[00:00:00] I would say one of the reasons why I started working out and part of the learning space basically because the part who has been always been a full-time job and a hardening creation. I don't think people may realize how hard it is about it too.
[00:00:23] What's up everyone? Welcome to the Tech Certified Podcast. I'm your host Caleb Oni Certified and this is the podcast where we interview tech creators and tech professionals who inspire us on our journeys in the tech industry.
[00:00:37] We have a special guest today. Our guest today is a well-known face in the world of cloud and cloud security. Our guest is a chief information security officer, community builder, podgast hostar and the host of the cloud security podcast
[00:00:53] where he speaks to cloud security leaders and professionals on what's hot in cloud security. Is she? How are you doing today? Good Caleb, thanks for having me. I appreciate you beating out and looking forward to this conversation.
[00:01:04] Amazing, amazing. Of course it's really great to have you and let's get straight into it. The first question I just want to ask you just to get to know you a little bit is, just give a little introduction and tell us a little bit about yourself.
[00:01:18] Sure man. So I have been cyber security for the little 13 plus years now. It first normal happens in the great creative beard that people might see in the video. Also YouTube video, but I'll be in the five screenings for a while.
[00:01:33] Over the last, I would want to say, seven, eight years have been primarily focusing on cloud and cloud security. AWS, Azure, Google Cloud, Kubernetes security and now dabbing into the AI security world as well.
[00:01:45] But primarily I would say I'm a technical person at heart of all who's been technical. Even so today, I think one of the reasons why cloud security podcast came into fruition was because I want to remain technical while being a seesaw.
[00:02:00] So wanted to reach out to people who are in the cloud security podcast came in. Now we also have something called AI cybersecurity podcast which is basically our thing to do so questions for why people get a word AI and how should we secure it.
[00:02:17] But that's probably the short intro but can go on otherwise people can go with me as well. I think one of the questions that I wanted to ask you was why cloud security?
[00:02:30] I mean, of course, as a seesaw in someone working in cyber, there are so many areas in cyber security.
[00:02:36] Not to talk about the whole tech industry and why of all those areas is to focus on cloud security and what led you to focus on that and even to start the podcast from that. Yeah, awesome. It's a great question.
[00:02:51] I would say one of the reasons why I started working in the cloud cloud security space. Especially because the bar to entry has always been low and by that I don't mean that if you don't have any basic IT fundamentals, you can get into cloud security.
[00:03:09] I would say if you have the foundation pieces with IT for some time, you understand networking, you understand some of the people be so required for just knowing IT in general. Even if it's not coding cloud was a good low.
[00:03:23] It's more like an equalizer for lack of a better word where there is a whole generation of people like me and others who have spent a lot of time in data centers that probably hated every minute of it.
[00:03:34] And then with this new thing that comes up where a lot of us would not aware of it, but a lot of people who are starting today have the opportunity to pick up and go, oh I know IT.
[00:03:44] I've been trying to get into South Security for some time and I just need to apply cyber security to the existing knowledge that I have when I can actually do the thing.
[00:03:52] Obviously beyond the certification that I was in doubt now that people are doing, the one thing that made it even obvious was a fact that when I started doing the 70 years ago.
[00:04:03] Amazon was the only player there was no answer there was no GCP and they were still established themselves going hard and betting beyond money. I don't know if you were to bet your money on Amazon to the world, like the soft of the world, Google at the world.
[00:04:20] I would say it makes sense, they are not going anywhere at that soon, this is not going to be just to peer. That was also one of the signs that this is going to be here to stay.
[00:04:32] The same as most people talk about NFD came out and blockchain came out. Not that I'm saying they are irrelevant but they were almost like a hype cycle, they came in, everyone got in, got money, lost a lot of money and moved on with their life.
[00:04:46] At that point in time it was still very evident based on the evidence around, but Amazon had already expanded beyond US to Australia. Australia is where I was before this, that's where I started my journey in tax security and it became obvious we were,
[00:05:03] and I said we Australia was a largest consumer of Amazon web services, seven years ago, outside of US. There's just how much consumption was.
