$4.8M NJ School Cyber Attack, OpenAI Power Struggle & GitHub Reliability Issues | Software Sundays

Show Notes

This week on Software Sundays, KD breaks down how a simple email compromise in a New Jersey school district led to millions in stolen taxpayer funds, a budget crisis, and new debt obligations for the community.

We also get into Elon Musk’s lawsuit against OpenAI, what it reveals about the fight for control of AI, and why developers need to understand who owns the models they depend on.

Then KD covers GitHub’s recent availability issues, including pull request and search problems, and what they teach us about third-party dependencies, platform risk, and engineering accountability.

In this episode’s Q&A, we cover how software engineers can market their services, how regression testing works, what to watch during organizational change, the difference between syntax and runtime errors, and why reading technical books can accelerate your growth.

We close with a mindset reminder: stop overthinking, start trying, and build a bias toward action.

Timestamps:

00:00 - Welcome and disclaimer

02:12 - New Jersey school district cyber attack

13:45 - OpenAI, Elon Musk, and AI governance

25:30 - GitHub outages and platform reliability

39:10 - Why developers need to understand real-world systems

43:02 - How to market your services as a software engineer

52:20 - How regression testing is performed

1:01:45 - What to watch during organizational change

1:12:30 - Runtime errors vs syntax errors

1:21:30 - Three benefits of reading technical books

1:37:40 - Build a bias toward action

1:47:10 - Birthday shoutouts and outro

#SoftwareSundays #CyberSecurity #AI #OpenAI #GitHub #SoftwareEngineering #TechEducation #RegressionTesting #OrganizationalChange #RuntimeErrors #SyntaxErrors #TechnicalBooks #BuildLearnImpact

DISCLAIMER: This is not professional advice. The views expressed are my own or those quoted. Consult your own legal, business, or tax advisors before making decisions based on this episode.

Build Learn Impact is on a mission to help you create wealth, opportunity, and ownership through technology.

