Episodi

  • Hey folks, I'll be at DEF CON in Vegas this year! Would love to see you all there!


    Jack's Parties: https://twitter.com/JackRhysider/status/1686785376327987200Checkout Miscreants at the Vendor Area: https://www.miscreants.com/

    yFDrTl54ZSu3KAmLWbmi

    Mentioned in this episode:

    Stay In Touch

  • Journey into Cybersecurity and OSCP Certification with Rana Khalil

    This episode features Rana Khalil, a Senior Cybersecurity Assessment Analyst with a rich background in pen-testing, especially in the financial sector. Rana shares her non-traditional entry into technology, starting with a dislike for her first laptop and phone, transitioning from biochemistry to a math degree, and eventually finding a passion in computer science, leading her to cryptography and cybersecurity. Her academic journey includes significant work in cryptography, under the tutelage of Carlisle Adams, and a master’s project on web application vulnerability scanners. Rana discusses her motivation and relentless pursuit of the OSCP certification, highlighting the importance of hands-on experience, teaching, and documenting the learning process through write-ups. She also conveys the value of previous experience in related fields, the significance of specializing and pacing in learning, and shares insights into her career progression, including valuable advice for people aspiring to enter the cybersecurity field.

    00:00 Introduction and Guest Background

    01:47 Rana's Journey into Cybersecurity

    02:45 Rana's Early Interest in Mathematics and Cryptography

    05:47 Transition into Computer Science and Web Security

    10:52 Master's Research on Web Application Vulnerability Scanners

    13:02 First Security Job and the Impact of Public Speaking

    15:11 Journey to the OSCP Certification

    17:36 The Value of Self-Study and Accountability

    18:53 Reflections on the OSCP Experience

    20:59 Understanding the OCP Exam

    21:13 The Importance of Lab Time

    22:18 The Value of Documenting Your Journey

    22:49 Introduction to the OSWE Certification

    25:07 The Role of Experience in Security

    25:16 The Life of a Security Professional

    25:25 The Importance of Specialization in Security

    26:24 The Value of Previous Experience in Security

    29:55 The Challenges and Rewards of Pen Testing

    30:43 The Balance of Work and Personal Time in Security

    34:58 The Importance of Focusing on One Area in Security

    37:07 The Importance of Understanding Source Code

    38:11 Final Thoughts and Advice

    Thank you for listening!

    Mentioned in this episode:

    Stay In Touch

  • Episodi mancanti?

    Fai clic qui per aggiornare il feed.

  • Norman Weekes is on the Security Operations Team at Salesforce. He is in charge of scanning their infrastructure and ensuring that everything is set up and operating properly.

    Norman already spent almost a year in the information security world. This is also his first official full-time security job. After going through different job contracts, he believes that if everything's shut down early, there's no reason not to just get in a good routine and go after whatever certification or whatever job you want. This episode will undoubtedly inspire and assist job contractors who are considering a career in the information security world.

    LINKS

    Linkedin:  https://www.linkedin.com/in/normanjr/

    Security and Privacy Framework: iapp.org

    Full Show Notes: https://www.gettingintoinfosec.com/

    Mentioned in this episode:

    Stay In Touch

  • Niru Ragupathy is a Security Engineer at Google and works as the Offensive Security Lead and manages part of the Offensive Security Team. She is currently the Tech Lead Manager. Niru sees managing as a challenging, interesting ride yet undervalued skill. She also considers it rewarding although it demands the investment of both time and effort. 

    She believes that it is important to start leading and take things slowly but not take the decision lightly. Having planned on taking Biotech in College but being persuaded by her parents, she was thrust to take on Computer Sciences since it has greater demands in society. In the face of her struggles, Niru has found her sense of belongingness in security management. This episode will surely encourage and benefit Engineers who struggle in transitioning on management. 

    LINKS

    Linkedin: linkedin.com/in/niru-ragupathy-99078233

    Mentioned in this episode:

    Stay In Touch

  • John Gates is a Lead IT Security Operations Analyst for a global food brand. John has always liked to know how do things work - and that has proven to be a beneficial trait - from his first job as a car mechanic to IT consultancy and education to his current role. He’s also an advisor and former board member at OpsecEdu, an organization educating technologists in state, local, and education agencies on security best practices. 

    LINKS

    Linkedin: https://www.linkedin.com/in/johngates/

    OpsecEdu: https://www.opsecedu.com/

    Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5

     

    Full Show Notes: https://www.gettingintoinfosec.com/john-gates-from-car-mechanic-to-lead-security-analyst/

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Samantha Cowan is the Head of Compliance at HackerOne. She's the former Director of Compliance at OneLogin and former Security Engineer at CoverHound, Cyber Policy, and Zenefits. Sam initially perceived Infosec as an "unhappy job", but later found herself taking her MBA and paving her way into the security industry. Despite having her master's degree, she was not an exemption to facing rejections when applying for cybersecurity. Her episode is mind-blowing as she shares how you can break into boundaries by being confident in yourself and by not compromising to being seen as a token hire.

