0:53

How's it going , Ashley ? It's great

0:55

to finally get you on the podcast . I

0:57

looked back and I think that we've been

1:00

planning this thing for over a year . At this point

1:02

.

1:02

We really have haven't we .

1:06

Yeah , it's

1:08

always interesting to see how

1:11

I fit it in with

1:13

other people's schedule and my own schedule

1:16

. There's always something , something

1:18

that comes up , especially when you have a little one-year-old

1:21

running around the house like

1:23

it's like oh I guess we have to go to the doctor

1:25

today . I guess we have to do whatever you

1:27

know oh , I got . Yeah , I mean

1:29

I don't have kids , but I have a lot of pets

1:31

yeah , yeah , right , like um

1:34

, you know my , my

1:36

wife , when I married her she had two

1:38

guinea pigs and uh

1:40

, you know so . So obviously

1:43

they became my guinea pigs , um

1:45

, very quickly . And you

1:47

know , one of them got sick and it was

1:50

like it was like a random 2500

1:52

bill , oh my goodness it's like this is a guinea pig . We

1:55

got it for 50 bucks . You know , oh

1:57

my goodness , and you

2:00

know . Then the second one got

2:02

sick . Same thing . I'm like , oh

2:04

my gosh , like

2:07

it was just back to back .

2:09

Yeah , I could see that my dog has an ear infection right

2:11

now and it's like it's just

2:13

it's too much . But

2:20

I don't think it's a good comparison in regards to children

2:22

and pets , cause they're they're two different species

2:24

.

2:24

You know what I mean . Oh , yeah , yeah , yeah

2:26

, absolutely , I , you know , go going

2:29

into going into

2:31

being a parent . I didn't realize , you

2:33

know it . It literally takes 100%

2:37

of your when , when

2:39

they're around , it's uh , it's

2:41

insane yeah , it really does .

2:43

It's worth it . You know , like like

2:46

they're just full of love and you

2:49

pour your heart and soul into this little human that

2:51

you love so much .

2:52

I think that's important oh yeah , I , I

2:54

love it . I , I love being a dad . It's

2:56

my favorite thing in the world . I'm so glad

2:59

I'm a dad . Like I want as many kids

3:01

as we can have . You know , like that's

3:03

uh , it's fantastic

3:05

. My boss , he actually has six

3:09

kids and I'm like man , when

3:12

you're gonna stop , he goes no , no , this is the

3:14

last .

3:14

Two are mistakes at least

3:19

he's honest .

3:19

Yeah yeah , well

3:22

, uh , you know

3:24

, ashley , I'm really interested in

3:26

hearing your background . You know hearing

3:29

where your story starts

3:31

for it and security overall

3:34

. You know what made you want to get into this

3:36

field , what

3:38

made you want to go down . You know this path

3:40

.

3:41

Sure , yeah , it's a it's . So

3:44

I'll be very honest . I don't have any

3:46

background in this whatsoever . I

3:48

went , did my bachelor's

3:51

of community studies and then I went on to do my master's

3:53

in environmental studies . So I'm located in Canada

3:56

. I went to Toronto for my master's

3:58

and when I graduated there

4:00

wasn't any work in environment . So I traveled

4:03

, just traveled overseas . I partied

4:05

for a year , had the best time of my life . Then

4:07

I came home and I'm from Nova Scotia

4:10

. So it's a province the most not

4:12

the most easterly , but an easterly province in

4:14

Canada . So

4:19

I'm right on the Atlantic and I love it here . I need to be near the ocean . I think

4:21

I'll die without it . Like that's my whole persona . It's

4:23

very relaxed , everyone's really

4:25

nice , like , for example , my neighbor will mow

4:27

my lawn . She'll sneak over

4:30

to my house and mow my lawn . Like this

4:32

is just the vibe of

4:34

where I'm at . So I always wanted to be back home

4:37

. So when I came home I

4:39

was working at a call center and then I networked

4:41

into being a university professor . So

4:44

I was a professor . I taught gender

4:47

, class and race , ethics , community

4:49

studies , social justice and international

4:52

social justice , and I taught them First

4:54

Nation communities , which was really rewarding

4:56

and very cool and I taught them First Nation communities , which was really rewarding

4:58

and very cool . But the issue with that is it's not full-time

5:00

work , you're contractual . You teach

5:03

, then you're done . And I

5:05

looked for something more secure and

5:07

I actually ended up in careers . So

5:09

I was at a career center helping people find

5:11

jobs , so

5:19

literally helping people create resumes , how to network , how to do interviews , and I kept

5:21

seeing IT and like developers , security analysts coming

5:23

through my door looking for help , recent

5:25

graduates , things like that , and I was just really

5:28

into it . I thought it was very cool and

5:30

I remember I put a sticky note on my computer

5:32

and I said someday I will work in cybersecurity

5:35

. I had it down , I knew I

5:37

wanted to do it . I found it really interesting

5:39

. I like the security field , I

5:41

like protecting people , I like creating safe

5:43

environments . It seemed like a good fit

5:45

. So I fast forward

5:47

to COVID you know a few job

5:50

losses , etc . And I went well

5:52

, now's my time . So I literally

5:54

took a few courses . I did

5:57

a cybersecurity boot camp and

5:59

I was like , okay , I don't really like anything

6:02

technical . It turns out I'm not a very good technical

6:04

person . I'm like well , how can I navigate

6:06

security , because there's this whole assumption

6:08

. Then security I'm wearing

6:11

a hoodie , I'm typing , I am hacking

6:13

which actually is not security

6:15

at all and I started

6:17

networking . I snuck into a conference for

6:19

students and I said I was a student , which I

6:22

wasn't . I just snuck in , met

6:24

a few mentors , loved

6:27

every minute of it and then

6:29

I eventually got hired in a fintech

6:31

out of Toronto to start

6:33

with RISC and from

6:35

RISC I went from RISC

6:38

to GRC so

6:40

I was helping that I was doing like vendor

6:42

management and security , and

6:44

then I came into like program management

6:47

and that's where I'm sitting now . So I'm

6:49

doing a lot of auditing . I'm doing I'm

6:52

actually in the process of helping manage

6:54

a vulnerability management program like getting that

6:56

off the ground , process of helping manage

6:58

a vulnerability management program like getting that off the ground plus PCI

7:00

DSS , doing other audits . I'm also helping manage

7:02

education , like

7:05

education awareness . So

7:07

I feel like I came at it from a different

7:09

perspective . I didn't go to school , I

7:11

don't have formal education and I'm not very good

7:14

at technical anything , but what I have

7:16

is passion , willingness to learn

7:18

and I love to build

7:20

relationships , which really helps for that program

7:23

management side .

