Hello and welcome to the Imposter Syndrome Network Podcast, where everyone belongs, especially if you think you don't.
In this episode, Bec explains what their job entails and walks us through their day-to-day.
They tell us about their path through university, their first job as a waitress, and why studying technology was so interesting to them.
Bec explains why they believe that being interested in computers from a young age might've been detrimental as it narrowed their experience in other areas, why you don't need to know everything, and what their favorite crayon to eat is.
I think just being able to acknowledge, you're never going to know everything.
It's okay that I don't know. I can ask people, and they will help me.
I think that is the main way that I manage it is just like,
I don't know what I'm doing. And that's okay.
Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)!
We'd love it if you connected with us at the links below:
You can also find us on YouTube, Instagram, Facebook, and Patreon.
Make it a great day.
The following transcript is machine generated and may contain errors.
[00:00:00] Chris: Hello and welcome to the Imposter Syndrome Network Podcast where everyone belongs, especially if you think you don't. My name is Chris Grundman and I'm here with my co-host, Zoe Rose.
[00:00:20] Zoe: Hey.
[00:00:20] Chris: This is the Bec Trapani episode and you're gonna love it. Bec is a security engineer who lives down in Australia and has worked in security operations as a penetration tester and in governance.
[00:00:35] Chris: Hey Bec, would you like to introduce yourself a bit further to the Imposter Syndrome Network?
[00:00:39] Bec: Hi folks. My name is Bec. Uh, you can find me on Twitter at Error Buffer overflow. I currently work at Canva as an AppSec engineer, and I've been doing that for about the past year and a half now. My day to day basically looks like speaking to engineers and helping them find ways to get things done in the securest way possible, and it's been a really interesting experience so far.
[00:01:09] Chris: I bet. And yeah, thanks for sharing that. I think that's definitely one of the key points we like to touch on is, is giving folks a flavor of what these jobs actually are. Cause a lot of people, I think, myself included, don't understand what everyone else is doing. Uh, especially if you're someone who's getting started.
[00:01:22] Chris: So that's great. Maybe it'd be worth kind of rolling back a little bit to see kind of your journey of getting to this place of like being an AppSec engineer. And I wanna go all the way back. What was your first job ever like, not in tech, but just first thing somebody paid you to.
[00:01:38] Bec: Oh, my first job was probably, I'm pretty sure it would've been waitressing.
[00:01:46] Bec: I was at uni. Yeah. So I was at uni studying computer science and I obviously needed money to go out and do things. And yeah, so I would waitress. And I waitressed most Thursday and Friday nights and on weekend. And I did that for a large portion of my first years at university, and then I was able to start teaching.
[00:02:12] Bec: At the university and so I was able to teach user experience and user experience design. And it was really funny because there was a point where I was an undergrad teaching Postgrads user experience design. And for a long time I thought that that was gonna be, that was gonna be my career. That was gonna be my job.
[00:02:31] Bec: I was gonna become a UX person and jokes on me. Absolutely did not end up there. Instead, I ended up in security after I met like some people in the industry and they're like, You know, instead of being a software engineer or like an IT person, you should do security. And I was just like, What? I have no idea how to do this or how to get into it.
[00:02:53] Bec: And again, joke's on me because I think about six or seven months later, I landed a security job and I put my university degree on. Like I deferred it for a couple of years because I had a job, I was working full time. And then it got to a certain point where my university degree, like the time that I was able to complete it in was coming to an end and I was like, Oh no, I need to like get this degree finished.
[00:03:22] Bec: And so, I emailed the university and I'm like, Hello. I have this like software engineering degree. I'm currently employed full time. I am struggling to like get back into it. What can I do? And they emailed me back being like, Ah, so basically if you drop back into your bachelor of it, So I'd moved from bachelor of it to a bachelor of software engineering and then just get recognition of prior learning for your one outstanding unit, which is the security unit you can graduate.
[00:03:54] Bec: And I was like, Oh, cool. Easy. I think the most complicated part of that whole process was like trying to fill out the form that says, I have prior experience in this subject and don't need to complete it because like you have to go read this like course outline and then you need to map it to your everyday job.
