We Hack Purple Podcast 10 with Dominique West

In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Dominique West, to learn what it's like to be a Senior Cloud Security Consultant! She also hosts an awesome podcast called Security In Color , and she tells us all about it!
You can follow Dominique on Twitter, subscribe to her amazing YouTube Channel, or visit her awesome Security in Color website!

This episode sponsored by Thread Fix!

Buy Tanya's new book on Application Security: Alice and Bob learn Application Security https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357

Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/

Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field.

Subscribe to our newsletter here: https://newsletter.wehackpurple.com/
For corporate virtual training contact info@wehackpurple.com

welcome to the we hack purple podcast

where each week

we meet a different guest who is from

somewhere in the information security

industry

they have all sorts of different types

of jobs and we explore

what it's like to do their specific job

so that you can explore and from

so that you can explore your career and

information security

this week we have dominique west as our

guest and i'm really excited to talk to

her

all about her very interesting career

and specifically the job she's in now

and this special episode was sponsored

by threadfix by denim group

and i want to thank our sponsor so the

we hack purple podcast is put on by the

we hack purple community

and academy and we do all the AppSec

things but now on to the best part

our guest dominique west

and there she is

hi thank you for coming on the show i

really appreciate it

thank you for having me okay

so i have questions for you and

the first question is tell me about

so what is okay so introduce yourself

what is your name and if you have a

title online people should know

or a handle yeah so my name is dominique

west

my handle on literally every social

media because i am a lazy person

is at domyboo which is d-o-m-y-b-o-o

i'm not i've had that handle since i

started social media and i'm not

creating

enough to change it um currently and

it's funny because i'm

in between not in between jobs but just

transition to a new role so

currently i'm a technical account

manager but previously

i was a senior cloud security consultant

both of them give me the consulting

aspect but i mainly

work in cloud security that's what i

specialize in have been specializing in

for the past five years now but i've

been in technology and

in cyber security for nine years so

essentially tech has been my life since

i started in the workforce

awesome do you want to talk about so

sometimes if people have more than one

job

i say do you want to talk about both of

them and tell us about both of them or

are you super new at the new one and

you're not comfortable talking about it

and

that's okay if you're like i don't know

it yet i got there last week

yeah so it's been a month and i can talk

about it a little bit because as i'm

learning

um and i definitely understand my role

it's kind of just a lot of onboarding

but i know for purposes especially for

people who like or are interested in

getting to cloud security i can

definitely speak to that more because

that is

a lot of what my background is so i have

no problem kind of teetering between

both because they kind of again align

really well so

as a technical account manager my role

really is to provide

like high level business and technical

consulting to our top enterprise clients

i'm seen as the subject matic expert for

our cloud monitoring product

for the company that i work with and

previously as a cloud security

consultant it was it was much of the

same i was a subject matter expert for

cloud security for our clients

who needed to do anything from

uh auditing their environment right

because a lot of people who are moving

to the cloud don't have the resources

the technical skills and their teams to

do so so they need to make sure

for example that they're reaching

compliance um maybe they need to do some

threat modeling like anything that you

can name within the cloud security space

anything that we had done as a cloud

security consultant which i really

enjoyed because it allowed me to have my

hands

and literally everything i learned

everything there so

it's pretty cool that was hands down

being a consultant or at least being

kind of a client facing in a

client-facing role

is where my uh creme de la creme is

nice so the question i usually first

ask is describe your job

and what what would a day in the life

actually first describe them and then

if it's okay and i can be indulgent like

what is a day in the life like

yeah so um and they kind of

the answer kind of fits for both so as a

consultant

or technical account manager when you're

client facing your day-to-day

is not the same which i love right i

am in a role where i wake up every day

and i have to check like

what's happening because either someone

put a ton of meetings

um whether it's a client or my team onto

my calendar

or you know there's some kind of

training that's going on there's

something that i need to upskill and

learn something has changed in our

environment that i need to be up with

that is where i thrive um i don't i get

bored really easily

so typically my day-to-day starts where

i kind of check my emails i make sure

if it's for example when i was in my

consulting role i kind of checked to

make sure if i'm on an engagement

that if the client has reached out to me

that i prioritize