7:26

Yeah , it's really fascinating . You

7:28

know I've done so many

7:30

of these episodes almost 200 at this

7:32

point . Congrats , that's great , oh

7:36

, thanks , yeah , and you

7:38

know , I still haven't heard the same

7:40

background twice , right , like everyone

7:43

has such a unique path into

7:45

security which , you

7:47

know , I think it might be even

7:49

unique to the industry . Say

8:00

, that is because you know , security needs so many different mentalities , so many different

8:02

backgrounds , to have a different you know thought or different , you

8:04

know way of thinking in the room . Um

8:07

, that it will accept

8:09

, you know , just about anyone from any

8:11

background . Right , and I think that that's also

8:13

a huge hurdle for a lot

8:15

of people to kind of get over . Right in

8:17

their head is like , oh , you

8:19

know , I'm coming from

8:21

, you know a music background or something

8:23

like that . Right , yeah , how

8:25

would I ever make that transition ? It's like , well

8:28

, you know , and you did it a very unorthodox

8:30

way , right , you

8:48

kind of focused on one of the I would say one of the lesser , I guess lesser prioritized pillars of

8:50

building a successful career is the networking part of it . You know , and I remember when I was starting

8:52

out , you know I would be going to these talks not know

8:54

anything about security , not know anyone

8:57

there , and I'm trying to network

8:59

, I'm trying to get my foot in the door . You

9:02

know , talking to all these people that I had no

9:04

business talking to , probably , you

9:06

know , and just doing everything I possibly

9:08

could , which

9:10

is really beneficial . It's really

9:12

beneficial to get that experience , to

9:15

learn something new at a , at

9:19

a talk that you , you know , probably

9:21

wouldn't have , you know , been at

9:23

regardless if it

9:25

wasn't , you know , for that little nudge

9:27

, um . So I , I

9:30

really kind of resonate with that

9:32

experience .

9:33

You know it's it's it's

9:35

really unique well , a lot of people

9:37

too are scared to network . You know

9:39

I I'm not petrified of much

9:41

, you know , maybe maybe a wasp

9:43

like you know what I mean . But when

9:45

it came down to it , I was cold calling

9:48

, I was cold emailing . I was going to

9:50

because it was during COVID . There was no in

9:52

person but there was a lot of virtual events . I was going to

9:54

virtual events and

9:58

a lot of virtual events . I was going to virtual events and for me , I think the fear of networking

10:00

simply is that a lot of people have imposter syndrome

10:02

, so we don't recognize our skills and abilities

10:05

and how important they are to an industry that maybe

10:07

we're not in yet . But

10:09

there's also confidence building . How

10:11

do I talk to someone or ask questions about

10:13

something that I don't know ? So we're always worried

10:16

about ? Will I look silly ? And

10:18

I don't care how I look , because

10:20

I know who I am . I'm authentically myself

10:22

and overall I am a nice person

10:24

that will genuinely care about you

10:26

. So when I make these connections

10:28

it is because I'm I inspired

10:31

to be you . I want to learn from you . You

10:33

have something that's beneficial and I

10:35

think you're intelligent . Please share it . And

10:45

from that I've had multiple mentors . Now . I'm actually mentoring now , which I never

10:47

thought would happen in security . I never thought that would

10:49

happen and I'm mentoring . So for people who are just scared to

10:51

take that leap , the worst case , your

10:53

worst ever case , will be a no , that's

10:56

not a big deal . If someone doesn't want to talk to you , it's

10:58

their problem . Go find someone else .

11:01

Yeah , that's a really good point that

11:03

I try to really drive

11:05

home to my listeners is that when

11:10

you approach a situation

11:13

where you're looking for a yes or no

11:15

answer , I I go through

11:17

this all the time with with the podcast

11:19

, trying to find interesting guests you

11:21

know to bring on and whatnot . Right , what's

11:24

the worst case scenario ? If they say no , you're

11:26

in the exact same spot that you are in

11:28

. But if you take that risk and they

11:31

say yes , you're potentially in a

11:33

new spot , you're potentially moving

11:35

closer towards your goal , you know . So

11:37

there's no reason to kind of be afraid of that

11:39

, of that no anymore

11:41

. And now you know , I'm probably like the

11:43

most annoying uh podcast

11:46

host . When I decide to reach out to someone

11:48

, right , like I reach out until I get a no

11:50

or a yes , I'm sure

11:53

it's , I'm sure it's frustrating , um

11:56

, right , it's just , you know

11:58

, as , as

12:01

you know , someone in

12:03

my shoes , right , when people reach out to me

12:05

, I always try to make an effort to

12:07

reach back out and sometimes

12:09

I I forget . Great

12:11

example you know , someone reached out to me , uh

12:14

, back in , like like November to come on their

12:16

podcast , and I

12:19

had completely forgotten to even respond

12:21

and literally an hour ago the

12:23

message popped up like somewhere

12:25

in LinkedIn . You know you haven't responded to this

12:27

person in you know five months

12:29

and I immediately responded

12:32

. You know saying oh my God , I'm so sorry . You know

12:34

, I read this and I thought I responded

12:36

and I didn't and I completely forgot

12:38

about it . And

12:41

it's just . You know , it's

12:43

like that social dance . You know that

12:45

you're playing that eventually you get better at

12:48

as you do it .

