We Hack Purple Podcast Episode 10

Dominique West


In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Dominique West, to learn what it's like to be a Senior Cloud Security Consultant! She also hosts an awesome podcast called Security In Color , and she tells us all about it!
Dominique West can be found here: Twitter, YouTube and here

ThreadFix
Sponsored by ThreadFix!


Watch THIS episode on YouTube!

Transcript:
welcome to the we hack purple podcast where each week we meet a different guest who is from somewhere in the information security industry they have all sorts of different types of jobs and we explore what it's like to do their specific job so that you can explore and from so that you can explore your career and information security this week we have dominic west as our guest and i'm really excited to talk to her all about her very interesting career and specifically the job she's in now and this special episode was sponsored by thread fix by denim group and i want to thank our sponsor so the weehack purple podcast is put on by the we hack purple community and academy and we do all the application security things but now on to the best part our guest dominique west and there she is hi thank you for coming on the show i really appreciate it thank you for having me okay so i have questions for you and the first question is tell me about so what is okay so introduce yourself what is your name and if you have a title online people should know or a handle yeah so my name is dominique west my handle on literally every social media because i am a lazy person is at domyboo which is d-o-m-y-b-o-o i'm not i've had that handle since i started social media and i'm not creating enough to change it um currently and it's funny because i'm in between not in between jobs but just transition to a new role so currently i'm a technical account manager but previously i was a senior cloud security consultant um both of them give me the consulting aspect but i mainly work in cloud security that's what i specialize in have been specializing in for the past five years now but i've been in technology and in cyber security for nine years so essentially tech has been my life since i started in the workforce awesome do you want to talk about so sometimes if people have more than one job i say do you want to talk about both of them and tell us about both of them or are you super new at the new one and you're not comfortable talking about it and that's okay if you're like i don't know it yet i got there last week yeah so it's been a month and i can talk about it a little bit because as i'm learning um and i definitely understand my role it's kind of just a lot of onboarding but i know for purposes especially for people who like or are interested in getting to cloud security i can definitely speak to that more because that is a lot of what my background is so i have no problem kind of teetering between both because they kind of again align really well so as a technical account manager my role really is to provide like high level business and technical consulting to our top enterprise clients i'm seen as the subject matic expert for our cloud monitoring product for the company that i work with and previously as a cloud security consultant it was it was much of the same i was a subject matter expert for cloud security for our clients who needed to do anything from uh auditing their environment right because a lot of people who are moving to the cloud don't have the resources the technical skills and their teams to do so so they need to make sure for example that they're reaching compliance um maybe they need to do some threat modeling like anything that you can name within the cloud security space is anything that we had done as a cloud security consultant which i really enjoyed because it allowed me to have my hands and literally everything i learned everything there so it's pretty cool that was hands down being a consultant or at least being kind of a client facing in a client-facing role is where my uh creme de la creme is nice so the question i usually first ask is describe your job and what what would a day in the life actually first describe them and then if it's okay and i can be indulgent like what is a day in the life like yeah so um and they kind of the answer kind of fits for both so as a consultant or technical account manager when you're client facing your day-to-day is not the same which i love right i am in a role where i wake up every day and i have to check like what's happening because either someone put a ton of meetings um whether it's a client or my team onto my calendar or you know there's some kind of training that's going on there's something that i need to upskill and learn something has changed in our environment that i need to be up with that is where i thrive um i don't i get bored really easily so typically my day-to-day starts where i kind of check my emails i make sure if it's for example when i was in my consulting role i kind of checked to make sure if i'm on an engagement that if the client has reached out to me that i prioritize and make sure i'm addressing whatever needs that they had so whether or not they want to hop on a meeting because they need some more clarification about something or they're having experience in an issue whether or not i need to check to make sure you know basically that everything is copa-static with my clients and then check to make sure internally nothing is on fire with my team that i need to you know kind of catch up on anything and then after that i usually spend some time on whatever project or engagement am i on so say for example if i'm doing an assessment then i'm going ahead and conducting maybe some interviews i'm putting together the documentation collecting evidence um mapping out whatever it is that i'm doing um maybe spending time in presentations and then usually i always try to spend at least one or two hours a day um kind of personal upskilling meaning hey i'm doing a training video on something that i want to learn um i'm reading up on what's latest in the news our latest tooling that's happening especially if i'm working on an engagement where maybe a lot of the times we have to introduce new tooling to our customers and clients so as a subject expert i should know what i'm talking about so i kind of do my research like hey has something changed what updates are coming making sure that i'm staying current um and