02
Do you also approach it that same way or do you approach it

00:13:05
differently?

00:13:06
Speaker 2: You know that's a good question.

00:13:07
Um, I was given that treatment actually in opera.

00:13:14
So in opera, like, there's a very pervasive sense of like, if

00:13:19
you can do anything else, do it , because opera is so freakin

00:13:23
hard.

00:13:23
Like you're on the road all the time, like you're hardly ever

00:13:26
with your friends and family, you have to live the life of a

00:13:29
nun or a monk.

00:13:30
Like you can't party, you can't drink, you can't smoke, you

00:13:33
can't have tattoos, you can't have dreadlocks, you know.

00:13:36
So I'm definitely in my rebellion phase right now.

00:13:40
Um, when someone comes to me and says I want to do security, I

00:13:46
don't necessarily give them like too much tough love, because

00:13:49
that was given to me in opera and like it definitely motivated

00:13:52
me, but it only pushed me so far.

00:13:53
And once I actually like did the thing, I was like okay, I

00:13:57
did it.

00:13:57
Like now, what?

00:13:58
Like I kind of lost a little bit of my joy for it, like

00:14:01
through that sort of messaging.

00:14:02
Um, not to say that that's the same for everybody, but that's

00:14:05
just kind of what happened to me .

00:14:06
Um, what I will say is are you prepared for a long, arduous

00:14:12
road?

00:14:13
Like, so it's kind of the same message, but a little bit more.

00:14:20
Um, not like I try to talk someone out of it, but I do try

00:14:23
to give them the facts that, like the industry right now is

00:14:27
not necessarily the most accepting the newcomers, it's

00:14:30
really difficult to get your first job in cyber.

00:14:32
Um, at least from my experience and from a lot of anecdotal

00:14:36
experience of other people too, I've never seen anyone just like

00:14:38
get a job in it outside of you know, maybe they call, they go

00:14:42
to college for it or whatever.

00:14:43
I've never seen that, um.

00:14:46
So I guess I just have to say, like, do you have grit?

00:14:49
Like do you have the ability to persevere when things are

00:14:52
really really difficult and are you lit up by solving really

00:14:58
hard problems and learning all the time?

00:15:00
So I guess, joe, it is kind of so much what you're saying I

00:15:03
just give each of them like a slightly different, a slightly

00:15:05
different messaging medium.

00:15:08
Speaker 1: Yeah, I would say it's.

00:15:09
It's very similar.

00:15:11
Um, you know, like for me, right, like I do it in just that

00:15:16
first conversation, right, you pass the first conversation is

00:15:20
like all right, let's get to business.

00:15:21
You know, let's, let's get to work.

00:15:23
You know, I'm not, I'm not spending eight weeks trying to

00:15:27
convince someone not to do it, like that's a waste of my time

00:15:29
at that point you know, they're like okay, dude, I'm still here,

00:15:34
Like you can stop trying to convince me.

00:15:35
Right, right, that would never work.

00:15:38
Speaker 2: Right.

00:15:40
Speaker 1: But, um, you know it, it's interesting, right,

00:15:43
Because it's it's so extremely difficult, you know, to get in,

00:15:48
to learn the skills, to get the experience.

00:15:50
And I feel like a lot of times, you know, nowadays, right,

00:15:55
people kind of want that overnight success almost.

00:15:58
And I think that even potentially going through a

00:16:01
bootcamp or getting a degree in it, you know earns you the right

00:16:05
at that, at that position, at that role in the industry and,

00:16:10
you know, maybe it earns you the role at a very low level

00:16:14
analyst position at the right company that's willing to teach

00:16:18
you it, that's willing to work with you on your soft skills.

00:16:21
And a lot of companies don't have that mentality.

00:16:25
I mean, I mean, like 99% of the companies do not have that

00:16:28
mentality.

00:16:29
You know you're going into security and you're you're kind

00:16:32
of.

00:16:32
You know you're kind of going to war.

00:16:34
You've been to war before.

00:16:36
You already know what it's like to earn the respect of someone

00:16:40
else in the room that you know doesn't know you has less

00:16:44
technical knowledge or capabilities than you.

00:16:46
You know you're able to make friends rather than continue.

00:16:50
You know potentially a 10 year disagreement between your

00:16:55
organization, this other organization that you you just

00:16:58
started at.

00:16:58
You don't even know that that exists right, but you're

00:17:00
breaking down, breaking down barriers, and it is challenging

00:17:05
and I always tell people, you know, to start and help desk

00:17:09
first, because help desk, you know you're going to get all the

00:17:13
issues.

00:17:13
More importantly, you're going to be working through all those

00:17:16
soft skills that you learn.

00:17:19
You know, because, like for myself, I started with help desk

00:17:22
right out of college and you know I can't even tell you the

00:17:27
amount of times, even just in one day, where I'd pick up the

00:17:30
phone and the other person on the other line is already pissed

00:17:34
off at me.

00:17:34
They're already having a bad day.

00:17:36
I mean, like they've been struggling with my product for

00:17:39
hours and they decided to just call me now.

00:17:42
You know, even like it's 4pm, like I'm about to leave in 30

00:17:46
minutes and it's like, oh my God , like now I'm, now I'm going to

00:17:50
be here.

00:17:52
Surprise yeah, you know, and I and I may have just gone through

00:17:57
a difficult day, you know I may have just gone through back to

00:17:59
back calls of you know, nothing but unhappy people.

00:18:03
And you know, now I have to grow through that right.

00:18:06
I have to.

00:18:07
I have to learn how to handle that, how to not give up, how to

00:18:11
keep going, when to hand it off , when to escalate it.

00:18:14
Those things, those things are expected in security right.

00:18:20
Is that also your mentality with it or your experience with

00:18:23
it?

00:18:24
Speaker 2: Yeah, I mean wow.

00:18:26
Honestly, the biggest surprise in working in my current role

00:18:32
which I'm so glad that I've prepared for and I have so much

00:18:35
more room to grow with is the soft skills.