12:49

Yes , oh , a hundred percent . Like , how many

12:51

times did you and I go back and forth and then forget

12:53

to respond to each other and then no

12:56

, I'm glad you came at me when you didn't . Do

12:59

you want to come on or no ? Let's get a date Like that

13:01

was great . I admire that . You

13:03

know , sometimes you have to . Life gets

13:06

in the way and I think that's kind

13:08

of where it's at . But you try and

13:10

that's how I feel with security is , you

13:13

know and I say this mostly because

13:15

I'm a woman in security I'm the only woman on my

13:17

team right now . I feel

13:19

very much minority in security and

13:22

I kind of make that my platform to inspire

13:24

other women , and not just young women , but older

13:26

women too . It doesn't matter what age you are

13:28

. The fact is you have transferable

13:30

skills . You have other qualities that

13:33

you can bring into the security

13:35

world that maybe someone else

13:37

doesn't have . Like you

13:44

have your own toolbox and that toolbox is genuinely yours . No one else will solve a problem just

13:46

like you . No one else will have ideas just like you . Like you're an individual

13:48

. So I always kind

13:50

of make that my brand right , like push to

13:52

try new things , don't

13:54

be scared of no's , be determined

13:56

and get out there and engage and

13:59

you know , if you have problems with that , there's

14:01

opportunities to help you .

14:03

Yeah , that's a really good point . You know , and I

14:05

feel like , with

14:08

cybersecurity specifically

14:10

, you know , people always think that

14:12

the field is made up of nothing but highly

14:15

technical people . Field

14:20

is made up of nothing but highly technical people , you know , and I mean , for for a long time even like

14:22

I even thought that , you know , and I was

14:24

in cybersecurity and it was because

14:26

I never , you know , I I

14:29

didn't have like that full , uh

14:31

, diverse experience , I guess , you

14:33

know , and then I went to a credit bureau and

14:36

, uh , you know , we had technical writers

14:38

that were women . They , they

14:41

knew it , you know , just as well as us

14:43

. They were just focused on documenting , you

14:46

know , the work that we were doing so that other people

14:48

can do their job more efficiently , and whatnot

14:50

, not technical , but

14:52

, you know , need to be able to understand

14:55

it to some degree , Right , you

14:58

know , need to be able to understand it to some degree , right , and program managers

15:00

and project managers , and you know there's a lot that

15:03

goes on within security that I think

15:05

people don't really don't

15:07

really realize , you know . So what does your

15:10

, what is your day to day look

15:12

like ? You know , you said that you're , I

15:15

mean , you said you're doing a lot from

15:18

what you said . There's a lot going

15:20

on , so what's your day-to-day look

15:22

like ?

15:22

My day-to-day is different every day . That's

15:24

the thing with it that it may be

15:26

helping set up a vulnerability management

15:28

program . So I'm not familiar

15:31

with vulnerability management , I'm

15:33

brand new to this , but my skills

15:35

match with setting it up and

15:37

managing people and ensuring the deadlines

15:39

are met . You know so more

15:42

. So it's okay . What policies

15:44

or procedures do we have to follow ? Okay

15:46

, these are your ideas . Well , I'm going to challenge some

15:48

of those ideas because to me , to

15:51

have a successful security anything program

15:54

, team management it's

15:56

about people . So if

15:58

we're going to create a vulnerability management program

16:01

, for me it's always ensuring that

16:03

developers , people

16:05

involved in that management , all

16:08

know their expectations . They all

16:10

have policies , procedures , but they also

16:12

feel safe to talk about any concerns

16:14

they have . You know , it's no fun

16:16

to go into something ever it

16:18

doesn't matter if it's in security it's no fun to go

16:20

into something not prepared or not

16:22

knowing what's expected of you . That's no fun

16:25

. So like that's

16:27

kind of part of that that I'm always ensuring

16:29

that these are met , these priorities

16:31

are met and people are helped . You

16:34

know , and for me , security isn't just technical

16:36

, it's a people-centric Teams

16:39

work . You know , and for me , security isn't just technical , it's a people-centric

16:42

teams work together , collaborate . Security isn't every one thing

16:44

, so there's that . It's also ensuring , because I work in fintech

16:46

, that we have our pci , so that's going to be going

16:48

to get evidence . So I'm collecting evidence

16:50

from several different teams and working with auditors

16:53

and you know all this stuff , but also

16:55

doing phishing simulations like I

16:57

. My day is never boring

16:59

. I wish it was boring , that

17:02

would be great , but it never is . There's always

17:04

something on the plate . I'm always having discussions

17:07

and it's challenging me , and I

17:09

didn't think when I went in to security

17:11

because I didn't have confidence in myself

17:13

that I would be

17:16

as good at it as I am . I

17:18

didn't think that lots of other people

17:21

kept being like you're going to be great , you're amazing

17:23

, but for me , I I just

17:25

didn't see it until recently , and

17:28

now I know like I'm doing an okay job , I'm

17:31

pretty good at this and I will take on

17:33

your challenges .

17:33

I might not know everything , and that's okay

17:35

, but I'm going to learn as I go and if

17:37

I have questions I'm going to ask , and I've you

17:39

know , I've worked for some companies before where that

17:57

was kind of the culture , right , when people

17:59

were afraid to ask questions to

18:01

certain people because

18:03

you know they would be undermined in some way

18:05

, you know behind closed

18:08

doors , without them even realizing it , or whatnot

18:10

, and that's yeah

18:12

. And that's always a terrible environment

18:15

to really be thrown in , especially

18:18

as someone that's just starting out . Oh wow , you

18:21

know , this was on a team

18:23

where we were all very , you

18:25

know , early on right , Like half

18:28

of the team just graduated college , oh

18:30

wow , and you

18:33

know the other half of the team had just started

18:35

in security and so

18:37

to be thrown into that environment it's like

18:39

man this can really sway me

18:41

away from cyber security altogether

18:43

yeah , oh , 100 .

