THIS 26 yr old Snapchat Security Engineer reveals how Internships impacted her Cybersecurity Career

I thought we should enforce and reinforce a proactive, then reactive, measurement in cybersecurity. You should always be thinking about it because, like I mentioned, data is our biggest asset. If someone steals your data like, they can find everything out about you. People often think that IM is essentially like a security bullet for all security challenges and like all security concerns that you have at your company, and it's not. Im is an essential component for a robust security strategy, but it's not a standalone solution to address all the security concerns on an organization. I think sometimes another misconception is you don't have to be in the basement of your mom's hoodie and like negative degree weather, eating pizza, drinking Coke at 3 am, coding with like sweatpants on. It's just not that lifestyle. There's so much like fluidity. There's so many opportunities. There's so many different paths that you can take. So I think that people should also understand that idea from I don't know, maybe 20, 30 years ago. It's just like not the same.

So from my conversation earlier I'll take it that you are a Nuggets fan.

I'm actually not a Nuggets fan, i'm a Lakers fan, but unfortunately they beat the Lakers, so I'm rooting with them this season.

Well, i'm not a basketball fan, i am a fan of players. So I'm a Chris Paul fan. So I was a Suns fan. But now I'm not a Suns fan, no more, because they let him go and he may come to the Lakers, so I'll just be a Lakers fan. I don't care if anybody calls me bandwagon, because I've said for years like he's just been my favorite player. I've like every team he's been on, i got the jerseys and everything. So I'm just a Chris Paul fan.

On that note, i'm a players fan as well, and Koby was my favorite player. I actually played basketball in high school and I was number 24. They're out my high school basketball experience for Koby, because I was trying to be like him. never got to the point where I was a fraction of what he could ever be like, but I was super inspired by Koby. So rest in peace to the great.

Side note you actually have a broadcasting voice.

Really Wow.

Do you, being on one of those shows, like you know, the jump or something like that with Yasmin Abdi and giving your takes? I can see that.

Good to know. I feel like I mean, I've done a lot of like public speaking, So maybe that's that's it, but I love speaking, So maybe I should just do more of these.

Yeah, i think that's where it comes from. Like I was surprised when people told me about oh yeah, like how you say I'm gonna talk, and I was like okay, i didn't know it. So I think that's one of the easier things. That's made doing this podcast pretty special. But, guys, welcome back to episode 92 of the Tiktok Talk podcast. I'm your host, hd. I'm a cybersecurity professional, youtuber, content creator, cybersecurity career coach and much, much more. And today we have our lovely guest, none other than the, none other than the miss Yasmin Abdi. She's a beast. Like her LinkedIn has like so much stuff on it. Like it's one of the one of the first, one of the first guests I've had in a while where I could literally go through that LinkedIn and kind of just create questions, just because she has so much stuff there for me to pull from. I don't know if you saw when I was doing the stuff for the questions, i literally was just going to your experience and he said, okay, boom, i'm gonna make a point right here, right here, right here, right here, and then we'll just be able to draw it all together. So that's pretty cool. So let's go ahead and give her a round of applause, please. So how you doing today.

I'm doing well. It's a end of the week, so excited to well. That actually doesn't even matter because I don't have work-life balance per se, so my weekends and my week's kind of virgin, but when it's Thursday or Friday I get a little bit more excited to be compressed on Saturdays, even though I still work and study and stuff. So but yeah, i'm feeling good. Excited it's June, so excited for the summer, excited for all the amazing things that are gonna happen in the next couple of months. So yeah, i'm feeling good. How are you feeling?

I'm feeling good And fun that you said something about work-life balance. That actually gave me a video idea like work-life balance is a myth. Because I do think it's a myth, because if you wanna be good or be exceptional in your career and your life, then you really are always working on something. And it's pretty hard if you have a family and you're trying to do all these other things, but then they want your time too. It's so hard, especially in our line of work, because stuff is always changing. I mean it's interesting, so it's always that pro and the con that I tell people about when it comes to getting to cybersecurity. And I'm glad it's the summertime too. More well, i haven't did a Sunday fund day in a while, but I definitely gotta do a Sunday fund day And, like the girls say, we're outside, so I guess you can be outside this summer.

Yeah, i was listening to a podcast or something recently that said, i think, ever since the pandemic, 50% of people notice that they're actually working more and they don't have that work-life balance. So I think, yeah, we should definitely try to do some sort of separation, even if you are still working remote and from your house, do some type of ritual where it signifies, like after five or 6 pm, that you're done with work And this is the start of your own time, pouring back into yourself and giving that time to yourself. I don't do that, but I'm trying to get into something like that. So, for everyone who's listening, please make sure that you take time for yourself, because it's super important, especially with burnout rates becoming super high these days.

And tell me about it. For me, mostly I'm done with work while working swing shifts. So I'm done with work about like 10 at night And my work phone stays in this office Like it doesn't really travel with me unless I need to go make a run while I'm working. So I put that there. But then I have you know, content creation, doing resumes. There's some training that I'm doing with like the sub security, like courses and stuff like that, So there's like all these different things. Fit them in, you know, then try to go hang with my girls and do all this other stuff. It's definitely hard, but I mean, at the end of the day it gets easier. Once you kind of master everything, Once I become stop being like an army of one man and I have a team, I think it's gonna get like easy. But I love about that Cause we definitely could talk about that probably for a whole episode. That actually could have been a live stream. Could you go ahead and introduce yourself for our listeners?

Yeah, absolutely Well, my name is Yasmin Abdi. I'm currently a security engineering leader At Snap. I manage some of our engineering projects and programs and, yeah, I've been at Snap for three and a half years. Prior to Snap, I worked at Google and Instagram And I also went to the University of Maryland where I studied computer science with the specialization and the focus in cyber, And I also minored in business with the focus in technology, entrepreneurship and innovation. That's all the career fun stuff that you can find on my LinkedIn. Outside of all that good stuff I love I'm a community girl. I love giving back. I love helping people. One of the things I find very close and near and dear to my soul these days is helping teach young kids young black and brown kids about computer science and the different opportunities and really just allowing them to understand that they can be in these positions as well. I know that there's been a lot of talk around diversity and inclusion and all these companies are trying to promote that these days, So really trying to make sure that they are doing that by allowing the funnel and the channel for people from less fortunate backgrounds can have opportunities like them. So spent a lot of my time doing community service events like that. Yeah, I mean, outside of that, I love working out. I've been very much into solid core and Pilates. These days I feel like it's become like a trend and I unfortunately jumped on that trend. It's been so much fun And, yeah, I think it's pretty much, I guess, the summary of me.

Cool. Yeah, i've been seeing young Pilates on. I want to ask you so are you from Maryland?

From Northern Virginia. So I grew up my childhood in Northern Virginia and then went to Maryland and then lived in. The funny thing about Maryland Virginia DC is they're all so next to each other So you can drive to DC and Maryland Virginia within like 20 minutes. So I just people say, are you from Maryland? I don't even get mad anymore because it's all the same.

So could you tell us, i guess, how does your quest to getting the cyber start? Did it start in high school, college, like what made you want to go into cybersecurity? And I also know, since you've been from like East Coast, that education is different. There. You guys are more progressive and farther ahead than us in the South, where you guys actually were talking about stem things and having things. Maybe I don't know if they were talking about cyber when you were in school, but they definitely had a little bit more programs or incentives to show you these different things. Get some certifications while you're younger. So how did you end up getting into, like before going to school majoring and like doing something with cybersecurity? how did you figure out that that's what you were interested in?

