Phone Number +1-202-802-9399 (US)

Thycotic PAM, IT and Cyber Security Podcast
Listen on-demand

401 Access Denied Podcast

Welcome to the 401 Access Denied Podcast, where we dissect what’s really going on in today’s world of cyber security. Topics range from finding a job in cyber security, to dealing with insider threats, to going inside the mind of a hacker, and more.

Bi-weekly, Thycotic’s ethical hacker Joseph Carson and the cyber security training experts from Cybrary will share their insights along with our special guests.

Want to give input on our next cyber security podcast? Give us your topics

Find 401 Access Denied on your favorite podcast channel or listen here.
Apple | Spotify | Google Podcasts

Thycotic produces this podcast in partnership with Cybrary, the cyber security and IT career development platform.

401 Access Denied

Episode 6

Diary of a Cyber Security Grad

EPISODE SUMMARY

Joseph Carson from Thycotic is joined today by Emma Heffernan, one of the most recognized new cyber security pros in the industry. She’ll share her experience as a recent graduate turned pentester and speaker as she navigates her way through various industry roles. Emma shares ideas you can apply to further your industry knowledge.

[cyber_dictionary]

Joseph Carson

  • Chief Security Scientist at Thycotic
  • Over 25 years' experience in enterprise security
  • Author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies"
  • Cyber security advisor to several governments, critical infrastructure, financial and transportation industries
  • Speaker at conferences globally

Joseph Carson:

Welcome to the 401 Access Denied Podcast. My name is Joseph Carson, chief security scientist at Thycotic and cohost of this show. This podcast is all about making cybersecurity easy, usable, and fun. Come back every two weeks to listen in and learn about what's the latest news or even submit your own questions on via the community.

Hello, everyone. Welcome to today's show it's the 401 Access Denied Podcast and I have a very special guest on the show today. Really excited to have a chat with and talk about her journey into the cybersecurity industry. So today the awesome guests we have is Emma Heffernan and who she's a security analyst with edgescan based in Ireland, I think Dublin.

Emma Heffernan:

Yep.

Joseph Carson:

And congratulations as well for being highly commended as a finalist in this year Cybersecurity Student of the Year award and also to edgescan as well for getting the Best Vulnerability Management Solution at this year's SC Awards year 2020. And that's a really awesome achievement. That's amazing to get recognized even as a finalist and well done. And I thought the SC Awards I thought that they had a great show this year, given that it was done virtually and a virtual event. It's always difficult to convert and do something and get everyone involved. I thought they did a fantastic job into getting it live and getting it broadcast and continue on. We have to continue with some type of normality as much as we possibly can.

I want to talk about your journey and some of your experiences and somethings that you can share with the audience into lessons learned and maybe recommendations for anyone who's interested in also joining into the industry. Let's get started with your cybersecurity journey. The first thing I want to get into is, is what got you interested? What was the trigger that got you interested in cybersecurity?

Emma Heffernan:

Thanks for having me Joseph, an honor to be here. What got me in cybersecurity was I actually always wanted to be a maths teacher when I was in school and … equations and stuff like that was very much masculine, wasn't very into theory or English. It was just …. Same with computers. We took the ECDL course as part of our transition year. That's like our fourth year here and that sparked the interest at first and then I was like, oh, this is cool. And then during my fourth and fifth and sixth year of school, there were cybersecurity … the college that I attend now.

Myself, my cousin went and we had a bit of fun and got to meet some of the lecturers there and they got to tell us about the courses. And there wasn't very many women lecturers, so it was daunting to find out oh, 15 male lecturers and no female, it was a bit odd. This might be area to look at. Came to my leaving cert year … during my final year exams. I didn't really know what I wanted to do. Maths teaching was off the course at that stage and points wise. We go by a point system here in Ireland. I didn't make the cut for the maths and such, but I took my cybersecurity course, ever since I've loved it. First two years of the course were very general. It was a lot of programming, just the general, a little bit of game design and then third year is when we specialized in cybersecurity.

And within the last year, I've delved into the security, I've Twitter a bit more, trying to be more engaging with people. And I think from there meeting people through Twitter was a massive help for me because I got to meet so many other students who are in the same area. You're learning loads. What got me really interested was my dad was in the industry and my uncle's in the industry. To hear their experience and see how successful they're doing, it's an eye opener. The first grandchild of both sides of my family, first person to get a degree. Everyone's looking up to me to try and teach them and show them the ways. And cybersecurity just seems like the best option right now for anyone that's trying to look for a career path to take. Had I took maths teaching, I wouldn't be here today on a podcast with yourself.