18:45

I remember when my so when I first got into

18:47

this , I did um , I was

18:49

asked to do a presentation and

18:52

it was just kind of not technical

18:54

. It was a presentation about transferable

18:56

skills , because I have this career background

18:59

. That's what I've been doing is transferable

19:01

skills how do you take your skills and utilize

19:03

them somewhere else . So I did this whole presentation

19:06

and we're talking about feeling

19:08

like maybe you don't want to go in security and for

19:10

me this will be a bit graphic , but it'll make sense . I'm

19:12

not going to go in full detail , but as

19:14

I did that , someone stole

19:16

my presentation and they drew

19:18

, like you know , very

19:21

provocative , mean things on

19:23

my presentation . They wrote curse

19:25

words , you know , like

19:27

very sexualized , rude

19:30

comments on my presentation , to

19:32

the point that , being a woman , this is

19:34

my first ever presentation

19:36

in security where , being a woman

19:38

, I almost felt like , okay , if this is what this environment

19:41

is , I don't want to be here , I

19:43

don't want to be in this . You know , like that's not

19:45

a very accepting environment . But

19:48

I did end up , you know I turned

19:50

it around , but they drew

19:52

very bad drawings and then I eventually

19:54

said if you're going to draw it , draw correct . You're a horrible

19:56

artist , you know , and

19:59

everyone laughed like

20:01

do it right the first time , so

20:04

either way . Then they got kicked out

20:06

and that's where I kind of turned my presentation

20:08

around to why

20:10

it's important to recognize that this is what

20:12

women can go through , why it's important to understand

20:15

that being a

20:17

woman , being a minority , being

20:19

, you know , someone not usually

20:21

found in the field , can be challenging

20:23

. And I feel very grateful because my

20:25

whole team is so

20:27

supportive and they're dynamite and they constantly

20:30

are pushing and they have my back all the time , like

20:32

I'm very lucky and I love it , you

20:34

know , but some people they

20:36

just leave because they they don't feel that

20:39

connection or being welcome yeah

20:42

, it's , you know it's , it's uh , it's

20:44

crazy the things

20:47

that , like , women

20:49

have to put up with or not have

20:51

to , but you know what I'm saying , like what they go through

20:53

in the workplace .

20:55

Um , I , I've had on , you know , several

20:58

other women and they all have , you

21:00

know , different stories . Some of them , you know , have

21:02

really good stories of not , you

21:04

know , uh , encountering any of that or anything

21:07

like that . But you know , it's so

21:09

childish , right , like it's so childish , right , like it's

21:11

beyond childish even . It's like why

21:14

, like this is another professional , right

21:16

, like she knows

21:18

her stuff in her area , she's

21:20

not trying to venture out , she , she's

21:22

, you know , staying within her bounds

21:25

, not saying anything incorrect , and

21:27

you're giving them a hard time for no

21:29

reason .

21:30

Even if they didn't

21:32

stay in their bounds or whatever . That

21:34

would be what I

21:36

mean . Like there's , we have

21:39

discussions .

21:40

Don't go to this lens like

21:42

silly stuff , you're right oh , yeah

21:44

, yeah , I mean I , I , I

21:47

want to , I guess , clarify , like the bounds

21:49

statement , right , the reason

21:51

why I said bounds is because

21:53

people in the community can

21:56

like , when you're out of your depth

21:58

, right , and you're not , you know , an

22:00

expert in some area , it opens

22:03

the door for people to criticize

22:05

you , right , not that you shouldn't talk about

22:07

it , not that you shouldn't ask questions about it or anything

22:09

like that . Um , but I'm saying , like

22:11

, you didn't even open the door for

22:13

anyone to do this and they kind of

22:15

kicked it down . You know what I'm saying

22:18

. So , like it's not , I didn't want

22:20

that to come off as , like

22:22

you know , oh , they should just stay

22:24

within their area .

22:25

No , no , I got it and I think , but

22:29

it's not at all . Yeah

22:31

, and I think but it's not at all .

22:32

Yeah , to have those , but it is important to have that fostering

22:35

environment and it

22:37

really was like that one

22:39

, that one experience really

22:41

could turn a person off , you

22:43

know yeah , I mean , honestly

22:46

, if that happened to me , I mean I probably

22:48

would like just walk off

22:50

stage right , like I I

22:53

honestly I don't know how I would handle

22:55

that Like that would be , I would

22:57

find a new career , probably if it was early

22:59

on too , like oh

23:01

yeah , I'm , I'm not , I'm not going

23:03

back there , I'm not going into this career , that's

23:06

just , but that's just me . You know , I

23:08

really give you a lot of credit for sticking

23:10

with it , because , honestly , I

23:13

probably wouldn't have stayed with it .

23:14

A hundred percent . I remember once . So it's interesting

23:17

. This is I love talking about this because I'm very

23:19

passionate about it , but also a lot

23:21

of women go through similar things , but they never bring

23:23

it up because it's there's a fear

23:25

of this . Oh , if I talk about

23:27

my experiences or if

23:30

I cry , I'm weak , and

23:34

it's like no , you're not weak , you are a human . Your feelings are valid

23:36

, everyone's feelings are valid . Leave it there . I remember , even

23:38

outside of security , like

23:40

so , I have IBS , so I'll get a bit bloated

23:42

, and people will come up and touch my belly and

23:45

be like when are you having your baby ? Oh

23:47

yeah , like when are you due ? Like

23:50

I'm not thank you

23:52

, or I respond go , I'm just fat . Like

23:54

, leave it alone , you

23:57

know . So there's just these weird things that

23:59

happen that I was not prepared

24:02

for entering the workforce . But

24:04

if I'm bringing that back to my team now

24:06

, like I was very clear

24:08

with them , all of my experiences , bad

24:11

managers I've had , like my

24:13

, because I still have imposter syndrome

24:15

, and you know , every time

24:17

I do something , even if I do it well , I wonder did

24:20

I do it Well ? Was that good enough , though

24:22

? Really it was , and I'm getting immaculate

24:25

compliments all the time . Oh , you did great . But

24:27

your self-doubt still kind of leaks in

24:29

. But my team has been dynamite

24:32

. You know , I was open with them about my experiences

24:34

and they are like they're . They're supporting

24:36

me , they're like my little cheerleaders , you

24:39

know , you got this . Oh my God , this was so good

24:41

and it's really beautiful to have . And

24:44

they're all dudes , like they're all men , and it's

24:46

amazing . Right , it's something I

24:48

didn't always have in my career

24:50

, so I'm grateful for that .