    LINKS

    Linkedin: https://www.linkedin.com/in/samanthacowan/Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Security and Privacy Framework: iapp.org

    ----------------------------------------------

    Follow @coffeewithayman on Twitter for more

    For more information check out: gettingintoinfosec.com

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Betsy Bevilacqua is the current VP of Information Security at Chainalysis. Initially, she had her mind set on law school until she did a self-audit and realized that she enjoyed computers and tech much more. Her journey into infosec led her to move from Kenya to the US to obtain a degree in Security and explore various companies involved in academia, food and facilities, healthcare, telephone communications, and finance to more traditional tech. Her interview is full of advice for those looking to break in and those already in infosec.Computer

    Links, Detailed Show Notes, and Transcript:

    https://gettingintoinfosec.com/betsy


    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Dr. Eric Cole is an accomplished cybersecurity hacker and executive advisor. His career has been a mix of sixth-sense chance encounters and wisdom/foresight of the future. His uncanny ability to see the opportunity in cybersecurity combined with the wisdom to listen to those smarter than him is why he is where he is today. His interview is chock full of poignant advice and tips.

    Dr. Eric Cole also has a creative side to him: he's a musician. He was a French horn player before and now, he's a drummer. He's known as the Tommy Lee of Cybersecurity.

    Eric Cole's Quick List of Advice

    Always be respectful, Don't be an A**Hole to other people… but don't give a crap what other people say or think because we're unique and different. If you're an entrepreneur in cybersecurity, they're not gonna get ya.Listen to people that are smarter than you and have made the mistakes before you make them.Life will force you to repeat lessons until you learn them.The biggest gap is in the monitoring, detection, and analyst side.

    Quotes

    "It's all about looking at calculated risk, understanding [the] pros and cons, and taking chances.""You've done the same thing six times in a row, and it doesn't work. What makes you think if you do it a seventh time [that] it's actually going to work?""Try different things.""Have advisory board members for your life.""If the best professionals in the world have coaches, why shouldn't we?""If people are not listening to your advice, 99% of the time, it's because you didn't answer the right question.""Smart people know the right answer. Brilliant people ask the right question.""Good cybersecurity people solve problems. Great cybersecurity people solve the right problems.""Don't overlook the obvious.""It's never a lack of resources, but a lack of resourcefulness."

    Getting Into Infosec

    Other episodes, transcripts, a career guide to Getting Into Infosec:
    https://gettingintoinfosec.com/

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Lisa Jiggetts knew from an early age that she was going to be in tech and cyber. A navy veteran who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of the Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Check out her journey into the cybersecurity field.

    Notes

    Originally a cook in the military, then migrated to information security.Looked for opportunities to transition into information security by talking to people in and outside her social network.Networking can be hard, but it will turn in your favor.Lisa is an introvert, but knows how to become an extrovert when needed.

    Quotes

    "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up."“That's the biggest thing you can do. I think is networking because somebody knows somebody.""So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door.""[Networking is] hard, but just do it because, in the end, it's gonna turn out in your favor."

    Links

    Lisa on Twitter: https://twitter.com/lisajiggettsIntro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Women’s Society of Cyberjutsu: https://womenscyberjutsu.org/

    Getting Into Infosec

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribeAyman on Twitter: https://twitter.com/coffeewithaymanFollow Us on Twitter:  https://twitter.com/getintoinfosecFollow Us on Instagram: https://www.instagram.com/coffeewithayman/Join our community: https://community.gettingintoinfosec.com/

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Eric Strom is the Unit Chief of the Mission Critical Engagement Unit, Cyber Division. In this role, Mr. Strom oversees the FBI Cyber Division’s private sector outreach efforts to the 16 critical infrastructure sectors, forging partnerships with companies in those sectors to develop and share threat intelligence related to activities by sophisticated criminal organizations as well as nation-state actors.

    Notes

    Eric has been with the FBI for 21 years, since June 1999Originally a lawyer practicing criminal defense and civil defense, then went to non-profitEarly on in the FBI, they had to do a lot of workarounds. Cyber wasn't so straightforward56 Field offices were all doing something different, then became consolidated centrally as a service organization

    Quotes

    "Now, it's funny. None of us really had a traditional cyber background. Tom started out his career as a geologist, and Keith actually started out selling, like, furniture. He was a salesman."