Yeah, that's a great question. So I always knew that I was interested within something around crime law. I actually, taking a step back, was going to be a criminal judge or something within criminal justice before becoming like a cybersecurity whiz or expert. I think for me, like cybersecurity has always been about how can we prevent the bad guys, how can we stop attacks, how can we stop malicious activity from happening. So crime has been something that I've always been super interested in watched a lot of law and order and things of that sort growing up, but didn't really want to be reading and writing all day long. So I remember like in high school I took my first Java class and I learned about like the Computer Science Foundation and fundamentals, then got really interested in it And then I think it was sometime over that summer that I hacked into, with permission, my some of my family members' email accounts and iPhone accounts and iClouds and things of that sort. So for me, i think, having that experience that summer being able to successfully this was back when like jailbreaking was like a thing and like people could jailbreak way easier than they can now, but back that was 2014. Really, really enjoyed that experience And it was upon a time that I was going to college and my dad was like, hey, like you should really like look into cybersecurity, you're going to have job security. So I really thank my dad for allowing me to continue pursuing that career choice. It was a natural interest for me, like I said in high school and being able to successfully break into things and just being super interested in how to stop the bad guys and with like crime becoming more and more like regular, to commit it online than in person, like with the dark web and stealing identities and credit cards and all these black hackers. I've always had that passion to stop bad people from doing bad things. So I think it just was like a natural fit for me going to school and going to continue to pursue that.

That's dope. That's dope. I actually want to talk to you about real briefly, like how did you end up hacking their stuff with permission Cause for me in high school? I talk about how I thought about why I want to get into cyber and I go back to. I go back to senior year. I social engineered one of my friends. I saw her email address and then I saw her typing like the last part of her password. No, no, actually I saw her typing the last part of her password and then I asked her what her email address was And I pretty much got into her email and then I logged oh, no, no, it wasn't her email. I think it was her Facebook. Yeah, I was in her Facebook and I was on. I was on there making statuses and stuff in the next day. It was like now, while you on treasure's Facebook making all these different statuses about who should I take the homecoming and stuff like that, And I had forgot about that. But I think that was one of the ways where I did figure out Okay, cool, This is cool. Like I grew up watching Kim possible Any show where you had the dude that was just sitting down and he was really the, really the got the brains behind everything I grew up watching like auto shows and they're pretty cool. How about you with the hacking in the jailbreak? How does that work for you?

Yeah, um, i think for me, passwords were easier to Guess back then, i think a lot of time, since it was my family, a lot of their passwords were things like I don't know if I should be saying this online, but Things that you could just assume about a person. So, along the same lines of social engineering, like What is your pet dogs name? Like where did you go to high school? A lot of things that people post online on Facebook, on social media, that they don't understand that people can use as their. Second question, third question and if you call AT&T I know they ask you Oh, like what is your? something like one of those questions, and then you could do sim swapping and then you can get their swim and then you can get your two-factor authentication code. So I feel like for me, like it just was a lot easier back then and With Apple has just gotten super, super, super secure over the past couple years. But like hacking into iClouds was a Rather easier, easier task back then than it is now. So shout out to Apple and shout out to the security team for being super robust.

Tell me about it. I know when you were talking about the password things I just thought about like treasures was like her little sister's name, so it was super easy. Oh, her little sister's name is Liberty.

They're like animals names, like I'm noticing, yeah it's, it's, it's a.

That's why I recommend people at least to use a password manager. At least it'll help them out, as long as they remember the main password and don't give anyone that. That's a better way, like for me. That's why I hate now It's like everything needs a password, so it's impossible to remember these passwords and always make them unique without using some sort of technology And about think we could touch on that a little later. So now I want to touch on. Okay, so you go to University of Maryland and What made you want to pick their computer science program, like for me? I know I picked CIS because I felt like computer science, even though it's a more alluring title. I didn't like that. Some of the professors that I possibly couldn't understand there's teaching and I didn't want to go through that And I felt like it was more engineering focused and I wanted to learn about computers But also learn the soft skills that you need in business in order to be able to move around and work with a lot of people. Because I know that some people with some of those engineering backgrounds didn't have the best people skills And now some of the things that you know had them limited when it came to their career. So what was it about? Maybe and I asked you this too, because I'm big on this I just did an episode this past week about why college can be beneficial for your career. So what was it about that program and that's curriculum that really stuck out to you. That's like if I do this, i'm gonna be great.

Yeah, i think for me the reason I chose computer science was because I wanted to be challenged. I wanted to work in an industry where I could be a continuous student. I think learning is the best way to Just grow as a person and grow your mind and I knew that with emerging technology and every day the Computer science and especially the cybersecurity landscape is changing, i knew that that was a field that I wouldn't get bored of. Like a lot of people have Jobs where it's rinse and repeat go to the job, you do the same thing every single day and for some that works. But for me I noticed that I wanted to really be challenged and stimulate my mind every day. So that's kind of why one of the main reasons I chose Computer science I knew that back then, with all industries Becoming digital first, data data first, i knew that that was a field that would always be growing and, you know, kind of be the forefront. I don't know anyone that doesn't use their phone or Computer to do things these days. So just knowing that there's always gonna be job security there was another like reassuring aspect of my decision-making. And I think, lastly, like being able to build things, like having an idea and being able to build a solution for that idea or problem. I know a lot of Tasks these days are automated and it's so cool that we are able to build solutions to problems that we have With with the ability of computers and computer science and engineering. So I think those are probably the three main reasons. And then to your second point I do agree that sometimes people That are the better, the best software engineers or computer scientists, don't have the people skills. And I think for me Maryland really did give me the best of both. I did a lot of executive board positions and undergrads So I was always leading, i was always customer first, i was always like speaking to stakeholders and clients and stuff like that. So I think for me, being the person that I am, i'm naturally outspoken, i'm naturally the first person to raise my hand in the class, i'm naturally the person to Come up with ideas and things like that. So I and Maryland had a lot of like black and engineering groups and like women in computer science groups and things that we had Opportunities to get those soft skills, get those communication, that leadership, those opportunities. I actually started the first all women's organization at University of Maryland when I was an undergrad It was called That was so cute That it was it's called ladies of computer science and We through that program had a lot of companies come in Like do lunch and learns and do like here's like internship opportunities and stuff like that. So just building those partnerships with organizations at such a young age gave me the ability to like really strengthen those soft skills that a lot of computer science people I don't want to say lack because that's mean, but Could work on.

Yep, that's a good one, that's a good answer. I want to say lack it like. For example, i think our program was just more as As pretty much an engineering program and they do some computer classes in it, versus Keter catering it to be More so to do something cybersecurity related. Even at that time They didn't have that type of degree path there yet. It was either CIS then or back in the day before Cybersecurity became a thing. It was and I sound like I'm old, but I really not I graduated it, graduated with November, make ten years. I did undergrad. It was called information assurance, so they had a like a program for masters information assurance. But other than that, the, the curriculum there now is pretty much the same as when I was there like ten years ago, and that kind of Angered me as well. I actually spoke to the professor there about, hey, this y'all not offering them any certifications with this curriculum, or they like, what are y'all doing? like this is this, is not it. So I think that's dope and I and I do express the people now about really And it's hard to if you're a person that's the first time you're going to college, if you don't know me, too many people that's went to college, especially for what you want to go to. I think it's pretty hard For a young. I must just stay a kid. 18 year old to me is still a kid. I have two brothers. They're like 18 right now, so I considered them still be kids. It's hard for them to really make a Information of decision or something that can probably, you know, stay with them for the rest of life, because they you don't know What you don't know and I don't know if there any apps or anything out there like that where they connect you With, i mean outside of LinkedIn, but literally this app. So purpose would be to connect you with people That's went to college, that's in the major you've done. I don't that that app doesn't exist. Maybe you know you should create it. I think that'd be a perfect one.

