In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Dominique West, to learn what it's like to be a Senior Cloud Security Consultant! She also hosts an awesome podcast called Security In Color , and she tells us all about it!
You can follow Dominique on Twitter, subscribe to her amazing YouTube Channel, or visit her awesome Security in Color website!
This episode sponsored by Thread Fix!
Buy Tanya's new book on Application Security: Alice and Bob learn Application Security https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357
Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/
Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field.
Subscribe to our newsletter here: https://newsletter.wehackpurple.com/
For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Dominique West, to learn what it's like to be a Senior Cloud Security Consultant! She also hosts an awesome podcast called Security In Color , and she tells us all about it!
You can follow Dominique on Twitter, subscribe to her amazing YouTube Channel, or visit her awesome Security in Color website!
This episode sponsored by Thread Fix!
Buy Tanya's new book on Application Security: Alice and Bob learn Application Security https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357
Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/
Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field.
Subscribe to our newsletter here: https://newsletter.wehackpurple.com/
For corporate virtual training contact info@wehackpurple.com
welcome to the we hack purple podcast
where each week
we meet a different guest who is from
somewhere in the information security
industry
they have all sorts of different types
of jobs and we explore
what it's like to do their specific job
so that you can explore and from
so that you can explore your career and
information security
this week we have dominique west as our
guest and i'm really excited to talk to
her
all about her very interesting career
and specifically the job she's in now
and this special episode was sponsored
by threadfix by denim group
and i want to thank our sponsor so the
we hack purple podcast is put on by the
we hack purple community
and academy and we do all the AppSec
things but now on to the best part
our guest dominique west
and there she is
hi thank you for coming on the show i
really appreciate it
thank you for having me okay
so i have questions for you and
the first question is tell me about
so what is okay so introduce yourself
what is your name and if you have a
title online people should know
or a handle yeah so my name is dominique
west
my handle on literally every social
media because i am a lazy person
is at domyboo which is d-o-m-y-b-o-o
i'm not i've had that handle since i
started social media and i'm not
creating
enough to change it um currently and
it's funny because i'm
in between not in between jobs but just
transition to a new role so
currently i'm a technical account
manager but previously
i was a senior cloud security consultant
um
both of them give me the consulting
aspect but i mainly
work in cloud security that's what i
specialize in have been specializing in
for the past five years now but i've
been in technology and
in cyber security for nine years so
essentially tech has been my life since
i started in the workforce
awesome do you want to talk about so
sometimes if people have more than one
job
i say do you want to talk about both of
them and tell us about both of them or
are you super new at the new one and
you're not comfortable talking about it
and
that's okay if you're like i don't know
it yet i got there last week
yeah so it's been a month and i can talk
about it a little bit because as i'm
learning
um and i definitely understand my role
it's kind of just a lot of onboarding
but i know for purposes especially for
people who like or are interested in
getting to cloud security i can
definitely speak to that more because
that is
a lot of what my background is so i have
no problem kind of teetering between
both because they kind of again align
really well so
as a technical account manager my role
really is to provide
like high level business and technical
consulting to our top enterprise clients
i'm seen as the subject matic expert for
our cloud monitoring product
for the company that i work with and
previously as a cloud security
consultant it was it was much of the
same i was a subject matter expert for
cloud security for our clients
who needed to do anything from
uh auditing their environment right
because a lot of people who are moving
to the cloud don't have the resources
the technical skills and their teams to
do so so they need to make sure
for example that they're reaching
compliance um maybe they need to do some
threat modeling like anything that you
can name within the cloud security space
is
anything that we had done as a cloud
security consultant which i really
enjoyed because it allowed me to have my
hands
and literally everything i learned
everything there so
it's pretty cool that was hands down
being a consultant or at least being
kind of a client facing in a
client-facing role
is where my uh creme de la creme is
nice so the question i usually first
ask is describe your job
and what what would a day in the life
actually first describe them and then
if it's okay and i can be indulgent like
what is a day in the life like
yeah so um and they kind of
the answer kind of fits for both so as a
consultant
or technical account manager when you're
client facing your day-to-day
is not the same which i love right i
am in a role where i wake up every day
and i have to check like
what's happening because either someone
put a ton of meetings
um whether it's a client or my team onto
my calendar
or you know there's some kind of
training that's going on there's
something that i need to upskill and
learn something has changed in our
environment that i need to be up with
that is where i thrive um i don't i get
bored really easily
so typically my day-to-day starts where
i kind of check my emails i make sure
if it's for example when i was in my
consulting role i kind of checked to
make sure if i'm on an engagement
that if the client has reached out to me
that i prioritize
and make sure i'm addressing whatever
needs that they had so
whether or not they want to hop on a
meeting because they need some more
clarification about something or they're
having experience in an issue
whether or not i need to check to make
sure
you know basically that everything is
copa-static with my clients
and then check to make sure internally
nothing is on fire with my team that i
need to