24:53

Yeah , it's , you know , you , you

24:55

, you touch on a lot of things there , so

24:58

you know . I think the

25:00

first key point might be that you're

25:02

open , you know you're , you're very honest

25:04

about you , know your own skill sets

25:06

right and where they lie and potentially

25:09

even your own insecurities with it right

25:11

. Because I remember when I was

25:14

trying to get into security

25:16

right and I just took the security

25:18

plus book and opened it up and I was like how

25:20

in the world am I going to learn

25:22

all of this ?

25:23

You know like .

25:23

I got my bachelor's in criminal justice

25:26

. You know like and

25:28

it wasn't until fairly

25:30

recently that I

25:32

didn't have imposter syndrome anymore . You know

25:35

like , I always felt like like

25:37

oh , I'm a fraud , right

25:39

, like they're going to find out that I'm a

25:41

fraud and if I say the wrong thing

25:43

or do the wrong thing , like they're

25:45

just going to get rid of me , you know , and that's

25:48

going to be the end of this run , right Like

25:51

I . I had that

25:53

literally up until probably two

25:56

years ago , maybe maybe two

25:58

years ago maybe even sooner

26:00

you know , and I've been for

26:04

10 years- Wow .

26:05

So for eight years of your career

26:07

in security you had imposter

26:10

syndrome . Wow , I

26:12

guess that speaks numbers .

26:14

Oh yeah , absolutely . You know I think

26:16

it's important to to

26:18

mention . You know everyone goes

26:21

through something like this right , like , if you're

26:23

not , I feel like if you're not going through

26:26

imposter syndrome at some point in time in your career

26:28

, you're probably not pushing yourself

26:30

outside of your box . You know you're probably not pushing

26:32

yourself outside of your comfort zone and

26:35

I feel like it's more prevalent when

26:37

people are really trying to do something

26:40

that's new . You know that they haven't

26:42

done before , they didn't even think that they could do

26:44

, and they're trying to do it anyways because , like

26:46

it's just stuck in their head and it's like I have to

26:48

try . If I don't try , I'm going to regret

26:50

it . You

26:53

know it's like that . You know that , that voice in the back of your head . Same thing with the podcast

26:55

. You know , like I used to have a little bit

26:58

of imposter syndrome . You know , talking

27:00

to someone , you know that might be the founder

27:02

, ceo or cso

27:04

of a company , and now it truly

27:07

doesn't matter to me what the person's

27:09

title is , like it , it does

27:11

not matter because they're all people

27:13

.

27:13

This is this . Is it that right ? Everyone's

27:16

a person . And , on top of that , that

27:18

cso was where you were . You

27:21

know what I mean . It's not like they were born

27:23

, they went and took education . They just

27:25

became a cso . Like that didn't happen

27:27

. They had to go through trials

27:29

, tribulations , had had to learn , and that's

27:31

why I think that's an important perspective

27:34

to look at . You know it's everybody

27:36

started somewhere .

27:38

Yeah , yeah , I , uh , I have a good friend

27:40

of mine that you know , when I

27:42

, when I got nervous talking

27:44

to people , he would say oh well , you

27:46

know , are they like from a different species

27:49

, like , are they human ? You

27:51

know , do they bleed red red ? You

27:53

know , and obviously all

27:55

the answers are yes and he goes well , then , what

27:57

are you nervous about ? It's just another person

27:59

and he

28:01

, he made a . You know it was

28:04

a really good way of thinking about it , you

28:06

know , because at the end of the day , we're all just people . We

28:08

may have different titles and whatnot , but we all have our

28:10

own story , our own path . You know

28:12

that we went down right and I , I , I own path

28:14

. You know that we went down Right and I , I , I hope my conversations

28:16

, you know , with you and with other people will help

28:18

someone , you know , kind of realize

28:20

that and and understand

28:23

that they can do whatever they , whatever

28:26

they set their minds to . You know they can

28:28

do it , no matter how big of a jump it is , which

28:30

you know , with , with , with , with you

28:32

going from the career center right

28:34

into cyber security

28:37

. I mean , if I were to , if

28:39

I were to guess , you know a hundred times

28:41

right where you were going to go from

28:43

a career center .

28:44

I never in a million years

28:46

would have guessed cyber security yeah

28:48

, and it's kind of funny to me because I had a

28:50

manager that , oh , we just did not

28:52

get along , we did not get on at all , threatened

28:55

to make me cry , like just not

28:57

a good manager , and I think

28:59

this is going to sound ridiculous , but I'm actually

29:01

grateful for that experience

29:04

because it made me push myself more

29:06

, like I was pushing myself to

29:08

prove to that person that I'm not a huge

29:10

fan of you know what ? I'm better

29:12

than what you think I am . I'm more

29:15

than what you think I am and I'm going to prove to

29:17

myself that you're wrong . And

29:19

that's been in the back of my head the

29:21

entire time while I was pursuing this career . I'm like

29:23

I'm going to prove this guy wrong , and I know it's not

29:25

the best way to do it , but it

29:27

was the kick that I needed . You know

29:29

, that person influenced my , and

29:38

the fact that almost like they tore me down

29:40

wasn't what I needed . So in the back of my head

29:42

I was like no , no , no , no , I'm

29:44

going to prove this person , I'm going to do what I want

29:47

to do , I'm going to get there . And then I did

29:49

and it was a huge accomplishment .

