Cloud Security Insights with Kristoff Limpolair

Cloud Security Fireside Chat

Estimated read time: 1:20

Summary

In this engaging episode of the Simply Cyber Fireside Chat, Dr. Gerald Auger welcomes Kristoff Limpolair, a tech entrepreneur and founder of Cyber, to discuss the rapidly evolving field of cloud security. The chat covers Kristoff's expansive career, starting from his web development roots to becoming a significant player in cloud security education. With a focus on AWS and practical training through hands-on labs, Kristoff shares insights on the growing demand for cloud security skills and how organizations and individuals can prepare for the future. The episode also delves into the challenges of keeping up with fast-paced changes in cloud technology and offers advice for those looking to enter the field. It's a must-listen for anyone interested in cybersecurity and cloud technology.

Highlights

Kristoff's impressive track record includes scaling Linux Academy from $4 million to $40 million, demonstrating his expertise in the tech education sector. 📈
Cyber's focus on AWS training includes a variety of labs that are accessible to beginners and experts alike, providing a comprehensive learning experience. 🏫
The conversation touches on the complexities and rapid evolution of cloud technologies, particularly AWS, making continuous learning a necessity. 🔄
Kristoff and Gerald discuss the nuances of the security job market and strategies for individuals to stand out, such as through unique projects and active community participation. 🌐
Kristoff's advice for handling the ever-changing cloud environment includes leveraging news feeds and community resources to stay informed. 📰

Key Takeaways

Cloud security skills are in high demand, and education platforms like Cyber are essential for bridging the skills gap. 🚀
Kristoff's journey from web development to cloud security underscores the importance of continuous learning and staying adaptable. 📚
Hands-on labs provide invaluable real-world experience that surpasses theoretical learning. They are key in understanding both offensive and defensive security strategies. 🔍
Networking and personal branding are crucial in the tech industry, with many opportunities springing from strong community engagements and content sharing. 🤝
Developments in AI are having a substantial impact on cloud security, offering both new opportunities and challenges. AI empowers both attackers and defenders, creating a dynamic security landscape. 🤖

Overview

Kristoff Limpolair, a dynamic figure in cloud security education, joins Dr. Gerald Auger to unravel the complexities of this fast-paced field. Kristoff shares his journey from a web developer to an influential educator, emphasizing the value of continuous learning and innovation. His initiative, Cyber, is designed to address the pressing global shortage of cybersecurity skills, offering AWS-focused training and hands-on labs.

The discussion explores the surge in cloud security demand and Kristoff's strategic response through specialized learning paths that cover vital skills, from certification prep to real-world security scenarios. The significance of practical, hands-on training is highlighted as an effective way to understand the dual offensive and defensive strategies in cloud security.

Finally, the episode stresses the importance of staying current in the tech field, particularly with developments in AI, and the role it plays in cloud security. Kristoff advises on strategic ways to network and build a personal brand, which are essential for professional growth amid the dynamic tech landscape.

Chapters

00:00 - 03:00: Introduction and Welcome The chapter begins with a repeating audio theme accompanied by the phrase 'Right here. Right now.' This repetitive pattern serves as an introduction, creating a vibrant and immediate atmosphere that sets the stage for what's to come in the book.
03:00 - 11:00: Kristoff's Background and Journey into Cloud Security In this chapter, Kristoff Limpolair, a prominent figure and educator in cloud security, is introduced. The audience is welcomed to a session where Kristoff's insights into his background and his journey into the realm of cloud security will be shared. This section sets the stage for a deeper exploration into the various facets of cloud security, encouraging those interested to engage actively with the content presented. Dr. Gerald Doer hosts the session, highlighting the importance and timeliness of Kristoff's contributions to the field of cloud security education.
11:00 - 17:00: Cloud Security Landscape and Transition The chapter 'Cloud Security Landscape and Transition' begins with an introduction to Kristoff, a tech entrepreneur focused on the global shortage of cyber skills. As the founder of CYBR, he addresses the challenges faced by organizations in sourcing the right talent for cybersecurity roles. Kristoff's entrepreneurial journey is highlighted, noting his earlier venture 'Scale Your Code' from 2015, a platform for interviewing industry experts.
17:00 - 23:00: Skills and Training in Cloud Security The chapter discusses the impact of notable tech platforms like Stack Overflow, Rubies on Rails, Reddit, and Netflix in sharing knowledge within the tech community. It highlights Kristoff's impressive achievements in scaling educational platforms, specifically his contribution to the growth of Linux Academy from $4 million to $40 million in revenue in under four years, while serving as the chief product officer.
23:00 - 29:00: AI and Cloud Security This chapter discusses the role of a VP of growth who led product and marketing teams, established partnerships with major companies like AWS, and was instrumental in the company's evolution. The chapter highlights the merger of Linux Academy with a cloud guru, facilitated by BLA Bane Capital, and how the combined entity was eventually sold to Pluralsight for $2 billion. The tone of the discussion is lighthearted and humorous, referencing popular memes.
29:00 - 35:00: AWS Naming and Services Discussion The chapter discusses AWS security training, led by Cyber Kristoff, focusing on specialized courses and learning paths. It covers a range of topics from certification preparation to hands-on penetration testing labs. The approach emphasizes practical skills through real-world scenarios, helping security professionals understand both offensive and defensive cloud security architecture.
35:00 - 40:00: Community and Networking in Cybersecurity This chapter explores the importance of community and networking in the field of cybersecurity. It highlights a discussion involving Justin Gold, who shared valuable insights about the industry. The conversation touches upon overwhelming information, likening it to 'buffer overflowing the brain.' The narrative briefly diverges to mention a significant event in the cybersecurity world, Kristoff's $4 billion acquisition. The chapter emphasizes the importance of sharing knowledge and learning within the community, particularly regarding cloud security, as demonstrated by the efforts of an unnamed expert who aids others in understanding these technologies.
40:00 - 46:00: Favorite Resources and Relaxation The chapter discusses the importance of trainers having both theoretical knowledge and practical experience, specifically in the context of cloud security. Kristoff is highlighted as an expert with these credentials. Additionally, the text touches on the skills gap in cloud security and the need for organizations to better prepare their teams to secure cloud environments by training practitioners effectively.
46:00 - 50:00: Conclusion and Farewell Conclusion and Farewell: Encouragement to be active and engaged within the community. Emphasis on the session being a community service focused on cloud security. Request for sharing the event on social media as it happens live. Questions can be addressed in the chat with a "Q" in front for Kristoff. Facilitating a learning opportunity and ensuring everyone has a good time.