you know kind of catch up on anything
and then after that i usually spend some
time on whatever
project or engagement am i on so say for
example if
i'm doing an assessment then i'm going
ahead and conducting
maybe some interviews i'm putting
together the documentation
collecting evidence um mapping out
whatever it is that
i'm doing um maybe spending time in
presentations
and then usually i always try to spend
at least one or two hours a day um
kind of personal upskilling meaning
hey i'm doing a training video on
something that i want to learn
um i'm reading up on what's latest in
the news
our latest tooling that's happening
especially if i'm working on an
engagement where
maybe a lot of the times we have to
introduce new tooling to
our customers and clients so as a
subject expert i should know what i'm
talking about so i kind of
do my research like hey has something
changed what updates are coming making
sure that i'm staying current
um and that really happens day to day
and the unexpected usually happens
sometime during midweek
that might throw my schedule off but
typically as a consultant
things change so often on a daily basis
i can only imagine i i have to say i
know that feeling of
i'm going to learn this today or i'm
going to do the and then like just
completely
side like
yes okay so
obviously i have more questions but
first i want to tell
everyone a small announcement my book
came out this week it's available on
kindle and all the ebooks
yes alice and bob learn apptech is now
for sale on amazon and all the places
and they're shipping the physical book
in just days um and so if people
want to buy that i'm going to put a link
in the chat but i want to go back to
speaking about dominique because that's
actually the point of this show in this
episode
um so back to you
what types of personality traits do you
think someone needs to be good at your
job
because it's not the same for every
security job they're different
no no especially because again
with client facing you're talking
literally all day every day
where i have to actively take breaks and
like i need to drink some tea
because i'm running out of saliva like i
just
i talk a lot so communication is
definitely
like you have to be someone who i don't
necessarily want to say you need to be
an extrovert like you need to be
out there but you definitely need to be
comfortable talking with people
communication is number one in this line
of business
um and it would be really hard for
someone to be successful who isn't
comfortable with talking
to a wide variety of people right
because
as a consultant um at least if you're
working for a company as a consultant
and not for yourself because for
yourself you can decide
which clients you're going to work with
or who you want to work with
but if you're working for a company
who's a consultant and consulting
with for them you don't have any say you
kind of just get thrown on something
and have the hope that they're really
nice people but sometimes they're not
right
or just sometimes um i don't know there
might be a communication error i
find a lot of the times it's not that
someone is
mean or upset or angry with an
engagement
it's really a lack of communication
something
is missing there there's a disconnect
and i really like to find
out where that disconnect is coming from
because that makes
my job easier to make you know to make
their life easier
um so i definitely say communication
having really good interpersonal skills
i know we talk
um well i hope in cyber skate a lot of
people talk about having soft skills
like human skills
um i think that's one of the most
important
um kind of traits that you can have or
skills that you can kind of hone and
improve on
um if you want to be in a consulting or
a client-facing role
are you saying that you have to deal
with adverse personalities
that never happens in security ever
for for forever actually like that's
that's all you deal with and
and it's fun right because i'm a person
like i like to read uh
i'm doing a book challenge where i'm
reading 25 books by the end of this year
and one of the books that i've read was
about something called i think it's a
nanograms i don't think i'm saying it
right
but it's basically what about learning
the different personalities that people
have and then how you can
relate to them better right instead of
thinking oh this person is difficult
or oh i just don't get along with these
types of people it's really
understanding hey where is this coming
from
and really taking the time to relate to
one another so i think that's
such an important skill that you could
do is really doing like emotional
intelligence and really just kind of
balancing out
just how to communicate and like relate
to people because your clients and
customers are humans as well like they
they they too have a job that they're
trying to do so how can i make my life
easier by making their life easier
oh i like the topic of that book
um if you want after you can send me a
link and we'll put it in the show notes
for people in case they're listening
so um i have more questions
[Laughter]
so what type of aptitudes does someone
need to do your job well like do
what what about like attention to detail
do they have to have hyper focus
do they have to i don't know like read
minds
if reading minds was the thing i would
definitely say yes
but um because i would just make
anyone actually it might make your life
easier or hell it depends on what you're
reading or listen to but anyway
um i would definitely say um attention
to detail is critical
um again
not necessarily just with client facing
but especially if you're working for
a big company um so i worked for one of
the big fours
and i know attention to detail is key
like they drilled it into us in terms of
making sure
that we were double checking triple
checking going through processes
to make sure that our presentations were
up to standard in terms of you know is
it aligned with
the client's colors is it up to par have
we understood
how they would like to be given
presentations you know do they want a
report format do they want a powerpoint
do they just want you to give them three
bullets you know
really understanding that so attention
to detail is definitely very critical
in terms of hyper focus i would
definitely say you have to
be able to have a balance time
management is key
um otherwise you will get very
overwhelmed it can
get very chaotic um there are
a lot of times where the job can seem
very demanding
where at the end of the day i just
barely can crawl into bed
um after making it but i i don't regret
it but it's just
