How hackathons can help propel your career

[00:00:00] CS: Today on Cyber Work, we’re speaking with Jonathan Tanner of Barracuda. Jonathan wanted to be a software engineer until he went to his first hackathon. Once he caught the bug, he went from a security Internet Barracuda to chief researcher. We’ll talk about using extracurriculars, like hackathons to tell your story to future employers. That's all today on Cyber Work.

Also, our second Cyber Work live event is coming up in just a few weeks. On Wednesday, June 23rd at 11 a.m. central time, I welcome Amyn Gilani, Curtis Brazzell and Ken Jenkins to talk about red teaming. If you have any questions about red team operations, how to get started, or anything else about this exciting profession, email the questions to me at cyberwork@infosecinstitute.com and we'll try to answer as many of them as we can live on the air. That's Wednesday, June 23rd, at 11 a.m. Go to infosecinstitute.com/events to sign up and be in the virtual audience live. Send those questions to cyberwork@infosecinstitute.com.

Now, let's begin the show.

[00:01:07] CS: Welcome to this week's episode of the Cyber Work with InfoSec Podcast. Each week, we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of InfoSec professionals and offer tips for breaking in, or moving up the ladder in the cybersecurity industry.

In 2013, Jonathan Tanner's career started as a software engineer intern for Barracuda Networks after he won their annual hackathon held at San Jose University, where he obtained his computer science degree with minors in mathematics and linguistics. Jonathan takes part in computer science competitions to this day, such as the DEF CON Wireless Capture the Flag.

Jonathan's first DEF CON, he became enthralled to cybersecurity research, leading to his current position as senior security researcher. Within his eight plus years, Jonathan built Barracuda’s revolutionary malware detection ATP platform, and now helps lead threat research program for Barracuda Networks.

Listeners in the comment sections of our podcasts and live events always have the same questions, as why can't I find a job? I've got my cert. I can't find steady work. What about the so-called skills gap? Why is it so hard to show my skills to potential employers and so on? It's been said a thousand times before, but the cert won't get you the job. Guest after guest has said as much. It can show your potential employer that you have a certain baseline skills and understandings, but what it doesn't tell is a story.

Your resume, if it isn't filtered out of the pile due to restrictions that are out of your hands, is only going to be in front of your potential boss's eyes for a minute or two, tops. If they don't see a story there, you're not getting the call in. Jonathan and I are going to talk about the so-called extracurriculars that you can help your resume – use to help your resume show employers what you can really do, not just what you studied and what you passed. Some of these tips, you have a much better chance of a hiring manager seeing you and not just your certs, or educational background.

Jonathan, thank you for joining us, and welcome to Cyber Work.

[00:02:59] JT: Thank you for having me.

[00:03:02] CS: To start with, I want to start a little more about your cybersecurity journey. Obviously, we talked about it in the bio that you got excited about it at hackathons and stuff, but where did you first get interested in computers and tech and then in securing them? Is that something that was with you since childhood? Did that come later in life?

[00:03:22] JT: Yeah. Definitely, since I was a teenager, I grew up, like I was a teenager in the 90s when Windows 95 came out and personal computers were – I wouldn't say becoming affordable, but they're becoming a little more accessible. We had the family computer at home. I spent a lot of time on there. I found I found articles on how to “hack” your Windows computer, things like, change your startup screen when it's booting to an image of your choice and stuff like that was very interesting to me.

I also for my math classes, there were graphing calculators were starting to become prevalent. You can program on those in a TI basic. I was doing a lot of programming on the graphing calculator, which really got me interested in the computer science aspect.

[00:04:20] CS: Yeah. You were just grabbing everything that came along that way. Anything that looked interesting, and just figuring it out as you went.

[00:04:29] JT: Yeah, definitely. It was all very new at the time, too, not having completely grown up with computers either.

[00:04:37] CS: Do you have friends who were interested in this thing as well? Or was this your secret hobby?

[00:04:44] JT: Yeah. Most of my friends were interested to varying degrees. Forums were becoming really popular too, so we'd all go post on forums as well. I started with a TI basic, but then I realized, there's a lot more I could do if I start programming on an actual computer. I ended up actually taking a C++ course at a community college, while I was in high school. Which I don't know if that's an upper – to maybe that a lot of people know about, but you can't do that.

[00:05:19] CS: Yeah. I was going to say, that's very ambitious and cool. Yeah. How did you find out about this?

