Navigating Cybersecurity: Insights from Luis's Career and Growth Artwork

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Welcome to Inclusive Cyber: Unlocking Innovation in Cybersecurity, your front-row seat to understand how a diverse mix of voices is not just necessary but essential to defend our most sensitive computer networks and personal data. I’m your host Danny Magallanes, and through my podcast, we shine a spotlight on the heroes and the trailblazers from every corner of society who are redefining the Cultural Renaissance frontier. Every episode is a step toward a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential and the power to protect our digital world. Join us on this journey, where every listen, every share, and every dialogue inches us closer to this new reality

All Episodes

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Navigating Cybersecurity: Insights from Luis's Career and Growth

August 12, 2024 • Danny Magallanes • Season 2 • Episode 1

In this episode of Inclusive Cyber, Danny interviews Luis, a cybersecurity professional with a compelling journey from a tech-enthusiastic childhood to a successful career in cybersecurity. Luis shares his early experiences with technology, including tinkering with family electronics and video game consoles, which sparked his curiosity and passion for the field. He highlights the significant impact of mentorship, both from family members and professional mentors, on his career development.

Luis discusses his academic path, which included dual enrollment in high school, multiple degrees, and numerous certifications. He emphasizes the importance of combining formal education with practical certifications to build a robust skill set. Throughout his career, Luis faced and overcame challenges by continuously learning and adapting, eventually securing roles in healthcare and big tech.

The conversation touches on the value of diverse experiences, the evolving nature of cybersecurity roles, and the need for both technical and non-technical skills in the industry. Luis also shares his views on generative AI, its potential impact on cybersecurity jobs, and the importance of maintaining a human element in the field.

Danny and Luis conclude by discussing the need for better communication and inclusivity in the cybersecurity community, encouraging continuous learning, and the significance of breaking down silos to foster collaboration and innovation.
LinkedIn Profile - https://www.linkedin.com/in/luisfernandezjr/

BOOKS

Disrupting the Game by Reggie Fils-Aime https://www.amazon.com/Disrupting-Game-Bronx-Top-Nintendo/dp/1400226678/

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/

Support the show

Support the Channel - Click the bell to have notifications, like & subscribe!
Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio:
Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G
Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111
Website - https://www.buzzsprout.com/2183707
Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurityMusic: Music by Cryptochronica and Worlds Apart featuring Vtizzel; Song: Gunz Blazin' Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix...

Mission Statement
---

[00:00:00] Danny: You're listening to Inclusive Cyber with Danny Magallanes. Are you curious about how professionals, both young and seasoned, in thank you discover their passion, of and make a lasting impact? Then Inclusive Cyber is a Project. a journey to learn from guests with diverse backgrounds and experiences. As they share their wisdom and practical advice to help us tackle our biggest challenges inside cybersecurity. Tune in twice a month we chat with inspiring individuals who are either making a significant impact or just starting their careers. We also delve into the latest stories on leadership, thinking, cultural renaissance, team management, and much more via our growth mindset episodes. Hope you join us on this journey.

Luis Highlights
---

[00:01:01] Speaker: As I read back to you, my story, like how things kind of just interconnect, like I went through college, I got into a healthcare organization, I worked with a SOC, I hunkered down, pandemic hit, I started doing all these certifications, and I kept studying beyond my graduate degree, I didn't stop, and again, I was provided another opportunity.

There are a couple things that really surprised me. Despite me going through This entire journey of education, certifications, dynamic environments. There's not a lot of people who are open enough to sit down with you and walk you through what the important things are. One other point, there isn't a single person who knows absolutely everything.

Introduction
---

[00:01:52] Danny: Luis. How's it going?

[00:01:54] Luis: It's going pretty good. How about you?

[00:01:56] Danny: Doing great. Looking forward to this conversation. Super excited to dive into your career. Can you provide a quick overview of your career so far?

Background
---

[00:02:05] Luis: Yeah. So, uh, when we speak about my career, you know, I really look back pretty much to whenever I started as a kid with technology.

I've always had a very deep interest in how computers work. I've been studying computing extensively. Uh, I took my skills into turning them into like a, a profitable service. So early on, I, I actually started doing computer cleanup and repairs, so I dealt with a lot of issues like spyware, malware, Trojans.

