How AI Impacted Security Professionals | Mentoring in Cybersecurity with Eva Georgieva

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I do believe that um you that we should use um AI even in more simpler basic operations throughout um our job um of course in cyber security it's a bit a sensitive topic welcome everyone to the a new episode of the top Mentor podcast and today we have Eva gva which is a security expert H welcome Eva thank you Victor thank you for inviting me so tell us uh who are you and what's been your career until until this moment yeah uh so I'm a cyber security engineer uh currently I work at a company named telica uh but my journey in security is really um let's say wide I've been in several different rols uh when I was starting out I first worked in um cyber in in a startup company and I worked as a cyber security analyst there so there the main responsibilities were log analysis and incident investigation um after that um since working in a startup allows you to explore several different roles and kind of learn what interests you better uh after that I jumped into pentesting so mainly web pentests and then a bit of a mobile pen testing meanly on Android uh and now currently my role is mostly automation security but it's not such a coincidence because throughout this whole pth and switching roles I kind of was always into uh trying to be very effective and automate things so I kind of know feel right in place with with this role and this role mostly encompasses um working with tools and developing tools to kind of make um the life of the other teams in security easier um okay okay no that's that's awesome um so I I see that this a very kind of you know uh transformative uh career like starting from one point I'm moving to to the others um so what's the the part of the area you like the most I assume that the one that you're working on right now but maybe you have some patient on on other ones because security are very bro topic yeah yes yes it is it is and um at the beginning when I was jumping into security I um so I have an engineering background I finished uh I have a bachelor in engineering but still in our classes we didn't I didn't have a lot of subjects that were cyber security related so it was mostly learning on the side like now I believe um there are more that have this topic in mind but back then it was mostly programming um so then all of the exploration came from the site and use platforms like try Haw me or hack the Box later and then trying to find some online challenges and then when you start on those kind of platforms um you kind of get a sense that security is mostly hacking or mostly trying to get into someone else system um because they're all this CTF style captured of black and it's always kind of like crashing something uh but then um if you really get into the field you you would see that it's much broader than that and that actually there are tons of different roles that you can explore um I wasn't aware of most of them um so um when I was starting out even security analyst wasn't quite clear as to what exactly it it meant right uh but yes I think um I mean cyber security is different from coding and programming and everything you learn um in an engineering school but it also employs that engineering mindset constantly and it kind of pushes you to be creative so I I think it I was lucky let's say to be in many different roles because it kind of gave me different sorts of mindset so I kind of first understood what it meant to defend something and then I kind of was put in a different role of a bit attacking something so then you kind of get the whole picture oh like this is the mindset of an attacker or this is what the mindset of a Defender would be and then you kind of interchangeably now constantly think about that now when I when I develop any sort of solution I kind of like to have the both sides uh in mind oh yeah that's like something that I talked in in other you know well with other people and and another episode which was like being cross uh topic uh in your area let's say and even in other areas um makes you a better professional like especially in your case like you have your attacker perspective your uh Defender perspective yeah and then when you work on each of those they are complementary so like the the information flows one to to the other so it's yeah it's very I think it's apply it tends to apply to everything yes I I think so but you you don't know that when you're starting out to believe and then it's kind of frustrating because everyone says oh but then you're not an expert in in this one particular field right and then you're like okay I want an expertise gain expertise in this one thing but then of course and and that is and that is great and um I I also think U it's good to focus on one thing and become better and at that but but it's also good to have the other perspectives um just to get the big picture yeah I yeah I think that only if you are very I would say if you're either on a very demanding side and even there like you or you have a talent which is you know gifted and a I would say at a very high level like you need to feel that you're very different from other ones in in an specific area and it tends to be very concrete you should not focus a lot on being a one you know a one two man or woman because it will probably not be the best on your career um I think it will be it's great after all jobs tend to be more horizontal especially when you are gaining experience uh you