    "But, I mean, from the legal standpoint, you've got third-party liability and other things. So we really had to walk a kind of a tight rope when it came to what types of malware we were infecting ourselves with. And then how far we'd let it go."

    "And so as we're taking it over, it was really interesting to sit behind one of the malware analysts and watch a Wireshark and watch the instructions coming out. I crossed the wire. It was really cool. And when it really kind of sunk in, because to me, it was like a tangible thing. I can actually see it happening as it was going on."

    "It's (cybersecurity) probably the most rewarding thing you'll ever do in your life."


    Links

    FBI: https://www.fbi.gov/Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Outro Music: https://freemusicarchive.org/music/KieLoKaz/Free_Ganymed/Alte_Herren_Kielokaz_ID_364

    Getting Into Infosec

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/

    T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/

    Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribe

    Ayman on Twitter: https://twitter.com/coffeewithayman


    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Gabriel Agboruche (@ICS_Gabe) is a senior ICS and OT cybersecurity consultant, helping organizations solve their most challenging industrial control security problems. And that was a mouthful, but that's what he does. His journey's unique one, and almost didn't happen.

    Notes

    Gabe was a math whiz in the Detroit Public school systemDuring college, he had some unique experiences as an African American, one of which was due to him being the top of his classGabe was an electrical engineer working at a nuclear facility, then #Stuxnet happenedThe demand for cybersecurity skills combined with his experience and love for growth paved the way for where he is today.

    Quotes

    "All these systems are air-gapped by regulatory guidance.""I'm here for my education. I'm going to get this education. And not even necessarily prove this person wrong, but I'm going to be here and do what I have to do in order to get where I desire to be.""He's like, wow, you're the first black guy that I have ever seen in person.""I almost rushed with him for one (a fra)."" I saw that I would gain a greater exposure to a lot more technologies within my field. I get to see different plants. I get to touch different areas."

    Links

    Twitter: @ICS_GabeICS with Gabe PodcastDarknet Diaries Triton EpisodeAn Episode with Jack Rhysider

    Getting Into Infosec Info

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peeks, updates, and commentary: https://gettingintoinfosec.com/subscribeAyman on Twitter: https://twitter.com/coffeewithayman

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Lisa Jiggetts is the founder of the Women's Society Of Cyberjutsu. After recording, we continued talking and the topic of salary negotiations came up. It was so good I started recording again. This topic is super important. I have seen both experienced and inexperienced people make these mistakes.

    LinksSalary Negotiation Tips: https://www.thebalancecareers.com/what-can-employers-say-about-former-employees-2059608 (see the video too)Lisa on Twitter: https://twitter.com/lisajiggettsA recruiter's comment on the topic: https://twitter.com/Zavala_CyberSN/status/1294398519994773505
    Getting Into InfosecAsk A Question: https://gettingintoinfosec.com/askWebsite: https://gettingintoinfosec.comAyman on Twitter: https://twitter.com/coffeewithaymanBreaking IN Book: https://gettingintoinfosec.com/bookJoin My Mailing List: https://gettingintoinfosec.com/list

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Today's episode features a story that was sent to me by a listener.  He reached out to me on LinkedIn, telling me of his success story posted on Reddit. This is the audio version.  I think you're going to be really interested in what he had to say.  He talks about his struggles and what he went through in his journey to Information Security.

    Original Reddit post:  

    https://www.reddit.com/r/ITCareerQuestions/comments/fw44sg/career_change_success_story_starting_my_first/

    Getting Into Infosec Links:

    Site: https://gettingintoinfosec.com/Book: https://breakingintoinfosec.com/Follow Me Twitter For More Resources To Help You On Your Journey: https://twitter.com/coffeewithayman

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Transcript

    Hey everyone… 

    So, as if this time was not hard enough as it was with Covid, the American Black community has been affected yet again.

    It's difficult to post motivating content while so many are feeling a sense of outrage and so much going on. So I'm going to pause, slow down, or at least take into consideration the posting of new content during this period. Of course, people still need to work, so I can't stop completely, and I do have episodes coming down the pipe.

    There's a personal story I want to share related to this.

    A friend and I were driving once, but he realized he left his wallet at home, which had his driver's license. I said, "Not a big deal. They can just look you up if you get pulled over." He then looked at me, and I then figured it out: he's black.

    It hit me then how privileged of a life I had. It then hit me how scary driving while back really is. I may not be white, Christian, and from the suburbs, but I'm not black and male.

    I may not have the best things to say at this moment, but I realize staying silent isn't an option. I don't have a TV, and I'm not on Twitter often, but the little I did see made me realize silence or status quo is almost as bad.