I, I didn't really look into cybersecurity as a career path, evolved into something that I fell into. I really just enjoyed solving a, a myriad of technical problems, and it wasn't until I secured a role at. A healthcare organization is where I actually entered the cyber security field where I had like cyber in my title.

[00:02:49] Danny: And where did that curious nature of cyber come from? Did you have a computer growing up? Was it a sibling? Was it a parent?

Initial Interest in Technology
---

[00:02:57] Luis: I've always enjoyed playing with technology. So hardware and software. And as far as like resources go. I wouldn't say that I had a computer immediately available to me in my youth. Uh, usually it was either some computer that was borrowed or a family shared resource. I know beyond, uh, the time that the computers were available to my family, like I know video game consoles were available to me. So we had electronic devices. Where I was able to put things together, set things up or just disassemble things.

It really came from me trying to understand what was available to me to then understand the passion of technology that I grew to love. I learned more so from The family that I had that provided me resources, we eventually had a shared computer where I ended up exploring, uh, connecting things to the internet.

And it's just part of what I like to do. Sometimes people have devices that they don't understand. So you have to go look out and find the schematics or the manual and try to figure out and troubleshoot your own way through. But as far as resources go in my family, we were pretty, pretty We didn't have too many fancy TVs, and I'm trying to like, think back CRT television days, right?

There may have been a phone line. There had to have been a phone line in order for us to call out. And we didn't have internet at one point, right? Internet was only available to a certain amount of people in our area. And eventually, when we had internet available to our house, we then had to have Uh, the phone line, I'm dating myself too.

But if somebody would make a phone call to the house that would drop your internet service. So things like that. And we only had one computer and it was very hard to get your own time on it because when you have a family shared computer, of course the adults are really using it for business purposes or for work purposes and very important, critical things.

So it wasn't really seen as a device that I could play with, but mind you, I had You know, other electronic devices in the house that I could play around with games. So it kind of just like connected the way that I could figure out how hardware and software worked. That kind of sheds a little bit light of how it was resourced from early age.

[00:05:02] Danny: Yeah, no, I definitely love that. One of the striking things that I really admire is your curiosity. Right. How do these things work? How do you, you know, press a button on the controller? And how do you have, in my case, Mario jump. I think that's something that we're missing in just in society as a whole. It's just being curious on how things work with that being said, you know, growing up. Is it safe to assume that your mentors were at home rather than potentially school or employers?

Mentors making an impact early on
---

[00:05:35] Luis: Yeah. So as far as mentors go, I, I have a lot of people that come to mind. Uh, one of the first Individuals that really inspired me was a family member, right?

He was always tinkering with things and for some reason he had this notoriety that he would tend to disassemble things and he would fix them. But there would always be. A set of remaining parts left over. And you think when you start to break things down and put them back together, you want to make sure you have every single screw back into every single facet, right?

So through this process, he taught me and I started to shadow him and I asked questions. Eventually I was able to help him. And these are things like television sets, radios. We're talking about head units, car speakers, amplifiers. Also computers and, and finding circuitry, but through this process of. Just being curious of why things were being disassembled, why he was doing the things the way he was doing them.

The end result was they were always fixed or repaired. So it taught me to learn which parts, whether it's hardware or software, were critical, which one were the supporting pieces, or which pieces are really just for aesthetics. Right. So being commonly under misunderstood as this individual who basically would break things and then reassemble them and have extra parts, he actually helped inspire me to explore and understand the technology that he worked with.

And this also was a huge influence on my somewhat hobby of playing video games, because he also introduced me. To things like the second Genesis and the original Xbox, right? And he also showed me things about robotics. I remember soldering circuitry on the boards in order to power these robotic kits.

Those kits weren't necessarily easily available at the time for me, but I also learned how to. Disassemble TVs, get in the car, splice cables and any type of household electronic was on his list because he understood like electrical engineering. So he influenced me to understand how electronics work at a hardware level.

And this allowed me to learn myself, of course, with computing about Cables and ports and the schematics and the documentation that weren't really available to everyone. Sometimes this knowledge before like the Google days where you could just easily do a search query, this knowledge wasn't really available to everyone.

This was before the. com boom, right? So without his presence in my upbringing, I'm not sure that I would have been able to pursue the career path that I have today.