it sometimes it could just be a long day
that's honestly the nature of cyber
security and consulting it's
it can be very challenging so really
understanding how to
create that work-life balance um have
that attention to detail and be
successful but also
manage your time very well is very very
important
otherwise it will you'll reach that
burnout stage
way often than than you would hope to
i need you to teach me those skills
listen i have to learn and really my
life is just run by apps like my app my
my phone tells me it's like hey nine
o'clock it's time to wake up
10 o'clock time take vitamins 11 o'clock
it's time to drink water like
i have my life run by my calendar google
challenges saved my life
i love it so
your job like cloud cloud security is
pretty technical
and there are a lot of people super
interested and very
curious what what types of technical
skills do they need
and um i guess what types of training
could someone take so they could try one
day
to do your previous job
so the great thing about cloud security
is that literally the
skill set or the foundation you need is
in the name
right you need to have a cloud computing
background or foundation and then a
security
foundation and background so i always
try to encourage people who are
interested like hey
if they're a new person to technology in
general getting started i always
encourage them hey
you need to really get a foundation in
security and learn the basics
a lot of that is covered um by trainings
like security plus a plus network plus
kind of like the triad that people call
about
no i know certifications can really be a
here in their kind of conversation
but they do at least the um
the books and the knowledge is useful
whether or not you get the certification
you need all those certifications
totally up to you but the knowledge that
you get from
studying for those certifications is
useful in giving you
a really good foundation same with cloud
security i mean same with um cloud
computing
there are a wide variety of vendors out
there
who give you foundations in their
platform specifically
um but each one of those concepts that
they teach you
goes across the board iam is the same
across the board with all three they
just might be named different
the threat monitoring tools the same dlp
or data loss prevention the same so
a lot of the concepts that you'll find
in cloud computing and security combined
together
will give you that foundation to be a
cloud security engineer
analyst architect anything that you're
trying to be um
and then as far as training goes for me
the best training came from real world
experience
i went to school for computer science
and
i felt i didn't as soon as i got into my
job i'm like i don't know why i did that
because
i learned nothing and i really learned
everything from my first job
um not to say that school you're like
you shouldn't go to school and i think
don't do that
but what i'm saying is that translating
my formal education to my real world
experience was a bit difficult right
because again real world experience
there's like there's nothing that can
beat that at this point
but i also understand there is a large
disconnect with people trying to get
into the field pivot into the field so
real world experience
might take some time for someone to get
so in the meantime
there are so many free trials out there
especially for cloud vendors
cloud security for people to stand up
their own environment
and get that real world project
experience right you can
stand up your own environment in google
cloud and aws
and then azure and you can learn how to
spin up virtual machines you can install
applications on them you can run
real traffic through them because they
have a lot of um
what do you call it data that you can
run through in order to kind of build up
the environment
and you can test that out and you can
create projects to put on your resume
to help coincide with the lack of quote
unquote real world experience
but you can build up your skill set that
way so i always encourage doing self
training and a little bit if you have
the opportunity maybe to go to school or
go to a boot camp i highly encourage
that as well because there's nothing
like kind of getting formal education
but self training definitely is out
there and people have been very success
successful you know doing that on their
own in order to get a job
i agree can we talk about certifications
because i feel like it's a thing
that people avoid to like
whenever i'm on the internet all i ever
hear is like should i get this
certification or that certification
and i feel like a lot of people think
it's a touchy subject
but maybe because this is an education
podcast we could touch a little bit on
it
like you don't have to take a firm
stance but maybe we could explain what
certifications are
and like potential value that they could
have
yeah and i agree where a lot of people
ask hey should i get all of these
certifications
and i you know i know and i hate seeing
it and i'm like it really depends
right everything will always depends and
like that's something that you'll
literally always hear
in the field and they're like maybe or
it depends that will literally always be
an answer but
certifications really to me
my opinion certifications serve
two purposes one to get you through the
door for hr
that's one of the main reasons to get
certifications right
because unfortunately to get a job hr
needs to check these boxes for their
candidates
and if you don't have that box checked
you could be ruled out at any given time
and then two
certifications can serve as an open door
to
different networks um different
opportunities
different training and learning so for
example i have my ciss peak
certification
and getting that certification allowed
me to be a part of the isc square
community
and in doing so i got access to free
training i had access to a network of
other cissps
i get access to emails and first hand
xyz that they offer i would never have
gotten that had i not gotten that
certification right
so i always tell people getting every
certification isn't necessary
if you have the time and the money or
someone else is paying for it
and you're bored by all means
go buy every certification but or go
attain every certification but if not
the way i have done my certification
route is i map all of my certifications
to the roles that i plan on going for if
it's a requirement for that role
and because i don't want to be ruled out
then i will get it
so when i was first starting off in
cyber security
uh the only thing i heard about then was
the a plus and security plus and network
plus right that was