[00:05:29] JT: I think, my mom – My mom was a teacher. She had heard about it from their school counselor there, that you could – that high school students could enroll in college courses.

[00:05:42] CS: Oh, I love that. Okay. Yeah, yeah. I love hearing about these kinds of obsessions and where they start early on. I want to talk to you first, about your work with Barracuda. You started as a software engineering intern. Then in eight years, you've moved your way up to senior security researcher. Can you talk about some of the major accomplishments and milestones along the way that helped you make these significant jumps up?

[00:06:08] JT: Yeah. I mean, definitely getting hired in the first place as an intern was a major leap there. I got lucky there. I knew I was going to have to find an internship. After competing in a hackathon, it became a lot easier to instead of having to do the legwork of finding ones to apply to, I already had been offered to interview for internship there after the hackathon.

[00:06:39] CS: The hackathon wins were a calling card for you then?

[00:06:42] JT: Yeah. It's not that it was guaranteed, I would get hired. It was like, they were interested in interviewing at least. Competitions are also a great networking opportunity. You might meet someone who's looking for someone with their particular skill set through, and it's also a good chance to show off your skill set.

[00:07:02] CS: Right. Totally. What is your job progression been like at Barracuda then?

[00:07:09] JT: I was working on smaller projects, like classifiers for very specific things. I did a language detection library, while I was an intern, and finishing my degree. Then when I graduated, I got hired full-time. My boss, my current boss, I think was one manager in between then, wanted to start the advanced threat protection platform. He asked me to put that together. I started working on that right out of college.

[00:07:54] CS: Nice. Can you tell us a little bit, people want to imagine themselves in different job roles. What does your day-to-day work as senior security researcher look like? What are some tasks that you do every day, and some of your favorite parts of the job and things that are the worst, or that keep you up on Sunday nights and so forth?

[00:08:14] JT: Yeah. I wouldn't say that my day-to-day is typical of necessarily the title. I’ll field Q&A requests from reporters on the security topics. I’ll look more, do deep dives. Well, not that deep. That’s still a skill set I'm building out. I'll look into malware that we're seeing, or different threats that our systems are seeing, so that we can both analyze it as well, as a I'll write blogs about interesting things that we see. I have a little bit more of on the writing side as well in my job, than just straight research.

[00:09:04] CS: Yeah. You have a media-facing portion aspect of your job as well then. If a story is coming in and they want an authoritative voice on a piece of malware is coming through, then you're the person that answers the questions for them.

[00:09:20] JT: Yeah, definitely. Also, still keeping up with certain trends and security is definitely helpful for that. That's part of my day-to-day, as well as building systems to help make my job easier, because there's lots of data that you need. It needs to be in a certain format, or easier to search through. I've been working on systems to help with that.

[00:09:45] CS: Okay. Now do you have employees that work under you and do you have a supervisor that's doing next level up work in terms of security research, or are you an island in the company?

[00:10:00] JT: I'm somewhat of an island. Our group is small. I'm not alone, but it's definitely a small group, compared to the much larger research groups in some of the larger, or I won't say large companies, but other companies that have been doing it. The research specifically a long time. If there would probably be someone that's just writing the tooling to help the researchers, and then someone would research and then pass it off to someone who's writing the blogs.

[00:10:34] CS: Okay. Got you. Yeah. That helps me get sort of, and gives us a good sense of where you can go from this position and where it came from and so forth. Was this security researcher, was this the path you originally wanted to be on? I mean, did Barracuda happen because of the hackathons? Or did you do the hackathons to find the type of position that you have at Barracuda?

[00:11:05] JT: I started out wanting to do the software engineering. Even though I’ve done the hackery stuff, I've been interested in it. Programming was something I not only enjoyed, but seemed more accessible information-wise, because there wasn't the plethora of information on security back then, to pen testing and stuff like that. That stuff intrigued me, and especially hackers came out in the 90s. I was like, “Oh, that's really cool.” It seemed like, information that I didn't know if I wanted to devote as much time into going that path, versus learning how to program software development.

[00:11:57] CS: You got the bug just by doing it. You were like, “Oh, this is a lot more fun than I realized.”

[00:12:02] JT: Yeah, definitely. When I started going to DEF CON was really when I was like, okay, not only is this really interesting, but it's also – I was understanding things that I never thought I'd understand.

[00:12:14] CS: You had a natural acuity for it then, too.

