Episode 16 with Guest Gabrielle Botbol

Gabrielle Botbol

In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Gabrielle Botbol to learn what it’s like to be a Pentester, cybersecurity blogger and podcaster!

54:44 Shownotes

Transcript

welcome to the we hack purple podcast where each week we meet with a different guest from the information security industry we want to learn what it’s like to do their job what is a day like in the life of a pen tester or an incident responder or an application security professional we want to know what kind of training they need to do to get there because we want you to be able to find the job of your dreams hopefully in infosec i am tanya janca your host from we hack purple we are an academy podcast and online community that wants to help everyone create more secure software this episode is sponsored by threadfix powered by denim group they’re our wonderful sponsor of many weeks now and we really appreciate their support and our guest this week is grabber is gabrielle and i know what you’re thinking tanya stop talking we want to see gabrielle i know i know it’s okay here she is and oops of course i press the button twice because i’m impatient so here is gabrielle welcome thank you thank you tanya for this great introduction thank you so much for being on the show it is uh i am honored to have another member of wosec women of security uh on the show i’m wondering if you could introduce yourself briefly and then maybe uh i’m gonna ask you to tell everyone what wosack is sure so well my name is gabriel botbol as you said and i am at gabriel_bgb on twitter i am a pentester in canada and so as you mentioned women of security is a community for women and the people who are underrepresented in the security field and we are doing uh events and we join we are trying to make people who are underrepresented more visible so that they can work in cyber security and be and we can be more and more women there and and so i am uh i started a chapter in paris and i moved to canada so now i’m i just joined forces with the montreal chapter and so you are responsible for the chapter in victoria now so yes um so that’s how we met and i was really excited that she said yes to being on the show um because there are not that well for a hundred reasons but there are not that many women pen testers and also i wanted because you’ve been in france and now you’ve been in canada so i feel like you have a whole bunch of different experiences that you can share and for the people who are hearing a small accent yes she speaks french parisian french and i know i speak french and some of you are probably thinking why is this episode not in french and it is because it’s sponsored in english and and the whole show’s always in english and if we have an episode in french it will be very confusing for our listeners but maybe one day we’ll have another thing in french so what could you describe what it’s like like what your what your job’s like like what do you do so i’m a pen tester and pen testing is like the process of attempting to break into a system to check how safe it is so it aims to find vulnerabilities so that they can be patched and so there are different phases in the pen test you know we always sleep and tester as always attacking and everything but we do not go straight to the attack phase we need to plan it with the customer so we define the scope because there are a lot of legal matters for this and then we so this is the planning phase and then we need to gather information about the target like how does it works understand a little the technologies and everything so this is called the discovery phase and after we attack and we make nuts in the process and we gather proof and so this is the attack base and finally we are going to produce a report with explanations on how to reproduce the flow and how to correct it and we will give resources and everything so that uh people who read the report can be able to uh like the the ideal thing would be that they would be able to reproduce it on their on their own so that they can see for themselves and and have a better idea on how to work it and how to correct it and everything so this is what pen testing is cool i feel like um i feel like we should we should expand pen testing to explain its penetration testing um just in case someone doesn’t know that term yeah exactly would you say that [Music] that pen testing is possibly the most well-known of the information security types of activities or jobs yes you you’re probably right because uh well people uh people i i feel like people in the industry uh are very you know there are there is the red team part and the blue team part and they’re always excited about the red team part but we tend to forget that we have blue team also which is very important because they are the one responsible for um protecting us and protecting uh industry citizen and everything and we tend to forget this but i really think that blue teamers and red teamers should work together because uh this is this is how um the this is how it should work i mean we we are all people we are all different but together we can make a difference and we can maybe bring cyber peace one day let’s hope for this i’ve never heard it called that before cyberpeace i love it so um yeah i agree with you completely that sometimes red team seems to get kind of like more uh attention and and without blue team i mean we would all have very bad days every day on the internet um can you tell me what a day in the life is like of a pentester yeah sure so i do what maybe everybody do i open my mailbox and i’m sending an email to the customer because i i need to announce when i will test their infrastructure it’s important because in case it’s visible for them they need to know it’s you but it it really happens that people notice