that really happens day to day and the unexpected usually happens sometime during midweek that might throw my schedule off but typically as a consultant things change so often on a daily basis i can only imagine i i have to say i know that feeling of i'm going to learn this today or i'm going to do the and then like just completely side like yes okay so obviously i have more questions but first i want to tell everyone a small announcement my book came out this week it's available on kindle and all the ebooks yes alice and bob learn apptech is now for sale on amazon and all the places and they're shipping the physical book in just days um and so if people want to buy that i'm going to put a link in the chat but i want to go back to speaking about dominique because that's actually the point of this show in this episode um so back to you what types of personality traits do you think someone needs to be good at your job because it's not the same for every security job they're different no no especially because again with client facing you're talking literally all day every day where i have to actively take breaks and like i need to drink some tea because i'm running out of saliva like i just i talk a lot so communication is definitely like you have to be someone who i don't necessarily want to say you need to be an extrovert like you need to be out there but you definitely need to be comfortable talking with people communication is number one in this line of business um and it would be really hard for someone to be successful who isn't comfortable with talking to a wide variety of people right because as a consultant um at least if you're working for a company as a consultant and not for yourself because for yourself you can decide which clients you're going to work with or who you want to work with but if you're working for a company who's a consultant and consulting with for them you don't have any say you kind of just get thrown on something and have the hope that they're really nice people but sometimes they're not right or just sometimes um i don't know there might be a communication error i find a lot of the times it's not that someone is mean or upset or angry with an engagement it's really a lack of communication something is missing there there's a disconnect and i really like to find out where that disconnect is coming from because that makes my job easier to make you know to make their life easier um so i definitely say communication having really good interpersonal skills i know we talk um well i hope in cyber skate a lot of people talk about having soft skills like human skills um i think that's one of the most important um kind of traits that you can have or skills that you can kind of hone and improve on um if you want to be in a consulting or a client-facing role are you saying that you have to deal with adverse personalities that never happens in security ever for for forever actually like that's that's all you deal with and and it's fun right because i'm a person like i like to read uh i'm doing a book challenge where i'm reading 25 books by the end of this year and one of the books that i've read was about something called i think it's a nanograms i don't think i'm saying it right but it's basically what about learning the different personalities that people have and then how you can relate to them better right instead of thinking oh this person is difficult or oh i just don't get along with these types of people it's really understanding hey where is this coming from and really taking the time to relate to one another so i think that's such an important skill that you could do is really doing like emotional intelligence and really just kind of balancing out just how to communicate and like relate to people because your clients and customers are humans as well like they they they too have a job that they're trying to do so how can i make my life easier by making their life easier oh i like the topic of that book um if you want after you can send me a link and we'll put it in the show notes for people in case they're listening so um i have more questions [Laughter] so what type of aptitudes does someone need to do your job well like do what what about like attention to detail do they have to have hyper focus do they have to i don't know like read minds if reading minds was the thing i would definitely say yes but um because i would just make anyone actually it might make your life easier or hell it depends on what you're reading or listen to but anyway um i would definitely say um attention to detail is critical um again not necessarily just with client facing but especially if you're working for a big company um so i worked for one of the big fours and i know attention to detail is key like they drilled it into us in terms of making sure that we were double checking triple checking going through processes to make sure that our presentations were up to standard in terms of you know is it aligned with the client's colors is it up to par have we understood how they would like to be given presentations you know do they want a report format do they want a powerpoint do they just want you to give them three bullets you know really understanding that so attention to detail is definitely very critical in terms of hyper focus i would definitely say you have to be able to have a balance time management is key um otherwise you will get very overwhelmed it can get very chaotic um there are a lot of times where the job can seem very demanding where at the end of the day i just barely can crawl into bed um after making it but i i don't regret it but it's just it sometimes it could just be a long day that's honestly the nature of cyber security and consulting it's it can be very challenging so really understanding how to create that work-life balance um have that attention to detail and be successful but also manage your time very well is very very important otherwise it will you'll reach that burnout stage way often than than you would hope to i need you to teach me those skills listen i have to learn and really my life is just run by apps like my app my my phone tells me it's like hey nine o'clock it's time to wake up 10 o'clock time take vitamins 11 o'clock it's time to drink water like i have my life run by my calendar google challenges saved my life i love it so your job like cloud cloud security is pretty technical and there are a lot of people super interested and very