[00:05:13] It was even more competitively it's not that big a country in terms of tech and how many people are in tech, compared to the US but one of the biggest consumers was an obvious sign.
[00:05:24] And that equalizer part is where I would say that definitely kind of lowered the play field. I did not find anything initially because I was trying to get into that field myself, I was a security architect back then. How do I do security and cloud?
[00:05:40] Didn't find a lot of information on it. That's the same time that COVID hit. A lot of people may have already heard the story from me before but the Melbourne Australia, where I was, we were in lockdown and I just kind of literally what you,
[00:05:53] you know, I do in the moment. It's kind of how it started where you and I just bring up people and go, hey man, Sunday morning, I'm free, the only jump on a call, I just talk about cloud and I want to know what you are doing.
[00:06:04] And I was already trying to do cloud at my workplace. I, by the time COVID came out, I was already a CSO and I started working more closely with AWS. We started my Google Azure and it's just getting too much and I'm like,
[00:06:21] I don't know how many people learn this, how people get people with it. And in a way, the civil lining from COVID, even though it's totally horrible and because of our negative experience around it,
[00:06:31] the civil lining for at least for me and my co-founder was that we found that we had community that we had been, I guess, in a way, brewing without even knowing that we've been growing,
[00:06:42] we ended up hitting the top 100 for AWS for Apple in the first year of being by. I would say a bit of the high cycle because everyone has stuck at home anyways.
[00:06:55] I want to say it was a 90s or a second, it was luck against luck as well. So I would not just say it was my charm that bought people over to the podcast, but a part of it was definitely that.
[00:07:05] So that was one of the reasons why we decided to start talking about cloud security because there's not many people talking about it and we started talking about it. Sometimes people want no more, now five years in, we're still talking about it.
[00:07:20] Wow. That's really good story and it's interesting because I feel like the cloud security industry, well, I could say for this channel there's a lot of people in the audience that watch this channel that are really interested in this area and getting into this area.
[00:07:38] And finding ways to get in, what do they need to know? What do they need to learn to get their first role in cloud security? A lot of the time cloud in general, but some people really focus on cloud security, cloud security. Yeah.
[00:07:53] And I wanted to ask you whilst we have you because of your understanding of this area and, of course, speaking to so many people who work in this area, what are those key skills to understand and work on a no-to to be able to thrive in this industry?
[00:08:10] Sure. I would make an assumption here that if anyone who's watching this wants to get into cloud security, having basic foundation knowledge for IT should just be a given.
[00:08:21] The reason, like, I get a lot of reach out from asking people who would say, hey, I want to look for an analyst or in cloud security.
[00:08:27] I would say the likelihood of you finding that would be fairly low because think about the kind of companies I look for analyst role. They're not like the small companies, they are the big companies like the banks for look for it, the financial studios, oil and gas.
[00:08:42] They take a big industry, they're all looking for those. And they're not looking for someone who's just doing cloud, they're looking for someone who can be across other things as well because as an analyst, it's supposed to be across many of the things.
[00:08:54] The way I personally see and at least when we have hired for it, and this is what I encourage people for as well.
[00:09:00] The reason I say it's a low bar is because if you have, I say, I have met people who've done the company, a network class, company security plus. They've been working on on fashion projects, possible projects for, this is a business use case.
[00:09:13] I've been documenting that on the internet and I've been talking about it, land. I have seen that to be a better approach to find a job in cloud security which is ultimately the goal for a lot of people.
[00:09:24] It's not just doing a certification as much as every certification provider would tell you out there. Even though the title of the certificate is a bit deceiving because like, oh, it's a worse word for an AWS solution or a professional AWS solution back here.
[00:09:39] Yeah. So see it, similar for the Google Cloud once a cloud security Google something, as you're a similar one, it may have the title of that, but I would, the honest answer to that is when a professional looks at those certifications.
[00:09:55] The first thing they come to mind is, oh, okay, so you have a good understanding of the services that are provided by that cloud service provider. It does not give the person the confidence to feel that you can help me with the project.
