This podcast episode delves into the evolving landscape of cybersecurity, particularly focusing on the intersection of cloud security and artificial intelligence. Ian Austin, co-founder of Pwned Labs, shares his extensive journey through the cybersecurity domain, highlighting the gradual transition from traditional IT roles to specialized security positions. A salient point discussed is the significance of fostering a community-oriented approach to learning, which enhances knowledge acquisition and practical skills in an increasingly complex environment. Ian emphasizes that current training methodologies must incorporate gamification and hands-on experiences to engage learners effectively, ensuring that knowledge is not only theoretical but also applicable. As we navigate these insights, listeners will uncover valuable strategies for enhancing their own cybersecurity practices and understanding the critical importance of cloud security in today's digital landscape.
In this episode of the Security by Default podcast, host Joe Carson speaks with Ian Austin, co-founder of Pwned Labs, about his journey in cybersecurity, the evolution of learning in the field, and the challenges of Cloud and AI security. Ian shares insights on transitioning into cybersecurity roles, the importance of community engagement, and the need for continuous learning in an ever-evolving industry. They discuss the significance of gamification in training and the current trends in cloud security, emphasizing the importance of hands-on experience and collaboration.
Key Takeaways
Chapters
00:00 Introduction to the Podcast and Guest
00:40 Ian Austin's Journey in Cybersecurity
06:40 Transitioning into Security Roles
10:54 Evolution of Learning in Cybersecurity
16:19 The Importance of Community in Learning
22:58 Challenges in Cloud Security
28:46 Staying Updated in the Cybersecurity Field
Resources:
https://pwnedlabs.io/
https://www.linkedin.com/in/ian-austin/
Hi everyone.
Speaker A:Welcome back to another episode of the Security By Default podcast.
Speaker A:I'm the host of the show, Joe Carson and it's always great to be back here at my favorite time of the week, which is talking to amazing people that I really, really admire for changing the industry and making the world a better place.
Speaker A:So I'm really excited about today's episode.
Speaker A:Somebody that I've had on a previous podcast that I had in the past and I'm really excited about the conversation, finding what's new, what's the latest trends and what's happening in your world.
Speaker A:So Ian, welcome back to the podcast and thank you.
Speaker A:Since it's the first time on this particular show you want to give the audience a bit of a background about what's your origin story?
Speaker A:Where did you start off?
Speaker A:Did cybersecurity choose you or did you choose the industry?
Speaker A:And some fun things about yourself.
Speaker B:Amazing.
Speaker B:Joe, thank you so much for the invite to the podcast.
Speaker B:It's amazing to be here.
Speaker B:Yes, I to introduce myself, I'm Ian Austin and I am a co founder of a company called pwned Labs.
Speaker B:We specialize in cloud and AI security trainings for professionals.
Speaker B:In terms of my background then, I mean, I'm kind of an old man now I guess in some ways.
Speaker B:I've kind of had a career that's about 25 years so far.
Speaker B:So I've always been on the technical side.
Speaker B:I started off in help desk in my gap year when I was I think 17 and not my gap year.
Speaker B:No, 18.
Speaker B:Yeah, so in my gap year I was 18 and I worked at help desk in, in the school that I was, I was kind of at.
Speaker B:And that was a great experience in terms of, you know, getting hands on with some technology, solving problems, seeing some of the crazy things that happen in, in the real world as well.
Speaker B:And so yeah, really after that I went to really know what I wanted to do.
Speaker B:To be honest with you Joe, I thought, well, I liked English so I'll kind of let me take English at university.
Speaker B:But honestly it wasn' for me, I'll be honest.
Speaker B:And I, I left after a year and went straight to full time work and I again was doing help desk which kind of moved into system administration and through, through the sysadmin things even like really early into my career, like one or two years then I was doing some security stuff also.
Speaker B:Like, you know, I was always really interested into, in security and like packet captures and looking at what was being sent on the wire and stuff like that.
Speaker B:Like really I've always found that really interesting.
Speaker B:Even, even for my first years in the industry.
Speaker B:And then so moving on became pretty good system administration.
