Keya was a public school teacher who stood out of the crowd. She loves problem solving and challenging environments. Keya was also a filmmaker and web designer. She's currently a detection security engineer who get knee deep in malware on a daily basis.
New she didn't want to be a teacher her whole life
Was the only one in the rational thinking group at her school.
Enjoys rational thinking and the problem solving process.
Prototyped a mock medical device with a Raspberry Pi and won a national competition!
"Easy to get in to what you're comfortable with... and I didn't want to have a job like that."
"It was something that I enjoyed but I definitely feel more at home with the cohort that I work with currently and with what I do."
"... for me it was an amazing process because I hadn't ever SSH’d into a device and I had to figure out how to get like ports scan."
"I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos I looked at a lot of GitHub accounts trying to figure out like I've got to make this move." [14:24]
"It was incredibly challenging. A lot of times I was trying to figure out... where sometimes the information that you get from the client is essentially just a hint of what's going on in the network." [17:07]
" You just have to be creative and keep going at it until you can do what needs to be done." [18:08]
"Yeah. It's amazing, and especially coming from public school teaching where I had seen almost physical fights altercations happen over like reams of paper because there's just not that much allocated towards schools to where snacks are brought in. Like it's a very different environment…" [21:22]
"You did great on the test, but I want to watch you take the test." [23:06]
A 19 year old "not a security researcher". Facing limitations because of his age and not having the right "prerequisites" Hossam has had to make his own path. He also dreams in code and is one of the youngest OSCE's in the world!
Hossam Mohamed is one of the youngest OSCE in the world and currently working in cyber security domain for a financial company in Istanbul. His area of interest includes exploit development, offensive security, secure web development, malware analysis and he is a big python lover
On the organizing team of BSides Istanbul
Best friend is a computer.
Just finished high school last year!
Was doing freelance web design and security projects for clients.
Taught himself assembly.
Developing offensive security labs.
Hacked his way to getting a job. :)
"Because I love code."
"I wanted to understand how these games work." [5:56]
"I developed a project for my school. They liked it, but no one cared actually."
"No one in infosec doesn't play a little bit (hacking)." [8:04]
"Technical interview was great... didn't work because of my age and my education. I was only 18." [10:22]
Do you ever dream in code? "Actually... how did you know that?" [12:35]
"People think when it's about assembly and reverse engineering, omg it's untouchable.... No I'm telling you there is much more lower level than that."
"I feel bad when I get sick because I don't go to work... I don't (get to) open my laptop and looking to code."
"When I'm far from my computer for two or three days... I'll be depressed."
"You can make it part of your day." [22:52]
"I wanted to send them the new domain controller password with the report. " [25:23]
My thoughts on consuming vs production and how it relates to Getting Into Infosec. Sometimes we get stuck learning, consuming security news, trends and etc... but we forget to produce something. Whether it be testing a new exploit we heard about, trying something new in our lab, or applying something we learned the day before. Finding the write balance is important. If we're stuck, take little steps - better than no steps.
Ismaelle Vixsama (aka Izzy) has a knack for finding strategic flaws and speaking up about them. Doing so helped her get her first full-time job as well as have repercussions for defensive egos. Her whole career is a war story.
Izzy is an ISMS manager with 7 years of experience. She has worked in FinTech, Government, and Security R&D. Her work has allowed her to work on several mainstream products and services with some of the most well recognized brands.
ISMS - Information Systems Security Manager
Creates a security program around a company's information systems.
Played the CISO role initially, very CISO like role
First role in security was in Risk
Izzy comes from a very traditional Haitian back
Izzy came up benefits at her job for an opportunity to learn something new and be in a non-toxic environment.
First heard/learned about hacking at 15 from an AOL chat with a "hacker".
At 23 decided to speak up in a meeting a provide feedback, which led to her being hired Full-Time.
"At the time I was 22 years old, the pay wasn't that great but for me it was amazing because I was doing something I hated, I had benefits at my previous job but this company was giving me an opportunity to learn something new. To me that was so exciting."
"He looked at my resume and he said 'I realize you have no cybersecurity experience.' By starting the conversation like that it took some pressure off of my shoulders."
"I was so nervous that he was going to drill into me about all these topics I had no clue about."
"I didn't even [know] I had sisters."
"Everyone just kinda wrote me off."
"Who is the audience, what do we want to say here?"