and make sure i'm addressing whatever

needs that they had so

whether or not they want to hop on a

meeting because they need some more

clarification about something or they're

having experience in an issue

whether or not i need to check to make

sure

you know basically that everything is

copa-static with my clients

and then check to make sure internally

nothing is on fire with my team that i

need to

you know kind of catch up on anything

and then after that i usually spend some

time on whatever

project or engagement am i on so say for

example if

i'm doing an assessment then i'm going

ahead and conducting

maybe some interviews i'm putting

together the documentation

collecting evidence um mapping out

whatever it is that

i'm doing um maybe spending time in

presentations

and then usually i always try to spend

at least one or two hours a day um

kind of personal upskilling meaning

hey i'm doing a training video on

something that i want to learn

um i'm reading up on what's latest in

the news

our latest tooling that's happening

especially if i'm working on an

engagement where

maybe a lot of the times we have to

introduce new tooling to

our customers and clients so as a

subject expert i should know what i'm

talking about so i kind of

do my research like hey has something

changed what updates are coming making

sure that i'm staying current

um and that really happens day to day

and the unexpected usually happens

sometime during midweek

that might throw my schedule off but

typically as a consultant

things change so often on a daily basis

i can only imagine i i have to say i

know that feeling of

i'm going to learn this today or i'm

going to do the and then like just

completely

side like

yes okay so

obviously i have more questions but

first i want to tell

everyone a small announcement my book

came out this week it's available on

kindle and all the ebooks

yes alice and bob learn apptech is now

for sale on amazon and all the places

and they're shipping the physical book

in just days um and so if people

want to buy that i'm going to put a link

in the chat but i want to go back to

speaking about dominique because that's

actually the point of this show in this

episode

um so back to you

what types of personality traits do you

think someone needs to be good at your

job

because it's not the same for every

security job they're different

no no especially because again

with client facing you're talking

literally all day every day

where i have to actively take breaks and

like i need to drink some tea

because i'm running out of saliva like i

just

i talk a lot so communication is

definitely

like you have to be someone who i don't

necessarily want to say you need to be

an extrovert like you need to be

out there but you definitely need to be

comfortable talking with people

communication is number one in this line

of business

um and it would be really hard for

someone to be successful who isn't

comfortable with talking

to a wide variety of people right

because

as a consultant um at least if you're

working for a company as a consultant

and not for yourself because for

yourself you can decide

which clients you're going to work with

or who you want to work with

but if you're working for a company

who's a consultant and consulting

with for them you don't have any say you

kind of just get thrown on something

and have the hope that they're really

nice people but sometimes they're not

right

or just sometimes um i don't know there

might be a communication error i

find a lot of the times it's not that

someone is

mean or upset or angry with an

engagement

it's really a lack of communication

something

is missing there there's a disconnect

and i really like to find

out where that disconnect is coming from

because that makes

my job easier to make you know to make

their life easier

um so i definitely say communication

having really good interpersonal skills

i know we talk

um well i hope in cyber skate a lot of

people talk about having soft skills

like human skills

um i think that's one of the most

important

um kind of traits that you can have or

skills that you can kind of hone and

improve on

um if you want to be in a consulting or

a client-facing role

are you saying that you have to deal

with adverse personalities

that never happens in security ever

for for forever actually like that's

that's all you deal with and

and it's fun right because i'm a person

like i like to read uh

i'm doing a book challenge where i'm

reading 25 books by the end of this year

and one of the books that i've read was

about something called i think it's a

nanograms i don't think i'm saying it

right

but it's basically what about learning

the different personalities that people

have and then how you can

relate to them better right instead of

thinking oh this person is difficult

or oh i just don't get along with these

types of people it's really

understanding hey where is this coming

from

and really taking the time to relate to

one another so i think that's

such an important skill that you could

do is really doing like emotional

intelligence and really just kind of

balancing out

just how to communicate and like relate

to people because your clients and

customers are humans as well like they

they they too have a job that they're

trying to do so how can i make my life

easier by making their life easier

oh i like the topic of that book

um if you want after you can send me a

link and we'll put it in the show notes

for people in case they're listening

so um i have more questions

[Laughter]