Speaker B:Before obviously this is when sysadmins were sysadmins and now obviously a lot of them have moved into the cloud and become DevOps engineers and stuff, stuff like this.
Speaker B:Yeah, I kind of got more into security administration.
Speaker B:I was kind of drawn to managing the security, the antivirus, the various kind of desktop policies, creating secure images and stuff like that.
Speaker B:In later roles I kind of, I was still a sysadmin, a bit more of a senior sysadmin at that point and was kind of looking after the security tooling.
Speaker B:So almost a bit like a security administrator, like getting hands on with a lot of the security tools.
Speaker B:And then in another role after that really kind of transitioned completely from system administration.
Speaker B:I was still doing a lot of like support and system administration, but more so my, my kind of day to day was on assurance and penetration testing and stuff like that.
Speaker B:So I was getting into that.
Speaker B:But at the same time I wasn't just learning penetration testing.
Speaker B:I was using my at that point, kind of 10 years experience in the industry to also make sure that we had the security controls internally.
Speaker B:So it was kind of like a purple focused role.
Speaker B:And yeah, fast forward to, you know, a few roles later.
Speaker B:I was kind of like a full blown penetration tester and doing that during the day and realizing, well, I love learning, right?
Speaker B:And so I, even in the evenings I was doing like CTFs and stuff like that.
Speaker B:I found Hack the Box, which was an amazing new platform at the time and it's still an amazing platform.
Speaker B:And yeah, I was really enjoying some of those machines that people were creating.
Speaker B:And I kind of found that with my experience as a sysadmin and security engineer and penetration tester that I felt like I could contribute some realistic scenarios to the platform.
Speaker B:Right?
Speaker B:So that's kind of what started me creating content.
Speaker B:Another thing about creating content I think is that it's actually a great way to learn, right.
Speaker B:And so I definitely advocate that to any listeners who.
Speaker B:How can I get like really good at something?
Speaker B:You know, creating is a great way to learn as well.
Speaker B:Um, so yeah, created some, quite a few machines for Hack the Box.
Speaker B:They became pretty, pretty popular.
Speaker B:I started becoming, helping out with the moderation of Hack the Box in the forums and stuff like that.
Speaker B:And then Harris, who's the CEO of Hack the Box, James, who's the cto, they took us out and we're like, okay, we, we kind of want to make this Hack the Box thing an actual company and we'd love if you can join us.
Speaker B:And at that point I didn't initially jump at the opportunity, but to be honest with you, it didn't take me too long to process it and realize that I'm pretty passionate about content creation.
Speaker B:And so yeah, I joined Hack the Box at a very early stage and it's an unbelievable, like, I've got some amazing memories of, of Hack the Box and you know, the people there.
Speaker B:It's, it's a really, it's a time in my life where I feel very, kind of have really fond memories and I kind of headed up the content for Hack the Box and what I really liked about it as well was that it was probably the first rollout where I kind of felt like I had my thumb on the pulse of the business as well.
Speaker B:Right.
Speaker B:And I realized actually this kind of business is something I also really enjoy.
Speaker B:It's something I'd been reading audiobooks about or books about like years before, but this was the first time I really had the opportunity, I think, to dive into the business side and realize I liked it and also I guess the marketing side.
Speaker B:So I'm a bit of a marketing geek as well.
Speaker B:I like that.
Speaker B:And so yeah, that really was my journey in, in Hack the Box and obviously latterly really developed a passion for cloud security.
Speaker B:And here, here we are today with phone labs, really I guess, and, and so that's, I guess a bit of my journey so, so far.
Speaker B:But I just kind of want to mention one point about my journey, if I may, which is that.
Speaker A:Absolutely.
Speaker B:So I never really went from a non security person to a security person straight away.
Speaker B:Right.
Speaker B:It was like gradual evolution.
Speaker B:And I think a lot of the people that I've been speaking with previously in the Hack the Box community and now in the pwned labs community have this question which is can I, how can I become like, how can I get into the industry?
Speaker B:How can I become a penetration tester or something?
