Podcasts

Podcasts


Exploring Imposter Syndrome through Experience, Education, and Gatekeeping with Lesley Carhart

A top cybersecurity practitioner talks about the importance of culture, continuous learning, and work-life balance in overcoming imposter syndrome.


Notes:

Lesley Carhart, principal threat analyst at a leading cybersecurity company, was brought up on a farm with an "old-school hacker" (her dad). She shares how her experiences as a high school coder and military avionics technician ultimately led her to a successful cyber security career.

Despite all her success, like most of us Carhart is no stranger to imposter syndrome. She discusses the barriers she's faced to being perceived as an equal and the steps individuals can take, including training and certification, towards trying to overcome imposter syndrome in the workplace.

Bio:

Lesley Carhart is a Principal Threat Analyst, Threat Operations Center at the industrial cyber security company Dragos, Inc. She is recognized as a subject matter expert in cybersecurity incident response and digital forensics, regularly speaking on the topic at conferences and universities.

In 2017, Lesley was named a "Top Woman in Cybersecurity" by Cyberscoop news and received the Guidance Enfuse conference "Women in Technology" award. She holds a Bachelor's Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves.

In her free time, Lesley co-organizes resume and interview clinics at several cybersecurity conferences, blogs and tweets prolifically about infosec, and is a youth martial arts instructor

Return to Episode List
Transcript:

Jason Nickola: This is "Trust Me, I'm Certified," brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome. I'm your host, Jason Nickola. And on this episode, we're joined by Lesley Carhart, Principal Industrial Incident Responder at Dragos. Despite achieving success and relative fame in the infosec world, Lesley remains one of the more accessible and consistently positive figures that we have in the industry. In this conversation, we explore imposter syndrome: the ways that it can affect your career and some mechanisms for coping when you're struggling with it, in addition to lots of other tips and stories from Lesley's background. So, with that said, please enjoy our first episode and an interview that I really had a lot of fun recording. We hope you like it.

Jason Nickola: Lesley, it's an absolute pleasure to have you here with us.

Lesley Carhart: Thanks so much for inviting me.

Jason Nickola: So, you do a ton of work around career building and a lot around enabling the community. But before we dig into some of that stuff, when did you start getting interested in technology? How did it - what do you consider your origin story in the industry?

Lesley Carhart: My origin story? Oh, gosh, see mine is so atypical, it's very stereotypical, and, uh, really a lot of people have - there's a million ways to get into security. But mine was a very prototypical story of I was a little kid, you know, like seven or eight. And I grew up on a farm, and there wasn't a whole lot around at the time. And, you know, not a lot of people to talk to and stuff. And my dad bought a computer when I was tiny to do accounting and bookkeeping for the farm, and my choices were go keep myself entertained with that computer or go pull weeds on the farm. And I realized really quickly that, well, I don't have anything against farming. I would rather not do that for the rest of my life.

Jason Nickola: Easy choice.

Lesley Carhart: Um I mean, it's not for everybody, but for me, that was the choice. So, at the time, it was really cool, and I really feel badly for kids today because, you know, they get exposed tablets and things that are super locked down. They don't have the exposure I had to like my math text book of the time had basic programs in it.

Jason Nickola: Sure.

Lesley Carhart: You know, and then you buy your magazines like your Popular Electronics or something and it would have hobby programming and at the time you really had to build anything wanted into a computer, because what was there was so limited and so architectural that you really had to learn how to build your own stuff and make the computers do what you wanted.

Jason Nickola: Yeah. So, you have this computer at your dad's farm, and you're kind of just hacking away at it and figuring things out. At what point did it become more than just you by yourself trying to figure out how to bend this computer to your will?

Lesley Carhart: When I was about 14 I was friends with all the nerds, you know, that's what you do when you're a nerd.

Jason Nickola: Right.