Joseph Carson:

True.

Emma Heffernan:

I wouldn't be doing half the stuff I do. It's grateful like sometimes you have your … but cybersecurity, it's definitely like my dad is an inspiration to me. I look up to him for what he does and what I can do in the future. Cybersecurity, that's how I got in.

Joseph Carson:

That's fantastic. When I'm listening to it, I've very similar background as well. Maths was my thing as well at school. I was horrible at languages, still am, even though I'm based in Estonia and the local language here is Estonian. My capability of languages is non existent. I can get through in life, but maths is more my passion because it's numbers and bits and zeroes and ones and also similar as well. Definitely my family's not in security, so maybe you've a little bit probably easier approach where have you become the security support person for the family now that everyone asks you for it? Should I be shopping online and doing it safely or becoming the support person which everyone becomes?

Emma Heffernan:

I think cyber's a great industry to just fall into. It wasn't something I wanted to do. I didn't have any plans. Then just first two weeks of the course, I was like, should I drop out or stay? And three years later I'm still here and I'm going into my final year now. It's something I don't look back on and say, oh, I wish I'd done this instead. Definitely no regrets.

Joseph Carson:

It definitely is a fun industry.

Emma Heffernan:

Definitely.

Joseph Carson:

And as you mentioned, the more you get exposed to the community and the people in the industry, they're very welcoming and very fun. And they're very passionate about what they do and willing to always help. It is definitely a very close community, even though everyone's spread around the world. And a lot of my peers I speak to are either they're in Japan, they're in North America, Latin America, they're all over Europe, even in Australia and we still stay connected. We still communicate even through all the time zone. It is a great community. And it's definitely from a cybersecurity perspective, it's always learning as well. One thing I wanted to ask you as well was I see you participated in number of capture the flag events and what got you interested in capture the flag and which part of the capture the flag events and would you recommend those who's getting into the industry to participate in them?

Emma Heffernan:

The cybersecurity camps that I attended back in secondary school, they were capture the flag, but for like not kids, but like middle aged people trying to get into college and whatnot. That sparked interest and then through college one of the lecturers runs his own CTF company. He said a lot about it and opened the eyes to the students, so I attended in my first year of college and it was good. And I think we came top 20 or something …  and it was a massive achievement because this was our first CTF. And then second year we done it again and we came top 10 or no, we came top 3, sorry. And this year it was canceled because of the coronavirus.

Getting into capture the flag events was massive. My uncle's a huge advocate for capture flag events, getting students in and trying to learn from one another. I don't know, they're massive events to just learn skills. I think talking to peers and getting to learn new skills from them or something you might have picked up that they didn't. And you're always learning and there's always challenges within the CTF that are very realistic, so you're thinking, oh, am I exploiting whatever here, but really it's on a virtual environment. You're not actually doing anything harmful. You're just developing your skillset.

But why I got involved it was just more as a hobby and just boredom, sitting at home and you keep studying theory all the time. It's kind of nice to just switch off and play CTF or do one or two challenges. You could learn a lot in one challenge. It could be one skill that you learned that will help you in your career or anything that might help you on that one problem that you have on your computer that's not working or vice versa. There's tons. I've learned a lot. And through doing CTS, I've started using Linux a lot more and there're massive skills … and stuff and especially for pen testing and … . It's massive skills to have and if you're going to do them, I think everyone should just jump in head first. Don't be like, oh, I don't have the skill set to jump in and do a capture the flag because that's what you hear all the time.

Joseph Carson:

I completely agree. One of the things that I've … . I've hired, I don't know, tens of hundreds of people over the years in security industry. And my main focus is not about their technical skills, but mostly about their willingness to learn and openness to learn. And I always find that if I can get people who's willing to learn new things, the technical skills you can pass that knowledge along and this becomes continuous learning. And I completely agree, I used to be a mentor for the Cyber Olympics with the Estonian team. I would go and give them different trainings in different areas. And even sometimes when I'm participating with the team and doing those training events, that I learn a lot as well from the team because there's only so much that my knowledge and skill can go to as well. Absolutely, there's different people that focus in different areas that you actually learn those skills from the community side and participating and sharing and I think it's completely critical.