    Diversity and inclusion are an integral part of this podcast. I've never called it out as I just wanted my lineup to speak for itself. Many of my guests are black. For the longest time, it was rare to see a brown or black person at a security conference. It was quite lonely.

    For listeners outside of the US, please try to empathize with whatever social divide you have in your country. It could be the religious minority in your country, the darker-skinned, those of a "lower" social caste, the poor, or whomever it may be. There are always those that are marginally suppressed or oppressed.

    So….

    I stand with the Black community against racism, violence, and hate. Now, more than ever, we must support one another as allies and speak up for justice and equality.

    #BlackLivesMatter

    ******************************************

    Website: https://gettingintoinfosec.com/

    Twitter: https://twitter.com/coffeewithayman

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Hello! Wanted to let you know I'm creating daily (almost) videos on YouTube called Getting Into Infosec BITES: https://www.youtube.com/c/gettingintoinfosec

    Please like, subscribe, and spread the word.

    The best thing you can do to support this media is to spread the word and let others know. Thanks!

    Links:

    Site: http://gettingintoinfosec.com/Book: http://breakingintoinfosec.com/Twitter: https://twitter.com/coffeewithayman

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Kavya Pearlman is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. Kavya is the founder of the non-profit XR Safety Initiative (XRSI). XRSI is the first global effort to promote privacy, security, ethics, and develop standards and guidelines for Virtual Reality, Augmented Reality, and Mixed Reality (VR/AR/MR), collectively known as XR.

    Kavya is constantly exploring new technologies to solve current cybersecurity challenges.

    Quotes:

    "Money, money, money. How much money [are] you going to make? I was so put off. No, it's not about money. I really just want to learn." "What would you become when you grow up? I would be a D.I.G. (Deputy Inspector General).""This country needs me. This world needs me.""You owe it to yourself to explore this little itch, and figure out whether this is your passion or not." "You will inevitably make (sometimes) bad decisions.""Technical support IS security." "I don't think anyone read that [report], but then it gave me some satisfaction that this is awesome. I can actually take what I'm learning and apply it to the job." "Believe in yourself. Not just for information security." 

    Links:

    Kavya Pearlman - https://twitter.com/KavyaPearlmanXRSI - https://www.xrsi.org/Caroline Wong - https://twitter.com/carolinewmwongSteve Hunt [22:17] - https://twitter.com/Steve_Hunt

    Getting Into Infosec:

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Stay in touch and sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • We are in the middle of a worldwide pandemic (COVID-19), a recession is here, a depression might be coming, and everyone is remote! Everything has changed. What can you do? How can you find a job in these crazy times? What are the challenges? How can you make yourself valuable? What's going through the company or hiring manager's mind?

    Please share or leave an awesome review if you found this helpful.

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • Syntax, an internal pentester for a large organization, had an interesting ride into infosec, filled with pitstops, detours, and countersteering along the way. At an early age, he was influenced by his father, got started hacking, and was wrongfully arrested for reporting a vulnerability in his High School. Hear his exciting journey into infosec, filled with life lessons.

    Shownotes

    Was arrested in High School for disclosing a vulnerability in the school IT systemWent to college for computer science, but dropped outInspired by the movie hackersHis first computer had a 1MB hard drive (yes, not a typo!)Still went to Defcon even when he was not in IT or working in securityWas a professional motorcycle racerKept all his rejection letters as a way of motivation to keep goingHad some business and entrepreneurial experience in the past, which helped him get back into the fieldGot back into security through… IT!

    Quotes

    "A lot of our time is spent arguing with the other departments and justifying our findings." [2:58]"Is this cross-site scripting really a problem?""I get stuck a lot… it's kind of the nature of the beast." [5:17]"I'm not going to work in tech again." [12:21]"You're a motorcycle mechanic… why should we hire you?"[19:07]"It's my hacker family. These are my people. Everyone in security, they make sense to me, cause they're all kinda like me." [19:41]"I kept getting [these] projects coming my way and I constantly said, 'YES.'" [22:07]"Have you done this before? … no, but I'll learn!" [25:06]""Because I had that mindset… I was seeing [from a] different [perspective] than other analysts." [26:00]

    Links

    Syntax on Twitter:  https://twitter.com/syntax976DCZIA: http://dczia.net/Queercon: https://www.queercon.org/Outro Music: "Pure Decking" by Patient Zero from the album "Screen Saviour" her link is http://patientzero.bandcamp.com and she is @DoctorKraft on the Twitter

    Getting Into Infosec

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.

    Getting Into Infosec:

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch

  • These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.

    Getting Into Infosec:

    Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

    See omnystudio.com/listener for privacy information.

    Mentioned in this episode:

    Stay In Touch