[00:04:15] Bec: But because of the bureaucracy of universities, you have to do it almost one for one. Otherwise they're gonna be like, We don't understand this. And so it took me like a good month just to fill out this form because I couldn't be bothered doing it because I had a job and had to be paid and had clients that needed me to do my job.
[00:04:34] Bec: And it's just like, I don't wanna fill out this university form for free.
[00:04:37] Zoe: I'm just gonna say, This makes me think like you had a temporary compliance job, . Let's map this. Controls one for one. You basically did your own ISO cert for University .
[00:04:53] Bec: There's obviously a bit more to the story, like there were other like, Waitressing jobs and there were like other things in between, but I feel like that was the main, main path is how like I ended up from where I was to, to where I am now.
[00:05:08] Bec: But yeah, I think it's, I think the funniest part is, is like all of this, like going to university, trying to get through all of this coursework and then like joke's continuously on me just landing, like falling into these jobs where I'm just like. How did I end up here? Oh, no. Now I'm the expert. This is terrible.
[00:05:28] Bec: Someone has clearly made a mistake somewhere and they will work it out. Yeah, so it it's been good though. It's been a, a long journey, but it's been a, an interesting one I think.
[00:05:41] Chris: Yeah, it sounds like it. And that, that is really funny. And one of the things that's funny to me also is that, you know, a lot of the folks, especially folks who are early into technology, I mean, I think falling into it, it was just kind of, that is how it worked.
[00:05:54] Chris: And so it's almost, it's, it is super interesting that, you know, you actually were already going out to get this, you know, degree in computer science, at least, you know, so you had some interest in some way and then fell into it still, which is hilarious. I think. I'm super interested in why did you even pursue a degree in computer science?
[00:06:12] Chris: Like where did that come from? What, you know, why was technology or computer science or any of this interesting, even when you wanted to be a UX person? Right? Like, where did that come from? If, if, uh, you can remember?
[00:06:22] Bec: That's a really great question because like since I was, you know, four or five. I've always done the computer thing.
[00:06:32] Bec: There's this story that my parents would tell me all the time about when I was in prep. I knew how to use the computers better than the teachers did, and like we were learning how to use this art software. It was like Picsa studio or something like that. And I had it at home as well. And so I had learned how to use it because I had it at home.
[00:06:54] Bec: And then I would go to school and then the teacher would be trying to work out how to use the computer, how to use the software, and I'd be like showing them or like trying to explain. And apparently I don't have any memory of this, but apparently my parents got called in to talk to the principal because they were concerned that I knew how to use computers too well, like better than the adults.
[00:07:16] Bec: And so therefore I was probably spending too much time on them or something. And so like it's always been the thing. That I've just naturally done well at and I think when I say I've done well at, I've just spent a lot of time doing it and it's always that point of, you know, it's where the skills that you have learned meld just into, I know how to do this or I have enough tools.
[00:07:44] Bec: It's not necessarily I was particularly good at it. I was just persistent and had seen similar problem. And that sort of continued through like primary school and then into high school as well. And so when it came to doing like. The two years before going to university, I was one of the few students who took on a vocational education class, so it was basically practical.
[00:08:10] Bec: You would do extra hours in your day and you would get like a proper vocational education certificate. It was normally a three year program, and I, because I, the first year I was like, Oh no, I don't wanna do this. I have to go to another campus. There are only like guys in this course. I, I'm just too nervous about it.
[00:08:29] Bec: I didn't do it, and so, When I went to the two years before going into university, I was like, No, I'll just, I'll just enroll in this course. If I have to take an extra year outside, like going to a vocational school to finish it off. It's like I ended up getting it done within two years just because I would, I just blasted my way through the coursework.
[00:08:51] Chris: Oh wow.
[00:08:51] Bec: And I think the thing that was really interesting as well is that, um, I also took the two other IT classes, so I took all three IT classes. One of them was like, it wasn't software development, it was basically, this is how you learn how to use vb.net. And then there was like, this is how you learn to use Excel.
[00:09:11] Bec: And then I had this like proper IT course and I just like blasted my way through them. Like it got to the point where like, I would be weeks ahead in coursework and I was just like, Okay, I'm gonna go play video games in my little corner. And a lot of the, a lot of the guys who were doing like the IT courses as well and had been doing them for like the three years, they'd get really upset cause I'd just be playing video game.