And it's a shame. I wish I had more time, to be honest, to spend on capture the flags than I do because I really do enjoy. Platforms, I love Hack the Box. That's one of my favorite ones to participate in. And even some of my peers here in Estonia … their own educational online one as well. Even when you're starting off, we do have the capture the flag events for learning and educational side, but even here in Estonia, they have the yearly event, which is Locked Shields, which is capture the flag for the government's army where they really get into the war …  side of things. Absolutely, I think there's a lot to learn from those events and sometimes you can spend hours and days on a problem scratching your head, trying to figure it out and then all of a sudden it becomes some simple thing that you've got so deep into something that you need to step back a bit. So what-

Emma Heffernan:

Not like-

Joseph Carson:

Go ahead.

Emma Heffernan:

Massively. Just another thing was at the end of the last year we went to the European Cybersecurity Challenge. That was all of the countries come together and compete against one another. That was a massive one to like go through all the qualifiers through the whole summer and then to get onto the team. And you're still there scratching your head, trying to look at the challenge being like how do you solve this? But definitely head scratchers are CTS for … But you learn lots with them.

Joseph Carson:

They're good puzzles. I've enjoyed the ones that you were sharing, even on Twitter. It got me getting a pencil and paper out going, okay, I need to solve this. For me, my background, I'm a problem solver and when I see a problem, I just have to get my hands on it and start fiddling around and solving it. Which-

Emma Heffernan:

Amazing.

Joseph Carson:

Go ahead.

Emma Heffernan:

Just the challenges I think they're good to keep your brain active and thinking. Especially during quarantine, we're not really using our brains as much, maybe work and whatever else, but other than that, we're not really doing much else are we or depending on where you are, I suppose. In Ireland, we're not really allowed out anyway.

Joseph Carson:

Here in Estonia literally it's back to normal pretty much in Estonia. After I think it was 18th of May, pretty much everyone's back out in the streets, shops are open, everything's kind of back to normal, except the only thing was alcohol shuts at 10:00 at night. That was the one where they're really strict about. The bars close, at least in my office area, at 10:00 PM. And now they've opened up the borders to several countries as well. It's slowly moving back, but there's a funny comment in Estonia, though, is that after the quarantine ended and people started to come back to a kind of normal, the funny thing is, is Estonians now are saying, oh, thank goodness. I couldn't stand that two meter distance. Now we can go back to our normal five meter distance apart because Estonians are very normally very distanced in social anyway. Just always trying to keep the entertainment side of things.

My next question I have is because I've been in this now for touching 30 years in the industry, I didn't always start in cybersecurity. My background was always in infrastructure or in doing data analyst, now it's security analyst. Back then when I started, it was data analyst and security was sometimes a key to the door where the server was, but it's such a big industry. There's so many parts, there's so many kind of, let's say, different subject matter expert areas. You've got developing side of things. You've got the code pen testing side, you've got the web interfaces, you've got infrastructure. Is there a specific area that you find most interesting in the security industry?

Emma Heffernan:

I don't know. It's a tough one because in college it's so broad that we study. I haven't delved into one area that I really, really want to do because every area seems interesting. I like the side of forensics. And I don't know, I think pen testing is where I am at the moment and it's problem solving, you're just digging and looking for the problems. I don't know, I'm not 100% sure on where I want to go. I haven't really focused in on an area. I don't know, forensics and pen testing are my favorite at the moment if I was to pick two. Massive web develop or not web development, like web applications and … and stuff are something I want to get into. Obviously pen testing … . I don't have a lot to comment on that because I don't actually know where I want to go. I'm still at that stage where I could go from one area to the next or not a 100% sure just yet.

