Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding Artwork

What's in the SOSS? An OpenSSF Podcast

What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.

Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.

Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.

About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.

All Episodes

What's in the SOSS? An OpenSSF Podcast

Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding

March 25, 2025 • OpenSSF • Season 2 • Episode 2

In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth.

Episode Highlights:

00:18 – Introduction to Yesenia Yser
00:55 – Yesenia's open source origin story
03:30 – From cybersecurity professional to jiu-jitsu practitioner
05:56 – Building a personal brand in tech and beyond
09:04 – Advocating diversity in tech through the BEAR group
12:40 – Fun rapid-fire round (VI or Emacs, Coke or Pepsi, favorite open source mascot, spicy vs. mild food, and more)
13:52 – Yesenia joins as new co-host of "What's in the SOSS?"
15:39 – Advice for breaking into open source and cybersecurity

Connect with Yesenia:

Get Involved with the OpenSSF:

Welcome to What's in the SOSS, OpenSSF's podcast where we talk to interesting people from all throughout the open source ecosystem. My name's CRob. I'm one of your hosts for this endeavor. And today we have an incredible treat. I am talking to a very dear friend of mine and amazing upstream open source contributor, Yesenia. And we have some amazing news we're going to share at the end of the podcast today. But, Yesi.

Please introduce yourself to the audience and maybe tell us a little bit about your open source origin story.

Yeah. Hey everyone. Thank you for those listening. So I'm Yesenia, I was born and raised in South Florida, Miami. I'm Cuban American. I've been in the cyber tech industry for over 12 years, bachelor's in computer science, master's in digital forensics. And I usually like to joke that I social engineered my way into my first security role. It was always interesting because in school I used a bunch of tools that was online and free.

My first couple of jobs, we used a bunch of libraries and things of that nature. It wasn't until my time at Red Hat, which was like six years into my career that I realized what I was actually using and that it was open source and there was a huge community of like great and amazing folks behind it. They're part of it. So from there, I started exploring open source more exploring OpenSSF, a community that I do a lot of, advocacy work and, contribution to.

but it was just, it was very interesting that for someone that uses it, this is just, you know, everyday person that's like learning how to code. You bring in Python, you import your libraries and you got to keep them up to date every now and then. And you don't really know where they come from, but they come from a little black hole that's called the open source space. and then, my journey took me from Red Hat. worked at the Linux foundation on the Alpha Omega project. So I was helping with the Omega piece of it and we, in which we were automating, security vulnerability identification and open source software. and then my career took me to Microsoft where right now I'm working on artificial intelligence and open source security research. In that space, I got to explore both AI from large tech industry and all the threats and yumminess that is in this emerging new technology. And then I got to share.

My love and passion for open source.

That's awesome. And as we mentioned, you and I both work together at Red Hat, where you were the very first supply chain security engineer. So I am a little bit more up to speed with your background than other folks may be. But I think what's I find very fascinating about you

is that you not only are an amazing technologist and super smart, but you also have a lot of outside of work activities that I find very fascinating. Could you maybe talk about how things like your passion for jiu-jitsu and outside activities kind of inform your practice around open source security and AI security?

Yeah. So starting at Red Hat was pretty, pretty cool. I was there as the first supply chain security engineer. A very big breach happened called SolarWinds, in which it blew up the supply chain security space for the industry. So it was really great to be in the forefront of that in such a big company that is big and open source and be able to see all the plethora of things that happened in the wild wild west that is the development industry.

So outside of work is usually what I like to say my day job. So by the day, I'm a security professional. By night, I'm a who would have data, which means a jujitsu practitioner. I've been working, I've been training and teaching jujitsu for almost seven years now. Started with the kids and working with them. And it was just lovely to see their faces bright light up when they learned a new technique. And over the years I've seen.

parallels between jujitsu and my own cyber career, in which I became a mirror of things that I was seen as myself in a leader in the cyberspace that was holding me back. And then that was being mirrored into my jujitsu. A year or so ago, I started a nonprofit called the Lioness Instincts, in which our mission is to empower women to protect themselves both physically and digitally, because as a security professional and a

presented to Chit-Zu instructor, which we would teach women's self-defense classes and teach kids. I saw a huge boost in just their self-confidence and being able to work through some of the traumas that does happen through some of the crazy things that happen throughout the world. So we started the nonprofit. And if I'm not in the cyber world, I'm on the mat teaching and training. I also have two dogs that I teach and you'll see me with them as well.