you but because we are very stealthy people we try to be but uh yeah so we um also tell them when it’s done at the end of the day but we we have to be careful with emails because we get a lot of those obviously so we don’t spend a lot of time on this we have we take we take time to read those at specific hours sometimes we have calls with customers to prepare new projects and in my company once every two week we have meeting with the team to talk about our projects how we can be more efficient in our work and everything and so most of the time uh the the core of the of the job is to uh work and attack and write reports and everything so you you learn something every day because you see different technologies i mean i’m always amazed at the quantity of technologies and different different systems you you you see in the in the field it’s it’s pretty impressive and so this is the cool part because you get to learn a lot of things uh every day i mean i there’s not a day when i don’t learn the things so this is very nice okay so that’s awesome that okay so now i have to ask the contentious question so how how often do you get noticed when you’re doing your job uh what will happen sometimes is that we are going to launch uh automatic scanners because it help us to uh have an overview of the thing we might find we do a lot of manual testings but the first part will be to make automatic scanners and sometimes there are some features in the system we are testing that with send an email and so it happens sometimes that the customer will tell us i received like 2 000 emails could you please do something like because it’s like uh very invasive so and so we we stopped the scanner thing right away and we continue everything manually but yeah it’s very rare and it’s it’s so and we we can also um make our automatic scan to be careful with these kind of things so we can set them up so that they don’t uh get too intrusive as well so cool cool oh my gosh i’ve had that email situation before and they’re like oh no um do you ever have to go into a data center and how cold is it [Music] uh well when we do sometimes we do um uh physical pen tests so like you know physical intrusion so this is going definitely going to be one of our target to see if we can get into the data center so that’s very cool and it’s yeah it’s cool and cold at the same time because when we get there yeah we get cold but it’s it’s a yeah it’s an exciting part of the of the job do you ever have to um like when when i was a pen tester i would actually have to go physically into the data center and work from the data center sometimes do you have to do that uh i never have the opportunity to do this uh when i go to yes it’s so cold after eight hours you’re like i hate myself yeah so you bring like your scarf and your hoodie and everything and you’re like this i wear a hat and then i have mitts where it cuts off the fingertips and then i type like that because i get so cold because some customers they’re like oh we don’t want to let you through our firewalls you have to go in and i would plug into the server directly it’s really weird and old okay so i never done that before but i i’m really curious about this it was it was not ideal and also i was surprised how easy it was to get let in after the first date they just kept letting me in they’re like oh yeah the the pen tester ladies here i if another woman had walked in like if you walked in they’d probably be like brown hair she can go in like it was like the first day was really strict and then after that they’re like [Music] okay your job sounds cool so far um what types of personality do you think someone like could have or should have to be a good pentester like if they’re shy or they’re extroverted or they’re you know all those things um i’d say that you have to be very curious because you need you really need to question everything like if you see something like even if you have just a feeling you need to to go see what it is and so you really have this curiosity thing that is i think it’s one of the most important thing to have uh you need to be creative because sometimes you are going to try things that will not work so you have to find a creative way to make it work and you need to love learning and sharing and uh because you learn something new every day but you you will always have new people in your team and everything who are new to the industry so you will have also to share and everything so share your knowledge with people ask them what they are good at because you also like gain a lot from asking questions and everything so yeah that those would be the things you i would say for the personality okay i like it um a lot of the pentesters that i ended up meeting i would say like no i wouldn’t say like all of them by any means but a noticeable amount um that i unfortunately met i would say like maybe 10 or 20 percent were very arrogant have you have you met cause like you’re not arrogant i know you and so uh but have you ended up meeting other ones where you have noticed that uh i i would say i don’t know if it’s a pentester traits i would say you always have arrogant people everywhere unfortunately but uh yeah it can happen and so it’s not always easy to handle to handle it but yeah i try not to to take it personally and i try to like you know just do my work and so yeah it can happen but and sometimes you will have people who think they know better than you and i don’t know yeah as a woman sometimes it’s even uh i think it’s it amplifies this because yeah uh you’re just a woman so why are you talking you know so just let me explain to you things you know so but yeah i mean we are here today and we are getting stronger and stronger so hopefully we are going to be all over the place very soon yes i agree i look forward to the day where women make up around half of the