Cloud Security Fireside Chat Transcription

00:00 - 00:30 [Music] Right here. Right now. Right here. Right now. Right here. Right now. Right here. Right now. Right here. Right now. Right here. Right now. Right here. [Music]
00:30 - 01:00 [Applause] [Music] Everybody welcome to simply cyber firesides. I'm your host as always Dr. Gerald Doer and today I am thrilled to welcome Kristoff Limpolair founder at cyber and a driving force in cloud security education. If you are remotely interested in cloud security and learning about cloud security, well then get a comfy chair, get a notepad and
01:00 - 01:30 paper and get settled in because this episode is going to be lit. Kristoff is a tech entrepreneur who has built his career at the intersection of technology and business. And as the founder of cyber, that's CYBR, he's addressing one of the industry's most pressing challenges, the global shortage of cyber skills and the struggle organizations face in identifying and finding the right talent. Now, his entrepreneurial journey began when he was when he founded Scale Your Code in 2015, a platform where he interviewed experts from companies like
01:30 - 02:00 Stack Overflow, Rubies on Rails, Reddit, and Netflix to share their knowledge with the broader tech community. You know, Kristoff's experience scaling educational platforms is truly impressive. I could say that since I have an educational platform, looking at what he's doing is amazing. He was one of the first employees at Linux Academy, helping grow it from a $4 million to $40 million revenue in less than how long? Less than four years. I'm like, oh Jesus. Okay. As chief product officer
02:00 - 02:30 and later VP of growth, he led product and marketing teams, drove partnerships with major players like AWS. You may have heard of them. Small little uh you know startup AWS. I joke obviously and played a key role in the company's evolution. And when Linux Academy merged with a cloud guru through BLA Bane Capital, the combined organization ultimately sold for $2 billion $2 billion to Pluralsight by mine. You know that meme where the guy's like and like the little like solar thing. That's what's going on right now.
02:30 - 03:00 Now today through cyber Kristoff focuses on AWS security training with specialized courses and learning paths covering everything from sorry everything from certification preparation to hands-on penetration testing labs. His approach emphasizes practical skills with real world scenarios. Those hands-on labs y'all helping security pros understand both offensive and defensive cloud security architecture. Uh, excuse me. Cloud
03:00 - 03:30 security techniques. Justin Gold just uh uh hooked me up, but also like uh like uh buffer overflowed my brain here. Here we go. Really quickly, just just so we're all on the same page, right? This is what's going on when I read about Kristoff's $4 billion acquisition. Okay, so anyways, let's get him onto the stage here because enough about me flipping out. Okay, listen. He helps people with cloud security learning. Basically, hold Stamp Pat. Now, what does he know about cloud security? Well, I don't know. He holds
03:30 - 04:00 an AWS certified security specialty certificate. He's also got some othererts, right? He brings theoretical knowledge and practical expertise into his training materials, which is what you really want. Honestly, you don't want someone who's never actually been in the muck to tell you what it's like to get dirty, right? We're going to talk about Kristoff's insights on cloud security training, the skills gap in the industry, and how organizations can better prepare their teams to secure cloud environments, probably by training practitioners like you guys. As always,
04:00 - 04:30 I encourage you to be as active and as engaged as you feel comfortable doing. We're here for you. This is a community uh service, right? We're going to be talking cloud security. If you got a second, hit the little share button and uh drop it into your socials. Let people know we're doing this because this is live right now. If you have questions, put them in chat. Put a Q in the front and we will get them to Kristoff. I am here to facilitate a learning opportunity and a good time for everybody involved. Without further ado,
04:30 - 05:00 put your Oprah emotes together, squad members, and let's say hello to Kristoff [Music] Limbbo. What's up, Kristoff? How you doing? Hey, good. What an introduction. I don't think we can top that. We should probably just stop there, honestly. All right. Yeah. All right, everybody. We had a great show today. Thanks so much and we'll see you next time. Yeah. No, dude. Uh love it, love it, love it. So, dude, you obviously have quite an impressive background. Uh but it seems like you've always been kind of orbiting
05:00 - 05:30 uh around education. What why like what is it about cyber security education that's like motivating to you or or you find that call to service? Two main reasons. The first one is I just genuinely enjoy helping people. And one of the ways that I figured that out in addition to actually doing it and getting joy from it was back when I was at Linux Academy. I'll never forget the first time I went to a conference and I met one of my students and the guy literally came up to me and he's like, "I took your training. It changed my
05:30 - 06:00 life. I was able to get this job. I was able to stay in the United States." Uh, and it just completely changed my my family's trajectory. And so that kind of connection on a human level of just going beyond me putting out training material on the internet and just seeing numbers go up of people watching it to actual human beings changing lives and or having better lives as a result of it is just such a humbling humbling experience. Um so so that's uh I would say that's the main reason. The the second main reason is because frankly
06:00 - 06:30 that's how I learn best is trying to take complex topics and then trying to explain them and realizing that I have a lot of gaps in my own knowledge and having deadlines around needing to create this training forces me into a learning path of my own that I I now have to go research this and become an expert in this as much as I can before I can turn around and piece all the stuff together and put it in a way that's easily digestible by my learners. So really those two things keep drawing me
06:30 - 07:00 back to education for better or worse and I've tried to escape from it a couple times and somehow like you said I just keep gravitating back towards it. So we we'll see we'll see how long that lasts but for now it's it's here to stay. I love it. Now uh a I mean well cloud in general is like such a different paradigm. I feel like there was a lot of I don't want to call it ignorance but um uh ignorance I guess is the right word. uh when cloud kind of first broke on it was like oh it's just a data center in the sky and it's a lift
07:00 - 07:30 and shift of your on-prem infrastructure and it it became painfully uh aware uh to everybody that you know the way platform works the way services work the way CI/CD pipelines work it it really is a different paradigm alto together um how did you like transition because I you know you've been around long enough I would assume that you were doing things before cloud so how did this transition occur for you to get into cloud and specifically AWS. My background actually began in web
07:30 - 08:00 development. So back in the day just raw PHP and raw JavaScript. You didn't have all these frameworks and libraries and uh so that that kind of ages me a little bit more there but uh good times anyway. And so I would build these web applications and then we would deploy the web applications depending on the customer to various environments. But even though I wrote a lot of the backend code, I typically just kind of lobbed that code over the fence to the server backend or cloud backend. And I never
08:00 - 08:30 really saw how to work that on those servers. So I would write the code, create the code, pass it on to somebody else or just hack something together for myself and then push that out to whatever the the backend servers were or wherever they were hosted. And that went on for a long time. Uh but after a while I was getting frustrated because I mean just not knowing what that blackbox is or how it works or why sometimes it wouldn't work, why we'd have errors, why it would be really slow, like the web app would look load super slow, just
08:30 - 09:00 issues like that where I would have to wait on somebody else for them to investigate and fix it in order to to make it better. So after getting really frustrated with that, I started spending more time in the server space and trying to learn just basic Linux cisadmin skills and that sort of thing and being able to s into a box and figure out, okay, this is why it's running slow or here's why it crashed and so on so forth. So that kind of when that transition for myself started happening was around the same time that the cloud
09:00 - 09:30 transition was starting to happen as well. So AWS was getting really really big and or was in the initial stages of getting really big I should say and uh I was seeing more people talking about it. I was seeing more folks in the industry transitioning and migrating over to it. So I thought okay that looks like that's the future. That's probably the best way to get started and it's also probably a lot easier and cheaper and I'm kind of cheap in that way. So let's give it a shot. Let's try it out. And so that's how I started to get my hands dirty with
