Welcome to another episode of the Building a Life and Career in Security Podcast. Today’s guest is security professional Brian Johnson. Brian spent most of career as an IT guy. Infrastructure, networks and the occasional security work. He's now completely focused on security and just landed his dream job. Links Mentioned In This Episode: @7MinSec The 7 Minute Security Podcast Brian in Jingle all the way: Jay in League of Their Own: The post Brian Johnson appeared first on .
Welcome to Season 2 and Episode 21 of the Building a Life and Career in Security Podcast. Today's guest is Robert Hurlbut. Robert has been an independent security consultant for a number of years and talks about life working for yourself as well as his focus on combining development with security. Links Mentioned In This Episode: Robert on Twitter Robert's Website The post Robert Hurlbut appeared first on .
Welcome to Season 2 and Episode 20 of the Building a Life and Career in Security Podcast. Today's guest is Christopher Thompson. Chris follows Kevin Chung from last week’s podcast. Chris and Kevin knew each other at NYU. Kevin’s graduated and Chris is still in school. Links Mentioned In This Episode: NYU Center for Cyber Security (CCS) - Lab referred to by Chris The post Christopher Thompson appeared first on .
Welcome to Season 2 and Episode 19 of the Building a Life and Career in Security Podcast. Today's guest is Kevin Chung. Kevin graduated from NYU with a focus on information security, and became a consultant with Bishop Fox in New York City. In between, he did 3 internships, and many Capture The Flags, or CTFs. Links Mentioned In This Episode: Kevin on LinkedIn Bishop Fox NYU Center for Cyber Security (CCS) - Lab referred to by Kevin [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Kevin Chung: "Whenever I helped younger students, I tell them that the most important thing is to have an idea, and to simply keep building on that idea or keep iterating on it. It's more important that you keep building that idea, or keep building that tool. Then, you keep reading about different ideas, or different approaches. " Speaker 3: "From the jayschulman.com studio, this is the Building a Life in Career in Security Podcast. Now, your host, Jay Schulman. " Jay Schulman: "Hey, it's Jay. Welcome to season 2 of the Building a Life in Career in Security Podcast, the podcast where you get to hear other information security professionals' career journey. Last week, in episode 17, Dan [Lion 00:00:42]. Dan started his career as a medical device engineer, and transitioned into a security role, and eventually to a security consultant. If you're into medical device security, and you definitely should be, you should definitely give this a listen. If you'd like to keep up to date with the podcast text "Security" to 33444 to be added to the podcast mailing list. " "This week on the podcast, we have Kevin Chung. Kevin graduated from NYU with a focus on information security, and became a consultant with Bishop Fox in New York City. In between, he did 3 internships, and many Capture The Flags, or CTFs. Here is Kevin's journey. " Kevin Chung: "Really, my story starts at high school whereas, like a lot of kids were doing things like math and science, I spend a lot of time playing around with my computer, as a lot of computer people tend to do when they're young. I didn't learn how to program until I was a junior. I guess the term would be computer literate, then you have things plugged in, and have things work, I guess. I didn't know how to program. I had finished high school with the intention that I was going to become a developer. I was going to go to school. I was going to know how to program and build whatever you need, like a website, some kind of company, or whatever. " "During high school I have competed in a competition run by [Poly 00:01:52] called CSAW high school Forensics. For those who don't know what CSAW is, it stands for Cyber Security Awareness Week, which is an event that NYU Poly does, or NYU [Tandon 00:02:02] as they're renamed now, does every year. High school forensics competition was oriented to high schoolers. It set them up with a computer crime. You had to solve in this case a murder by forensically analyzing an image of the murderous computer, or the suspect's computer. Me and a couple of friends participated. We won it. I ended up applying to Poly. I got in. They gave me the most money. I ended up going there. " "Going to this school, I didn't expect that I was going to be involved with computer security, although that was like one of the biggest things at Poly, and still is. I ended up going to their security lab there, which is it's kind of unfortunately named because of the acronym is ISIS. It stands for Information System's Internet Security. I think we renamed it now to something else. At that time, it was called the ISIS lab, very unfortunate. Instead of really prioritizing learning how to program, how to develop and how to create things, I started going to the security lab more often. I learned, on top of how to develop things,
Welcome to Season 2 and Episode 18 of the Building a Life and Career in Security Podcast. Today's guest is Dan Lyon Dan started his career focusing on building medical devices. After a few twists and turns, he ended up focusing on securing them. Now, as a Principal at Cigital, he's helping secure an industry. Links Mentioned In This Episode: Dan on LinkedIn [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Transcript on the way. [/content_toggle] The post Dan Lyon appeared first on .