00:18:38
Like just the communication can influence like influencing

00:18:43
people to do what you're doing, to do is no joke.

00:18:47
Like it is no joke knowing how to do the political game of like

00:18:51
who do I talk to to talk to this other person, to talk to

00:18:55
this other person to make sure this thing gets done.

00:18:57
It's not necessarily like Game of Thrones politics like no one

00:19:01
is like playing the Game of Thrones and you live or you die,

00:19:03
it's just security training right.

00:19:06
But it can feel like that a little bit, though, right, like

00:19:09
how do I?

00:19:10
How do I do?

00:19:10
How do I do what I need to do so that other people are

00:19:13
motivated to do what they need to do, so that we're all secure

00:19:15
here, and that is not easy.

00:19:18
What I'll say is that my biggest boon in that area has

00:19:25
been my teaching experience, because a lot of teaching

00:19:28
involves motivating other people to do things that they may not

00:19:31
necessarily want to do but that are going to get them to a

00:19:35
better place, right?

00:19:37
So, for example, one mistake I made was like I just like gave

00:19:41
security training to the engineers in my company.

00:19:43
I was like, hey, do this training.

00:19:44
And they were like cool, what's in it for me?

00:19:50
Like why do I have to do this?

00:19:51
Like forget you, lady.

00:19:54
And now I'm learning, like how to like essentially frame this

00:19:58
truthfully, because this is the truth, that this will help them

00:20:01
in their career.

00:20:02
It will help them in their getting promotions, getting

00:20:06
raises, becoming more respected by their peers.

00:20:10
But I can't just give them a security training and expect

00:20:14
them to like fill in all those amazing gaps.

00:20:16
I know that, but they don't know that, and if I tell them

00:20:20
that it means one thing, but if I can get their engineering

00:20:22
managers to tell them that that is an entirely different

00:20:25
ballgame, and if I can get the lead engineer excuse me, the

00:20:30
lead event, the head of engineering to tell the

00:20:31
engineering managers, to tell them that that's even better, so

00:20:35
the more I can stack this in a way that is like look, this is

00:20:38
beneficial not just for our company or organization in being

00:20:42
more secure.

00:20:43
You know, we have better CIS scores Woohoo, cool.

00:20:45
But we're positioned better in the market where we are more

00:20:51
attractive to customers, and it's better for the engineers

00:20:55
themselves to have these skills.

00:20:57
And that is something that I did not realize was going to have

00:21:02
to be done with so much finesse.

00:21:03
Right, and I'm learning.

00:21:06
I'm learning a lot.

00:21:07
Like that is a big area of like oh, I can't just like plop

00:21:11
something on someone's desk and expect them to be a excited to

00:21:13
do it Because, like, if someone did that to me, like I wouldn't

00:21:16
be, like I don't care, like cool , thanks to this extra work.

00:21:19
And B.

00:21:20
I can't expect people to just intrinsically know why this

00:21:23
benefits them.

00:21:23
I have to tell them.

00:21:26
Speaker 1: Yeah, that is.

00:21:28
You know.

00:21:28
You bring up a really good point of not being able to just,

00:21:31
you know, hand something over, plop it on their desk, so to

00:21:34
speak, and expect them to get it done and be okay with it, right

00:21:38
, you know?

00:21:40
It reminds me of a time when I worked for a credit bureau and

00:21:46
the security team that I was on had a very bad relationship like

00:21:50
extremely bad with the database admin team or database

00:21:55
engineering team and, like I set it out as my personal mission

00:22:00
because I was the lead on this team to you know, kind of mend

00:22:06
some broken pathways there.

00:22:08
And you know I spent probably a month, maybe two months, of

00:22:15
taking their team out to lunch, buying them drinks, you know,

00:22:19
stopping by their desk daily, seeing how they're doing maybe

00:22:22
not daily, weekly, definitely seeing how they're doing.

00:22:26
Before I ever asked them to do anything right, when I asked

00:22:30
them to do something it wasn't a get it done immediately.

00:22:35
I kind of need this.

00:22:36
You know, maybe within a couple of days, right, and it just got

00:22:40
plopped on my desk and so I need your expertise.

00:22:43
You know that sort of thing.

00:22:45
Speaker 2: Yeah.

00:22:47
Speaker 1: And it was interesting because a couple of

00:22:50
months down the line you know me and my team we were performing

00:22:53
an upgrade and we ran into an issue that was very specific to

00:22:56
the database.

00:22:57
It was something that, you know , none of us would have known to

00:23:02
how to resolve.

00:23:03
Right To them, it's a 30 second issue.

00:23:05
They know exactly how to do it, like this is just normal

00:23:09
everyday things for them.

00:23:11
For me it's not.

00:23:13
And whenever we're talking about a database, I get nervous

00:23:17
because I've dropped too many databases in my lifetime and I

00:23:20
know what that's like.

00:23:24
And you know my team had someone from my team had called them

00:23:27
basically into our conference call.

00:23:28
It was trying to get them to help and they were very

00:23:33
standoffish, very against it and whatnot, and I was just busy at

00:23:36
the time, right.

00:23:36
But when I heard that they were , you know, being very difficult

00:23:40
to work with, I chimed in and I said, hey, you know, this is

00:23:44
Joe.

00:23:44
You know we need your help.

00:23:45
We called you because we don't have this expertise, we don't

00:23:48
know what we're doing and we just simply, you know, need your

00:23:51
help.

00:23:52
And the whole conversation changed as soon as I chimed in,

00:23:54
as soon as I was present.

00:23:56
They knew I was there, they knew that I had exhausted all of

00:24:00
my resources, that, like, I wasn't even Googling the right

00:24:05
things, right, like it was at that level, yeah, and they were

00:24:10
much more willing to help me Once I put in that work though

00:24:15
of the previous months.