09:30 - 10:00 AWS and really transitioning into basically falling in love with how the cloud works and how to build on top of it. And then the rest is history after that. So I I also was a security um excuse me a software engineer uh before I got into security. Like what I'm curious about is too like so you went from webdev into you know AWS. uh you could still be developing on the you know the cloud infrastructure side but you you found passion in security. Was there some type of event or some type of
10:00 - 10:30 uh you know yeah I guess event like personally my code got audited against FSM and I failed and I was super angry and I I I like was outraged that that wasn't true. My code was good and then that's how I found security. So I'm just curious was there like a a moment or an event or something that kind of introduced you to the security world? I would say there were multiple and I I resisted to be honest with you I resisted going into security for a very long time and we can talk more about that if if you want to but just to to give a a short little history so that it
10:30 - 11:00 makes a little bit more sense is when I um when I was 11 years old I'm actually French so I was born and raised in France and when I was 11 my parents moved us to the United States and I've never been a very social kid so I had a hard time making friends I was in a completely new world, new knew nobody, and just didn't know how to socialize. So, I just kind of turned to computers and became social on the internet. It just seemed a lot more natural and easier for me to do that. And so, I started playing a lot of these video
11:00 - 11:30 games. And I don't know if anybody here has ever played Starcraft or Starcraft 1. But back then, you used to have these um kind of like IRC chats or channels, I mean, where you would create your own clans. You'd go in and it would it was supposed to be a a gaming clan, so you could war with other clans and see who won the most matches and then who came out who came out on top. But people started building websites and they started hosting events and all this stuff. And I I was an adolescent at this point, so I got into some nefarious
11:30 - 12:00 activities. And so we would actually go and we would attack these websites and we would deface them and vice versa, right? They would come back and do the same to us. we would try to fish them with malware to get their credentials. Like it was just it was stupid stuff. And and at the time I didn't know any better. It just seemed like a a fun thing to do. And so that's kind of when I dipped my toes into the unofficial security world. Like I wasn't employed by an organization to do anything security related, but I just kind of
12:00 - 12:30 gravitated towards that. Uh however, as I started to grow up a little bit and mature a little bit more and realizing that what I was doing was just silly and destructive for no reason, then I shifted more into okay, how can I make my code more secure because it's currently vulnerable to SQL injections or cross-ite scripting or whatever else. And as a result, my websites and my clients websites are getting defaced or taken over or whatever. And so that's kind of when I dip my toes into or started dipping my toes into the world of application security, web security, that sort of thing. Um and then fast
12:30 - 13:00 forward a little bit to answer the the full question is as we were building out Linux Academy my role re really wasn't security as much but with that scale that you described in the introduction that attracts a lot of good and bad attention unfortunately for basically any business where especially because we also had all kinds of cloud and server hands-on labs we would attract a lot of crypto mining or folks that were trying to launch attacks from our own
13:00 - 13:30 resources. So, we started hitting these issues and having problems even with some of the underlying cloud providers where they're like, "Hey, your servers are hosting malware or launching DOS attacks. You guys need to take care of this." Uh, we also had moments where we would wake up with massive bills because we just hadn't secured our cloud environments. And so, basically just this mess of security issues started creeping up and nobody was really focusing on it because we were a fast growing startup. We're like, it's okay, just do a quick patch, we'll move on. We
13:30 - 14:00 got to build features. We got to grow faster, faster, faster. And so security ended up kind of suffering as a result of that. And that made me realize as I was talking to other organizations, that especially in the small to medium business side and startup side, security is really freaking hard. And most people end up ignoring it unless they have a team that really truly believes in security. And so that's kind of where I started to realize, wait a minute, there's a gap here. We got to do something about this. And that's kind of when I started shifting my focus more in that area. Ah, I see you were pulled
14:00 - 14:30 into security now. Exactly. Do it. All right. I like that. I can get down with that. We got a couple questions coming from chat. Let's throw those out there. Uh Carrie wants to know um like basically you ever run Linux as a daily driver? You know anyone that runs Linux as a daily driver? You know, Microsoft Windows and Mac have such a footprint. And let's just put Mac aside as a Linux distro. And you know anyone that runs Linux as a daily driver? Yeah. I honestly I feel like it's less and less common now. If you ask me that even 10
14:30 - 15:00 years ago, I probably could have given you multiple examples, but today I don't know that I can. I'd have to think on that and get back to you. I know some folks in our community do, right? Or at least partially they'll run they'll run Linux as their their main OS. Now, of course, if you're running servers, then yes, if you're not running Windows, you're running some sort of Linux distro. But for for day-to-day working activities, I don't know that many people that are doing that anymore to be honest with you. Yeah. So, it's possible, just a little less common. Uh Carrie, Augusta Delgado says, "What do
15:00 - 15:30 you think is the future for SAS solutions? Will AI empower these or retire them?" What do you think? What was the first part of the question? Oh, it's on the screen here. What do you think is the future for SAS solutions? I love this question. We could we could talk about AI for an hour. I'm all about it right now. Look, I think back I just got back from RSA, dude. Like, it's like AI everything. It is. And I I love it. I also partially hate it, but I I mostly love it. So, I'm all about that. I'm trying to go all in on on AI and see what happens. But look, I I don't know
15:30 - 16:00 that anybody knows. I think it's everything is changing so rapidly right now that a few few different trains of thoughts. In some cases, I think it's really going to enhance a lot of these products, especially if we're talking like you mentioned SAS. That's such a broad category, so I'll narrow it down a little bit. But if you're talking about like business tooling, massive, massive benefits. I was trying to get a return on my investment calculation done for how much time I'm saving just creating content, managing the community, doing
16:00 - 16:30 marketing, using AI, and it's hours per week. I mean, it's like a it's a whole day by the end of the week. So, I'm basically just working six days instead of what I used to work seven. I actually work more than that, but you get the point that that I'm trying to make. So from a a business perspective, massive massive benefits and it's very exciting. From a security perspective, it's still the cat-and- mouse game, right? You've got the the offensive side that is going to develop a lot of tooling that uses AI or you you're going to have a lot of beginners that are able to do more
16:30 - 17:00 damage because they won't necessarily still know how to do it, but AI is going to help them go further with it, I think. And on the blue time blue team side, defensive side, same thing. you're going to have a lot of tooling and we're already seeing a lot of this that is enhanced by AI and some of it is kind of gimmicky. It doesn't really work yet and other stuff is extremely helpful. Uh and I can provide a couple examples if if we want to dive more into that. So, um, the the the last part that I'll add to that question is I also do agree that you have so many people who are vibe coding,
17:00 - 17:30 myself included, to be honest. We're seeing so much vibe coding. You're going to have a plethora of web apps, mobile apps, IoT software that are going to be littered with security issues and vulnerabilities. And so, that's going to be interesting to see how that turns out. Wow. There you go. Vibe coding. It's a It might be the term that gets entered into the dictionary for 2025. I feel like it's got a it's got a a real chance here. So, Kristoff uh is founder