so what type of aptitudes does someone

need to do your job well like do

what what about like attention to detail

do they have to have hyper focus

do they have to i don't know like read

minds

if reading minds was the thing i would

definitely say yes

but um because i would just make

anyone actually it might make your life

easier or hell it depends on what you're

reading or listen to but anyway

um i would definitely say um attention

to detail is critical

um again

not necessarily just with client facing

but especially if you're working for

a big company um so i worked for one of

the big fours

and i know attention to detail is key

like they drilled it into us in terms of

making sure

that we were double checking triple

checking going through processes

to make sure that our presentations were

up to standard in terms of you know is

it aligned with

the client's colors is it up to par have

we understood

how they would like to be given

presentations you know do they want a

report format do they want a powerpoint

do they just want you to give them three

bullets you know

really understanding that so attention

to detail is definitely very critical

in terms of hyper focus i would

definitely say you have to

be able to have a balance time

management is key

um otherwise you will get very

overwhelmed it can

get very chaotic um there are

a lot of times where the job can seem

very demanding

where at the end of the day i just

barely can crawl into bed

um after making it but i i don't regret

it but it's just

it sometimes it could just be a long day

that's honestly the nature of cyber

security and consulting it's

it can be very challenging so really

understanding how to

create that work-life balance um have

that attention to detail and be

successful but also

manage your time very well is very very

important

otherwise it will you'll reach that

burnout stage

way often than than you would hope to

i need you to teach me those skills

listen i have to learn and really my

life is just run by apps like my app my

my phone tells me it's like hey nine

o'clock it's time to wake up

10 o'clock time take vitamins 11 o'clock

it's time to drink water like

i have my life run by my calendar google

challenges saved my life

i love it so

your job like cloud cloud security is

pretty technical

and there are a lot of people super

interested and very

curious what what types of technical

skills do they need

and um i guess what types of training

could someone take so they could try one

day

to do your previous job

so the great thing about cloud security

is that literally the

skill set or the foundation you need is

in the name

right you need to have a cloud computing

background or foundation and then a

security

foundation and background so i always

try to encourage people who are

interested like hey

if they're a new person to technology in

general getting started i always

encourage them hey

you need to really get a foundation in

security and learn the basics

a lot of that is covered um by trainings

like security plus a plus network plus

kind of like the triad that people call

about

no i know certifications can really be a

here in their kind of conversation

but they do at least the um

the books and the knowledge is useful

whether or not you get the certification

you need all those certifications

totally up to you but the knowledge that

you get from

studying for those certifications is

useful in giving you

a really good foundation same with cloud

security i mean same with um cloud

computing

there are a wide variety of vendors out

there

who give you foundations in their

platform specifically

um but each one of those concepts that

they teach you

goes across the board iam is the same

across the board with all three they

just might be named different

the threat monitoring tools the same dlp

or data loss prevention the same so

a lot of the concepts that you'll find

in cloud computing and security combined

together

will give you that foundation to be a

cloud security engineer

analyst architect anything that you're

trying to be um

and then as far as training goes for me

the best training came from real world

experience

i went to school for computer science

and

i felt i didn't as soon as i got into my

job i'm like i don't know why i did that

because

i learned nothing and i really learned

everything from my first job

um not to say that school you're like

you shouldn't go to school and i think

don't do that

but what i'm saying is that translating

my formal education to my real world

experience was a bit difficult right

because again real world experience

there's like there's nothing that can

beat that at this point

but i also understand there is a large

disconnect with people trying to get

into the field pivot into the field so

real world experience

might take some time for someone to get

so in the meantime

there are so many free trials out there

especially for cloud vendors

cloud security for people to stand up

their own environment

and get that real world project

experience right you can

stand up your own environment in google

cloud and aws

and then azure and you can learn how to

spin up virtual machines you can install

applications on them you can run

real traffic through them because they

have a lot of um

what do you call it data that you can

run through in order to kind of build up

the environment

and you can test that out and you can

create projects to put on your resume

to help coincide with the lack of quote

unquote real world experience

but you can build up your skill set that

way so i always encourage doing self

training and a little bit if you have

the opportunity maybe to go to school or

go to a boot camp i highly encourage

that as well because there's nothing

like kind of getting formal education

but self training definitely is out

there and people have been very success

successful you know doing that on their

own in order to get a job

i agree can we talk about certifications

because i feel like it's a thing

that people avoid to like

whenever i'm on the internet all i ever

hear is like should i get this

certification or that certification

and i feel like a lot of people think

it's a touchy subject

but maybe because this is an education

podcast we could touch a little bit on

like you don't have to take a firm

stance but maybe we could explain what

certifications are

and like potential value that they could

have

yeah and i agree where a lot of people

ask hey should i get all of these

certifications

and i you know i know and i hate seeing

it and i'm like it really depends

right everything will always depends and

like that's something that you'll

literally always hear

in the field and they're like maybe or