stop doing very you know coding tools or you know defensive or hacking stuff yeah and just are dealing with customers uh stakeholders in general um more architectural perspective which imply other things so I agree I agree on that absolutely and also then you kind of realize that it's not just about the technical skills but uh communication is as well quite important and being able to to elaborate complex topics in a simpler manner because then most of the time you don't work with people that understand your field so you want to uh change communication with different departments different teams and no matter if they have an engineering background or maybe they're in a different department um it's still there's still different topics so you would still need to to use a different kind of jargon and being able to to communicate that that effectively I think is also very very important yeah yeah no I totally agree on that one um so yes maybe related to this topic uh because you mentioned the you know uh talking to people that may know less or may know have a different perspective how did you start it on the mentoring side and why you did it um basically yeah yes so on on the question of why I did it I think um it was mainly because of that sense of direction I felt I needed when I was starting out in cyber security because it was such a vast field that I knew maybe like 10% about it and then you jump into it and then you have these plans but it's very hard when um nobody Maps it out for you clearly okay this is the these are the possibilities these are the paths that you can take uh so these are the skills you need to succeed in each and every path of that and I think I mean there there is Beauty in discovering that on your own but it really does accelerate your career path and your Career Success if somebody that is more experienced points that out for you and and I was definitely Lucky in my career because I had several let's say mentors or people uh that were um they guiding me maybe directly or indirectly uh but um I think it's different when you when somebody is there for you you for that specific reason to map out um how the field works from their own experience so I guess that was the main reason that I wanted to to start mentoring um because I wanted to for someone else to have that kind of a sense um especially lately that I believe um for cyber security it's a kind of New Era and people are getting there are more and more people interested in the field um and and I could see that growing throughout the different companies in the first team there were the team was very small and then um years later in in a different team it was a bit bigger now it's quite bigger and so yeah oh no that's an interesting uh point of view uh because you have like all these you know cyber security I remember a few years back it was a boom and now with the a stuff which is like you know boming second second wave um it's going to be massive I I assume because I wanted to ask you about this also well even though we we're Ching the topic so also it interested a lot of people in an I think in a very different topic so like you you get this uh you know wave of people doing things that before it was you know either not possible or uh with a requir lot of work and now you see that with a few clicks you generate in either a document or you find some script or whatsoever so regarding that how how do you think the AI um will impact the Cy cyber security uh s in in the next few years I think it will definitely it's kind of inevitable in a lot of different areas uh currently it's very fresh and very new maybe somewhere where it's to a certain extent implemented and we can see some implications is Automotive cyber security um and um let's say especially cars and uh now um uh everything being electric or hybrid and then a lot of technology is employed uh so hacking cars is let's say a trending topic lately as well but um yeah but um I mean I I do believe that um you that we should use um AI even in more simpler basic operations throughout um our job um of course in cyber security it's a bit a sensitive topic as to because you need to be quite more careful you're dealing with confidential data and then you need to know um what kind of data are you sharing uh but then um I I wouldn't say I hear lately a lot of of the word replace I think it's very hard to replace a lot of things at this point I don't think it's that mature uh but yeah I I I I do believe that um it is smart to employ it in the everyday operations um in an extent to to help um uh to help in whatever you do um in in cyber security we can have it in different manners um but yes that is my my point of view currently uh it's it's very I think it's very scary for organizations to employ it and then you need to go through a lot of processes in order for someone to say yes you can use the Tool uh because it's uh it is still like that but I think with with time and um yeah we're we're going to it's inevitable to employ it more and more into our everyday operations yeah no I I can I can relate on the permission stuff until you know you get in a company permissions to process data successfully and I assume this is something that some people creating pro products may be missing that the amount of information you may be sending out of your product and you may not be compliant with some rules um that that could be impacting a few years once the regulations uh are established because of course regulation has a slow and this is very new and