17:30 - 18:00 at Cyber. Is that how you pronounce it? Cyber. Like, I mean, just the way it looks. Cyber. So, this is Cyber right here. You can see it. This is his company. And basically what it is is exactly what it looks like. You get AWS cloud security learning skills. So, um and I'll drop links to all this in chat in a minute. We'll go through a little bit of the learning paths and what, but uh Kristoff, obviously this is to I would assume there's two kind of main audiences, right? One, you're trying to help people get skills so they can get
18:00 - 18:30 employed and two, you're trying to help active practitioners who basically are now responsible for AWS stuff, learn how to properly secure. Is that a fair assessment? Absolutely. Yep. That sums it up very well. Okay. So, let's talk about someone looking to specialize in cloud security. um you got this right but in in a generic agnostic way what learning path would you recommend someone who's in that position take and you know how has that changed from you know even when you started getting into it I'll answer that second question
18:30 - 19:00 first because it's the easiest one which is there compared to when I started doing it and learning it there are so many helpful resources now anywhere from free to very affordable all the way to extremely expensive stuff as well if if you if your company's paying for it but there's so many resources nowadays. It's never been easier. And especially when you combine that with AI and have it enhance your learning. It's just learning how to do cloud and cloud security properly nowadays is so much easier now. The the challenge there is there's so much information it's
19:00 - 19:30 actually getting harder to figure out what to focus on. So we're seeing a lot of squirrel brain activities where people are getting distracted or they're just jumping on the shiny objects and they're getting distracted and kind of veering off the the path. But so answer one is uh check out all the the available resources. Definitely now is a good time to learn if you've ever had an interest in doing that. if you're trying to figure out what path to go from A to Z with with cloud and cloud security and I mentioned those two separately because
19:30 - 20:00 I think right now look you can even as a beginner you can certainly learn some stuff about cloud security but if you're really interested in diving into the world of cloud security I would actually take a couple steps back just like if you're interested in in other types of IT security kind of learn the fundamentals learn the fundamentals of of networking and of applications and so on and so forth build that solid foundation and then start building on top of that with a little bit more specialized training. So we we do have some beginner level friendly or beginner
20:00 - 20:30 friendly level content. Absolutely. And we're going to be be building more in the near future. But if you're a complete beginner to it, I think you could you should focus your time a lot more on a lot of those fundamentals. And so a lot of times we'll recommend certifications for that reason. believe whether you believe in certifications or not, they can give you fantastic learning paths for for filling in those gaps and and learning the fundamentals. Uh once you've got some of those cloud fundamentals and you start using something like AWS or Azure or whatever your your cloud provider of choice is,
20:30 - 21:00 once you get some of that experience, then you can start to really specialize and and get a lot more uh focused skills and expertise in those respective cloud providers. And that's really where something like like cyber truly shines 100%. And so when you're learning cloud, you know, cloud security, like is there is there any transferable knowledge going from
21:00 - 21:30 AWS to Azure to Google to dare I say Oracle, right? I mean, but like is there any transferable or is it like you have to pick a platform and that's like where you you start at ground zero and learn on that platform and it's not really transferable across platforms. There is a lot that's transferable and that's why I typically recommend and everybody's got a different opinion on this but I typically recommend learning one platform pretty well before you start to jump around all the other different platforms so you don't get as confused as to what's going on and you can build
21:30 - 22:00 a little bit more depth. Now, that doesn't mean that you can't start learning one and then take a peek at the Azure side, for example, and see, oh, that this is the S3 equivalent. Here's kind of roughly how it works. Instead of bucket policies, it has this. Instead of this, it has that, etc., etc. But I think long term, unless you have an employer, unless you're trying to work for an employer that specifically says you need to have these these uh these skills across GCP, Azure, AWS, maybe
22:00 - 22:30 even Cloudflare, something like that. Unless you have that going on, I think there's a lot of value in learning at least one of those platforms extremely well because then it's going to be easier to jump to the other ones. even though they may have a lot of differences, you can at least compare those differences and you can see how they're different. And and the analogy I give to that is if you come from a program programming background, as we both do here, if you're learning something like JavaScript or if you're learning something like PHP, Java, any of those languages, it becomes a lot
22:30 - 23:00 easier to then learn a secondary, tertiary, etc. language as well. To me, in my opinion, cloud is the same thing. All right, there you go. Carrie has a question too around entry- level jobs. You know, this is that classic paradigm challenge of or catch22 challenge of get experience to get the job, but how do you get the job without experience? Um any any suggestions around um I guess cyber in general, but since we're really here to talk about cloud security, like are there entry level
23:00 - 23:30 cloud security jobs? And obviously I think entry level is going to have an asterk on it, but um can you talk about kind of the junior level roles inside of cloud security? So the tricky part about job roles in general is they they come across or they're displayed as so many different types of names. So if you go and you just type cloud security engineer, you maybe you might find some stuff where they say that it's entry level and you don't need prior experience, but most of those you're probably going to have at least like two years experience with XYZ
23:30 - 24:00 platform and blah blah blah blah blah. When so I haven't done podcasting podcasting in a while for cyber, but when we were running the podcast, I've interviewed a number of folks that also struggled with this when they joined our discord community. Initially they had that same question and then a year or two or three later they came on the podcast because they landed that job and so they were able to share the experience and every single one of those people have told me apply anyway. The
24:00 - 24:30 worst thing that can happen is you get rejected and don't get me wrong mentally that can be extremely draining. It could be extremely frustrating. It could be bad for your mental health. So there is that that negative component. I'm not trying to downplay that at all. But the alternative of that is you're never going to get the job. So even if they have some of those requirements where they say you need at least two years of AWS experience or whatever or IEC experience and you don't have you you may have some of that experience through learning but not through an actual job just put create projects right fill in
24:30 - 25:00 those gaps in other ways and I can share more of that if you want to fill in those gaps in other ways put that on your resume push the resume through and the worst that can happen is you just don't hear back or they they say no. Um, so that's usually my my main recommendation. We can dive a little bit more into the other stuff if if you want me to though. Yeah, absolutely. You know, one question that um I always like to ask, especially like recently, I'm a huge advocate that um you need to have portfolios or, you
25:00 - 25:30 know, some type of like offres landing page that has content to it. whether it's a GitHub, whether it's a website, whether it's a YouTube fa page or whatever, just something that allows you to illustrate your capabilities and, you know, your passions, your interests, your proactivity. Uh, you know, what what do you recommend if you know, someone comes to you and is like, oh, like I, you know, I've got all the right things, but I I need to be able to demonstrate this practical skill. I mean, it's it I feel like we've gotten away from just being
25:30 - 26:00 able to show that you completed five cyber rooms, right? it it's it's evolved beyond that, especially right now. It's a tough market. Anybody that says it's not is I think is diluting it because it's just really hard right now. A lot of companies are are laying off. There's a lot of people flooding the the job market and fewer job postings coming online. So, it's a tough time and and I'm sorry if you're you're going through that. The answer that I give to this is a it's a tricky answer and uh Gerald, I actually was watching one of your