it depends that will literally always be

an answer but

certifications really to me

my opinion certifications serve

two purposes one to get you through the

door for hr

that's one of the main reasons to get

certifications right

because unfortunately to get a job hr

needs to check these boxes for their

candidates

and if you don't have that box checked

you could be ruled out at any given time

and then two

certifications can serve as an open door

different networks um different

opportunities

different training and learning so for

example i have my ciss peak

certification

and getting that certification allowed

me to be a part of the isc square

community

and in doing so i got access to free

training i had access to a network of

other cissps

i get access to emails and first hand

xyz that they offer i would never have

gotten that had i not gotten that

certification right

so i always tell people getting every

certification isn't necessary

if you have the time and the money or

someone else is paying for it

and you're bored by all means

go buy every certification but or go

attain every certification but if not

the way i have done my certification

route is i map all of my certifications

to the roles that i plan on going for if

it's a requirement for that role

and because i don't want to be ruled out

then i will get it

so when i was first starting off in

cyber security

uh the only thing i heard about then was

the a plus and security plus and network

plus right that was

the foundational triad that you need to

be successful

i got the a plus i jumped to security

plus because that was the field i wanted

to get into

i was good there that allowed me to at

least have conversations with hr

managers

who are hiring for security positions

then from there i said okay now i want

to get into more advanced security

positions right

i want to start getting into the

engineering i want to be a little bit

more technical i don't want to do just

the analyst positions

in order for me to do that a lot of the

roles required is the issp certification

so i'm like okay

i need to get the experience i need to

pass this test so i

you know set a strategy for me to be

successful in order to get that

and then when i wanted to get into cloud

security same thing i'm like okay

if i wanted to be an engineer and i

noticed a lot of my job roles were

saying they want someone who can do aws

let me get aws certification they want

azure let me go ahead and do

azure certification so for me

certifications

serve a purpose not all of them are

necessary

um again i just really encourage people

map out a blueprint for your career and

then have your certifications aligned to

that blueprint

that is basically like the best

explanation ever thank you

that was so good i was like i have

nothing to add

a lot of people ask me which

certifications do you have i'm like i

don't have

any but most people can't go the i'm

just going to be famous route

it's not the thing most people can do

and in the canadian government they

weren't required so then i had all this

experience and

release research papers i'm like that's

a really inefficient way to do it

compared to getting certain

certifications and that worked

a while ago right because there are a

lot of people who are in the field who

back then

certifications wasn't a marker of your

experience right it was

real world job experience have you been

in this field for this long can you

tell me about the different roles like

experience was enough

somewhere along the line certifications

became

just as important um and became

the gate keep like it's just

like a bridge it keeps a lot

certification keeps people whether or

not they're going to get the job

unfortunately

and i always tell people and i'm like

just at the current

it's harder to dismantle the system of

disconnect between

hr and hiring in in the pipeline

what's easier right now because you

want to get into the field and you need

a job and you have two bills to pay

is to unfortunately play the game right

so you need to get a certification like

unfortunately to get through the door

unless you go the the twitter

like the the really famous route if you

can do it that way you know kudos to you

yeah it's a lot more time consuming

to start your own open source project to

release several research papers to like

it's way way way more like it'll be

better

if you just and then a lot of people

think oh if i do the famous or and i'm

like the famous route isn't

that doesn't yeah that's like saying oh

i'll be able to afford a house

if i become like a rock star it's like

that's not gonna happen right

yeah no yeah unfortunately you have to

get one at least one you have to get

something

yeah i also feel that there's like

you're talking about the disconnect

between hr

and the hiring pipeline i feel like they

just don't know what questions to ask to

actually understand if the person

does know their stuff so they're like

well we'll just ask for a cert

because then the people that giving the

cert have already asked

all the important questions to know they

know their stuff

i mean i i think like if you have a

technical person it's happening

is it is it because i again

i can't speak for everyone but i would

just think that the hiring

the person who's doing the recruiting

would talk to whatever team it is that

is hiring right and really understand

and maybe that's the thing right

sometimes a lot of teams don't

understand what they need like what is

this person fulfilling what gap is this

person fulfilling within my security

team

and if you can't understand and

translate that there's no way that

hr recruiter is going to understand and

translate that because they have no idea

what you're talking about they have no

idea what gap you're trying to fill so

yeah there's a a really large disconnect

but

at the time i really just try to mentor

and help people and i say hey

try to align as much as you can this is

i can only tell you what i've done and

what has helped me be successful

um and hopefully that you know that'll

help as well

we hack purple now offers a certificate

because

like basically people are like it's

really nice i've learned all this

awesome stuff

but i literally i have to be able to

show people like i went

to school there and i'm like okay let's

do it

yeah um and like now you know i guess to

show their hard work which is but i like

but it's just it just really sucks

especially because a lot of the

certifications cost

a lot of money i saw that yeah security

plus now is 350

which is like double almost of what i

paid when i got it and 350 dollars can

be a lot of money for people especially

in the pandemic so getting a security

plus and an a-plus and getting all these