[00:08:23] Danny: That's just a fascinating story, Luis, that, you know, it's just individuals, family members, or close friends that have an impact. Maybe we may not realize it at the time, but just kind of looking back and if it wasn't for that individual, we wouldn't be where we're currently at. So I love that. So WalkMe, you said initially it's more technical, hands on experience. I guess, when did that transition into cybersecurity, uh, come in?

Transitioning into Cybersecurity
---

[00:08:55] Luis: Sure. So, so this, uh, family member, uh, first, whenever I started getting all these skills and providing services, computing as what I was providing early on, eventually that turned into like a self business where I was working basically out of his shop.

I transitioned over to a college where I started working on technical support and I elevated my skills and my roles and my team. A lot of people. Uh, there that I still have contact with were role models to me. There were also mentors, but it wasn't until I would say I met with, uh, a director of the specific financial department where, uh, I took my foot forward into data analysis.

And during this time, this person. Somewhat mentored me. Mentorship is very important because sometimes you get into, uh, basically like a friendship or, uh, a way that you're able to have a relationship with an individual and they teach you things and they show you things and they help you grow, but you don't necessarily go up to somebody and say, Hey, I want you to be my mentor, right?

Like things just happen. And you look back and I'm like, Oh, that person really was a great role model for me, or they mentored me during this time. So, uh, this individual, she really helped me understand the business of the college and the financial aspect. And that helped me grow and understand the back end infrastructure of what was happening at the college.

And this combined with me working tech support, uh, as well in the college, allowed me to figure out where do I want to head in the future. And mind you, This was during the time where I finished high school. My whole trajectory here is I had an associate's degree. I threw the program. Mind you, I was dual enrolled at high school, and it wasn't by choice, right?

I didn't want to go through dual enrollment, and I spent a lot of time in the college. I got an associate's degree in a then I got a bachelor's degree, and then I took a secondary bachelor's degree. One was in business administration. The other one was business and I T. So I took a business administration.

at the same time that I was taking my master's degree. So I was doing a graduate degree and an undergraduate degree at the same time while working in this financial department. So again, I wouldn't have had the opportunity had it not been for this director to put me in this position at the college. So through here, the master's degree, I started hyper focusing on cybersecurity.

I started to implement what I was learning. At school into my work, and then I recognized there wasn't an opportunity that allowed me at the college to enhance my cyber security interests, right? There were things that I were doing inside and outside of work to just get that extra edge at this time. I was thinking if I have a graduate degree or not, even if I had an undergrad or just a college degree itself, maybe I could go work for big tech.

I attempted and I never heard anything back. So fast forward, I'm now transitioning into another role in my career where I was fortunate enough to get. An opportunity at a healthcare organization. This is where cybersecurity really started for me, right? This individual who gave me the opportunity, I'm still in contact with today.

there's something about the security culture. Whenever you work with people, they tend to stay or remain in your circle because you never really forget the people who brought you in or open the doors for you. I also have to say that at the healthcare organization, this individual who was once my former manager, it's very interesting to understand how sometimes You can find the same or similar characteristics of a specific individual in future relationships.

The person who opened the door for me to work in the healthcare organization helped me understand security systems, the engineering behind how to write reports. They provided me a great understanding of certifications and a security culture. Right. There were lessons learned across the board and this guy, he was running a sock and we were running with a threat hunting team as well.

There was architecture involved in security engineering, and he was a great guy. And he's also one who has helped me understand the importance of references, resources, and reading material and security, right? Because there are a lot of books out there, but there might not be. A very good list that basically says you should read all these, right?

So he introduced me to, it's funny, my, my next manager, but through the book. So the author of this book was actually the hiring manager who got me into big tech, which is crazy because the person who brought me into the healthcare organization was basically building and driving the sock. And at some point he had to step away.

So a lot of our responsibilities were elevated. So we started managing ourselves. As I looked at this book, there was a specific author who, I mean, if you look at my profile, you can find out, um, who these are, but what happened was I was able to bridge this gap. And then during the pandemic, I kind of just hunkered down, started reading more, doing a whole bunch of more certifications and just upscaling, right.

This included CTF platforms. This included certifications from like CompTIA, ISC squared, EC council, and When at a certain point, again, I just was looking for more growth. I took a second chance. I looked at big tech again, and I had not one, but two opportunities. It was very interesting because I couldn't believe it.

