Notes:

In part 2 of this special 2-part episode, top cyber defense practitioner O'Shea Bowens joins our host Jason to continue their discussion about strategically building a career in infosec. They discuss key factors in determining the value of training and choosing the right training course for your desired career path, along with how to leverage certifications with your employer. They also discuss the necessary skills for moving into senior roles at work, and how effective communication plays a critical role in every situation.

Bio:

O'Shea Bowens is a cybersecurity enthusiast with a decade of information security experience. He is the founder of Null Hat Security, which focuses on incident response, SOC training and blue team engagements. O'Shea has worked and consulted for companies and clients in the space of federal government, Fortune 500, and international firms. He specializes in areas of incident response, network and systems security, security architecture and threat hunting. O'Shea founded Null Hat Security as he believes a greater focus should be placed on personal engagements with defenders to fine tune skill sets and knowledge of threats for best response efforts. O'Shea is also the founder of SkiCon Conference and the co-founder of "Intrusion Diversity System," a bi-monthly hosted cyber security podcast.

Recommendations based on this episode:

• GCIA: GIAC Certified Intrusion Analyst, prepare with SANS SEC503: Intrusion Detection In-Depth
• GCIH: GIAC Certified Incident Handler, prepare with SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
• GCFA: GIAC Certified Forensic Analyst, prepare with SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
• Real-World Scenarios Add Value to Cyber Security Certifications(https://www.giac.org/blog/real-world-scenarios-add-value)
• Blueprint Podcast (https://www.sans.org/blueprint-podcast) - Blueprint brings you the latest in cyber defense and security operations from top blue team leaders.

Transcript:

Jason Nickola:

This is "Trust Me, I'm Certified" brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome.

Jason Nickola:

Welcome back to "Trust Me, I'm Certified." I'm your host, Jason Nickola, and I'm really excited to bring you part two of our interview with O'Shea Bowens. In part one, we dug into a lot of O'Shea's background in how he became interested in cybersecurity. So please do hop back and check out part one if you haven't given it a listen yet. In this episode, we will dive right into education and training and the role they play in preparing you for a career in the real world. So please enjoy the rest of our interview with the man himself, O'Shea Bowens.

Jason Nickola:

Okay, so you started to want to pick up these bits and pieces from across the different aspects of security so that you can really fill out your skills. And it sounds like contact with people who were experts in that area, or at least willing to help in that area and had some skills, played a larger part of it, a very large part of it. What role would you say that training or certifications play in that, and then just generally for someone looking to build out their skills, how do training and certifications fit in?

O'Shea Bowens:

So I placed it in two buckets, right? So bucket one on the training side, not all trainings are made equal, so there's some that - I fell for this before. I remember when I was maybe 22 going on 23, I went to this CEH class because at the time everyone was telling me that's what I needed. And I was like, I don't think I need it, but whatever fine. It's 2008, 2009, something like that. I was like, fine. I'll do it. But I paid my own money to go to this class. It was - I mean, I could've just taken the test instead of paying the money and showing up for four weeks straight because the professor was basically reading from the book, or the instructor was basically reading from the book. And some of that stuff, I knew - not to say I knew everything, I didn't - but at the same time I was like, okay, I'll never do that again because I didn't go into it really researching what I should expect at the end.

O'Shea Bowens:

I was going into it expecting to take the cert at the end. If I would've known what I knew then, I would have just paid for the cert. So really understand what value you can truly obtain from the certification. So when I say the second bucket, it's really how can you leverage the certification? Because I've managed teams and people that we've sent off for different trainings or we pay for them. We would let them take vacation for personal development or whatnot. And they come back and you're like, okay, how can we apply this? You know, a good example, I remember I worked with one dude and we sent them off, I think at the time, we'll just say another certification body apparently focused on DFIR. Okay. And he came back, totally passed the test.

