Hacking into Security - Career Talks

In this episode, we catch up with Jacqui Loustau, the Founder of the AWSN (Australian Women in Security Network) and Principal Security Consultant for Cynch Security. Jacqui gained excellent experience working overseas in security was planning to come back to Australia and had more difficulty than she expected in landing a job. We walk through Jacqui's story of getting into security, her challenges in landing a job, what got her to start what would become such an influential security community, the future for AWSN and how organisations can do more to attract a more diverse culture. Knowing Jacqui over the years has given me some insight into the incredible demand in starting a security community. Impressively, Jacqui decided "to take 6 months and get it (AWSN) up and running properly!" and is now getting paid for her AWSN work.

In this episode, we catch up with John Jackson (@johnjhacking) an Application Security Engineer at Shutterstock. John never thought he would have a career sitting at a computer, let alone in cybersecurity. We walk through John's journey from being a Petroleum Engineer in the United States Marine Corps to eventually working in application security, penetration testing, security research and bug bounties. We also discuss the reality of applying for hundreds of jobs to land something, taking different roles to help him progress and a story that highlights some of the dangers that can happen to curious security researchers.

In this episode, we catch up with Charl van der Walt (@charlvdwalt), Head Of Security Research at Orange Cyberdefense and one of the original founders of SensePost. We talk through the origins of how SensePost got started, what it was like to build a business over 20 plus years and eventually sell and become part of a much larger company. Charl also spoke about a personal topic he is driving around gettings organisations to think differently in their approach to gender diversity.

In this episode, we catch up with Keith Hoodlet (@securingdev) Senior Manager, Application Experience at Thermo Fisher Scientific. Keith has a strong background in application security and is the former host for 55 episodes on the Application Security Weekly podcast. I saw a tweet by Keith and wanted to dig deeper in that. The tweet was responding to Dino Dai Zovi who said "Security" as a single dimension of expertise increasingly makes no sense. Saying that you are a "security expert" is like saying you are a "computer expert." Computing is a part of everything we do and we don't isolate expertise on all of it within the "computers team.", Keith said "Agreed; in the same way that Ops became part of the Software Engineering team, we need Security to become part of the Software Engineering team. This is why I say that Security is a Feature, because features are: - Funded - Have time allocated to them - Are tested and maintained" We also walk through Keith's journey into the industry and also share advice to companies looking to mature their Application Security and DevSecOps. You can watch Keith's keynote talk at OWASP AppSec Day Melbourne 2018 https://www.youtube.com/watch?v=QT_omddhJzo&list=PLPvxR0i93gjQjrIJK0PdMdFkUbnHhRBRN&index=2&t=0s

In this episode, we catch up with Toni James (@_tonijames), Security Advisor and CHCon co-organiser. Toni was a snowboarder, managing a large team but wanted more. She decided to go back to university as a mature student and mum. Not easy to juggle! She went on to finish her Computer Science degree, an Google Anita Borg Scholar, then Software Engineer and started getting into the security community. Toni talks very openly about her journey, the challenges she faced and shared excellent advice to others out there.

In this episode, we catch up with @mubix (Rob Fuller), a is red teamer turned purple teamer. He started his career in the United States Marine Corps working with explosives and has gone on to have a highly successful career in the security industry working at companies like Rapid7, GE, Uber, Cruise Automation and now Balck Hills Information Security, as well as contributing back in many ways to the security community and speaking at many conferences around the world.Mubix shares his journey, stories along the way, as well as going deeper into both red and purple teaming.

In this episode, we catch up with Michael Skelton (@Codingo) Global Head of Security Operations and Researcher Enablement at Bugcrowd.Codingo has a non-traditional career path and he shares his journey on how he got to where he is, including the challenges of breaking into the infosec industry. As someone who got to be a Top 20 bug hunter on Bugcrowd and now the Global Head of Security Operations and Researcher Enablement at Bugcrowd, Codingo shares not only career advice but also tips on bug bounties.

In this episode, we catch up with Chloé Messdaghi, VP of Strategy at Point3 Security. Chloé is a humanitarian Advocate in the Cybersecurity space. She started her career in marketing but got the opportunity to move into infosec in 2017. Chloé shares some of the experiences that led her to nearly quit the industry but instead has gone on to become a voice in the community. As well as speaking many conferences, Chloé is the founder of WeAreHackerz (formerly known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.

In this episode, we catch up with Baptiste Robert, who goes by the handle @fs0c131y.Baptiste is a Security Researcher based in France with a big focus on android. We walk through his journey from graduating with a network and telecommunication to finding vulnerabilities and creating a large following. We also cover how has a security researcher, Baptise finds his projects and his plans for the future around battling disinformation.