Speaker B:And I think there's this common kind of perception that if you're doing a specific type of role at the moment, which could be help desk or sysadmin, that you can absolutely not do any security stuff and you have to kind of do this learning and kind of get your certificates, especially if you're kind of early in the industry where certificates are kind of useful, I'd say.
Speaker B:But what I would kind of advise to people who are looking to get into, into the industry is that you can actually take on some security stuff potentially in your existing role and kind of just if you start seeing things through the lens of cybersecurity, even if you're doing like system administration or help desk, which to be honest are very security focused roles anyway.
Speaker B:But I would definitely advise people to, you know, maybe take on a project, speak to their manager, speak to their team, speak to the developers about, hang on a minute, you know, we have this potential issue here.
Speaker B:And if you kind of showcase the value of security and really highlight to them something that really helps is for example, a bloodhound map.
Speaker B:Like if you can show visually to people in your company how, how something is possible, then they kind of sit up and take notice and, and like that.
Speaker B:So I'd say don't wait until like it's, it's almost like the expression dress for the role that you want.
Speaker B:It's like it's the one you want.
Speaker B:Yeah, it's almost like kind of start seeing things as if you were in that role already.
Speaker B:And in my experience, people are generally quite receptive to, you know, allowing you to improve things in security, even if you're not in a specific security role already.
Speaker A:Absolutely.
Speaker A:It just brought back something.
Speaker A:A lot of times, even when I think back when I was doing system administration and, you know, help desk and support roles and a lot of those roles, when I think about a lot of the tools I was using were actually overlapped with what the security team would be using in order to detect as well.
Speaker A:When I think back and when I started off, it was ethereal, which of course now, you know, we know today as Wireshark, I was doing that for a lot of, you know, packet capture in order to understand why the three way handshake wasn't working or why packets were failing or why sticky bits weren't working for me, sometimes there's a lot of crossover in the tooling that we both use.
Speaker A:Sometimes it's about learning the same tool you might be using in your day to day job about how to look at it from a security perspective of what things to be looking at.
Speaker A:And sometimes that's a very easy, quick start to get into that crossover into the security field.
Speaker A:So I love what you're saying because I love learning as well.
Speaker A:That's one of my passions, is continuous learning, is learning new things.
Speaker A:And that's one of the reasons why I started the podcast, is so that I can get to talk to some of my favorite people and learn from them, because I learned so much from these interactions.
Speaker A:But what I found is in, in the last 10 years, even when I started doing Capture the Flags and Hack the Box and working towards my OSCP as well, that I found that learning can be so much more fun than what it used to be in the past.
Speaker A:So in your view, how, how is the learning evolving from the old traditional?
Speaker A:I remember, you know, 20 years ago, used to go and spend a couple of days in a classroom with an instructor and I remember when I did my cissp, it was like the book that size that I had to read, know everything in it, spend five days with an instructor in the classroom and go over all the kind of little details.
Speaker A:The, in a theoretically scenario, you know, you're going through it in, in.
Speaker A:And it was a, it was a tough test.
Speaker A:But then I, you know, fast forward to, to a couple of years ago when I did the oscp, it was a very, it wasn't, it, it wasn't a ABCD test.
Speaker A:It was like, well, you got to show what you can actually do.
Speaker A:So how is, how is the training evolving in, in your view?
Speaker A:Cause you've, you've came through this same transition as well.
Speaker B:Yeah, definitely.
Speaker B:I think we've both kind of had that experience, Joe, where like when I was taking my MCSA and messaging then like rest in peace, firstly to Fabrikam and Contoso who are, who are no longer going to be with us.
Speaker B:But you know, those sort of scenarios, probably the most interesting things was the actual scenario involving Contoso or Fabrikam where they were trying to implement something and you, and you'd have to figure out, well, what's the ideal solution for those people and stuff like that.
Speaker B:That's pretty much as interesting as it got.
Speaker B:Maybe Microsoft exams are great.
Speaker B:So don't get me wrong, I've got, you know, they're very challenging and they're very rigorous.
Speaker B:But obviously a lot of exams from AWS or Google or Microsoft are very theoretical.