O'Shea Bowens:

And we had a small, small incident. And I was like, okay, well we'll say his name is Richard. I was like, all right, Richard just got this cert, he seems like he wants to step up and lead. Let's give him a shot. And nothing from this certification really helped besides the report writing, the report writing was on par. But from the technical perspective, it was almost as if he didn't go. And I was like, well, what did you do when you were there? And he goes, you know, went to class for a week and a half or so, and then, you know, did some exercises. And then he took the cert, but he couldn't apply it to work. That was where the gap was. So when I say that second bucket right around, is it applicable in your development for work?

O'Shea Bowens:

Can you actually use it? And if you can answer yes to both of those then yes, you should totally go for it. Like go get a certification, especially if your company is going to pay for it. Jump on that ASAP.

Jason Nickola:

So have you had other experiences where you have been able to find training that has been applicable or would you really recommend trying to build up your skills ahead of time before you go to some kind of a training to fill things in?

O'Shea Bowens:

No, for me SEC504 was like super helpful. I mean, I know it's a SANS/GIAC course - that's not like a plug that was intentional, but that's just -

Jason Nickola:

I didn't tell O'Shea to say that, he said it on his own.

O'Shea Bowens:

But I remember actually it was when I was looking to move more into an IR role, I took 504 and there was this dude I was working with that was super great from a digital forensics perspective, but I'd worked with him for a year or so.

O'Shea Bowens:

So I picked up bits and pieces from him. And then I took 504 and then I felt a lot more comfortable applying for that next tier type of role. That was when I started, I began to apply for a senior level role. So I wasn't necessarily only focused on Layer 3 security or from an intrusion analysis perspective, just networking. But what I began to focus upon was, well, how do I build out more like a SIEM or IDS from an architectural perspective to a tune into a management? And then how can I begin a sprinkling in a bit of malware analysis? Luckily, this was a while back, but 504 touched on all of those areas. And this goes back to saying just that first bit of exposure, and then you start hammering down on your own.

O'Shea Bowens:

But for me taking 504, passing that, then really going back and forth to the books - I still used those 504 books for dang near three years, honestly. I still don't throw away my books, but I kept going back and just rereading some things. Or I'd look at a particular segment, especially I remember for volatility when I was first introduced to that. I dove deep into the books and then I began to, again, throw it into my lab. Throw some samples at it, start taking snapshots and then start analyzing this, right. And starting to analyze the memory. And that was extremely helpful for me to move into a senior level role. I remember vividly how helpful it was because there's different areas I could speak to and then I can have the cert to back it up.

Jason Nickola:

Right. Yeah. So not only the practical skill of being able to actually do those things, but you shouldn't get a certification just to have something down on paper, but when you are trying to move into a new role and you're trying to demonstrate, hey, I'm willing to put some of the time in and the effort and attention that's required to do some of these things that you need me to do for this kind of role. Well, here's proof that I've been able to do that. So for me, I'm a knowledge hound. I'm just going to keep trying to learn as much as I can. But also the validation at the end of it, like, yeah, I actually did get something out of that, and I can prove it to other people has been really valuable in pushing myself to go to the next step. So when you talked about moving beyond kind of an individual contributor and a tactical component to being more strategic and management and that kind of thing. Did those kinds of things play a large role in feeling like you were ready to push yourself into that next step? Or were there other things that maybe held you back that you had to overcome? And what was that process like for you?

O'Shea Bowens:

Yeah. So one of the something that happened to me, at least in two different roles where essentially, you know, this isn't to harp on anyone, but it was really one of those situations where the individual that served as the manager wasn't as helpful as you would think they would be in a leadership position from a technical chops perspective. So you would ask questions and the response would be yeah, I'm not sure, I used to be technical. Oh, I don't really keep up with it anymore. It was like, dude, why am I listening to you then? I just remember when that happened to me, at least twice, and that kind of drove me to be in this - it put this seed in my head, like I don't ever want to be in a leadership position and someone asks me something and I say, oh, I'm not technical anymore.

O'Shea Bowens:

Oh, I don't really keep up with it. That was one of the things that still kind of drives me to this day, even from like a mentoring or from a team lead perspective or running my own shop. I don't want to be - if I don't know, I don't know, but I don't want it present it as oh, I don't know, I'm just here for the check, you know, I dunno, you guys figure it out.