it's also very difficult to put a barrier on that works uh that allows people to develop but also allows your data not to be somewhere in Microsoft uh servers um so yeah but I I agree with also with the replacement topic I think you know everyone I I don't know who says the so I had the feeling that people that say that X it's going to be replaced are not working in that X position like that yeah I heard about like a marketing guy told me that developers were going to be uh replaced by the and I say you've never designed a system architecture in your life if an AI could do that um from scratch and doing everything with all the requirements all the processing which may one day do and it would be awesome um because we it will mean that we will be doing um a lot of more complex things uh then if you think that now it could do that with co-pilot um then you have never done something related so that's the feeling I got like replacement yeah for creating dogs um that are genetic maybe so some writing that is genetic based on so developers wouldn't write documentation anymore yeah that's but that's useful yeah instead of bad writing you get an AI kind of length uh post and everything is explained that's beneficial yeah yeah definitely I absolutely agree like uh you you hear and you read all this kind of stuff but then yeah it is it is currently hard to to feel like someone else can sit down and do what I yeah totally totally um so yeah just going back to the mentoring side uh I always like to ask uh these two people that are Mentor so how was your you know your first experience in the um in the mentoring side so those you know nervos impostor syndrome whatever feeling you had um with your first M and how how did it felt yeah so um I've started actually mentoring a while back um and then actually it wasn't I I wasn't calling it mentoring I was calling it giving advice uh sharing my experience uh but I've always liked this exchange of information with people especially uh in a field where you feel like there's not a lot of let's say um so I'm I'm coming from Macedonia and then there there there not there were not let's say a lot of cyber security professionals so every time you meet someone and if they're new or even um they they want to know something you're kind of willing to share that experience because um we're so few and and you always like want to help and then after that I I um decided to uh collaborate with this International um recruitment organization uh and um I created a hack into cyber saac course uh that was specifically for women because the organization Target specifically women um and um I guess that whole mentorship thing started from there because I really had great great experience um teaching let's say teaching or for beginners uh someone that is just trying to jump into cyber security or some somebody that is trying to switch from a different field to cyber security um and there were a lot of one-on ones um and I met a lot of great people I never think about mentoring like it's one-sided I always think it's it's um uh it it goes in both ways and that I always learn something from from uh the other person as well and through the process of how I am elaborating some information you you we always very self-aware and you kind of have this censoring yourself like I could have said that better or maybe that's the wrong approach or maybe I should read more about this topic so um I think I really enjoyed that experience so that's how I started into this whole mentoring Journey um and and yeah I I've met really really great people uh along the way and I did learn a lot about communication um about how to approach people patience as well uh which is also when you're when you're um starting out you you're kind of you know all these things and you're very eager for that other person that you're sharing the information with for them to get to the next level as soon as possible but then you you you kind of learn to um that everyone has their own pace and that everyone has very different goals that they're trying to achieve so um yeah it's it's a learning experience I would say and that's why I I I I totally agree there um the learning that you get from the the soft skills that you get are totally invaluable and I think if you know internal Well normally companies have this internal mentorship but they are tend not to be very promoted um my think this it's a very good way for also the mentor to learn how to deal with people how to teach how to also um deep uh down in certain Concepts because um I assume you you have the same feeling like there would be Concepts that mentees could ask you that you would be okay I know this and then when you're trying to teach it you need to uh at least a day of prep uh to to okay uh if some questions are going um I would need to be able to provide value to my to my Mente right that's that's a feeling that I also have but yeah so in terms of um you know any any stories or anything uh that you have what do you uh tend to do with with your m is how do you approach um you know the when you get a a request and yeah how how do you approach it yeah I have quite a lot of different stories and um yeah it's been a really interesting experience but then I I've also uh learned to navigate it better um um okay now my my process I mean even from the beginning I always wanted to um match let's say with a Mente that I can actually help uh that I can actually provide a value to uh um so I have a little bit of a a small question here at the