In part 2 of this special 2-part episode, top cyber
defense practitioner O'Shea Bowens joins our host Jason to continue
their discussion about strategically building a career in infosec. They
discuss key factors in determining the value of training and choosing
the right training course for your desired career path, along with how
to leverage certifications with your employer. They also discuss the
necessary skills for moving into senior roles at work, and how effective
communication plays a critical role in every situation.
O'Shea Bowens is a cybersecurity enthusiast with a decade of
information security experience. He is the founder of Null Hat Security,
which focuses on incident response, SOC training and blue team
engagements. O'Shea has worked and consulted for companies and clients
in the space of federal government, Fortune 500, and international
firms. He specializes in areas of incident response, network and systems
security, security architecture and threat hunting. O'Shea founded Null
Hat Security as he believes a greater focus should be placed on
personal engagements with defenders to fine tune skill sets and
knowledge of threats for best response efforts. O'Shea is also the
founder of SkiCon Conference and the co-founder of "Intrusion Diversity
System," a bi-monthly hosted cyber security podcast.
Recommendations based on this episode:
This is "Trust Me, I'm Certified" brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome.
Welcome back to "Trust Me, I'm Certified." I'm your host, Jason
Nickola, and I'm really excited to bring you part two of our interview
with O'Shea Bowens. In part one, we dug into a lot of O'Shea's
background in how he became interested in cybersecurity. So please do
hop back and check out part one if you haven't given it a listen yet. In
this episode, we will dive right into education and training and the
role they play in preparing you for a career in the real world. So
please enjoy the rest of our interview with the man himself, O'Shea
Okay, so you started to want to pick up these bits and pieces from
across the different aspects of security so that you can really fill out
your skills. And it sounds like contact with people who were experts in
that area, or at least willing to help in that area and had some
skills, played a larger part of it, a very large part of it. What role
would you say that training or certifications play in that, and then
just generally for someone looking to build out their skills, how do
training and certifications fit in?
So I placed it in two buckets, right? So bucket one on the training
side, not all trainings are made equal, so there's some that - I fell
for this before. I remember when I was maybe 22 going on 23, I went to
this CEH class because at the time everyone was telling me that's what I
needed. And I was like, I don't think I need it, but whatever fine.
It's 2008, 2009, something like that. I was like, fine. I'll do it. But I
paid my own money to go to this class. It was - I mean, I could've just
taken the test instead of paying the money and showing up for four
weeks straight because the professor was basically reading from the
book, or the instructor was basically reading from the book. And some of
that stuff, I knew - not to say I knew everything, I didn't - but at
the same time I was like, okay, I'll never do that again because I
didn't go into it really researching what I should expect at the end.
I was going into it expecting to take the cert at the end. If I
would've known what I knew then, I would have just paid for the cert. So
really understand what value you can truly obtain from the
certification. So when I say the second bucket, it's really how can you
leverage the certification? Because I've managed teams and people that
we've sent off for different trainings or we pay for them. We would let
them take vacation for personal development or whatnot. And they come
back and you're like, okay, how can we apply this? You know, a good
example, I remember I worked with one dude and we sent them off, I think
at the time, we'll just say another certification body apparently
focused on DFIR. Okay. And he came back, totally passed the test.
And we had a small, small incident. And I was like, okay, well we'll
say his name is Richard. I was like, all right, Richard just got this
cert, he seems like he wants to step up and lead. Let's give him a shot.
And nothing from this certification really helped besides the report
writing, the report writing was on par. But from the technical
perspective, it was almost as if he didn't go. And I was like, well,
what did you do when you were there? And he goes, you know, went to
class for a week and a half or so, and then, you know, did some
exercises. And then he took the cert, but he couldn't apply it to work.
That was where the gap was. So when I say that second bucket right
around, is it applicable in your development for work?
Can you actually use it? And if you can answer yes to both of those
then yes, you should totally go for it. Like go get a certification,
especially if your company is going to pay for it. Jump on that ASAP.