[00:09:37] Bec: They're like, Teacher, why? Why are they allowed to play video games? Like, because they've finished all their work so far. Like, and so yeah, like I really, I can't honestly, Tell you where it came from because it's just been such a persistent theme throughout my life from prep and having my parents called into the school to be like, You're using the computers too much.
[00:10:02] Bec: All the way to like the getting into university phase where it's just like getting through the work so quickly that I just like sit around and play video games and like play left for dead while everyone else is. That's not fair. And then of course, like when I got to university, I feel like that all came, that that all naturally came apart at the seams
[00:10:23] Bec: Cause suddenly, like you are no longer in a cohort of six people who are interested in computers, you're interested, you're in a, in a cohort of like 300 people who have an interest in computers. And somehow they learned how to make video games when they were like eight, And you're like, Wow, where have I been living under a rock?
[00:10:45] Bec: Apparently. So, yeah, like I think it's, it's always been there. But I also, I will say, because sometimes I feel like people hear that story and they naturally think, well, I have to be interested in computers from day one to be good at them. I actually truly believe that it has been a detriment at points.
[00:11:11] Bec: Because there's been such a heavy focus throughout my whole career in tech, it meant that like other areas, like I haven't been able to explore other areas or I haven't been able to take lessons from other industries or professions. And I see that primarily when I talk to like coworkers and friends who are now in tech who, you know, are either late transition or they like came into the industry much later and they'll be talking about, you know, things going on in the education sector or things that have happened in history and how they map really well to things going on in technology and you're just like, where have I been?
[00:11:53] Bec: I've been living in the computer hole, haven't I? I had no idea that these were a thing, like this was even a thing. And so, yeah, like I think I'm one of the exceptions of like, I've always done computers and that has worked really well, but I think it's not an indicator of, of future success for other people who follow that path.
[00:12:16] Bec: Cuz I think it's very easy to burn out sometimes when you do that.
[00:12:20] Zoe: Oh goodness yes. For many years, I, uh, overworked and dedicated myself so much to security that, um, it came to the point where it was too much of my life. It was, you know, I had to step back a little bit. There's one sticker that I was thinking about whilst you were talking, and it's a, it's a sticker I picked up, I think it was in.
[00:12:38] Zoe: It was in the US actually at the last, um, tech field day event that we were at, Chris, Uh, it was said, um, she persisted. That's kind of how, I feel like that describes your journey as you were just so bloody dedicated that you were just not going to let the computers win .
[00:12:56] Bec: Yeah, no, it, it really was like that and there were...
[00:12:59] Bec: When I was at university, there were a lot of times where I almost like almost dropped out. I almost like changed over to a, a textiles degree. cause like as a side thing. Also really interested in sewing and all of that. But yeah, almost changed over to a textiles degree because I was just like, I don't actually think I understand computers to a like professional level.
[00:13:24] Bec: The only reason that I hung around is because I saw that one of the courses that I could. The, the following semester was taught by a former Netscape developer, but again, jokes on me. He got tenure and no longer had to teach. So I basically had to go and do this course without the teacher that I was hoping that I would get.
[00:13:46] Bec: But I think it was also during that time, I found out, like I found other things that I enjoyed and I was like, I might stick around a little bit longer. But I think one of the things that has become most obvious to me from starting and like going through university and then coming into industry, Is that I don't actually do very well at academia.
[00:14:11] Bec: I suck at academia so much. And then the minute that I got into industry, like there were obviously things that I had to learn and, and skills that I had to, to upskill very quickly. But I worked out that like it was a lot easier to work in industry than it was to go through academia because. I no longer, you know, I never had to write a proof that demonstrated one plus one equals two.
[00:14:36] Bec: I didn't have to worry about like, you know, proving that, you know, a pumping le is a pumping because of all of these different things. It just turned out that like I was allowed to know these things and not know them inside out at every which way, and still like use those theories and ideas to the extent that I understood them and there would be like other people.
[00:14:59] Bec: Who are just as skilled, if not more skilled in the areas that they need help, who can fill in those gaps and just. Wow. I don't need to know everything.