Speaker B:It's, it's great to know the theory, but honestly having the hands on experience, I guess number one, it means that when, when it comes to doing it, you are kind of, you feel more comfortable because you have some muscle memory already.
Speaker B:And number two, in terms of keeping going with the learning, then having the hands on and kind of like the gamification is something that is just gonna, you know, if it's something you enjoy, you're gonna keep doing it right and.
Speaker A:You're gonna, you're gonna pay more attention, you're gonna focus, you're gonna, you're gonna, you're gonna listen more.
Speaker B:Exactly.
Speaker B:And that's where I feel like companies such as offsec Hack the Box, Pwned Labs and you know, the whole kind of cybersecurity training industry, but also generally speaking, it's not just us as, as like the cybersecurity vertical.
Speaker B:I think everyone is realizing how important it is.
Speaker B:If someone enjoys what they do, they're going to learn it better, they're going to learn more.
Speaker B:And yeah, and, and so there really is an expectation now where I'm hearing a lot of people saying, oh hey, I'd love to learn more about like for example, pipeline security or I'd love to learn more about, you know, Azure or something like this.
Speaker B:There's almost like an expectation nowadays where by default training has to be gamified or you know, from, from the perspective of an individual learner.
Speaker B:And so that's something where, you know, having these immersive scenarios, having leaderboards, there's various ways you can go about it.
Speaker B:Like for example, if you're learning a language, gamification is something that is very important but it shouldn't necessarily be the be all to end all.
Speaker B:Like how best to put it, I guess if you're trying to learn like French for example, and you download duolingo and it's great because you kind of get these, you know, reward motivators, various sounds playing in the background when you're achieving stuff and, and you kind of get a good feeling.
Speaker B:But is it really helping you learn French?
Speaker B:I'm not sure.
Speaker B:Right.
Speaker B:And so that's where there's like this thing with gamification that if it's something that's just if you focus on the gamification aspect only and kind of this can kind of result in, in people feeling like they're learning but not actually learning.
Speaker B:So I think it's like a trade off where you need to make sure that you teach the theory you give students hands on and then you have gamification elements that mean that they get kind of their dopamine hit and kind of, you know, submit the flag and feel good.
Speaker B:But that's what I would kind of say is that gamification is important, but we shouldn't be focusing exclusively on gamify because otherwise you get into like a bit of a scenario where it's kind of dubious how much people are actually learning versus just feeling like they're learning and feeling good about something.
Speaker A:I think it also gets in, you know, for me, listening to how you're explaining it reminds me of the old times one when I was doing a Lot of the Microsoft and Cisco certifications, which were that very textbook, you know, even, you know, kind of the theoretical side of things.
Speaker A:And then I remember when CBT nuggets came out and you had these video based, which wasn't just about somebody explaining, it was actually you following and learning and you know, you would see the video and you would repeat the same steps in your lab.
Speaker A:So you actually start and you would simulate and start learning about not just the theory, but how to actually configure something in order to make it do something.
Speaker A:So you're actually seeing immediate results.
Speaker A:And I think that's kind of where you're getting to that really the simulated side of things.
Speaker A:I think what the gamification is really the bridge is bringing the community together, the people together.
Speaker A:Because I'm in Estonia, I do a lot of capture the flies with people based in the US and UK and all over the world and I think it's really bringing them together.
Speaker A:So if you're talking about the example that you mentioned with Duolingo is that, you know, that's really, that, you know, the practical simulation side I want to practice and what, when the gamification is, is connecting me with somebody in France and I can actually try and practice having a conversation.
Speaker A:You know, it's about taking those learning and saying, here's other people that you want to book a time with.
Speaker A:It's, it's a engagement side.
Speaker B:You're, you're absolutely right.
Speaker B:You're.
Speaker B:You're so right.
Speaker B:And it's like the expectation now is that learning is also social and it's constructive and you're kind of learning with people and it's not just an individual thing where me and you might have been looking at the cis CISSP book or mcs, whatever.
Speaker B:Right, right.
Speaker B:Yeah.
Speaker B:So that, that was very solitary.
Speaker B:And I mean still, if you're, if you're kind of technical and you like that stuff like we do, we still find enjoyment in it.