Joseph Carson:

No, there's always time. You've got plenty of time ahead of you, that's for sure. And there is so many paths. It's good to get in positions where you can get exposed to different areas that you learn as well. From my side, I've been in different roles over the years, so I've been exposed to pretty much everything and anything that you can do. And what I did learn over that time is I'm not a very good programmer. You do learn the things that you do enjoy in the time you spend on things and you learn things that you are not good at as well, so you can try to avoid them as well. But in pen testing as well, one thing that I did find is that a lot of people coming from the outside in, they don't realize that in the background, there's so much paperwork, preparation testing. When my friends sometimes ask me what I do and they say, oh, that's fantastic. And they see my office and labs and stuff and they're like, oh, that's really cool. But they don't really understand that sometimes the really active part is 10%-20% of your job. And a lot of it is documenting, scoping, getting assumptions and stuff. There is a lot of aspects that …

Emma Heffernan:

And I think that's a massive downfall in the cybersecurity industry. Just you have these hundreds of people that are very technical, but no one can write a documentation and if you can document your findings, then what good is it being technical? I don't know. We learned that this year through our thesis. We did a group thesis and there's two very technical people on the team, but I'd be technical, but not overly technical … better at report writing and stuff like that, just because I do in work all the time, but it showed at the end. He was more good at technical, but not so much good at writing. And you develop those and you learn his skills and that's something you have to just learn ….

Joseph Carson:

It is important because it's important to document really, really accurately and correctly. That was actually one of my fields in the past. When I was actually doing my work, what I would tend to do is I was a very technical person, but I also would document, but I wouldn't share my documentation with anyone. It was always like I was a perfectionist in many regards. I was like, I'm not going to share with you because I'm not quite sure if it's perfect yet and I would not share it until it was perfect. And that was a very important lesson I learned over time is that it was important to share earlier and share as much as possible, but be very clear that it's not finished, it's still a work in progress. That was always a lesson I learned and that helped me definitely from improving my document skills to areas that I needed to focus in.

The next question I'm moving into now is what challenges do you find or have you had any challenges along the way? I've also seen your recent tweets about VI, some things that just don't change in the industry and VI is definitely one of them. You can paint pictures around it. You can change it in different interfaces and approaches, but VI is VI. And you also mentioned your switch to Linux as well. What things, from a VI standpoint, have you found it interesting and challenging? And … that switch over to Linux, has it been beneficiary?

Emma Heffernan:

Challenges that I've come across will be more so being one of, I think, just two other girls in the entire course, but that's between third and fourth year. It's a challenge in itself being the only girl because you have to not really prove yourself, but the guy's going to think, oh, she's just a girl, she doesn't really have skills and you have to prove them wrong. You're trying to prove yourself and it's tough and it still happens nowadays, especially on Twitter as well. You have a lot of people would be green-eyed monsters as I call them. They're just going to be jealous people out there. You have to brush them off and pick yourself back up. I think that would be one challenge I'd have, people trying to bring you down, especially if they don't know you and they don't know your skills, it's tough.

I think other times it's just women in general, there's not many women in security. It's a tough one to try and get people into the industry. And I think at the moment it's going to be even tougher because everyone's at home and you can't meet up and tell your friends all the cool stuff you're doing. I suppose you can do Zoom calls and whatnot, but it's just not the same. You just don't get to show your skills off and try and teach other people. That's a massive thing. I have a younger brother that's only 10 and I'm trying to teach him some cybersecurity …  stuff. It's a challenge in itself because you just can't show your skill and you can't share with people.

But I think lock down's kind of opened my eyes, I've completely removed Windows off all my machines. And I'm just a pure Linux user now. Just, I don't know, lock down drove me to Linux and I think the reason I moved is because I run a VM on the Windows machine and it's kind of slow and annoying and just you're not getting the full feeling-

Joseph Carson:

It's very slow.

Emma Heffernan:

As a Linux machine. Yeah, the experience. I think I probably play a lot of CTS. It's important to have something stable there and it's not going to always crash. No bad words to Windows, but it's just not there for me. But Linux, I don't know, it's just been faster and slick and I've download Linux Mint. It's handy, I just switch it on and does its thing. I haven't really got the full experience just yet. It's only been about two months, so still getting used to the whole experience. I know I use … whatever else, but I was more using the …  than I was using the terminal. I was lacking the terminal skills and the command line skills. It's getting there at the moment and using Vim a lot and whatnot. It's been fun. I don't know, lockdown's taught me a lot about what I should do and shouldn't do, sitting down to do more Hack the Box or pen tester labs. And I think the challenge is not having enough time as well. You're out and about working or in college or meeting up with friends or family, you just don't have time to sit down and do 10 boxes on Hack the Box or whatever. It's tough.