Yeah, i agree, i feel like there should be something like that. I know there's a lot of people that One a mentor and a lot of like mentees that want to find mentors in their industry. So I feel like something as simple as that, just like a place where you can connect. I feel like there's there's a lot of apps that do that, but that's like one of their sub like components where, like and I was a I was a mentor for a program called Thankful and it was like a cyber security. I was a cyber security mentor and that was like one of their like niches. But then they have like Seven other things that they focused on. Or, like you said, like LinkedIn. It's like a huge portal, but like there's just not one funnel for that. So I think sometimes what I'm noticing also is like Organizations and companies build such cool products, but like they're so complex and just sometimes just like we just need to solve problem a And then problem B and then problem C, and like they can each be their own thing. They can each be their own thing. You don't have to have this like monogamous, like monolithic app or like company that like does like 10, 15th for things.

I definitely agree, and even if we touch on LinkedIn, like In college, they showed us what LinkedIn was and we made a page and my professor at the time and this is like CIS, whatever class it was he had us like get connections and we wrote recommendations, but outside of that there were no other follow-ups on. Hey, okay, this is how you're gonna use LinkedIn and leverage it so you could build your professional network so that you could either find an internship or a job or something after this, because, like I said, in 2010 through 2013 by the time I finished, cybersecurity was kind of like an afterthought. It's just Really, i would say honestly, in the last three to four years, industry wide is where it's actually been put on the pedestal. I think once COVID happened, they realized how important it was. You started seeing salaries skyrocket up in the need and you started seeing everyone say, okay, we're going to leave this right here, but we need these people because we got this workforce that's working from home and we need to protect them because they're on our network, but at times they cannot be on our network, so we need to figure out how we can regulate that. But I think you have something to say about that.

Yeah, no, i agree. I think a lot of people unfortunately put cybersecurity, as you mentioned, as an afterthought. You're just thinking about building features, building products, getting everyone connected through the worldwide web, and all of your credentials, all of your identity, everything is online and people are like oh yeah, i have a password, so I'm safe and I'm X, y and Z. No, i'm connected to my private Wi-Fi at home. Nothing is going to happen to me, and I think people often times and I was speaking about this recently, actually on another podcast, but often times only take caution after it's too late, whereas if it's a company, someone gets hacked and now you have to like your five, ten million dollars that you owe to the government or something, because data has been exposed, because you haven't taken the right security protocols or something like that. I think, instead of that, we should enforce and reinforce a proactive, then reactive, measurement in cybersecurity. You should always be thinking about it because, like I mentioned, data is our biggest asset. If someone steals your data, they can find everything out about you, and I think that, yeah, we should not be an afterthought. We should be engraved in the design phases of software, of feature development, of product development. We should be in those early conversations so we could have privacy by design principles, security by design principles, the concept of least privilege when granting access, so many other things. But could speak days about those. But I think that, like you mentioned, it's unfortunate that only recently, after so many headlines, is it becoming important. So that's just my two cents on that.

I gotta say we probably could take some of that later because I still feel some companies feel like their risk appetite is a little bit too high, for whatever reason. But I know you mentioned you started the ladies group and how that really helps you guys out at University of Maryland with pretty much all the different type of sponsors and a bunch of learns. And one of the questions that I had put down was about you know how many women were in the program and how was it? you know being a woman in that program, because one of the things is, and why I do my show kind of is when it's probably my guess is probably being like 75, 80% women. And I did that for a reason, then because most of the time, especially in corporate, you may be the only woman on the call, you may be the only woman on the floor like, or sometimes in class it may be two or three of you and you know the rest is men And then you know it may be mostly white men and then a couple of other minorities in there. How was that, that structure for that degree path? was it you know more women than I'm talking about now or was it like I explained. It was like you know, pretty much like it was probably like 10 to five us or something like that.

Yeah, i think that the number of women has. I don't know if it's actually increased or not. I haven't looked at the statistics in a while, but I know when I first started at Snap, i was the only black woman in software engineering in the whole company And I know that that was like as an intern, that was like starting full time. I believe we have some other, i hope we have some other now And I just I think that the numbers have been increasing slowly. But I think one of the things that we need to do as an organization is like one like show other women leaders, like there's still like 90% men in these, like executive positions in engineering and VP's and CEOs, cto's, et cetera. I think that that kind of makes it hindering upon younger women to really see themselves in a career and become successful in this career. So that's one. And then I think too is like introducing it earlier on, like maybe in middle schools, having them like understand that hey, like this is also something that you can do, it's not like a super masculine thing, it's not a only boys thing, and just having them see that there's other people and other role models that they can look up to. I hope the numbers have been increasing. But I know for me it was a pretty lonely experience because I didn't have someone that I could look up to to see that was like successful. That was like a woman, a person that was black. Any one of those two or someone that's young as well, like everyone that you see, is just like older white men And I'm like okay, like I'm the complete opposite, like I'm this young black girl, like trying to make it just graduated, 22. Like I need help And I think for me that's one of like I'm speaking about earlier. but that's one of the reasons I'm super passionate about just like, even if it's like showing my face around, like hey, like I'm someone that you can look up to, like I'm happy to help, i'm happy to kind of talk through tough times and stuff like that if need be. But I think just like exposure is something that people sometimes don't think will be as beneficial, but like it does, like in the longterm.

Definitely. Yeah, i did an article about back when I was talking about the reasons about diversity, why the issue it remains in cyber, and I said the biggest one is exposure. Like I was saying to you earlier, like I didn't know about cyber until probably almost going into my senior year of college. Like no lie, like I took a I think we took, like this, i picked this forensics class and that's when I found out, oh, okay, so the stuff I put on the USB, if I delete it, i can still recover it. Okay, The CSI stuff. But that's what I found out. And so starting this channel has really just about the exposure. So many people that say, man, i'm glad I found you, somebody, look like me that's on YouTube. That's also just giving me good, solid advice that they wish they would have got. Like 10 years ago, somebody would have told me I'd been like wait, maybe farther ahead than I am now And the reason why I always started with the women and I also made sure I tried to get as much mini And I guess they can say I've been called like sexes before, i don't know how. Like no, i'm one called sexes. They call me a misogynistic, when I'm definitely not a misogynist. I love women, but I do try to find nice looking women that's in either tech or cybersecurity, for the reason to let young ladies know who are beautiful young ladies, that hey, you don't have to look like some type of Velma or some geeky looking girl to do this. You could be how you are and you can go to work, and that's the reason. So, eventually, when everybody, whenever this blows up and then they start going back out, they say, oh okay, like I see a pattern here, that was kind of one of my aims, like that was probably like my niche area. I think I'm a good, i think I'm a good founder of the nice things. I would just say that.

Agreed. I think sometimes another misconception is you don't have to be in the basement of your mom's hoodie and, like negative degree weather, eating pizza, drinking Coke at 3 am, coding with like swept hands on, like it's just not that lifestyle, like there's so much fluidity, there's so many opportunities, there's so many different paths that you can take. So I think that like people should also understand, like you don't have to, that idea from I don't know maybe 20, 30 years ago. It's just like not the same.

Definitely So. We talked about this in the beginning of the episode about your internships. So now I wanna talk about how was interning through college number one, and because I know you did different internships and they weren't all in cyber when you started. And after you talk about how it was interning, i also want you to kind of comment on how beneficial you believe that was for your career.