curious what what types of technical skills do they need and um i guess what types of training could someone take so they could try one day to do your previous job so the great thing about cloud security is that literally the skill set or the foundation you need is in the name right you need to have a cloud computing background or foundation and then a security foundation and background so i always try to encourage people who are interested like hey if they're a new person to technology in general getting started i always encourage them hey you need to really get a foundation in security and learn the basics a lot of that is covered um by trainings like security plus a plus network plus kind of like the triad that people call about no i know certifications can really be a here in their kind of conversation but they do at least the um the books and the knowledge is useful whether or not you get the certification you need all those certifications totally up to you but the knowledge that you get from studying for those certifications is useful in giving you a really good foundation same with cloud security i mean same with um cloud computing there are a wide variety of vendors out there who give you foundations in their platform specifically um but each one of those concepts that they teach you goes across the board iam is the same across the board with all three they just might be named different the threat monitoring tools the same dlp or data loss prevention the same so a lot of the concepts that you'll find in cloud computing and security combined together will give you that foundation to be a cloud security engineer analyst architect anything that you're trying to be um and then as far as training goes for me the best training came from real world experience i went to school for computer science and i felt i didn't as soon as i got into my job i'm like i don't know why i did that because i learned nothing and i really learned everything from my first job um not to say that school you're like you shouldn't go to school and i think don't do that but what i'm saying is that translating my formal education to my real world experience was a bit difficult right because again real world experience there's like there's nothing that can beat that at this point but i also understand there is a large disconnect with people trying to get into the field pivot into the field so real world experience might take some time for someone to get so in the meantime there are so many free trials out there especially for cloud vendors cloud security for people to stand up their own environment and get that real world project experience right you can stand up your own environment in google cloud and aws and then azure and you can learn how to spin up virtual machines you can install applications on them you can run real traffic through them because they have a lot of um what do you call it data that you can run through in order to kind of build up the environment and you can test that out and you can create projects to put on your resume to help coincide with the lack of quote unquote real world experience but you can build up your skill set that way so i always encourage doing self training and a little bit if you have the opportunity maybe to go to school or go to a boot camp i highly encourage that as well because there's nothing like kind of getting formal education but self training definitely is out there and people have been very success successful you know doing that on their own in order to get a job i agree can we talk about certifications because i feel like it's a thing that people avoid to like whenever i'm on the internet all i ever hear is like should i get this certification or that certification and i feel like a lot of people think it's a touchy subject but maybe because this is an education podcast we could touch a little bit on it like you don't have to take a firm stance but maybe we could explain what certifications are and like potential value that they could have yeah and i agree where a lot of people ask hey should i get all of these certifications and i you know i know and i hate seeing it and i'm like it really depends right everything will always depends and like that's something that you'll literally always hear in the field and they're like maybe or it depends that will literally always be an answer but certifications really to me my opinion certifications serve two purposes one to get you through the door for hr that's one of the main reasons to get certifications right because unfortunately to get a job hr needs to check these boxes for their candidates and if you don't have that box checked you could be ruled out at any given time and then two certifications can serve as an open door to different networks um different opportunities different training and learning so for example i have my ciss peak certification and getting that certification allowed me to be a part of the isc square community and in doing so i got access to free training i had access to a network of other cissps i get access to emails and first hand xyz that they offer i would never have gotten that had i not gotten that certification right so i always tell people getting every certification isn't necessary if you have the time and the money or someone else is paying for it and you're bored by all means go buy every certification but or go attain every certification but if not the way i have done my certification route is i map all of my certifications to the roles that i plan on going for if it's a requirement for that role and because i don't want to be ruled out then i will get it so when i was first starting off in cyber security uh the only thing i heard about then was the a plus and security plus and network plus right that was the foundational triad that you need to be successful i got the a plus i jumped to security plus because that was the field i wanted to get into i was good there that allowed me to at least have conversations with hr managers who are hiring for security positions then from there i said okay now i want to get into more advanced security positions right i want to start getting into the engineering i want to be a little bit more technical i don't want to do just the analyst positions in order for me to do that a lot of the roles required is the issp certification so i'm like okay i need to get the experience i need to pass this test so i you know set a strategy for me