Jason Nickola:

Right. So in moving from someone who is an individual contributor to wanting to have more effect on people and strategy and processes and those kinds of things, were there - there are definitely technical challenges, right, because what you're describing is your urge to want to master the details so that you're never in that kind of a position, but were there other challenges for you? Like as I think of it, maybe things like remaining a member of the team and your interpersonal relationships and some of the other byproducts of being driven and trying to get ahead in those kinds of things. How did that process go for you as you started to transition outside of just being a tactical kind of resource?

O'Shea Bowens:

I think, and I know, one of the big areas for me was really diving deeper into how I communicate. Like I have no problem speaking with people. I'm a fairly sociable person. But hat kind of takes a back seat sometimes at work, because I'm there to solve a problem while I'm there to actually work. So at times I can be a bit, I guess, short with people at work, earlier. I'm very aware of it now, but you know, five or six years ago, it really wasn't the case. So it came off as, you know, maybe O'Shea is rude. O'Shea doesn't have much patience, which even with the patience I'm still working on that daily. My wife will tell you that, but I had to really take inventory of how I communicate and what in my presence, how did my presence affect the team from overall performance perspective, but also from inclusivity, right?

O'Shea Bowens:

Like if you are the person that everyone feels is rude, or maybe you're short with an individual, no matter how talented or smart you are, people aren't going to want to work with you. That's just the truth of it, right. And so then I realized, I particularly had a case at one point. I remember there was an event we were investigating and if I recall correctly I was analyzing some PowerShell. And just trying to walk through what the calls were actually touching, looking at a couple of the IPs, they're a part of this campaign. And I was very drilled into it. And I guess a couple of people were asking me questions and I was like, dude, just DM me. So I was like, stop talking to me while I'm trying to work.

O'Shea Bowens:

And I remember afterwards, I went out for drinks with some of the team members. This was like a week later or something after everything was - we had to report, we went to the full-on stages of IR, I had the report done that was presented to senior management, incident was cleaned up. We had our patches and counter measures in place. But a buddy of mine, while we're having drinks, that was on the team was like, they kind of think you're rude, bro. I was like, what are you talking about? They're like, it just seems like you don't want to talk to people at times. I was like, well, okay, I can understand where you're coming from, cause I know I get into a zone. Once I'm in that zone, I don't want to be interrupted.

O'Shea Bowens:

But yeah, I remember it made me think I need to be a bit more aware how I communicate with people. So now I always take the time. Even normally when I'm sociable, I look everyone in the eye, but now I take the time to look up from the keyboard. I'm conscious and aware that if someone's speaking to me, stop typing. Look up at them. Don't just keep typing away and answer questions. Cause it seems like you're very unconcerned or you can't be bothered. But when you take that time to look up, acknowledge someone and then continue along the lines of communication, you're much better received. But particularly as a leader, at least for me, I want to leave the impression that, okay, I hear you, your opinion is definitely valued, how can I help you? You want to have like that feeling. It'd be like walking into a restaurant and your server is texting while taking your order. You're not paying attention.

Jason Nickola:

Yeah. And especially with your team, it's so important for your team to feel like they can come to you with things. And the more you, even if it's not intentional, the more you make them feel like you're not paying attention or that you have better things to do, it severely diminishes the likelihood that they're going to come to you and keep you informed of the things between just task-based work that are so important when you're leading people and you have some role to play in careers. So I agree that that's super important.

Jason Nickola:

So as you're going through this transition and you're trying to build your career and you're very analytical of not only the outside world, but yourself and trying to work on yourself, talk about the role the culture of a company plays in trying to foster people who are really trying to go that route where it's you know, I'm not trying to stay static. I'm not trying to breeze out of here or anything, but my goal is to grow and I want to grow technically, but I also want to grow in terms of the things that I can do in my career.

Jason Nickola:

Have you been in environments where that wasn't so fostered and have you been in others where maybe they did a better job of it?