security industry because then we can finally fill all those jobs that are they keep talking about how there’s all these jobs unfulfilled i’m like well we just need the women to show up we’ll be all set it’ll be great yeah i make it sound very simple don’t i so now i have to talk about my book because that is a thing that i’m supposed to do so i am going to put up on the screen a thing about my book so i wrote a book called alice and bob learn application security i’m just going to hide myself from the screen there um and basically it is a book all about apsec it is not a book about pen testing if you want to be a pen tester like some of the stuff covered would be helpful but you should buy a different book if that’s what you really want like the one by georgia weidman called penetration testing um i own it it’s a good book but if you want to learn how to create secure software alice and bob learn absec is the book for you okay advertising over all right i have way more questions for you gabrielle um so what types so this is probably the the question that is hard to answer but what types of technical skills does someone need to be a pen tester because it feels like there probably is a lot yeah so it can be hard to tackle at first but i would say knowledge in programming is not mandatory but it helps a lot because you need to be able to understand god injection and to develop your own exploit if you if you want to go really far in the practice i mean it’s you you will have to to get into programming let’s face it it’s very important it’s not mandatory to start but i think it’s good to get it along the way uh knowledge law because you get to test networks and everything uh you have to be comfortable when you use virtualbox and vmware you have to be able to know how to install a virtual machine uh this is something i i mean i cannot uh work without a virtual machine no it’s it’s like it’s very important for me you have you need to have a good understanding of linux because uh i think the the best tools are in linux for pen testing and if you have a good comprehension of operating system it’s definitely a plus like when you are going to uh do some what we call internal pen test where you have to take over a network like if you have a network on windows you have to understand everything about windows like so yeah so those i would say those are the main technical skills but you i mean you don’t have to be an expert on all of them for the for the beginning you just you can get to know things along the way i don’t mean to make you jealous with all the nice food i’m eating i prepared a snack of fresh vegetables and berries and cheese yes when we work from home we can make the best snack ever yeah that’s a really good that’s a really good list though gabrielle and i you said it in a really concise way i really i like the way you explained it because sometimes people will say you need to be an expert at everything and i’m like no one’s an expert at everything it just doesn’t work out that way and i agree with you too that like if you know some coding it really helps but i see lots of people get by without it kind of yeah okay i’m just like nodding and agreeing so if people they’re listening tanya’s like nodding a lot well gabrielle talks just so you know so let’s say someone is like pen testing sounds very interesting to me is there training that someone could take to become a pen tester or like a book you feel they should read or like what kinds of ways could they try to um to train themselves or or if there’s a course or whatever so um i think it’s important if people are not comfortable with writing skills to to learn about uh how to make good report and everything because it’s a big part of the job you need to be able to make technical concept very easy to understand for people who are not technical and for technical people as well because in fact a pen testing report is cut in two parts you have an executive part so you where you will have non-technicals who will read them and you have the technical parts just after with a very detailed things and technical things so writing skills is very important and also a training a specific training i i would recommend platforms like try hack me which is very good for beginners and because they explain like they even explain how to use their platform so it’s like they’re even a box to they will explain to you how to set up your vpn how to connect to the box and everything so it’s very nice and when you get used to try hack me they have also more advanced box and everything so they have all levels but it’s i really like it because it’s very good for beginners and then you can go to hack the box which is for more advanced user because you have to like hack the invite code to be able to get in and to register there which is very cool and also you can practice with bug bounties and you mentioned earlier the book of georgia weidman which is awesome and uh even though it was written a little while ago it’s still up to date and it’s still definitely a good one to read so those are the the things i would and also there are a lot of platforms uh like um you learn security like also you have a lot of on udemy the the classes are not that expensive so if you don’t have a lot of money for the moment and you just want to to learn and everything it’s it’s a good it’s a good step and if you want more information on resources and everything i happen to have a blog with our in which i put a list of resources and also there’s an article on how to get started with spend testing that could be of interest so feel free to to go there yes and gabrielle could you say your blog address out loud for the people who are listening and can’t see me flashing it on the screen underneath you so my blog is gabrielle b dot fr slash blog and so from there you will you will have