I was provided two offers and I went with one specific one because my former manager now gave me that opportunity. I ended up just. Uprooting from where I was, I ended up moving here with my family to figure out, is this the career path I'm going to take? I have so much gratitude, right? So both of these managers, both in security, both gave me wildly different opportunities.

One opened the door for me, and then the other one just opened another door that just allowed me to dive deeper into security research, security engineering. And they really influenced my security career path. I'm still in awe. And as I read back to you, like some of my story, like how things kind of just interconnect, right?

Like, I went through college. I got into healthcare organization. I worked with a sock. I hunkered down pandemic hit. I started doing all these certifications and I kept studying beyond my graduate degree, right? I didn't stop. And again, I was provided another opportunity. It's just the timing was right. And the, the relevance of the material that I was reading and studying, it just all fit in so well, and here I am, I'm still working on my security career as an operations engineer in my personal time, I still go do my own security research, I do my hands on labs and I do learn a couple of different skills. And I like to improve. It's just part of. How I like to do things.

[00:15:36] Danny: So there is a lot of great information that you just described. So I want to kind of work back a little bit and just make some comments. The 1st, 1 is about sponsorship. I know when you're in corporate America, typically, it's like, there is a program there that you get assigned a mentee or mentor or be a part of that.

So that's 1 facet. But I think the way you described it, it was just, um, You know, being at the right place, right time, and then asking questions. But I think another thing that is really missing is somebody that is a giver that is able to explain and take the time to say, Hey, you know, this person or these group of people are asking me all these questions and let me give back to the community.

I think our community is super small. I've seen the DEF CON flag behind you. I went there, it's like 20, 000 people there, but it is so small and finding people to give back and are willing to teach you all the different things that they've learned. I think it's just an amazing opportunity. The second is kind of a combination of two things that you mentioned, you know, studying, going to school, having that business acumen, which I would argue That a lot of us in our industry don't have that we're super technically focused, but we don't understand the business side of cybersecurity, right?

It's just one risk of many risks that businesses go through. I really admire your tenacity and just keep on learning. I think that's the third piece I want to comment on. A lot of people just fail to. Learn, or maybe they're not interested in learning. There was a individual, I won't obviously mention names, but they told me that they don't like to read.

And I found that very sad because if you don't like to read, then you're not going to be learning. For example, I'm in like in the middle of 15 books. I put a post on LinkedIn. I just highlighted my summer reading. Actually, I haven't touched any of those books because I found like four other ones that I'm diving into.

So the learning, it's going to be a continuous thing. Hopefully I'm going to be old and gray. Even though I already have the gray hairs, but you're still going to be learning about, you know, when 40 years from now. Moving on to another question here. What has surprised you about the industry that you weren't expecting?

What Suprised you the most in Cybersecurity?
---

[00:18:07] Luis: So there, there are a couple of things that really surprised me. I think the very first one is despite me going through this entire journey of education, certifications, Dynamic environments.

There's just a common denominator across the people who brought me into the industry. And there's not a lot of them, right? There's not a lot of people who are open enough to sit down with you and walk you through what the important things are. One other point I found surprising is it might sound a bit cliche.

There isn't a single person. Who knows absolutely everything, and it could be in different facets. It could be in different domains. I've recognized that going through a couple of different organizations that you can be put in with the subject matter experts, things can be misinterpreted. Things could be incorrect, or things could be simply just outside of that SME's expertise.

One thing that I also noticed With everyone, there's a different way that they digest information. So you mentioned reading, it's very important. And sometimes we're left only to digest that information in a specific language for everyone in the industry. Who has a problem at hand, I've recognized that they're able to just digest the information really quick and they do it with tenacity.

And at the end of the outcome, something like a solution is born. Key point here is. Not everyone's going to know everything and you're going to have questions and you're going to have to learn whether it's through different reading styles. It could be through audio, it could be through reading just plain text, it could be watching a video, or it could be doing actual hands on keyboard, running commands.

Building or virtualizing specific environments, and sometimes you have to combine all of those senses in order for you to really cement yourself and fuel your passion so that you can learn everything that you can in a specific domain.