O'Shea Bowens:

Yeah. Actually, that's kind of what led me to starting my company. I've had it on both sides, right? I've had it on one side where I think leadership makes the biggest difference, at least in my reality, in my experience, when you have leadership that encompasses something that you're striving for, it makes working so much better. I remember I had one CISO I think he was, if I remember right, he was a former intelligence officer or intelligence analyst at the Air Force and moved more into DFIR, super, super smart person. And really personable. I kinda shaped my leadership after him in reality, but he was super personable and really approachable. And it was really great just hanging out with him and talking with him, right.

O'Shea Bowens:

He was a really cool person. And he had so much knowledge that he could pass out, especially during the investigations, but on the flip side, I've had some managers that made it almost as if you're in this position where they are playing this very unnecessary, but strategic long game of, I can't allow someone to highlight how knowledgeable they are and how good they are because it may overshadow me. It's that type of thing. And it took me a while to notice it, but it was just a very strange occurrence. I specifically remember there was this one particular role where I had the support of pretty much 90% of my technical peers. And they're all pushing me to become a manager. And then I'm told, oh, well, you're not managing material.

O'Shea Bowens:

Even though I'd been a manager and a director before this role, I took this role because I wanted to become stronger and stronger in IR. But it was a very weird thing. It was like, well, is it actually me? Is there some deficiency in my technical capabilities or maybe the way I communicate? And this was well after the point where I realized how I made those mistakes previously with communicating with people. So I didn't think it was that. So it was really one of these things of maybe it's not me, it's them type of situations. Maybe there's something going on with this individual, this particular manager where he's not going to promote anyone that he feels, I guess you could say, they could take his job.

O'Shea Bowens:

Right. Let's just be honest. People do think like this in corporate America and probably corporate Europe, corporate Asia, also -

Jason Nickola:

Corporate Earth.

O'Shea Bowens

Right. That's hilarious, corporate Earth.

Jason Nickola:

I'm gonna put it on a t-shirt.

O'Shea Bowens:

But if they view you as a potential threat down the line, they're less likely to root for you to climb up that ladder. And that was just a very weird occurrence for me. And then around that time, it made me think it may be time to try your own thing out.

Jason Nickola:

Right. So I don't know if it developed into this for you in that specific case, but a lot of times when that kind of thing happens, people start to wonder if it's time to look for the next role, the next company. If you feel like your path has kind of blocked where you are, then go see if there's somewhere else where there's a better path for you. But that, in my experience, just for me, and from things that I've heard of other people is one of the more anxiety-inducing processes that you can go through. Cause it's like a grass is greener kind of thing, but it could always be worse when you get to the next place. It's really hard to gauge that ahead of time. Have you had that kind of a situation where for whatever reason you've gotten to what you assumed was the end of a logical path with a place and you had to put yourself out there and expose yourself a little bit to go find where the next step is?

O'Shea Bowens:

Yeah. And there needs to be more classes on this. This is the interpersonal, extra personal side of communication and cyber. So yeah, I've definitely been in a position before where you hit a wall, right? You're not moving up, you're not moving down, you're not moving ladder, you're kind of just in this position where you can't move at all. And it's nothing against the people you work with. I was working with some pretty cool people at the time, but there was just no growth. The one individual who had the largest amount of knowledge in the areas that I was interested in in security, he had moved on. So he goes out the door, I'm still working with people that I like, but not that many people I can learn from.

O'Shea Bowens:

So now you have to go on that quest of interviewing and something that I remember specifically from this was, and I try to tell this to junior individuals or people I mentor. I was like, when you interview, it's not that you're lucky. You can't take the approach that you're lucky to have the job, a part of it should be they're lucky to have you. And that sounds maybe too egotistical. But I remember, I specifically almost took this job after the job I was leaving, I almost took a role out that was almost like a fear based decision, it was like, well, they offered it, it's a bit more money. I'm not entirely sure what's going to happen at this role. And it's here and it's in front of me right now.