Transcript

SPEAKER_01 0:00

Welcome to Software Sundays Builders. I'm your host, K D. I'm a software engineer, information security professional, and your tech mentor. And in this space, we have high-level conversations about technology and the impact that it has on our community. We're going to make sure that you can walk away with the skills and the tools that allow you to grow your income, make an impact in the community, and become an owner inside of the digital society. So if this is your first time tuning in, great to have you. Welcome. And if you've been rocking with us for a minute, it's good to have you back. Thank you for coming. So, quick disclaimer before we get started. Software Sundays is for more informational purposes only, maybe a little motivation as well. But it is not professional advice. The views expressed are my own or those of individuals quoted. It may not be useful in your specific situation. So any topics that we discuss, please consult your own legal, business, or tax advisor before making any decisions based upon information you found in this show. That being said, it's great information, very useful, and you're gonna find something helpful inside of it. So let's jump in, starting with the news for this week. So there was a cyber attack on a New Jersey school district that is forcing them to create a debt cell in order to cover the stolen funds. All this means is there was a cyber attack, and it's not a very sophisticated cyber attack, but $4.8 million of taxpayer money has been lost. About $1.7 million of it was recovered, but there's still a $3 million deficit now inside of the operating budget for a local New Jersey school or school district in all of the schools that operate in there. That could be high schools, middle schools, elementary schools, and every re every other facility that is getting money out of that budget. The interesting part about this story is that the again, the attack wasn't a sophisticated attack. There was an email box that was an email mailbox that was compromised, meaning some employee had a legitimate email that their email was accessed by someone who was unauthorized, some type of attacker or quote-unquote hacker. They, that hacker, was then able to use that email box and that email to impersonate the employee and make I want to say demands, but they were using sending messages from that mailbox on behalf or as the employee requesting money from the district or from the like the borough, the government, the local government of that area, saying that the school district needed that money and they were using it to you know pay vendors or pay salaries, whatever it may be. Basically using legitimate workflows and processes to get money, but then giving the wrong information. So instead of actually giving the money to a vendor or putting the money and wiring it to a legitimate bank account, they were giving their own information. This hacker, this attacker was giving their own information, which allowed them to then basically siphon money that was supposed to be meant for maybe a contracted clean or for the payroll to make sure there was money in there. Like all of that, the funds that were supposed to be used for something to help the school, those were then sent to this attacker, a hacker, or wherever they're at. So it was a cyber-based attack that led to real damages, but that didn't really require any type of advanced AI automation or any type of malware to take advantage of the vulnerability. The vulnerability was in the process that that district, that that team used in order to make approvals, in order to verify financial transactions and these other types of real-world workflows that they are not really considered all the time when we're thinking about technology and how do we secure the technology inside of our system. So the important part that I feel should be mentioned is that this attack could have been mitigated. It could have been so much simpler to set up two-factor authentication for that system, for their mailboxes, to make sure that you know no one is just able to sign in to an email and not have some type of you know, ping go to their phone. Some type, again, two-factor authentication, whether it's a text message, whether it's a phone, whether it's something, uh, something to add some extra verification to say this person is supposed to be inside of this mailbox. Another thing that could have been implemented was to make sure there was a password refresh policy. There is no reason why the password that was being used, I'm sure they didn't change it for a long time. So this could have been picked up through some other external breach, right? A lot of people unfortunately use the same password between their different accounts. And if you are not aware that one account in another, you know, company or other system got breached or leaked, then you're not maybe you're probably not going to change that password. This was another thing, like they should have had some type of policies in place to make sure that password was being changed and rotated. And then just increased cybersecurity awareness, making sure that people understand how to verify the emails that they're seeing, having some type of way to you know check in the physical world, making a phone call before you're doing real transactions with millions or hundreds of thousands of dollars worth of money, whatever the risk uh profile would be for their district, however much money is considered a lot. Because this $4.00 may not be a lot to some institutions, but if they're going to have to raise debt to pay for their operating costs now, this is going to be even more expensive than what the initial amount is that they lost. And that's one of the things. That's the solution right now, is to basically issue short-term bonds that would allow them to cover obligations like paying for the facilities, paying for payroll, utility, things like that, just to get them through the school year and probably into next year. But long term, that cost is going to lead to increased property taxes. It's going to lead to less hiring because they now need to figure out how to make the budget work with an added debt service cost. So things are going to go up for them. But for developers and builders like yourself, it's important to understand that the solutions that we bring to our organizations make sense and work inside of the real world. We can't just make some type of technology or some type of solution available without teaching and training the people that are using it on the best practices. Something that we should all know is emails are not a secure way of sending messages. They're not a secure means of transportation of communication. And so that's something that a professional would be able to share and highlight to the teams that are using and relying on these systems for doing processing of financial transactions. So understand the risks that you're operating in inside of your team and for your specific business, and understand how the technology impacts that specifically. Next up, I want to cover the fact that Musk's trial with OpenAI has hit a few rough spots in the last week. So over the past, I think back in 2024 or 2025, Elon Musk basically filed a lawsuit against OpenAI alleging that they were misrepresenting the use of funds when they initially asked for donations into their organization to research AI and develop AI for humanity. And then they that was the initial call for help. Years later, after they actually got some success with ChatGPT, they then sold a portion of the organization and gave equity when they accepted an investment from Microsoft. So they shifted from being a nonprofit or technically being a nonprofit that was taking on donations to becoming a for-profit that was then taking on investments. There's a big difference between those funds, how they can be used, and the requirements that the organization has for the people that are providing the money. So he's basically alleging that there was some type of you know foul play going on there and it's not right. So he's currently trying to get $150 billion worth of money and damages for this problem. But interesting part there, he only actually donated, I think, about $38 million. I say only, but $38 million to $150 billion is a very large jump. That's all I'm trying to highlight in that point. But basically, he wants to get those damages and he wants Sam along with another board member uh from back in his time to be basically fired. He doesn't want them as part of the company or at least operating and leading the company at this time. But the very interesting part about the story and just the things that are coming up inside of the case is how fierce the competition is in the AI industry. The