beginning when someone places an application that is let's say my kind of um um way of understanding what their goal is how can I be there for them and do they actually need me or or maybe I can send them a few resources and then they'll beine on their own um and once I understand that um then I decide to have the introductory call um and um then we we see if we are a match actually in that introductory call if um so a lot of factors need need to align it's not just if I can bring them any value but also are we in the same time zone uh like if I can provide value to you but then I'm not available most of the time for you then it's still not going to work um and then um if if we have maybe some language barriers um then right that that would also be an issue uh so I kind of try and consider everything uh so that it's a it's a quite a perfect let's say fit even though right you never you never know uh but if kind of these things align um then um I I like to set up some metrics at the beginning I was more of a hands off Mentor let's say because then right mentoring is a lot different than teaching a course let's say so in a course you have some deadlines you have some goals you have assignments and you finish it and you know I arve from point A to point B and that's it um in in a mentorship journey it's quite different so you constantly need to re-evaluate to set new metrics to maybe shift to see uh where the m is struggling um uh maybe what what we're talking about has been of value two months ago but maybe it's not now maybe they reached some some other level and of course it's very different for everyone but I do want to have a certain framework that I kind of follow because um people usually like having some kind of a metric um that that they can or a Tracker that they can be able to look at and say okay I've I've learned this skill uh these are these are the gaps that were identified um that are lacking towards my goal and now I have done 60% of them uh so it's just some kind of a metric or some kind of a Tracker that I want to build and usually it's like I I want to deliver this road map at the beginning just so uh both of us know where where what is their goal and where do they want to arrive and then of course success looks different to everyone when I when I was starting out I was like okay I can help this person find a job into cyber security or right switch careers but then you you learn that that is not what everyone is looking for you me lack some skills they're from a completely different background and they their goal is just to understand how cyber security Works what are the different FS where can they see themselves fitting and then you just need to give them a little bit of direction into what they need to learn maybe they will spend a year or two learning that but they kind of need to know which road to take and then of course of course there's some other people that um are more ready or have um bigger technical skill set and then you just kind of um need to elaborate maybe uh your view your experience or just give them uh some tips better interviewing um and so I think it's it's very different for everyone and I think it's super important at the beginning to understand with what kind of a person you're talking to whe whether they're goes and how success actually looks like to them in this mentorship journey um and yeah once we establish that then it's constant re-evaluating let's say maybe monthly bi-weekly or or however yeah no that's an interesting approach like having the a road map I I agree on the you know having everything clear from from the beginning because otherwise you would be readjusting and it's not something that neither the Mente nor the mentor benefits from even though you know you think you are flexible um you shouldn't be maybe that flexible um so you should be clear from the beginning get a lot of information because you are meeting a new person um that you don't know anything about and you don't know how it behaves and how it communicates so maybe there's a miscommunication some people communicate better information some people are more messy it is what it is um but you need to know everything from from the beginning and then uh go ahead and execute the plan I I feel it like that way and also try to also a very I think a very and maybe you can relate on this is the constant uh flow of the me of the mentorship because sometimes I see that there are mentorships uh either on you know experience I I hear or or from the slack that that we read that some menes tend to pause and tend to you know maybe disappear from some time so I think how how do you keep uh people you know there um because I I think I think that that's a a very cross topic uh like you know m is going in and out and blah blah blah so do you have any tricks to keep people on the on the road um well what I've learned I don't know it doesn't always work let's say this is like clear I think to everyone they're just different types of people and then there is sometimes nothing you can do about but um I I do I have learned that um it's good to have a longer conversations uh on maybe once per week but to have it a longer conversation because people often don't have time and maybe if you're trying to schedule two sessions per week that are 30 minutes maybe that's a bit more unconvenient and then somebody doesn't communicate that very good uh so that can be one of the reason oh I don't have time it's very time consuming so I I like to make it um maybe once per week but