So have you had other experiences where you have been able to find
training that has been applicable or would you really recommend trying
to build up your skills ahead of time before you go to some kind of a
training to fill things in?
No, for me SEC504 was like super helpful. I mean, I know it's a
SANS/GIAC course - that's not like a plug that was intentional, but
that's just -
I didn't tell O'Shea to say that, he said it on his own.
But I remember actually it was when I was looking to move more into
an IR role, I took 504 and there was this dude I was working with that
was super great from a digital forensics perspective, but I'd worked
with him for a year or so.
So I picked up bits and pieces from him. And then I took 504 and then
I felt a lot more comfortable applying for that next tier type of role.
That was when I started, I began to apply for a senior level role. So I
wasn't necessarily only focused on Layer 3 security or from an
intrusion analysis perspective, just networking. But what I began to
focus upon was, well, how do I build out more like a SIEM or IDS from an
architectural perspective to a tune into a management? And then how can
I begin a sprinkling in a bit of malware analysis? Luckily, this was a
while back, but 504 touched on all of those areas. And this goes back to
saying just that first bit of exposure, and then you start hammering
down on your own.
But for me taking 504, passing that, then really going back and forth
to the books - I still used those 504 books for dang near three years,
honestly. I still don't throw away my books, but I kept going back and
just rereading some things. Or I'd look at a particular segment,
especially I remember for volatility when I was first introduced to
that. I dove deep into the books and then I began to, again, throw it
into my lab. Throw some samples at it, start taking snapshots and then
start analyzing this, right. And starting to analyze the memory. And
that was extremely helpful for me to move into a senior level role. I
remember vividly how helpful it was because there's different areas I
could speak to and then I can have the cert to back it up.
Right. Yeah. So not only the practical skill of being able to
actually do those things, but you shouldn't get a certification just to
have something down on paper, but when you are trying to move into a new
role and you're trying to demonstrate, hey, I'm willing to put some of
the time in and the effort and attention that's required to do some of
these things that you need me to do for this kind of role. Well, here's
proof that I've been able to do that. So for me, I'm a knowledge hound.
I'm just going to keep trying to learn as much as I can. But also the
validation at the end of it, like, yeah, I actually did get something
out of that, and I can prove it to other people has been really valuable
in pushing myself to go to the next step. So when you talked about
moving beyond kind of an individual contributor and a tactical component
to being more strategic and management and that kind of thing. Did
those kinds of things play a large role in feeling like you were ready
to push yourself into that next step? Or were there other things that
maybe held you back that you had to overcome? And what was that process
like for you?
Yeah. So one of the something that happened to me, at least in two
different roles where essentially, you know, this isn't to harp on
anyone, but it was really one of those situations where the individual
that served as the manager wasn't as helpful as you would think they
would be in a leadership position from a technical chops perspective. So
you would ask questions and the response would be yeah, I'm not sure, I
used to be technical. Oh, I don't really keep up with it anymore. It
was like, dude, why am I listening to you then? I just remember when
that happened to me, at least twice, and that kind of drove me to be in
this - it put this seed in my head, like I don't ever want to be in a
leadership position and someone asks me something and I say, oh, I'm not
Oh, I don't really keep up with it. That was one of the things that
still kind of drives me to this day, even from like a mentoring or from a
team lead perspective or running my own shop. I don't want to be - if I
don't know, I don't know, but I don't want it present it as oh, I don't
know, I'm just here for the check, you know, I dunno, you guys figure
Right. So in moving from someone who is an individual contributor to
wanting to have more effect on people and strategy and processes and
those kinds of things, were there - there are definitely technical
challenges, right, because what you're describing is your urge to want
to master the details so that you're never in that kind of a position,
but were there other challenges for you? Like as I think of it, maybe
things like remaining a member of the team and your interpersonal
relationships and some of the other byproducts of being driven and
trying to get ahead in those kinds of things. How did that process go
for you as you started to transition outside of just being a tactical
kind of resource?