many different tabs and you will have one with a podcast where you will have dania drankia on a podcast yes the tables have turned so rece well previously i was on gabrielle’s um podcast and so she was the host and i was the guest and so it’s very fun to switch positions or spots or whatever you want to call it so for our listeners um her her website address is spelled in a french way so gabrielle is g a b r i e l l e b dot f r slash blog so there’s the l e on the end of gabrielle because it’s french and that’s feminine and when you hear it as an anglophone they might not realize that there’s it’s e-l-l-e at the end because [Music] because she she is she is female and then that is how we spell it i just want to make sure everyone can get to your blog because i’ve been to her blog there’s so many good things on there and so i’m gonna flash it again later don’t worry but um i have more questions as you might have guessed so let’s say someone is a student in university or college or they’re switching into i.t from another area of tech and they’re thinking oh i saw the hackers movie with angelina jolie and she’s so cool and i saw swordfish and clearly it’s effortless to be a hacker and which obviously is not true and they’re like i want to become an ethical hacker i think this is an awesome job for me so what types of work experience would you suggest they get or can they just go can they go right out of school or rate from another field to be a pen tester or should they try to get other jobs first what do you think okay so i love this question because i always say that there is no linear or unique path to success in pen testing personally after high school i studied dramatic hearts to become an actress and to finance this training i was also a receptionist in the luxury hotel industry in paris so this is completely different but in my spare time i programmed websites about theater and art in general so this was the technical touch of this part of my life and after traveling meeting people getting to know myself better i just like i i decided to reorient myself and i 26 years old i decided to train in application development and i i got a bachelor degree in computer science and immediately after this i worked for a large international company as a developer but you know then again i went there and i was like uh what is what is the security of the things i deliver like you know i wish they were all thinking that oh continue and we we did not have we hack purple at the time so we could not study about this so [Music] like and and i’ve always had like justice at heart so the and the field of cyber security actually addresses this value because it’s it’s about protecting business it’s about protecting data of individuals and society and everything so so yeah so in a way you know a non-technical experience can lead to cyber security due to the meaning you want to give to your life so oh i like that a lot i like yeah i like that a lot so now is the part of the broadcast where i ask people that are listening to click the thumbs up button if they’re watching the video and if you’re listening consider giving us a podcast review because if you give us a podcast review and they show us a screenshot of it you send it to our twitter account which is at we hack purple we will send you stickers in the mail yes that’s right bribery from wehack purple also if you do a review of my book alice and bob learn application security there’s also sticker bribery there for you if you want it um but more importantly i want to thank our sponsor threadfix fix is the most stupendous vulnerability management system this side of the galaxy and a wonderful supporter of we hack purple and i really appreciate dan and sheridan and all the people there and all the things they have done to support me and my career and our company so yes um i still have more questions for you though like you’re i hope you weren’t thinking like oh we’re done now no no okay so let’s say someone so we have um more people watching us than normal which is awesome so thank you to everyone that is watching us live and i think it’s because they might want to become pen testers and that’s awesome what what type of learning path do you think someone could set up for themselves so let’s say they’re like in the next like year i’m hoping to move into this like what types of like if we could create some sort of like little mini plan for them like what would you suggest like do the try hack me and then the hack in the box or read books or what what do you think so um there are no specific paths because it’s a cyber security is a young field so there’s not a diploma or certification to get into pen testing so i would say that you need two essential skills which are adapting to the environment all the time because technologies are constantly changing and you need to know how to transfer skills that you previously acquired into cyber security skills so those are two important things and also try hack me is good you you can make your own uh like you should you can try to define your learning profile like how do you learn best do you learn by watching videos do you learn by reading do you learn by talking with people and if it’s all of that just mix it up and and you can adapt your learning to your your style of the way you learn and everything so that’s what i did and i was so so to i i had like more of um i’m someone who who needs to practice so this is why i always try talk about try hack me and everything but also i like to read things i like to listen to watch videos and everything so uh there are a lot of amazing youtube channels out there that you can learn from um definitely and also you have a lot of nice moocs and everything and just don’t stay on the technical side of things you can it’s always good to have a holistic view of cyber security