full of cont content and then we revision their goals and then um see where they are and then I like to do a retrospective of what have they done towards their goal the previous week uh so I think keeping them motivated as to why they first started their their mentorship I think it's a good trick let's say I don't think it's a I think it helps uh both sides but it is also what works for me as well I I think it would be quite overwhelming if um I have a lot of packed sessions rather than one bigger one and then you understand better and you actually the the the men already has more to tell because um let's say a week past or maybe a bit more time past and then they had some time to pick up on either the skills they're working on or maybe it was networking or maybe whatever right their their goal is or what they're trying to achieve so I I like to to discuss all this kind of stuff and I still um like to keep it to a certain extent let's say casual conversational um to to actually um be comfortable to them uh the conversation right and then because at the end of the day it's their dream it's their goal and um I can just point the direction but I cannot push them there right it's it's something that that um one but most of the people right that are seeking mentorship are willing to go that extra mile um so right but then I'm also quite understandable when uh somebody maybe needs some time time off because of work or other things so I I think that's very individual but you kind of know um which person um prefers which Tempo I think that's also good to understand uh because maybe for some people weekly meetings are okay and uh they are constantly working on on what they're trying to achieve but for someone else maybe bi-weekly is better so learning your audience is also I think a part of of this whole mentorship journey and just understanding with who you're dealing with better so you can actually be of help no no that's very I think that's very valuable uh advice um you need to understand that you know people have it circumstances and also life happens so sometimes you know people uh leave their job and they don't want you know they want some rest in their life and they don't want mentorship anymore but also um there are people that you know I also agree with you know condens uh sessions letting the Mente prepare for it um because maybe you if you can join one meeting into instead of having two it will be also better for you because you know after all you have like a let's say a round time yeah that you lose always when when you have a meeting um either for for any C and I and I totally see that so yeah that's I think that's very valuable and on the let's say on this different experiences that you have do you have any you know H funny funny story in terms of you know the haest thing you've done or the the any or any request from a m that was you know specifically either funny that you can tell or uh you know interesting for you no I think yeah I think uh everyone is is very uh unique in their own way but I had several um mentees let's say that um they wanted to get into hacking as soon as possible and then there was like can you let's say um hack into someone's website and let's do a technical session like that or uh into what can I hack do you think it's okay if I hack into let's say someone is working in a school or something do you think if I hack the school it's going to be fine so I had all these kind of different um conversations but I also what I really like is that when people sign up they also want to learn so maybe the question is different it's not what you expect or maybe it's funny at that moment but I like how um people uh approach feedback right they're like oh okay that's your perspective that's that's interesting I never thought it like like that and I think it's always an interesting conversation especially those kind of conversations because then they get a totally different sense of what they thought it was okay when I tell them maybe hacking is not exactly like that and uh okay that is like let's say more pen testing is that what you're interested in V publication well let's start with learning the vulnerabilities one by one and then going deep into one vulnerability and then a different one and then um you can explore some let's say different sites where you can test your skills and then you can feel like okay I hacked something right so it's uh I think I think it's it's U it's a process because um right people come from very different fields and um a lot of them are trying to switch into a more technical field to it's always challenging and U it's not as clear especially how security is let's say presented in movies or like it's always someone hacking and typing fast on a computer and then the whole network falls off and you're but it's um yeah it's it's reality is very different and um I like uh that sense of let's say innocent approach because you know it's from Curiosity you know it's from a place where they want to learn and they're curious and they're eager to understand and to be in the field so um always I have usually the best time with those types of mentees because they're always so passionate and asking so many questions and super creative and once let's say they get better at their technical skills um it's maybe we do a mutual session of um like a Min CTF like hacking I do something they do something I also like sometimes when when I have more time and maybe I work with the m longer those kind of sessions are also interesting and