I think, and I know, one of the big areas for me was really diving
deeper into how I communicate. Like I have no problem speaking with
people. I'm a fairly sociable person. But hat kind of takes a back seat
sometimes at work, because I'm there to solve a problem while I'm there
to actually work. So at times I can be a bit, I guess, short with people
at work, earlier. I'm very aware of it now, but you know, five or six
years ago, it really wasn't the case. So it came off as, you know, maybe
O'Shea is rude. O'Shea doesn't have much patience, which even with the
patience I'm still working on that daily. My wife will tell you that,
but I had to really take inventory of how I communicate and what in my
presence, how did my presence affect the team from overall performance
perspective, but also from inclusivity, right?
Like if you are the person that everyone feels is rude, or maybe
you're short with an individual, no matter how talented or smart you
are, people aren't going to want to work with you. That's just the truth
of it, right. And so then I realized, I particularly had a case at one
point. I remember there was an event we were investigating and if I
recall correctly I was analyzing some PowerShell. And just trying to
walk through what the calls were actually touching, looking at a couple
of the IPs, they're a part of this campaign. And I was very drilled into
it. And I guess a couple of people were asking me questions and I was
like, dude, just DM me. So I was like, stop talking to me while I'm
trying to work.
And I remember afterwards, I went out for drinks with some of the
team members. This was like a week later or something after everything
was - we had to report, we went to the full-on stages of IR, I had the
report done that was presented to senior management, incident was
cleaned up. We had our patches and counter measures in place. But a
buddy of mine, while we're having drinks, that was on the team was like,
they kind of think you're rude, bro. I was like, what are you talking
about? They're like, it just seems like you don't want to talk to people
at times. I was like, well, okay, I can understand where you're coming
from, cause I know I get into a zone. Once I'm in that zone, I don't
want to be interrupted.
But yeah, I remember it made me think I need to be a bit more aware
how I communicate with people. So now I always take the time. Even
normally when I'm sociable, I look everyone in the eye, but now I take
the time to look up from the keyboard. I'm conscious and aware that if
someone's speaking to me, stop typing. Look up at them. Don't just keep
typing away and answer questions. Cause it seems like you're very
unconcerned or you can't be bothered. But when you take that time to
look up, acknowledge someone and then continue along the lines of
communication, you're much better received. But particularly as a
leader, at least for me, I want to leave the impression that, okay, I
hear you, your opinion is definitely valued, how can I help you? You
want to have like that feeling. It'd be like walking into a restaurant
and your server is texting while taking your order. You're not paying
Yeah. And especially with your team, it's so important for your team
to feel like they can come to you with things. And the more you, even if
it's not intentional, the more you make them feel like you're not
paying attention or that you have better things to do, it severely
diminishes the likelihood that they're going to come to you and keep you
informed of the things between just task-based work that are so
important when you're leading people and you have some role to play in
careers. So I agree that that's super important.
So as you're going through this transition and you're trying to build
your career and you're very analytical of not only the outside world,
but yourself and trying to work on yourself, talk about the role the
culture of a company plays in trying to foster people who are really
trying to go that route where it's you know, I'm not trying to stay
static. I'm not trying to breeze out of here or anything, but my goal is
to grow and I want to grow technically, but I also want to grow in
terms of the things that I can do in my career.
Have you been in environments where that wasn't so fostered and have you been in others where maybe they did a better job of it?
Yeah. Actually, that's kind of what led me to starting my company.
I've had it on both sides, right? I've had it on one side where I think
leadership makes the biggest difference, at least in my reality, in my
experience, when you have leadership that encompasses something that
you're striving for, it makes working so much better. I remember I had
one CISO I think he was, if I remember right, he was a former
intelligence officer or intelligence analyst at the Air Force and moved
more into DFIR, super, super smart person. And really personable. I
kinda shaped my leadership after him in reality, but he was super
personable and really approachable. And it was really great just hanging
out with him and talking with him, right.