Lesley Carhart: One of my friends came to me and said, there's this company that's hiring interns. They're hiring intern programmers and you know how to program, right? And so I went there and I interviewed, and this was the dot com boom. You know, it's different now. At the time if you knew how to use a computer, write some code, you could get a job, and I definitely wouldn't say it's like that for programmers today. This was the wild west, and they hired me on as a cold fusion and SQL developer at the time. And I was a kid, working writing code, and for, you know, kid job prices. But it was great exposure to corporate life and computer science and working in IT. So, I've been doing this for a very long time.

Jason Nickola: So, being so young - was that kind of nerve wracking? Were you just excited to be there or, you know, did it make you feel like you were playing with adults?

Lesley Carhart: You're invincible when you're a teenager. You know everything when you're a teenager - except that you don't. And you know, it wasn't bad. It was a cool culture to be a part of. You know, nineties IT culture and hacking culture was just such a blast. Everybody was hopeful for the future. I think that was really kind of a heyday, even though it was the wild, wild west, because everybody thought the sky was the limit. You know, where we would go. We weren't thinking about all these consequences. We have today ethical consequences and, you know, social and political consequences of the Internet and technology and social media that we have today. It was let's go see what this wonderful new thing can do.

Jason Nickola: Yeah, and the hacker and kind of tech community around Chicago, is that how you first started to get exposed to some of those ideals and how did you start to build yourself out as a community member in the earlier days?

Lesley Carhart: There was always a wonderful hacking community and tech community in the Chicago area. It's always been a good center for a very friendly community and a good group of folks, a lot of people who want to help each other succeed. It's changed a lot, but it's always been good people.

Jason Nickola: Right. So eventually you move on and you were in the armed services right, you were in the Air Force?

Lesley Carhart: Yeah, I was in the Air Force. After the dot com bubble burst, you know, it was kind of like what now. Like, this is this sounds kind of cool, let's go see how airplanes work, you know? So, I enlisted as an avionics technician taking apart aircraft radios and GPS in the early days of GPS and it was really cool.

Jason Nickola: So, with your exposure to other areas of engineering and technology, was there ever a sway to move you further toward that stuff, or did you kind of have a running theme the entire time that computers are kind of my thing, I'm committed to that, and I'm doing other things to expose myself to new areas and to grow. But have you been consistently committed to computers and technology as a career throughout?

Lesley Carhart: It's all technology, and I'd say I've always actually naturally been a more of a circuits and wires person than a programming person. I think people's brains are protected a little bit differently, different people are wired differently, and I've always been much more on the side of circuits and wires and how are things processed at a low level than at the higher level, like object-oriented programming thinking. And it's fine to do either, but that does just fit naturally. I have an electronics degree and an avionics degree as well as network engineering. That's kind of more of the way that I work. So, in my brain it all fits together, in my brain I see the big picture, and you know, it doesn't matter whether it's a computer that's running avionics, or it's a computer that's running smart devices, it's all circuits.

Jason Nickola: So, you mentioned that you studied networking, and at that point coming out of that you were in the armed services and you have a degree with formal education and you were a very precocious child that learned to code early on and that professional -

Lesley Carhart: Oh, I was a horrible child. But I guess I was precocious [laughs].

Jason Nickola: [laughs] I actually think about those kinds of things sometimes, as I have a young son and as I start to see him demonstrate the same kinds of curiosity and stubbornness and just real wonder at how things might work and then frustration at not being able to figure things out entirely and communicate it. It must have been very difficult to put up with me when I was a child.

Lesley Carhart: Yeah, my dad is an old school hacker. You know, he was a guy building his own TVs out in the garage. We had constant wars growing up. He installed a switch that was like seven feet tall on the ceiling to shut off the phone line to my room. That was before the days of WiFi filtering. I'd be, you know, doing whatever on the phone line and he'd come up and he'd switch it off and I couldn't reach it without getting some boxes. And then, you know, on the computer side of things he learned how to lock down executables as he could in DOS. And then I'd figure out a way around it. It's amazing we didn't kill each other.

Jason Nickola: It's fun and funny, but it's great experience too.

Lesley Carhart: Sure, absolutely.