Speaker B:But honestly, there's so much more to be had through like the struggle of learning, capturing the flag, speaking with other people.
Speaker B:And this is where people, I think like Tyler Ramsby and various other people in the industry are doing a great job because, you know, you know, people also, when they're starting, they kind of don't really know where to start looking up to these kind of people in the industry who are saying, well, let's just get stuck in.
Speaker B:And just.
Speaker B:Tyon's journey is also very inspiring in terms of, you know, how, you know, he kind of went from Just documenting his progress to really being an inspiration to others.
Speaker B:And I think that's something that is very important.
Speaker B:It kind of that community aspect and having like a community and hack the box or try hack me or Pony Labs or whatever company like.
Speaker B:I think sometimes companies are too focused on just like the product and they're not focused enough on the community.
Speaker B:And the community is such a powerful thing in terms of keeping people within your platform and, and having fun, keeping.
Speaker A:Them participating, keeping them creating.
Speaker A:Because you know, to your point is that you're creating content is, is one of the fundamental things that keep going.
Speaker A:If you just stop creating, eventually it becomes steel.
Speaker A:It becomes almost feels a little bit about, you know, after using some of the AI models for a couple of months and if no one's contributing new learning to it, it just becomes this is very much the same, same thing, same answers as it was six months ago.
Speaker A:It's not learning if I.
Speaker B:Similar to me, like you love learning and, and me too, like in Pond Labs, I feel like I'm learning on the business side, I'm learning on the content and research side.
Speaker B:I'm learning, creating and researching new scenarios.
Speaker B:I'm learning from amazing researchers in the industry who are publishing blogs and you know, some of the, some of the people in pwned Labs as well who are like investors.
Speaker B:So we did a community investment round.
Speaker B:I'm not sure if everyone knows this, but we kind of opened up ownership of pwned Labs to the community and had people signing up to be like a part owner of Pone Labs, which is incredible.
Speaker B:And we've exclusively selected practitioners in the industry and a lot of these people I'm also learning from or they're kind of saying, well, almost like challenging things.
Speaker B:Yeah.
Speaker B:So I'd say there's a lot of people inside Pony Labs that I'm learning from.
Speaker B:Like some of the amazing practitioners that we work with inside Pony Labs who are like co instructors or instructors for the various trainings that we have.
Speaker B:Yeah, I'm learning a lot from, from everyone.
Speaker B:And to that point I think if I ever stopped learning, I'd probably stop doing it.
Speaker B:Right.
Speaker B:So if I Poned Labs is this amazing journey and it's, it's got an amazing team and an amazing community and I'm, I'm really thankful and blessed for the journey we have so far.
Speaker B:But I think if I ever stopped learning, I'd probably have to find something else to do because.
Speaker A:Because that's all, I mean that's, it's what life's all about is finding a passion.
Speaker A:It's about having something to keep the motivation going.
Speaker A:I think going back, if I was to change things, you know, as I was doing my learning path a couple years ago, I would have probably tried to find a mentor much earlier in the gamification side because I did try to do it a lot of it alone.
Speaker A:I was doing a lot of the boxes all by myself.
Speaker A:And then I would sit, you know, trying to figure out am I having imposter syndrome, am I not good enough to do this?
Speaker A:And then realize that it's just about finding somebody with the right knowledge who can help, help you try to.
Speaker A:And one of the thing is there's, I don't want people to do it for me.
Speaker A:What I want them to do is explain how I can enhance my skills or what area to, you know, point me in the right direction so I can maybe do it self paced, you know, learn it myself and then find out where I'm going wrong.
Speaker A:So definitely getting that community much earlier and getting a good network of people who are skilled in certain areas who can, who can work together as a team because ultimately, you know, that's what.
Speaker A:It's a team effort.
Speaker A:It's bringing that team together.
Speaker B:Yeah, I, I agree.
Speaker B:And some, something, something that I like to do.
Speaker B:I know Tyler Ramsby also.
Speaker B:So Tyler Ramsby has the hack smarter community and obviously we've got the Pond Labs community.
Speaker B:But I feel like both of these communities are very encouraging to beginners.