O'Shea Bowens:

So do I just take the role? Yeah. Maybe I don't get to do everything I want to do, but I make a little bit more and they said I can do some things in the future, so I'd be lucky to take the job, you know? And then I questioned myself over that and I passed on the role and about two or three months later, I found something. But something I realized was from that day, going backwards, maybe some of the roles I had taken on were fear based. Cause you're thinking, oh my God, I'm so lucky to get this job, you know? What I've learned from that time period, especially when I interview even now, before consulting engagements or whatnot, before I pick a client I'm going to work with, I try to drill down into what the expectations are.

O'Shea Bowens:

How can I learn from this? And is it a good relationship? When I interview, if I can't hit all three of those, it's probably not the best decision. So yeah, maybe the money is great. But are you going to be able to learn the things that you're interested in, or maybe you can't learn the things you're interested in, but the people you're working with are awesome. So you're kind of in this balancing thing, this balancing game of trying to determine what's the best thing for me to hit all three areas or what am I willing to substitute? And I think when you start playing the substitution side of things, that's when you find yourself in roles where a year or two down the line, you're like, wait, what did I do?

Jason Nickola:

Right. And it, it sounds like it took you a while to develop this perspective and really figure out what your main bullet points are. I want to learn, I want to grow. I want to be with people that I really enjoy and work with technology that I'm really interested in. But earlier on, especially maybe coming out of your first role, people are often just going to take what they can get to get their foot in the door somewhere. But I find that coming out of that, I have two or three years of experience, I'm looking for the next place that doesn't consider the intern that was hired in and to move into the next thing.

Jason Nickola:

There is absolutely that fear-based perspective that you're talking about. And I think it's really valuable advice to say, independent of any individual role plot out what's important to you and then look at everything through that lens. It's scary and it can be difficult to do in the time because these are our lives and we have to pay bills and some of us have families and those kinds of things, but ultimately even if it's a little less money, I think I definitely agree with you if you're making those decisions for the wrong reasons, two or three years in if you're lucky, with six months or three months, if you're not so lucky-

O'Shea Bowens:

Could be 90 days.

Jason Nickola:

Yeah, absolutely. You're going to realize that maybe you're not in the right position. And that does a lot more damage to your confidence going through the process again, then maybe just slow playing it a little bit ahead of time and trying to prioritize the right things.

O'Shea Bowens:

Yeah. Most definitely. And something else that I did learn from interviewing is also if you don't meet the team, there's something up. That happened to me before I interviewed, and I only interviewed the hiring manager and I was like, this is strange. Why am I not speaking to anyone else? And it turns out he was just very disliked among the team. So it was a very weird thing to walk into. But now I know, if you're interviewing ensure that you meet other team members, this goes back into they're lucky to have you too. So it's not just you courting them, it's vice versa.

Jason Nickola:

For sure. So that's in moving from one role to another at companies that other people own and run. Did you have the same kind of dynamic in making the decision to go off and start your own thing?

O'Shea Bowens:

Innocence. So when I began down the thought process of starting Null Hat, I was actually in Sweden at the time - I moved to Boston from Sweden like three years ago. I was in Stockholm and my wife got pregnant and we ended up moving to Boston where she's from. Cause we didn't really know anyone in Sweden anyway. So it wasn't that big of a loss, but I was communicating with a dude that I met there. We became buddies and we were looking to start an MSP out there. And when I thought about those three areas, am I going to grow? Is it a good person to work with? Yes, I can definitely grow and you know, kinda make a decent income from it.

O'Shea Bowens:

Like all three of those are hit. It's just I ended up moving back here. When I say here, I mean back to the US, but when I moved back to the US and I was working in this role for a big pharmaceutical company, lead in IR, that idea never went away about kind of forging your own way, but also ensuring that you can follow up in different areas of work that are just crazy interesting to you. I think that's the one benefit. I'd say consulting in general is you're exposed to so many broad environments and broad technologies that it's hard to get bored. You know what I mean? It's super hard and it's super valuable too. I spent most of my career consulting.

O'Shea Bowens:

And so most of the things I learned kind of ramp me up to move into more advanced roles because I was exposed to so much in a short period of time and you have to learn fast. There's no time to - you don't have someone to hold your hand when you're walking into consultancy engagement. That's not what they're paying you for. They're paying you for your expertise in a very short time period to solve these complex problems. So when I started Null Hat, it was those three things. I envisioned those three markers that I'd like to hit for moving into a different role. And of course it's super scary, but at the same time, it's like, well, what do I actually gain from it? Am I really going to learn more?