In this episode, we catch up with Mike Monnik, CTO of DroneSec, offensive security professional and Co-organiser of SecTalks Melbourne. Mike was advised early in his career to pick up a specialist area. That area turned out to be drones, and a passion was formed. Starting as a side hustle and whilst working as a penetration tester, Mike started building a (not-for-profit) drone security company. This eventually turned into a business and Mike walks us through this story and what the drone security industry looks like. He discusses what the future could look like for the industry and how others who share a similar passion could pivot into a full-time role in drone security.Here are some resources Mike recommends:DroneSec UAV Threat Intel Platform: https://dronesec.com/pages/notifyCREST ASSURE Program: https://www.crest-approved.org/assure/index.htmlChristchurch Mosque shooter used drones to surveil target site: https://www.stuff.co.nz/national/christchurch-shooting/122232602/christchurch-mosque-terrorist-used-drone-over-mosque-before-march-15-attackISIS fighter killed by own drone: https://www.thesun.co.uk/news/9797095/isis-fighter-killed-by-drone-bomb/Gangs using drones to infect pig pens: https://www.businessinsider.com/chinese-gangs-are-spreading-african-swine-fever-to-profit-2019-12?r=AU&IR=T (editors note: swine flu not bird flu as mentioned in the podcast)Pig pen farms disrupt aviation with drone jammers: https://www.reuters.com/article/us-china-swinefever/commercial-pig-farm-in-china-jams-drone-signal-to-combat-swine-fever-crooks-idUSKBN1YO0JECartels using drones as temporary airstrips: https://www.washingtonpost.com/world/2020/07/05/guatemala-cocaine-trafficking-laguna-del-tigre/A journalist uses a drone to exfiltrate hard drives: https://www.bbc.com/news/technology-49689833Researchers use drone projectors to disrupt smart vehicles: https://thenextweb.com/cars/2020/02/05/teslas-autopilot-dangerously-fooled-by-drone-mounted-projectors/DJI Bug Bounty Program: https://security.dji.com/policy

In this episode, we catch up with Iain Dickson, ComfyCon AU Founder, Cyber Technical Lead for Leidos Australia.Iain walks us through a presentation on the origins of Hackers and defines the different types of threat actors,

In this episode, we catch up with Ofer Schreiber, Partner & Head of Israel Office at the American-Israeli venture capital firm, YL Ventures. We talk about the cybersecurity from the lens of a venture capital firm. Ofer shares his unique background and experience having come through Unit 8200 and now looks at and manages investments on the behalf of YL Ventures.Ofer talks about what his firm looks for when investing in entrepreneurs and provides advice for people who aspire to build the next cybersecurity startup.

In this episode, we catch up with Craig Templeton, CISO & GM Technology Platforms at REA Group.Craig is very open about the role of a CISO and what his job looks like. He shares advice to people wanting to progress in their career and the experiences that helped him get to where he is today.

In this episode, we catch up with Security Researcher, pentester, trainer and Principal Security Engineer Eldar Marcussen.Eldar built the source code auditing tool graudit (grep rough audit). We discuss what it's like to build a tool and some of the unknowing benefits it's led to in his career.Eldar also shares advice for any aspiring pentesters.

We catch up with Prashant Venkatesh, a specialist in Application Security and an OWASP Bay Area Chapter Lead.With over 10 years of experience in building teams and uplifting environments in Application Security, we discuss what Application Security means to Venkatesh, how he got started in the area, how others can get started and advice for organizations that want to increase their security.

In this episode, we speak with Afterpay CISO Marc Bown.Marc's career started on the technical side as a Penetration Tester and has progressed to become CISO for one of the fastest-growing e-commerce payment companies in the market.We discuss the differences between working in the Bay Area and Australia, how he moved in his career and share advice for aspiring CISOs.

In this episode, we catch up with Maxie Reynolds, a specialist in Social Engineering. Maxie left Scotland at a relatively young age and has gone on to work around the world. She worked offshore on oil rigs, become a penetration tester at a big four consulting company, started her own business and is now working as a Social Engineering Consultant. We get to hear what about the type of engagements Maxie has worked on, the skills involved and advice for others wanting to learn about social engineering.

In this episode, we catch up with Abbas Kudrati. Abbas has an impressive career which has seen him work around the world and is now operating as a Chief Cybersecurity Officer at Microsoft. Abbas started off his career in a technical role and then progressed to working as a CISO for various organisations. He is incredibly generous with his time and gives back to the community in many ways, including as a part-time Lecturer for "Masters in Cyber Security" program at La Trobe University. In our conversation, Abbas gives practical advice for others working in technical roles that aspire to work in a CISO position.

We catch up with Casey Ellis, founder of the number one crowdsourced security platform, Bugcrowd. Through our conversation, we go through the journey of starting a business, moving countries, multimillion-dollar raises and more. Casey also shares his advice to future founders.

Ian shares the insight of someone that has transitioned from working a Recruitment Consultant to General Manager of XZ Security, one of New Zealand’s leading penetration testing companies.He talks about his journey into security, discusses the skills required for a non-technical person working in a security company and what his company look for when hiring.

This episode is with Francisco “Disco” Morales who works in Talent Acquisition at Canva. Disco has helped Canva hire over 100 people and prior to this had a background in agency recruitment. He shares the views of someone working in a team that receive over 50,000 jobs applications a year.Disco recommends some tips that can help someone standout ad improve their chances when applying for a role.

This episode is with Cairo Malet.Cairo is a Cyber Risk Advisor working in Cyber Security Risk and Advisory for a major mining company. That isn't where her career started and we get to hear Cairo's journey from barista to working in an organisation that could have her performing security assessments on mining sites and ships.

This episode is with Louis Nyffenegger, founder of PentesterLab, one the best training grounds for newbies and experienced professionals to enhance their web application security skills.Louis shares his story of how he got into security and then what it took for him to convert a passion into a business whilst working as a Security Engineer at Fitbit.

This episode is with Chris Rock.Chris has been active in the security industry for over the last 25+ years. Chris presented I will Kill you at Defcon 23 and How to Overthrow a Government at Defcon 24. Chris ran a security penetration testing company for 10 years.Chris Rock is now CISO and co-founder of SIEMonster. SIEMonster was started in 2015 by a team of hackers.After years working in penetration testing, they realized that there was a gap in the SIEM market for an affordable scalable open-source alternative to existing solutions.Chris talks about his journey from an 11-year-old hacker to working in banks, pentesting around the world and starting his own company which is now global.