29:51

You know , it's interesting that you bring that up . I had a very

29:54

similar experience early on

29:56

in my career , and I don't think I've really

29:58

talked about it on the podcast

30:00

. You know , so early on

30:03

in my career a contract had ended

30:05

kind of abruptly with a company

30:07

. They extended several times , little

30:11

did I know they were going to go bankrupt within a year and so

30:13

they canceled the contract and

30:18

within like a week or two , maybe three , I had another job . I didn't know it at the

30:20

time , but this company , and specifically

30:22

the hiring manager over

30:25

the department , had

30:27

a fantastic history

30:29

of hiring people and

30:32

arranging the contract in such a way where

30:34

they can terminate you for any reason without

30:36

cause within 90 days . And

30:38

I didn't I didn't , you

30:41

know , understand that . I figured

30:43

it was , you know , a normal thing , cause

30:45

I'm so early on in my career . Um

30:48

, I figured , well , what am I going to do in 90

30:50

days ? That'll get me fired . You know , like I'm going to be learning

30:52

about the company and what to do

30:55

and all this other stuff , and

30:57

so I didn't think anything of it . Well

30:59

, you know , he , he gave

31:01

me these three or four major projects

31:04

to do , and I mean when you set

31:06

a goal in front of me , like I , I

31:08

just march towards it , like it doesn't matter what happens

31:10

, I just go towards it until I hit . Until

31:12

I hit it , you know , like I'm never late on deadlines

31:14

or anything like that , I finished

31:17

the goal , the , the projects , two

31:19

weeks before the 90 days and

31:23

, you know , the following monday I'm

31:25

like oh right , and come to find out

31:28

. He has a history of doing this , where he

31:30

purposefully hires people

31:32

to do projects that other people don't want

31:34

to do and gets

31:37

rid of them at the 90 day

31:39

mark or right around it . You know , and

31:41

uh , that was , that

31:43

was a huge thing for me . So I'm already

31:45

hurt , you know , from that perspective

31:48

. And it's the holiday season , so literally

31:51

in the holiday season , if you get fired

31:53

, you know you are waiting until January

31:55

to get a new job because a

31:58

hundred percent of companies are posting but

32:00

no one is really hiring . You may even

32:02

interview but no one is hiring . Right

32:05

, and you

32:07

know , I'm a new grad from school

32:09

, I have bills to pay , I have a

32:12

car loan , I have student loans , you know all

32:14

this other stuff . So it

32:16

was extremely stressful for me at the time and

32:18

I interviewed with

32:20

you know another company . Eventually

32:23

I got the job with this company , but

32:25

he requested to speak

32:27

to my previous manager and

32:30

my previous manager it

32:33

came down maybe a year later into

32:35

this new role . It came

32:37

down to my previous manager had said I

32:39

don't think he's cut out for IT . I

32:41

don't think that he should be in this field . He should probably

32:44

find another place to work . Well

32:46

, my new manager had said

32:49

anyone that'll say that about

32:51

anyone regarding it doesn't

32:54

know what the hell they're doing , and so

32:56

I completely disregarded everything

32:58

that he said . And I was like man , like

33:00

that , you know

33:02

, not not only was that a really good thing for him

33:04

to to do , it really spoke to

33:06

his character , but

33:09

that when he told me that

33:11

, when my new hiring manager told me that , probably

33:13

a year later , you know , in my , in my yearly

33:15

review , um , like

33:18

that lit such a fire

33:20

under me . It's like , oh , he , oh , he

33:22

thinks I can't , he thinks I can't

33:24

do this . Oh , okay , I'm

33:27

going to go get my master's , I'm going to go get my PhD

33:29

, I'm going to go be , you know , in

33:31

charge of , you know , one of the world's largest

33:33

automotive manufacturers , their cloud security

33:36

environment . I'm going to manage all of that . You know , like

33:38

all those things Like it . Just

33:41

it just takes me straight back there , like

33:43

I get , I'm getting fired up just talking about it , cause

33:45

it's like man , how dare someone tell

33:48

me I can't do it ? Like , like

33:51

what ? Like what are we talking about

33:53

right now ? You know that

33:55

was , that was such a a transformative

33:58

you know , experience and

34:00

time for me , because you know I went

34:02

through such great struggle for two

34:04

and a half months trying to find a job . I mean , it

34:06

was literally . It was literally the

34:08

Monday after Black Friday , the

34:11

Monday after Black Friday , you know

34:13

Thanksgiving . It just happened right

34:15

before my benefits were going to kick in .

34:18

Oh , it was right before your benefits . That's

34:20

why they did it A hundred percent . They don't

34:22

want to pay you benefits .

34:23

Yeah , yeah

34:26

, Well , you know , he , he , he had

34:28

a history of doing it and once I like knew

34:30

more people in the in the field , like

34:33

they told me , like you know , there's a lot

34:35

of staffing agencies here in Chicago

34:37

and none of them will work with

34:39

him because he has that history

34:41

of doing that . And they

34:44

all say , like it's not fair to our employees

34:46

because if they're doing a stellar job

34:48

they deserve to at a minimum be extended

34:51

, but this guy won't even extend them .

34:53

Or at least get a good review when your

34:55

contract's done . Like

34:58

you know what . To be honest , it sounds like . It

35:00

sounds to me like you

35:02

. You had a good miss on that

35:04

one .

35:05

Yeah .

35:05

Yeah , it

35:07

does , because that's a toxic

35:10

environment . You don't need to be in that .

35:12

Right , it's

35:15

interesting when you're earlier on

35:17

in your career it's so hard

35:19

to identify those toxic

35:22

, bad situations . Yeah , you know , because

35:24

you don't really know what to experience

35:26

, you don't know what to expect , you

35:29

don't have the experience to to

35:31

. You know , compare and contrast , right

35:34

, and uh , it's just

35:36

really . It's really interesting

35:38

because , like you know my current employer , um , you know

35:40

they just said this pretty . You know my current employer , um , you know they , they

35:42

just said this pretty recently

35:45

. You know , like , yeah , we don't pay

35:47

what the market pays , right

35:49

, we were not able to do that , but people

35:51

stay here because they like it here . And

35:53

you know that really rang true

35:56

, because I've been so many places that

35:58

were just miserable , you

36:01

know you , you you hated going

36:03

to work and everyone

36:05

, you know everyone was in

36:07

it just for the other guy , you

36:09

know not , not not trying to be there

36:11

, you know , for the company or anything . It's like man

36:14

, he's going through this too . I'm

36:16

going through it . If I leave , he's not going to have

36:18

anyone to lean on , you

36:20

know . But that sort of thing , it's

36:23

just interesting how you

36:25

know that doesn't even come up , you know

36:27

, in your head when you're going through something

36:29

like that or at least not for me .