[00:10:07] I would feel to work with you on that. And the reason I bring that up is because as a school set, if you're trying to build something,
[00:10:15] I would say definitely if you have not got the fundamentals get the fundamentals in first, that's definitely quite a bit irrespective of AWS as your Google Cloud, which I want to go for.
[00:10:25] Another one, if you are more already a technical person who enjoys Linux and knows about containers, definitely look at Kubernetes.
[00:10:32] That's again, one of those fields where it's a low bar to entry because just it is still a big unknown for a lot of people even though it's been there for eight hours. I want to say, nine, eight, nine years similar space and they've definitely growing.
[00:10:48] So scrums, skills are perspective. If you already had the IT fundamental discovered, the next thing I would understand is, every cloud service provider, AWS Azure Google Cloud has example architectures that are available, I think on the GitHub as well as on the documentation page.
[00:11:05] It wasn't happening some of the more of a regional street chat as well. But the reason I point you there is that gives you understanding of how businesses implement that in their organization.
[00:11:16] Because that's what's going to help you in the interview. That's what you're actually going to do in a job, it's not going to be which Azure service are you going to use for AI protecting AI application.
[00:11:26] A there is no service that does that. I think they tried to work on it, but it is, back to the answer being, it's not the employer would not care about the fact that what how many services can you remember it's more about, hey, my I have a problem.
[00:11:39] It's like going to a mechanic, you don't go to a mechanic because even a bio card, you go to a mechanic to say hey I need to fix it. My breaks are lose, like specific problem you're trying to solve that's what they're just so.
[00:11:49] Yeah, and the in a way you're trying to be that mechanic for the organization where okay, what are you trying to solve? Oh, we want to expand into AWS or Azure, we want someone to help us build the entire architecture for what that would look like.
[00:12:02] Or another project could be the fact that hey, by the way, we have recently started working on building our security uplift program for Google.
[00:12:12] We're looking to improve attention access management, work in what do you think we should do and even listing our five or six examples by the way, you can ask chat to you pretty for this as well.
[00:12:22] You don't really have to like be an expert and start learning at that.
[00:12:25] Those are skills I would say I would invest more time on the certification that good because at least it helps you get through that first HR door off knowing oh, you have a certification but when it comes to the interview.
[00:12:38] Yeah, there'll be expecting you to at least have a few examples for business use cases where you can say, oh, I learned this technology like I learned Azure Sentinel which helps me do certain intelligence I made my own playbook things like that.
[00:12:51] Those are solid examples, I want this person because better than saying I have certification hopefully that I'm just a part of you as well. If you feel you agree, you disagree by the way. Yeah, I do agree and I think it's super important to have those foundations.
[00:13:07] It's not I think cybersecurity in general we need those IT foundations and you can't just sort of well jump into a cybersecurity role after doing one certification.
[00:13:17] That's pretty clear to everyone or it should be I think a lot of people and who message me or who comment I've had a few questions like I just got the AES at 900 or the cloud practitioner what jobs can I apply for and it's like.
[00:13:38] You just thought there's a lot of people like you actually feel bad about how do you honestly tell the person that it's only part of the process it's not even like you're not even at the door yet.
[00:13:49] Yeah, and honestly I tend to encourage people to go off the doing projects and doing those practicals and doing those labs to actually get some hands on.
[00:14:02] Technical understanding of things of how things work so that when you do get to an interview stage, you can actually explain it to whoever you're being interviewed by. Yeah awesome because I mean I started doing this thing because funny enough.
[00:14:17] There is actually not a lot of courses on the incident that talk about cloud security as well and I think we started.
[00:14:24] Three monthly class that we run every month is the cloud security boot camp is what we call it but the idea is once a month we get to have one our session on a topic is a business use case that people can walk away with and hopefully make a blog or write a portfolio for it in the resume do it themselves.
[00:14:40] That's also not there man. So I mean I hope they kind of do something about the information you're sharing on your channel as well. It's definitely worth it to at least no fundamentals and do some projects and so yeah.
[00:14:53] I'm talking because I think you're now the same page. Cool we've got loads more questions. Let's move on and one thing I ask every guest that comes on here or that's going to be coming on here during this podcast is to share one.