you know this is not only uh knowing how to get into a system it’s also knowing that uh you have uh a lot of things like legal matters like geopolitic and everything so i went to conferences about geopolitic and cyber security so you have a lot of uh it really depends on how you learn like do you like to practice and everything and make something according to your learning style i love that you mentioned the types of learning would you say that it’s really important specifically as a pen tester to make sure you know the laws in the country that you are working revolving around cyber crime so you don’t accidentally commit one yeah i think it’s it’s good to be aware of those things like uh because well most of the time the company you work for will help you with this so this is something really uh like important and so we have like most of the times you will have to sign a non-disclosure agreement and things like this but it’s always good to to know for yourself and to to do some research on the country you’re in uh how is the law and how does it work and everything because yeah you definitely need to know those things i would say um i want to caution our listeners so gabrielle is a professional and she works at a company and she knows what she’s doing and so do not ever attack a real website that you don’t have written permission to do so she’s a professional she knows what she’s doing and she has contracts and she signs all the things and dots all her eyes and crosses all of her t’s and that’s why she’s a professional do you want to tell people that are learning about things they should not do yeah like exactly this don’t like use uh you can use they are on van hub they are a virtual machine that you can hack it’s made for this you have lots of uh different things and places to learn online like uh so don’t don’t hack don’t if you see a website that is that you feel like it’s uh not that safe don’t don’t hack it just uh it you have to have the permission before so you can do bug bounties where you you have uh this is real context if you want something like more than hack the box which is not a real pen testing in a way this is just uh boxes so which are very good to practice but if you want more real context you have bug bounties so if you want to practice in real context just go to back bounties but don’t decide that you are going to hack i don’t know like the pentagon or the fbi or anything just don’t do this and and you you really need to have something written to to say that you have the right and you are authorized to do so because this is a job you you were monday twice yes and it has to be your name not your boss’s name my first professional mentor had me do things uh and totally told me it was okay because he had the contract but now that i know a lot more i’m like gosh he was he taught me a lot of very bad lessons of how to do things like giving me credentials to things that i should not have had etc this is why i never named my first professional mentor in cyber security because i was like oh my gosh that is so not cool um and i think it’s really important that people know like if you have a professional mentor and they’re like be make sure that what they’re showing you what to do is legal make sure that your name is on any contract or any agreement in order to attack things because i want everyone to have a good experience okay so up next the super tough question does your job and your type of job does it pay well in your opinion so um when you start you will get a decent average salary but when you get more experience the salary becomes very attractive so in my opinion yes but don’t expect something big right at the beginning you have to learn it’s normal so you will get something but it’s pretty decent it’s average but decent so yeah oh yeah yeah so some of the jobs when we’ve been interviewing people and we asked that question they’re like no the pay is awful i have to have another job like it depends on and i think it’s really important that people understand if something pays well or not because if they’re like looking really hard to go do a thing like for instance um we’ve had some bug bounty hunters on the show and they have explained that there are a few people that are that are famous bug bounty hunters and they’ll make like half a million dollars in a year but almost all bug bounty hunters it’s because it’s fun and it’s a passion they don’t get paid well it’s not even a part-time job for a lot of them like it’s a hobby and so pen testing pays this is good this is good i know the audience is probably expecting me to talk about cheese because in one of the episodes we talked about like i was trying to ask them if it pays well or not and i knew that i had made it as a software developer when i was able to buy multiple types of cheese at the grocery store i was like looking at two and trying to decide i’m like i can totally afford both yeah and when i became a pen tester i was like i can have three types of cheese i can have all anything i want in the grocery store yeah it’s good it’s good it’s good pay you’re not gonna you’re not you’re not going to roll around in piles of hundred dollar bills on your bed or anything like unless you’re a weirdo like it’s not gonna be like in the movies um and also this assumes you don’t break the law and you don’t end up yeah yeah it’s um okay i’m gonna stop are there many opportunities to get a job that’s similar to yours yes uh there are plenty of opportunities but i have to say unfortunately companies ask a lot of experience even for beginners so it’s very useful like apply to a lot of job offers whatever the level of experience is required just apply you you need i mean you are going to be able to see from the inside the expectations of the employers so this is always a good experience and like for instance this is what i