[00:12:17] JT: Yeah. Also, just overcoming the – You take oh, it's these people that do all these things that I couldn't possibly understand, without a ton of learning. Then just from using computers, you're like, “Oh, I understand that. I might not be able to do what they do yet, but I can understand what they're saying about what they did.”

[00:12:41] CS: Got you. We've talked to people at all sorts of different levels in their careers. We’ve talk to CEOs, we've talked to help desk people. A thing that we hear a lot is that every job can be done several ways. One, you can do the requirements of the position thoroughly into the letter and you get praised for it. Two, you can expand the position. You might incorporate new duties, or new levels to benefit the company. Three, you can expand yourself, and essentially, use the words of a previous guest who is a security manager, you can basically automate yourself out of a position, basically creating systems that are so efficient, that you're freed up to take on higher quality and higher difficulty tasks. Obviously, one of those is going to cause you at the very least, to get stuck in the job, you have, which clearly hasn't happened to you. How did you expand yourself and/or your position into the job, where you are now to go from intern to chief researcher?

[00:13:35] JT: In addition to just doing, going to DEF CON and researching, learning on my own, and as well as on the job, because I built a malware platform, I would see samples. We'd have false positives, false negatives. I had to gain an understanding of why it was getting triggered or not. That really intrigued me as well. At one point, realized that that was something I wanted to do more so than the software development at that point. I expressed that to my manager. I was very fortunate that he helped me along that path. That's not every job situation is going to be like, where they're like, “Oh. Well, you really want to do this. Let's find a way to make it happen.” I was very fortunate to my – grateful to my manager for that.

[00:14:30] CS: Yeah. We had you on the show here, because we want to talk about some of the ways that you can show off your so-called “extracurriculars” in your resume that will tell your story quickly and clearly to potential employers. A good place to start with your ideas is looking specifically, you Jonathan, at your very well-utilized LinkedIn profile. I always like to look at everyone's LinkedIn before I get started. You have this great, well-organized list of skills and licenses and certifications, education, job roles, that tell a larger story, than if you were to say, simply show your eight years of employment at Barracuda out of college.

I want to start with conceptualizing your resume or your profile. What’s the first step in taking an assessment of your accomplishments, especially those that would be attractive to a potential employer? Do you have any tips for what to include, or what to leave off, or how to order them in to telling your personal story?

[00:15:24] JT: Yes. I'd say, first off is listing everything. You want to know what you're dealing with. Then from there, you can look at what do you think will be most impactful, or maybe there's a lot of things that can be condensed into a larger picture. They're all somewhat related. You say, well – I instead of, “I did this little project and this little project and this little project,” you're like, “I've worked on several projects.” That becomes a more effective bullet point, I think, than listing everything, and then they get overwhelmed and say, “Well, I worked on 10 projects.” They're like, “Okay, wow.”

[00:16:05] CS: Yeah. That one data point tells them that you have this long-term commitment to this one particular type of project.

[00:16:12] JT: Yeah. I think it's also about, because you're going to be learning and adding to your resume over time. Work with what you have, and then replace it as you go along. Most of the certificates and stuff on there on my LinkedIn personally are Coursera courses that I took when they were starting out. You get a certificate at the end. I mean, if I went out and got a cybersecurity certificate, I would probably condense those down into a smaller point and then emphasize more the certification. It's a lot about just telling what your accomplishments are, and emphasizing the ones that are going to be the most attractive, I think, to the employer. You've got to have something.

[00:17:05] JT: Yeah. To that point, a lot of times I get the sense that people don't have something. The next step after taking such a skills background assessment, for some of our listeners, is maybe realizing that they still don't have a lot of projects, or skills, or other points in the map that they can show off. Can you talk to us a little bit about some of the ways that beginning cybersecurity pros can engage in personal investment to make themselves more valuable potential employers? I mean, Coursera is an example, but what are some – it's one thing to learn in secret, but what are some ways that you can both learn the thing, and then also well document it?

[00:17:40] JT: Yeah. There are a lot of opportunities out there that people could look for, that will look great on the resume, such as – I mean, the competitions are one aspect. There's non-profits, like Hackers for Charity, where you can actually go work on security projects for a charity, and then that's a great bullet point on a resume. You have the experience, and you also have done outreach work. You can go find, if some programming, or learn some programming, you can go find a GitHub repo and start helping maintain that project. Just looking for any way to showcase and build your talents in a way that's going to be – that's going to stand out.

[00:18:31] CS: Demonstrable. Yeah.