Jason Nickola: So, by the time that you're ready to join the professional world as an adult, you have way more experience than most people do at that point because of some of your background. Did you feel that you were just really confident to step into your first role? Were you super assured? Or was there some trepidation as you started to step into the professional world?

Lesley Carhart: Nobody's confident. Nobody who knows a small amount of things, nobody who's seen the big picture is confident they know a lot. The more you learn in IT, in security, if you have any sense at all, what you should be learning is all the things you don't know. And still that happens to me today even. Somebody throws some random PowerShell problem it at me, and I'm like, wait what. I haven't done that recently. You never feel totally assured that you know everything, no matter how long you've been in security, if you have any good sense and you have a real understanding of how big and complicated the problem really is.

Jason Nickola: Sure. Yeah, that's such a great point. If you have your wits about you and you're going about things the right way, then sometimes the increase in experience is actually more of a notification that wow there is so much more to learn, there's so much skills that I still have left to learn.

Lesley Carhart: Which is just great. It's great, I don't want to spend the next 30 years of my working life, you know, being bored, not having anything else to learn. I don't think there's any risk of that here. And there's jobs out there like that that don't change a lot and you learn everything and just do the motions for 60 years. You know, it's crazy, you know?

Jason Nickola: Yeah, and there are lots of roles in lots of places where we need those kinds of people that are more steady. But one of the things that I'm really passionate about, it sounds like you are, too, is finding people who have those same kinds of intangible skills that are maybe misplaced or underserved or just haven't had some of the opportunities yet because if you can find those people that are really passionate about growing and want to learn new things and continually push the boundaries and that we are in the field where you can have a lot of success if you just get the right opportunity.

Lesley Carhart: Yeah, if you have the right climate. And also, if the people around you understand - and something that I've really realized it's important over the last few years as I've become, I've gotten into more senior rules, more leadership roles, is you have to be in a culture that also understands how you learn and how you think, that team dynamics stuff is really important to help you grow

Jason Nickola: So important, sure. That's a great point. So, coming into technology before the burst of the dot com bubble and then becoming a cyber security professional, kind of at both of those stages, there's a lot of new ground right and especially as you start to talk about women and minorities there weren't as many models for success, and people that look like you or sound like you or come from where you come from, that can kind of show you the way. Did you have anybody -

Lesley Carhart: No, I've never had that. I've never had that once in my career really. I've never had a woman or non-binary mentor. I've had some mentors later in my career, but really I had to go it alone early in my career. You could find a lot of people who wanted to talk about things, you could find people who wanted to explain how things work because people like to talk about things that they know. But as far as like, OK, so this is what you should do next, no, I didn't [have that] starting out, and part of that was you had to work really hard early on in this field to be accepted as one of the geeks. And, it's gotten better but in the nineties and the early two thousands, man. And it wasn't just, you know, IT and working in the field. It was being a Star Trek fan or being a science fiction literature fan or liking gadgets, liking RC planes, things like that. You showed up to those places, people made assumptions about you by looking at you. They made assumptions that you didn't have the technical knowledge, that you hadn't been doing this since you were a kid, that you didn't have the fundamentals down. And you had to get in there really quick and start, you know, being assertive and banging away and proving that you were one of the guys. In any subculture, it's the way human brains are wired. Okay? It's easier is a concept in anthropology called "the other," and we tend to see the group of people who are like us and whether that's, you know, subculture, culture, politics, religion, our gender, you know, we see people who are like us, and those are our people. And then there's these other people and that's where these kinds of biases come from. We see somebody who doesn't fit in our box, and we're like, they must not be like us, you know? And then we started having problems, so definitely being assertive in being out there and proving that I knew my stuff was really important. It's a lot harder to find mentorship when people are like "You're not like me. I don't know how to handle you because you aren't in my group."

Jason Nickola: That's one of the reasons that I think having those models is so important because the reverse of that is that you know, if you don't see anybody like you that has gone the path that you would like to go, then it is easy, especially for some personality types, to maybe adopt that and limit themselves from areas that they don't see others who they can relate to, kind of breaking into it.