26:00 - 26:30 episodes and you talked about this. I think it was with John Hammond if I if I remember correctly. But you both Yeah. You both were talking about and I've had the exact same experience where you've actually never had or more recently have never had to interview for a job position. And when you say that, it sounds insane. It sounds crazy. That's also been my experience. And the reason that's been my experience is unique in the sense that I've been putting out so much content over the past, I don't even
26:30 - 27:00 know 20 years or 15 years or whatever it's been at this point. And being active, being out in the community, sharing learnings, meeting people, going to meetups, going to events, rubbing shoulders, that's usually how you get the good jobs. And if they already know you, you get recommendations. They may not even need to take a look at your resume. Like I I don't remember the last time I actually updated my resume. Um the only time I I submitted résumés have been when I was just curious to see what kind of responses I would get. I was
27:00 - 27:30 straight out of of school. I wasn't even actually interested in the the jobs because I already had something lined up. But I was just curious like, hey, what kind of responses would I get for this resume? And I submitted that. Since then, I've never even looked at the resume. So it is unique and I completely recognize that. However, I think a lot of people can learn something from that because if you think about it, every single person takes the exact same steps to apply to job positions. They update their resume, they get certifications, and they submit it through a job portal.
27:30 - 28:00 And that's what most people end up needing to do. So, it's normal. However, try to find a way to differentiate from that. And the response I gave to somebody in my community this exact week was go to a comp like look at a company that you would love to work for even if they're not hiring and look at some of their blog posts some of their podcasts whatever look at some of the challenges or some of the products they're building and try to build something that's relevant to that even if it's not a complete solution or it won't be a complete solution but the fact that
28:00 - 28:30 you're putting effort towards a project like that putting it on GitHub sharing it on LinkedIn if you're okay with video and audio putting it on YouTube whatever have a little blog, write about it, tweet about it, whatever. Stuff like that gets picked up. Maybe not the next day, right? Maybe it takes six months or maybe in two years. But as you put stuff like that out there, as a a potential hirer myself, right, as a hiring manager, if somebody did that for something related to cyber, if I were in a position to hire, which I'm not right now, but if I were, I you'd go your
28:30 - 29:00 resume would go at the very top of the pile. I would not even look at the other candidates before talking to you first because you are putting the effort. You are doing things that no other candidate is doing. Instead, what we're seeing a lot of is just copy and paste, copy and paste, cover letter, submit it through because AI is scraping the the information anyway. And it's just it's becoming a machine process system instead of a human process system. If you inject the human element back into it, you will stand out from the crowd. I
29:00 - 29:30 you know, I can't guarantee it, but that's been my personal experience. Well, all right. So, Kristoff says it and then we have another uh director of cyber security for a cloud company. Clearly a hiring uh manager capability. True statement. Make those relationships. So, you know, more people echoing. I mean, I can tell you personally, I've it's happened to me. It has hap I've I've done it. You know what I mean? So, uh, right there with you. In fact, I I just I literally just hired someone to help me, uh, at RSA and it wasn't like I did a RFP, you know, like
29:30 - 30:00 I reached out to someone who I knew could do the work because I've seen them demonstrate it and I was like, "Oh, hey, you want to like a little uh you want a little uh project here, you know?" So, it's 100% right on. I love it. All right, so let's go back to Cyber, okay? Because we were talking about this. This is Kristoff's platform that he built. Now, I asked you in the green room, um, by the way, I swear to the community, I'm a full-blown adult. My voice just cracked like I was like 14. Okay. So, um, this is cyber. Now, one
30:00 - 30:30 interesting thing you said was that people really get geeked up about these hands-on labs, which I completely get and understand. What What are we looking at here? And what can people check out for for free, Kristoff? Right. Because, you know, it's always like do the free stuff first. So, there's a free tab right next to the the all that's highlighted. So if you click on that, you can see all of our currently free labs, which we have quite a few. I don't remember exactly how many, but it's definitely at least 10. And it uh it's all related to to cloud security. So
30:30 - 31:00 these are one-click deploy hands-on labs, which means that if you if you create just a free account for these, you go in, you click on it, and you click on launch lab, it's going to give you some sort of credential, and then you can complete that scenario. And those credentials can be anything from AWS console credentials. So it actually gives you an AWS environment that's your own environment for that time being where you'll go through and you'll launch real resources. It doesn't cost you a penny to do that. We eat that cost for you. So you have no stress, no fear of doing anything wrong. You literally
31:00 - 31:30 go in the environment and you complete that scenario all the way to access keys. So instead of jumping into the console itself, we would give you access keys for programmatic access. So you learn how to access or talk to the AWS API again in a completely safe environment. And then finally, we also have other types of labs where maybe there's a vulnerable application, a web application, for example, and you'll get back a host name or URL and you need to jump into that web app and you need to to try and and find the vulnerability
31:30 - 32:00 and capture the flag and so on and so forth. So, there's a lot of uh variety across both Blue Team and Red Team Labs as well. They're they're really fun. I'm a little biased, but they're super fun. Now I have uh pinned the URL to the free tier of uh I guess labs if you will. You can see here here's the YouTube chat. If you click on the pinned chat it'll come up with the link that takes you directly to this free uh section of the course. So you can check out this stuff and uh you know basically mess around with it. Uh Kristoff like what's the prerequisite
32:00 - 32:30 knowledge for individuals doing some of these labs? It really depends. It's all across the board. We have everything from beginner friendly. So, I can talk about those prerexs all the way to more advanced like intermediate to to slightly advanced. And those of course would be a little bit more challenging if you're a complete beginner. But if you go for some of those beginner level labs, I do my best to try and get anybody that's able to download the AWS CLI or open a browser window and connect to the internet be able to complete
32:30 - 33:00 those labs. So, they they don't necessarily need to have a whole lot of IT experience. They just need to be able to do a little bit of troubleshooting and connect those dots. So, if you scroll back up a little bit, I think I saw it just a second ago, but actually, no, they're on a different page. We don't have to go hunting for them, but Oh, no. I mean, I I was on the free tier. I went to the beginner one, so I can just go Okay. No. Yeah, you can always do beginner as well. But, for example, there's a um a lab that's literally I think it's called introduction to the AWS CLI where I walk you through how to get started. I I
33:00 - 33:30 literally just saw it. I think it's this one right here, right? Convert. No, that that one's a little bit different. That one's also beginner friendly, but that one is a little bit different. Speaking of, I'm actually working on adding a search feature. So, at some point, uh it will just search for those hands-on labs instead of the entire platform. Uh but yeah, so that's one example where as long as you're able to download the AS CLI and install that piece of software, you can do the the lab. It's it's really not going to be anything that's uh that's overly advanced and very very beginner friendly. Dude, this is crazy.
33:30 - 34:00 All these uh different uh labs and and things you got in here. Um, one question I wanted to ask you and I see a lot of labs that deal with this. Would you say in the in larger environments you will have dedicated identity and access management professionals, right? They're they're they're like security adjacent, but they exist, right? And identity is the new perimeter and you give me all that stuff. But um in the world of AWS, if you work in cloud security and you
34:00 - 34:30 become very experienced and skilled in AWS security, at some point do you fork and have to choose whether you become deep at AM or deep at basically the platform security or or are you kind of is it kind of one and all the same? No, certainly. And especially at larger enterprise scale like you pointed out where there's a lot more of that specialization and segmentation. So if you go to a very very large organization or we're talking thousands of employees,