fact that even Elon mentioned that the XAI models that they're creating and building have all been using open AI's models to train their models. I mentioned it last week with distillation and there's lawsuits that are potentially going to come from understanding who is actually going to get the benefit of AI when it starts to become profitable. Right now, we are still in the heavy investment phase. We're still putting a lot of money into the talent, the capital expenditures, the hardware, the resources there, but it's becoming such a large investment that it's going to be very interesting who carries that risk when we start to see lawsuits and these other, you know, almost stealing of IP coming. In other words, AI safety and governance, right? When you have a nonprofit that is a public good organization leading the development of AI and its use cases, that has a different impact on the community and what gets bought and what gets prioritized than if you have a for-profit organization that is working on behalf of their shareholders, leading that same or not leading the development because they may reprioritize things differently based on now a profit motive versus a community good-based model. And so this is interesting to think about in terms of who actually controls AI and what we're going towards. Is it that we want you know more governance from a private company or from the shareholders of the private company? Or do we want more governance from the actual government or even a nonprofit board that doesn't have any equity inside of the products in the company that they are governing? There's a very large difference there as well in understanding who controls it, who owns it, and who benefits from the development of these models. For developers and technology leaders, it's important to understand when you're using these models and who they belong to and how they've been developed, because we're going to get to the point where the models all exhibit very similar capabilities. I mentioned that Deep Seeks models are maybe six months behind of anthropics or even OpenAI's models, but that's only six months of a difference. There's not a significant benefit to using one model versus another in certain use cases. That's something to keep in mind. You can get 80% of the way complete for your specific use case for your specific workflow with an open source model. So then cost becomes more of a priority. But also when you have to consider transparency and trust and account and accountability slash auditability, do you agree and trust the company that is providing this model or this capability to you? Not just do we trust the service level, right? Like that it'll stay online or be online for 24-7 or have nine nines, right? Like not just that, but understanding that depending on who owns that company and how it's being led, is how they make decisions on privacy, how they make decisions on how they invest their funds. Do you want to be funding an organization that is funding other projects that you may not agree with because they are a for-profit company or because they are a nonprofit company? Like there are different investments that those types of organizations may make that may change the value or change how much you want to invest into these organizations from a customer perspective. So something worth keeping in mind and thinking about when you're building and growing things. And I also wanted to highlight that there was some recent GitHub availability issues that affected their service of the platform, as well as some updates that they shared to basically address what those problems were. So in April, GitHub experienced two production incidents in five days, which is pretty significant. We're talking about GitHub, which is the a major source control management system based on Git that most companies use and most organizations rely on for you know managing their releases if they're using the pull, if they're using pull merg uh not pull mergers, like pull requests, if they're using branching through GitHub, if they're using GitHub actions to deploy and release their code to whatever number of environments that they have, GitHub provides a very significant capability to most organizations that use it. And so when you have production incidents twice in a week that affect your ability to merge and the the reliability of the code that gets merged to your production or even dev instances, that's pretty uh that's pretty significant to consider and keep in mind and think about. So the first incident was definitely related to their pull request capabilities. And so there was an issue with merges that were being done with multiple pull requests in them that were basically overriding the change. So if you merge one branch after you merge another branch, then the latest changes would only have those changes. They didn't actually capture the changes from the previous branch that was included inside of that merge request. And that's basically you're missing some changes inside of your code. You're shipping something out and then finding out later that the thing that you shipped out doesn't include all of the code, all of the instructions, all of the features that you expected it to have. So if you didn't have any checks and balances in place to actually verify that, then you could have possibly been releasing broken code or not fully finished code into your production environment, which will actually start to impact users. And then the other issue was more related to their search, and it basically led to their UI search not showing information that users were looking for, which just makes it a more difficult time to find things if you are looking for a new project or even you know trying to do some research on GitHub and trying to make sense of all of the resources and you know previous versions of that project that might be available. So basically, they were getting no results being shown. And so those were two incidents that could have kind of differing impacts on the team depending on how much people are using them inside of your organization. But the cause is the most important part to consider. So over the last year, GitHub as an organization has noticed that they need to increase their availability and their capabilities on their platform. They've been noticing that their total number of pull requests, that number has been growing. The total new repos that have been created has been increasing. And even the number of commits that have been made inside of GitHub has been increasing in number. All that saying that all that leads to the fact that there's more load on their system, and their system needs to be able to work and still work properly under that increased load, and it's still continuing to grow. A lot of that is due to developments in AI-generated code tools like cursor, like your cloud codes, which can actually push branches, open up a PR, and do all these different things. So you're seeing an acceleration of the usage and calls on their platform. GitHub has been a very core. GitHub has provided a very core product and service to many development teams. And so they're becoming increasingly more important as more code is getting released and deployed and developed. So they're trying to increase their availability as a platform, but going through the same problems that any team will have when they're using AI, most likely, to lead to those developments. So you're seeing things that are inconsistent changes, likely due to someone not, you know, testing the code thoroughly the way they were supposed to, but then releasing that to production, which is affecting their real customers and the their customers' ability to serve their actual customers. So something worth keeping in mind and understanding that you have to recognize the responsibility that you put into these platforms when you let them hold your source code or you let them manage your deployment plat uh pipelines if you're using GitHub Actions or any of these other tools. If you're not self-hosting your code, then you are relying on them to provide that service for you. And yes, it can save your organization time and money and a lot of the operating challenges that would come with trying to build it yourself, which is very good. You know, you don't want to be responsible for everything inside of your platform into one. But it also introduces the risk of that third party making mistakes that you become liable for now. So when you need to release some code, you have to deal with them having made a mistake because you are now dependent on the way that they do work and handle their business. So something to keep in mind with understanding dependencies and just downstream requirements when you're relying on third-party applications.