Speaker B:They're very welcoming to beginners.
Speaker B:It's not really this kind of elitist thing that you can sometimes get, I guess.
Speaker B:But some, something that me and Tyler both like to do as well is we like to mentor people in our communities and this isn't like a paid thing, right.
Speaker B:And so people can literally just book a time.
Speaker B:So yesterday I had a really nice call with someone in our community and they're like 18 years old and not really sure what to do.
Speaker B:So I had a great chat with them and I feel like there's some things that give me a lot of pleasure and one is obviously learning and researching and seeing people, seeing people kind of change and improve and develop.
Speaker B:And so that's why I like mentoring people internally but also in the community that it gives me a lot of satisfaction.
Speaker B:In terms of me though, I think that, you know, I'm not just someone who is mentoring others.
Speaker B:I get a lot of, I get a lot of help.
Speaker B:And there's many times, Joe, where I'm like maybe second guessing myself about like and and so that's really where I kind of just, I have many people, to be honest, that I feel I can reach out to and be like, just have a chat with them and like, is this the right kind of approach?
Speaker B:Like.
Speaker B:And so again, it comes down to speaking with people in your community and kind of that kind of process of speaking with someone helps to kind of clarify things in your own mind, I guess.
Speaker B:Whereas if you're just doing something alone and to be honest as a founder as well, then it can be quite a solitary journey sometimes.
Speaker B:So yeah, I'd say for students, absolutely.
Speaker B:This kind of social learning side and joining a community where you can learn with others is the way to go.
Speaker A:Absolutely agree.
Speaker A:So one of the things I've always admired with Pawn Labs and your vision and taking the new journey and adventure is that there was definitely a massive gap and I do still see that gap.
Speaker A:And it's great that Pawn Labs is ticking a lead in that area which is around knowledge in cloud environments.
Speaker A:Specifically, you know, cloud misconfigurations about, you know, how, you know, to secure clouds.
Speaker A:What's the risks and vulnerabilities in cloud cloud environments.
Speaker A:So many organizations struggle with it today because, you know, finding knowledge and finding experienced people, you know, practical real world knowledge across a hybrid multiple cloud environment.
Speaker A:What do you see there?
Speaker A:Is that something that, you know, still.
Speaker A:Still is are we getting better at it or are we still a long way to go?
Speaker B:Good question.
Speaker B:So I'll kind of, I guess I'll start by saying that we don't just train people in PWN Labs.
Speaker B:So we kind of, we talk the talk, but we also walk the walk in terms of we do penetration testing across the cloud, AWS, Azure, GCP, M365 and on premises and web.
Speaker B:It's a mix obviously of configuration reviews and penetration testing and stuff like that.
Speaker B:I've kind of got an active GCP engagement that I've been working on this week.
Speaker B:And that reminds me, I actually need to work on the work on the, the report today.
Speaker B:So I've got that later on.
Speaker A:The fun part, the one that make the hardest part that people, people don't realize, you know, sometimes they see our job as, as exciting and fun.
Speaker A:But, but there's a lot of, a lot of the tough tasks in the background.
Speaker A:Such as writing reports.
Speaker B:Yeah, the easy part is actually hacking into stuff.
Speaker B:The hard part is the report.
Speaker B:What we're seeing generally, I guess in our engage that cloud is hard, just like on prem is hard in general.
Speaker B:Any sufficiently complex system is Hard to secure.
Speaker B:Right.
Speaker B:And I wouldn't say that cloud is necessarily more secure than on Prem.
Speaker B:On prem isn't going away.
Speaker B:It's going to be there.
Speaker A:It's going to be there.
Speaker A:It's.
Speaker A:We have data sovereignty and other other things that force that to.
Speaker A:To be in existence for a long time.
Speaker B:Exactly, exactly.
Speaker B:You know, you're right.
Speaker B:There is this kind of, you know, more a lot of companies are thinking about the cloud.
Speaker B:I'd say it's true to say that there is an or kind of a really strong trend for companies to you know, be implementing some sort of hybrid multi cloud architecture and you know, whatever stage they're on in that journey, whether they're kind of migrating workloads, workloads to the cloud or they're kind of thinking about it, many companies are kind of choosing bits from each cloud platform as well.