[00:15:08] One really interesting story from your journey in cloud. It could be good it could be bad but one interesting story if you have one from your journey. Probably would give an example of actually finding a talk. There's a cybersecurity conference called RSA.
[00:15:27] I spoke at B's head London as well about this couple of months ago. The talks about so the cloud security boot camp example that I was giving we run the website called cloud.com and we're the as part of the training we were running.
[00:15:43] It's only a few months ago. One of the exercise that we had or one of the class we had was we had terraform being used to deploy infrastructure and a BS.
[00:15:54] And I asked part of that we had submitted. I guess so pop people who brought your family with terraform is an infrastructure as code language and the intent behind that was.
[00:16:05] We wanted to show a business use case where you can use infrastructure as code to deploy infrastructure into AWS and for that you need something called an access key, which is provided by AWS and that's how terraform works.
[00:16:17] At least terraform which is only a laptop. And as we were doing that we obviously had to show the access key that we were using.
[00:16:24] We didn't really delete the access key which is for people who don't understand the access key. It's like you're leaving a username pass for an agent kind of like people watch and we did not delete that and someone in the audience made a notification went back to the video made a notification
[00:16:39] And I recorded a whole video on what they could have done in our AWS account.
[00:16:44] How much not protected it was I guess for lack of a better word. They made a whole video about it. They said hey man, I really enjoyed the class but I just wanted to show you this kind of how deep I got into network and all of that.
[00:16:57] And if you've got the video about it, share like a private link with you with me on one of those YouTube videos and I was super grateful by the way. I'm still grateful to the person I will name them that they could have just given us a thousand dollars a bill which I could not have afforded.
[00:17:13] But in the show, she also share how they what they could have done and they just want to make it no. And I decided to just share that with the public as well.
[00:17:23] And I'm trying to find out what other people wanted to hear about it as well. So I got picked up at one of the biggest conferences in the world, just RSA.
[00:17:32] I spoke about it at research London as well and the it's funny. I think the reason I bring that up story up is because I'm grateful for the research to be able to more research at the novelist's attacker.
[00:17:44] And they came from genuinely from a point of I wanted to help and because you guys are doing something, I want to kind of give back in a way.
[00:17:52] So me being grateful for it's an awesome community to be part of is kind of coming from that hey everyone here to help. If you're starting today, I feel the class security community at least from my personal experience of the last seven years has been very welcoming.
[00:18:09] And for people who are starting new as well, if you're looking for projects in other ways, it's definitely very much of the ethos that we can come in which unfortunately has not been true before.
[00:18:18] And that's for at least in my mind makes this story interesting is that there's always been this viewpoint that cyber security is a very gated community unless you've done a CST or insert certificate over here.
[00:18:29] I'm not kidding, but people that's 20 years on it. I definitely find the I truly believe cloud security has lowered the bar quite a bit for a lot of people to get in as long as you have those basic things that you're marking for.
[00:18:41] I would be surprised if people are not able to get a job but those that actually that's story because I think it's going to be probably out in the out in the internet soon anyways, but it's it's definitely something that's amazing that we are.
[00:18:53] Good bunch of helpful people who just want to just want to go things. Thanks, that's a good great story and another thing I wanted to ask you also have you is about your content creation kind of your configuration journey with the two podcasts you you are part of now and how you found that journey in what sort of inspires you to put out content to run a podcast to speak to people what's your inspiration and how do you find that experience.
[00:19:23] I would say I'm just leaning into what I already am. I think that's probably the easiest for you to explain it. Before I started doing the cloud security podcast, I was already creating content from in fashion. I was already creating content for travel for food.
[00:19:39] I've always been like I'm ask anyone in our generation we're all on TikTok and Instagram. I was already consuming a lot of videos before reals was a thing.
[00:19:48] I was already doing a lot of TikTok before TikTok was like I mean I was still doing those dance videos before I'd like oh, I can't see you just for like I actually genuinely thought that I could never get to a point where I can create content for some security which would be helpful people and I didn't just didn't have the framework.