SPEAKER_00 21:05

So that's all we had for our stories today.

SPEAKER_01 21:09

Uh keep in mind that the stories that we're talking about, uh they are based on the industry and understanding that we're not just developers that write code. We have to understand that our code is operating inside of the real world, that our code is just our instructions to a computer on how to model the world that we live in. And so we need to not only understand how to code and write code and read code, we need to understand how the world works that we live in and understand the complexities that are tied to the systems that we have to develop for. So uh like, comment, and subscribe. Uh, let me know what you think in the comments about what we've discussed today. Let me know what are some of the implications. That you're seeing for the economy, for the society, and even for the just industry as a whole, and based on some of these developers. We're going to jump into our questions for this week. Thank you to everyone who submitted a question and is looking to again further develop as a developer and grow as an engineer along their journey. We want to make sure that you understand the industry that you're joining and understand how to improve and shine and be excellent in the space that you are seeking to be in. So if you have any more questions, uh definitely always put them in the comments, add them on Instagram, and we will uh get to those as soon as we can.

SPEAKER_00 22:57

How do you market your services as a software engineer?

SPEAKER_01 23:03

So marketing your services as a software engineer is all about making it clear to recruiters and people that you hope to work with that you can solve problems that they care about. When you're thinking about your marketability online, and you should think about it as being online, right? Because we are digital first world, uh, you should always be marketing your services. You should always be aware that people are able to see when they're looking for someone that does what you do, they're able to see a bunch of people that do the same thing or that claim to do the same thing. They need to understand that you, when they're searching for you, are the person that can actually solve their problem and help them today based on what they're having problems with. There's so many people growing joining the industry that you have to understand that you need to stand out in order to make a name for yourself, but also to compete inside of the minds of the people that are looking for you and your services. So you want to focus on providing some proof to your target audience, to your target market. You want to make sure that you understand and have created a portfolio. That portfolio could be GitHub, it could be LinkedIn, it could be Substack, it could be anything, YouTube. Basically, you want to make it clear online in an easily accessible format that this is what I've done, this is who I help, this is how I do it. And you can do that again through all of these different platforms with different mediums. You can use videos, you can use text, you can use just code. And the goal is being clear about what you have worked on and how your experience can actually solve a problem. So we got to think about marketing ourselves as the solution, right? And tying it back to a specific problem. You want to make sure that when someone searches for you, that they understand what you do and they understand how you can help. So that could be making sure that you have understood and you understand the connection between you just knowing how to code and them needing someone that either needs to develop a product, or they need someone to make the product more reliable, or they need someone to help in increase the or reduce the risk related to how they're updating their products or releasing their products or even operating the products. You have to make sure you're clear about where you actually can support them. And so when you're marketing yourself on a platform like LinkedIn, you want to make sure you're commenting and posting about the solution that you provide and being engaged in communities that talk about the problems that you're trying to solve for, right? So you want to be consistent about that. You want to offer some insights sometimes, you want to also offer some actionable advice and then make an offer, like let people know that hey, this is what I do, this is what I like to talk about, this is what I want to work with, and just being consistent and clear on that platform in GitHub. If you want to be close to the code and implementing some of the solutions that you have identified your target audience or your target uh customer needs, then you want to make sure your code is clean and it makes sense. It's clear to someone looking at it that hey, this person not only knows how to write code, but that this code does what they said it does. And you have to understand that when you create that repository or that project, make sure you are not just writing the code or having Claude write the code. You want to make sure that your PRs are clean, that you're using clear messages. You want to make sure that there's a README that describes exactly how to use this project, why it's being developed, and what it does.