[00:15:10] Zoe: Oh my goodness. Yes. I always tell people, yes, I always tell people, Oh, I, I'm not skilled. I'm just good at knowing where to connect the dots and who to talk to.
[00:15:19] Zoe: I was like, Oh, you talk to that person. You talk to that person. I'm not the expert. .
[00:15:23] Bec: Yeah, yeah, exactly. And like it's really funny since working as like a security engineer, cuz. There's a few different flavors to security engineering and then like, it also depends on the job title and the company and how they define that job title.
[00:15:37] Bec: But like for. Security engineering, and for my role as an AppSec engineer, I primarily work at the minute in partnerships and so basically like I feel like that is my job. It's just like introducing people to different people who are currently working on the same thing and just being like, Now, Now talk to each other and then come back to me with the list of issues you have and like it just take your time.
[00:16:05] Bec: It's fine. We can come back to this later. Like it's almost like security matchmaking.
[00:16:09] Zoe: I feel like I need that as a job Title. I love it.
[00:16:15] Bec: And it really like, it really is like my job. My job day to day has been less about like, you know, this idea that people have of. You know, being like this super, super techy coder and like know how to spot all the security things.
[00:16:31] Bec: And just like walking into rooms where people are like describing a problem to me. Like, all right, so you told me you know, X and Y are doing this. Why does it do that? And like you just end up sitting there asking why as many times until you get to the root cause and you are like, All right, so now that we've conducted the "five whys,", I can tell you that this is the problem and here are all of the different ways that we can solve this.
[00:16:54] Bec: Go do cost benefit analysis and then come back to me. It's basically, yeah, it's like, it's this weird blend of like security matchmaking, security like therapy. I don't know what you would call it, but it's like counseling where you just
[00:17:09] Zoe: Totally, I was, yeah.
[00:17:10] Zoe: I was like, Oh, psychology
[00:17:13] Zoe: psychologists. Alright.
[00:17:15] Bec: Like I feel like a majority of the time, My job is like literally just asking why things do the thing that they do, and just being like, Now explain, Explain it to me like I'm five years old and I don't understand what's going on. We won't pretend that that's the truth. And then like, then we'll work from like sort of first principles.
[00:17:36] Bec: And so yeah, like it's, I think it's just really interesting from the way academia teaches security into how I actually conduct my job day to day. And it's just like walking into a room and being like, Sure, I'm the security person. And you're probably a little bit scared of me, but I like to eat crayons.
[00:17:55] Bec: My favorite one's are purple. And now you can just walk me through this very advanced solution that you've designed. Thanks. I, I love how amused you are by these descriptions. Zoe ,
[00:18:06] Zoe: you're literally describing my job. Pretty sure we do the exact same thing. Um, amazing.
[00:18:13] Bec: It's the crayons joke, isn't it?
[00:18:15] Zoe: Yeah, it's um, one of the things I really, really like about your self descriptions, we'll call it, uh, was one of them was advocate of dopamine driven development.
[00:18:26] Zoe: And I feel like that that relates so heavily to how I work is I, I struggle a lot with motivation and I get to do the fun stuff, but anytime I have to do the boring stuff, it's so bloody hard to do it, and I feel like an absolute failure.
[00:18:43] Zoe: I, I would love to hear your, your insights on that and how you get through it.
[00:18:47] Zoe: Cause uh, I need, I need lesson .
[00:18:51] Bec: I, I'm not gonna lie, it's a big oo on those like, relatable feelings because it is, it is really, really hard. I feel like. The best way I have ever found to deal with it is like just finding like the smallest thing to get remotely excited about. I think like going back to the theory of digging holes and why it is so psychologically beneficial to people is.
[00:19:22] Bec: You'll be digging your hole and then maybe you'll find like this little like beckel of gold and you're like, Oh, what's that? Maybe I should keep digging this hole because maybe there's more gold around somewhere. I think that's basically what it is, is like you just need to find the most interesting thing that your brain can just latch onto.
[00:19:40] Bec: To like continue to persist at this task because like, it's really, really hard. It's really hard to get anything done, especially when you are not excited and you are not interested in it, and you're just like, I, I cannot be bothered with this.