Lesley Carhart: Oh, sure. And if I could encourage people to do one thing is try to think outside of at least the box that you see, and this goes all directions, this goes for everybody. When you see a group of people and they don't look like you, understand that you might have similar tastes outside of the visual things, you know, they don't have to look like you. It's what's going inside in their brains and their lives. And you don't know any of that by just looking at somebody. It doesn't matter how they dress. It doesn't matter their gender, it doesn't matter their ethnicity. You don't know what's going on inside their brain. You can't make those assumptions. We are a community made up of a diverse group of human beings. And that's the important thing. It's who you are and what you bring into the field and your interest in it that matters.

Jason Nickola: Yeah it seems like the answer to so many of our problems is just to sit down and talk to people and kind of get into the weeds even though we as a species do our best to avoid that.

Lesley Carhart: And focus on the similarities and the benefits that the diversity can bring. You might share a lot of things, and then the things that you don't share, the differences that you have, only make us stronger, only make you better. They only help you learn more, and they help the community grow: the community of practice and the social community.

Jason Nickola: Right. So, it sounds like early on you identified that even in some of these subcultures I have to prove my chops. And I'm gonna do that by knowing my stuff and sounding confident and being assertive. Were there times when you maybe second guessed yourself or there was enough of going against the grain and trying to beat back some objects in your path that even just a little voice in the back of your head that would start to say, "well, maybe this isn't for you?"

Lesley Carhart: Yeah. So being somebody or not is very exhausting. When you have to be part of the group, when you have to be one of the guys, yeah, there's a lot of hate. This is quote unquote "guy things" that I like, like marksmanship, like hunting, and I like the technology stuff and science fiction and all that jazz. I love that stuff, I really do. But then there's other stuff, like football and golf, and I don't care about it. And just like the seedier side of the guy culture. And there's these judgment calls that you had to make at the time. You know, like I am in this community and they're saying really important things that I need to learn about technology. And if I say, stop making these jokes about sometimes really horrible things, if I speak up, then I'm not gonna be one of the group anymore. I'm gonna suddenly be that "other" and they're going to ostracize me, and then I'm gonna lose my access to that community that's educating me on this field. You make a choice there. You have to make a decision. Do I hope to make a dent in this person by getting in a debate with them, and get kicked out of the group? Is that the ethical thing to do? Is that the right thing to do, is losing my access to this group and my ability to move further in this career? Or do I keep my mouth shut and not say anything about this horrible culture or activity or something that's going to harm somebody else? It's a constant set of decisions like that when you're bidding into a culture that isn't yours or a group of people that isn't exactly like you. And I don't think a lot of people realize that people are making those decisions.

Jason Nickola: Yeah, you're absolutely right. It's an important part of the conversation that gets lost in the shuffle, especially from people who maybe don't put as much credence in the need for advancement of any minority culture. And it's gatekeeping, is largely what it is, because you have to overcome and make a lot of these decisions and deal with uncomfortable situations that other people just don't have to.

Lesley Carhart: I mean, it's not necessarily things that every white male likes. A great example is, and I know you've been in this field for a long time, so back in the late nineties, early two thousands, a big thing at security conferences and security events was going to strip clubs and, yeah, not every guy wants to do that, either. It's like a bravado thing. So, you know, it's kind of awkward to be taken there as a professional event and just awkwardly sit there and have beverages while some of the guys are having a good time, and having that being a gate to get into a meeting next day, or being part of a community, that's difficult. And to some people, that is much, much more offensive and difficult to deal with for religious reasons or for cultural reasons or for personal reasons. And I mean, why do you have to do that? Why is that necessary? Really, I know it's like a bravado or macho thing, but there are a billion other places you could meet. Why? Why did they feel like that was necessary? Unless it was intentional gatekeeping.

Jason Nickola: Sure. So, at what point would you say your career started to shift into cybersecurity specific focus?