[00:18:32] JT: Or show that you –

[00:18:33] CS: Yeah. I never heard of – what was it called? Hackers for Charity?

[00:18:37] JT: Yeah. They might have changed their name, but it definitely was called Hackers for Charity last time.

[00:18:43] CS: Wow. It’s like, Habitat for Humanity, but for cybersecurity people.

[00:18:46] JT: Yeah. It's a great organization. They'll help out a lot of other non-profits that need security work. Whether that's incidents, or just building up security.

[00:18:59] CS: Okay. Can you talk about some other – some of the extracurricular activities that you can engage in that not only level up your experience, but – I want to talk specifically, about the hackathons and the DEF CON hacking conferences, because we have a series of capture the flag walkthroughs on our page, and certainly, people are doing these sorts of things to get their pen testing skills up and out. Talk about the hackathon experience in the DEF CON hacking conference experience. How did you discover it? How did you get engaged in it? Did you feel overwhelmed at first, or did you feel you immediately took to it?

[00:19:43] JT: I had a co-worker that invited me to the first DEF CON that I went to. He was like, “Yeah, I think this would interest you.” I went. I really did get hooked to them. I mostly went to the talks at that one, which was fun and interesting. If you're trying to really level up your resume, definitely the activities and the competitions and workshops, they offer workshops. It's not just DEF CON, like any cybersecurity conference will have competitions and workshops. Also, just networking with people. I mean, finding out more information.

I mean, the first time I did the wireless CTF, our internal security team had had done it the year before. I was there by myself. They were there, then I was there. We met up and they're like, “Hey, we're doing this competition. Would you like to compete with us?” I didn't know that much about wireless security. I know, you could crack WEP and WPA, but beyond that, they were – it gets a lot more advanced than that. Just by going and competing in the competition, I found stuff that was interesting. I learned a ton for the future competitions.

I'd say, don't be afraid to try something, just because you think you don't know about it. If it's not structured, so that you can't work, collaborate with other people, there's always going to be people that are willing to help you out along the way. You'll learn a lot.

[00:21:25] CS: Yeah. When you did the hackathons, were these more in-person at the time? I'm assuming, nothing's really in-person right now, but have you done hackathons since COVID? Is it any different than it was? Or was everything dialing in from people's homes?

[00:21:44] JT: Yeah. It was all in-person. Last year's DEF CON, they did do the wireless CTF. Actually, all the competitions that went on were done remotely. I didn't participate as actively in the wireless CTF, because I wanted to – after four years, I wanted to see what else is out there as well. There was a blue team CTF they did completely online. Whereas, defending a network from fake, mock attackers. They definitely did a great job of digitizing the competitions to be cabled possible from the virtual conference.

[00:22:31] CS: Got you. Unless we put all the obligations of connecting professionals to companies on novice professionals, people who are out there and have qualifications and want to work. It's been noted many times that one aspect of the cybersecurity skills gap is that there's just too many hiring managers and HR departments over-stuffing their job listings with restrictive requirements that filter out worthwhile candidates. Do you have any thoughts on ways that the screening process could be improved? Is there any way that we can get the people doing the hiring to stop looking for unicorn candidates?

[00:23:09] JT: Yeah. I think, one thing that came to mind was looking for passion, as opposed to necessarily having all the qualifications. I mean, any tech job, for the most part, you're not going to – unless, it's a very senior level job, the person coming in is not going to completely know how to do everything from day one. You're going to have your own internal tools they have to learn, their own – you may have libraries, if it's a development job that they have to learn. You have to expect that there's going to be some on-the-job learning.

A passion for what for learning, and also, an aptitude for learning. Those are the things. I've interviewed a couple of people for programming jobs when I was transitioning over. We had to find someone who could take over the AT&T platform. That's what I was looking for was the aptitude to learn the systems and how to do them, as opposed to they have the skills.

[00:24:25] CS: How did they translate that passion? Was it in the in-person interview? Or were you able to read something in the resume that says, “Oh, this person is clearly passionate about this.” Were they able to tell the story on paper, or on the screen? Or did you get a better sense, just by interacting with them in the real world?

[00:24:44] JT: I got a small sense from the resume, but it's definitely the interview. I think that's been said about the hiring. They're getting the jobs too, is like, getting that interview is the hurdle. Getting your resume to get the interview.