to be successful in order to get that and then when i wanted to get into cloud security same thing i'm like okay if i wanted to be an engineer and i noticed a lot of my job roles were saying they want someone who can do aws let me get aws certification they want azure let me go ahead and do azure certification so for me certifications serve a purpose not all of them are necessary um again i just really encourage people to map out a blueprint for your career and then have your certifications aligned to that blueprint that is basically like the best explanation ever thank you that was so good i was like i have nothing to add a lot of people ask me which certifications do you have i'm like i don't have any but most people can't go the i'm just going to be famous route it's not the thing most people can do and in the canadian government they weren't required so then i had all this experience and release research papers i'm like that's a really inefficient way to do it compared to getting certain certifications and that worked a while ago right because there are a lot of people who are in the field who back then certifications wasn't a marker of your experience right it was real world job experience have you been in this field for this long can you tell me about the different roles like experience was enough somewhere along the line certifications became just as important um and became the gate keep like it's just like a bridge it keeps a lot certification keeps people whether or not they're going to get the job unfortunately and i always tell people and i'm like just at the current it's harder to dismantle the system of disconnect between hr and hiring in in the pipeline what's easier right now because you want to get into the field and you need a job and you have two bills to pay is to unfortunately play the game right so you need to get a certification like unfortunately to get through the door unless you go the the twitter like the the really famous route if you can do it that way you know kudos to you yeah it's a lot more time consuming to start your own open source project to release several research papers to like it's way way way more like it'll be better if you just and then a lot of people think oh if i do the famous or and i'm like the famous route isn't that doesn't yeah that's like saying oh i'll be able to afford a house if i become like a rock star it's like no that's not gonna happen right yeah no yeah unfortunately you have to get one at least one you have to get something yeah i also feel that there's like you're talking about the disconnect between hr and the hiring pipeline i feel like they just don't know what questions to ask to actually understand if the person does know their stuff so they're like well we'll just ask for a cert because then the people that giving the cert have already asked all the important questions to know they know their stuff i mean i i think like if you have a technical person it's happening is it is it because i again i can't speak for everyone but i would just think that the hiring the person who's doing the recruiting would talk to whatever team it is that is hiring right and really understand and maybe that's the thing right sometimes a lot of teams don't understand what they need like what is this person fulfilling what gap is this person fulfilling within my security team and if you can't understand and translate that there's no way that hr recruiter is going to understand and translate that because they have no idea what you're talking about they have no idea what gap you're trying to fill so yeah there's a a really large disconnect but at the time i really just try to mentor and help people and i say hey try to align as much as you can this is i can only tell you what i've done and what has helped me be successful um and hopefully that you know that'll help as well we hack purple now offers a certificate because like basically people are like it's really nice i've learned all this awesome stuff but i literally i have to be able to show people like i went to school there and i'm like okay let's do it yeah um and like now you know i guess to show their hard work which is but i like it but it's just it just really sucks especially because a lot of the certifications cost a lot of money i saw that yeah security plus now is 350 which is like double almost of what i paid when i got it and 350 dollars can be a lot of money for people especially in the pandemic so getting a security plus and an a-plus and getting all these certifications to try to be a viable candidate can literally put someone in a really financial bind and then if they don't get that job what happens it was six months down the line and nothing is baiting you know they have bills to pay so i really really really really do hope that keeping continuing to talk about this broken pipeline and certifications really helps a lot of people to start bringing awareness to fix it because there's a lot of people who need jobs there's a lot of end we keep talking about this cyber security skills gap or xyz but we're not giving people the opportunity to really fill that gap and to be successful in this career i could not agree with you more and not to talk about myself too much but i agree with you so strongly that yes we are trying to create solutions for that at we have purple because i'm just like introducing people to students and doing this and doing that and i'm just like can we figure out a way where we get them all jobs because that's what everyone actually truly wants right so people take training for one of two reasons like one they want to like find a job or two they want to be more awesome at a job they have and so if they want to be more awesome at a job they have awesome like i'll just train you and show you all the cool stuff and give you tools to bring back to work awesome but for the people where they're like i want a job or i want to switch jobs like how can we make that happen because if we like i feel like from a business perspective if everyone just finds the job and the if they get the thing that they truly want and then they're they go off and they're awesome at it like everyone wins like the industry wins the people win and i'm like i so i am like all like thinking about solutions because i feel this is a huge hole in our industry and i'm sorry i got so off topic but i was just like no listen i have no problem talking about because that's something that i