[00:20:07] But now that I have the framework for how I can help other people. I've kind of like brought my own element of men's fashion into cybersecurity. I've brought my own element into how I've enjoyed content in two-sauce security.
[00:20:20] That's kind of just why I said I've just been myself and that's been my inspiration because I've always enjoyed creating content. I think I've always been of the ethos that I want to be able to help people so that definitely and like what's my calling out?
[00:20:35] My co-founder and my mission because we got our jobs through the community. We were asking me to have so I'll go into media, meeting people like yourself to others and just being I guess nice and helpful with other people just to genuinely try to help other people if we can help them.
[00:20:51] That is the reason I got my first job literally till today. I'm tanked 12. I'm coming in to me and I would have not gotten that job.
[00:20:59] It's a person that did not give me a chance and this is by the way, this is back in Australia, I was shooting in the micro industry as well so it wasn't like I am.
[00:21:08] This whole legal thing aside, just getting an opportunity to start in cybersecurity in a world where generally people consider cybersecurity to be gated.
[00:21:19] We have interesting for me and now that we have had some experience with my co-founder and I try and hopefully be that door for other people to come in as well.
[00:21:32] Definitely is the inspiration. That's one of the reasons why we have continued for five years and we've started more ways to help people and that's where the cybersecurity boot camp. That's where AS have three podcasts there is why it's hard to report as well.
[00:21:44] I would say that's kind of where my inspiration is and in terms of I would love to say it's my genuine charm that makes people come to the podcast but it's generally the value that the guest provide.
[00:21:56] We have been lucky to have people who are from Netflix, from LinkedIn, from Twilio, from Twitter. The kind of company I'd never thought I would be interacting with as colleagues, as friends.
[00:22:08] I call them friends now and they basically hang out with me when we go and meet them in the cities. Like that all that is genuinely just me. I just love meeting people, no I can't ignore them. Yeah, I would say that's my inspiration.
[00:22:21] I hope that's the good answer for what you were looking for. Definitely. I don't have anything philosophical unfortunately. That's a really good answer and I think a lot of the audience that watch our channel would be really interested in cloud security podcast and AI cybersecurity podcast as well.
[00:22:42] So if you haven't seen that yet and you're watching this, definitely take a look at that. Another thing I wanted to ask was about your favorite podcast which you've had on cloud security podcast or AI cybersecurity podcast.
[00:22:58] Wait, stop! There is no way you've listened to this podcast all this way and have not subscribed to the channel. Some of you have not even liked the video.
[00:23:09] If you've taken any value from this podcast, please subscribe to the channel, Caleb and he certified and leave a like on this video so you can get out of the video.
[00:23:17] I've talked to as many people as possible and you never know, leaving a like might actually give you some good luck. Okay, that's enough. Let's get back to the podcast. What's been your favorite guest that you've had on cloud security?
[00:23:29] Who's your favorite artist? Like, is it Drake or is it GV? I can't say that. So I'm happy. It's hard to pick one favorite but the one that I would say was a game changer in a lot of ways.
[00:23:47] And it was an episode that I did with Kelsey Hichawa. He is, I think he's not retired. He used to be a fellow or something for his foot up there. He used to do keynote for Google Cloud and Google and he's rocked where I've been in the world.
[00:24:02] Yeah. Yeah. I think what I loved about the interview was that he just had such a gift for simplifying everything technology and do something super simple. I did a corner in, I recorded an episode with him at Keep Point in Paris last week.
[00:24:18] And we were talking about AI and the examples he gave. Damn dude, how do you come to the campus? Like, it's such a simple thing that anyone can understand and I can understand why he's working with executives.
[00:24:32] And to give you an example, we were talking about Jenny, how companies and enterprise and large companies should use it.
[00:24:39] We went in an example of a hot dog stand and we went from a hot dog stand with five menus to now they can create a new interesting menu using charity, or whatever Jenny I am going.
[00:24:50] Like that's the benefit of a business and I almost didn't butcher and get the example quite a bit here a lot. I would definitely encourage. I'm sure he'll share it when it comes out as well.
[00:25:00] It's the part the episode was crucial for me given it helped me understand that actually if you really understand technology, you can make it so simple that anyone can understand. That is true in the power of a good storyteller and a content creator.