[00:20:13] Danny: Everybody has different learning styles. Uh, for sure. I know you mentioned this, uh, before certifications versus education. For me being a minority, being a Latino, I think education is going to be important for our people for a long time. Right. Right. So what would you say to somebody coming into the industry and say, Hey, Should I go the certification route or should I go to the education route?

Education vs Certification
---

[00:20:41] Luis: I can touch on a couple of different points here. I mentioned some of this already, but I think I'll summarize it in a better way. One, I think our profession requirements are difficult to understand because there's so many different domains and we have sub domains and you have focus and concentration, uh, silos, and this could be, Sock threat hunting, forensic experts, then there's GRC.

Then there's also learning, right. And creating content and even recruitment. How do you vet through specific candidates? There's a huge sprawl. And if you go look for mind maps of the security domains, you can see how many different things you can focus on, but bringing it back to education and certifications.

Me personally, I like it when you can combine both. And when people talk about. Education. I think the 1st thing everyone hyper focuses on is a graduate degree or not even a graduate, just a college degree period. And you can have a certain amount of college degrees. And it's great to go down that path. If you look at my trajectory, I was Dual enrolled in high school, finished that, ended up getting an A plus certification, got an AS degree, got an AA degree, got a bachelor's degree in IT, then dual enrolled for a business admin degree, bachelor's while doing a master's graduate degree in cybersecurity.

I did all that. And even beyond that, I went to go get certifications. That was my path. I can't say that that's the correct path, but it did help when people go through the education system. And it's sometimes challenging, right? Because we're not necessarily always resourced the same way to go get a college education.

It really depends on the employer, on whether or not you fit a business need. Because we can't come up with a degree and say, Hey, I did X, Y, and Z. You should give me a job. There's a business need. And if you meet that need with your qualifications, hopefully you have some experience. And if you don't have experience, you can create your own projects, create your own content, commit your own code into repositories out in the world.

There's publicly available projects that you can contribute to when you combine that with your education, with your certifications, I think there will be a gap that can be filled. So that way, there is a need. That you can actually meet with the employer. And that's just my, my journey. I think it's important to combine both when you can.

Certifications are a great way for you to understand how you learn as well. Maybe there's something very specific on the blue team side of security that you want to focus on. Or there could be something you want to focus on, like a new skill set that you don't have. Maybe it's like pen testing. There's not a platter that basically says, Hey, you need to do all of these certifications and you'll be able to do any specific job.

Think back to the mind maps I talked about in cyber security. There's so many different Skillsets that you can work on. Just stick to one, build on it. And you know, if you don't like it a couple of years down the line or maybe a month down the line, just change it, but you're not limited to what you can learn.

You can just focus on what you think is best for you at the time. And it could be things beyond security. It could be just fundamentals in it. Like I mentioned, the A plus certification, just hardware, build your own PC, understand how those components work. It's just part of my passion of just enjoying to learn the technology that I have available to me.

And yeah, I try to combine education and certifications. As much as I can, and I continue learning every single day. Sometimes it's just a day to day thing. Maybe it's a week by week or I have goals for the month.

[00:24:29] Danny: I think you definitely hit the nail on the head in regards to your journey is unique. When somebody comes to us and says, Hey, how do I get into cyber? Well, this is what I've done. And probably the mistake a lot of people do is try to mimic that. Right. Like, Hey, I did the education. I did the certification, spend a lot of money for both. And I'm still not getting any job offers there. And there's a lot at play, right?

Especially now, obviously we're coming out of COVID. We're in a recession. The economy is kind of funky right now. But another thing that you also mentioned is. There's so many domains and subdomains within cyber my philosophy, and I know I'm definitely going to get a lot of pushback on this. I've always said that you don't have to be technical. To get into cyber because there's so many other take a governance risk and compliance. You know, you don't need to know how to code. You don't need to know how to do pen testing. I think that's the sexy part or more known part of cybersecurity is like, Oh, I want to be a hacker. But I think there's just so many administrative and non technical components in cybersecurity.

And the analogy that I always use is the medical profession. I think we in the industry, when somebody are asking us, how do we get into the industry or kind of the analogy that I always go with is, well, you know, how is your heart surgery or brain surgery skills? I know I don't do that. And what we typically as a whole, we tell people is you need to go to school to become a heart surgeon.