Joseph Carson:

I completely agree. One of the things I've found is learning even during the time, as you said, it's when the lock down, I spent probably a large portion of my time throughout the year speaking and sharing my research and attending events and speaking and meeting up with the peers in the industry. And it's always a great time where we start sharing some of the things we've learned and sharing some experiences. And right now it's not possible. This year I've actually went to one event, which is unusual. This is actually the most time I've spent in Estonia and alone in one single period of time. And people's been asking me, do I take buses to the airport just to go down memory lane? But what I did find is that you do have to augment some of the things that you do, the way you do communicate.

I've always been writing blogs and writing papers and doing videos and these podcasts as well to really use this as a medium to share the knowledge and to have those conversations. And I think the first time we met was even on the ITSP Unusual Gatherings, which those are the things that really need to happen and keeping people communicating and sharing the knowledge. And I really commend you and Sean and Marco for bringing those and bringing people together. That's one thing they're amazing at doing is keeping the networking and keeping the communication going. Because in the lockdown, we definitely need to do that much more to communicate and over communicate …. And for me, one of the things I've learned as well is this has given me time to learn new things as well. I've read so many books over this last couple of months that I would have never done in any other situation. I've done a lot of audio books as well. And I …  got to read Andy Greenberg's Sandworm, it's definitely a must. It's one of the books that I got into was really technical and really good and … .

And the switch the Linux, for me, I used to be over very deep Windows person … . And I think the point was is that I spent 20 years of my life in Windows. And when you go from DOS to 3.1 and right through all the different versions, you get to know it so detailed and so personally that you make it work for you, even though it has many flaws and it has many challenges, but you start to understand how to get around those flaws. 10 years ago, I switched to Mac as my primary operating system, but I do run of course, Linux Mint, which is a great operating system as well … for doing my SDR stuff. And so, what I think you'll get to is eventually is that you'll have one primary, but you'll be working with multiple. It'll either be … or you'll be using … . You'll be still having to use Windows because a lot of the even pen testing tools only run on Windows as well, so you have to have some type of Windows experience as well. But it's good to see that switching to Linux and it will definitely get you into using the command a lot more and a lot more than …

Emma Heffernan:

With Linux, I found a lot of stuff that don't run on Linux, but they would work on windows and I kind of do have to switch back to my laptop, my laptops just purely on Windows, but I use Linux on everything else. You can't use Microsoft Word on Linux, so it's a pain. You can use it in the browser, but it's just not the same. You do have pitfalls in Linux as well. It's still a stable OS, but it doesn't have everything you need, so I agree.

Joseph Carson:

That's the challenges. I'm running virtual machine after virtual machine after virtual machine and you have to have backups of those virtual machines and then can maintain version control and maintaining patch updates and stuff. It just becomes a bit of a nightmare. The next thing I've got is that in the industry and even myself, even though I've been for a long time, there's mentors who's helped me along the way many times. Is there any mentors that's helped you along this journey? You mentioned your father and uncle are in the industry as well, but do you have any mentors that's really kind of helped advise you and provide feedback and help provide some direction or some knowledge?

Emma Heffernan:

Yeah. Last year, last summer was kind of I … myself and kind of just got myself out there, but November, there was IRISSCON on and Brian Honan's event. I reached out on Twitter just saying like, oh, I had a talk that I wanted to present, but I had nowhere to present it at and Brian reached out and he was like, oh, I'd love you to come and speak and be our emerging expert, new category for a newbie to come along. It was an honor to be invited by such an incredible person that I looked up to him in the industry and he's not so far away from the college as well, like his business is kind of on the campus. Every time I'm in, you'd see Brian walking around or whatever, so you'd have a chat with him. He gave me a lot of guidance coming up to the event and teached me like, oh, this is how you do public speaking or gave him …  slides and we done walk throughs. And he taught me how to do public speaking and getting yourself out there. He was definitely a mentor to me.

And then Tanya Janca, shehackspurple on Twitter. The women is phenomenal. I reached out to her last year and we were chatting a little bit and that was it. And then more I would watch her tweets and stuff like that. We got chatting more and she invited me on to some of her live streams and she stood up for me there recently. She's just supportive and always has your back, looking out for people and her stuff is amazing as well. There's just so many other people that I could name. The list is kind of endless, like say … maybe not so much direct help, but through the podcasts and stuff, inviting me on and offering to do my own podcast. It's been a massive help … . Something I wouldn't have thought of until they reached out to me. It's hard to just pinpoint one person as an excellent mentor because everyone's just been amazing and everyone's willing, especially everyone in the industry or Twitter and yourself as well, just to reach out and ask for help. It's massive.