Welcome to Season 2 and Episode 17 of the Building a Life and Career in Security Podcast. Today's guest is security recruiter Matt Decker. My goal in bringing Matt on is to give us all a couple of tips on interviewing and getting a job from the recruiter point of view. You may agree or disagree with Matt, but it all comes from many years of recruiting. Links Mentioned In This Episode: Matt on LinkedIn Seven Source Website [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Matt Decker: Build a relationship with companies. Don't always think, "Hey, the first time I meet them, I'm going to blow them away." They want to get to know you. They want to understand who you are, what the value is that you bring to the table that is different than the people that they've already been speaking with. Speaker 2: From the jayschulman.com studio, this is the Building a Life and Career in Security Podcast. Now your host, Jay Schulman. Jay Schulman: Hey it's Jay. Welcome to season two of the Building a Life and Career in Security Podcast. The podcast where you get to hear other information security professional's career journey. Last week in episode fifteen, we had Bryan and Brian, from the Brakeing Down Security Podcast, on the podcast talking about their career journeys, which led them to meet and create the podcast. I really like telling about how two people work together to grow their career, and I'll to do something like that again in the future. If you would like to keep up-to-date with the podcast, text "security to 33444" to be added to the podcast mailing list. Remember, we're not going to text you in the middle of the night. This week on the podcast, we switch gears to talking to Matt Decker, a security recruiter. My goal in bringing Matt is to give us all a couple of tips on interviewing and getting a job from the recruiter point of view. You may agree or disagree with Matt, but it all comes from many years of recruiting. Here is Matt's journey. Matt Decker: As you know, I'm in Chicago. I've been in the recruiting industry for eighteen years total, at this point. I am currently the president of SevenSource. We're a cloud infrastructure, software and professional services, talent consulting group. We help organizations shape up their recruiting processes as well as recruit actively for many different technology companies. I became active in information security to begin with in 2011, when I was hired to rebuild and scale the internal and external recruiting functions at Halock Security Labs. If you're in Chicago, you probably recognize that name, a great company and great people. I was really drawn to the information security industry after doing quite a bit of research, a lot of differences in the approaching complexity of effectively staff security teams versus standard IT teams. Even today as I talk with CIOs and CISOs about staffing teams, I'm seeing a lot are behind the curve due to constantly change in threats or exploits. It's an ever changing landscape, whether it would be cloud, modern or tech or infrastructural software. I really loved the industry quite a bit. I have noticed that knowing throughout the industry that many of the exact were practitioners in the '90s and early 2000s, and became accustomed to hiring a certain way. They would determine an event, kind of what was needed based on whether they were a Microsoft shop, an Oracle shop or SAP. Then they would build a bench of every skill set that they could possibly need and simply change release numbers with upgrade, when they are doing recruiting. It's very, very static. What excited me about information security is it's very dynamic. I will kind of dovetail this around to how a job seeker can benefit from this industry and how they can best prepare. An example of that static environment was knowing, five years ago,
I'm taking a break from our regularly scheduled podcast to talk about my hunt for a new job. I left Cigital in December and set off on a job search to find my next great opportunity. In this week's special episode, I walk through the entire job search process from talking with recruiters to tips and tricks in searching for a job. What did I miss? I told you the things that were top of mind to me. What would you like to know more about? Again, my hope is that my experiences (and the experiences of all of the guests) help you in your career. The post Special Episode: Jay Gets A Job appeared first on .