the foundational triad that you need to
be successful
i got the a plus i jumped to security
plus because that was the field i wanted
to get into
i was good there that allowed me to at
least have conversations with hr
managers
who are hiring for security positions
then from there i said okay now i want
to get into more advanced security
positions right
i want to start getting into the
engineering i want to be a little bit
more technical i don't want to do just
the analyst positions
in order for me to do that a lot of the
roles required is the issp certification
so i'm like okay
i need to get the experience i need to
pass this test so i
you know set a strategy for me to be
successful in order to get that
and then when i wanted to get into cloud
security same thing i'm like okay
if i wanted to be an engineer and i
noticed a lot of my job roles were
saying they want someone who can do aws
let me get aws certification they want
azure let me go ahead and do
azure certification so for me
certifications
serve a purpose not all of them are
necessary
um again i just really encourage people
to
map out a blueprint for your career and
then have your certifications aligned to
that blueprint
that is basically like the best
explanation ever thank you
that was so good i was like i have
nothing to add
a lot of people ask me which
certifications do you have i'm like i
don't have
any but most people can't go the i'm
just going to be famous route
it's not the thing most people can do
and in the canadian government they
weren't required so then i had all this
experience and
release research papers i'm like that's
a really inefficient way to do it
compared to getting certain
certifications and that worked
a while ago right because there are a
lot of people who are in the field who
back then
certifications wasn't a marker of your
experience right it was
real world job experience have you been
in this field for this long can you
tell me about the different roles like
experience was enough
somewhere along the line certifications
became
just as important um and became
the gate keep like it's just
like a bridge it keeps a lot
certification keeps people whether or
not they're going to get the job
unfortunately
and i always tell people and i'm like
just at the current
it's harder to dismantle the system of
disconnect between
hr and hiring in in the pipeline
what's easier right now because you
want to get into the field and you need
a job and you have two bills to pay
is to unfortunately play the game right
so you need to get a certification like
unfortunately to get through the door
unless you go the the twitter
like the the really famous route if you
can do it that way you know kudos to you
yeah it's a lot more time consuming
to start your own open source project to
release several research papers to like
it's way way way more like it'll be
better
if you just and then a lot of people
think oh if i do the famous or and i'm
like the famous route isn't
that doesn't yeah that's like saying oh
i'll be able to afford a house
if i become like a rock star it's like
no
that's not gonna happen right
yeah no yeah unfortunately you have to
get one at least one you have to get
something
yeah i also feel that there's like
you're talking about the disconnect
between hr
and the hiring pipeline i feel like they
just don't know what questions to ask to
actually understand if the person
does know their stuff so they're like
well we'll just ask for a cert
because then the people that giving the
cert have already asked
all the important questions to know they
know their stuff
i mean i i think like if you have a
technical person it's happening
is it is it because i again
i can't speak for everyone but i would
just think that the hiring
the person who's doing the recruiting
would talk to whatever team it is that
is hiring right and really understand
and maybe that's the thing right
sometimes a lot of teams don't
understand what they need like what is
this person fulfilling what gap is this
person fulfilling within my security
team
and if you can't understand and
translate that there's no way that
hr recruiter is going to understand and
translate that because they have no idea
what you're talking about they have no
idea what gap you're trying to fill so
yeah there's a a really large disconnect
but
at the time i really just try to mentor
and help people and i say hey
try to align as much as you can this is
i can only tell you what i've done and
what has helped me be successful
um and hopefully that you know that'll
help as well
we hack purple now offers a certificate
because
like basically people are like it's
really nice i've learned all this
awesome stuff
but i literally i have to be able to
show people like i went
to school there and i'm like okay let's
do it
yeah um and like now you know i guess to
show their hard work which is but i like
it
but it's just it just really sucks
especially because a lot of the
certifications cost
a lot of money i saw that yeah security
plus now is 350
which is like double almost of what i
paid when i got it and 350 dollars can
be a lot of money for people especially
in the pandemic so getting a security
plus and an a-plus and getting all these
certifications to try to be
a viable candidate can literally put
someone
in a really financial bind and then if
they don't get that job
what happens it was six months down the
line and nothing is baiting
you know they have bills to pay so i
really really really really do hope
that keeping continuing to talk about
this broken pipeline
and certifications really helps a lot of
people
to start bringing awareness to fix it
because
there's a lot of people who need jobs
there's a lot of end we keep talking
about this
cyber security skills gap or xyz but
we're not giving people the opportunity
to really fill that gap
and to be successful in this career i
could not agree with you
more and not to talk about myself
too much but i agree with you so
strongly that yes we are
trying to create solutions for that at
we have purple
because i'm just like introducing people
to students and doing this and doing
that and i'm just like can we figure out
a way where we get them all jobs because
that's what everyone actually truly
wants right so
people take training for one of two
reasons like one
they want to like find a job or two they
want to be more awesome at a job they
have
and so if they want to be more awesome
at a job they have awesome
like i'll just train you and show you
all the cool stuff and give you tools to
bring back to work
awesome but for the people where they're
like i want a job or i want to switch