He was a really cool person. And he had so much knowledge that he
could pass out, especially during the investigations, but on the flip
side, I've had some managers that made it almost as if you're in this
position where they are playing this very unnecessary, but strategic
long game of, I can't allow someone to highlight how knowledgeable they
are and how good they are because it may overshadow me. It's that type
of thing. And it took me a while to notice it, but it was just a very
strange occurrence. I specifically remember there was this one
particular role where I had the support of pretty much 90% of my
technical peers. And they're all pushing me to become a manager. And
then I'm told, oh, well, you're not managing material.
Even though I'd been a manager and a director before this role, I
took this role because I wanted to become stronger and stronger in IR.
But it was a very weird thing. It was like, well, is it actually me? Is
there some deficiency in my technical capabilities or maybe the way I
communicate? And this was well after the point where I realized how I
made those mistakes previously with communicating with people. So I
didn't think it was that. So it was really one of these things of maybe
it's not me, it's them type of situations. Maybe there's something going
on with this individual, this particular manager where he's not going
to promote anyone that he feels, I guess you could say, they could take
Right. Let's just be honest. People do think like this in corporate
America and probably corporate Europe, corporate Asia, also -
Right. That's hilarious, corporate Earth.
I'm gonna put it on a t-shirt.
But if they view you as a potential threat down the line, they're
less likely to root for you to climb up that ladder. And that was just a
very weird occurrence for me. And then around that time, it made me
think it may be time to try your own thing out.
Right. So I don't know if it developed into this for you in that
specific case, but a lot of times when that kind of thing happens,
people start to wonder if it's time to look for the next role, the next
company. If you feel like your path has kind of blocked where you are,
then go see if there's somewhere else where there's a better path for
you. But that, in my experience, just for me, and from things that I've
heard of other people is one of the more anxiety-inducing processes that
you can go through. Cause it's like a grass is greener kind of thing,
but it could always be worse when you get to the next place. It's really
hard to gauge that ahead of time. Have you had that kind of a situation
where for whatever reason you've gotten to what you assumed was the end
of a logical path with a place and you had to put yourself out there
and expose yourself a little bit to go find where the next step is?
Yeah. And there needs to be more classes on this. This is the
interpersonal, extra personal side of communication and cyber. So yeah,
I've definitely been in a position before where you hit a wall, right?
You're not moving up, you're not moving down, you're not moving ladder,
you're kind of just in this position where you can't move at all. And
it's nothing against the people you work with. I was working with some
pretty cool people at the time, but there was just no growth. The one
individual who had the largest amount of knowledge in the areas that I
was interested in in security, he had moved on. So he goes out the door,
I'm still working with people that I like, but not that many people I
can learn from.
So now you have to go on that quest of interviewing and something
that I remember specifically from this was, and I try to tell this to
junior individuals or people I mentor. I was like, when you interview,
it's not that you're lucky. You can't take the approach that you're
lucky to have the job, a part of it should be they're lucky to have you.
And that sounds maybe too egotistical. But I remember, I specifically
almost took this job after the job I was leaving, I almost took a role
out that was almost like a fear based decision, it was like, well, they
offered it, it's a bit more money. I'm not entirely sure what's going to
happen at this role. And it's here and it's in front of me right now.
So do I just take the role? Yeah. Maybe I don't get to do everything I
want to do, but I make a little bit more and they said I can do some
things in the future, so I'd be lucky to take the job, you know? And
then I questioned myself over that and I passed on the role and about
two or three months later, I found something. But something I realized
was from that day, going backwards, maybe some of the roles I had taken
on were fear based. Cause you're thinking, oh my God, I'm so lucky to
get this job, you know? What I've learned from that time period,
especially when I interview even now, before consulting engagements or
whatnot, before I pick a client I'm going to work with, I try to drill
down into what the expectations are.