Welcome to Season 2 and Episode 15 of the Building a Life and Career in Security Podcast. Today's guest is the Brakeing Down Security Podcast team of Bryan Brake and Brian Boettcher. Both met while working at Xerox and became mentor/mentees in helping grow their own security careers. As they were trying to learn security themselves, they realized that by recording their conversations together they could help others. And the Brakeing Down Security Podcast was born. Links Mentioned In This Episode: Podcast Website BrakeSec Podcast Twitter: @brakesec Email: bds.podcast@gmail.com Bryan's Twitter: @bryanbrake Brian's Twitter: @boettcherpwned Podcast on iTunes Jay on Brakeing Down Security [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Bryan Brake: Somebody from Apex, it was one of the recruiting agencies, said "hey, I got this job at Xerox." I said, "okay. What's it about?" They said, "oh, they do vulnerability management and stuff." I said, "okay, I know how to do that." So I interviewed with ... actually, this is where Mr. Boettcher comes in. I actually interviewed with Mr. Boettcher, and we hit it off immediately, because I was like, "oh, hey, his name is Brian," and I was like, "man, how am I ever remember how to spell his name? I mean, how do you spell that?" And, yeah, they hired me, and I learned as much from Mr. Boettcher as he thinks he did from me. Intro/Ending: From the JaySchulman.com studio, this is the Building a Life and Career in Security podcast. Now, your host, Jay Schulman. Jay Schulman: Hey, it's Jay and welcome to season 2 of the Building a Life and Career in Security podcast, the podcast where you get to hear other information security professionals career journey. Last week in episode 14, we had Martin Reyes on the podcast talk to you about his journey from manager at a big bank, including being laid off. Great, heartfelt insight from Martin. If you'd like to keep up-to-date with the podcast, text "security" to 33444 to be added to the podcast mailing list, and just as always, we only capture your email address, and not your phone number. No one is going to texting you. This week on the podcast, we have an absolute first. We have the [Brake on Security 00:01:26] podcast team joining us. That is two guests in the same podcast, Bryan Brake, and Brian Boettcher. What I really enjoy talking about both Brians is how you can see them constantly learning from each other, not only in this podcast interview, but in their podcast that we'll talk about, the [Brake on Security 00:01:42] podcast, makes for a really interesting conversation. Here are both Brians journeys. Brian Boettcher: All right, my name is Brian Boettcher. I'll begin with my college life. I started as, I wanted to be an electrical engineer, because that's kind of where the money was at the time I was going into college. I was good with technology, and so I was like, "okay, I'm going to be an electrical engineer." So, I went to a major university, the University of Texas, and I started there. I did pretty well the first couple of years, but I kind of wasn't really what I really wanted to do. I couldn't find that passion, right? So, I figured, "if I don't like to do this, maybe I should really do something that was completely different." So, I applied to be an English major, and I was accepted. Here I was, did a total 180, and I was in the English department. I liked being in the college of liberal arts, because it was completely different people that I became friends with. Literature was cool. But then, when I started writing my papers, and my opinions on certain books, the TAs would just totally annihilate my writing. They would say, "no. The author didn't write this because of what you said. They wrote it because of this, I mean this is the standard."
Welcome to Episode 14 of the Building a Life and Career in Security Podcast. Today's guest is Martin Reyes Martin started off on a help desk and worked his way up to a managerial position in information security for a big bank. I appreciate Martin's insight having been docked down a few times and how he got right back up. Links Mentioned In This Episode: Martin on Linkedin [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Martin Reyes: When I got let go, I was lost, I was humbled. I felt like my life was over. What am I go to do now? How am I going to pay my mortgage? Now am I going to pay my bills? I am married at this point so it was a really tough adjustment. Again, I think this is where I suffered from fear. Not having that confidence in myself that I was qualified to do some of these jobs. Speaker 2: From the jayschulman.com studio this is the Building a Life and Career in Security podcast. Now, your host, Jay Schulman. Jay Schulman: Hey it's Jay. Welcome to Season 2 of the Building a Life and Career in Security podcast. The podcasts where you get to hear other information security professionals career journey. Last week in Episode 13 we had Nick Merker on the podcast talking about his journey from security profession to lawyers. I really enjoyed our conversation about cyber insurance. If you missed it head back to Episode 13. If you'd like to keep up-to-date with the podcast, maybe you missed Nick. Text 'security to 33444' to be added to the podcast mailing list and just so you know, it only captures your email, not your phone number. No one is going to be texting you in the middle of the night. This week on the podcast is Martin Reyes. Martin started off on a help desk and worked his way up to a managerial position in information security for a big bank. I appreciate Martin's insight having been docked down a few times and how he got right back up. Here is Martin's journey. Martin Reyes: I guess the way we can start off is I was