Worst comment ever... "We have to really train you on your critical thinking skills."
"A good idea is a good idea, regardless of who it came from."
From Zero to One, David is a lifelong builder. Wherever he goes he just builds things. From an electric car to adhoc android apps to ZAP HUD, an awesome heads up display for ZAP Proxy, a game changer imho. We discuss the lack of UX in the security tooling community, how contributing to Open Source got him his job, and even about imposter syndrome.
David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and leads development for the OWASP ZAP Heads Up Display project.
Mostly interested in architecture and mechanical engineering when younger.
Built his own electric car with his dad, out of a Porsche 914!!
David explains XSS and why certain languages are better than others, such as react.
David gets lost in El Segundo. Yes.
"It's just a program that listens on these silly protocols."
"Playing with my hands I wanted to do more hands on stuff, quickly fell in love with the coding side as a lot of people do."
"I was like... what's GET? what's POST? What do you mean?"
"Before you know it right it seems so daunting."
"Still plenty of opportunities out there. Will be a long time before the world is perfect and secure."
"With all those things, I've been working in the security industry, but I didn't really feel part of any security community."
"I have nothing but good things to say about the open source community."
"...they're (security tools) just not built with user experience first."
"I think people underestimate what they are able to contribute."
Leron Gray is a man of many talents. Not getting really into computers until much later in life, but always having a creative side, he now finds himself as a pentester working from home and nerdcore rapper producing amazing beats!
Leron is currently a penetration tester and a ten year Navy veteran with four years experience as a Cryptologic Technician (Networks), focusing primarily in offensive cyber operations. He holds a Bachelor's degree from Dakota State University in Cyber Operations. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more and pass on knowledge. He always enjoys competing in as many Capture-the-Flag events as possible and also often performs as a nerdcore rapper.
Leron currently holds eCPPT, eWPT, GPYC, GPEN, GAWN, GCFE, and GICSP certifications. He also maintains a blog and maintains an active Twitter discussing music, information security and wrestling.
Went to a high school that made you choose majors.
Grew up poor, was not allowed to go out much.
Technological learning came from school.
Didn't really get into computers until he was 25.
Has been in music sister Jr. High School. Marching band, jazz band, and concert band... all the bands.
Networking is the biggest thing that Leron says would help.
Leron offers his passionate opinion on "aptitude". It's a pet peeve of his.
"I learned a lot... I made sure not to waste any opportunity for learning..."
"Job searching in general is a pain."
"I don't think I would be where I am right now if I hadn't gone out and made that effort."
"One of the big deals that people had were degrees, I wasn't really sure why; I have 10 years of IT/Cyber experience."
"It turned out the company no longer owned that server. Their DNS was still pointing to it though."
"I took Java in high school and was really bad at it and I found out everyone is bad at Java so it doesn't really matter."
"It's so much easier to learn when you have a problem to fix."
"It's not even just information security that learning pyt hon could help... it could be anything you do.. .often enough to warrant not to do it manual."
"Nobody does a CTF and expects not to learn something by the time they leave ."
"Job searches shouldn't be like that. They should be based on you merit. But..."
"Maybe the person can't get OSCP, but maybe they have the skills or knowledge..."
"The idea of aptitude... raises too many borders."
Jared Folkins understands people, technology, and the world around him. He can smell a toxic environment from a mile away and has used that EIQ spider sense for good. Jared shares with us some VERY personal stories (tear jerker warning!) in integrity and life decisions as well a bunch of on the job war stories including a famous one featured in the news! This is probably my most dramatic episode yet.
At 18 got promoted to manage a team of 50, because he wasn't lazy.
In hindsight was able to see indicators of the dot com crash, but didn't realize that.
Had a fork in the road where he had a major decision to make.
Jared shares with us a VERY personal story and the life lesson from that which he applies in his professional life.
Having low tolerance for toxic relationships, Jared has been able sense toxicity and it's been a driving force for good for him.
"I believe in the power of admitting when you're wrong."
" I carry my guilt between my shoulder blades."
"When I make that mistake; When you have a team that you can trust or a team that honors you, you have the freedom to say stuff like that."
"You can only control you."
"Constraints can be healthy."
"Stepping outside of your comfort zone... super healthy too."
"If someone tells me this person... is not a good person, I'll actually go meet that person. I want to asses it for myself."