certifications to try to be

a viable candidate can literally put

someone

in a really financial bind and then if

they don't get that job

what happens it was six months down the

line and nothing is baiting

you know they have bills to pay so i

really really really really do hope

that keeping continuing to talk about

this broken pipeline

and certifications really helps a lot of

people

to start bringing awareness to fix it

because

there's a lot of people who need jobs

there's a lot of end we keep talking

about this

cyber security skills gap or xyz but

we're not giving people the opportunity

to really fill that gap

and to be successful in this career i

could not agree with you

more and not to talk about myself

too much but i agree with you so

strongly that yes we are

trying to create solutions for that at

we have purple

because i'm just like introducing people

to students and doing this and doing

that and i'm just like can we figure out

a way where we get them all jobs because

that's what everyone actually truly

wants right so

people take training for one of two

reasons like one

they want to like find a job or two they

want to be more awesome at a job they

have

and so if they want to be more awesome

at a job they have awesome

like i'll just train you and show you

all the cool stuff and give you tools to

bring back to work

awesome but for the people where they're

like i want a job or i want to switch

jobs like how can we make that happen

because if we like

i feel like from a business perspective

if everyone just

finds the job and the if they get the

thing that they truly want

and then they're they go off and they're

awesome at it like everyone wins

like the industry wins the people win

and i'm like i

so i am like all like thinking about

solutions because i feel this is

a huge hole in our industry and i'm

sorry i got so off topic but i was just

like no

listen i have no problem talking about

because that's something that i also try

to do i don't know how to create

these solutions or i'm not in a position

yet of doing hiring

right of being the person to be able to

provide that job opportunity

but in the meanwhile i can definitely

help people get resources i can figure

out how can i do this for free

i can sponsor someone for certifications

i can i'm

in a position where i'm able to give

back in my community and that's

just what i really want to do because

again there is so many things that's

broken

and i feel like that's way harder to try

to fix where i can just try to provide

as much as i can resources and

opportunities for people

speaking of dominique giving back

so first of all i'm sharing underneath

you right now

dominic giving a workshop for the oauth

devslop

team about google cloud security

and it was awesome she was great she

joined me nikki and nancy actually i

wasn't at this one

so nikki but nikki and nancy are always

amazing and

yeah yeah it was a good episode and i

i'm not saying it has over 400 views so

people

really oh my goodness yeah some people

really liked it so

there's a link to that but gosh do you

do another thing dominic

that like people should know about

why i do um

i am the creator of security and color

which is a platform giving cyber

security resources for everyone to be a

cyber champion

um as i talk about i evangelize cyber

security

everywhere in my life at work at home to

my mama

everywhere um and i wanted to do it to

every

you know to the average and everyday

person i have a weekly podcast that

is now syndicated literally everywhere

um also called security and color

where i disseminate the top cyber

security news happening not only in the

united states but all over the world

and then i give out a weekly newsletter

that's also filled with opportunities

for people to take advantage of so i

post things like

job postings that might be happening

because i know a lot of people who are

in positions of hiring and they're

looking for people so i try to

you know share that out as much as i can

i also give news articles there but i

also give

for tech events because i'm also a

person who likes to attend tech events

and workshops not only just give them

and i know how difficult it can be to

figure out like what's happening this

week this month

this year xyz especially since

everyone's at home and everything's

virtual

so it's like trying to find links so i

kind of have a one-stop shop where

people can figure out hey

what's going on in the tech world during

this week and this month and you can

find

you know all of that on my platform

i happen to have um securityandcolor.com

underneath you and color is spelled the

american way not the canadian way

i actually was like searching for it

before the show and i was like

c-o-l-o-u-r

and i was like where is she i know i've

been to this site before how come i

can't find it i was like wait

americans less letters simpler

it's okay and it was funny because

actually my roommate asked that too and

she was like how come you don't put the

o-u-r

and i was like i don't know i've been

brainwashed to spell it this way

that's all i know no it's it's like uh

i guess canadians spell it one way and

american spelled another way there's a

couple things where we spell it r e

and you spell it e r or american spell e

and then i'm like why and the word

defense

so an s versus a c and and so

my publisher for my book is american and

so they kept correcting me i'm like

no i'm sorry but you're wrong

my team was located in europe and

every time we had to write like reports

or something

we would have like the word

organizations would come up right

then of course in america we saw

organizations with the z

and they spell it with the nasa we would

have these arguments back and forth

fixing reports on who was right or who

was correct so we had to pick okay this

this report's going to be the american

one and this report will go up to the

european one we had

so many fights over here oh my gosh

okay i'm going to thank our sponsor

thread fix from denim group

the most spectacular vulnerability

management

platform this side of the galaxy

and with that i want to ask everyone to

first of all obviously go out

go check out our sponsor thread fix and

then immediately

color podcast

and then if you're not already

subscribed to we have purple podcast do

that

and then also subscribe to her youtube

which i'm just going to share

now security and podcast youtube yeah i

looked up all the links that's right

um and then also then we're gonna follow

dominique

on twitter so security in color with

know you

and then also domi boo so i'm gonna put

that up too now

and then also press the subscribe and

like button

yes marketing complete good job tanya

awesome