36:31

I think that when you're happy at your job , that doesn't

36:33

come up anyway . So whether

36:35

you're a paid market value or not

36:38

, like if you're happy and you feel that

36:40

you're valued in your organization , that's

36:42

enough to keep you . Now , I mean , it is

36:44

nice to like make money , don't

36:47

get me wrong . Money is great , but

36:49

also that doesn't

36:51

just define or dictate

36:53

a good workplace . You need to feel valued

36:55

, you need to feel like you're growing , and

36:58

I think that that's very important

37:00

. So that's also

37:02

. I'm huge on expectations . I just have to say it . Like I'm huge on

37:04

defining and utilizing expectations

37:07

. No matter where you're at , let's

37:09

have expectations of your work , expectations

37:11

from my company . What do I expect from my company ? What

37:14

does my company expect from me ? How about my

37:16

teammates ? And so it sounds to me

37:18

like you have a very transparent

37:20

organization that has set good

37:22

expectations , so you know what you need to be

37:24

successful and that ultimately makes

37:26

you feel valued .

37:27

It's important yeah , it's um , I've

37:30

I've been in situations where I haven't had

37:33

that , and it's

37:35

always you're always wondering am I doing good

37:37

? Am I am I delivering

37:40

, you know , on this thing or whatever ? Um

37:42

, because you know , like I said before , right , like

37:44

when I'm given a goal , I just march

37:46

towards it until I'm done Right . So

37:48

I have finished projects , you know

37:51

, months earlier than

37:53

what people expected of me . And

37:55

here I am , you know , not doing that

37:57

much work afterwards , right , and

38:00

I'm feeling like , well , did

38:02

I do good ? Did I do right ? Am

38:04

I supposed to be doing something else ? You

38:06

know , it's uh , it's

38:09

an interesting mindset , I guess

38:11

it is .

38:11

Yeah , I think it's important though , and I

38:14

mean I guess it would be

38:16

, if you finish projects earlier , then

38:18

cheers , I

38:20

mean . So , yay , you have

38:22

a little bit more time . That's okay . As

38:25

long as your organization doesn't care , I think that's wonderful

38:27

. Yeah , you know you . So be

38:29

you and do what you can .

38:30

Yeah , that's a good point . You

38:33

know what are some unique challenges

38:35

that you encounter with

38:38

your role . You know it sounds very diverse . You

38:42

obviously don't come from a technical background . What

38:44

are some unique challenges and how do you overcome

38:46

them ?

38:46

So it's the technical , it's 100% the

38:48

technical stuff . You know , as

38:51

I'm in meetings , they're talking about servers and

38:53

I'm like what are we talking about ? Like I know what

38:55

a server is , but how ? Or they're

38:57

talking about AWS , or they're talking

38:59

about Kubernetes . Then we're talking

39:01

, like I can code , I can do

39:03

HTML CSS . I don't like it

39:05

, but I can do it . So when I'm talking

39:07

with engineers who are doing that part

39:10

, okay , I can understand , I can even

39:12

read your code , it's okay . But

39:19

when we're going into , like you know , any of the vulnerability management platforms we're using

39:21

and they're talking about , okay , well , here's our top 25 vulnerabilities , this

39:24

is how we're going to remediate them , and I'm like can

39:27

you just talk to me , like I'm five , just

39:29

for a couple minutes ? You know

39:31

, and it's not because I don't want to learn

39:33

that , just I

39:35

feel like it's so much information thrown

39:38

at me that I don't get

39:40

time to process it and

39:42

I'm kind of a visual and a

39:44

slow learner . I like to engage and ask

39:46

questions and I like to learn about something

39:48

, a theory , a perspective . You

39:51

know , what does it do ? How does it do it ? Why

39:53

do we do it ? And

39:55

in a lot of meetings there's none of that

39:57

. It is being thrown at me a hundred percent%

39:59

. So that's my biggest challenge

40:02

. But I literally am just

40:04

, I'm not scared to ask questions and I utilize

40:06

my team . So afterwards I'll

40:08

message my teammate and be like okay , so

40:10

what was this , this , this and this ? I

40:12

don't understand this . And then he has

40:15

this ability , he's just a natural educator

40:17

. So it's really wonderful . So he'll educate me

40:19

. And I'm also in an incident

40:22

response planning course right now . So

40:25

that's pretty interesting . But there's

40:27

a lot of challenges in that because , yeah

40:29

, it's like business continuity management , which I

40:31

really love . But then it's also

40:33

bringing in the technical part of OK

40:36

, if we have this kind

40:38

of you know incident

40:40

, this

40:43

kind of you know incident , so let's just say there is a ransomware attack or there's these kinds

40:45

of attacks , what teams and how are you managing that through a technical response

40:48

? And that's

40:50

me still trying to navigate that technical

40:52

side . Will it slow me down ? No , it

40:55

won't , because I'll learn , I'll engage , I'll figure

40:57

it out , I'll ask questions , I will Google it . But

41:00

you know , it still is a big

41:03

challenge for me . I think my other challenge

41:05

too is there's so many moving parts to my role

41:07

. I'm managing a lot of different

41:09

things all at once that

41:11

I have to remind myself to

41:13

slow down . You know

41:15

, today actually was a very ridiculous

41:18

, crazy day and I'm doing

41:20

three different things . New policies came

41:22

in Okay . Something to do with an audit

41:24

came in . I'm doing that . Oh , now , look , there's a phishing

41:26

thing that I have to write , and there's just

41:28

consistently something . So I

41:30

have to remind myself A

41:33

not everything has to be done right away , it's

41:35

okay . If it's not done the same day , I'll survive

41:37

. B take a step

41:39

back . Make sure you eat , because I

41:41

, like I'll work sometimes so

41:43

much I forget to eat . So

41:46

I just have to remind myself

41:48

it's okay , you are

41:50

a human , you don't know everything

41:52

, you're brand new , like you were a baby

41:54

in this , and it's okay . You're gonna take baby

41:56

steps and then you're gonna walk , then you're gonna run

41:58

. So I'd say that would be my major

42:01

challenges , but saying

42:03

it it's not going to slow me down , joe , I'm going

42:05

to keep going .