SPEAKER_00 27:07

You want to make sure that you're being consistent about how you're showing up online and how you want people to see you.

SPEAKER_01 27:21

And so you should also always be marketing, you should always be putting out your information and your experience online so that people always have access to what you're building just in case they need you to come build it for them.

SPEAKER_00 27:42

How is regression testing performed?

SPEAKER_01 27:47

So regression testing is the practice of verifying that the thing that you changed inside of the system didn't break something that already existed. When we're talking about actual businesses, the goal is to serve the customer and continuously serve the customer at the best and highest quality. And the goal of engineering and any technical function inside of that organization is to reduce the risks associated with either providing that service or improving that service. So you need to make sure when you are making a change to a process or making a change to an application or some type of product that you understand exactly which systems are going to be impacted when you make this change. Not just systems as in other services or scripts and applications, which you need to understand and be clear about, but also the people that will use this application. If you make a change and don't make it clear to the people that use the feature or use the service that this change has been made and they no longer know how to use it, or they have an experience some difficulty using it in the future, then that increases the risk for that time. And that's what we don't want. We want to make it feel very seamless when we make changes. And so that's why we do regression testing. Regression testing is gonna be done through some automated means, or it can be done manually. If you have unit tests inside of a Go application or some type of Python application that you can just run with your CICD pipeline, you can have a pretty good confidence that yes, I made this change, everything still works in that old test. And I have some new tests that I've created that also verify, validate that this new scenario that has been added into the code also continues to work. That's one way to do it. But you can also have a manual system of just going into the application using it inside of your lower environment or your local environment to make sure that the thing that is supposed to work still works, whatever the main thing is, whatever the thing is that is still a that is being affected by the change that you made. I'm not saying go through each and every test manually, but sometimes you will depending on the scope and the size of the application that you're changing, but you should understand the full workflow and be able to track the full workflow and any changes that happen based upon any of your change, any of the changes that you are adding today. Because you want to be able to compare the actual behavior that you're seeing after your change with the expected behavior that you would have gotten before the change. So having some processes in place for yourself to do that will be very helpful as well. But again, the business only cares about reducing risk. They want to make sure that, yes, we want to improve the product, we want to add new functionality and features. But if you're breaking things that people have come to already rely on, then people are gonna lose trust in you, your customers gonna lose trust in you, and that is a net negative for the business.

SPEAKER_00 31:14

What should you keep an eye on during an organizational change?

SPEAKER_01 31:21

Organizational changes or re-orgs are some of the most stressful times for people and the systems that they work on. One of the things to keep in mind when you're going through an org a re-org at your firm is to understand that with so many people leaving and moving and being moved around, and sometimes even being added, the ownership and accountability is going to drift a bit. There are going to be people that were stakeholders for something that no longer are taking responsibility for it. They don't know who is supposed to be the new person to take ownership of it. And that ownership change can lead to gaps in how things are managed. That can lead to gaps in understanding that this process was supposed to run, but it's no longer being run. And we don't even know who was supposed to do it or how to do it. So that is a challenge you have to deal with during these times. Another issue that you might come across is unreliable communication. Because some people are coming in new and some people are going, the messages, the mission, the objective that you and your team are supposed to be going for, that may be changing week to week or even day to day sometimes. The decisions that you are waiting for may be made informally. So there's no same chain of command that you usually expected. So you have to prepare for that. You have to be able to identify who the who you're accountable to. Who do you need to connect with when a change or when you have a change that you need to make, and who do you need to make sure understands what you're doing now, now that other things have changed. Basically, you need to understand that you're still there to provide value and you're still there to do your job however best that you can. So being able to know who to communicate with and how to communicate with that person is something that you need to uh focus on and do as quickly as possible, even in the midst of these types of changes. But one of the most challenging aspects of a re-org is that a lot of information and like process information, application information, and just know-how that was held internally by the people that used to work on the product or used to work on this team, a lot of that is going to be gone. And unfortunately, industry does not document processes and systems enough. So you may be taking over a process that has not been well documented, and there's now no one who you can speak to to actually understand what is supposed to work and how it's supposed to work. So there's gonna be legacy systems that no one fully understands, but that they still need to work, and everything should be fine if they work when you know the person was here. But when you're making changes, when other things in the system have been changing, right? When the person that was supposed to click the button doesn't know that they need to click click the button now. That knowledge about how to restart something or how to fix something now that it's broken, a lot of that is usually gone and sometimes going for good, and it can take a long time to get it back to a point where it's reliable again. So understand that any type of org change is not just, you know, you're changing the org chart, you're not just changing who someone reports to, you're changing how information flows inside of that organization, you're changing how people are incentivized to do their best work, and you're changing the trust and the stability that people feel when they are going to work and when they're doing their task. So there's a lot of change that needs to be managed, but your goal is to again continue to provide value and seek opportunities to continuously serve your customers, your partners, and yourself in that or in that organization.