also try to do i don't know how to create these solutions or i'm not in a position yet of doing hiring right of being the person to be able to provide that job opportunity but in the meanwhile i can definitely help people get resources i can figure out how can i do this for free i can sponsor someone for certifications i can i'm in a position where i'm able to give back in my community and that's just what i really want to do because again there is so many things that's broken and i feel like that's way harder to try to fix where i can just try to provide as much as i can resources and opportunities for people speaking of dominique giving back so first of all i'm sharing underneath you right now dominic giving a workshop for the oauth devslop team about google cloud security and it was awesome she was great she joined me nikki and nancy actually i wasn't at this one so nikki but nikki and nancy are always amazing and yeah yeah it was a good episode and i i'm not saying it has over 400 views so people really oh my goodness yeah some people really liked it so there's a link to that but gosh do you do another thing dominic that like people should know about why i do um i am the creator of security and color which is a platform giving cyber security resources for everyone to be a cyber champion um as i talk about i evangelize cyber security everywhere in my life at work at home to my mama everywhere um and i wanted to do it to every you know to the average and everyday person i have a weekly podcast that is now syndicated literally everywhere um also called security and color where i disseminate the top cyber security news happening not only in the united states but all over the world and then i give out a weekly newsletter that's also filled with opportunities for people to take advantage of so i post things like job postings that might be happening because i know a lot of people who are in positions of hiring and they're looking for people so i try to you know share that out as much as i can i also give news articles there but i also give for tech events because i'm also a person who likes to attend tech events and workshops not only just give them and i know how difficult it can be to figure out like what's happening this week this month this year xyz especially since everyone's at home and everything's virtual so it's like trying to find links so i kind of have a one-stop shop where people can figure out hey what's going on in the tech world during this week and this month and you can find you know all of that on my platform i happen to have um securityandcolor.com underneath you and color is spelled the american way not the canadian way i actually was like searching for it before the show and i was like c-o-l-o-u-r and i was like where is she i know i've been to this site before how come i can't find it i was like wait americans less letters simpler it's okay and it was funny because actually my roommate asked that too and she was like how come you don't put the o-u-r and i was like i don't know i've been brainwashed to spell it this way that's all i know no it's it's like uh i guess canadians spell it one way and american spelled another way there's a couple things where we spell it r e and you spell it e r or american spell e r and then i'm like why and the word defense so an s versus a c and and so my publisher for my book is american and so they kept correcting me i'm like no i'm sorry but you're wrong my team was located in europe and every time we had to write like reports or something we would have like the word organizations would come up right then of course in america we saw organizations with the z and they spell it with the nasa we would have these arguments back and forth fixing reports on who was right or who was correct so we had to pick okay this this report's going to be the american one and this report will go up to the european one we had so many fights over here oh my gosh okay i'm going to thank our sponsor thread fix from denim group the most spectacular vulnerability management platform this side of the galaxy and with that i want to ask everyone to first of all obviously go out go check out our sponsor thread fix and then immediately sign up and subscribe to security and color podcast and then if you're not already subscribed to we have purple podcast do that and then also subscribe to her youtube which i'm just going to share now security and podcast youtube yeah i looked up all the links that's right um and then also then we're gonna follow dominique on twitter so security in color with know you and then also domi boo so i'm gonna put that up too now and then also press the subscribe and like button yes marketing complete good job tanya awesome okay so next question does your job pay well is it is it this like a thing where am i going to be am i going to be buying a honda fit that's eight years old that's used that sort of starts most the time or can i buy a new car no because i am in a role that is seen as more senior level um and definitely with the managerial level now they definitely do pay well i know a lot of people come into tech thinking they're gonna start off making six figures and i really hate that narrative because it really disappoints a lot of people off the bat especially when you have to start up for entry level and unfortunately entry level is just synonymous with just not making a lot of money with not six figures yeah but the fortunate thing is that you can definitely get to six figures as i have in my roles as i've gotten senior level and i know a lot of people think well oh and i can only do that if i live in really big cities or you know because of course they're trying to compensate because of um cost of living and that's not the case at all especially now that a lot of people are remote and we definitely have proven in this industry that you can work just as well from home that you can in the office so definitely in different smaller cities and so i live for example in atlanta georgia and it's still a pretty big city but in the south cost of living here is way cheaper than for example in new york city um so it's definitely possible to definitely hit six figures as a consultant as a client facing role in cloud security in all of the roles that i've had within cloud security or doing consulting or anything client-facing i've definitely been either very close or have surpassed it there so i can definitely say that this is an