How can I learn from this? And is it a good relationship? When I
interview, if I can't hit all three of those, it's probably not the best
decision. So yeah, maybe the money is great. But are you going to be
able to learn the things that you're interested in, or maybe you can't
learn the things you're interested in, but the people you're working
with are awesome. So you're kind of in this balancing thing, this
balancing game of trying to determine what's the best thing for me to
hit all three areas or what am I willing to substitute? And I think when
you start playing the substitution side of things, that's when you find
yourself in roles where a year or two down the line, you're like, wait,
what did I do?
Right. And it, it sounds like it took you a while to develop this
perspective and really figure out what your main bullet points are. I
want to learn, I want to grow. I want to be with people that I really
enjoy and work with technology that I'm really interested in. But
earlier on, especially maybe coming out of your first role, people are
often just going to take what they can get to get their foot in the door
somewhere. But I find that coming out of that, I have two or three
years of experience, I'm looking for the next place that doesn't
consider the intern that was hired in and to move into the next thing.
There is absolutely that fear-based perspective that you're talking
about. And I think it's really valuable advice to say, independent of
any individual role plot out what's important to you and then look at
everything through that lens. It's scary and it can be difficult to do
in the time because these are our lives and we have to pay bills and
some of us have families and those kinds of things, but ultimately even
if it's a little less money, I think I definitely agree with you if
you're making those decisions for the wrong reasons, two or three years
in if you're lucky, with six months or three months, if you're not so
Could be 90 days.
Yeah, absolutely. You're going to realize that maybe you're not in
the right position. And that does a lot more damage to your confidence
going through the process again, then maybe just slow playing it a
little bit ahead of time and trying to prioritize the right things.
Yeah. Most definitely. And something else that I did learn from
interviewing is also if you don't meet the team, there's something up.
That happened to me before I interviewed, and I only interviewed the
hiring manager and I was like, this is strange. Why am I not speaking to
anyone else? And it turns out he was just very disliked among the team.
So it was a very weird thing to walk into. But now I know, if you're
interviewing ensure that you meet other team members, this goes back
into they're lucky to have you too. So it's not just you courting them,
it's vice versa.
For sure. So that's in moving from one role to another at companies
that other people own and run. Did you have the same kind of dynamic in
making the decision to go off and start your own thing?
Innocence. So when I began down the thought process of starting Null
Hat, I was actually in Sweden at the time - I moved to Boston from
Sweden like three years ago. I was in Stockholm and my wife got pregnant
and we ended up moving to Boston where she's from. Cause we didn't
really know anyone in Sweden anyway. So it wasn't that big of a loss,
but I was communicating with a dude that I met there. We became buddies
and we were looking to start an MSP out there. And when I thought about
those three areas, am I going to grow? Is it a good person to work with?
Yes, I can definitely grow and you know, kinda make a decent income
Like all three of those are hit. It's just I ended up moving back
here. When I say here, I mean back to the US, but when I moved back to
the US and I was working in this role for a big pharmaceutical company,
lead in IR, that idea never went away about kind of forging your own
way, but also ensuring that you can follow up in different areas of work
that are just crazy interesting to you. I think that's the one benefit.
I'd say consulting in general is you're exposed to so many broad
environments and broad technologies that it's hard to get bored. You
know what I mean? It's super hard and it's super valuable too. I spent
most of my career consulting.
And so most of the things I learned kind of ramp me up to move into
more advanced roles because I was exposed to so much in a short period
of time and you have to learn fast. There's no time to - you don't have
someone to hold your hand when you're walking into consultancy
engagement. That's not what they're paying you for. They're paying you
for your expertise in a very short time period to solve these complex
problems. So when I started Null Hat, it was those three things. I
envisioned those three markers that I'd like to hit for moving into a
different role. And of course it's super scary, but at the same time,
it's like, well, what do I actually gain from it? Am I really going to
Am I really going to push myself and challenge? And can I make a
little bit of change? Okay, great. And the main reason I wanted to start
the company was to build out something for the community where I could
help train individuals, especially specifically communities that aren't
really represented or underrepresented in tech and people of color and
minorities, like I could I find a way to carve out a bit of my time to
build out a way to communicate with them and help train and introduce my
knowledge base, but can I also make some money? And if I can do both of
those then great.