Yeah, absolutely. I think internships are the best thing ever. I strongly suggest everyone to intern as early as possible. I think sometimes people only think they can intern in their junior years, but that's wrong. I started my internship my freshman year And it that's definitely paved the way and opened the doors for a lot of the opportunities that I've had. So freshman year I interned at Snapchat. That was really the introductory of like what software engineering was for me. So in school you learn about computer science and you learn and you have very project based, but you don't really know what you're gonna do when you like how the real world is and like how you can take your school knowledge and transfer that to like real world application and your jobs. So internships is like exactly that, like it bridges together, like here's the foundation and the fundamentals that you learn in school, here's how you can apply it in like the real life, the real world, the real life and your jobs. So, yeah, i learned, like I learned, github and I was like I can't even believe I didn't know that like before. Internships Like I learned terminal command lines, like very, very, very basic, fundamental things, cause in school you don't really do that. You just like here's your project, build this thing. And I'm like okay, like that's cool. But yeah, my first internship taught me all of those things. And then I think just like overall, like how do features get built? Like how do things get built, like how do we build, and just that whole software development life cycle of here's the problem that we have at the company, here's the problem space, here's like the design of how we try to build it, here's like the different stakeholders that are involved, here's our conversations, feedback loops, and then like here's the implementation phase, here's how you test it, here's how you push it and roll it out, here's the end product, but here's like the maintenance side of it. So I think, like that whole cycle of just general like software engineering, product development, all of those things I learned in my internship where you just don't learn in school And yeah, i mean so. I interned freshman year at Snapchat. Amazing experience returned for a second summer back at Snapchat. That's really where I learned about like cybersecurity and what I wanted to do long term. So I joined a team called Spam and Abuse And back then it's so funny now that team is like 70 people. That team, when I was on it in 2018 was like eight people And my mentor is now a director. So like it's just like everything is just super different. But loved my experience. My second summer and my internship There. I realized that my passion was for, like, security. I worked on a tool to help take down bad content. So, snapchat being a public company hundreds of millions of users around the world people do bad things, people post bad things all the time. So our team owned a service that was essentially like a review tool. So whenever content got flagged for anything bad harassment, nudity, child abuse, any guns, violence, anything bad it would get sent to our review tool. So I helped automate taking down bad content. And during that internship I mentioned earlier in the podcast, one of my other passions is like helping the community and giving back, so being able to take down bad content as quickly as possible. A lot of the content, unfortunately, is around child abuse and child nudity and stuff. So being able to say that, like I actually used my computer science like abilities, my software engineering abilities, to help take down bad content to help the community Tying those all three together for me meant so much And I really enjoyed what I did. I really woke up and I was like I have a purpose in this world. I feel like I'm doing something good and giving back. So I really enjoyed that. That was my sophomore year, so I still had two more internships And I was like, ok, as a computer science student, you've always dreamed about working at Google. Even though I really really, really knew that I wanted to come back to SNAP my second year because I loved it. I was like, why not try for Google? You know it's like go bigger, go home. What's the worst that can happen? So I applied, i got the internship, but I also applied to Facebook because it was like you're going to go to Google or Facebook And I was like I'll just do one of them. But thankfully I got both. And yeah, so I interned at Google. Google for me, was such a big company that I noticed being at SNAP and being SNAP in 2016 was less than 3,000 people Having visibility as an intern on your project, being super impactful as an intern meant so much. I was presenting to leadership And I was presenting And my project actually was something that they used post-internship. So at Google, i didn't really feel the same. They worked pretty slow. They worked pretty slow And the project just didn't mean like I didn't have that same feeling that I had when I was at SNAP, so I didn't really like there. And then Facebook again, i think for me maybe I just was on a bad team, but I was on an ads team And ads I didn't know at the time But they work you like 20 hour weeks, like unfortunately someone committed suicide when I was working at Facebook, so I just was like I don't really want to go back here, yeah. So I think for me, just like that was not a good experience And yeah, maybe I was on a bad team, maybe it just wasn't right timing, but I didn't really enjoy that experience. So upon all of these four internships I knew where I had the most enjoyment, i knew where I felt the best, i knew where my skills were valued And the impact was very clear and direct. So decided to go back to SNAP upon graduation and been here ever since.

Yeah, so funny enough that you were talking about like you noticed something when you were at Google versus the smaller company. One of my videos I told people about don't always have to try to go work at the big giant, the Mains companies, because I was like you can go there and get lost. So you could essentially say, yeah, i'm a Googler, but you could just be another requisition where no visibility, you may just be doing your job. Or what we found out in the pandemic was a lot of those companies were just hiring different talents so the other big company couldn't get them to where you weren't doing work. Versus going to a still great company in SNAP that you're at now And, like you said, you felt the visibility from day one of being an intern working on something that was pivotal for the company. So I hope everyone listens to that part and just realize, hey, you know, try to go somewhere, you can have an impact, like You'll learn more going to a smaller company in the beginning versus trying to go to some big company. I promise you that Always, now we're at after, i guess, like you graduated, so you graduated, we're trying to tally it up. When did you graduate? 2019 you a youngster, i I.

Am, i'm 26.

Oh, I just feel like I'm like a 45 year.

Huh, i feel, i feel, i feel like I'm not actually young. I feel like I'm a 35 year old.

I think you feel like how I feel like I Graduated 21 and then so, right after that, i got my first job when I was 21. So I've been doing this thing like a decade now and I feel like like some of my friends are still in college at the time. So I feel like the old man. I say I've been a corporate alone time. So, even though I'm 31, i feel like I'm freaking close to 40, and So I was like okay, you just graduated. Well, you didn't just graduate, but it seems like that. It's like go so fast. I Want to talk about how was life for you after college? and I know, since you graduated 2019, life kind of got a little dicey for you very quick. So so how was that transition from school to now? Okay, boom, it's time to start my career and I want to figure out what I want to do, because that's like the crossroads You get at after you graduate. It's like it's real.

Yeah. So, fortunately enough for me, i had my full-time offer when I was still in school, so I actually had it. Like sophomore year after my internship I already knew that I was gonna go back full-time. I just did the other internships for experience and like I would hate to have not done them. So, thankfully, upon graduation, i already knew I started like three weeks after I graduated And that was a. That was it like. I knew I wanted to do security. I knew that I wanted to be back on that same team. I remember how I felt. I remember the impact that I had. I remember the people I worked with and all of those things made sense to me. So it was super easy for me to just make that move after after graduation.

I'm gonna get into this one and we'll actually bounce back to snap, because I saw this and I thought it was pretty cool about Your company. Mimo, you are a co-founder, yes, and I believe it says that you guys were acquired by Coinbase. Yes, yes so they call you. They call you big money, yes.