They're their own puffer of tricks and cuteness.

That's awesome. And I know how much this kind of outside advocacy and your jujitsu kind of affects, know, it colors your thinking and how you conduct yourself. Let's think about this. I know you've kind of taken this and kind of started to develop a personal brand around these types of things. Can you maybe say why it's important for people to find these opportunities and these passions and kind of try to do this for themselves? How does this personal branding help you?

Yes. So for me, it's my personal brand. And for those that follow, I'm called cyber who data online because of the mixture of, me, gives me a purpose and an avenue. And usually when I make a decision of something that I'm going to do, I asked myself, does it match or fit my brand? And my brand has its own pillars of advocacy as it has its five, has its five pillars, is, cybersecurity and promoting advocates.

see education and guidance to get more folks into the industry. There's just the empowerment, self-defense, digital privacy piece that involves digital and the physical side, teaching and lessons, motivation, and then lifestyles. Because I normally talk to folks and they're like, you have a very interesting lifestyle of just working in training, working in training, and then running a nonprofit. So I feel like a brand helps you not only keep

Cause I'm, have ADHD, so I'm all over the place, but it helps me keep, aligned with what I'm doing. and then ensuring that I can go back to it when it comes to social media platforms, it helps people know who I am and what I stand for. So I've been in conferences, both physical, like for jujitsu things, and then for cyber security things or open source. And they're like, you're the jujitsu girl. you're the cyber girl. So it becomes, it's great. I'm like, yeah, you know me.

it becomes a cool way for folks to connect with you on a more personal level, understand who you are. And in that, once you hear that you understand that I'm a martial artist and any thoughts around martial artists, you, you relate it to me in a, in a way. So martial artists tend to be disciplined. tend to be focused. They tend to have patients. So as an individual that's applying to cybersecurity roles that
are fast pacing, working with executives. Things are constantly moving. You have to adapt quickly. The mindset of a martial artist, I think, falls very well into that, which helps with interviewing. And somebody said it the other day, which I think this is great for branding, is your brand should be getting you the interviews. So instead of you searching out for these interviews, your brand should be helping you acquire what's right for you.

And it's just very important when you're networking and connecting with folks that your brand speaks on who you are, whether or not you're in the room.

Excellent. Yeah. And thank you for all you do for especially, you know, late getting ladies into cyber and talking about self-defense. I think that's amazing contribution back given back. We get to work together in the OpenSSF as part of a group that also has a lot of very strong advocacy bent to it. So maybe could you talk a little bit about the bear group that we participate in and you know, why is it so important to kind of bring awareness and kind of reach out to people that may not

of my net be currently in this career path of this world.

Yes. So the BEAR, we have, we have, I think what we're doing in the group is great. So bear stands for belonging, the E is empowerment, A is for allyship and R is for representation. And I, I strongly feel very passionate about this because in the open source space, let's just start with the challenges. A lot of the times are open source maintainers. They created this when they were younger. It was a college project. It was just a fun idea that they had and somehow it went very mainstream. It went viral, blew up, and now is in 80 to 90 % of software that's out there, right? So we have this one tool that's maintained by one person who probably has a family, who probably works two or three jobs. And it's crucial to everything from U.S. government infrastructure to maybe

you know, outside sources to big tech company, industries. So the idea of BEAR is to be able to make that bridge a little bit easier for folks. Cause I know myself when I was starting, as I mentioned earlier, I didn't know what open source was. was just like, okay, some cool thing that I can pull from online, but having these like community office hours, which we do once a month, we get to highlight different areas of like how to get started into space, how to look for mentorships.

We talk about your branding and how to get that. And we just highlight a lot of amazing voices in the community and that we are associated with to bring out different representations and ideas that will help folks understand how to get into the industry. This is also for folks already in the industry, because if you want to give back or you have knowledge that's very important, you can set up your own mentorship. You can join our community and plan different events.