Joseph Carson:

That's fantastic. There's so many people out there as well. And ironically, Brian's my mentor as well. I don't know if you know, but Brian was my manager 20 years ago.

Emma Heffernan:

Wow.

Joseph Carson:

It is a small world and you do have people around the industry that really does help continue that mentorship. Absolutely, he's such a great friend and amazing person, so it's great to hear that. And you answered my next question as well, which is around any specific events that you attended and anything that surprised you around that as well. You said IRISSCON was your first event you spoke at?

Emma Heffernan:

Yep. My first proper like security conference to speak at, but I spoke at like many cyber event throughout my college. I run the OS Dublin chapter with another girl, Denise. She gave me an opportunity to get involved and get up and speak in front of people. …  I can't say I could stand up in front of a massive crowd, but it's daunting as well. I think from my past events attend, I've gone to BSides Dublin and volunteered at a lot of events as well. And it's great to see everyone, some people are speaking for the first time and you get to learn from what they're doing or the professional speakers that are there, 20 years or... It's massive.

IRISSCON was my first one to officially speak at. And then after that, it's just been whatever I can get involved with, I'm happy to get involved. Other conferences I'd recommend like I went to Black Hat last year. I got this fellowship for training, so that was massive. It is very vendory, but-

Joseph Carson:

It is very-

Emma Heffernan:

You still learn a lot.

Joseph Carson:

It is very vendory.

Emma Heffernan:

You still learn a lot. I met a lot of people coming home from Blackout and it was massive. My next one was Defcon. This year was meant to be the year, but-

Joseph Carson:

Yeah. I always do Black Hat because as a person of the industry, you have to be there, be seen, but I'm definitely going to miss Defcon this year. It's one of my favorite events to attend. It's the one that least has close to the community side focus and there's already a few events that I go to now that I learn from, but Defcon still, when I go I learn. You're always looking for those ones that has that unique ability to keep you educated, keep you really excited and looking forward to meeting the peers as well.

Emma Heffernan:

It's one thing I've heard from other people. They've not really given up, but they're just saying, the little local conferences you're not really learning a lot more, but the likes of Defcon you're definitely learning something new.

Joseph Carson:

Absolutely.

Emma Heffernan:

That's good to hear, though.

Joseph Carson:

Do you follow any blogs or podcasts or websites that you learn from? Is there anything that you would say is a good source of material for you?

Emma Heffernan:

Well, I definitely think that Darknet Diaries is a good one to listen to you. There's a lot of interesting stories. And then …  ITSPmagazine. Mike There's a few different episodes of, what you want to call them, like different podcasts episodes. There's a lot on there to learn form from. What else? See, I follow people on Twitter for their knowledge and what they share as well. It's kind of hard to just pinpoint which one, but if I was to pick one, probably Tanya's shehackspurple. Her new episode about AppSec, absolutely phenomenal. I think it's something like $7 or something a month, same price as a cup of coffee. Definitely Tanya's page-

Joseph Carson:

Two cups of coffee in Estonia.

Emma Heffernan:

Two cups. Not in Starbucks, though.

Joseph Carson:

Well, we don't have Starbucks, but if you-

Emma Heffernan:

Missing out.

Joseph Carson:

Excluded from it.

Emma Heffernan:

I definitely think Tanya's page is one of the best to look at. And then you're looking for resources, probably PentesterLabs is one I'd definitely try or picoCTF for CTF challenges and stuff. There's tons of resources out there. It's kind of hard to just pinpoint one that you should stick to you because each resource will have something different to give, so yeah, definitely.

Joseph Carson:

Absolutely. I think those are some great ones and I haven't listened to the latest one with FC on Darknet Diaries. That's what I'm looking forward to. I think … was on the latest one, so that's fun.

Emma Heffernan:

Yeah, that'd one of the best. Yeah, that one's good.

Joseph Carson:

Is it? It's still on my to do list. One of the things as well, what advice would you give someone who's starting in the industry? What would you recommend a good place to start or what would be the journey you would recommend to take?