I guess, um. Yeah, so, um, i actually wasn't one of the founders I don't want to take the credit for that, but I was definitely one of the earlier employees and Yeah, so the co-founders actually were some of my friends from snap. Um, my first internship, i was on the search team and they were directors of search. So that was back in 2017, when I interned. Two years later or like a year later, they reached out to me like, hey, yeah, it's like you were such a great intern, like we're starting this new company. We would love for you to like join, um. And I was like, oh, like I'm still in school. And they're like, yeah, no worries, like you can just do this, like you know, not part-time, but like just join. And I was like they're like, we just need your expertise. And I was like, okay, like I think this is my senior year. I already had my full-time offer, i already knew where I was going, so like I didn't have to work as hard in classes and stuff. But, uh, i didn't have to interview, do anything like that sounds okay, like, why not? So, senior year I um joined MIMO, or help join, start build MIMO and Essentially it was like a fintech app, um, what we would call it is like google for your finances, so you'd be able to like, quickly search, like how much money did I spend at Chick-fil-A Over the past week, month, year? How much did I spend at Chick-fil-A compared to Chipotle? Um, and then it was. It was an app that did a lot of things, so, like one part of it was like a google for your finances. Another part of it was it was like artificial intelligence, where it could understand based off of your spending habits, where you would spend next and reward you credit MIMOs, um, based on your spending habits. So like, for example, this Chick-fil-A Example that I was just saying we knew you spend $500 in Chick-fil-A over the past six months. Here's a $10 MIMO credit that you can use. Once we see you use Your card again at Chick-fil-A, it'll like credit you back to $10. There's something like that. It was like super cool Um. And another part of it was like you could send your friend MIMOs So you can like I know you go to Chick-fil-A, i'm gonna send you this $10 MIMO that will give you credit from Chick-fil-A because we already know you're gonna spend money there, based off of your spending habits. So it was like a really cool like financial app, fintech app, um, a lot of cool things under the hood that were going on in it. The problem was, uh, when we started getting traction and stuff, that's when the pandemic happened and people spending habits um just went down, were not what they were like a lot of people were spending at like amazon and like just Just like uber eats, so we couldn't really tell like who you actually were, like, what kind of spender you were like. Your finances weren't really that interesting, so, um, we didn't really get that many users. It was hard to hard to get users and stuff, but, thankfully, um, my co, the, the CEO and co founders, um super smart and super plugged in, so we were able to sell the technologies to coinbase, um, and then a lot of the engineers went over to coinbase and then I went to snap so because I already had the offer there. So, um, it worked out perfect timing. But, yeah, i think for me, being at a startup I was like head of product and being in like a Leadership role at such a young age again gave me the ability to enhance my communication, my leadership, um, my stride strategy, critical thinking, um, and all of those those skills outside of engineering. Like, even though I had this computer science and engineering background, i was doing so many things outside of it. I was helping engineering a little bit, but, um, i think for me, like that experience was one of the best playing um multiple roles, wearing multiple hats and and being at a company very small, super, super smart, like I think 10 engineers came from snap and then like five other came from google. So like super talented group of people working with like the smartest people, having it go from like ideation To full product and then acquisition, was like a really nice full circle experience for me.

That's dope. So would you say anytime in that process. Where you did you ever have somewhat of a level of uh, uncomfortability when it came to maybe leading some things at that early age?

Yeah, uh, it was actually a really tragic time because I was the only black person in the company and I was the only woman in the company and I was also the youngest, by like 20, 20, 25 years. Um, and I know this was this was like the time that George Floyd had passed away and it was a very like for for what it's worth, very sensitive, like, uh, uncomfortable time for everyone and I think for me, um, people didn't really know how to act and I had to take initiative to Bring up conversations, uncomfortable conversations, with the folks in the company. Um, and I think I was like 21 or 22 and I'm working with like So so many older people and like hey, guys, like this is a very important thing, like the whole world is in distra and the whole world is like facing turmoil, like We need to talk about this, like we need to be able to have these conversations, like we work with each other eight hours a day and we're not just going to talk about these things that are Super important to me, but like also, if you go outside your street You're seeing people marching up and down. Like you're just not gonna like talk about it. So I think that was something that was like super, super, super hard for me. Uh, because it's not like you're bringing up something like at work, it's like a personal thing in a way. So I just remember that. But I'm so happy that I did, because it taught me so much about like You have to be uncomfortable sometimes to To, to make things different and to provoke change.

And that's one of the things that the crazy thing is about. Uh, i guess, are you Consider JNZ or are you a millennial? I don't.

I'm trying to see 97, so I don't know. Someone told me that I was on the older, the older group of the. What is the younger one, jnz?

I think y'all, i think y'all have been going by this term called Zillions or something like that. I think you guys have been going about it because y'all like are in between, because you're like Me I'm 92, so I'm still considered, you know, a millennial and and I still remember some of the things that You may not remember a little bit, being born in 97. It's not like I'm like that much older to you, but it is some of the things that I was doing in 97 that you weren't. You just crawling around somewhere, whatever.

But I don't even know if I could call it 97 when I mean what's your birthday?

You don't have to get a date. You know, we're all about identity and access management.

Oh yeah, Well, let's Q1.

Okay, yeah, so you should have been crawling around about the end of the year.

I feel like babies don't crawl until they're like, they just lay and well, i don't know.

I haven't been around they start crawling pretty early because Mostly it depends, they walk at various times but, like I was walking like at nine months. So somebody's walking around nine months, 10 months, 11 toils. It really depends. But I was gonna say we are in this predicament Especially black people is that we've been through so many Crucial things that are happening in the world while we're working and it does make tensions a little hot. I remember in 2016, being at work One week, you see. After I see, no, what came first? I think Alton Sterling came first, and that's my home state, and then, right after that, was the Philando Castile. So it's all they're shown on the news. And A little thing about me is I tell people now, back then I was like, you know, i used to have the energy to argue people back and forth and I was like tuned in all these things. I was in. I don't think I ever shit this on the pot and this is cool. Also, the year 2016 is the time when they say the the guy downtown Dallas shot all those cops And the day after that I had got pulled over. At this time, i had a black Mustang GT And I wrote out my windows down. I was so nervous, mind you, i was actually standing a very good part of Texas. I was standing Frisco little M area, if you came out here. So I was. I was really nervous for no reason but Is because everything I had seen online with the cops that weren't from like my home state has been negative And it's been tragic. So one of the things I try to tell people is to kind of guard yourself You know, your heart, your mind, your eyes Against tuning in and seeing someone possibly losing their life on camera, because it's very detrimental to your mental health, because it got to the point where I would like expect these things to happen. And it's not normal to see people die on camera, and I don't think you know people understand that, and so I will try to tell them, like, exercise caution, like I would prefer, like maybe read it, but like to look at it. It's just, it does something And it makes you not want to act correctly if you get pulled over by a cop, and sometimes they're just doing their job but I started tearing up.

I literally feel like I could cry any second. now I think for me, like I remember getting pulled over around sometime, maybe like a year or two years ago in my neighborhood. I literally get pulled. The only place I've ever got pulled over was my neighborhood. twice. I don't know why. I'd live in a predominantly white neighborhood, but I lived there for 20 years And this was around the time of like George Floyd and all of those things happening. And I think the speed limit was like 25 and I probably was going like 30, 35 max And I got pulled over and I started crying so hard. I was like I literally feel like I don't know why, but like I could lose my life. And I was like so polite to the point where the officer was like, is there something going on? And I was like I just literally don't know what's going to happen anymore. And I was like I literally told him. I was like, please, please, please, like. I was like every like the smallest things, like can I please get my like wallet? It's in my bag right here. Like I'm going to go reach for my bag, like it's so unfortunate that you have to like think like that now, but I just remember the same feelings, which is just terrible.