O'Shea Bowens:

Am I really going to push myself and challenge? And can I make a little bit of change? Okay, great. And the main reason I wanted to start the company was to build out something for the community where I could help train individuals, especially specifically communities that aren't really represented or underrepresented in tech and people of color and minorities, like I could I find a way to carve out a bit of my time to build out a way to communicate with them and help train and introduce my knowledge base, but can I also make some money? And if I can do both of those then great.

Jason Nickola:

Right. Yeah. For sure.

Jason Nickola:

So one of the things that I've always really respected about you since our paths first crossed is you stay super active in lots of different things, including Twitter, and where you're at lots of events and you're very connected in the community and you're starting your own conference, SkiCon, which is coming up here soon in just a bit. Has that then a hallmark of you throughout your entire professional and technical career? Is it something that you've more started to do, like work on your own personal brand, as you've ventured off into starting your own thing, and what role has becoming a citizen of the larger technical and security community played in your own development?

O'Shea Bowens:

Yeah. I mean, I think a part of it was once I began to travel a bit more, one of the things I did maybe four years ago was really start to ask questions of what's going on outside the US. There's a conference in Prague called QuBit. And I remember I went to QuBit for the first time and I was on a panel there. I was invited by the CEO of LIFARS. It's a digital forensics company in Manhattan. And just being around that many people from Eastern Europe or that part of the world that had totally different perspectives on what security actually is, and also the type of threats that we're facing. I found that fascinating. And around that time I began to - you know, I've been to DEFCON multiple times, but I began to look at other conferences outside of DEFCON.

O'Shea Bowens:

And as I did that, something I noticed specifically was there weren't a lot of people that looked like me that were speaking. So that kind of ignited a fire in regards to the representation side, like how do I get more African Americans speaking? How can I kind of help change that dynamic? And then you add into the fact about two years later, I began thinking about starting Null Hat, and then around this time I started communicating on Twitter with other individuals that are doing awesome work and just seeing what they're up to and sharing stories with them. And when you start to combine all three of those, I think it was a big driver for me. had this conversation with someone last year, I remember.

O'Shea Bowens:

And I was like, I don't envision myself trying to become some quote unquote rock star in the community. I just envisioned myself as being like a resource. Like if someone has a question, they know, hey, O'Shea will try to help me out if I ask this, I'm approachable, but also how do we become a more inclusive community? Cause you know, let's face it, it's not as diverse as it could be. And that's not a dig against anyone or any entity. It's just one of those things that certain communities cyber isn't something that they're introduced to at a younger age. Luckily I was because of the school I went to, but how can I use what I know to reach out to other individuals and bring them into the community, you know?

O'Shea Bowens:

And when you start to kind of combine all these weird facets or these weird times in history, or presently really, it kind of equates to what I'm doing now. So when you're doing all these different things, you're kind of busy, I guess is what I'm saying. You find yourself like, oh, there's a conference going on and I'm not going to that just to speak, I'm going because I know XYZ is going to be there. And I know I really enjoy having conversations with them and maybe I can listen to one of their sessions and then from speaking at conference you're building out your company, so you're networking and you're trying to figure out who else can you work with?

O'Shea Bowens:

I'm a big proponent of it's great to make money, but it's great to make money with people you can make money with again, you know? So it doesn't make sense to me to have an engagement with someone that I truly, truly just don't like. I want to work with people that I can become a resource to that I actually like, that I would hang out with. How can I make that repeatable? And that's where traveling and speaking at conferences, helping organizing things, like you mentioned and thanks for saying that, I'm organizing and founded SkiCon and that's a conference here on February 21st and 22nd. And that's a much smaller conference cause it's the first time we had it, but I just had this idea of, I like to snowboard, there's other people that like to snowboard and ski, why don't we just meet up and hang out on a mountain?