industry that not only challenges and you get a lot but it also pays you for the work that you do which is really important a lot of people really get which can it's fair a lot of people are really shy about it in terms of asking like hey does this pay well but at the end of the day we all have bills to pay we have to survive as people people have families people have lives people want nice things and i think you know you're definitely entitled to have that so making sure that you're aligning with roles that is going to pay you for the work that you do is very important it's really stupid yes we were talking about this earlier and i was explaining it's important because people need to know so for instance i am a startup founder and i am going to get my first paycheck in two or three weeks but we started in february and i'm ecstatic that and i'm probably going to pay myself close to what the students get paid because i just want to have some sort of paycheck but i'm like so excited but other people are like wait i thought ceos made tons of cash and i'm like not this one however for a long time yeah but but there's the glory of being able to design your own job and work at the place you've always dreamed of working at and do things that feel like they really matter to you etc but it does not pay well despite what you might see of like that one ceo that then like sells off in two years and makes all the billions and whatever like that is not most of us just to be clear and they don't tell you the story behind that either right they don't tell you what that person their background where they came from who's helping them xyz we always just see the success story we see the oh the billions the millions the xyz you don't really see what's happening behind the scenes of how they got there so definitely exactly don't take peed into trying to like copy or be someone just because they're making a lot of money right now you do have to do the work there is some work that is involved with getting there but it does pay off i agree with her yep and also i think i think that her job sounds really good so are there lots of opportunities for that type of role like if someone wants to they want to get into it is it like fierce and cutthroat are there opportunities no there are definitely opportunities but again being in a consulting role and especially for um a really big firm or for anything client-facing it does require you to have years of experience right this is definitely not a role that you would get within the first one to even four years right i'm not saying it's impossible because again there's plenty of people who've been able to navigate it and i think especially um this goes for i would say maybe for those who are already in the field so if you come from maybe a sales background something that required you to interact with people or customers xyz and then you just kind of need the technical aspect then sure i think there's a path there's definitely a pathway for you but if you're just starting out your first couple of years again really is on building your foundation but there's plenty of opportunities to be a consultant um everyone's always looking for someone to help because every everyone always needs help especially in cloud security because there's lots of organizations who just don't have the time or resources to build their own team so they kind of outsource that to big firms who can do that work for them but there's also plenty of client-facing rules because again cloud security is just a booming industry right now and a lot of people are taking advantage of just trying to find subject matter experts because there are not a lot of them at the moment at least at this high level so if you can get into the field now and build your foundation i you definitely have job opportunities that are coming your way what do you like best about your job and you can say the old job and or the new job i'll take whatever gravy i can get so what do i like best for me it would definitely be the day-to-day challenge um and then working with a wide variety of people so as i kind of alluded to before i do i get bored very easily in jobs mundane tasks and all of that just doesn't work well that's not where i thrive um and i thrive where i'm in a position that is challenging me to learn something being able to apply what i learned and then perhaps maybe teach it and the two roles that i have the current one that i have now and the one that i had before allowed me that opportunity where again as i was saying i would wake up each day and i would have a new email that something new has happened and i need to get on it or that i have the opportunity and space to learn something so i can apply it in the future and i really enjoy that i really love being a student as much as long as i've been in this industry i really love still being a student the fact that technology is changing literally every day and i have to have something to look forward to and learn every day and i can apply that to my everyday work and then help organizations and clients meet their needs and meet their goals and like actually tangibly seeing it right they're like hey my security posture is really shitty right now how can i improve and then literally helping them improve that and then like hey you know and then not only just helping them approve them right because you can't just fix someone's cyber security posture and have them go on their merry way because that's how they got there in the first place you need to you educate them and teach them at the same time so being able to teach teams and like empower teams to be successful in their own right is really cool to me right it's like being able maybe i have a future somewhere of being a professor but to teach and help people kind of learn and be successful in their own right and not necessarily just doing it for them i love it that's i totally uh i can totally feel that definitely so the opposite question what are what is the thing you like the least about your job and you're probably not going to be like it's that guy over there but maybe there's like a thing that bothers you that like keeps coming up like maybe angry people the least thing i i would definitely say is how demanding the job can be because again you're talking to so many different people and yes i'm networking and i'm learning and i'm teaching and i'm being this really great evangelist but at the end of the day that