My ex-girlfriend years ago. She got pulled over. We were driving to Houston, matter of fact, and we're hometown of street port. So if you go to Houston from street port, you got to take all the back roads And you have to be mindful that you go through different cities and the speed limits ever changed. So she actually got pulled over and she was laughing. She got you know, people that get, when they get nervous, they start laughing. And I was like looking at what you laughing for She was like, oh no, i'm just laughing. I'm like, and I was like man, i was like, luckily he wasn't, like he wasn't a dick or anything. And then, you know, i talked about the moment, like getting pulled over, that time of frisco. Then, if I talk about I think this might have been 2021, i was back in my home state for a little while. My oldest daughter was born in what? 2020. And I was working out late and I got pulled over in Bolsa city And I happened just to be what I was I doing? I was working out, and he was like, oh man, what you worked out today. And then I was like, oh, i did this and this. He was like, yeah, all right, man, just, you know, drive safely and let me go. But I'm not like super nervous Like when they come behind me, no more, because I'm very aware of things that go on in the world And I'm also I do still read about various different things, even before all these other things go on. So I'm very aware of it. I just tried not to engage into it too much because it gets you fiery, you know you hit. now I'm a father And it seems like I was thinking this other day and I've never said this on a pie, but it seemed like anything I watched were like kids, like a show that got, like kids with their parents. I'd be like in the emotional edit, like a week watching like the stuff, because I kind of envision like them tops, like with my daughters when they like get older and all that different crap, and it's like it's just crazy. So it just it's just one of those things. But I'm gonna put this podcast back on a lighter note And you kind of already covered it. I guess we'll ask. I'll ask it one more time if you want to add anything about it. How is it? Well, this should be a second part of the question. How is it being a black woman in corporate. I know for me it. I don't know It's been, it's been, it's been mixed. I have my reservations about certain things. I've seen firsthand how they treat you all if they don't have people who are progressive or actually gonna try to do right. You know by you Like I, i typically try to stand up for y'all when you're on my team or whatever. But what's been your experience?

Yeah, i mean, i think from my experience in the couple of years that I've been in corporate so far, i feel like this it's kind of twofold You never want to be the angry black woman or like the bossy woman or anything like that when you're in these meetings and stuff. So it's like finding that balance of not being labeled that but also being able to like stay in your ground and stick up for yourself and like be able to debate back. So I think for me unfortunately, non-black women don't get called those things, So it's definitely more challenging being able to balance those two.

Yeah, And I would say, ironically, they love to actually put you guys in leadership management positions, because if people hate or love it, y'all make sure stuff get done, Cause it's almost like that, that mom mentality that people have to the women bring in to get these different projects that liberals was doing especially like. Are y'all like agile? Do y'all do like two weeks sprint? So not at crap.

We do. I think for me it just depends because I lead and manage a couple of different programs, projects, teams. So just depending on like what works best for the team, some teams work better syncing up once a week, some teams work better just syncing ad hoc when they're blocked. So just really depends on like what specific team I'm on. But I think typically engineering teams have two experience they use like a platform, whether it's JIRA, to like manage their tickets and that sort. But for me, depending on the team that I'm on and depending on the cycle quarter will kind of determine what. but I think typically agile is a good way for attracting purposes.

Yeah, We'll probably get into that, Cause I got very familiar with that at JP Morgan. But to throw a little wrench in these questions and get a little less formal, So judging off your you know your IG, it seems like you know you like to be on the move and you like to travel. So do you like to travel and what's, I guess, the coolest place you've traveled to so far?

I love traveling. The coolest place I've been to I don't know if I've been anywhere cool per se. I've been to a lot of places. I don't think. I don't know. I mean, i don't want to sound like.

You don't have to downplay it, man. This is this y'all trying to be spicy. You know what I have to downplay like?

a place you live in. Okay, So I'll break it up into two categories Places that I've been to that I think come to mind that are really nice. I love Dubai a lot and I love Turks and Caicos. I think those two probably would be like my top two that I've been to so far. I've been to like a couple of other places, but I think those two stand out. Places I want to go. I definitely want to do the South of. France which I'm going to in two weeks. So I'm really excited, but also, like Italy, italy's so romantic and I love I just Italy is somewhere Ibiza, saint-tropez, almafikos, monaco, lake Como, all those places.

Break the rapping about.

I'm saying, yeah, he definitely has all those. I think it's just Europe summer, like it just has to be, europe summers moving forward.

All right, let's get back into Snap. So you moved into security engineering and I believe you did two different roles at Snap. You first started off doing let me see. Let me see if I can give. My research skills are infrastructure and tooling.

Yes, i did So. I was a software security engineer for the first two years I was on. I was helping build some infrastructure security tooling for like the company. So we have a lot of customers like identity operations, trust and safety operations agents all over the world that are helping monitor bad content, take down bad content. So we have a lot of these internal tooling that I helped build out. So, yeah, i mean it was a really fun experience, but then I realized that one like this was a primarily software engineering role, which is great. I love building, i love that whole life cycle. However, i have more of a managerial spirit and I'm a leader and a manager and I wanted to think bigger picture and I wanted to really answer some tough questions around access control, access management, who has access to what, and things of that sort. So last year I switched over to a manager management role and now leading security engineering programs and projects, which I enjoy.

Yeah, so earlier in the episode we briefly spoke on identity and access management. What made you wanna get into that? Because it's one of those fields I tell people man, listen, I am is where it's at when you think about it. It's always needed. Every company needs I am and it's always most of the time, it's not even they don't even do like I am right, even from the simplest ways big to small companies And you can come in and have an immediate impact. So what was it about I am that really just sparked your interest and said I wanna do that?

Yeah. So for me, I think what happened was there was a Twitter hack back in 2020, where essentially, I'm not gonna speak too much on the Twitter hack, but what happened was an employee's laptop got compromised and they didn't realize or didn't figure out in a quickly and timely manner what that employee had access to, And the attacker was able to penetrate through the internal services and get more access. Get more access to different services, different resources, different projects and stuff. So the problem that they had was one why does this employee have all of this unneeded access? Two, how is this access even granted? Three, like there was just so many different things going around within access and identity management within that Twitter hack. So I took it upon myself to really sit back and think okay, what if that happened to us at Snap? Where would we have falled and became victim to this attack? What are we doing good, What are we doing bad? So, taking a step back and really thinking about our identity and access management frameworks and the set of processes that we have here and the set of controls around the internal identities, external identities, et cetera all identities that we have at the company and the organization. So for me, that attack really did spark my interest around just the whole I am, And there's so much that goes on within it, But I think for me that's like the pivotal moment that I realized, okay, like software engineering is really cool and all, but I really would rather spend my time figuring out and answering all of these questions around I am.

Yeah, i definitely get it. And for the people listening and watching, she pretty much explained that a person pretty much did some lateral movement in the environment and they also what's the word, the right term thinking it's. I should go to MITRE and look it up. I wanna say it's like persistence. I think it's persistence Now they had persistence and they were able to probably extra track some data. But I just wanna touch on that a little bit only because one of the ways when I'm coaching people, i'm telling them, hey, even in my Slack channel, i have a security news channel in my Slack space And I tell them, hey, look at the stuff that's coming in every day and research some of these attacks and these different nation states that are behind these things that they're pushing out, because you may get asked the question in an interview. it's like, oh, how do you stay current with cyber security news and attacks? And if you go back and research breaches, you'll actually see the inner workings. A lot of researchers are breaking down what happened piece by piece And they can go recreate that, make you a lab and you can just start learning stuff, especially if you wanted to get an IM. Like it always is at the center, like their goal is to okay, boom, let's get them credentials. Like we're working on freaking. it's crazy, as simple as it is. people still fall for credential harvesters and putting their information into the wrong pages. It's like it's crazy. Especially well some people. they're good at actual the very real spearfishing aspect of it, where they make it seem like they've been talking to you for a while. they've been scoping you out and they so they really make it look legitimate.

Yeah, I agree.

Some misconceptions people have about IM.