Right. Yeah. For sure.
So one of the things that I've always really respected about you
since our paths first crossed is you stay super active in lots of
different things, including Twitter, and where you're at lots of events
and you're very connected in the community and you're starting your own
conference, SkiCon, which is coming up here soon in just a bit. Has that
then a hallmark of you throughout your entire professional and
technical career? Is it something that you've more started to do, like
work on your own personal brand, as you've ventured off into starting
your own thing, and what role has becoming a citizen of the larger
technical and security community played in your own development?
Yeah. I mean, I think a part of it was once I began to travel a bit
more, one of the things I did maybe four years ago was really start to
ask questions of what's going on outside the US. There's a conference in
Prague called QuBit. And I remember I went to QuBit for the first time
and I was on a panel there. I was invited by the CEO of LIFARS. It's a
digital forensics company in Manhattan. And just being around that many
people from Eastern Europe or that part of the world that had totally
different perspectives on what security actually is, and also the type
of threats that we're facing. I found that fascinating. And around that
time I began to - you know, I've been to DEFCON multiple times, but I
began to look at other conferences outside of DEFCON.
And as I did that, something I noticed specifically was there weren't
a lot of people that looked like me that were speaking. So that kind of
ignited a fire in regards to the representation side, like how do I get
more African Americans speaking? How can I kind of help change that
dynamic? And then you add into the fact about two years later, I began
thinking about starting Null Hat, and then around this time I started
communicating on Twitter with other individuals that are doing awesome
work and just seeing what they're up to and sharing stories with them.
And when you start to combine all three of those, I think it was a big
driver for me. had this conversation with someone last year, I remember.
And I was like, I don't envision myself trying to become some quote
unquote rock star in the community. I just envisioned myself as being
like a resource. Like if someone has a question, they know, hey, O'Shea
will try to help me out if I ask this, I'm approachable, but also how do
we become a more inclusive community? Cause you know, let's face it,
it's not as diverse as it could be. And that's not a dig against anyone
or any entity. It's just one of those things that certain communities
cyber isn't something that they're introduced to at a younger age.
Luckily I was because of the school I went to, but how can I use what I
know to reach out to other individuals and bring them into the
community, you know?
And when you start to kind of combine all these weird facets or these
weird times in history, or presently really, it kind of equates to what
I'm doing now. So when you're doing all these different things, you're
kind of busy, I guess is what I'm saying. You find yourself like, oh,
there's a conference going on and I'm not going to that just to speak,
I'm going because I know XYZ is going to be there. And I know I really
enjoy having conversations with them and maybe I can listen to one of
their sessions and then from speaking at conference you're building out
your company, so you're networking and you're trying to figure out who
else can you work with?
I'm a big proponent of it's great to make money, but it's great to
make money with people you can make money with again, you know? So it
doesn't make sense to me to have an engagement with someone that I
truly, truly just don't like. I want to work with people that I can
become a resource to that I actually like, that I would hang out with.
How can I make that repeatable? And that's where traveling and speaking
at conferences, helping organizing things, like you mentioned and thanks
for saying that, I'm organizing and founded SkiCon and that's a
conference here on February 21st and 22nd. And that's a much smaller
conference cause it's the first time we had it, but I just had this idea
of, I like to snowboard, there's other people that like to snowboard
and ski, why don't we just meet up and hang out on a mountain?