Lesley Carhart: I moved into a SOC after a while. It took a while. I really wanted to do digital forensics. That was my thing. I had loved - and again I'm a circuits and wires person - so hard drive forensics and RAM forensics was something that fascinated me for a long time and just the investigation of it is really cool and, man, I tried so hard for years and years and there weren't many jobs at the time and not in that field. And I couldn't find anybody who would even have a conversation with me in terms of mentorship. Though eventually the only way I found to get hands on with forensic software was becoming a stock analyst. And that's what I did.

Jason Nickola: Cool, so at what point would you say your career really started to take a turn? So now you're really well known, and you're the one thing that I appreciate is you're well known for continually being positive despite the fact that you've had a lot of success and get a lot of recognition. I think there are lots of examples of that not being the case, I appreciate that. But at what point would you say you broke in and you started working in forensics, and then there starts to develop this entire field around cybersecurity, and you get these niches like DFIR and offensive security, these kinds of things. You started to grow and become somebody who's known in the industry. Was that something that was difficult for you to deal with? Was it just kind of a natural thing, or was it a little maybe weird to you?

Lesley Carhart: In terms of just having people listen to what I had to say, I don't know why people do that, oh, my gosh. You know, I've been doing this for a while and I know a few things, and I like to share them, and I try to be positive. I definitely try to, because there's a lot of negativity in our field. And I mean, God, we're not putting out house fires we're sitting in front of keyboards, for Pete's sakes. I don't think you can take anything that we do that seriously. It's really important geopolitically in a lot of cases, but again, we're not out there, you know, with buckets and hoses. You can't take yourself too seriously in this field. And I think that a lot of people who get a lot of attention really start to think that they're rock stars and they're the best thing since sliced bread.

Jason Nickola: That's one of my least favorite terms in business overall and then in security specifically is that concept of a rock star.

Lesley Carhart: I'm just some person you know. If I can help people do better, that's great. I can help the community move forward. I'd like to make a mark on it somehow. That'd be really nice. I'd like to see the next generation not deal with some of the problems we've dealt with. Hopefully, by the time we get two generations down the line, Windows XP is gone, but it won't be. It's always a little awkward for me to have people come up to me and tell me they've been following me and they're super excited to meet me and oh my goodness, it's just a little overwhelming. Yeah, but I'm glad to have made some dent on something in the world. I think that's all that we can do as humans is try to leave the world a little better than we came in.

Jason Nickola: So, imposter syndrome is kind of a buzz word lately, and it's gotten a lot more attention, which is a good thing because it reduces some of the stigma. But is this, looking back on your career, is it something that you see a running theme of? Was there evidence of it maybe earlier on in your career? Is it something that you've only more recently become exposed to?

Lesley Carhart: Oh, gosh, you know, I said this earlier in our chat. But if you know anything about the field and you really have taken the time to understand what security is and what computer science is, if you're not feeling some impostor syndrome some days, then you really should be [laughs]. It's just our field changes by the minute. It changes by the minute; there's new vulnerabilities, there's new tactics from adversaries. There's new problems that we have to face socially and politically. And what our job is - the little blurb for our job position in general for cyber security changes by the minute. And if that doesn't make you feel some imposter syndrome, I mean, I don't know what to tell you. We all feel it. Like I said, I run into weird questions about security or logs, niches that I'm not really involved with every day. I'm like oh God, here's this whole other field that I don't know a lot about, and I don't know when I'm gonna have time to learn more about it. And I'm very lucky to work with a lot of really, really brilliant people in niches that are not my niches, especially, you know, advanced red teaming stuff, exploit development, and I wish that there were 50 hours in the day and I didn't have to sleep, and I could just study more of this stuff.

Jason Nickola: Right. Yeah, so for me being a SANS instructor and trying to present more and be out in the community and even in my day job talking to lots of important companies and that kind of thing, you sometimes get into a mode where you're just like, do I belong with this group and is this the right opportunity for me? And when I talk to others about it, that's one of the most common repercussions of imposter syndrome that I find, is people gatekeep themselves from new opportunities. Whether it's seeing a job posting that that they'd really love to go for, but they see that it says you need to have 5 to 10 years experience and they don't have that yet, or looking at a community group and seeing some of the people that are involved in and deciding, well, that group's not for me, because I'm just getting started. Do you hear a lot of those same things of people kind of keeping themselves from opportunities just because they're unsure of whether or not they have the chops?