O'Shea Bowens:

We can have a couple of small talks at night. And then during the day, instead of us all sitting in a room at a conference, waiting for coffee breaks to speak to each other, why don't we just take some runs together? And then just hang out and get to know one another and meet some new people. You're physically active, you're hanging out at the top of mountain taking some runs. And you're just hopefully communicating with really chill people and really awesome people. And so I was like, yeah, screw it, I'll make it a conference. You know, let's see how it plays out.

Jason Nickola:

Cool. So somewhere, someone listening to the show is either just starting their career or maybe they've moved past the first couple of years and they're trying to plot out where they want to get to and trying to take some of the steps that you've described here taking in your career in order to get where they want to be. What's some parting words for them just as encouragement as they go through that process?

O'Shea Bowens:

I'd place it in two, I guess I would say buckets, two buckets. One is just stay curious. The minute you find yourself not questioning what you know, is kind of the minute you're not growing, right. If you're not really looking to continue to build out your knowledge landscape or grow and grow and grow, it's maybe time to do a bit of self-reflection. The second one, I guess really three, the second would really be mutual respect. Finding a way to communicate with other individuals, no matter how big or how small, just in a respectful manner, can go such a long way. What I don't like to see in our community is just people that - even from a younger perspective, like I've run across individuals that are fairly young.

O'Shea Bowens:

They're fairly talented, but they're fairly cocky, right? Like ridiculously cocky. So it makes me think, yeah, you're a really talented 23 year old, but you are not the best person to have a conversation with. So I don't see myself working with you and I'd love to help you out more, but you're going to have to work on just the personality aspect. And it's not my place to tell you who or what you should be. But I think in our community, especially when you're coming up, if you have that mutual respect for other individuals, it makes you a bit more approachable, people will be more likely to help you out. But also I think it's almost like - this sounds weird, it's almost like a samurai paying homage, like you meet other individuals that have more knowledge base, like your master, not to say that there's a master, I shouldn't say it like that. But it's almost like you respect the game. You know what I mean? Like you respect the game, you understand it and you want to grow, so you seem like the person that I want to help out, you know? But when you come in with this very cocky attitude, it doesn't seem like an individual that's even open to listening to what I'm saying.

Jason Nickola:

Right.

O'Shea Bowens:

And the third one is just map out what you're truly interested in. I think it's easy - I shouldn't say easy. It's inducing due to some of the salaries in different areas of security and not just security technology in general, of what you could potentially make versus what your passion truly is. I've seen this countless times and individuals that are mostly a bit older than myself, but they've been in these roles where they're making a decent amount of money, but also they kinda want to do something else, but they wouldn't risk the money that they're making to follow a different chart, right. Different chart or different path. And I think when you when you map out what you truly want to do, you don't really hit a wall because that's constantly updating, like when I mentioned the yearly goal, the daily goals, or weekly goals, when you continuously find yourself in a habit of mapping out what your professional life looks like, there's kind of no limit to where you can go.

O'Shea Bowens:

Like cyber is vast. A personal goal of mine is learning ICS this year. And I'm a total newbie with ICS. Cause that's not anything I've really focused upon. But slowly, slowly, every two weeks I'll spend an hour reviewing research papers or just analyzing what other people have published to kind of up my own knowledge and that's the path for 2020, that's one of the paths and one of the goals for 2020 for me, but mapping out what you want to do for the future is immensely helpful with your current decision making and kind of your day to day decision making.

Jason Nickola:

Yeah. I couldn't agree more. I think all of that is great advice. And I think that there'll be some people listening to the show that hearing your story is definitely gonna help him out. So thanks so much for coming on. It's been a blast. I appreciate you chatting with me.

O'Shea Bowens:

Yeah. Thanks for having me.

Jason Nickola:

Thanks so much to all of you for listening to the show and to O'Shea for joining us and sharing his story. It was a ton of fun to spend so much time with him and listen to his thoughts and advice. We'll be back in two weeks for our next episode, please do remember to subscribe to the show at giac.org/podcasts and whichever app you choose in order to get updates about new episodes as soon as they hit the air. Thanks again for listening and we will see you soon.