We can have a couple of small talks at night. And then during the
day, instead of us all sitting in a room at a conference, waiting for
coffee breaks to speak to each other, why don't we just take some runs
together? And then just hang out and get to know one another and meet
some new people. You're physically active, you're hanging out at the top
of mountain taking some runs. And you're just hopefully communicating
with really chill people and really awesome people. And so I was like,
yeah, screw it, I'll make it a conference. You know, let's see how it
Cool. So somewhere, someone listening to the show is either just
starting their career or maybe they've moved past the first couple of
years and they're trying to plot out where they want to get to and
trying to take some of the steps that you've described here taking in
your career in order to get where they want to be. What's some parting
words for them just as encouragement as they go through that process?
I'd place it in two, I guess I would say buckets, two buckets. One is
just stay curious. The minute you find yourself not questioning what
you know, is kind of the minute you're not growing, right. If you're not
really looking to continue to build out your knowledge landscape or
grow and grow and grow, it's maybe time to do a bit of self-reflection.
The second one, I guess really three, the second would really be mutual
respect. Finding a way to communicate with other individuals, no matter
how big or how small, just in a respectful manner, can go such a long
way. What I don't like to see in our community is just people that -
even from a younger perspective, like I've run across individuals that
are fairly young.
They're fairly talented, but they're fairly cocky, right? Like
ridiculously cocky. So it makes me think, yeah, you're a really talented
23 year old, but you are not the best person to have a conversation
with. So I don't see myself working with you and I'd love to help you
out more, but you're going to have to work on just the personality
aspect. And it's not my place to tell you who or what you should be. But
I think in our community, especially when you're coming up, if you have
that mutual respect for other individuals, it makes you a bit more
approachable, people will be more likely to help you out. But also I
think it's almost like - this sounds weird, it's almost like a samurai
paying homage, like you meet other individuals that have more knowledge
base, like your master, not to say that there's a master, I shouldn't
say it like that. But it's almost like you respect the game. You know
what I mean? Like you respect the game, you understand it and you want
to grow, so you seem like the person that I want to help out, you know?
But when you come in with this very cocky attitude, it doesn't seem like
an individual that's even open to listening to what I'm saying.
And the third one is just map out what you're truly interested in. I
think it's easy - I shouldn't say easy. It's inducing due to some of the
salaries in different areas of security and not just security
technology in general, of what you could potentially make versus what
your passion truly is. I've seen this countless times and individuals
that are mostly a bit older than myself, but they've been in these roles
where they're making a decent amount of money, but also they kinda
want to do something else, but they wouldn't risk the money that they're
making to follow a different chart, right. Different chart or different
path. And I think when you when you map out what you truly want to do,
you don't really hit a wall because that's constantly updating, like
when I mentioned the yearly goal, the daily goals, or weekly goals, when
you continuously find yourself in a habit of mapping out what your
professional life looks like, there's kind of no limit to where you can
Like cyber is vast. A personal goal of mine is learning ICS this
year. And I'm a total newbie with ICS. Cause that's not anything I've
really focused upon. But slowly, slowly, every two weeks I'll spend an
hour reviewing research papers or just analyzing what other people have
published to kind of up my own knowledge and that's the path for 2020,
that's one of the paths and one of the goals for 2020 for me, but
mapping out what you want to do for the future is immensely helpful with
your current decision making and kind of your day to day decision
Yeah. I couldn't agree more. I think all of that is great advice. And
I think that there'll be some people listening to the show that hearing
your story is definitely gonna help him out. So thanks so much for
coming on. It's been a blast. I appreciate you chatting with me.
Yeah. Thanks for having me.
Thanks so much to all of you for listening to the show and to O'Shea
for joining us and sharing his story. It was a ton of fun to spend so
much time with him and listen to his thoughts and advice. We'll be back
in two weeks for our next episode, please do remember to subscribe to
the show at giac.org/podcasts and whichever app you choose in order to
get updates about new episodes as soon as they hit the air. Thanks again
for listening and we will see you soon.