Speaker B:And if I was in a company, Joe, I'd be like, to be honest, I wouldn't use that service because I know, for example it's easy to enumerate externally for threat actor I'd use this service, from that one I'd use.
Speaker B:So I'd kind of cherry pick the services and create this kind of multi, hybrid, multi cloud environment.
Speaker B:And that's what a lot of companies are doing as well.
Speaker B:They're kind of choosing the best bits from each.
Speaker B:Obviously a lot of companies also are active directory in Microsoft shops and Azure and M365 just makes a natural transition.
Speaker B:Obviously there's really strong reasons for going for GCP and AWS in terms of the breadth of services available and the cost efficiency as well that you can get for some workloads.
Speaker B:There is also a, you know, it's fair to say as well that there is also a repatriation effect where companies try the cloud for certain workloads.
Speaker B:Realize actually you know what, it's probably better if we have this on prem so they kind of repatriate that.
Speaker B:But in general I'd say that Net net there is an increasing trend to the cloud and there is also this kind of assumption sometimes that you can take a workflow that existed on Prem and create it now in the cloud and it's just going to be secure.
Speaker B:You don't really have to worry about it.
Speaker B:But yeah, there's a huge need for people to be able to secure these cloud environments.
Speaker B:And for sure, like what what we're doing, which is obviously cybersecurity, cloud security and now AI security.
Speaker B:I'd say to the people who are looking to get a really good career that will allow them to kind of get enjoyment from their career and hopefully financially do very well as well.
Speaker B:Cloud security and AI and kind of, that's kind of at the nexus of three really strong growth factors.
Speaker B:And even with AI kind of being, you know, on that crazy journey since ChatGPT launched or even before that, right, where we're kind of worrying a bit now like, well, what's AI going to be able to do in two years?
Speaker B:And so everyone's kind of got this kind of feeling maybe that, you know, as a young person who's kind of like looking to get in, into the industry, maybe they're at university now, maybe they're just starting their career and they're thinking, well, what would be a safe bet for me that's not going to be completely automated in two years time?
Speaker B:Right.
Speaker A:What's going to be a position that's not going to be bought by the time, by the time you're starting your career?
Speaker B:Exactly, exactly.
Speaker B:And so that's why I'd say with AI obviously being cloud first, with SaaS being like it used to be, where you could maybe pwn an active directory domain and get access to everything inside, but more so nowadays it's like the actual secret source, well, not the secret source, but a lot of the important data is hosted in SaaS that is maybe authenticated using a Google login or a Microsoft login.
Speaker B:And so you have this kind of thing there where you can potentially gain access to all the data in the company without even compromising their active directory environments.
Speaker B:Yeah, for sure.
Speaker B:Cloud security is something that is growing for sure and on premises isn't going away.
Speaker B:It's, it's, it's going to stay there.
Speaker B:But if you're looking to get into the industry and you're looking to kind of, you know, you've got a choice.
Speaker B:I'd say that cloud security, AI and so these are careers that won't be replaced by AI, but you'll kind of be augmented with, it'd be an assisted,.
Speaker A:You know, with, with AI knowledge, you'll have lots of assistance helping you navigate the way.
Speaker A:One of the things I kind of, since you're into the continuous learning side of things yourself, what's the way that you stay up to date?
Speaker A:Is there, you know, events, conferences, casts, books, audiobooks, what's any, anything recently you've, you've, you've listened to or read that was insightful?
Speaker A:What's the way that you stay up to date?
Speaker A:And do you have also any mentors that you look to, for, for, for advice and direction.
Speaker B:Yeah, good question.
Speaker B:So I think probably five to ten years ago I was doing a lot of reading in terms of, of business because I realized that there's something I really wanted to get into.
Speaker B:And so I did a lot of reading on that.
Speaker B:But in, in terms of the technical side, it's, it's just every day there's like a blog article or something like that or some research.
Speaker B:And so how I stay up to date is I kind of focus on things that interest me.
