Hacking into Security - Career Talks

In this episode, we catch up with Jacqui Loustau, the Founder of the AWSN (Australian Women in Security Network) and Principal Security Consultant for Cynch Security.

Jacqui gained excellent experience working overseas in security was planning to come back to Australia and had more difficulty than she expected in landing a job. We walk through Jacqui's story of getting into security, her challenges in landing a job, what got her to start what would become such an influential security community, the future for AWSN and how organisations can do more to attract a more diverse culture.

Knowing Jacqui over the years has given me some insight into the incredible demand in starting a security community. Impressively, Jacqui decided "to take 6 months and get it (AWSN) up and running properly!" and is now getting paid for her AWSN work.

In this episode, we catch up with John Jackson (@johnjhacking) an Application Security Engineer at Shutterstock.

John never thought he would have a career sitting at a computer, let alone in cybersecurity. We walk through John's journey from being a Petroleum Engineer in the United States Marine Corps to eventually working in application security, penetration testing, security research and bug bounties.

We also discuss the reality of applying for hundreds of jobs to land something, taking different roles to help him progress and a story that highlights some of the dangers that can happen to curious security researchers.

In this episode, we catch up with Charl van der Walt (@charlvdwalt), Head Of Security Research at Orange Cyberdefense and one of the original founders of SensePost.

We talk through the origins of how SensePost got started, what it was like to build a business over 20 plus years and eventually sell and become part of a much larger company.

Charl also spoke about a personal topic he is driving around gettings organisations to think differently in their approach to gender diversity.

In this episode, we catch up with Keith Hoodlet (@securingdev) Senior Manager, Application Experience at Thermo Fisher Scientific.

Keith has a strong background in application security and is the former host for 55 episodes on the Application Security Weekly podcast. I saw a tweet by Keith and wanted to dig deeper in that. The tweet was responding to Dino Dai Zovi who said "Security" as a single dimension of expertise increasingly makes no sense. Saying that you are a "security expert" is like saying you are a "computer expert." Computing is a part of everything we do and we don't isolate expertise on all of it within the "computers team.", Keith said "Agreed; in the same way that Ops became part of the Software Engineering team, we need Security to become part of the Software Engineering team.

This is why I say that Security is a Feature, because features are:

- Funded

- Have time allocated to them

- Are tested and maintained"

We also walk through Keith's journey into the industry and also share advice to companies looking to mature their Application Security and DevSecOps.

You can watch Keith's keynote talk at OWASP AppSec Day Melbourne 2018

https://www.youtube.com/watch?v=QT_omddhJzo&list=PLPvxR0i93gjQjrIJK0PdMdFkUbnHhRBRN&index=2&t=0s

In this episode, we catch up with Toni James (@_tonijames), Security Advisor and CHCon co-organiser.

Toni was a snowboarder, managing a large team but wanted more. She decided to go back to university as a mature student and mum. Not easy to juggle! She went on to finish her Computer Science degree, an Google Anita Borg Scholar, then Software Engineer and started getting into the security community.

Toni talks very openly about her journey, the challenges she faced and shared excellent advice to others out there.

In this episode, we catch up with @mubix (Rob Fuller), a is red teamer turned purple teamer. He started his career in the United States Marine Corps working with explosives and has gone on to have a highly successful career in the security industry working at companies like Rapid7, GE, Uber, Cruise Automation and now Balck Hills Information Security, as well as contributing back in many ways to the security community and speaking at many conferences around the world.Mubix shares his journey, stories along the way, as well as going deeper into both red and purple teaming.

In this episode, we catch up with Michael Skelton (@Codingo) Global Head of Security Operations and Researcher Enablement at Bugcrowd.Codingo has a non-traditional career path and he shares his journey on how he got to where he is, including the challenges of breaking into the infosec industry. As someone who got to be a Top 20 bug hunter on Bugcrowd and now the Global Head of Security Operations and Researcher Enablement at Bugcrowd, Codingo shares not only career advice but also tips on bug bounties.

In this episode, we catch up with Chloé Messdaghi, VP of Strategy at Point3 Security. Chloé is a humanitarian Advocate in the Cybersecurity space. She started her career in marketing but got the opportunity to move into infosec in 2017. Chloé shares some of the experiences that led her to nearly quit the industry but instead has gone on to become a voice in the community. As well as speaking many conferences, Chloé is the founder of WeAreHackerz (formerly known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.

In this episode, we catch up with Baptiste Robert, who goes by the handle @fs0c131y.Baptiste is a Security Researcher based in France with a big focus on android. We walk through his journey from graduating with a network and telecommunication to finding vulnerabilities and creating a large following. We also cover how has a security researcher, Baptise finds his projects and his plans for the future around battling disinformation.

In this episode, we catch up with Shubs (Shubham Shah, @infosec_au, @notnaffy), CTO of Assetnote.A passion for hacking grew early in Shubs' life. He was demonstrating good skills in hacking but faced with a tough decision at an early age. Follow his parents wishes and attend university or his own path and get a job. We talk through Shubs's incredible journey which saw him land his first job in the industry at 17 years old, his success in bug bounties and going on to co-found the company Assetnote. Shubs also shares some practical tips for aspiring hackers and bug bounty hunters. Recommended blog by Shubs on bug bounties - High frequency security bug hunting: 120 days, 120 bugshttps://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/