34:30 - 35:00 they're going to have roles that are dedicated to managing AM and identity center for example and then other roles that maybe are more focused on the networking side of AWS and you know the serverless side and database and so on and so forth. So there's absolutely a lot of that specialization going on too. But if you're talking about small tomedium businesses, usually no, usually you have somebody that's wearing a lot of hats. So they are handling the infrastructure. They have to architect the environments. They have to set up the the virtual private clouds which is
35:00 - 35:30 a networking component. They have to set up the databases. They have to set up the IM and everything else that goes with it. Maybe they have some help. Maybe it's a team of who knows two to to 10 or whatever. Really depends on the the organization, the size of it and how much they they prioritize this stuff. But a lot of cases you do have people that are a little bit more generalists in that sense of the term. I love it. Now, another uh I guess question or area of interest that caught my eye at the cyber site is this cloud
35:30 - 36:00 sec cyber. Uh this is a public repo for all things cloud security. Public sounds free. So what what what is this cloud like? What what is this like? Why should people I'm gonna drop a link to it, but like what what are we doing here? So yeah, you can even click around especially on the AWS side. We don't have as much content on the Azure and GCP side yet. Hopefully people will help contribute, but it's basically just a a central repository of a lot of content that I've created and gathered over the years. So I honestly I want to say it
36:00 - 36:30 was probably Chris and we we should uh we should mention Chris on here because he's awesome. Yep. Chris Whitlock made this possible. He dropped it in mod chat for me to put it on. Oh, cool. And I think I think it might have been you, Chris, who one day you were DMing me and I I can't remember if you were asking me a question about I I think you were asking me like, "Hey, do you have just all these notes that you've you've gathered over the years? How do you search them? How do you traverse them?" Frank, I don't remember the exact question, but long
36:30 - 37:00 story short, that led me on a journey to try and extract my notes that I have stored in my systems everywhere and put them in a central free GitHub repo just to see what would happen and if anybody liked it, they could contribute. We've had some contributions over over the years. It's it's not grown as much as I was hoping it would to be honest with you, but I've also not promoted it a whole lot. So, it's probably my my fault. I've not done enough of the marketing side of it, but it's uh it's basically just a dump of a lot of my
37:00 - 37:30 knowledge across AWS for a variety of of topics anywhere from how to manage AM and identity center to how to do threat detection, incident response, uh how to enumerate and and run different types of threat tools like stratus red team and etc etc. So, it's got a lot of content in there, but uh hopefully we get continue to get more and more folks contributing to it. I just dropped a link to it in chat if anyone wants to
37:30 - 38:00 contribute to that. I saw earlier uh Evolven I think was his uh name or her name. Evolven said they were director of cloud security. So, right up in the mix maybe an opportunity to contribute to this uh and check that out. Um love it. So, if you have questions for Kristoff, please drop them in chat. Obviously, we are here to help facilitate uh knowledge share and education. Uh I I do want to uh follow up with another question. So, um you mentioned earlier that networking is huge and we talked about how to kind
38:00 - 38:30 of put a portfolio together for yourself uh and the benefits of that. Um oh, I do see I do see questions from AB. So, we'll answer that question in a minute. Uh but also I feel like community and networking is huge. Now, you actually do run a community, uh, if I'm not mistaken, right? And, uh, I wanted to bring that up and and just kind of share it. Now, this is this is nuance for only a specific set of people, but if you happen to live in that Denver area, Kristoff, what's the Denver Cloud Security Meetup? I appreciate you
38:30 - 39:00 mentioning it. We're we're definitely trying to grow it. It's uh, yeah, so it's the Denver Cloud Security Meetup in the the Denver, Colorado area. So if you live nearby or if you're flying through at the right time, we host a a monthly event where we will either have myself presenting something or we have a lot of guest speakers across any topic related to to cloud security. So we actually had somebody last month that was talking about how to use AI for threat detection and analyzing logs and reducing noise and stuff like that. That was really interesting. And then this month in two
39:00 - 39:30 weeks we are doing a cloud security CTF at uh at the um the Denver Data Dog office. So thanks to them for for hosting the space for us. And so yeah, if you are in the area, please definitely re reach out if you want to learn more about this or check it out on meetup.com and you can join. It's entirely free. We don't have any fees. Instead, we we try to get sponsors to to cover any costs that we have. That's right, 100%. So, uh, if you are in that Denver area, I do know in chat right now, Jesse Johnson, uh, aka the Cosmic
39:30 - 40:00 Cowboy, former, uh, rockar is, uh, in that area. So, be able to make it make it over there. Uh, super glad you do this. I mean, basically, this is like a in-person version of like Simply Cyber, uh, which is like what I'm super super uh, you know, proud of and like fuels my fire. So, I I totally get it. Um, Kristoff, here we go. Uh, AB had a question. I want to bring it up in chat while I'm kind of getting the screen reset. When you're the producer and the
40:00 - 40:30 uh talent, you have to kind of do this. Uh what are your top three favorite books in the cloud sex space? Oh, that's a tough one. What are what are what are three resources maybe that you you know you like in the cloud security space? Yeah, because I to be honest with you, I don't read as many technical books nowadays for some reason. I I recently discovered that I do better reading when I'm on a Kindle than physical books. So, I have picked that back up. And there is one book and I'm completely spacing on the
40:30 - 41:00 name of it. And unfortunately, I don't think I have it in here. Yeah, I think it's in the other room or I would grab it because it's um it's a book. If you want to connect with me afterwards, I will find the name of it. It's well written. It's very interesting and it's about red teaming for the cloud. So it walks through how to set up your own command and control situation and so that you can actually go against or go attack some clients uh AWS environments, try to find vulnerabilities and and do the whole shebang. So that book was very
41:00 - 41:30 interesting. I really enjoyed reading it. I'm sorry I'm spacing on the name, but feel free to connect with me afterwards if uh if you would like to to uh to know the name of it. Another resource that I so some resources I like for for cloud security um there's one that I just so like if you're interested more in news for example there's a news feed that I recently came across oh where did I put it it's somewhere in my community I think it's
41:30 - 42:00 under tools here okay yeah there's a website called awssecuritych changes.com and so that will actually go through and it creates a feed of a bunch of different changes related to to security. So if you're interested in that, that's definitely a very good resource. Um otherwise, there's a few folks that I follow on LinkedIn that have good content. Uh for example, there's um uh Kristoff Tfani Diper from Data Dog. There's um the gentleman that I'm spacing the the name of who runs
42:00 - 42:30 hackingthe.cloud. Fantastic resource as well. So I would follow those two. There are more that I'm not thinking of right now. Uh, but there's definitely a lot of really great stuff, especially on LinkedIn, of of people building that help a lot with cloud security, like keeping up to date with events and news and whatnot. Yeah, and I dropped a link to this. This is the AWS security changes that Kristoff mentioned. Kristoff, um, not a question, more of a comment, and then you can like, uh, riff
42:30 - 43:00 off of it. Why does AWS name all their stuff so stupid? Like what are we doing here? Like oh like did did you try the beantock? Did you try that? It could be your it could be your wind sail or whatever. Like what are we doing? Wind sail. Did you just combine wind surf and light sail? Probably. It's just what I'm saying. Like it's like oh hey, you know what I need really quick? I need a I need to set up a web server. Well, I'm going to need a Rosetta Stone to figure out which one a web server is in this ecosystem. Like is it is it like a trick