SPEAKER_00 36:02

What's the difference between a runtime error and a syntax error?

SPEAKER_01 36:07

So a syntax error is going to happen when you have said something incorrect in terms of the rules of that language. This is going to be when you forget a parentheses or you forget a semicolon in the languages that use it, or even you misname some type of variable and start using it in other places inside of your code. The syntax error is basically you saying or the compiler telling you that your grammar is wrong and that the thing that you're trying to say doesn't make sense according to the rules of this language and how we expect to receive information. And those can usually be caught before runtime. Those will be caught when you try to run your test or your apps uh in the first place. So that's usually something very simple and easy to find, even if sometimes it can be a little uh, I won't even say difficult, but it can be a little annoying to actually solve the problem when it's something like you're just looking for a missing parentheses or a missing quotation mark. Sometimes, especially if you're looking you've been looking at the code for a very long time, you may just miss where that error is coming from. And sometimes, not all the time, will the error messages actually be helpful when they're especially if you're early in your career. But runtime errors are the most, or I'll say are not at the most, but they're more challenging to solve and a little more dangerous because they're not going to be caught when you run the applicate the application or you test your code, they're going to be found by the user when they actually start executing something that you are providing inside of the code. You're because your code is basically it's structured correctly, but there's something inside of your code that doesn't make sense or that would be impossible to do for the computer when it tried to do it. That's the difference, right? And it's only when they tried to do it. So you could technically have the same line of code that works all the time, but when a specific variable or a specific value comes into that program, then it starts to break. And so this is when we see runtime errors actually leading to customer dissatisfaction because they actually see, oh, there was some input that wasn't properly uh no, it wasn't properly processed that is just causing them to not be able to do the thing that they were trying to do. So that's a little bit more difficult, and again, it impacts your users more directly because it's in front of them. So you should always be having some type of error and exception handling inside of your code and inside of your projects to make sure that when a runtime error occurs, you are not just sending back, you know, whatever that error is. You want to make sure that you are kind of bubbling up a generic enough error for the user so that they can know to either try something again or do something different, and having enough detail inside of your application logs to make sure that the developers who work on that product can actually go resolve the issue now that they understand that hey, this input is causing this issue because you're gonna have to, once it's a runtime error, once it's something that is happening consistently consistently, then it's something that you have to go in and solve because it'll be a persistent bug. And it may not, again, it may not affect everyone, it may be some very specific edge case that is always having the problem, but you have to make sure that you are logging your errors well enough to go resolve them when the time comes.

SPEAKER_00 40:26

What are three benefits of reading technical books?