did and i was able to show my skills by doing a ctf during my trip interview so don’t be discouraged thanks and if the interview is not conclusive because you know it’s okay i mean each interview will allow you to be better prepared for the next one so think of it as an exercise not as a failure and also something that was really helpful for me when i was looking for an opportunity is my blog like this is a real portfolio of who i am and what i do and now so employers like to to see this this and a blog is perfect for this you it’s not mandatory of course you you have like you can write articles on linkedin about things you do like share ctf write-ups explain a concept that you’re passionate about like it can take many different forms but try to find a way to show what you do what you know what you love it’s it’s always helpful and also meet people go in the wild meet people from the community get involved in the community go to conferences talk to speakers talk to attendees and create an association with your friends like it doesn’t have to be tanya but you can create like join a uh some sort of warsek or something and and do do it that is such good advice all of that is totally awesome advice i would like to just note that i agree 1000 with everything she said those are all and then i put underneath you fantastic advice because i was like i don’t know what to say other than just like nod my head really hard so if if someone um [Music] it what is your what is your favorite thing like what do you like the best about your job uh learning like learning from my peers discovering new technologies trying new things this is yes this is like i never get tired of this so this is my favorite thing that’s awesome because you definitely have to continue to learn if you want to be totally awesome at pen testing that’s good so then what do you like the least about your job um i think i really love everything about my job but however what i like least in the field more globally is the lack of women and minorities in cyber security like i mean in order to pacify and make technology accessible and adapt it to the greatest number of people like it is really urgent that women be present at all levels in all technical fields because yes this way the the future will be written by all the ends in this in that society is society is not only men it’s woman it’s lgbtq plus it’s all the people who are underrepresented so and and it’s exactly also like i said about before about blue team and red team they need to work more together because they will make people and organizations stronger so that would be the things i would change you know i could i agree so much it hurts i really really really strongly agree i would like to personally encourage every single person from every underrepresented group in tech to apply to join us to join groups that support you so for instance we made wosek a whole bunch of us because we wanted to make lots of other friends that were like us and we use the the most wide definition of women we want every type of woman tall or short gay bisexual straight trans cis all of the types of women all of them and non-binary folk as well like yeah if they’re if you are in some other underrepresented group like joining a group just so that you can vent about crap that happens at work that’s not cool like just being able to go have brunch with a whole bunch of women and be like this happened do you think this might be sexism and having them all say yes and like agree with you because if you ask a bunch of men that you work with they will 100 of the time well not 100. 94 of the time they’ll be like no i don’t i don’t see and it’s like but it’s just like it’s you want i don’t know to have people that have had the same experiences as you and can relate to you and it’s so valuable [Music] it’s important it’s important to be able also to like see what other people are doing to deal with problems they’re having and also wosec has resulted in a lot of people finding jobs it’s like oh you’re not happy where you are we’re hiring because it’s hard to hire a skilled security professional and i am not above stealing them from other organizations and like yeah oh i feel like you definitely um pressed a hot topic for me um what makes you feel the most pride or the most proud in the work that you do so my work is to protect digital data of all forms and uh of entities from from companies to local authorities so apart from the technical aspect i would say that the title of pentesters for me is to pacify the cyberspace like to allow the greatest number of people to surf the net in a safe and secure way so it is this value of freedom trust and security that motivates the meaning of my life and so you know like the task is long it’s complex because of the power struggle of the great authorities as we see every day like every minute i would say in this like geological battle and the emergence of cyber criminal groups that are becoming more and more numerous every day it’s crazy and it’s obvious that individual liberties democracy economic stability sovereignty are in danger so these challenges they really require that the population the population to be informed you know about the issues of cyber security in our societies so yeah what makes me proud in my work is to participate in leading society towards cyber peace this is i love it i love it i i often tell people that working in cyber security that it’s a noble profession because it’s literally our job to protect others but you’re the first person that i’ve talked to that i feel has said it even better i really like it thanks yeah that’s good and i love the idea of cyber peace like i’ll say i want my mom to be able to use the internet safely like a super smart person but who’s not an expert at cyber security i don’t want you to have to be an expert to