00:24:16
I was, like I'm not going to give up that work though of the

00:24:18
previous months of stopping by again to know these guys, taking

00:24:21
them out to lunch, learning what their favorite beer is

00:24:25
right, buying them a six pack of it over the weekend and, you

00:24:27
know, bringing it to them on Monday.

00:24:30
You know, like that sort of stuff, right, and this is all

00:24:33
coming out of my own pocket, like I'm not using it on a

00:24:35
company card or anything like that, like I'm putting in

00:24:38
genuine work here.

00:24:39
Speaker 2: Yeah, yeah, I mean, the more you can build, the more

00:24:45
relationships, the better.

00:24:47
I'm so glad that you just told that anecdote because like I

00:24:51
feel like that's above and beyond, like I haven't even

00:24:54
thought about like, oh, like, what's someone's favorite XYZ

00:24:55
thing?

00:24:56
Like maybe we can like get it for them or whatever.

00:24:59
I love that.

00:25:00
It's almost like what I'll say is this when working with

00:25:03
internal stakeholders to be like corporate about it internal

00:25:07
stakeholders a good way to think of it is that you are doing

00:25:11
customer service.

00:25:12
Internal stakeholders are your customers, right?

00:25:15
And when you do white glove customer service, that's when

00:25:21
really magical things start to happen.

00:25:23
And then I think this for me personally, the second I start

00:25:27
to think of my internal colleagues or internal

00:25:29
stakeholders is not customers, but just like coworkers.

00:25:32
Where we all have to do this thing is when it loses a lot of

00:25:36
the magic right.

00:25:36
It loses a lot of the spark.

00:25:37
One thing that I found this is actually a cool lesson my father

00:25:42
taught me.

00:25:42
My dad worked in oil and gas and then he worked in insurance

00:25:46
sales for like a really long time and he did really well for

00:25:48
himself.

00:25:48
And one thing he always did for people is, he said, do the

00:25:53
extra work.

00:25:54
That's like the paperwork for them so they don't have to do it

00:25:57
, and that will go a long way.

00:25:58
So, for example, like when I gave out my secure coding

00:26:02
training recently to the engineering managers, I like

00:26:04
made them all tracking sheets.

00:26:06
I was like, hey, like you know, we can't.

00:26:07
We, I looked into if we can do this through a particular piece

00:26:10
of software.

00:26:10
We have to track who's doing it .

00:26:12
We can't, so here's like a sheet for it's.

00:26:15
I just made it for you.

00:26:16
It's like did this person do it , yes or no?

00:26:18
The end and they were like, wow , this is really great.

00:26:20
Now I don't have to go make this sheet.

00:26:22
And like figure out a way to track this.

00:26:24
And it's like off their mind.

00:26:25
If you can do little stuff like that, I guess that's my

00:26:28
equivalent of like buying someone a six pack of beers.

00:26:30
Like please, let me help you make your job a little bit

00:26:33
easier.

00:26:33
And, yeah, like the more personable you can be, the

00:26:38
better.

00:26:38
The best person I have ever seen in the security space, the best

00:26:43
person.

00:26:43
I'm going to give her a major shout out.

00:26:44
Her name is Tanya Janka.

00:26:45
She was my former boss at Bright Security.

00:26:48
Her people skills are ridiculously good.

00:26:52
They are exceptional.

00:26:53
She is so good with people and she's so effective at her job

00:27:00
and I think part of like I mean, she just that's, that's her

00:27:03
special trick, right.

00:27:03
She's just so dang good with people and people want to do the

00:27:07
thing for Tanya.

00:27:08
They want to do it for her because she's so fucking great.

00:27:10
Pardon, my friend, it's true and I that was really inspiring

00:27:14
to me too, like just to see her, like just how good she is with

00:27:17
people and I mean that's, that's all this is.

00:27:20
It's just we're just engineers in the people business, right.

00:27:23
Like that's all that's all this boils down to, yeah.

00:27:28
Speaker 1: I think that's actually really important.

00:27:31
What you said you know offering like a white glove treatment,

00:27:34
because I think a lot of times when you're an internal, you're

00:27:38
an internal employee just dealing with internal customers.

00:27:42
Right, you think of white glove treatment typically with, like,

00:27:46
a CEO, cio.

00:27:48
You know the executive suite.

00:27:49
Yeah, rarely do you start thinking about white glove

00:27:53
treatment with internal stakeholders that you know

00:27:58
assist you to keep your product running.

00:28:00
Yeah, right, and that's kind of the the important distinction

00:28:04
to make, right, security is very different.

00:28:07
Where security people, they typically know exactly what's

00:28:12
going on with their system at any one point in time.

00:28:14
They're they're very good at understanding.

00:28:16
Let's just say, you know Windows Server 2016,.

00:28:19
Understanding the ins and outs, what a DLL should be doing,

00:28:23
what it shouldn't be doing, things like that.

00:28:25
They'll probably even know how to deploy a database, how to set

00:28:28
up the database.

00:28:29
You know maybe even read the database logs, right, it's a

00:28:33
totally different ball game when we start looking at database

00:28:36
logs, determining what is wrong and then figuring out the

00:28:40
command on the database that resolves it without destroying

00:28:43
the database.

00:28:44
That's a very different skill that takes database engineers

00:28:48
years of experience to develop, and so it's important for us to

00:28:54
understand where our limitations are and making those

00:28:58
relationships right where, where we need them to be.

00:29:02
You know, like I had to make a relationship with the database

00:29:04
team.

00:29:04
Thankfully it paid off, you know.

00:29:06
But I've had to make relationships with systems teams

00:29:09
, infrastructure teams, networking teams.

00:29:12
Because, you know, maybe I'm doing a different project.

00:29:14
You know like currently at my current workplace, I'm doing a

00:29:18
cloud WAF deployment.

00:29:19
Right, I've never done a cloud WAF before.

00:29:22
I've deployed other technologies that are similar to

00:29:24
it.