jobs like how can we make that happen
because if we like
i feel like from a business perspective
if everyone just
finds the job and the if they get the
thing that they truly want
and then they're they go off and they're
awesome at it like everyone wins
like the industry wins the people win
and i'm like i
so i am like all like thinking about
solutions because i feel this is
a huge hole in our industry and i'm
sorry i got so off topic but i was just
like no
listen i have no problem talking about
because that's something that i also try
to do i don't know how to create
these solutions or i'm not in a position
yet of doing hiring
right of being the person to be able to
provide that job opportunity
but in the meanwhile i can definitely
help people get resources i can figure
out how can i do this for free
i can sponsor someone for certifications
i can i'm
in a position where i'm able to give
back in my community and that's
just what i really want to do because
again there is so many things that's
broken
and i feel like that's way harder to try
to fix where i can just try to provide
as much as i can resources and
opportunities for people
speaking of dominique giving back
so first of all i'm sharing underneath
you right now
dominic giving a workshop for the oauth
devslop
team about google cloud security
and it was awesome she was great she
joined me nikki and nancy actually i
wasn't at this one
so nikki but nikki and nancy are always
amazing and
yeah yeah it was a good episode and i
i'm not saying it has over 400 views so
people
really oh my goodness yeah some people
really liked it so
there's a link to that but gosh do you
do another thing dominic
that like people should know about
why i do um
i am the creator of security and color
which is a platform giving cyber
security resources for everyone to be a
cyber champion
um as i talk about i evangelize cyber
security
everywhere in my life at work at home to
my mama
everywhere um and i wanted to do it to
every
you know to the average and everyday
person i have a weekly podcast that
is now syndicated literally everywhere
um also called security and color
where i disseminate the top cyber
security news happening not only in the
united states but all over the world
and then i give out a weekly newsletter
that's also filled with opportunities
for people to take advantage of so i
post things like
job postings that might be happening
because i know a lot of people who are
in positions of hiring and they're
looking for people so i try to
you know share that out as much as i can
i also give news articles there but i
also give
for tech events because i'm also a
person who likes to attend tech events
and workshops not only just give them
and i know how difficult it can be to
figure out like what's happening this
week this month
this year xyz especially since
everyone's at home and everything's
virtual
so it's like trying to find links so i
kind of have a one-stop shop where
people can figure out hey
what's going on in the tech world during
this week and this month and you can
find
you know all of that on my platform
i happen to have um securityandcolor.com
underneath you and color is spelled the
american way not the canadian way
i actually was like searching for it
before the show and i was like
c-o-l-o-u-r
and i was like where is she i know i've
been to this site before how come i
can't find it i was like wait
americans less letters simpler
it's okay and it was funny because
actually my roommate asked that too and
she was like how come you don't put the
o-u-r
and i was like i don't know i've been
brainwashed to spell it this way
that's all i know no it's it's like uh
i guess canadians spell it one way and
american spelled another way there's a
couple things where we spell it r e
and you spell it e r or american spell e
r
and then i'm like why and the word
defense
so an s versus a c and and so
my publisher for my book is american and
so they kept correcting me i'm like
no i'm sorry but you're wrong
my team was located in europe and
every time we had to write like reports
or something
we would have like the word
organizations would come up right
then of course in america we saw
organizations with the z
and they spell it with the nasa we would
have these arguments back and forth
fixing reports on who was right or who
was correct so we had to pick okay this
this report's going to be the american
one and this report will go up to the
european one we had
so many fights over here oh my gosh
okay i'm going to thank our sponsor
thread fix from denim group
the most spectacular vulnerability
management
platform this side of the galaxy
and with that i want to ask everyone to
first of all obviously go out
go check out our sponsor thread fix and
then immediately
sign up and subscribe to security and
color podcast
and then if you're not already
subscribed to we have purple podcast do
that
and then also subscribe to her youtube
which i'm just going to share
now security and podcast youtube yeah i
looked up all the links that's right
um and then also then we're gonna follow
dominique
on twitter so security in color with
know you
and then also domi boo so i'm gonna put
that up too now
and then also press the subscribe and
like button
yes marketing complete good job tanya
awesome
okay so next question
does your job pay well is it
is it this like a thing where am i going
to be am i going to be buying a honda
fit that's eight years old that's used
that
sort of starts most the time or can i
buy a new car
no because i am
in a role that is seen as more senior
level
um and definitely with the managerial
level now
they definitely do pay well i know a lot
of people come into tech thinking
they're gonna start off
making six figures and i really hate
that narrative because it really
disappoints a lot of people off the bat
especially when
you have to start up for entry level and
unfortunately entry level is just
synonymous with
just not making a lot of money with not
six figures
yeah but the fortunate thing is that you
can definitely
get to six figures as i have in
my roles as i've gotten senior level and
i know a lot of people think well oh and
i can only do that if i live in really
big cities
or you know because of course they're
trying to compensate because of
um cost of living and that's not the
case at all especially now
that a lot of people are remote and we
definitely have proven in this industry
that you can work just as well from home
that you can in the office
so definitely in different smaller
cities and so i live for example in
atlanta georgia
and it's still a pretty big city but