Lesley Carhart: So, Auntie Lesley secrets for young people getting into this field: we've all been rejected, we've all applied for jobs and got rejected and it's been terribly disappointing, and we don't know why, but - and community groups too. We've all gone to a conference or gone to a meet up where the people were toxic, and they were just really unpleasant to deal with or they just didn't want us there. It was their group, and they didn't want us there, and that rejection will happen.

Jason Nickola: So, one of the things that I really enjoy about your story and some of the things that you talk about is you are interested in so many different things. I think it's probably rare to find a woman that works in cyber security that was in the military, that does martial arts and a lot of the things that you're interested in. So, I think that having lots of different interests and finding small success in many different areas can be a real confidence builder and help to do things like combat feelings of imposter syndrome when they do happen. Has that been your experience? Have you made a conscious effort to try to be varied in your interests? Or is it just, you know, a natural occurrence of your personality?

Lesley Carhart: Oh, well, I mean, I would like to be a doctor and a lawyer and an astronaut [laughs] and I want to learn everything. But, you know, it's really important to be, for work-life balance too, you need to be well rounded and be a human being. There's a lot of people in our field who think that to succeed, they have to work 12 hours day in security and nothing else. And I meet people like that sometimes in job interviews. And I try to get them to talk about their other hobbies and tangential stuff, and it's like "I build exploits." And that's okay, but human beings should be able to do a lot of different things as well, like survive and take care of themselves and be a well-rounded conversationalist. You should have outlets. It's just good for your mental health and wellness. You should have things that help you walk away from security for a little while, even if they're tangential things like electronics, you know, hacker space stuff, etcetera, craft projects. But you need to have things that help you decompress and stay healthy and stay balanced. And that's gonna become - when I said I said earlier, when you're young, you're invincible. You know, when you become a little bit older after you've been invincible for a while, you realize that you're not invincible, and you need to do things to make yourself a healthy person and step away from your work sometimes. And you know, you only live once, too. And if you want to do things other than security in your life, well, get out there and do them because your life goes fast.

Jason Nickola: Yeah, it sure does. Something else that I think really plays into being able to build up your confidence and combat feelings of imposter syndrome is training and getting some of the actionable skills and getting credentials that when you look at what you've accomplished can make you feel good about things. But for me being in a room with bigger companies and accomplished people and really smart instructors and just getting out and having the experience and feeling like, hey, I can keep up and I can do good work even with people that I respect and that I know are strong in the field, has been a real asset. I know that you've done a lot of training and have produced resources on certification study and that kind of thing. Has that process been helpful to you, not just in building your skills, but in more confidence building and your ability to continue to push yourself out there into the world?

Lesley Carhart: I think that formal education is great. I think that there's definitely other avenues if it doesn't work for people or if it's not financially doable. But I mean, there's a lot of things you gain from being in a classroom situation or doing formal organized training that you don't necessarily gain from self-study, and they're not necessarily the technical details. I've always been one of those people who does say that college is a great route to get into security because - I mean, it doesn't work for everybody. There's definitely other avenues, but certifications, college classes - you get things out of them that are separate from, you know, just the stuff on the page. And there are things like what's the instructors teaching style? So, when you teach a class Jason, you probably teach it differently than the other people who teach that certification. You take pauses at different places. You explain things differently. You might explain problems from a different direction or a different perspective, sharing your work, your real-life experience and stories and you're helping people grasp things from a different direction, and you're also teaching them how to teach. Because everybody who teaches or instructs - and I teach courses as well certification courses from my employer. Everything that I know as a teacher, I've never gone to a formal course on teaching, but everything I know about teaching, I've learned from watching other instructors in college and in certification courses. So, you're getting that, too. You're learning how to express and convey ideas to other people, and you're learning how to organize your time, you're learning how to plan for an exam and get your ideas on paper and sort them out in coherent ways. So, you're not just getting the certification contents, which are great, but you're also learning a bunch of other skills as well. So, I'm definitely an advocate of both, and I think that they're both beneficial, but if you can't afford them there are other options. Or if they're not something that works for your perspective and your mind, that's fine.