00:29:24
I assume it'll be, you know, roughly the same difficulty

00:29:28
level as a proxy or whatnot.

00:29:30
Right, but I still need the networking team input.

00:29:32
I need their help because I don't know, you know, are we

00:29:36
doing, I don't know, bgp or some other protocol between this

00:29:40
endpoint and that endpoint?

00:29:41
Do we need to intercept to the different way?

00:29:43
I mean, there's a million things that I don't know right,

00:29:47
right, and I'm not a network security person to save my life,

00:29:50
right, like we can start talking about, you know,

00:29:53
encryption and stuff, but like that's kind of where it cuts off

00:29:55
.

00:29:56
And so it's important to identify who you know, not in a

00:30:04
disingenuine way, but who you need to befriend and who you

00:30:08
need to kind of give that enhanced treatment to early on

00:30:12
for you to be successful in the role.

00:30:14
Speaker 2: Yeah, absolutely.

00:30:15
And like I know, if I ever go to a different company and do

00:30:20
the same kind of job again, that'll be my first priority,

00:30:22
Like now that I know that right, like and I guess that's

00:30:26
something else that I would say to all of our listeners is, like

00:30:28
, if you are also like wondering , like how do I get into this

00:30:31
career?

00:30:32
What's a good skill to develop?

00:30:33
Like I know how to hack everything, I know everything

00:30:35
about SQL injection.

00:30:36
Like why don't I have a job?

00:30:37
Um, maybe practicing that kind of like white glove treatment

00:30:43
with maybe the people you're interviewing with, like one

00:30:46
thing that is really good to do is like go look at their

00:30:48
LinkedIn and like learn about them and be like hey, like I saw

00:30:51
you, I saw you volunteer at such and such, blah, blah, blah.

00:30:54
Like my uncle volunteers at whatever it is right.

00:30:56
Like find commonalities, like learn how to make friends and

00:31:00
build those relationships with people in your networking excuse

00:31:03
me, in your network that already exists, and then you can

00:31:05
take those skills into your new job and that's definitely

00:31:09
something that I am really looking forward to like doing

00:31:14
again, getting better at and you're so right, joe.

00:31:17
Like when I first started, I was like oh my God, I need to know

00:31:21
everything.

00:31:21
Like how am I possibly going to do this job?

00:31:23
Like I'm going to need to be like a programming wizard and

00:31:26
like a network engineer wizard and like know everything about

00:31:30
every single help desk ticket.

00:31:31
Like I was like there's no freaking way, like I don't know

00:31:35
that I can do this job, and like you just pointed to.

00:31:37
What I realized quickly is my job is not to do everyone else's

00:31:42
job.

00:31:42
My job is to empower people to do their job in a secure manner.

00:31:48
That's it.

00:31:48
That's all my job is to do.

00:31:50
And I need to know about the security.

00:31:52
I need to read the security books.

00:31:53
I need to do the security courses.

00:31:55
I need to futz with the DAS tool that's giving me a headache

00:31:59
and having me tear my hair out.

00:32:00
That's my job, right.

00:32:04
I need to go through the particular pain points that I go

00:32:07
through and let other people do their job, to not try to not

00:32:10
try to overstep my bounds.

00:32:12
At the end of the day, the big theme is stay in my lane Right.

00:32:15
Speaker 1: Yeah.

00:32:16
Speaker 2: Yeah.

00:32:17
Speaker 1: It's a good point to kind of, I guess, shift gears a

00:32:21
little bit.

00:32:22
But, you know, maybe maybe some of the most difficult people

00:32:29
that I have encountered to get to do something, really anything

00:32:33
, is developers.

00:32:34
And it wasn't until a recent role, where we actually had an

00:32:39
app sec team that handled all of that stuff, that I saw what

00:32:45
success was like from that perspective.

00:32:48
The reason why they were so successful is because they were

00:32:52
all this is a team of all like previous developers, they all

00:32:58
knew how to develop an application, how to write code.

00:33:01
You know, inside and out, they spoke more coding languages

00:33:04
fluently than they spoke English even.

00:33:06
I mean, like you know, I'm saying like their skill level

00:33:10
was extremely high with coding in ways that I'll never achieve.

00:33:15
And so there was a skill gap slash, like communication gap,

00:33:21
that I had with developers that I just couldn't fill, you know,

00:33:25
because I didn't.

00:33:26
I mean I didn't know like, if you put some Python in front of

00:33:29
me and said it did this, I couldn't really challenge you on

00:33:32
it.

00:33:32
I mean I couldn't say yes or no .

00:33:35
It'd be like, okay, yeah, that's what it does.

00:33:37
You know, these guys were able to, you know, step into the

00:33:44
situation and not only describe the code of exactly what they

00:33:49
wanted, you know the developer to write, but they were able to

00:33:55
properly explain the security implications of doing it that

00:33:59
way.

00:33:59
Yeah, and having that bridge is I mean it's, it's absolutely

00:34:06
required, especially nowadays, right, because we're not only

00:34:11
developing more things faster than we ever have before, but

00:34:15
we're putting them up into the cloud, and in the cloud, you're

00:34:18
typically separating everything out right, which is a totally

00:34:21
different way of developing something on prem legacy way

00:34:25
that you know was was normal when you and I started in it

00:34:31
right, of developing it all in one stack on one server.

00:34:33
Maybe you have a database server that's separate, but you

00:34:37
know it's all together right, in the cloud.

00:34:39
It's all separate and it's completely different, and so

00:34:43
it's.

00:34:43
It's so extremely important, you know, if you're going to go

00:34:46
down the app sec route, to honestly, in my opinion, be a

00:34:50
developer first right is that?

00:34:53
is that what you've run into as well, you know, in terms of your

00:34:58
developer skill set really paying dividends, in terms of

00:35:03
how you engage with other developers, how you get them to

00:35:07
do things that you know they would normally push back on a

00:35:10
lot?

00:35:11
Are you able to answer questions more effectively?