can be very draining and very tiring and like i said there are times and days where i barely have enough energy to just crawl into the bed and like go to sleep to wake up and do it all over again and that's like the other side of the coin really it's just like we and that's where you have to learn about work-life balance and figuring out you know that security and this job isn't my entire life and that i have to sometimes say no saying no it can be really really hard especially if you're a person who perhaps doesn't have kids and is not married and they expect you to be on all the time and i'm like no i too like to go home on time and i too like to you know watch netflix right and have a life yeah exactly so really figuring out that balance of being successful and making sure that i'm putting my best foot forward but also that i'm taking care of me and not letting the challenges and the demands of the job take over my life because i have experienced burnout before and i definitely don't like it i don't want to go back to it um but it is something that can happen it's just i i really hate saying that is the nature of the job but if you don't figure out a way to balance your life unfortunately i think it's just something that more than likely what happened to to the average person yeah they start calling you tanya this is this is the thing that i need to be better at so i'm just like i'm like taking notes like i'm like okay yes for me too i have to remind myself every day and i'm like you can't do everything dominique like sometimes you have to cut off like i have to be very active and saying okay there are days where i don't mind being up and working till 10 because there's just stuff that needs to get done and that'll help me tomorrow because i don't want my tomorrow to be a really long day so let me sacrifice today to be really long but i'm not doing that every day awesome that's yeah that is wise advice that i think many of our listeners could really appreciate if they apply to their own lives for sure so what advice would you give someone that wants to try to get into a role similar to yours that either you have now or your previous role like in maybe like actionable steps i don't know if i muted myself partway actionable steps i know you're fine okay um some actionable steps that i would say for people who are looking to get into cloud security and as either a consultant engineer xyz my first advice would always be apply for the role like press the button mainly because a lot of us especially women tend to not apply for jobs if we're not checking every box that's there as a consultant what i've learned best is that i've been able to take a little bit of my experience in everything that i've done and can apply it somehow to whatever engagement i need to do or if not i'm i i'm with a company that gives me the space to know that they'll support me in making sure that i'm successful and they give me this the space to learn whatever it is that maybe i don't know if there's a gap there right so my first thing is always apply for the role because you will never know if you'll get it you'll never know if you'll get that real world experience if you don't go out there and physically press that button and apply for it and even if you don't get the job right interviewing is experience it helps get comfortable with talking to recruiters with understanding how technical interviews go and then next you know you will start acing interviews left and right you'll have so many job offers you don't know what to do with yourself so get comfortable with doing that um and then second i am a person who has to physically write down goals in order to achieve them because in my head is a lot of chaos already so i need to put that chaos down into actionable items for me on pieces of paper so if someone wants to get into cloud security like i said before what what i always advise my mentee to do i told her to do look up roles on linkedin on indeed on whatever job sites pick out a role so if you want to do cloud security engineer if you want to do cloud security architect right just start googling rules once you figure out those roles what skills are these roles asking for they want you to learn python do you need to learn linux do you need to learn aws do you need to learn xyz now you have five things that perhaps you didn't know about before and now you have an action plan of what you should be studying right a lot of people say what should i be studying what should certification should i get to literally the job roles tell you they plan out a blueprint for you but i think a lot of people get really overwhelmed in terms of what should i be doing pick a role that sounds really good for you craft it in your mind and then put it to pen and paper and go for it that's one of the best things that i can say has been successful in me whenever i'm going for a role because it can be overwhelming right the job process is overwhelming there's like there's no other way to put that so to make it easier for you figure out which role you want start googling the rules understand the skill sets make a plan and then go for it that is literally the most succinct advice that we have had that is super duper duper actionable seriously i feel like we should make some sort of motivational poster where and then at the end it says and go smash it like you set that goal you make the list of things you go study the crap out of them then you smash the goal you're like i've been preparing this my whole life exactly and then when you get in there you and it makes you comfortable with the entire process right because none of it is easy right and i don't know if it's just by design the way it is but it's not easy and it's really overwhelming so it's like what can i do to make this experience better for me and more comfortable for me so i can be successful because being chaotic and everything that just doesn't work well for me i just i feel like i don't have a way forward and way through and for a lot of people and i if it applies to me i know it applies to a bunch of other people so hopefully that helps with someone out there but um yeah just go for it press the button yes i feel like that should be a slogan press the button just apply just do it so do you do you do things outside of your nine-to-five job that you wanna share with us and it's okay if you talked about it before i still wanna hear about it again um outside of my