Right. And that's not the case because there's so many different aspects of the medical profession that you can get into that doesn't require cutting people up. So that's kind of my philosophy. And, you know, if you're going to be an engineer, then that's going to be a little bit different, right? You do need that technical expertise. You might need a combination of education. And certifications to get into that, though,

Hyperfocused on Titles and Technical Abilities
---

[00:26:36] Luis: I'd like to add to that. I think there's also a point where, you know, in our domains or just in the security culture where we get so hyper focused on what the titles are, right? Like, I've worked on a sock, I've worked with threat hunt, I've worked as a hunter.

And I still hunt to this day, I've engineered security solutions. It's funny because I have, uh, so much widespread skill sets across like IT in general. But you can see these things like in security memes where it's like, Oh, you work in cybersecurity. Like you can do X thing where you can, you can hack someone's social media account, or you can stand up a website.

The thing is, it depends. I make this joke also in in forensic as well. Somebody will ask a question and the question will be like, it depends like when you're dealing with volatile or nonvolatile memory, like how your investigation goes through. People sometimes just hyper focus so much on the title, right?

You'll see this title on this person and you maybe get a general understanding of what they do, but it's not until you actually work with them to, to. Then you really realize like what they are capable of doing and what their skill set is. So just keep that in mind. I think it's important to to look at roles. Sometimes there might be a whole bunch of technical aptitude that's required. And again, there might be roles that You don't need those technical skills. That is the reality.

[00:27:56] Danny: Yeah, I know. That's definitely a good point. And just as you're explaining that to something popped into my head, what is your perception or what do you think of a leader titles aside, but let's say they're a leader running a technical aspect of cybersecurity, do they need to have that technical background to be an effective leader?

Do Leaders need to be Technical to be Successful?
---

[00:28:18] Luis: I think this is really just my opinion. I've. My entire career, I've always had a technical lead in front of me and whether or not they showcase their leadership skills to what like leadership standards are will be the general consensus. What I'm saying is I liked all of my technical leaders and the fact that you're technical shows me that you can lead and still get into the weeds.

And I understand that there are times where, as Management that you don't have the time or capacity to do said thing. And that's completely fine. I've also worked with individuals like that who are non technical great people, but my preference and through my experience is you have to have some technical background and some technical aptitude.

You look at a Venn diagram. That's where, like, we as security individuals meet halfway. There's always room to grow and there's always opportunities to collaborate. And if you don't want to be a technical lead or technical leader, that's okay. You can empower people, right? You can show them and have them learn what it is to have a growth mindset.

You can advocate for them. You can sponsor them. You can connect them to the other technical people. It's the relationship building and the networking that needs to be strong if you happen to not have technical skills or technical aptitude. It is okay if that is, you know, a path that you want to take. There's nothing wrong with that. You can still be in security. It's just important where you should lean in onto your strengths. If you have strengths in your network.

[00:30:04] Danny: So let's move on to the word of the millennia or the phrase generative artificial intelligence. What are your thoughts? Good, bad for society, for cyber.

Is Generative AI good for society?
---

[00:30:16] Luis: I think with generative AI. I'm at a neutral standpoint. There, there can be a lot of negative. There can be also a lot of good. Generative AI, the way that I've seen it in, like, news, combined with work, combined with just casual use, there's a lot of change, and I think the change is a factor of the disruption that we're seeing in our society.

There are A lot of things that are being created for good. There's also a lot of things that are being created for bad. I think the important thing is recognizing where we can fine tune these tools. In a way that they're mostly used for good. And I think being in, in security, a lot of us tend to just look at the bad of things we see when things can go wrong, we can see things bubbling up.

I think it's too early right now. To make that determination of where generative AI will take us, whether it's going to take us into this dystopia or bring us into this environment where we're part of, or collaborating with AI so well that we've elevated the human skill set into something else. So that's my stance on it. It's very interesting because I can be, I can look at this like 10 years from now, 20 years from now and say, I was there. Right. Like I was, I was part of that.

[00:31:44] Danny: With GenAI i, I think there's a lot of fear, uncertainty and doubts. If you're missing out maybe from a business standpoint, but I definitely agree with you. I think it's still too early to tell. I've been leveraging it in my work and it's just, just a phenomenal technology that again, we can build something that will help society as a whole, but on the flip side, You know, it could be something negative.