00:35:14
I guess I'm asking too many questions right now All at once,

00:35:19
right, because I'm kind of, I'm kind of fascinated, though, you

00:35:22
know, like these guys, you know that I encountered.

00:35:25
They were I mean, they were the smartest people I've ever met

00:35:29
in security, and that's really saying something.

00:35:31
Speaker 2: Right, yeah, no, security is full of really smart

00:35:32
people.

00:35:33
That is so interesting and I want our listeners to understand

00:35:40
that this is a matter of opinion.

00:35:42
If you do not fall into a particular background, it does

00:35:47
not mean you're doomed and you can't do this job.

00:35:50
Like like Joe said earlier, people come to this job from all

00:35:54
kinds of backgrounds.

00:35:54
Right, I have not had a ton of development experience.

00:36:00
A lot of my experience has been in more like teaching, like so,

00:36:04
teaching tools and things like that.

00:36:07
I can read code really well.

00:36:09
I can write code okay.

00:36:10
I would not say that my sweet spot is in writing applications.

00:36:18
I can code, I can write software and like I, my personal

00:36:28
, like genius, is being able to explain why something matters in

00:36:35
a security mindset.

00:36:36
So, for example, like you were talking about, like your

00:36:38
developers, like they could like refactor a piece of code, let's

00:36:41
say they could be like you know you should try it this way and

00:36:43
it'll run it.

00:36:43
You know X times better with.

00:36:46
You know X memory.

00:36:47
You know just, it'll be better, it'll be more performant, it'll

00:36:51
be, you know, easier to read, whatever it is right.

00:36:53
So I can do that, but I can also.

00:36:56
What I can really do is explain why this matters for security,

00:36:59
for example, like, well, if we refactor this code, then we're

00:37:02
going to have less of what's called an attack surface, and an

00:37:05
attack surface is blah, blah, blah, blah, blah, blah, blah,

00:37:07
blah, blah, blah, blah.

00:37:07
And then I will explain these security concepts so that people

00:37:10
can then be like, oh, not only am I getting rid of technical

00:37:13
data and refactoring whatever, but because it just will make my

00:37:15
code more performant, it'll make my code more easy to read,

00:37:18
it'll, you know, lead to some like resiliency in the code base

00:37:22
.

00:37:22
But also there's now this security thing called attack

00:37:27
surface that I can also now be mindful of, and I'll be able to

00:37:29
explain what that means to them really, really well.

00:37:33
So, like I said, I've learned that I need to stay in my lane.

00:37:37
I can't come into a developer space and be like, oh, I know

00:37:39
how to write this better than you, because for stuff I haven't

00:37:42
been working in their code base for as long as they have, like

00:37:45
I can't write it better than them.

00:37:46
I'm not like a freaking wizard, like I'm not a genius I know

00:37:49
there's coding geniuses out there, but I'm not one of them.

00:37:52
But I can give them extra tools in their tool belt to make sure

00:37:56
that what they are doing is being done in a secure manner.

00:37:58
So that's kind of my zone of genius, as it were.

00:38:01
So I definitely want to say, like you know, like does it help

00:38:05
to be an amazing developer?

00:38:06
Hell yeah, like I wish I was a better developer a lot like.

00:38:10
I'm constantly learning, I'm constantly like taking classes,

00:38:14
I'm constantly trying to write my own stuff, like with varying

00:38:18
degrees of success.

00:38:19
One thing I want to do, as well as like start contributing to

00:38:22
like open source, so that I can like have a little bit more of

00:38:24
like a regular practice, and like it's also more important,

00:38:29
at least for me in my viewpoint, to learn about the security

00:38:33
implications of like things like secure code review, things like

00:38:39
DAS tools, things like SAS tools, things like oh gosh, what

00:38:43
else Like doing like audits of all of our particular pieces of

00:38:49
software that we're using?

00:38:50
Like how can we do third party integrations in a secure manner?

00:38:53
Like there's so much more aside from just writing code that

00:38:57
goes in the app stack that I was completely unaware before I

00:39:00
started doing this job, and the things that would differentiate

00:39:04
me are those particular things Like it's not, like oh, I'm

00:39:09
going to be a better coder than you are.

00:39:11
It's, oh, I'm going to have a more security oriented mindset

00:39:15
than you are, that I can teach you so that you can be a better

00:39:18
coder.

00:39:21
And what I'll say again to all your listeners is, like

00:39:23
everyone's different, like that may not be your approach, that

00:39:26
might not be your zone of genius .

00:39:27
Maybe your zone of genius as you are an extremely proficient

00:39:30
coder and you can do like you just know about security headers

00:39:36
and you always do the right thing with input, validation and

00:39:38
that's just like in your second nature and that's like what you

00:39:42
can do.

00:39:42
But maybe you're coming to it much from like a programmer

00:39:45
mindset first and a security mindset second.

00:39:47
I come to it from a security mindset first and a programmer

00:39:50
mindset second.

00:39:51
Have I had success?

00:39:52
Yeah, do I know any different?

00:39:55
Could I be more successful if I was another way?

00:39:57
Maybe, but I don't know.

00:39:58
I just I'm only me and that's my limited viewpoint of it.

00:40:02
Speaker 1: So, yeah, yeah, I think you bring up a really good

00:40:08
point of knowing your skillset, knowing your strengths and then

00:40:13
really learning how to lean on other resources to make up the

00:40:19
difference, right, and I think that that is something as new

00:40:24
people are coming into the field , they have to kind of learn and

00:40:28
understand that you're not going to be an expert in

00:40:32
developing an application and go laying than a developer, right,

00:40:37
like you don't need to be that.

00:40:38
You need to understand the code , you need to understand what

00:40:42
you're looking at.

00:40:42
You can maybe even write some right, but you're not supposed

00:40:48
to be the expert in that.

00:40:50
You're supposed to be the expert in how to secure whatever

00:40:52
that is in that code.