[00:25:17] And I don't think he thinks his content creator, I think he'd be great. He's a great storyteller who can distill technology no matter how complex it is in such a simple way that even a five year old can understand.
[00:25:29] That to me is about our, and I don't mean to say any of the other episodes, I guess you've come in are unimportant more in the context of that specific interview game.
[00:25:39] I walked away from like actually, I don't think I know enough in technology that I can explain it or five year old. So I've been here towards making a, because you know how sometimes when you meet friends and they're like, oh what do you do?
[00:25:50] Oh, what can I have to do? What is that? Like you're trying to explain, I try to accompany a hacker, you know, like people are like a hacker. I'm going to prevent like a new hacker.
[00:26:00] No, not really. I'm like the other guy who's trying to stop the hackers like okay. Like so you're not really hacker. I'm like, well, I guess I am.
[00:26:08] So I mean, I don't know if you go to because I definitely go to that, but I'm not very introduced myself in a party.
[00:26:13] Yeah, yeah, I go through the same thing. It's like, these days I used to, when people used to ask me, I say I'm a cloud engineer. And they're like, what is the cloud engineer? Like it's a mess.
[00:26:26] And then when I started to work in science of theory, so much easier, I could just say it's just how to secure it. Yeah, and they're like, oh, I've heard of that. Yeah, but it's more the cloud, and there you just got so confused.
[00:26:36] I didn't know where to go. Well, thanks for your advice. I was wondering, do I have a lot more easier or more efficient leads? Definitely definitely. Thanks so much, she's for sharing that. And is that podcast up on the channel?
[00:26:55] I'll definitely share that with you if you want to share with the audience. I think definitely an episode of what listening to. It's an episode based walk-in-word Kubernetes, which is probably a lot of people look at us very complex technology,
[00:27:05] but the way he explained it, man, I think anyone can understand Kubernetes after that. So I'll definitely share that and hopefully people find value from it as well. Yeah, yes, cool. That will be linked in the description once this video is released and in the comments as well.
[00:27:20] And she's thanks so much to end off. I wanted to just ask you if you had anything you wanted to promote share or plug. You can do so. I was looking at a YouTube channel, you've got a great job.
[00:27:32] So I'm obviously, when this episode comes out, I'll definitely share it as well. But you're definitely agreeing with your job, man. I don't think having done the whole full-time job and content creation, I don't think people realize how hard it is to value you. Yeah.
[00:27:47] Like you're almost, I've forgotten to be a bit of a big question because you think you might want to ask your questions. I'll just cut it with my friends and take it easy or just create content.
[00:27:57] It's like having not just one job, but multiple jobs in the beginning as a content creator. So I would definitely say, I'll definitely give a shout out to your channel and for everyone who basically do it to work.
[00:28:09] I'll shout out day Johnson's channel as a 12-cyber works for people who probably need that kind of thing like that. Yes. They're super nice guy and I could friend as well. I'll definitely recommend his channel.
[00:28:21] Obviously if you are in a lot of our cloud security, cloud security podcasts has a YouTube channel. AI is our security podcast as a YouTube channel as well and cloud security can't be a family as well.
[00:28:30] But definitely can follow KLA, follow J. Day, those guys are doing, I mean, obviously KLA peers doing a good job. Dazing great job as well. So definitely shout out to your fellow. Of course. And day is kind of like the inspiration for this channel. Oh, well. Oh, well.
[00:28:45] And I'm like, I missed it some recently like, yo, they come onto the podcast. And if you're watching this day, come onto the podcast. I'll also ask myself, how do you feel about messaging? Well, thanks to you. Yes. Yes.
[00:28:57] You can go KLA's podcast. I'll definitely let him know. There we go. So yeah, we're waiting for you today. That's no. She's thanks so much for joining and for everyone watching. Thanks so much for watching.
[00:29:10] In the comments section, let us know what creators or professionals you'd like to see on the podcast and I'll do my best to make that happen. And she's thanks so much for joining us. And thanks so much. Thanks everyone for watching. Thank you. Thank you.