Yeah, that's a good one. I think the first one that comes to mind is that people often think that IM is essentially like a security bullet for all security challenges and like all security concerns that you have at your company, and it's not. Im is an essential component for a robust security strategy, but it's not a standalone solution to address all the security concerns of an organization. There are other areas, like encryption, threat, intelligence, network security, that all should be implemented in place to really build up a robust security program and a comprehensive security posture at an organization. So oftentimes people think that IM is end all be all, when it's not So. That is the first one that comes to mind, and I think another one is I am is not only about passwords. There's so many other ways that users can identify themselves, whether that's 2FA, mfa, biometrics, etc. So people just think, oh, password, that's my user, like that's how I'm going to be authenticated, but that's just not So. I think those are probably the two that come to my mind. And then I think, lastly, i am is not only for large organizations. I think people always think, oh, like I have a small business, i don't need I am, i'm a startup, i don't need I am And I'm like, yeah, exactly, i think. Yeah, some people think, oh, like we don't have hundreds of employees, but I think it's really important for even small businesses to make sure that they're only giving out the appropriate access and data that is needed for the specific work, workload or workforce for that group or that role. I think a lot of, i think a lot of companies should just implement our back, which is the role based access control, very granular access control, and I think that will help solve a lot of those issues. But I am is not only for large organizations, small organizations, startups, even if you are like getting your foot started and building your organization, you should look at, look at, i am a lot of. There's a lot of services that provide it, like now for you under the hood, so you should just get on board.

Definitely. And when you started bringing up our back, i was thinking about that. we covered. it was like a month or two ago whenever the issue came out with the National Guard and he got in trouble for leaking important information on Discord And we were like, well, why did he have access to the stuff anyway? And that was like the biggest thing. It's like, you know, no least privilege at all. Like it's crazy. Then you add in oh, no least privilege, no DLP, like what are y'all doing? Military, i guess. so what type of challenges have you faced? doing I am, i know like it's hard to get everyone on board because they do things like certain ways, like, for example, i would assume, because I think everybody thinks that I think, in order to be like a great security program, it can't be siloed. Everyone should at least know what the other one is doing in some sort of fashion. Like I believe that you know the I am team you guys probably work a lot with, like, maybe like vulnerability management team or trusty, but like, for example, like when the Uber reach happened, the guy was able to get in and I believe he was able to find that, whoever he compromised, they had access to some power sales scripts that had some admin credentials hard coded into the script. I'm pretty sure you guys maybe work with the teams that do those assessments on things like that to say, okay, now we have to do this another way and maybe use a certain service account with the power sales script to do this. So it does. It only does this one thing and has this permissions based on whatever is interactive with and not being able to do everything it can do, just because it's an admin account.

Yeah, yeah, i think some of the I thought of three examples that pose as challenges when implementing I am. I think the first is complexity and scalability. When you have, like a large IT organization that is composed of multiple systems, multiple applications, multiple platforms, and they each have their own authentication and authorization, it's hard to integrate like a. It's hard to integrate in a user friendly experience, an I am policy, so you just can imagine how many different systems and each system has their own authentication, authorization. And then there's like if there's like a hundred of them, and then people are building new services. So I think it's like that's always a challenge when you are a larger organization, i think. Secondly, on that same vein, each one of those systems has their own at snap role based access control and integrating our back with I am is challenging in its own form or fashion. So I think balancing out the security aspect of that and then the user experience aspect is always been a challenge, because we want to impose the best practices, which is I am in our back, but when you have hundreds of services, applications, platforms and systems, it's really hard to combine security and balance security and then the user experience, and sometimes users are a little bit resistant when you are imposing these things. So I think those are some challenges that I've seen happen over over the course of my tenure.

Okay, that's dope. Now here's a good question, as you probably get asked on time. If someone wants to get in the I am right now, what would you advise them to do? Or if they want to come work for you, you know they might say you're hiring.

I am hiring. I need an intern and I need an executive assistant, but we can get into that later. I would strongly suggest them to just get a strong foundation and cybersecurity, network security, information systems, computer science one of those four areas I think I am. You'll need a foundation in all of those to get into I am, or computer science or whatever it is, i think. Secondly, i would stay up to date on the industry trends. As we know, with technology and cybersecurity changing every day, it's important for us to know what's going on. Yeah, i think another thing that comes to my mind that people don't speak about that much is really develop analytical and reasoning skills. Why is it that it's a problem that we have this hard coded password in the shell script? Why is it important for us to have fine-grained access control? Really developing your analytical and critical thinking and reasoning skills to come up with their own answers to those problems is important Then. I think, lastly, is embrace a security mindset. Stay informed on latest threats, keep up to date on privacy regulations and industry standards and industry trends. I think those four things will give you a great first foot in the door, but enough context there to get your feet wet and get the ball rolling. That's dope.

Now, if it comes to let's see, because one of the ways I talked about and I forgot to mention is when you were talking about the internship thing, was that I literally on my TikTok well, some of my TikTok stuff, but it's taken from the long form podcast episode I was telling people hey, the moment you walk on the campus, you should try to get an internship, like your freshman year. But in that video I was also discussing how I pretty much told my baby you're not going to get a job. But I was discussing how I pretty much told my baby brother hey, learn AWS now. Let's get this cloud partition certification this summer before you start school, and then throughout the year, i'm going to have you work on different things so that you can apply to internships and you should be able to land one. Since your GPS, they'll be good. You'll probably be set from there, especially like getting into the cloud which you advise people to, whether it's a home lab we're using, like Active Directory or Azure Active Directory you're doing I am with AWS GCP, like do you have anything? Well, let me, let me try to do like this, because I'm always aiming to have people to, when they work on their projects, to try to recreate something that they may do when it comes to a day-to-day task at work. Would you recommend any platforms or any type of project that they could do that will replicate something that they would do at work, whether it's coming in and it's audit? hey, we got to reset the password account policy also for a PAM, for the privileged access, looking at these different role-based accesses and how often they're audited. I don't know everything you guys do. I just know some of it because we could alert like even something as simple as somebody logged in from a region. We never seen them log in before. That should be a red flag, so what could they do about that?

I think for me, i would want to say that your job is the best experience. Like being like day-to-day is like the best t-shirt of any of these things. So it's hard to like as someone that's not, if someone that's not been in the workforce, especially someone that's new, trying to get into this, that's trying to learn something that will be applicable, it's kind of harder because there's things that you need to go learn first at your job. Then you can like if you're changing jobs or something, it'll be easier. But I think what I would say back to the previous question is like really like be able to like take some of these threats and take some of these industry trends that are going on and really understand. Like for example, for cybersecurity or anything data security, privacy related, chat GPT, ai is coming out really understand like what are the security flaws here? Like how could some bad actors manipulate this? Like how could someone misuse abuse like AI and chat GPT. I think like being able to like critically think and like reason, like come up with the reasons and like analysis and like understand. Like here are like what I'm thinking how a bad actor can like manipulate this thing. I think those like real world, like examples like make it easier than like you can write code, like you can build small projects. You can try to do like some of these capture the flag things online But, like, how applicable is that going to be to like your day to day job? Not really how. If you take the reason link analytical understanding of like how can I abuse AI? and like try to use that for the job that you're going to get hired for. That's like more more beneficial than like just writing a script or like writing this because, like nine times out of 10, like the script that you wrote is going to be like solved by some security standard that we have done already somewhere. So I think just keeping up to date of like things that are going on and like how abuse and misuse is happening today, and keeping up with that is probably what I would advise.