[00:19:55] Bec: The other way I like to think about it. Is that fundamentally humans are persistent hunters.
[00:20:02] Bec: We were never the fastest, strongest creatures around. We were just able to like persist so much that the animals would be like, I am tired, I would like to sleep, I'm just sit down. Please stop. And you're like, No, of course not. I need you to survive.
[00:20:18] Bec: And it's like, I think reminding yourself of that as well, Like you don't need to get everything done immediately, or at least, I don't need to get everything done immediately because that's not who I am. I am at the center a persistance hunter. It might take me a week to get this like big, boring task done, but I will persist. I'll continue, keep going. I'm not a cat. I don't like, you know, have the ability to sprint a few hundred meters at the speed of, like, a car.
[00:20:48] Bec: that's not who I am. No. At the core of it, I'm a persistence hunter. I'll just walk there very slowly until it gets too tired and it eventually gets done. I dunno if that, that theory resonates with everyone though.
[00:21:03] Zoe: No that actually resonates with me.
[00:21:05] Bec: Yeah. I think with the way that the industry, the security industry is positioned within technology, we're very much at the, at the mercy of a 24-hour news cycle. And so this, there's this constant feeling that you need to act immediately with urgency. And it's not to say that there are times where, where.
[00:21:29] Bec: Not the truth. Like there are always incidents, there's always times where we need to act, you know, very decisively, very immediately. But a lot of our work, irrespective of what people say, can wait. A few days, it can wait a few weeks. Like I think we as an industry can work too fast and I think that that funnels down to the people who are doing this job day to day.
[00:21:55] Bec: And it can result in that, like that feeling of constant burnout because you're constantly having to feel like you're constantly having to pretend that everything is on fire all of the time. When everything is on fire, it has the funny effect of nothing being on fire. Like if everything is an incident, suddenly nothing matters because well, everything's a problem.
[00:22:16] Bec: And so like, I think that's the other thing that I keep in the back of my mind when I have tasks that I feel like I need to do is like, no, if it's not being done for a month, it can probably wait another day and just reminding myself that you. I think it comes down to like, if there isn't a good criteria for an incident or what needs to be done immediately, everything's gonna be done immediately and nothing's gonna get done.
[00:22:39] Bec: And I think that's like, that's not an individual problem. That's like a corporate business industry problem.
[00:22:45] Chris: Society level even. I mean, I think, I think like you said, it's, it's not just in security or even in our companies, it's, it's this 24 hour news cycle and there's all these things that are constantly catastrophic, uh, constantly urgent, all these things.
[00:22:56] Chris: And I think that is something that's very universal that you've touched on there, which is this idea that... there's been, you know, management books and self help books or whatever you call them around this, about the idea of, you know, I'm terrible at attribution. Someone made like four quadrants of it and there's like the urgent on one side.
[00:23:11] Chris: And the important is, you know, the other axe. And it's okay, are, is this, you know, important and urgent? Or is this just urgent? Is this, you know, all the four pieces of that. And, and that's kind of stuck with me in that, you know, work on, I mean if it's, it's important and urgent, obviously do that first, but then you don't go from there to the non-important urgent, You go to the important and non-urgent, right.
[00:23:32] Chris: Focus on what's actually important and in some degrees kind of forget what's, what's urgent. And this doesn't always play well in, in, if you're doing like security incident response. It's, it's a little tougher. But in a lot of places in our life, whether it's our job or otherwise: Inaction, is actually the best choice, at least for the moment.
[00:23:50] Chris: Right. You know, there, there's a debate to be had here about, you know, jumping to action or not. But, but I think in a lot of cases we assume that something must be done or there's a problem, so I must do something about it and often end up making things worse by doing something before we actually actually think about things.
[00:24:05] Chris: That's, that's really interesting and, and I like what you've said.
[00:24:08] Bec: Yeah, and I think, I think for me, in my role, it's particularly important because every time I make a decision about like another team or another group's function or the product that they're building, I'm not just affecting my roadmap, I'm affecting their roadmap.