SPEAKER_01 40:32

So, for engineers, architects, and professionals, the benefit to reading a technical book is that it will help you speak the language of those more senior professionals and it'll allow you to make much more clear mental models of the systems that we're building, which all around just gives you a longer term or it improves you long term for operating inside of our industry. When you read a book that like data applications, or I'm reading the CI SSP study guide right now, when you read these texts and you go through the chapters and you read about different terminologies, you'll read about actual fundamentals of how some of the systems that we kind of just rely on to work actually go through and say, This is how they work, this is the historical concept, context related to how this system is working and why it works. It's gonna expose you to the real world scenarios that actually led to this development or led to this philosophy inside of your industry. And that's something that you won't really get by just well, you wouldn't get if you don't never read about it or you never experience it. The people that read these texts are able to experience the challenges that come with working on distributed systems without having to work inside of distributed systems, they understand the risks and the challenges associated with cybersecurity in a remote first environment without having to actually have built any tools for that same environment. And it allows you to go more in depth when you're just working on with documentation for a specific tool, or you're working on and reading a blog, you're not able to go deep enough to understand and create questions that would be important to help you solve that problem if you had to do it again or create it from scratch. And and I say you still need to practice what you're reading, but having that extra context and that extra insights from someone who has done it before, right? These authors are not new to the game, they've been doing it, they know what they're doing, they know what they're talking about. So when you read their thoughts and you learn from them, it just puts you a little bit farther ahead than people that are just trying to learn it on their own. It's like having that mentor in your back pocket that's telling you what to look out for, where to go, and what to focus on. It's super helpful. And again, it goes it makes you more likely and able to communicate with the people that are in those same shoes and those same positions, right? Because these people have been working in the industry for decades. They've been working and understanding how technology blends with the business for decades. So the conversations that they're having, the things that they find important and value, you may not understand it unless you talk to them enough of them to start seeing like the similarities and hearing those conversations. But having that text to help guide you and kind of prompt you and make sure you recognize some of the words in terms. That they're using, it makes those conversations go much smoother, much smoother, and easier than if you had to again just jump in and figure it out on your own. So you want to be, and it's helpful to consume different types of information, especially when you're learning about technology and learning about how to operate as an engineer or a professional in this space. You want to have been listening to podcasts, you want to be listening to videos and tutorials, you want to be reading text and books on the topics, you want to write some blogs yourself, you want to make sure you're documenting your knowledge so that you basically have different models, models that you're using. You want to speak it, you want to talk to and have conversations with people so that you can actually practice things that you're learning and you want to just immerse yourself again inside of the space. Books are a great way to do that, and it expands the number of ideas that are available to you because you're pulling them from the best of the best at that point. So I mentioned that I have been uh studying for the CISSP, and one of the things that I felt was interesting while reading this book is that the concepts that I kind of am familiar with from an operational standpoint. Like I understand how to set up a firewall, I understand, and I'll say I understand how to set up a firewall using the security uh policies available on AWS for a VPC. So I've done that before to allow connections for HTTP uh network calls. I've done some of the activities, but when you're going through the text and understanding why we're using this terminology or why you're using this port versus another port, like you go very low level to really just break down why the entire internet works the way it does. That context and that perspective is not something that you get from just practicing, that's something that really does come from reading the thoughts and ideas of others. So it's been super helpful. It's allowed me to ask different questions, right? So when I'm going into my projects and talking to different clients and stakeholders that I work with, I have a different context available for why we're doing something this way. And I can actually point to a not just industry best practice that I've read in you know some blog or someone was talking about it, but I can point to this like fundamental concept or this fundamental algorithm and protocol that we're using that needs to be clarified or that can be clarified in a different way. So the questions that I ask come out differently just because I have that greater level of context from reading some of these texts and these books. So it's best, like I know when you're in university, a lot of time you're moving so quickly that you don't have time to read everything. And it's probably gonna always be like that. You gotta learn quickly, you gotta learn fast, but it's never a bad thing to go back and go through these texts and understand kind of the fundamentals about what we're working in and the space that we're working in. Because it's huge. No one is actually gonna know and learn everything in the industry in the tech space, but being able to pull on some of those concepts whenever you can is going to be super helpful to you and your growth in your career. That's all we had for our questions and QA for this week. Uh, I hope you have been able to gain some value from the perspective and insights that I've shared. If you have any further questions or need me to clarify something, definitely let me know in the comments or in you know wherever you find us, and we'll be happy to answer those questions. Uh, before we jump, I do want to just go into our mindset section. Something that I've noticed is that people that are saying they're interested in a topic or they're interested in a field or a space or some role, they say they're interested and spend a lot of time planning and thinking about how to get started and how to jump in. But I think it will be very helpful if whenever you find yourself being interested or even thinking about doing something. As long as it's not something you know really bad and you know that there are like really high or severe risks to doing it, you should do your best to just jump in and try it. You should do your best to step forward and make an attempt at the thing that you want to try and that you have some interest in. Because the sooner you can get it out of your system, the sooner you can validate that, hey, this is what I like to do, this is what I want to do, and this is what has been interesting to me, then the sooner you can either say, This is what I want to go farther in, or this is where I don't need to go any farther, I can focus on something different. When you're too busy in your mind planning and saying, This is what I'm going to do, or this is what I should do, and you never actually do it, you spend a bunch of mental energy not learning and not growing in that area. And then you still will at some point need to go back and go do the thing if you really are dedicated and uh if you really want to get it done. Spend if you're spending too much time just thinking about what to do next, then it's going to be a waste of energy for you. So I think the people that are going to have the most success are the ones that understand that this is what I want to do, and they move as quickly as possible to do it, to set themselves up to actually learn if that's really what they want to do. Because you're not going to get good at it the first time anyway, but you're going to get better at it faster if you do it sooner rather than later. Because it's going to compound whatever uh experience you have, whatever skills you develop while you're practicing it, while you're trying trying it, you're going to develop just off of having that experience and having something to just to use, say, Oh, I've done this before. You may not have done everything, you may have not taken it to the highest level in that skill or in that opportunity, but you have something that you can build off of the next time you try to do it. And that's something that you can't do if you're just thinking about it. So, whenever possible, try to have a bias toward action. Look for opportunities to get experiential learning, to get hands-on, instead of just saying, I want to do this and I'm planning this and you know, doing all of that. Reality is going to give you the best feedback, whatever it is, whether it's good or bad, reality, you doing it and actually seeing the outcome or the results to whatever it is that you've got done or you didn't get done uh successfully, that's going to teach you much faster than your imagination can. And your imagination, if you don't have enough experience anyway in this area, it's not going to give you enough depth, enough clear clarity, if you've never, again, you've never done it. So your imagination is just gonna tell you, hey, this is how it you think this is what's gonna happen. But reality when it's gonna put belt to behind if you mess up, and if you still want to do it, if you still feel motivated and inspired to do it, you're gonna do it, and next time you'll do it better, and so you you just grow faster that way.