[00:24:58] CS: Yeah. What were some of the things in their resumes that you said, “Oh, okay. I have a good feeling about this person.” I'm always trying to help out people who are just listing things in a very dry way. What did you see, where you're like, “Oh, that's an interesting turn of phrase, or oh, that's an interesting achievement that they had, or I wouldn't have thought to look for that,” or what have you?

[00:25:16] JT: Projects, a lot. Even if it was for school, they’d give a description about the project. You could tell, they enjoyed working on it, and as well as knew how to do it in the first place.

[00:25:33] CS: Yeah, I like that. Once you've received the interview, and since you've done some interviewing, you can speak to this, but what things should cybersecurity professionals be ready to talk about with the interviewers to show off their best qualities? It'd be hard if, for example, hiring managers rattling off a bunch of rote questions about your best and worst days on the job and what you like and don't like to do. How do you steer the conversation towards the sorts of things that you excel at and that the interviewer should want to know about you, even if they don't know to ask about it?

[00:26:00] JT: I mean, definitely think about what you're bringing to the table, as well as how that relates to the job posting, maybe, so they may not be asking everything that was listed in the job posting. Beforehand, you can say, well, it required this skill, which I have. Even if they don't ask you about it, you could bring that up and show your knowledge of that. I mean, ask them questions. I'd say, don't be afraid to admit if you're not as familiar with something. Then focus on the things that you are.

One thought that I had that if you had a multi-interview situation, if there was something that you weren't that familiar with in the first interview, go and learn about that before the second one. If you come back, and especially if it's the same person, and you've, you've learned something that you didn't know in between the two interviews, that shows that you really are a go-getter and motivated.

[00:26:56] CS: Absolutely. Yeah, that's a weird thing if you're in your third interview and you’re like, “Nope, still don't know about it.”

[00:27:03] JT: Also, I think treat it a little bit more like a conversation than a test that you have to pass right. In programming, everyone always brings up the whiteboard problems, dreads, the whiteboard problems. In my experience, it's not so much about getting the right answer as they want to see how your thought process works and how you reason through your problem solving. What you write on the whiteboard may not work. If it seems logical, and what they were looking for, then I – at least, if I was interviewing, that's what I'd be looking for more than can this code written on a whiteboard actually compile? I wouldn't expect that.

[00:27:45] CS: Got you. Got you. I want to also talk about your thoughts on job longevity, because as we said, you've been with Barracuda for eight years, and in a place like Silicon Valley, where people are moving between jobs every couple of years, you've really planted your flag in the in the sand with Barracuda now. What can you tell us about working for a tech company with a long-term plan? What might you say to people who might say that your opportunities at one job start to diminish after a few years?

[00:28:12] JT: I mean, it probably is true that depending on the job, your opportunities might diminish. I can see that as an argument for trying to find something else. I'll make sure that your opportunities have diminished before – you can't be a patient either like, “Oh, yeah, it's been one year and they haven't promoted me to the next level.” You have to be patient sometimes, but also on the lookout if your opportunities are not that – you want are not fitting.

I've been fortunate, because Barracuda has been very great about the not just embracing my career path, but they'll – my manager actually asked me like, “What would you like to be doing?” If I express things I'd like to be doing, there's a conversation there of career path and opportunities. I mean, we've had people in the company that completely did a completely different job, ended up in a completely different job just because they were passionate about it and not every company is going to be that flexible, but you find the ones that are and you can go a long way.

[00:29:25] CS: Yeah. Let's move to that. What do you want to be doing? Can I get a little sense of what your five-year plan, what you're trying to seek, because you've been very passionate about expanding and growing yourself? What are you trying to move to next within Barracuda?

[00:29:43] JT: I really want to get a lot more in depth into the role that I'm in. I love doing the research and especially the outreach on it, the writing. I gave a conference talk once. That stuff interests me, passing along information. I just want to grow that by getting becoming better at the research and also better at the outreach. Start getting more conference talks. Building white paper or writing white papers, stuff like that.

[00:30:24] CS: Okay. Yeah. They always say, you learn best by teaching to someone else. That gives you a chance to further your learning by making it accessible to other people. We could keep talking about this for ages and ages, but I can almost hear listeners yelling through the monitor, wanting me to ask some more questions, specifically, their questions. Let's talk resources. What do you suggest for security professionals, who still have these nagging questions about employment qualifications and moving up the ladder in the industry? Because, like I said, all the time, every video has comments like, “Where do I start? How do I start? I don't know where to start.” How do you – well, that initial worry of not knowing where to start?