in the south cost of living here is way
cheaper than for example in new york
city
um so it's definitely possible to
definitely hit six figures
as a consultant as a client facing role
in cloud security
in all of the roles that i've had within
cloud security or doing consulting or
anything client-facing
i've definitely been either very close
or have surpassed it there so
i can definitely say that this is an
industry that not only
challenges and you get a lot but it also
pays you for the work that you do
which is really important a lot of
people really get
which can it's fair a lot of people are
really shy about it in terms of asking
like hey does this pay
well but at the end of the day we all
have bills to pay we have to survive
as people people have families people
have lives people want nice things and i
think
you know you're definitely entitled to
have that so making sure that you're
aligning with roles that is going to pay
you for
the work that you do is very important
it's really stupid
yes we were talking about this earlier
and i was explaining it's important
because people need to know so for
instance i am a startup founder
and i am going to get my first paycheck
in two or three weeks but we started in
february and i'm
ecstatic that and i'm probably going to
pay myself
close to what the students get paid
because i just want to have some sort of
paycheck but i'm like so
excited but other people are like wait i
thought ceos made tons of cash and i'm
like not this one
however for a long time yeah but
but there's the glory of being able to
design your own job and work at the
place you've always dreamed of working
at and do things that feel
like they really matter to you etc but
it does not
pay well despite what you might see of
like that one
ceo that then like sells off in two
years and makes all the billions and
whatever like that
is not most of us just to be clear and
they don't tell you the story behind
that either right they don't tell you
what that person their background where
they came from who's helping them
xyz we always just see the success story
we see the oh the billions the millions
the
xyz you don't really see what's
happening behind the scenes
of how they got there so definitely
exactly don't take peed into trying to
like
copy or be someone just because they're
making a lot of money right now
you do have to do the work there is some
work that is involved with getting there
but it does pay
off i agree with her
yep and also i think i think that her
job sounds really good
so are there lots of opportunities
for that type of role like if someone
wants to they want to get into it is it
like fierce and cutthroat are there
opportunities
no there are definitely opportunities
but again
being in a consulting role and
especially for
um a really big firm or for anything
client-facing
it does require you to have years of
experience right this is definitely not
a role that you would get within the
first
one to even four years right i'm not
saying it's impossible because again
there's plenty of people who've been
able to navigate it
and i think especially um this goes for
i would say maybe for those who are
already in the field so if you come from
maybe a sales background something that
required you to interact with
people or customers xyz and then you
just kind of need the technical aspect
then sure
i think there's a path there's
definitely a pathway for you
but if you're just starting out your
first couple of years again really
is on building your foundation but
there's plenty of opportunities to be a
consultant
um everyone's always looking for someone
to help because every everyone always
needs help
especially in cloud security because
there's lots of organizations who just
don't have the time or resources to
build their own team
so they kind of outsource that to big
firms who can do that work for them
but there's also plenty of client-facing
rules because again cloud security is
just
a booming industry right now and a lot
of people are taking advantage of just
trying to find subject matter experts
because there are not a lot of them at
the moment at least at this high level
so if you can get into the field now and
build your foundation
i you definitely have job opportunities
that are coming your way
what do you like best about your job and
you can say the old job
and or the new job i'll take whatever
gravy i can get
so what do i like best for me it would
definitely be the
day-to-day challenge um and then working
with a wide variety of people
so as i kind of alluded to before i do i
get bored very easily in jobs mundane
tasks and
all of that just doesn't work well
that's not where i thrive um
and i thrive where i'm in a position
that is challenging me to learn
something
being able to apply what i learned and
then perhaps maybe teach it
and the two roles that i have the
current one that i have now and the one
that i had before allowed me that
opportunity
where again as i was saying i would wake
up each day and i would have a new email
that something new has happened and
i need to get on it or that i have the
opportunity and space to learn something
so i can apply it in the future and i
really enjoy that i really love being a
student as much
as long as i've been in this industry i
really love still being a student the
fact that technology is changing
literally every day and i have to have
something to look forward to and learn
every day and i can apply that to my
everyday work
and then help organizations and clients
meet their needs and meet their goals
and like actually tangibly seeing it
right they're like hey
my security posture is really shitty
right now
how can i improve and then literally
helping them improve that and then
like hey you know and then not only just
helping them approve them right because
you can't just fix someone's cyber
security posture and have them go on
their merry way because
that's how they got there in the first
place you need to you educate them and
teach them at the same time so being
able to teach teams
and like empower teams to be successful
in their own right is really
cool to me right it's like being able
maybe i have a future somewhere of being
a professor but
to teach and help people kind of learn
and be successful in their own right and
not necessarily just doing it for them
i love it that's
i totally uh i can totally feel that
definitely so the opposite question
what are what is the thing you like the
least about your job
and you're probably not going to be like
it's that guy over there but
maybe there's like a thing that bothers
you that like keeps coming up
like maybe angry people