00:40:53
You know, and it's an important distinction because I think as

00:40:57
security professionals, we're a little bit more curious than

00:41:00
other people.

00:41:00
We're a little bit more even self-conscious in ways, right,

00:41:05
of knowledge, of skillset, of imposter syndrome, right, and

00:41:13
it's important to know where those boundaries are.

00:41:15
You know, for yourself and even for your team when you become

00:41:18
more senior and directing them through this process as well.

00:41:22
You know, have you encountered very much imposter syndrome?

00:41:28
And I ask because your background is an opera singer,

00:41:31
right, so I would imagine me personally, I mean, I would

00:41:35
definitely be struggling with imposter syndrome on a daily

00:41:39
basis.

00:41:39
You know, if I was an opera singer, which I do not have the

00:41:42
voice for, I don't have the skillset for, my wife is a

00:41:45
violinist and, like she's the talented one in the family, you

00:41:50
know, oh, that's so cool.

00:41:51
Speaker 2: Yeah, oh, wow.

00:41:54
Imposter syndrome there is a lot to say about that, wow, and

00:42:02
we only have like 10 minutes.

00:42:04
Speaker 1: Should we have a part two for imposter syndrome?

00:42:07
Speaker 2: I have thoughts, man.

00:42:08
I have some serious thoughts.

00:42:10
I'm going to say it this way Imposter syndrome is twofold,

00:42:15
fold number one true imposter syndrome.

00:42:17
Actually threefold, sorry, threefold, whoa, true imposter

00:42:21
syndrome, which is a feeling of deficiency or not being good

00:42:25
enough or feeling lesser than I think that is a psychological

00:42:29
thing, that is part of the human condition.

00:42:33
I think everybody has it in some area in their life and if

00:42:37
they say they don't, they're lying to you.

00:42:41
And if it shows up in your professional life, that's just

00:42:43
where it shows up and that's what we call imposter syndrome.

00:42:46
Do I deal with that?

00:42:47
Yes, do things to mitigate that ?

00:42:50
Absolutely yes.

00:42:52
Like, I seek help dealing with that through many different

00:42:56
channels and avenues.

00:42:57
Otherwise it will completely cripple me and it's not good.

00:43:00
So if you're feeling like, genuinely like I'm lesser than

00:43:05
I'm not worthy, I'm not good enough, like honestly, the best

00:43:10
thing I can say to counteract that is like talk to a mental

00:43:13
health professional, talk to a trusted friend, take psilocybin

00:43:18
mushrooms and have an experience about it.

00:43:20
Like you know.

00:43:21
Like do what you need to do to like really take care of

00:43:24
yourself and realize that you are in fact worthy and have

00:43:27
inherent value.

00:43:27
That is very important, not only for a job but for just a

00:43:30
good quality of life.

00:43:31
Right, the second thing I'll say of the trifecta is genuine

00:43:39
imposter.

00:43:39
Like maybe you just don't have the skills Right, like maybe

00:43:44
you're in a job and the skills required of you you just don't

00:43:47
have.

00:43:48
I love that section of imposter syndrome because that's easy.

00:43:51
You just go get the skills, you just go get the training.

00:43:54
For example, at one of my jobs I was a developer relations for a

00:43:58
company called Fusion Auth man.

00:44:00
That job was way over my skill set.

00:44:02
Whoa, holy moly.

00:44:04
I was like not up to par for that job and I had to teach the

00:44:08
shit out of myself how to do a lot of that job.

00:44:11
And I learned a lot.

00:44:15
Like holy crap, I learned a lot .

00:44:17
And so if you're internal like clock or your internal compass

00:44:21
is like hey, like you may not really be up to this task

00:44:24
because you don't, you have a big skills gap.

00:44:26
Listen to that and close the skills gap.

00:44:29
It's okay, like it's okay to not know.

00:44:30
That's why you're in this job.

00:44:32
I think in tech, everybody also has imposter syndrome because

00:44:34
there's a huge skill gap.

00:44:36
There's always something new that you need to be learning and

00:44:39
applying just as soon as you learn it in order to do your job

00:44:42
.

00:44:42
So I think that's also why we talk about imposter syndrome a

00:44:45
lot in tech is because, yeah, like true to fact, we're all

00:44:47
kind of imposters because we just don't know what we need to

00:44:50
know ever right, and then we know it and then the next

00:44:53
problem comes.

00:44:53
That's why we get paid the big bucks is because we're solving

00:44:56
problems that no one has ever solved before.

00:44:57
So, yeah, that's going to lead to some psychological like oh

00:45:00
shit, like maybe I don't know what I need to know.

00:45:03
The problem then is when that goes into the psychological side

00:45:06
of like I'm not good enough.

00:45:08
It doesn't mean you're not good enough, doesn't mean you're

00:45:10
less worthy, it just means you don't know the thing and you can

00:45:13
go learn the thing because that's in your capability to do.

00:45:15
If you were in this field, you have that capability.

00:45:19
It's proven.

00:45:20
You can do it.

00:45:21
You can do it.

00:45:22
I promise you can do it.

00:45:23
The third section of imposter syndrome is living inside of a

00:45:29
flawed system that is genuinely not designed for you.

00:45:34
This is especially true if you're a minority group in

00:45:37
technology, if you're a woman, bipoc, lgbtq, maybe you have a

00:45:42
disability, maybe you are neurodivergent the world is not

00:45:47
necessarily designed for that and you can be operating in this

00:45:50
world that is not designed for you and that can lead to a lot

00:45:54
of feelings of inferiority and you have to realize no, I'm just

00:45:58
working inside of a flawed system.

00:45:59
A lot of people did the very best they could to create this

00:46:04
very flawed system and a lot of people are doing not the best

00:46:08
they can and they're actually making it worse.

00:46:09
And that's just a part of life, right.

00:46:12
Learning how to maneuver in a jacked up system and changing it

00:46:17
where you can and accepting where you can, like that whole

00:46:20
serenity prayer, right, god, grant me the ability to change

00:46:24
the things I can and accept the things I can't change.