[00:31:10] JT: I'd say, start with what interests you. I mean, cybersecurity is a very expansive area. What specifically interests you? Is it red teaming, blue teaming, bug content, or bug bounties, which also is another good way to get noticed. You ultimately, I would say, or at least in my opinion, most people want to have a job that they feel fulfilled and enjoy. Focus on the aspects of what you enjoy doing, and learn as much about that. Then you'll pick up things along the way that may interest you as well. Like me with the security – the security research in the first place. I started out with software and then was like, “Oh, the research aspect is really interesting to me.”

[00:32:02] CS: Yeah. Keep your eyes open, among other things, and be willing to make huge changes in a short period of time. I think, that's not always so easy for everybody. I had my whole life built around being a software engineer, or something like that. Then to find out something else, it's like, “Oh. Well, maybe. I won't bother. I already have this whole plan set up.” I mean, did you have any sense of that, that you had – it sounds like, you were just so excited, so you didn't really have a feeling of like, “Oh. Sadly, I'm closing the door on this thing that I really had my heart set on or anything.”

[00:32:34] JT: Yeah. I didn't have a sense. I mean, I lost a little bit of luster for the software development at that point, too. Which is coming back, luckily, as I'm working on these projects. I mean, there's one thing with the software development, versus cybersecurity that they are interrelated. Knowing how to code is definitely a huge asset when it comes to the cybersecurity work, whether you’re just writing scripts, or analyzing a piece of malware to understand how the code was written that created it. Having at least, a basic understanding of programming is almost essential to cybersecurity work. Or you might be writing an analytics platform or something to catch.

[00:33:18] CS: Oh, yeah. Yeah. Know every aspect of it, if you can. Know the network, know the security, know the engineering of it. That's also going to put you on better footing than other people with the same security certifications that you have. That's true. Yeah.

[00:33:37] JT: I think, also experience. Gain experience however you can.

[00:33:43] CS: Yeah. Try something. Start somewhere. Start anywhere. As we wrap up today, tell us more about Barracuda, the company, and some of the projects and products that you're really excited about right now.

[00:33:56] JT: I really like, as I've gotten deeper into the cybersecurity stuff, I realized how much protecting your entire business organization is not just this one thing that you protect against. It's a total package of different things working together. I like the direction that we're taking as a company to provide those solutions. We're trying to make them more seamlessly operate together. Because that's what's really like, all the attacker needs is one way in your network.

[00:34:29] CS: Yeah. That is true. Yeah. Finally, if our listeners want to know more about Jonathan Tanner, or Barracuda, where can they go online?

[00:34:38] JT: Our website for the company, as well as our blog, I have some posts on there. Then also, there's a lot of other people that write blog posts from stuff that they're seeing.

[00:34:52] CS: What's the address for that?

[00:34:54] JT: Blog.barracuda.com.

[00:34:56] CS: Okay. Perfect, Jonathan – Sorry, go ahead.

[00:34:58] JT: I was going to say, I do have a Twitter. It's been a while since I've been on there, but I am on Twitter, JTannerSlick.

[00:35:04] CS: Okay. Nice. Yeah. I feel like, most of my guests say something similar. I got a Twitter and I'm not on it. What was it again? Barracuda – oh, blog.barracuda.com.

[00:35:15] JT: Blog.barracuda.com.

[00:35:17] CS: Very good. Okay. Jonathan, thank you so much for joining us today and sharing your insights with us.

[00:35:21] JT: Yeah. Thank you very much for having me.

[00:35:23] CS: As always, thank you to everyone who is listening today, either at home or at work, or at work from home. New episodes of the Cyber Work Podcast are available every Monday at 1 p.m. central, both on video at our YouTube page, and on audio wherever you find podcasts are downloaded.

Heads up, our second cyber work live event is coming up in just a few weeks. On Wednesday, June 23rd at 11 a.m. central time, I welcome Amyn Gilani, Curtis Brazzell and Ken Jenkins to talk about red teaming. If you have any questions about red team operations, how to get started or anything else about this exciting profession, email them to me at cyberwork@infosecinstitute.com, and we'll do our best to answer them live on the air. That's Wednesday, June 23rd at 11 a.m. Go to infosecinstitute.com/events to sign up and be in the virtual audience live.

Thank you once again, to Jonathan Tanner and Barracuda. Thank you all for listening and watching today. We will speak to you next week.