43:00 - 43:30 to try to like get vendor lock in because now you can speak the the lexicon of AWS or are they just trying to be cute? Like what? Like break it down for me because I've I've for years have been quietly angry about this. And I'm not blaming you. I'm not getting all Massachusetts up here on you. I'm just it it boils my blood, dude. What What What are we doing here? Well, it's certainly not my choice. Otherwise, I would be renaming some stuff. And honestly, I don't know. That's a good question for an AWS employee. I I can't
43:30 - 44:00 tell you that. I don't know what their decision-making process is for naming stuff. But so there's um I don't think it's that well of known of a fact. Maybe it is. I don't know. They also make it trickier because sometimes people misname their services. What I mean by that is they'll call it like AWS S3. Actually it's called Amazon S3 versus AWS Lambda. Some people call it Amazon Lambda. It's not Amazon. It's a so they also have the the prefix is either
44:00 - 44:30 Amazon or AWS and I'm trying to remember somebody told me this years ago there's a reason why that is and I think it had to do with whether it was I'm going to completely butcher this. This is probably completely wrong but whether it was built initially for Amazon or not. Um I can't remember if that's the exact reason but there's an actual reason as to why some services start with AWS versus Amazon. So that makes it even more ridiculous and and complicated. If anybody wants to look it up and correct me on that, definitely let me know. Yeah, my inner monologue right now. I
44:30 - 45:00 don't have a good answer for you. Sorry. It just it always seemed like to me like if you're trying to get people on board and using your product, you want it to be as, you know, accessible as possible. And I like I remember when I started messing with it years ago, I was like, okay, like EC2, okay, I I okay, I'll call it EC2. I get it. But like then I was just like, "Okay, enough." Like like yeah, Snowball. Is Snowball still a thing? Do they still drive those tractor trailers around? I want to say they may have deprecated it,
45:00 - 45:30 but that I'll have to double check. Everybody's Everybody's in the cloud now. There's no reason to uh to do it. Jesus. Okay, we we should really talk about Azure and try ID. If you really want to get started about naming things, that would be fun. I didn't think there was anything wrong with Azure Active Directory AAD. I thought it was quite clear. In fact, it was almost, you know, obvious that like, oh, this is this is AD like Yeah. So, are you just trying to throw shade at Microsoft 365 now because you're an AWS guy? Exactly. I had to
45:30 - 46:00 revert that to over to Microsoft. I love it. I Have you tried messing around in any of these other environments like Google or or Microsoft 365 or Azure? Very very little. Over time, a little bit just out of curiosity, but never enough to to be able to say, "Oh, yeah, no, I know this platform super super well." the the if you want to call it a cloud platform. The other cloud platform that I spend quite a bit of time in other than AWS is Cloudflare. So I do like a lot of Cloudflare services,
46:00 - 46:30 especially with my background in webdev. They just build a lot of really cool development tooling, also networking tooling like zero trust and all that. So there's a lot of stuff I do and run in Cloudflare in addition to AWS. And between those two, I've just never needed to branch out. They kind of fulfill everything I need right now. Anyway, all right. Well, another kind of, you know, I guess blessing and a curse of cloud is that the pace of cloud innovation is like relentless. Like it's just constantly changing. They they're
46:30 - 47:00 pushing features, you know, it just shows up when you log in. Um, like how do you as both a practitioner and as someone who's trying to train people on this uh tech that's changing all the time? Like how do you stay ahead of that? How do you stay on top of that without getting like dude like even me in my school like if there's like or on YouTube I'll make like a tutorial video which by the way recently someone commented like bro being real your tutorials suck. I'm like all right thanks. Um I made a tutorial video on standing up a sim and stuff and then
47:00 - 47:30 like you know the sim platform changed something and my tutorial doesn't work and people were like and it's like I'm like I I can't I can't spend two hours and refilm this tutorial because of a config change. So how do you deal with that? Very painfully. It's uh it's a painful part of the cost of doing business in this in this industry unfortunately and it was also a gigantic pain in our rear end at Linux Academy as well. So it's uh that's one of the problems of creating technical training especially on cutting edge technology if
47:30 - 48:00 we want to call AWS that still but it's um it's a combination of things. So, first of all, I am looking at creating internal tooling that may or may not use some AI that can help in some cases with some of this, but also it's relying on some of these feeds. One of which I just shared recently, that ABS security feed. There's a couple others that you can use as an RSS feed. You can get notifications if you want to. You could feed it into Slack or Discord or whatever. And that can also help you, especially if you set filters on the
48:00 - 48:30 services you care about. Otherwise, you'll probably get overwhelmed. And that's one of the benefits of me being able to focus on security, AWS security in particular, is being able to kind of ignore the other stuff that's not as relevant to my to my learners and customers. So, I've been able to really narrow down on here's what the as security changes are and why it's why it's important. Now, I will say good or bad, a lot of the the big changes that happen with AWS in particular are around reinvent which is in November at the end
48:30 - 49:00 of November every year. So, usually they start to trickle some stuff out right before that and then they'll launch a bunch of stuff at reinvent or right before right after reinvent. So, as content creators, you can look at that and you can say, "Okay, I need to plan some time, set some time aside and go through some um some content that needs to be refreshed." And then the the other component of that is also just letting learners know like, hey, content like this can never 247 100% of the time be accurate
49:00 - 49:30 because they're going to change UI stuff or whatever else. Let me know when it's no longer the same UI or when something has changed and I will go in and I will fix it. You know, thanks for for understanding. And some people are kind of mean about that, but mo for the most of for the most part people are really understanding of it because they're also going through it themselves. Heck yeah. So, what do you do to like relax when you're not living in the cloud? What do I do to relax? Do you code to relax? Like, I mean, some people find
49:30 - 50:00 coding relaxing. Do you play video games? Do you write like you contribute to like open source projects that aren't really directly related to what you do or you know, what do you do like all the above? You must relax, right? Oh, absolutely. All the above. I have a lot of of hobbies too, but no. So, especially lately, AI has kind of reinvigorated my passion for for it. And so, in nights and weekends, a lot of times I just get really caught up in this idea of what if I can use AI for this and enhance this part of the platform or whatever else. And so, I've
50:00 - 50:30 been working on some of those projects. And those add a lot of energy. They don't suck energy. Um, coding can sometimes suck my energy, but a lot of times they also will add and and refuel. I see Tyler Ramsey, see, he knows me pretty well. I do also play some Hell Let Loose sometimes at night. A fantastic game if anybody is into Is that one of those games that's like unforgivingly difficult? Yes, I recently started playing one of those and I I like literally hate the game and I can't not play it. Like I I I I as I'm booting
50:30 - 51:00 it up, I hate this game. It's Daisy. Did you ever play Daisy? No, I know of it, but I never played it. Don't even get started on it. It's like some weird crack. Like I don't I hate it and I'm like I'm just going to log in and play a little bit. Yeah. I know. Yeah, I know some friends who played Escape from Tarov and they advised me never to play it because it's extremely addictive and very frustrating if you lose everything. So, there's that. I haven't been playing Hell at Loose in a for a while though. I take breaks, but I have been uh there's a game called Manor Lords. It's an indie
51:00 - 51:30 game. It's pretty fun. So, you build a medieval town and build it into a city basically and you can conquer the map. And then there's also um I like to brew beer. So, I'll brew beer in my spare time. I used to grow mushrooms, so sometimes I'll do that as well. Like there's all kinds of different hobbies. I'm a professional hobbyist, I guess you could say, where sometimes I take it a little bit too far. And then I'm considering, this is a more recent thing. I'm doing my first Discovery flight in three weeks, I think, but I'm considering getting flying lessons. So,
