I finally decided to create a website. I want it to be a place where I can post meaningful things about Infosec that the whole world can benefit from. Well, at least this is what I am hoping for, but it’s easier said than done. I will let the next few months dictate what this will turn into.
I wanted to mention in a few words what actually inspired me to do this. A couple of years ago, I read this post from Daniel Miessler on How to Build A Cyber Security Career. Despite ticking of many of the items on that list, there were some other things which made sense to me but which I never got around doing such as “having a presence” and “contributing to the community”. But that’s not all of it.
Last year, in July 2019, I went to give a presentation at the University of the West of Scotland part of NCSC’s CyberFirst UK programme. I did two talks of 30 minutes each, the first to 13 to 16-year old students, and the second to 16 to 19-year old students (~25 students in each group). In my spiel for the greater good of Cyber Security (or at least that’s what I thought it was), I mentioned how I got to where I was with my current job, the different areas of expertise you can get into and various resources available online that can help guide your path to becoming an information security professional. On one of the slides, I showed the very same resource from Daniel Miessler. So that’s when I thought: “Wait! I am telling these people what to do, but some of the things here I am not doing myself?!”.
My first presentation went fairly well, the younger folks were quite timid and there were only a few questions at the end (we probably spent about 10 minutes). Nevertheless, for the second group of students, surprisingly we stayed over more than 30 minutes chatting through some of the things they weren’t sure about and additional questions.
I was so impressed that they were genuinely interested, they were so motivated at such a young age and that they were already on the front foot of Infosec, miles ahead from when I started. There were some funny questions too, such as: “What’s your salary now?” or “Does a Black Hat earn more than a White Hat?” For this second question, I interpreted that the student was referring to offensive security such as Pentesting or Red Teaming, but then I thought carefully and realized that he was actually thinking of illegal stuff. At that point I tried to pull them back on track and explained some of the consequences that come with doing illegal things (this is one of the purposes of the CyberFirst programme as well). But even though I was a bit shocked about this, I realized that this is the reality we live in. The student approached me after we finished, and he explained to me that it is very difficult for him to land a job at that moment, that he doesn’t have all the years of experience employers are looking for and that he had already been rejected several times. I encouraged him and told him that by staying positive and motivated, it will be just a matter of time until he will find his dream job. One of the moderators had to listen to the conversation all the way and while rushing us to finish she said I needed to be careful not to influence negatively. That was the least of my intentions. And I am wondering now if there could have been anything more that I could have told or help him with.
So, with all this said, what I am trying to do now is give a bit back to the community. I started posting and commenting on Twitter a couple of weeks back (maybe not everyone’s cup of tea) but I can already say that this helps me a lot with my confidence and to think retrospectively on all of my experiences and it is something which I would encourage everyone to do. Also, if you are reading this and have any questions or are in need of any advice or help, please do reach out to me!
This concludes my story and what motivated me to start writing this blog.