SPEAKER_00 52:11

So thinking, even thinking about that, I've heard a quote before that most doors are two ways, right?

SPEAKER_01 52:20

Like if you are worried about jumping in and doing the thing because you feel like something can go wrong, yes, something can go wrong. But a lot of the decisions that we are afraid to act on, they're not going to be a one-way door. It's not like you can't say, I'm gonna try this, and then when you do it, if you don't like it, you change your mind, or you can't change your mind. You can always go back, realize, all right, this is not what I want to do anymore. It's not fun, it's not for me, or it's not like whatever the whatever your reason is for deciding that you don't want to do it, get to that quickly. You don't want to be having something weighing on your mind as something that you wish you could have done or you wish you had done. Get it out of your system.

SPEAKER_00 53:08

Either it's gonna be the best thing ever or the worst thing ever, and you can do something different with that when the time comes. And quick announcements before we jump out for this week.

SPEAKER_01 53:27

Uh, it is the dopest tourist season. Uh we got a few tourists that are having birthdays this week. So, first, happy birthday to my brother Double S. I hope you're feeling great. I hope you're feeling gifted. Uh you are a light in this world, and I hope you continue to shine. And I'm glad to see you still growing and be being an amazing person. Uh, happy birthday to my little cousin Austin. I recently saw him like a few weeks ago, and it's crazy. He's getting big too. It's just like he's one of the babies in the family, so it's so interesting to see them all getting bigger, to see them all growing, and just to see little baby Austin becoming a bigger young kid. So happy birthday to young him, uh, and my big sis Janae. Happy birthday to you. Uh, you turning the big 30, and I just am just saying happy birthday. I hope you feel good. I know we've made a lot of jokes about turning 30 and all that, but you 30 is cool. You still amazing, you still grow, you got a lot of life left in you. Continue to you know, focus and grow and develop yourself, and just be happy that you thrive in 30. It's not just 30 that you're getting old, you're getting, you're, you're growing. You still here, you still putting on, you still becoming the woman that you want to be. And just stay healthy, stay doing your thing. So, happy birthday to you, and happy birthday to my bestie since fifth grade TB. Uh, happy birthday to you. Uh, congratulations uh for your like you're not we're married yet, but you're engaged, so like you are growing too as a person and growing in your life. So I love to see that. I love the fact that we are still in each other's lives as we continue to grow and become our older, bigger adult selves. Like, um, just happy birthday. Hope you're feeling great this year. I hope you're feeling happy, loved, um, well taken care of, and do just continue to grow happily, healthily, and all that stuff. So uh everybody, enjoy your birthdays, be safe, have fun, and find some peace and the and some love in your heart for your birthday, for yourself. If it don't come from nobody, I hope it comes from yourself. So enjoy. No that to say, we are ending out. Peace out, my people. I hope y'all are all great. Happy Sunday. Enjoy your week, be happy, be great, and I'll check back in with you next week.