okay so next question

does your job pay well is it

is it this like a thing where am i going

to be am i going to be buying a honda

fit that's eight years old that's used

that

sort of starts most the time or can i

buy a new car

no because i am

in a role that is seen as more senior

level

um and definitely with the managerial

level now

they definitely do pay well i know a lot

of people come into tech thinking

they're gonna start off

making six figures and i really hate

that narrative because it really

disappoints a lot of people off the bat

especially when

you have to start up for entry level and

unfortunately entry level is just

synonymous with

just not making a lot of money with not

six figures

yeah but the fortunate thing is that you

can definitely

get to six figures as i have in

my roles as i've gotten senior level and

i know a lot of people think well oh and

i can only do that if i live in really

big cities

or you know because of course they're

trying to compensate because of

um cost of living and that's not the

case at all especially now

that a lot of people are remote and we

definitely have proven in this industry

that you can work just as well from home

that you can in the office

so definitely in different smaller

cities and so i live for example in

atlanta georgia

and it's still a pretty big city but

in the south cost of living here is way

cheaper than for example in new york

city

um so it's definitely possible to

definitely hit six figures

as a consultant as a client facing role

in cloud security

in all of the roles that i've had within

cloud security or doing consulting or

anything client-facing

i've definitely been either very close

or have surpassed it there so

i can definitely say that this is an

industry that not only

challenges and you get a lot but it also

pays you for the work that you do

which is really important a lot of

people really get

which can it's fair a lot of people are

really shy about it in terms of asking

like hey does this pay

well but at the end of the day we all

have bills to pay we have to survive

as people people have families people

have lives people want nice things and i

think

you know you're definitely entitled to

have that so making sure that you're

aligning with roles that is going to pay

you for

the work that you do is very important

it's really stupid

yes we were talking about this earlier

and i was explaining it's important

because people need to know so for

instance i am a startup founder

and i am going to get my first paycheck

in two or three weeks but we started in

february and i'm

ecstatic that and i'm probably going to

pay myself

close to what the students get paid

because i just want to have some sort of

paycheck but i'm like so

excited but other people are like wait i

thought ceos made tons of cash and i'm

like not this one

however for a long time yeah but

but there's the glory of being able to

design your own job and work at the

place you've always dreamed of working

at and do things that feel

like they really matter to you etc but

it does not

pay well despite what you might see of

like that one

ceo that then like sells off in two

years and makes all the billions and

whatever like that

is not most of us just to be clear and

they don't tell you the story behind

that either right they don't tell you

what that person their background where

they came from who's helping them

xyz we always just see the success story

we see the oh the billions the millions

the

xyz you don't really see what's

happening behind the scenes

of how they got there so definitely

exactly don't take peed into trying to

copy or be someone just because they're

making a lot of money right now

you do have to do the work there is some

work that is involved with getting there

but it does pay

off i agree with her

yep and also i think i think that her

job sounds really good

so are there lots of opportunities

for that type of role like if someone

wants to they want to get into it is it

like fierce and cutthroat are there

opportunities

no there are definitely opportunities

but again

being in a consulting role and

especially for

um a really big firm or for anything

client-facing

it does require you to have years of

experience right this is definitely not

a role that you would get within the

first

one to even four years right i'm not

saying it's impossible because again

there's plenty of people who've been

able to navigate it

and i think especially um this goes for

i would say maybe for those who are

already in the field so if you come from

maybe a sales background something that

required you to interact with

people or customers xyz and then you

just kind of need the technical aspect

then sure

i think there's a path there's

definitely a pathway for you

but if you're just starting out your

first couple of years again really

is on building your foundation but

there's plenty of opportunities to be a

consultant

um everyone's always looking for someone

to help because every everyone always

needs help

especially in cloud security because

there's lots of organizations who just

don't have the time or resources to

build their own team

so they kind of outsource that to big

firms who can do that work for them

but there's also plenty of client-facing

rules because again cloud security is

just

a booming industry right now and a lot

of people are taking advantage of just

trying to find subject matter experts

because there are not a lot of them at

the moment at least at this high level

so if you can get into the field now and

build your foundation

i you definitely have job opportunities

that are coming your way

what do you like best about your job and

you can say the old job

and or the new job i'll take whatever

gravy i can get

so what do i like best for me it would

definitely be the

day-to-day challenge um and then working

with a wide variety of people

so as i kind of alluded to before i do i

get bored very easily in jobs mundane

tasks and

all of that just doesn't work well

that's not where i thrive um

and i thrive where i'm in a position

that is challenging me to learn

something

being able to apply what i learned and

then perhaps maybe teach it

and the two roles that i have the

current one that i have now and the one

that i had before allowed me that

opportunity

where again as i was saying i would wake

up each day and i would have a new email

that something new has happened and

i need to get on it or that i have the

opportunity and space to learn something

so i can apply it in the future and i

really enjoy that i really love being a

student as much

as long as i've been in this industry i

really love still being a student the

fact that technology is changing