51:30 - 52:00 that would be another hobby there to to help meress a little bit. Dude, yeah, I love I love it. That's cool. Uh, it scares the crap out of me flying a plane. Especially like although like at the same time I'm such a type A that like I for a while for years I thought my problem of flying was that I wasn't flying the plane and that I didn't have control over it. So like ah but no dude that's cool. Did you pick up any hobbies during co you know how like everybody was like baking bread all of a sudden and doing all sorts of stuff like were you just like left to your own devices
52:00 - 52:30 to to like get some new hobbies? I think that's when the mushroom situation started happening towards the latter end of co when it when co first started I had just started cyber so I didn't really have a whole lot of time for hobbies at that point in time plus that I moved to Colorado so that sucked up a lot of time so yeah not not too many hobbies for me my wife did develop a few hobbies during that time so I know she kind of went through that phase but yeah no that I think that's the the main two two hobbies I picked up during co what about you I'm a huge well during co um I
52:30 - 53:00 kind of I mean simply cyber you know like I started so I started simply cyber uh December 19th 2019 so like four months pre- pandemic before before we knew right like we weren't even hearing rumors of like meat markets or wet markets or whatever like um and I was pushing some videos out but then when you know COVID hit uh honestly so what's interesting is when when COVID hit like half of my team like they basically furled all of the junior staff half on
53:00 - 53:30 my team. Uh, and I felt really bad. I mean, it was like six people and they're junior and you know, they are they're already going to have a tough time getting a job and being marketable and they're fresh to market. So, they didn't have like an uh backup plan or um emergency fund of money and stuff like that. So I was like ramping up a lot of um like I I was maintaining an active GitHub of free resources uh whether it was books, conferences, lectures, like whatever. Like I and it was like dude do
53:30 - 54:00 the free stuff. Do the free stuff. Like keep keep your momentum, stay busy. Um like don't don't you know like if you if you stop moving and you just lay down, you know, you're going to just kind of persist in that vegetable state. So um that I guess that was kind of something I got into. So, I mean, it pairs nicely with Simply Cyber because I was making content and pushing it, but I kind of got like hellbent on that for a hot minute um during during the COVID phase. Um my my kids were young, too. Like, uh CO was 5 years ago, so I had a four-year-old and a se a seven-year-old,
54:00 - 54:30 so um like it's a hot mess not having them have playdates or be able to go to school or be able to do all these other things. So, I was kind of busy with all that. I I will add too that I consciously try not to just do tech hobbies. I know this is an interesting topic for for folks because I've burned out so hard, man. I was completely burnt out right around 2019. Like end of 2018, 2019 I was completely burned out. 2020 I
54:30 - 55:00 was burnt out. 2021 I was pretty burnt out. And so I was really trying to branch out of IT and tech related stuff. Whereas before maybe I would mess with a home lab. I'm like, "Nope, not doing anything home lab related. After I'm done with work, I am doing something completely unrelated to tech." And that honestly helped a lot. So, you know, it's great. And now I'm back to the whole AI coding in the evenings. But I I do try to sometimes set limits and say, "Okay, I've been doing that for the past five nights. Now I'm going to go play some video games or something nonIT
55:00 - 55:30 related." And that helps a lot. The Google uh Well, let me just ask you this. I'm gonna watch the trailer for Hell Let Loose. Before I do that, I want to ask I did the trailer for Balders's Gate 3, but I did like the cinematic one cuz people want me to play this game and it was really disturbing, right? It was like horrifying. And uh is is Hell Let Loose going to like I can't do horror gore. No, it's it's World War II, right? World War II or World War One. No, I think it's World War II. It's been this long since I've played it. So, it's uh it's a
55:30 - 56:00 first-p person shooter, but it's not horror in It's horror in terms of it's war. So, war is horror, but it's not monsters and stuff. Yeah, jump scares and stuff like that. Yeah, I can't deal with that. Okay, cool. All right. Well, then I I'll check it out. I'll check the uh the trailer out, but do you go to conferences at all? Are you on the conference circuit, either speaking or attending? Not as much nowadays. I I am trying to get back into it just a little bit. However, I What's the next one I'm going to? So I'm going to forward cloudsack in Denver here. I think it's
56:00 - 56:30 the first week of July, maybe the end of June. I can't remember exactly the dates. So if anybody's going to that, please reach out. I'd love to connect and meet up there. And that one's conveniently located in my backyard. So that one is that's my first time attending it, but I've heard great things about it. Very excited for that. Otherwise, I've gone to rein I went to reinvent last year. I don't really go to a lot of the purely or general cyber security conferences as much nowadays. It's been a few years since I've done that and um now I try to go to honestly
56:30 - 57:00 I kind of like the smaller stuff that that's really where you can network a lot. So unless it's like a reinvent where I kind of have to go to meet customers then I try to avoid some of the larger conferences typically. Oh, all right. Right on. Yeah. Wild West Hackenfest or Wild West Mile Highfest was just in Denver recently and that I mean that's a pure cyber conference but it's I mean if it's anything like the Deadwood one it's not really a it's a conference in that it has talks and stuff but it's much more of like a retreat and uh a social you know engagement. So if if you're if you're
57:00 - 57:30 looking for a fun one in your backyard um a lot of people in chat went to it. I did not go to it. Uh but I I rolled my eyes but it was my wife's birthday weekend. I want I chose to be home. I wanted to be home with my wife. I don't know why I rolled my eyes, but uh yeah, anyways, we're coming up on time here, but I do want to uh like let people continue the conversation with you, uh Kristoff. So, like where where do people connect with you, dude? LinkedIn's a great way to do that. If you want to search my name, I'm pretty much the only person with as
57:30 - 58:00 weird a name as this. So, you can find Christopher fairly easily on LinkedIn. And then also very active on Discord. We have that Discord community at cyber.comiscord. Yeah. So, let's take a look at this. We'll do it live together. Cool. So, this is if you Google CYBR. Note, it's cyber but uh cybr. And it looks like it's the second one, the Discord one. Cyber Discord. And when you hit it and it comes up, uh it'll automatically redirect you or uh dis Whoops. It'll re
58:00 - 58:30 redirect your Discord right here uh to this and you can accept as you. And there you go. Obviously, you got to go through all the normal Discord like you're not a bot. You're not going to be a scumbag. You're not going to rip people off. Uh and then you're you're in the community. So, if you're interested, uh obviously I feel like Kristoff, your attitude's probably going to uh persist kind of into this Discord community. So, if you like Kristoff's attitude and what we're talking about here, is it mostly focused on cloud security and training? It is, but we also have folks that are
58:30 - 59:00 not in just cloud security. So you can also come in if it's honestly if it's web development, AI, uh anything related to IT, I think you could find your your people here. So feel free to do that. All right. I just joined Tyler Ramsey welcomed me to the to the community. So thank you very much. All right, guys. Uh I think that's going to do it. I mean, Kristoff, dude, you brought so much knowledge today around cloud security, around training. Obviously guys, the free stuff on the cybr.com cyber.com uh website is, you
59:00 - 59:30 know, you can get some education, get some knowledge, you know, learn for free and uh you know, basically around AWS, right? I do I do think like if you're not going to search out a cloud security job, if you're not going to work within the AWS space, probably you could spend your time doing some other things, but if you if you're curious and you want to sniff it, this is a great way to do it versus just honestly I feel like if you just read a book on cloud security, it's not going to give you nearly as much value as jumping into one of these environments and getting your hands on
59:30 - 60:00 the keyboard. Fair fairly fair assessment. It's it's a massive world. You could eight years into AWS, I'm still learning a lot. So, a single book will definitely not cut it. There you go. Exactly. All right, Kristoff, on behalf of the entire Simply Cyber community, I want to thank you for being here today, for sharing your time and your knowledge and experience. I had a wonderful time. I hope you did, too. Um, and I guess until next time, y'all. Appreciate it. Thank you so much. Yeah, of course. Cheers, everybody. Bye. [Music]