[00:24:29] Bec: And so like, it's really important for me to understand where they're going. Not just in the short term, but in the long term. And help them make sure that whatever decision that they're making for security now also results in a good long term outcome. And we're avoiding as much of that churn as possible.
[00:24:50] Bec: Like where you just like producing or people are doing work that doesn't actually get you anywhere beneficial in the long term. And that's not to say that sometimes you don't need just like a quick fix to get something out the door, but at the same time, you need to be conscientious of what that. Quick change is how much work it's going to cost to maintain it until you end up at that long term point that you want to be in.
[00:25:18] Bec: And I think there's a lot to be said, especially in AppSec and AppSec engineering about like working slow and working with teams to, to define roadmaps and things like that. And. This goes back to what I was saying earlier about realizing that as a security engineer, you're not actually, you're, you are not going to be the smartest person in the room.
[00:25:44] Bec: You're never gonna be the smartest person in the room. You might be the smartest security engineer in the room, but you're not gonna be the smartest person in the room. And no one else in that room is gonna be the smartest person. They might be the smartest person in their chosen discipline. And I think that's one of the biggest things is.
[00:25:59] Bec: I don't try and do my own road mapping of my own work at work. We're lucky enough to have technical, I can't remember if they're technical program managers or technical project managers, but you get the idea. They are there to help things be delivered. And because I work, I'm probably not the true definition of like an individual contributor at work because I do work with other people.
[00:26:22] Bec: But a lot of my work is like self-driven, self-motivated, and has to be planned by myself to map with other teams and groups work. I often have to use the the TPM to help me develop my roadmap because it's not something that I know how to do very well. It can be very hard to work out which of the things that I have in my backlog of tasks is actually important and which ones I just feel are important.
[00:26:51] Bec: And so like I have found that to be really, really helpful because it helps me make better decisions about the work that I'm doing, which isn't just better for me, but it's also better for the teams and groups that I'm working. Because like the technical program managers, like they all get together. So like my group's TPM also works with the other groups, and so they can help align and prioritize and then bring that message back to me in like a really concentrated form and.
[00:27:23] Bec: Yeah, like I think that's the thing, right, is that I'm not, I'm not employed to know how to build a roadmap or how to groom a backlog. These are important skills for me to know how to do, but it's also just as important for me to go, I have no idea what I'm doing. I need some help hand up in the air. Like I need an adult, please.
[00:27:42] Bec: And yeah, like I think that's something that I sometimes see missing in. People who work in security, they think that they need to know how to do it all. They need to be, you know, the front end engineer, the back end engineer, the project manager. It's like, sure, maybe if you're a one person company or you don't have people to fill those roles, but as you get into bigger businesses, these are functions that should be filled because security is no different to front end delivery or backend delivery.
[00:28:13] Bec: Your customer just changes. It's no longer that you're delivering external function. It's an internal service instead. And yeah, I feel like I got off track there. .
[00:28:24] Zoe: No, no, that, that, that's so true. And actually I think for me, I wish I had heard that in the beginning of my career. Cause I tried for so many years to be everything and I still try to, and then I get overwhelmed and I'm like, I'm not doing a good job.
[00:28:39] Zoe: And then I have a chat with my boss where I'm just ranting and he's like, Okay, let's take a step back. And think it over for a minute and then, you know, putting it in perspective. You did a really good job. I feel like I'm in therapy, but, uh, this is very helpful, very helpful discussion. One thing I was going to mention, uh, that I thought was interesting, the comment you made a better go about feeling like you always have to answer right away on up of everything.
[00:29:04] Zoe: Basically, everything's on fire. And I wondered, because it took me a long, long time to realize that I didn't have to go, um, respond to everything immediately. Like I would have panic attacks if I didn't have my phone with me because I would miss an email. An email is not instant messaging, but I would treat it as instant messaging if I didn't answer within a certain amount of time.
[00:29:25] Zoe: I would panic. Right. Um, and one thing I found interesting, and I don't know if this is relatable, is when I visited, uh, Australia a while ago, , now, I felt like I was in a different world and it was because it was such a vastly different time zone that I felt like everybody on Twitter had gone to sleep when I got online. So there wasn't anything new coming in. Uh, I wouldn't get the emails. I would, you know, I did feel like maybe. That little buffer kind of was my own only way of taking a holiday, a real holiday. Uh, and I wonder if that affects that affects you. I dunno,
[00:30:05] Bec: I don't, I think it's really hard to tell because like the people that I work with are primarily located in Australia.