What would you say if somebody comes up to you, will Gen AI replace my job within cybersecurity? How would you answer that?

Will Generative AI replace my job?
---

[00:32:20] Luis: I think there's always going to be a human element. Right. There, there's claims of what generative AI can do. There's also a lot of studies and research of what Gen AI, Gen AI can't do right now.

And the way that I see things, even, you know, years back when I was working in, still in tech, we would do our best to try to automate things and bring things to a point where we don't need to intervene. And we're basically orchestrating things. on the network, on the domain, for specific servers, for endpoint machines.

Yeah, I think the way that generative AI will, will change things will still require a human element to the mix. I don't think that there's going to be a replacement for specific security individuals or roles.

[00:33:12] Danny: Right. Um, another question and not to throw a curve ball. What is our biggest challenges in cybersecurity and how do we go about solving them?

What are our biggest challenges in Cybersecurity right now?
---

[00:33:23] Luis: That's a good question. I, I know that I've faced some challenges throughout my security career. And these challenges I think are about. Understanding how we learn and how we knowledge share. I think the biggest challenge that we have is coming together as a group and bringing that opportunity for others to fill in the gaps that we have, right?

We always hear that there are gaps in the industry. And then we look at these positions where they're looking for, like, these unicorn styled individuals. Somehow, there needs to be some consensus that says for entry level jobs, which sometimes cybersecurity, when you look at these jobs, They're not necessarily entry level.

You need to have some foundational knowledge to get into what could be considered an entry level cybersecurity job, but we just need to come together as a group, as a community and part of the security culture to help convey that message. And then we can start filling in these positions. And addressing the gap in skills that we need in cyber.

And I think part of that is also educating, right? We need to be able to learn how other people learn, but we need to recognize that there are certain groups that probably need more resources than others. So that way they could have that level playing field. There's opportunities out there. It's just many of us don't have.

The same upbringing, the same resources, there's different backgrounds, different languages, you come from different parts of the world. What I've learned is that there are so many people who can bring something to the table in security. And I think through learning and education is how we do that.

[00:35:01] Danny: So it's interesting you mentioned about entry level, even though the job description might say entry level, it's not entry level, it's up to that particular hiring manager, HR to say, Hey, this isn't an entry level.

And I think that's where The miscommunication is happening, right? When these companies come out and say, Hey, this is an entry level. But, you know, if you look at the details, it's asking for all of these certifications, experience, the communication and the wording definitely needs to change. Um, one other question that just got me thinking about the unicorn.

Where did that come from? Where, you know, based on your experience, why are we looking for somebody that can do it all when earlier, you mentioned that we're not going to have all the answers where we're not going to know everything. So where did this unicorn mentality come from?

Where did "Finding a Unicorn" come from?
---

[00:35:57] Luis: It's a combination of what us like human beings in general, like how people communicate and mind you, cybersecurity wasn't a thing 20 years ago.

Like it was like infosec or even beyond that. It was something else, right? It evolved to what cybersecurity is today. Now, I think that. We tend to just use specific words and they are just used in a specific way that then bar people entry. And using terms from industry standards to have minimum requirements is, is just challenging to me.

I also say this in one of my experiences, and this just popped into my head. I remember trying to get a specific role, right? And this role did have some security skills behind it. And the reason that I wasn't provided that opportunity Was because I didn't have my graduate degree physically in my hand, which is interesting because I couldn't think that there would be any other like technical reason of why I wouldn't be provided the opportunity.

It's just a human element, right? Like instead of just saying, Hey, I don't think you meet the qualifications or you're not the person that we're looking for based on our skills, et cetera, et cetera. We as humans just tend to look for something else to say, right? You can't get this role or you can't get this interview or opportunity because you don't have something looking at these jobs because you don't have a GREM certification from SANS because you don't have the CISSP which is like an industry standard because you don't have one of the CompTIA like trifecta serves like A+, Net+, security+ or even CISA+ because you don't have these. We can't have a conversation, which I think that that is something that needs to change in the security world and security culture and the way that we bring people on. And that's my two cents on that.

[00:37:50] Danny: Yeah, no, I think we're, we're in the same boat, Luis. We're doing a disservice. Um, when we only look at this criteria, wherever it derived from, that if you don't meet these qualifications, that aren't really necessary to complete or to do that specific job role, but we're holding steadfast that you have to meet these requirements.