42:06

Oh for sure . Yeah , you

42:09

know it's . It's interesting when

42:11

you're learning , when you're

42:13

kind of learning from from zero . This

42:16

is probably true for any any you

42:18

know career , specialty or whatnot . You

42:21

know , when you're starting from zero , it's

42:23

like you're drinking , you know , not from a

42:25

fire hose , it's like you're drinking from like

42:27

a dam you know that allowed the water

42:29

to go through .

42:30

Right , like that's what it is it's like man , can I just

42:33

get a ?

42:33

drop . Can I get one drop ?

42:37

And then because when you're new , you

42:40

want to like am ? I'm not a

42:42

people pleaser , but I like to do things

42:44

well . Like I am , I don't want to

42:46

have to keep going back and redoing stuff

42:48

all the time , like that's just not my

42:50

plans . So when I do it , I

42:52

want to do it well . First or second time

42:54

done so for me . I'm just , I'm

42:57

taking it all in and then I'm organizing

42:59

in my head and that's I . That's

43:01

where the overwhelmingness is coming from right

43:03

, because , you're right , I'm having a dam thrown at me

43:05

and I have a straw . I

43:09

will just try to suck this . That's not

43:11

going to work .

43:13

Yeah , it's really interesting

43:15

, but

43:19

I've found that if you just stick with

43:21

it , eventually it'll click

43:24

. I remember for

43:26

me it took probably

43:28

two years in

43:31

IT before

43:33

what I was doing clicked Like , oh , this

43:35

is a server , this is a container

43:37

, this is how it runs , this

43:40

is how it interacts with each other . It took me

43:42

probably two years of

43:44

literally doing it every

43:46

single day to

43:48

actually like understand

43:50

, you know ? And then it just

43:52

repeats Right , because now

43:54

you have that new foundation , all right . Well , we're going

43:56

to put some more stuff on top of

43:58

it and you're going to learn that . The

44:01

time period may be , you know , shorter

44:03

than than two years , obviously , but

44:05

you know , you're going to learn that and you're going to feel like

44:07

you don't know anything . You know

44:10

zero .

44:11

You're going to wonder why you're learning it , you know and

44:13

I feel too , because I transitioned

44:15

to security when I was 37 . So

44:19

I'm 40 now and there's some

44:21

PII for everyone . There you go . So I'm 40 now and there's

44:23

some PII for everyone . There you go , whatever , okay . Well

44:25

, I'm 40 now . So

44:32

I'm finding my learning has changed since I was in my twenties , you know , and it's also

44:34

my priorities have changed since I've been in my twenties

44:36

. So that too , as

44:39

you age and progress , that you

44:41

start trying to figure out okay

44:43

, how do I learn something , how

44:45

do I grasp that ? I'm not a little

44:47

whippersnapper anymore where I can just pick it up and be

44:50

done with it . I have to overthink

44:52

it now and then put it back in there

44:54

again , and sometimes it just leaps

44:56

. It's

44:59

interesting as you age and you try to learn

45:01

.

45:02

Yeah , it's

45:05

fascinating how the brain works , you

45:07

know , I try to , I

45:10

try to , you know , push myself

45:12

um every year a

45:15

little bit right to learn a new language

45:17

or learn something new , because I

45:19

feel like that keeps me a little bit sharper

45:21

, you know . But

45:29

, yeah , like you have to , you have to understand really how your brain works , how

45:31

how you learn things , how you retain information , and you have to learn

45:33

how that changes constantly too , so

45:36

that you could really stay on top of it .

45:38

And even how to focus , focus

45:40

on these things that you don't really

45:42

know or you're . You're semi interesting

45:44

, but you don't have the passion I'm not as passionate

45:47

about you know a server as

45:49

I am about the program

45:51

of the server , like the people being involved or

45:53

the organization of it . So how do

45:55

I take that passion and navigate

45:58

to something that maybe I'm not as passionate about

46:00

?

46:01

Yeah , absolutely . Well

46:03

, ashley , you know we're at the top of our time

46:05

here . Navigate to something that maybe I'm not

46:07

as passionate about . Yeah , absolutely , well

46:09

, actually , you know we're at the top of our time here . I

46:11

feel like you go for another hour , right , so that just means I'll have to have you back

46:13

on . But

46:16

, yeah , absolutely , you know

46:18

if , if you want to , you know

46:20

you can share with my audience , like

46:22

where they can reach out if they wanted to . You

46:24

know , connect and , you know , maybe learn

46:26

more . Do you have

46:28

a place like that ?

46:29

I have LinkedIn right now , so you can just look up

46:31

Ashley Burke , it's B-A-C-S-M-E-S

46:34

, so B-A-C-S-M-E-S

46:37

and feel free

46:39

to connect . Just I asked if you want to connect with me on LinkedIn

46:41

. You want to have discussions . When you

46:43

send me an invite , can you just put how

46:45

you heard about or how you connected ? Because if

46:48

I just get random invites , I don't accept

46:50

them , so that's all I ask everybody

46:52

.

46:52

That makes sense .

46:53

But thanks for listening . This has been really fun

46:55

. It's nice just to kind

46:57

of have general discussion and show that security

47:00

isn't just technical . It's

47:02

a wider perspective than that and there's so many

47:04

ins and outs of it . So thank

47:06

you for letting me do that .

47:08

Yeah , absolutely . I think it's really important

47:10

that people hear that right

47:12

, because , like you said

47:14

before , you

47:16

always think it's a highly

47:19

technical role , that

47:21

you'll never be able to bridge the gap

47:23

, that you'll never be able to get there . But you

47:25

know , obviously you got there and I think you

47:27

know my audience hearing that

47:29

story , you know , may

47:32

very likely help them . You

47:34

know , achieve the same thing .

47:35

I hope so . Any help is good

47:37

. Help right and

47:40

don't let your age get in the way .

47:41

Absolutely that

47:46

you can do it at any age . That that's , that's very

47:48

true . Well , thanks everyone . I hope you enjoyed

47:50

this episode .