[00:30:14] Bec: And so , I, I feel like I understand exactly what you are saying, but at the same time, That's such a weird thing to have described to you because I've never, I've never really thought about it that way cuz like for. When I was on social media more, the way that it would work for me is when I would wake up, I would look at yesterday's tweets and yesterday's social media from like the US and Europe, and so you sort of just work on this offset cycle where.
[00:30:49] Bec: If Australia hasn't caught up yet, then you're probably gonna hear about it tomorrow. And yeah. But with that said, I don't think there's like too much difference in the way we work. But I do think at the same time we haven't quite caught up with the US in terms of like this constant need for employees to be available.
[00:31:12] Bec: I don't think culturally we have that, I don't know too much what it's like in Europe, but I know like, From hearing friends and, and other people talk about it. I feel like in the US there's a bigger culture around like keeping up to date and always being available. I don't think we have that as much in Australia unless like, you know, your on call doing incident response or those sort of informal or formal agreements are in place.
[00:31:42] Bec: But at the same time, like during Covid and during the pandemic, And as we transitioned to work from home, it was a big change that we did see culturally because suddenly it was like, Oh, well you're taking your laptop home. Like, it doesn't matter if you, you know, if you have to answer a call at eight o'clock in the evening for 15 minutes because you've already got your, your computer and your laptop here.
[00:32:13] Bec: And I think, I think in Australia there's sort of two sides of that. You. The businesses that are like, No, this is fantastic. Like everyone's working flexible hours, which means that they inherently overwork. Um, and then you have the young, young people or the people who are just like absolutely not I keep a time sheet.
[00:32:32] Bec: And you can be guaranteed that it will calculate to 7.4 hours by the end of the day, no more, no less. And so, yeah, like I don't, I, I feel like we don't really get to escape that, that cycle of news or, or really get away from it. But I feel like culturally we're not quite as like, committed to the, like, you must be always available, which is nice.
[00:33:02] Bec: But with that said, it's also been something that I've had to learn how to do. Because I think similar to you, Zoe, when I started, all I wanted to do was do my best, even if that meant digging myself into the ground and then a little bit further. And so I didn't have very good boundaries with work. And so that's been something that I've really had to learn on work on.
[00:33:28] Bec: But I will say if you don't have a workplace that's supportive of that and will constantly try and overstep. It's really hard to do, and I think part of the problem is, is we don't really, we don't talk about how difficult it is when you are dealing with like the people that pay your bills. Constantly like pushing into your like personal time or expecting more and more.
[00:33:55] Bec: Like it's always treated as either, you know, you just need good work life balance. You just need to say no. Or the company just inherently like is supportive of that and they're like, At five o'clock you should be out the door. Because like, I feel like there's a little bit of a lack of acknowledgement, especially for people entering the industry that like, because you are new, you're probably not getting paid a lot.
[00:34:17] Bec: Or you're probably getting paid enough just to like pay your bills and pay for your rent. And if you are younger, chances are you've maybe just moved out into like your own home or shared accommodation. Like it's the first maybe year or two that you're paying your own bills and things like this. And we don't talk about, you know, how much risk that has when you don't do the things that a business wants you to do.
[00:34:42] Bec: And they're also in charge of paying your bills and adjusting for inflation.
[00:34:46] Chris: Yeah. Well, and just how scary it is, right? Even if they are gonna do the right thing. I think especially earlier in your career, you don't necessarily know that. You don't even know that you can say, Cause I've definitely had situations where I could have pushed back and said no and didn't realize that.
[00:34:58] Chris: And so kept saying yes. And then, you know, the person on the other side is like, Oh, this person's eager, they're going after it. Like, they're not gonna stop you necessarily. Right.
[00:35:05] Bec: Yeah.
[00:35:06] Chris: But speaking of, of time sheets and, and boundaries, we are, uh, out of time today. So Bec, thank you so much for sharing your story with the Imposter Syndrome Network.