at ... Right of college, which was a major in comp sci, computer science from DePaul University. I think it's worth mentioning that my initial major was accounting at the time. I might be dating myself but that was where the money was, I guess when you were coming out of college. I learned pretty quickly that it's not something that I wanted to do. Computers was something that I was very interested in, dating back to my Commodore 64. There wasn't really a market for a job as it relates to computers. There were no home PCs or anything like that. As I switched majors to comp sci I continued to seek employment in accounting. I landed a job in accounting very early on, I would say mid-'90s and almost immediately I took a liking to the networking side of what we were doing. They were terminals that we were entering information in as accountants, but the networking side really took my interest, so as much as I could I started working with the networking side. Slowly but surely that job evolved into me working the networking side. From there I knew that I didn't want to have anything to do with accounting. I left that company and I went to a law firm, tiny law firm. At that tiny law firm I was a, I would say help desk/network administrator. That's really where I really got involved in the infancy stages of information security. I really enjoyed what I was doing. Clearly, I had outgrown the law firm pretty early on; it was just limited what I was allowed to do. The budget was very small so I quickly moved over to, I would say 2 years at the law firm, quickly moved over to KPMG. Now, when I went to KPMG, it was in what was probably referred to as the non-revenue generating side of KPMG so I was doing help desk and network administration. That job quickly evolved into network admin. I think it's important here to point out that while I was really enjoying the help desk side of stuff,
Welcome to Season 2 and Episode 13 of the Building a Life and Career in Security Podcast. Today's guest is Nick Merker. Nick started his career in IT information technology and security but then went to law school at night. Now he is an attorney combining his knowledge of security with the law. Nick is currently an attorney with Ice Miller. Links Mentioned In This Episode: Nick on Linkedin Nick at Ice Miller [content_toggle style="1" label="Show%20Episode%20Transcript" hide_label="Hide"] Nick Merker: When you want to buy a cyber insurance you really have to look at each policy and actually read each policy and understand what coverage you are getting and maybe work with an insurance lawyer probably to understand what type of coverage you are getting because it really is the Wild West. Each policy is very different from the next one. Male: From the Jay Shulman.com studio, this is building a life and career in security podcast. Now your host Jay Schulman. Jay Schulman: Hey it is Jay and welcome to Season Two of the building a life and career in security podcast. The podcast where you get to hear other information security professional’s career journey. Thanks for coming back to the winter semester. If you missed season one, I encourage you to start with my season one master class episode from December which walk through all of our guests. If you'd like to keep up-to-date with the podcast, text security to 33444 to be added to the podcast mailing list. It is just going to capture your email and not your phone number. No one is going to be texting to you, I promise. To kick off season two, I really have an interesting guest Nick Merker. Nick started his career in IT information technology and security but then went to law school at night. Now he is an attorney combining his knowledge of security with the law. Here is Nick’s journey. Nick Merker: I started as a systems engineer with a very small internet service provider in my hometown at age 14. I actually volunteered after school I would go until 8 o’clock at night and kind of learn the in’s and out’s of systems engineering from a good friend Kevin Astry, who actually was on your podcast couple of weeks ago I think. From there, I didn’t really care about security and I worked at the local internet service provider for a while. Then I went to the University of Illinois and started working at a bioacoustics research lab as a systems engineer again. Again I didn’t care about security. It never was on the top of my mind. I was just in Linux and Solaris boxes kind of poke around making sure things would work for people that needed it. It wasn’t until maybe a year into that position that we were hacked pretty badly and some research data for one of the graduate students was lost. A hacker came in and I don’t know why but his goal was to just trash the system that we were using for research. This person lost some research data that wasn’t being backed up as frequently as it probably should have been. It was that moments when I was a sophomore I guess at the University of Illinois that I started to actually care about security and realize that this is a very big issue in computing. It is not enough just to make infrastructure work. You have to also protect that infrastructure from unauthorized third parties and I learnt that the hard way. It is from here after I graduated with a computer science degree at the University of Illinois, Kevin Nastry again brought me up to Chicago to work for classified ventures or probably better known as Cars.com. I worked there for a while as a systems and network engineer and then I led our information security team from a corporate perspective. That was incredibly interesting for me because I started to being able to … Cars.com was broken out into multiple verticals with different systems infrastructure. There was a Linux Group.