literally every day and i have to have

something to look forward to and learn

every day and i can apply that to my

everyday work

and then help organizations and clients

meet their needs and meet their goals

and like actually tangibly seeing it

right they're like hey

my security posture is really shitty

right now

how can i improve and then literally

helping them improve that and then

like hey you know and then not only just

helping them approve them right because

you can't just fix someone's cyber

security posture and have them go on

their merry way because

that's how they got there in the first

place you need to you educate them and

teach them at the same time so being

able to teach teams

and like empower teams to be successful

in their own right is really

cool to me right it's like being able

maybe i have a future somewhere of being

a professor but

to teach and help people kind of learn

and be successful in their own right and

not necessarily just doing it for them

i love it that's

i totally uh i can totally feel that

definitely so the opposite question

what are what is the thing you like the

least about your job

and you're probably not going to be like

it's that guy over there but

maybe there's like a thing that bothers

you that like keeps coming up

like maybe angry people

the least thing i

i would definitely say is how

demanding the job can be

because again you're talking to so many

different people

and yes i'm networking and i'm learning

and i'm teaching and i'm being this

really great evangelist

but at the end of the day that can be

very draining

and very tiring and like i said there

are times and days where i barely have

enough energy to just crawl

into the bed and like go to sleep to

wake up and do it all over again

and that's like the other side of the

coin really it's just like

we and that's where you have to learn

about work-life balance

and figuring out you know that security

and this job isn't my entire life

and that i have to sometimes say no

saying no it can be really really hard

especially if you're a person who

perhaps doesn't have kids and is not

married and

they expect you to be on all the time

and i'm like

no i too like to go home on time and i

too

like to you know watch netflix

right and have a life yeah exactly so

really figuring out that balance of

being successful and making sure that

i'm

putting my best foot forward but also

that i'm taking care of me

and not letting the challenges and the

demands of the job

take over my life because i have

experienced burnout before

and i definitely don't like it i don't

want to go back to it

um but it is something that can happen

it's just

i i really hate saying that is the

nature of the job but if you don't

figure out a way to balance your life

unfortunately i think it's just

something that

more than likely what happened to to the

average person

yeah they start calling you tanya

this is this is the thing that i need to

be better at so i'm just like i'm like

taking notes

like i'm like okay yes for me too i have

to remind myself every day and i'm like

you can't do everything dominique like

sometimes you have to cut off like i

have to be very active and saying

okay there are days where i don't mind

being up and working till 10 because

there's just stuff that needs to get

done and that'll help me tomorrow

because i don't want my tomorrow to be a

really long day so let me

sacrifice today to be really long but

i'm not doing that every day

awesome that's yeah

that is wise advice that i think many of

our listeners could really

appreciate if they apply to their own

lives for

sure so

what advice would you give someone that

wants to try to get into a role similar

to yours that either you have now or

your previous role

like in maybe like actionable steps

i don't know if i muted myself partway

actionable steps

i know you're fine okay um some

actionable steps that i would say for

people who are looking to get into cloud

security

and as either a consultant engineer xyz

my first advice would always be apply

for the role

like press the button mainly because a

lot of us

especially women tend to not apply for

jobs if we're not checking

every box that's there as a consultant

what i've learned best is that i've been

able to take a little bit of my

experience

in everything that i've done and can

apply it somehow

to whatever engagement i need to do or

if not

i'm i i'm with a company that gives me

the space to know that they'll support

in making sure that i'm successful and

they give me this the space to learn

whatever it is that maybe i don't know

if there's a gap there right

so my first thing is always apply for

the role because you will never know if

you'll get it you'll never know if

you'll get that real world experience

if you don't go out there and physically

press that button and apply for it

and even if you don't get the job right

interviewing

is experience it helps get comfortable

with talking to recruiters with

understanding how technical interviews

and then next you know you will start

acing interviews left and right

you'll have so many job offers you don't

know what to do with yourself

so get comfortable with doing that

um and then second i am

a person who has to physically write

down

goals in order to

achieve them because in my head is a lot

of chaos already

so i need to put that chaos down into

actionable items for me on pieces of

paper

so if someone wants to get into cloud

security like i said before

what what i always advise my mentee to

do i

told her to do look up roles on linkedin

on indeed on whatever job sites pick out

a role

so if you want to do cloud security

engineer if you want to do cloud

security architect right

just start googling rules once you

figure out those roles

what skills are these roles asking for

they want you to learn

python do you need to learn linux do you

need to learn aws do you need to learn

xyz

now you have five things that perhaps

you didn't know about before

and now you have an action plan of what

you should be studying right

a lot of people say what should i be

studying what should certification

should i get to

literally the job roles tell you they

plan out a blueprint for you

but i think a lot of people get really

overwhelmed

in terms of what should i be doing pick

a role that sounds really good for you

craft it in your mind and then put it to

pen and paper and go for it

that's one of the best things that i can

say has been successful in me whenever

i'm going for a role

because it can be overwhelming right the

job

process is overwhelming there's like

there's no other way to put that so to

make it easier for you

figure out which role you want start

googling the rules