the least thing i
i would definitely say is how
demanding the job can be
because again you're talking to so many
different people
and yes i'm networking and i'm learning
and i'm teaching and i'm being this
really great evangelist
but at the end of the day that can be
very draining
and very tiring and like i said there
are times and days where i barely have
enough energy to just crawl
into the bed and like go to sleep to
wake up and do it all over again
and that's like the other side of the
coin really it's just like
we and that's where you have to learn
about work-life balance
and figuring out you know that security
and this job isn't my entire life
and that i have to sometimes say no
saying no it can be really really hard
especially if you're a person who
perhaps doesn't have kids and is not
married and
they expect you to be on all the time
and i'm like
no i too like to go home on time and i
too
like to you know watch netflix
right and have a life yeah exactly so
really figuring out that balance of
being successful and making sure that
i'm
putting my best foot forward but also
that i'm taking care of me
and not letting the challenges and the
demands of the job
take over my life because i have
experienced burnout before
and i definitely don't like it i don't
want to go back to it
um but it is something that can happen
it's just
i i really hate saying that is the
nature of the job but if you don't
figure out a way to balance your life
unfortunately i think it's just
something that
more than likely what happened to to the
average person
yeah they start calling you tanya
this is this is the thing that i need to
be better at so i'm just like i'm like
taking notes
like i'm like okay yes for me too i have
to remind myself every day and i'm like
you can't do everything dominique like
sometimes you have to cut off like i
have to be very active and saying
okay there are days where i don't mind
being up and working till 10 because
there's just stuff that needs to get
done and that'll help me tomorrow
because i don't want my tomorrow to be a
really long day so let me
sacrifice today to be really long but
i'm not doing that every day
awesome that's yeah
that is wise advice that i think many of
our listeners could really
appreciate if they apply to their own
lives for
sure so
what advice would you give someone that
wants to try to get into a role similar
to yours that either you have now or
your previous role
like in maybe like actionable steps
i don't know if i muted myself partway
actionable steps
i know you're fine okay um some
actionable steps that i would say for
people who are looking to get into cloud
security
and as either a consultant engineer xyz
my first advice would always be apply
for the role
like press the button mainly because a
lot of us
especially women tend to not apply for
jobs if we're not checking
every box that's there as a consultant
what i've learned best is that i've been
able to take a little bit of my
experience
in everything that i've done and can
apply it somehow
to whatever engagement i need to do or
if not
i'm i i'm with a company that gives me
the space to know that they'll support
me
in making sure that i'm successful and
they give me this the space to learn
whatever it is that maybe i don't know
if there's a gap there right
so my first thing is always apply for
the role because you will never know if
you'll get it you'll never know if
you'll get that real world experience
if you don't go out there and physically
press that button and apply for it
and even if you don't get the job right
interviewing
is experience it helps get comfortable
with talking to recruiters with
understanding how technical interviews
go
and then next you know you will start
acing interviews left and right
you'll have so many job offers you don't
know what to do with yourself
so get comfortable with doing that
um and then second i am
a person who has to physically write
down
goals in order to
achieve them because in my head is a lot
of chaos already
so i need to put that chaos down into
actionable items for me on pieces of
paper
so if someone wants to get into cloud
security like i said before
what what i always advise my mentee to
do i
told her to do look up roles on linkedin
on indeed on whatever job sites pick out
a role
so if you want to do cloud security
engineer if you want to do cloud
security architect right
just start googling rules once you
figure out those roles
what skills are these roles asking for
they want you to learn
python do you need to learn linux do you
need to learn aws do you need to learn
xyz
now you have five things that perhaps
you didn't know about before
and now you have an action plan of what
you should be studying right
a lot of people say what should i be
studying what should certification
should i get to
literally the job roles tell you they
plan out a blueprint for you
but i think a lot of people get really
overwhelmed
in terms of what should i be doing pick
a role that sounds really good for you
craft it in your mind and then put it to
pen and paper and go for it
that's one of the best things that i can
say has been successful in me whenever
i'm going for a role
because it can be overwhelming right the
job
process is overwhelming there's like
there's no other way to put that so to
make it easier for you
figure out which role you want start
googling the rules
understand the skill sets make a plan
and then go for it
that is literally the most succinct
advice that we have had that is super
duper duper
actionable seriously i feel like we
should make
some sort of motivational poster where
and then at the end it says and go smash
it like
you set that goal you make the list of
things you go study the crap out of them
then you smash the goal you're like i've
been preparing this my whole life
exactly and then when you get in there
you and it makes you
comfortable with the entire process
right because
none of it is easy right and i don't
know if it's just by design the way it
is but it's not easy and it's really
overwhelming so it's like what can i do
to make this experience better for me
and more comfortable for me so i can be
successful because
being chaotic and everything that just
doesn't work well for me i just i feel
like i don't
have a way forward and way through and
for a lot of people and i
if it applies to me i know it applies to
a bunch of other people so
hopefully that helps with someone out
there but um
yeah just go for it press the button yes
i feel like that should be a slogan
press the button
just apply just do it
so do you do you
do things outside of your nine-to-five