00:46:26
That is almost like a spiritual practice of work or spiritual

00:46:31
practice of life.

00:46:32
Right, it's like learning to accept that you may have these

00:46:36
feelings because you're working in a system that is probably not

00:46:39
designed for you, even if you are one of the people it's

00:46:42
designed for.

00:46:43
Everyone is different, everyone has tough times in their life,

00:46:45
and it's just.

00:46:47
Life is hard right.

00:46:48
So that's what I'll say.

00:46:50
That's the three pronged view of imposter syndrome.

00:46:53
I could go very deep into all those three topics where we

00:46:56
don't have enough time.

00:46:58
Speaker 1: Of course you bring up.

00:47:01
I think a lot of it has to do with mental health as well as,

00:47:09
like you said, identifying that the environment isn't

00:47:11
necessarily made for you.

00:47:14
It's more about you figuring out how to potentially be

00:47:20
yourself and be successful in this environment.

00:47:23
That's not an easy thing to do for anyone and I've talked about

00:47:30
it before on this podcast.

00:47:33
I haven't talked about it too recently, I guess, but mental

00:47:37
health is extremely important.

00:47:39
This past weekend I went and did a float session at float 60.

00:47:44
It was fantastic.

00:47:47
I have one of my personal goals for the year is to actually do

00:47:50
it between six and 12 times.

00:47:51
I'm a little bit behind, so I got to rank it up, start going

00:47:56
with that a little bit more.

00:47:59
But working out regularly, right, going for walks, getting

00:48:02
away from your computer, kind of detaching, all of those things

00:48:08
they help and they kind of stack on each other over time, right,

00:48:11
like.

00:48:12
So you start feeling better and better and I guess the

00:48:18
unfortunate side effect of that right At least for me with my

00:48:22
mentality is like it'll build up .

00:48:24
It's like, oh okay, I can stop for a while, right, and so I

00:48:27
stopped for a while, and then I stopped for too long and then

00:48:30
these issues kind of like reemerge and it's like, oh wait,

00:48:33
I need to go for walks again.

00:48:35
Oh wait, I need to go work out.

00:48:38
I haven't worked out in a while .

00:48:39
For me, it's those hard for me.

00:48:43
It has to be like a really difficult workout, right?

00:48:48
It has to be something that I'm starting to question why am I

00:48:51
still moving?

00:48:51
That's when I get the most benefit from it.

00:48:57
And as security professionals, it's easy for us to get caught

00:49:01
up in a world of you have to know everything, you have to

00:49:06
know everything, you have to be better, you have to be

00:49:09
continuously growing and whatnot , and that'll wear on you for

00:49:12
sure.

00:49:12
And it's extremely important for you to be mindful of your

00:49:17
mental health and work on it.

00:49:20
Right.

00:49:21
And I think even a part of that is like what you mentioned with

00:49:25
the serenity prayer, right?

00:49:27
Just understanding your sphere of control.

00:49:34
What do you have direct control over?

00:49:36
What do you have no control over?

00:49:38
And only focus on the things that you have control over,

00:49:42
because it's not fair to yourself to be focused on things

00:49:45
that you can't control, because what are you supposed to do in

00:49:48
that situation?

00:49:49
For me, I'm very solution oriented, right?

00:49:51
So when my wife presents me with a problem, like, well, when

00:49:57
I present you with a solution, don't be thrown off by it.

00:50:00
Or when I'm knocked down so many times, it's like, okay, you

00:50:04
tell me how to solve this, because that's just how my mind

00:50:07
is right.

00:50:07
I'm very solution oriented and I think a lot of us in security

00:50:12
are.

00:50:12
So, it's just yeah.

00:50:17
Speaker 2: That's why they pay us the big bucks or the $80, I

00:50:20
mean whatever.

00:50:23
Speaker 1: Yeah, you bring up another good point.

00:50:25
I have a friend that I made this friend early on in my

00:50:31
security career, thankfully, and he told me that you know, we

00:50:36
earn our paycheck maybe at the very most two or three times a

00:50:41
year.

00:50:41
I mean at the absolute most.

00:50:43
Right, I said well, what do you mean?

00:50:45
Like I go to work every single day, I'm working hard, he goes.

00:50:48
No, you earn your paycheck because we're paid way more than

00:50:55
what other people in IT are.

00:50:57
Typically, you earn it when everything's going wrong, when

00:51:03
your system's guy has no clue of what's going on with the server

00:51:06
, when the networking guy has no clue of what's going on, when

00:51:09
the database guy doesn't understand the logs that he is

00:51:13
reading.

00:51:13
You're the type of person that has to be able to come in and

00:51:18
sort out the chaos, direct the team, develop a plan of action

00:51:24
and move forward and resolve that issue, because your company

00:51:27
is more than likely losing money every single minute that

00:51:30
that issue goes on, and so that's how we actually earn our

00:51:33
paycheck, and that's very true.

00:51:39
You earn it when everyone else is in disarray.

00:51:42
There has to be some major issues going on, and hopefully

00:51:47
that doesn't happen three times in a year, because people are

00:51:49
probably losing their job if it happens three times in a year,

00:51:51
yeah, Ew Right, oh, shoot.

00:52:00
Speaker 2: No, that's true, joe, and one thing I'm really

00:52:05
grateful for that I found cybersecurity in my career path

00:52:09
is that that was also my sweet spot when I worked in opera.

00:52:14
Like I was the person people would call if a soprano got

00:52:17
really sick at the last second and they needed someone to come

00:52:20
and fill in in two hours.

00:52:22
Right, I was literally known as the last minute queen.

00:52:26
Like if people needed a sub.

00:52:28
Like right, effing now for really hard music on like Holy

00:52:33
Week or something, when there's like thousands of people,

00:52:36
whatever, right, like that was me and I love that shit.

00:52:42
Like I love that experience.