Now we're limiting the diversity of thought of people coming in. And the, I've always said that the homogeneity of our industry, I think it's making us less secure, bringing in different perspectives and having this cultural renaissance that I'm trying to propagate through this podcast, I think it's going to make us better secure.

And then just 1 other thing. Language, like you said, it's really, really hard. I remember when I was working, uh, in government and writing for the highest level of, uh, our government, it was probably a two pager, but it took two months to write because every single word mattered because when you're informing senior policymakers.

Every single word carries a weight. So that taught me a lot on how to write effectively and understanding obviously your audience. And I think we just need to do a better job as a whole, so we can bring in new perspective, new ideas into our industry. I could definitely go on and talk about more of your great career and all the great things that you're doing, but.

How I wrap up all the podcasts is something that you and I definitely share this passion for learning and reading. As I mentioned, right before hitting record, I'm in a million books at the end of the day. Um, what has been a book that you just recently read that really resonated with you that you'd like to share?

Book Recommendations
---

[00:39:54] Luis: I'll give two and one, one book that I'm currently reading is the Ku Kozak. It has been in my backlog and I've been trying to just get back into reading that book. It's kind of like with games too, you have a backlog. It's like, ah, do I have the time, etc, etc. But that is on my to do and so far the story reads great.

The other book that I actually finished and I was able to go to the book signing again. This is just part of who I am, what I do, what I like. This book is called Disrupting the Game from the Bronx to the Top of Nintendo, and this was made by Reggie Fils Aimé, right? So I learned Reggie's career trajectory in this book.

It also showed me the importance of being in the right place. at the right time. And I'm not saying everything is simply just due to chance. What I was able to understand and get from the book is that there are meaningful relationships that need to be built. And sometimes you get those relationships when you break silos.

There are times that you are working in a specific place, on a specific team, during a specific time, and you recognize that there's a lot of disruption happening. We have to manage those emotions. We have to master the things that we think that are important at that time. And at the end of it, we all have professional dreams.

We can set our goals and we can do them. And there are going to be times where we're going to be met with failure. And those, those events that happen where we fail are just attempts. We have opportunities to try again and again, we'll go through a whole wheel of emotions. And I think in those spiraling times.

We then create the things that we think that are important. We are able to conquer the negativity. And also by going through the book and understanding different like leadership styles that you can recognize, you also then recognize Who else around you is facing similar or completely different scenarios, and they might just need some help.

There are so many people that have their own journeys, their own stories, their own challenges, and their way of doing things. It's important to be able to connect with people, right? I think we lost a lot of that during the pandemic. And it's changed the work environment. It's changed our social environment, but reading through the book really helped me understand more of what I like to do, how I like to interact with people and how it can become, you know, a leader myself.

And it's not something that I say that I am. I just. Do certain things that I want to have as like my standard, whether it's work, whether it's having conversations, whether it's connecting people, if people come back to me and they say, hey, you're amazing, you're great, you're doing this great. But if they come back and say, hey, like, you're bad, I don't like like that. That's okay. You can have your opinion. I'm just doing what I feel like isn't, it's important for me. And I'm focusing on the things that I want to master right now.

[00:43:07] Danny: Love that, uh, Luis. I definitely think you are a leader and it's not about a title, right? It's about, I would say a mindset. Your gratitude, your humility definitely goes a long way.

A lot of people, unfortunately in our industry and probably society at large don't have that. And at the end of the day, just being kind and helping one another. Yeah. Just like you said, I think COVID really put distance away from what makes us human and making it harder to really connect with one another.

And we're all going to be different. We're all going to have our, Perspectives in life. But at the end of the day, it's just taking care of each other. But with that being said, Luis, I thoroughly enjoyed this conversation. I'm a fan. I'll be watching your career and I know you're going to be doing many more great things as you continue in this industry.

Conclusion
---

[00:44:01] Danny: So. Thank you for being on the show. And I might get you on, I'm actually creating another podcast probably later in the year, talking about cyber threat intelligence. So I'd love to pick your brain on that as well.

[00:44:13] Luis: I appreciate you having me and just as what you probably have learned from my trajectory and security. So again, this podcast was great for me. I appreciated it and I had fun with it. So