Yeah, most definitely, and that's why I tell people one the job description is to, when it comes to interviewing, whether you know it's entry level, mid, senior, principal, yada, yada, yada. If, in the interview, you are able to offer solutions for issues that they are currently facing, nine times out of 10, you'd fare much better at getting that position because you have solutions, right, right, and so that's the thing. Like you said, research, like you know you. So if they research all these different things and maybe this is where you have to learn how to ask good questions and interviews and the outtip is like you know what type of problems that the team currently facing, the way you look for in this role, or you know all these other things, and then they tell you say, oh well, you know, in my free time, i, you know, i researched all these different threats And I know that if we implement, you know this right here, based off of and then you getting your bag, say a, based off these frameworks, then we should be okay, we should be in compliance and it'll keep us being safe. If you, if you're getting your bag like that, you're gonna be all right. You know, let me gunshot for y'all. Yeah, but I wanted to touch briefly on. You have another company, nohack, and I kind of want to ask you a little bit about kind of what inspired Nohack. And I see that you're a consultant, you know, and I, you know. I put a little note and I say, you know, show me the way. So yeah, can you briefly tell us about Nohack?

Yeah, absolutely. Nohack is my baby. Yeah, i started it while I was at staff Just because I've gotten so many questions, so many people reaching out about hey, i need security advice here. I need help with this thing here. What is the best practices? Can you take a look at this architecture? Can you provide solutions? Can you give? like so many questions in areas where I felt like my expertise could be used. So I started this consulting company, had a couple of clients. It's part time. I don't have so much time these days because of my full time job But I think, yeah, generally helping small, medium businesses, high network individuals really just understand how best that they can secure their data, protect their data and just giving general advice, whether that's on architecture of a new design with engineering, whether that's just general consulting on best practices, whether that's digital hygiene, education around certain softwares to use, etc. So it's like a different suite of services Every client that I have I've done something different with. So, yeah, i definitely want to spend more time and really expand upon that and make that like a fully functional daytime job, but still wanting to learn as much as I can at Snap. So I'll continue to do that part time and as I see fit, but I yeah, i'm super passionate about it. I think I have this entrepreneurial like spirit that I would love to just take off and have that be a fortune 500 one day. So we'll see how that goes.

I think it's just pretty cool because I mean, you know, incorporate, you start making a lot of money. you need something that you can kind of fix these situations with as well when you have a company. I just said that, but So do you have any book recommendations that? or it doesn't have to be related to security, but any reading recommendations that you may have for our listeners or our watchers right now?

Yes, absolutely My favorite book and I'll stand on it. I read it once a year. It's called The Almanac of Naval Robin Keat. It's about health and wealth And he talks about how he achieved health health before wealth, or no, sorry, it's about happiness and wealth And he he was talking about how he achieved happiness before he achieved wealth, and I and he's super, super successful. It's a very easy read And it's it's just been something I reflect on and I read back every year, just because I think a lot of times people forget that, like this is our one life to live, and wealth and money is amazing, but your happiness is also something that you shouldn't take for granted. So prioritizing that and making sure that you're doing things that make you happy every single day And I think that book is a great example of this So The Almanac of Naval Robin Keat and it's about happiness and wealth.

Yeah, i always tell people like I have a video like I made, like with last year I made two I quit videos about my other employers And one of the things was about like, just because I was getting paid good money, it didn't mean I need to sacrifice. You know my happiness for it And that was a big one for me. And I was telling people you know once you, money is money regardless I mean at the end of the day, a page of bills or whatever And then once you get past that, you're like it's not worth me, not feeling good mentally and dreading what I do every day just to get a check. It's not worth it. And I made an analogy about a lot of kids when we were younger dealt with adults that didn't really like their jobs And that's what it was always in the bad mood And I was like I will never be one of those people. I will quit before I let the job make me be unhappy. I mean it, just it, just it's. We don't care what the name is on it, because sometimes they feel like you know I should be happy, i'm working for them. I'm like, no, you should be happy, you got me. It's only one me Remember that. Last but not least, what would be like three things you would want to leave the audience with today?

I didn't know that would be that hard. Okay, i think first I would say that whatever it is that you want to do whether that's within like, whether that's in security, whether that's a computer science, whether that's business, and you find out you don't even want to do security or anything within technology I would just say put your full, 100% effort into it. I think nowadays people have just gotten to a point where they can just like I don't know if we can cuss on this podcast, but half half asset. I think that we are still we meaning are still trying to fight for, like, a seat at the table. So every time that someone like us is not actually trying our hardest or kind of like taking the easy way out, it doesn't make the community at large look good. So I think that I would just say like really, really, really try to put your 100% into the work that you're doing, because people are looking at you. People are going to judge you, unfortunately, based off of the color of your skin and who you are, and if you're young and just getting into it, you'll that's another thing that they'll judge you off of. So I think, just like giving them no reason to make these assumptions by trying your hardest. It's okay if you don't know, ask questions. If you're stuck, ask questions, but don't try to just like slack off because we're in this whole work from home, environment and stuff like that. So I think that would be one. I think two, always remembering that like there will be ups and downs in life. I think people sometimes over fixed date on like a bad situation, like oh, i got bad review this quarter, i'm going to get fired. I think people are always super worried and like on edge these days, especially with like layoffs and just like job security and the economy right now. So times are hard. There will be ups and downs, but don't be too hard on yourself. Understand that like critical feedback is necessary, but don't overthink that too much because you'll, six months from now, you'll be like oh, i wasn't even worried or stressed about it. So just think. Lastly, like just be kinder to yourself. I think we're all in a place right now where life is like we are unsure about a lot of things The debt ceiling, like issued two weeks ago, like COVID still like lingering around. I think like we just all need to be a little bit kinder to ourselves and to the people around us. So I think those would be my three things.

Oh dope, the first one you touched on really really is something technically we could have touched on earlier, but since you're like super busy, you're not like on Twitter and everywhere else.

So it's a I mean like not really because.

I would have been seeing you in the mix. I'm not on there as much as I used to be, but one of the things I do is I have like telling people hey, like I put it, put it like this. People would get upset, and it's like one of my highs viewed shorts on YouTube, one of my highs quoted and retweeted tweet, and it's about you know, people want to get six figure tech jobs without six figure skills. And or telling people about just getting certifications. It's not going to lend you the job And people hate when I tell them that or we had a, or do it the other day, where we know for a fact is do probably cheat it and took some, use some dumps or something to pass some certifications or not, right. But that's why I tell people like Hey, like, if you want to do a security job, you need to know what you're doing, especially if you look like us. They already was hesitant on hiring you anyway, and now they were like I ain't going to get them no more, and that's what I think a lot of people don't understand. It's like me telling you to do it. The right way is me actually trying to look out for you in the long run versus a short term success that may or may not last. There's a lot of people I've read into that don't know what they're doing And I mean it's nothing you can do to help them. And that's been. I said that I'm putting the episodes, but it was just funny that you you also brought that in because I'm pretty sure you might have witnessed it or talked to some people that was trying to like just be a stay. Way through it It was like that's not it chief.

There's all the time and I'm just like you're making this all look bad And we're not even. we are not even there yet. So, but yeah, no, this is exactly, man.

But yeah, I know what I've been telling y'all the last couple of weeks. Man, you know, stay ahead of the game. Read the last rule, the rule book. So, yes, where can the listeners find you if they want to reach out to you?

Yes, i'm Yaz Abdi on Instagram Y-A-Z-A-B-D-I Keep up with Yaz on Twitter. That's, keep up with Yaz Y-A-Z on Twitter. Knowhackllccom. If you're interested in my business, if you're interested in getting to know more about the services and solutions I provide there Yazman Abdi on LinkedIn. And yeah, i think those are all my socials and, oh, my email is Yazman at knowhacklccom. If you're interested in partnering, working together, have questions, comments, concerns, about anything, feel free to contact me there.

Thank you for that, and y'all already know where y'all could find me. If y'all listening right now, apple podcast, spotify or any other streaming platform is going here and leave us a comment, leave us a review, share this episode out if you found it insightful And, as always, like I say, let's stay textual And until next time we out.