00:52:45
And like you also pointed to earlier, I think that mental

00:52:49
health is really important and you have to be consistently

00:52:52
doing things that bolster your resilience.

00:52:57
And this is a gross overgeneralization.

00:53:00
I could be totally wrong, but I don't think I am.

00:53:02
I think people that work in security love adrenaline.

00:53:05
I think they are like adrenaline junkies.

00:53:08
Right, like there's something about security.

00:53:11
People that like we just love that edge.

00:53:13
right, we're like yeah, like I'm going to dye my hair purple and

00:53:15
put it in dreadlocks and like F society and I would like learn

00:53:18
how to hack and I'm going to know all the things.

00:53:20
And when shit goes down, I'm the one that's like, yeah, I can

00:53:24
fix it.

00:53:24
Like we love that adrenaline rush right, and if we aren't

00:53:27
careful, that will overtake us, especially in my case I'm not 20

00:53:32
years old anymore.

00:53:33
Like my body is like you better take care of me or I'm not

00:53:37
going to take care of you because your lifestyle is a

00:53:39
little extreme, like you're a little bit of an extreme person.

00:53:42
So, yeah, I think that you're right, we do earn our paycheck

00:53:47
in that we can, like essentially make sure the entire company

00:53:50
doesn't implode, which is good.

00:53:53
So, like a lot of people rely on us for their livelihood, right,

00:53:57
they rely on us for the company's reputation, for the

00:54:03
data you know the whole CIA triangle like this

00:54:06
confidentiality, integrity, availability of customers, data

00:54:09
like these are big responsibilities.

00:54:11
They are like they wait and they can weigh heavy if you

00:54:13
think too much about it and if you don't take care of yourself.

00:54:16
Like you got to take care of yourself.

00:54:18
Otherwise, it's like this will just get in your head.

00:54:20
Man, like I had my first existential crisis about working

00:54:24
in security a few months ago where I was like, oh my God,

00:54:26
like if I mess up my job, like so many people are going to be

00:54:31
affected in a non-trivial manner , and I talked to a friend of

00:54:36
mine who's a CISO and they were like yep, did you work out today

00:54:41
?

00:54:43
You know, like that was kind of their response.

00:54:45
I was like no, I'm going to go to the gym and pick up something

00:54:47
really heavy and like not think about it.

00:54:49
But yeah, and it's good that we want to learn all the things,

00:54:53
because we have to have that kind of drive, we have to be the

00:54:55
kind of person that does have our tendrils and a little bit of

00:54:58
everything right, like that has our my silly old network

00:55:01
throughout the entire company.

00:55:02
We're constantly getting information and putting

00:55:04
information out and like we have to be that type of a

00:55:06
temperament, like there is a temperament and that's I'm so

00:55:09
glad I found cyber, because I'm like, yes, my people, my people,

00:55:12
I try, but yeah, if you don't take care of yourself, man, like

00:55:16
forget it, yeah.

00:55:18
Speaker 1: So yeah, absolutely Well, kara, you know we're at

00:55:23
time, unfortunately, so I'll definitely just have to have you

00:55:27
back on it.

00:55:28
We'll talk more about, you know , mental health and imposter

00:55:31
syndrome and all that good stuff .

00:55:33
But before I let you go, how about you tell my audience, you

00:55:36
know where they could find you if they wanted to reach out to

00:55:38
you?

00:55:39
Maybe you know the company if there's a website?

00:55:42
I know you're on the security weekly podcast now for

00:55:45
application security weekly.

00:55:46
So if you just want to, you know, say where they can find

00:55:50
you.

00:55:50
That'd be great.

00:55:51
Speaker 2: Yeah, so you can find me.

00:55:53
A good way to get in touch with me is just to email me.

00:55:56
You can find me at the T-H-E Akirati A-K-I-R-A-T-I.

00:56:03
It's like the Illuminati, but the Akirati, you know.

00:56:06
So that's an email address I use just for correspondence with

00:56:11
you know people that hear me on podcasts and want to ask

00:56:13
questions and whatnot.

00:56:14
I'll do my best to reply.

00:56:15
Sometimes I get swamped and it's just like you gotta just

00:56:19
kind of catch me on LinkedIn.

00:56:20
Linkedin is another good place to follow me.

00:56:24
I like to write a lot of like long form posts on cybersecurity

00:56:27
and also just life and philosophy and music and stuff

00:56:29
like that.

00:56:30
And lastly, I do have a website .

00:56:33
It's akirabrandcom.

00:56:35
It is very in need of a revamp, so a lot of the information is

00:56:40
kind of old.

00:56:40
But every time I go on a podcast I'm like man, I really

00:56:43
need to update my website.

00:56:44
So check it out.

00:56:45
By the time you're listening to this, I may have gotten around

00:56:48
to it, which is very exciting.

00:56:49
So, yeah, and also, I guess, sorry.

00:56:51
One last thing you can find me on application security weekly.

00:56:54
I don't host every week, but I host about once or twice a month

00:56:56
and you can hear just my hot takes on all things cyber.

00:57:00
I'm I podcast with the gods, right.

00:57:03
Like the people that I do the podcast with have been in the

00:57:06
industry for like a bazillion leaders and they're so

00:57:08
knowledgeable so I'm the person that's like hey, like explain to

00:57:12
your less ha ha ha.

00:57:13
So you can kind of.

00:57:13
If you're a beginner, it's really good for you to listen to

00:57:16
this podcast because I'm also coming to it from beginner mind,

00:57:19
right, so you'll get a lot out of it.

00:57:21
Actually, on the, on the shows I'm on, you're going to hear a

00:57:23
lot of like bringing in perspective.

00:57:24
So that might be that will prove useful to you.

00:57:26
So that's how you can find me.

00:57:29
Speaker 1: Awesome.

00:57:29
Well, thanks Kara for coming on .

00:57:31
I really enjoyed our conversation and I hope everyone

00:57:34
enjoyed this episode.