Speaker B:If it doesn't interest me, I, you know, I don't really give it any time.
Speaker B:And so that's what I'd say to people as well, is to follow what your actual interests are, what you enjoy, because you're just going to learn so much more because it's going to be easy just to read something and learn.
Speaker B:So, yeah, that's how I stay up today is just through reading a lot of blogs.
Speaker B:There's some giants in the industry.
Speaker B:There's so many people in the industry who are doing amazing things and also share their learnings with the community and create a blog on it, or maybe they create a lab on it or however they do it.
Speaker B:These are people that I kind of learn from generally and just reading some of their articles, it's like, wow.
Speaker B:Like, for example, recently we had this whole thing with cicd workflows, embedding AI and LLM.
Speaker B:It's like I didn't even know about that, but this is this whole kind of attack surface that is really interesting to me.
Speaker B:And so I've, I'm planning a lab on this next, the next AI and Azure lab is going to be based on that.
Speaker B:So like GitHub Actions, embedding AI agents and moving into, you know, some really fun exploitation steps after that.
Speaker B:So I learn a lot through creating, honestly, through researching, creating scenarios.
Speaker B:It's, it's what I, it's what I enjoy.
Speaker B:Like, I probably wouldn't be doing this if I didn't enjoy that.
Speaker B:Right.
Speaker B:So that's, that's kind of how, how I learn.
Speaker B:Conferences and stuff like that can also be interesting.
Speaker B:Listening to people, sharing their experience and having different perspectives is something I like as well.
Speaker B:But yeah, generally it's kind of also in the community.
Speaker B:There's lots of people asking questions in the Pone Labs community like, oh, what about this, what about that?
Speaker B:And inevitably, even if I'm in the middle of something, I'll kind of probably stop and I'll chase down a rabbit hole and find out the Answer and kind of learn something along the way as well.
Speaker A:I'll definitely make sure that for the audiences, you know, for the.
Speaker A:For the Porn Labs Discord channel, I'll add the link to the show.
Speaker A:So they do want to participate and join the community.
Speaker A:They have an easy way of finding it.
Speaker B:I appreciate it.
Speaker B:Thank you.
Speaker A:If the audience does have any questions or want to follow up or want to contact you afterwards, just to kind of get some insights, some direction, what's the best way for them to reach out to you?
Speaker B:Well, that.
Speaker B:That would be amazing.
Speaker B:Firstly, so on.
Speaker B:On LinkedIn, you can reach out to me there.
Speaker B:Happy to have a chat.
Speaker B:Discord.
Speaker B:I'm kind of.
Speaker B:That would be a really good place to reach out to me.
Speaker B:My name is.
Speaker B:My handle there is E G R E55.
Speaker B:And I'm kind of in the top.
Speaker B:Right.
Speaker B:If you just click on me, you can send me a message.
Speaker B:Honestly, happy to chat about anything, whether it's your career, if you need.
Speaker B:If you, you know, you'd like some guidance or just someone to talk to about something.
Speaker B:Always happy to jump on a call or, or just have a ch or whatever.
Speaker B:So, yeah, LinkedIn or Discord would be the best places, I'd say.
Speaker A:And yeah, Ian, it's been awesome having you on.
Speaker A:It's really great to hear the journey that you've been on and what you've been up to these last couple of years.
Speaker A:It's always fantastic.
Speaker A:And what you're doing for me, you know, is you're making the learning path and the knowledge path a lot easier for many of us who need it in the industry.
Speaker A:So thank you for everything you're doing.
Speaker A:So for the audience, hopefully this has been interesting, valuable episode for you.
Speaker A:Lots of learning, lots of new things, lots of places to go and look into.
Speaker A:Search and see if you can actually find more possibilities to learn new skills and find out new platforms.
Speaker A:So for the audience, this is the security by default podcast.
Speaker A:Tune in every two weeks for new episodes, new guests and new insights.
Speaker A:So everyone stay safe.
Speaker A:Take care until the next time.
Speaker A:Thank you.
Speaker B:Thanks, everyone.
Speaker B:Thanks, Joe.
Speaker B:Appreciate it.