it's like a learning process to maybe assess to where the the Mente is so it's it's a more technical session and it's not the usual type but then it's maybe provides me more feedback into how can I help them in the future better um so yeah just experimenting a bit seeing what works what doesn't work and then um I think it gets the best result like trying to also learn from from the other person yeah no I think that those of people tend to do that because that's what they know right so if you ask me about hacking apart from the background that they have on working on security perspective on on you know on the company side um before that what would I know like I would like to hack my neighbors's Wi-Fi or I want to hack like uh School servers uh think things like that it's you know it's the first impression that you get and it's also a good I mean it's not people don't do that please uh but uh it's also the first you know thing that you get to to that wall and if you actually want to do that like because of why hacking that I'm able to do this I think that's a great approach um like okay I'm able to and then there is a mentor or a you know experience person that say okay instead of hacking your school you can hack a server that you have at home that you don't that you can forget the password in one day or something like that I assume some exercise like that okay put a raspberry pie and try to hack your laptop yeah um because it's yours you know instead of you know something that could get you out of school yeah so yeah I can I assume you get a lot of of funny stories especially in Security on security side um so yes to to end up um let us know uh also what's what's your plan for the next year like what do you think you will be doing this next year in terms of what you will be learning what's your career plans in terms of you know maybe public speaking or um still mentoring or maybe any side projects that you have so yeah um yeah absolutely I would I would love to still be mentoring and still be talking talking to people um um definitely so from from what I want to be learning I think um I can always get better at my own job and let's say automating currently is what I'm kind of focused on so uh just um learning let's say um different programming languages and experimenting and seeing uh developing some security tools um uh so that is my main Focus currently uh but yeah I would I would uh like to attend several conferences um on on security I didn't have a chance to do that as much uh before so maybe that is also something that because right since Corona started and things like that everything has been virtual so all the conferences all the networking in in that part has been done virtually so let's say one of the the the goals would be to so uh attend um live uh some conferences um maybe speak at at at someone um uh at at some conference so I I think um it kind of unfolds for me it has been since since the beginning since I started working like when I start working on something it then I have tons of ideas of how can I maybe um make that in into a project or can I collaborate with someone on on something so I'm open to all sorts of ideas and stuff like that um so yeah let's let's see let's see where it goes yeah hopefully 2024 it's a a very interesting year for for you so and and to uh let us know uh to the audience where they can find you and what they can you know learn from you if they follow you or if they want to to be a mentor of you a meent sorry uh so yes I am um mainly on LinkedIn from uh social platforms and then I um have a medium blog so there I post cyber security related content maybe some hacks I learned or discovered um something I resolved so some kind of a research article so that is that is what you can read on my blog um awesome and um yeah so those are kind of the main two platforms that I used for for cyber security and you can find me there and of course on on Mentor Cruise um I I hope to meet a lot of a lot of new people so I would really really like encourage anyone to not even on Mentor cruise but on LinkedIn to have a chat a 15 minute coffee everyone is like either trying to get into cyber security I'm always open for a conversation to give advice advice to share my experience and to also hear something and learn something from from the other person so that's always a good experience yeah I think you can learn uh something for anyone uh so they will provide you a A New Perspective so Eva thanks a lot for being here I hope you enjoy the the chat and that you you have provided a lot of value I think for people that are wanted to to start on cyber security and want to hug something and how how a professional uh can can work on that and how it could develop into you know a ment a mentor and a and a senior um on the field so yeah thanks a lot thank you very much I had a lot of fan fun and I hope we we can chat again soon sure sure sure so thanks a lot and until next time see you next time

Info

Channel: Top Mentor Podcast

Views: 368

Rating: undefined out of 5

Keywords: mentoring, mentorship, cloud, tech, mentorcruise, podcast, professional growth, career growth, software development, software architecture, cicd, google cloud, cloud architecture, cloud mentor, tech podcast, code mentor, top mentor, docker, java mentor, aws mentor, cloud podcast, cybersecurity mentor, cybersecurity pen testing, ai cybersecurity, cybersecurity learning

Id: Cgjs0MdADKE

Channel Id: undefined

Length: 41min 25sec (2485 seconds)

Published: Sat Mar 23 2024