nine to five a lot of it has been building my platforms to creating color which i had spoken about before um and i can speak about like a little bit about how it came about so um last year at the beginning of the year i just had i don't know i was at this moment where i feel like i had something to contribute to the community i had no idea how right i know there was a lot of people who were feeling like they had no path no representation no way of doing anything and i too was like okay where is that person who is that person um and finally i kind of just got to a point where it's just like you know what i have knowledge i have experience i have a voice i have i should share it um so i started writing i just created a little blog and i started creating um writing some articles because i wanted to um again i always talk about evangelizing but i want to talk about security right i like to talk about a lot of people because i think security is for everyone not just for professionals or people in the industry our data in our lives us as humans we are gold mines now so we should have the tools and resources in the education to protect ourselves or the everyday person should be able to protect themselves so i was like okay well the best way of knowing that i know what i'm talking about is if i can disseminate and write that information for someone else to read who maybe isn't in the industry so i would have my friends read i would have my my mom read um and after a while a lot of people were like i really like this i was able to understand this it's this is not technical gibberish like i actually know what you're trying to tell me i understand what multi-factor authentication means now so yeah so after doing that for a little while i'm like okay blogging is cool but i think at that time naturally everyone was going for podcasts i'm a big podcast person i like to talk so i'm like why not do an audio form and that's where the podcast came about um and i really just wanted to talk about news because even for myself as a cyber security professional when i read articles sometimes they're too technical and i'm like i just i just want to know what's happening like i i appreciate the detail that they give me especially if you're someone who's interested in learning how this malware is breaking down how things are dropping xyz but for the average person who wants to know why this breach happen and what they should do they have no idea how to get that information out of a technical article so i wanted to be able to translate that information into an easily digestible way and i always say your mom your grandma your brother everyone is able to understand it across all kinds of generations and spectrums so that's really where the podcast starts to come about and yeah we've we've gotten a really good audience i have such amazing supporters and listeners so we're still growing um and then i saw another gap in terms of having a cyber security kind of newsletter i wanted a newsletter i didn't really see one so i just created one that had a lot of the information i was putting on my podcast but also a little bit more again i saw there was some gaps in the pipeline in terms of people looking for jobs there were some gaps in terms of people not knowing where to find tech events so i'm just trying to fill set gaps so that way people have a one-stop shop where they can find things where they're like hey i want to know what's happening in the tech world or i want to know what event is happening next week let me go to securityandcaller.com or hey i want to catch up on the news for this week and i want to know you know what breaches are happening or what special topics can i i understand because i give a lot of career advice as well let me go to skating color podcast so really trying to make it a one-stop shop for the everyday cyber security champion to be able to go to that is awesome and to say it a little slower security in color.com do not put a u in it the american way yes because otherwise you'll get lost like tanya and that's okay i want to thank you so much for being on the show you're a fantastic guest you're so easy to talk to it's really good and thank you so much for having me so every single person listening or watching has obviously already subscribed to security and color and bookmarked the website including me and and also they've subscribed to our podcast and also they want to thank our awesome sponsor threadfix and also um this was great this was really great thank you so much for being on the show i really appreciate your time it's awesome i love everything that you're doing so i'm super happy to be a part of it thank you so once again our guest was dominique west and i am going to do the goodbye would you are you interested in waving before we disappear and then we do the goodbye out just bye everyone thank you awesome so uh thank you for tuning in to the we hack purple podcast each week as you know we interview an amazing human from the information security industry to learn about what different types of jobs that they had this week we interviewed dominique west and learned quite a bit especially how we all need to subscribe to her podcast sponsored by thread fix by denim group and this episode has definitely helped you learn a lot more about cloud security and how to try to actually set your goals and then go smash them up next next week on thursday we have stephanie black to talk about being a cyber security account manager so dominique talked about that a bit which is awesome and so we're going to get even more details from stephanie the following week is tyrone e wilson and he's going to talk about what it's like to be a founder so him and i are going to have a lot in common and i bet that we're going to gripe and it's going to be great after that we have kim crowley to talk about what it's like to be a cyber security writer and researcher and she has a lot of interesting information about that and then the following week we're going to talk to shira shamban and so when we first booked her we had she's the ceo of a stealth startup however since then she has come out and there is so much more information we are going to share about her and what she is up to so thank you so much again for participating and listening and watching i hope you do a review on apple itunes of our podcast and talk about how we're great and thanks again i'm tanya janca your host thanks from wehack purple bye