We're looking to also host conversations at different OpenSSF and open source community conferences. And this advocacy is important because it's going to give maintainers and open source contributors a little bit of extra break room to bring more folks in. One of the biggest issues you hear is that people just don't have time. But if they have an individual...

it's willing to take on a task, right? And it doesn't have to be a coding task. It can be writing documentation to make it easier for other people to use it. It could be updating the website. It could be a plethora of different skills that doesn't require coding that can assist the maintainer in coming on. And we can just improve our open source software and tools usage. Yeah, it's an, love the mission of the BEAR group and I love kind of the, how we're moving forward with the community office hours. I think it's been really impactful to kind of give these different perspectives and try to help have a very broad contributor base and help people break into something that sometimes there's a lot of obstacles to, right?

There's a lot. And if you've missed any of the previous ones, they're on YouTube. You can check them out and join us on Slack and ask questions. We'll be willing to either make a community office hours specific for that or just answer your questions right there on Slack. Even if you're looking for a project.

Cool. Well, let's move on to the rapid fire part of the interview. All right. I have a couple of wacky questions. You probably don't want to be drinking a drink when I ask you this. We don't need any spit takes, but first question, VI or Emacs.

VIA Max, we're going to go with VI.

Nice. Excellent, excellent. There are no wrong answers.

Here.

Next question, Coke or Pepsi? Yes, there was a right answer for that one and you've got it. Who's your favorite open source mascot?

I got CRob
with the goose hat.

Probe the goose thing. I don't think you have a tattoo of that one yet though.

yet but the one I do have a tattoo is Tux

Very nice. What's your favorite adult beverage?

Coffee. This place is coffee.

Yum yum yum. Love me some coffee. And last rapid fire question, spicy or mild food?

None of the above. I'm Cuban. We don't do spicy. It all hurts.

Fair enough.

Seasons. A season with a double.

Okay, excellent. Well, thank you for playing rapid fire. So before I move on to our last question, I wanted to let the audience know that Yesenia is going to be joining us as a featured co-host of What's in the SOSS. So you're going to see her talking to some other amazing, interesting people. Do you want to give us kind of a little taste of what you, kind of the types of topics or people you're interested in exploring as you're going through and doing interviews?

Yeah, I'm just interested in getting folks in the open source community and then external that may not even be aware that they're using open source or how they can get involved. Our upcoming community office hours is going to bring in some amazing voices. But really just anybody that's interested in speaking, speaking in the open source, talking about their journey in any shape or form or bringing in some technical coolness that, you know, like to spice up the SOSS, right?

So if you are interested... Was that the play if I said spicy? Yeah, I had feeling that was going be the audio.

yeah, just looking at my list, but, once I post, this episode or just a general call for action, I'll, I'll keep the community up to date, but if anyone listening to this is interested or has an awesome voice that they would love to share the space with, let me know.

Yeah, I think this is going to be really amazing. Kind of reaching out to new voices and perspectives and just kind of broadening the awareness of the things the foundation does and the importance of open source security. So thank you for joining us. Yeah. And to that end, as we launch you off on your new endeavor, what's your call to action or what advice do you have for people trying to get into this crazy field of cyber and open source security?

Thank you for having me.

One thing that you'll hear me advocate over and over again is to find an open source project that will support your career growth. Whether you're looking to go into program management, business analyst, management, or your technical skills, find a project that aligns with you. You can jump on the open source Slack and hit up in general, just say, I'm interested in doing this, this, this. This is how many hours I have. And I bet you someone's going to be.

Hey, come over to our group, join us. We'll teach you along the way. That's the best thing I know about open source and the tech is folks are very open to teach.

Well, again, thank you for joining us today and thank you for volunteering to help us co-host the podcast. And we look forward with eager anticipation to the amazing interviews you're going to do for us. And with that, it's a wrap. Thank you all for joining us today.

It's going to be amazing. Thank you.

Like what you're hearing? Be sure to subscribe to What's in the SOSS on Spotify, Apple Podcasts,

Pocket cast or wherever you get your podcasts. There's a lot going on with the OpenSSF and many ways to stay on top of it all. Check out the newsletter for open source news, upcoming events and other happenings. Go to openssf.org slash newsletter to subscribe. Connect with us on LinkedIn for the most up to date open SSF news and insight and be a part of the OpenSSF community at openssf.org slash get involved. Thanks for listening and we'll talk to you next time on What's in the SOSS.