understand the skill sets make a plan

and then go for it

that is literally the most succinct

advice that we have had that is super

duper duper

actionable seriously i feel like we

should make

some sort of motivational poster where

and then at the end it says and go smash

it like

you set that goal you make the list of

things you go study the crap out of them

then you smash the goal you're like i've

been preparing this my whole life

exactly and then when you get in there

you and it makes you

comfortable with the entire process

right because

none of it is easy right and i don't

know if it's just by design the way it

is but it's not easy and it's really

overwhelming so it's like what can i do

to make this experience better for me

and more comfortable for me so i can be

successful because

being chaotic and everything that just

doesn't work well for me i just i feel

like i don't

have a way forward and way through and

for a lot of people and i

if it applies to me i know it applies to

a bunch of other people so

hopefully that helps with someone out

there but um

yeah just go for it press the button yes

i feel like that should be a slogan

press the button

just apply just do it

so do you do you

do things outside of your nine-to-five

job that you wanna share with us and

it's okay if you talked about it before

i still wanna hear about it again

um outside of my nine to five a lot of

it has been

building my platforms to creating color

which i had spoken about before

um and i can speak about like a little

bit about how it came about

so um last year at the beginning of the

year

i just had i don't know i was at this

moment where

i feel like i had something to

contribute to the community i had no

idea how

right i know there was a lot of people

who were feeling like they had no path

no representation no way of doing

anything

and i too was like okay where is that

person who is that person

um and finally i kind of just got to a

point where it's just like you know what

i have knowledge i have experience

i have a voice i have i should share it

um so i started

writing i just created a little blog

and i started creating um writing some

articles

because i wanted to um again i always

talk about evangelizing but i want to

talk about security right i like to talk

about

a lot of people because i think security

is for everyone not just for

professionals or people in the industry

our

data in our lives us as humans we are

gold mines now

so we should have the tools and

resources in the education to protect

ourselves or the everyday person should

be able to protect themselves

so i was like okay well the best way of

knowing that i know what i'm talking

about is if i can disseminate and write

that information for someone else

to read who maybe isn't in the industry

so i would have my friends read i would

have my

my mom read um and after a while a lot

of people were like i really like this i

was able

to understand this it's this is not

technical gibberish

like i actually know what you're trying

to tell me i understand what

multi-factor authentication means

now so yeah so

after doing that for a little while i'm

like okay

blogging is cool but i think at that

time naturally everyone was going for

podcasts i'm a big podcast person

i like to talk so i'm like why not do an

audio form and that's where the podcast

came about

um and i really just wanted to talk

about news because even for myself as a

cyber security professional when i

read articles sometimes they're too

technical and i'm like

i just i just want to know what's

happening like i

i appreciate the detail that they give

me especially if you're someone who's

interested in learning

how this malware is breaking down how

things are dropping xyz

but for the average person who wants to

know why this breach happen and what

they should do

they have no idea how to get that

information out of a technical article

so i wanted to be able to translate that

information into an easily digestible

way

and i always say your mom your grandma

your brother everyone is able to

understand it

across all kinds of generations and

spectrums

so that's really where the podcast

starts to come about and

yeah we've we've gotten a really good

audience i have such amazing supporters

and listeners so

we're still growing um and then i saw

another gap in terms of having

a cyber security kind of newsletter i

wanted a newsletter

i didn't really see one so i just

created one

that had a lot of the information i was

putting on my podcast but also a little

bit more again i saw there was

some gaps in the pipeline in terms of

people looking for jobs there were some

gaps in terms of

people not knowing where to find tech

events so i'm just trying to fill set

gaps

so that way people have a one-stop shop

where they can find things where they're

like hey

i want to know what's happening in the

tech world or i want to know what event

is happening next week let me go to

securityandcaller.com

or hey i want to catch up on the news

for this week and i want to know

you know what breaches are happening or

what special topics can i

i understand because i give a lot of

career advice as well let me go to

skating color podcast

so really trying to make it a one-stop

shop for the everyday cyber security

champion to be able to go to

that is awesome and to say it a little

slower security in

color.com

do not put a u in it the american way

yes because otherwise you'll get lost

like tanya and that's

okay i want to thank

you so much for being on the show you're

a fantastic guest

you're so easy to talk to it's really

good

and thank you so much for having me so

every single person listening or

watching has obviously already

subscribed

to security and color and bookmarked the

website

including me and and also they've

subscribed to our podcast and also

they want to thank our awesome sponsor

threadfix and also

um this was great this was really great

thank you so much for being on the show

i really appreciate your time

it's awesome i love everything that

you're doing so i'm super happy to be a

part of it

thank you so once again our guest was

dominique

west and i am going to do the goodbye

would you are you interested in waving

before we disappear

and then we do the goodbye out just bye

everyone

thank you awesome

so uh thank you for tuning in to the we

hack purple podcast

each week as you know we interview

an amazing human from the information

security industry to learn about what

different types of jobs that they had

this week we interviewed dominique west

and learned quite a bit

especially how we all need to subscribe

to her podcast

We Hack Purple Podcast

We Hack Purple Podcast 10 with Dominique West

Listen to this podcast on