be able to go on the internet and buy some shoes you should just be able to do that safely [Music] yeah thank you what advice would you give to someone who wants to try to get into a similar role as you maybe something actionable if you can so it can be scary when you arrive at first in the industry but i would say that splitting a big goal in small steps and setting up deadlines would make it easier so and most of the people in the field they are willing to share your knowledge so ask questions whenever you feel lost uh what helped me a lot was going to conferences going to summer school participating in workshops and talking to as many people as i could and also social media is a great resource like follow influencers in the field dm people to ask questions or advice or just make contact so yeah it’s not simple to break the barrier at first but getting involved in the cyber community is really helpful so 100 yes i agree a lot as usual i agree with gabrielle just feed that cow um so uh so we’re nearing the end so i have a more personal question and you can totally deflect it if you don’t want to answer but are there other things you do outside of information security that you want to share sure so so the so uh we talked about the fact that i uh on mosaic uh i’m also a vp communication at northside conference it’s a conference about cyber security and they host an amazing ctf every year uh and i give talk and workshops about pen testing and i love to work on ctf platform and do peer-to-peer learning with my friends like we often meet and and practice together it’s really motivating that’s awesome i would like to know i love north sec oh my gosh i love montreal and the north sac organizers are so awesome oh my gosh i had so much fun at that conference and like yeah montreal is just the culture is so wonderful and yeah i love that conference uh one of the organizers reached out to me and she’s like i heard that you were saying really good stuff about us thanks and i was like oh yeah i had so i loved it and the and the speaker’s gift was amazing it was whiskey maple syrup so it was like maple syrup but like or bourbon sorry and it was like so delicious and so french canadian i am i love french canadians i was living in quebec before i moved to british columbia so um yeah i love northside i’m so happy to hear you’re part of the organizing committee they’re awesome um okay i’m gonna stop fangirling okay so last question um but first of all everyone please subscribe to the wehack purple podcast if you are not already subscribed either on youtube or on your favorite podcast app or both both is good too i’ll take both okay but back to you if someone wants to know more about gabrielle but bull where should they find more about you do you have a website are there events or links i can share so there’s my blog as we mentioned it before which is gabrielle b dot fr slash blog and there’s there you will find a podcast which is called the walter podcast in which you you can only participate it and i am on twitter at gabrielle underscore bgb and on linkedin it’s easy you just type gabriel and you will very certainly find me because i think i’m the only female gabrielle named butt bomb so that’s pretty easy and i regularly post events i participate in so on on those platforms and you can find also videos of my previous talk on my blog on the category talks and also follow nurse tech conference on twitter because we are going to organize a lot of online activities before the conference and they will be fun to participate in so just follow them and participate to those events you will love you will love it awesome awesome thank you so much for being on the podcast this has been so great and i feel like you shared such good advice like really really good actionable helpful realistic advice this has been wonderful thank you so much gabriele thank you tanya for having me and thank you to we hack purple academy and the sponsor and please buy uh tanya’s book because it’s amazing and she is amazing so thank you thanks a lot thank you bye bye and with that i am going to close up this episode of the wehack purple podcast i want to thank everyone who has been doing um giving us reviews i want to thank our guests i want to thank especially our sponsor threadfix powered by denim group gabrielle bottebol she was amazing i want to tell you just about some of the people that are going to be up next month because we have well as you might imagine a whole bunch more guests planned so next week we have an amazing surprise for you well it’s not a surprise we have shelly gesbridge also known so you’ve probably heard of her as nerdocity and so i’ve been following her on a line for a long time and she actually said yes to be on the show and i’m super excited and she’s going to talk about instant response and she is a fellow canadian yeah that’s right after that we’re going to have mahidina afrin and she’s going to talk about being a bug bounty hunter and then next year because we’re taking a two-week break over the christmas holidays so we’re going to come back on january 7th with najla lindsay and she’s going to talk about being a forensic investigator which is something i actually don’t know as much about so i’m really excited and after that we’re going to have brian anderson sasha rosenbaum we’re going to have talash super sam i’m sorry telash for not saying your name correctly then we’re gonna have ally melon and stephanie black and so many others and i want to thank you personally so again i’m your host tanya janca also known as she hacks purple thank you so much for tuning in we really really appreciate you as our listeners i love it when people talk to us i love it when people give us feedback and we really appreciate you participating in the we hack purple movement have a great week and i’ll see you next week