Jason Nickola: Sure. So, you mentioned that early on you didn't really have a mentor, and it might have been nice to have one. You've grown into someone who really provides a lot of even indirect mentorship by sharing your experiences and putting a lot of resources out there in the world. How has that experience of not having a mentor and kind of having to work through some doubts and build your career on your own, how is that colored the way that you try to be involved with the community now, as somebody who's kind of come out on the other side?

Lesley Carhart: It broke my heart. It made me really mad, you know. I desperately wanted to get in to forensics much earlier. I desperately wanted to learn more about DFIR topics. And I really wanted that mentorship. I wanted somebody to talk to about these things that fascinated me and I couldn't find that. And I don't want anybody else to feel that way. I don't want anybody else to be out there and going, I don't know how, I guess I'm gonna give up now. I didn't give up because I'm stubborn. But, you know, other people do give up because of these gatekeeping things. These unconscionable things that people do with the culture and they give up and they decided not to go any further because they feel like they're never gonna be accepted in the group, or they don't know enough or they're never gonna know enough. I hope I can save some of those people. It's a big industry and there's a lot of fields and there's a lot of different ways you can go about working in them.

Jason Nickola: I think you're one of the best examples of trying to provide those positive messages and really not only focus on the technical component, which we're all interested in, but in things like how to build your career and how to interview well or how to construct your resume so that you can get new opportunities and kind of pushing people beyond their comfort zone. So, with that experience and in kind of your place in that area, what words of encouragement would you offer to listeners that are maybe thinking, I want to get in to cybersecurity or I'm working help desk or I'm trying to build my career, I'm just not feeling like it's for me or are there opportunities out there that I could get. What would you offer to those people?

Lesley Carhart: Find something that fascinates you. Go out there and watch videos from conferences or read articles, whatever medium. Or, if you prefer, listen to podcasts and find some little tidbit in there that really, really just cooks your bacon. You're like, this is really, really cool, and focus on that for a while. Go read into it more. Go down your YouTube rabbit holes or, you know, start reading up on it. Spin up a virtual machine at home and start poking at things. Find something that makes you sit there when you could be watching Netflix at night or, you know, out with your friends at the bar, you want to stay home and read more about this thing or listen to more podcasts about this thing. And it could be an incident in the news, a cyber security incident. Or it could be a vulnerability. Or it could be a historical story about, you know, a piece of malware and how it impacted or how it was built. You know, whatever area of cyber security interests you, find that thing that really, really makes you want to sit there and learn more. And then once you've really read into that, hey, that's your thing. You can explain that to other people. Go give a little talk in your local community group or, you know, if you're not comfortable with that, write a little blog or something. It's okay if it's old news if you explain it an interesting, informative way and it's useful for people who are also in your position. So, it's really a matter of when you're up against the odds, and you're like, I don't I don't know if I know enough, I don't know if they're going to accept me, find something that makes you want to fight.

Jason Nickola: That's a great point. And also I'm definitely stealing the term "find something that cooks your bacon." I think that's needs to be on a t-shirt, if it's not on a t-shirt already. Well, thank you so much for joining us, Lesley. It was great chatting and I really appreciate it.

Lesley Carhart: You too, thanks for having me!

Jason Nickola: That was Lesley Carhart, Principal Industrial Incident Responder at Dragos. Thanks to all of you for joining us for our first full episode. Be sure to subscribe wherever you get your podcasts and visit giac.org/podcasts to sign up for alerts about the show. We'll see you in about two weeks for our next full episode with Chris Cochran, Threat Intel Lead at Netflix to chat about building confidence and experience you can lean on during an incident and throughout your career overall. So, thanks again and we'll see you all soon!

Receive GIAC Podcasts Alerts