Emma Heffernan:

Well, I definitely think the first thing is don't give up. If I had of given up, I wouldn't be here, so I definitely think don't give up on just keep trying. If it seems difficult, then it's a challenge, take it on. And you're going to overcome it and I seen a quote on Twitter, "If you're the smartest person in the room, then you should leave that room" and it's definitely something to stick by. If you feel like you know everything, then you're not in the right room, you need to go and learn from someone else and constantly learn. It's definitely something to keep in mind. I don't know. To point in the right direction is tough because not everyone in the industry has a degree, but I think if you're going to do something, definitely try and get some sort of cybersecurity degree behind your back and just have something there that you can go learn from. It's just an achievement for yourself, I think. At the end of the day it's what you want to do, what you want to get out of it. It's tough to say, go get a degree. Not everyone has a degree and they're still successful.

Joseph Carson:

And in some places, it's also challenging as well whether you can get access to it, some countries, financially as well, that might be costly. I agree. I think for me, I think one of the things is absolutely is getting into people in the industry, learning, doing some type of related topic as well. It doesn't have to be into cyber security, but it can also be something related to IT or technology or it can be programming, it can be development. Even today, one of the things we're finding is that we need more people to have social skills to the point of documenting and communicating. It's really important …  and now you're seeing a lot of really from the social engineering side taking off as well. People who can talk and hack humans in some regard. There's definitely a lot of areas that people can get into and I agree. Sometimes degrees, you can probably even take shorter steps into taking more specific, more shorter term degrees or courses that can help you get your foothold as well.

Emma Heffernan:

And I definitely think one thing is to make sure your technical skills are as good as your soft skills … communication. Definitely it's a big must, I think.

Joseph Carson:

Absolutely. Well, it's been a pleasure chatting with you today. This is awesome. And I actually would love to have more time to talk with you a lot more in the future. We should definitely. Don't be shy, you can always reach out and communicate with me. I'm always happy to have a chat. And again, congratulations on the recognition of the SC Awards. That's fantastic and it's well deserved to be recognized. And maybe not a champagne moment, but definitely time for some celebrations for sure. And thanks for joining me on the show today. It's been a pleasure having you.

Emma Heffernan:

Thanks a lot for having me.

Joseph Carson:

It's awesome to getting to chat with you as well because we chatted informally during the St. Patrick's Day celebrations, which is always fun and I'm pretty sure our listeners are really going to really learn a lot from this. And hopefully, they'll inspire some people to be the next generation in the future where you will become their mentors as well. Thank you for being on the show today. It's a pleasure having you and you'll do great things and absolutely never give up. If we're giving up, we're only giving up on ourselves. It's important to make sure that you stick to it and keep going and work hard and enjoy it along the way as well. Thank you for being on the show. It's a pleasure.

Emma Heffernan:

Definitely. Thanks so much for having me. It's been an honor and it's great to jump on and have a chat as well.

Joseph Carson:

Awesome. Excellent. That's the end of it. I think we only got like a minute left because then the Zoom kicks us off. That's ironic, Brian 20 years ago was my boss.

Emma Heffernan:

That's madness.

Joseph Carson:

I've got my VI notes always next to me from even when with Brian, but …  amazing and Tanya as well, not directly, but we've spoken at different events before as well. … impressive that they're doing, absolutely. But definitely catch up at probably, I don't know it'll be at IRISSCON this year or not or Defcon or wherever, but I will get to Ireland at some point.

Emma Heffernan:

Hopefully, yeah.

Joseph Carson:

I'm originally from Belfast.

Emma Heffernan:

Oh, nice. I got the accent, kind of.

Joseph Carson:

But, again, thanks very much and have a great weekend and anything I can do, always reach out. I don't know when this will be broadcast. It'll probably be in about, I'm thinking, end of June early July, …  two or three is already in the works, but this will probably be end of June early July and I'll send you the links once they're released.

Emma Heffernan:

Perfect. Awesome. So this is going to end, then?

Joseph Carson:

It's going to kick us off in a second or so.

Emma Heffernan:

Thanks very much.

Joseph Carson:

Talk to you soon. Take care.

Emma Heffernan:

Bye.

Joseph Carson:

Bye.

Outro:

Learn how your team can get a free trial of Cybrary for business by going to www.cybrary.it/business. This podcast is also brought to you by Thycotic, the leader in privileged access management. To learn more, visit www.thycotic.com.