job that you wanna share with us and
it's okay if you talked about it before
i still wanna hear about it again
um outside of my nine to five a lot of
it has been
building my platforms to creating color
which i had spoken about before
um and i can speak about like a little
bit about how it came about
so um last year at the beginning of the
year
i just had i don't know i was at this
moment where
i feel like i had something to
contribute to the community i had no
idea how
right i know there was a lot of people
who were feeling like they had no path
no representation no way of doing
anything
and i too was like okay where is that
person who is that person
um and finally i kind of just got to a
point where it's just like you know what
i have knowledge i have experience
i have a voice i have i should share it
um so i started
writing i just created a little blog
and i started creating um writing some
articles
because i wanted to um again i always
talk about evangelizing but i want to
talk about security right i like to talk
about
a lot of people because i think security
is for everyone not just for
professionals or people in the industry
our
data in our lives us as humans we are
gold mines now
so we should have the tools and
resources in the education to protect
ourselves or the everyday person should
be able to protect themselves
so i was like okay well the best way of
knowing that i know what i'm talking
about is if i can disseminate and write
that information for someone else
to read who maybe isn't in the industry
so i would have my friends read i would
have my
my mom read um and after a while a lot
of people were like i really like this i
was able
to understand this it's this is not
technical gibberish
like i actually know what you're trying
to tell me i understand what
multi-factor authentication means
now so yeah so
after doing that for a little while i'm
like okay
blogging is cool but i think at that
time naturally everyone was going for
podcasts i'm a big podcast person
i like to talk so i'm like why not do an
audio form and that's where the podcast
came about
um and i really just wanted to talk
about news because even for myself as a
cyber security professional when i
read articles sometimes they're too
technical and i'm like
i just i just want to know what's
happening like i
i appreciate the detail that they give
me especially if you're someone who's
interested in learning
how this malware is breaking down how
things are dropping xyz
but for the average person who wants to
know why this breach happen and what
they should do
they have no idea how to get that
information out of a technical article
so i wanted to be able to translate that
information into an easily digestible
way
and i always say your mom your grandma
your brother everyone is able to
understand it
across all kinds of generations and
spectrums
so that's really where the podcast
starts to come about and
yeah we've we've gotten a really good
audience i have such amazing supporters
and listeners so
we're still growing um and then i saw
another gap in terms of having
a cyber security kind of newsletter i
wanted a newsletter
i didn't really see one so i just
created one
that had a lot of the information i was
putting on my podcast but also a little
bit more again i saw there was
some gaps in the pipeline in terms of
people looking for jobs there were some
gaps in terms of
people not knowing where to find tech
events so i'm just trying to fill set
gaps
so that way people have a one-stop shop
where they can find things where they're
like hey
i want to know what's happening in the
tech world or i want to know what event
is happening next week let me go to
securityandcaller.com
or hey i want to catch up on the news
for this week and i want to know
you know what breaches are happening or
what special topics can i
i understand because i give a lot of
career advice as well let me go to
skating color podcast
so really trying to make it a one-stop
shop for the everyday cyber security
champion to be able to go to
that is awesome and to say it a little
slower security in
color.com
do not put a u in it the american way
yes because otherwise you'll get lost
like tanya and that's
okay i want to thank
you so much for being on the show you're
a fantastic guest
you're so easy to talk to it's really
good
and thank you so much for having me so
every single person listening or
watching has obviously already
subscribed
to security and color and bookmarked the
website
including me and and also they've
subscribed to our podcast and also
they want to thank our awesome sponsor
threadfix and also
um this was great this was really great
thank you so much for being on the show
i really appreciate your time
it's awesome i love everything that
you're doing so i'm super happy to be a
part of it
thank you so once again our guest was
dominique
west and i am going to do the goodbye
would you are you interested in waving
before we disappear
and then we do the goodbye out just bye
everyone
thank you awesome
so uh thank you for tuning in to the we
hack purple podcast
each week as you know we interview
an amazing human from the information
security industry to learn about what
different types of jobs that they had
this week we interviewed dominique west
and learned quite a bit
especially how we all need to subscribe
to her podcast
sponsored by thread fix by denim group
and this episode has
definitely helped you learn a lot more
about cloud security and how to try to
actually set your goals and then go
smash them
up next next week on thursday we have
stephanie black to talk about being a
cyber security account manager
so dominique talked about that a bit
which is awesome and so we're going to
get even more details from stephanie
the following week is tyrone e wilson
and he's going to talk about what it's
like to be a founder
so him and i are going to have a lot in
common and i bet that we're going to
gripe
and it's going to be great after that we
have kim crowley to talk about what it's
like to be a cyber security
writer and researcher and she has a lot
of interesting information about that
and then the following week
we're going to talk to shira shamban and
so when we first booked her
we had she's the ceo of a stealth
startup however since then she has come
out and there is so much more
information we are going to share
about her and what she is up to so thank
you so much again
for participating and listening and
watching
i hope you do a review on apple itunes
of our podcast and talk about how we're
great
and thanks again i'm tanya janca your
host thanks
from we hack purple bye