[00:35:16] Chris: I have a bunch of notes here about organizations you're involved with and, and talks you've done and things we didn't get to talk about. So I think we're absolutely gonna have to have you back on for the meantime.
[00:35:25] Chris: Thank you to all of our listeners, uh, for your attention and your support. We do have a LinkedIn group for the Imposter Syndrome Network that we'd love for you to join and get or give career advice, mentorship or just general community support.
[00:35:38] Chris: Before we close out Bec, though, I, I am curious.
[00:35:41] Chris: As you were describing kind of, especially the early parts of your career, you mentioned things like, you know, like going into the computer hole and, and not knowing what was going on in these other areas and, and maybe this disadvantage of folks who have had other careers that came in, but then also, you know, this idea that maybe you didn't know computers to a professional enough level to actually work in that field.
[00:35:59] Chris: A lot of those things you said sound a lot like imposter syndrome to. And so what I'm curious about is what you do when you feel that imposter syndrome kicking in. Cause you seem to have a pretty healthy relationship with it now, and I wonder if there's, you know, any strategies you use or if it's just laughing it off or, or, you know, do you even notice it?
[00:36:17] Chris: I guess maybe.
[00:36:19] Bec: I think for me, the biggest thing, it's like I described before, when I go into meetings now, I just, like, I, I walk here and I, you know, I'm Bec. I'm a security person. I like to eat crayons. I have no idea what's going on. And just like, I think for me, the minute that you are upfront about your knowledge and understanding, you take away everyone else's power to use that against you.
[00:36:45] Bec: Because like every time I go in and I'm like, Hey, like you know, I've read through this design or this, I've read through all of these docs that you have. I have no idea what half of this means. Can we sit down and talk about it? I've basically taken away anyone's ability, Not that they would, but I've taken away their ability to go to like my manager and be like, This person doesn't know what they're talking about.
[00:37:05] Bec: It's like, yes. I preface that whole conversation with that. And so like, I think just being able to acknowledge. You're never gonna know everything. There is no expectation apart from like the fake rules of the world and society that are telling you that you need to know everything. Like there's nothing that actually says that you need to know everything.
[00:37:29] Bec: The point of your job is to like provide advice and feedback and talk to the people that you work with. I think once you start to like become more comfortable doing that, The imposter syndrome starts to it. It never goes away, but it, it loses a lot of its power over you because suddenly you are saying like, It's okay.
[00:37:51] Bec: That, I don't know, I can ask people and they will help me know. I think, yeah, that's, that's the main thing. I think that's the main way that I manage it is just like, I don't know what I'm doing and that's okay.
[00:38:02] Chris: Right. And so, yeah, that sounds to me like genuine humility, right? Just, just really fostering an actual humility in yourself and not putting that pressure to have to know everything.
[00:38:11] Chris: Yeah. I like that.
[00:38:13] Bec: Yeah, and I think, I think for me, a lot of it comes also from the fact of just, there are people around me who watch how I work and take that away as how they should work. And I think for me that's a, that's a really big driver to make sure that I am like embodying as best I can, these good patterns of behavior, because I don't want those people to ever feel like I did when I started.
[00:38:44] Bec: I want them to know it's okay to not know. I want them to know it's okay to ask questions and feel out of your depth and to have tools. Combat that and just know that it's safe. I think also that constant reminder of if I don't know and someone has a bad reaction to that, that says more about them than it does me and my ability to operate.
[00:39:09] Bec: Yeah, I think those are the main things.
[00:39:11] Chris: Absolutely. Yeah. Thank you for that. I, I know that you're on Twitter and you have a blog. Are there any projects that the Imposter Syndrome network should know about? Or, you know, where would you like folks to reach out to you, if at all? Any kinda last, uh, pointers?
[00:39:25] Bec: Yeah. I feel like I'm not very often on Twitter. I'm now out digging holes in my garden and learning how to become a subsistence farmer. Um, If you, if it's a non-time sensitive thing, you can always message me on Twitter. I'll probably get back to you in like a month or two, but I'm also regularly running another.
[00:39:47] Bec: Podcast or or show called the OWASP DevSlop Show and we talk to people in the industry about their experiences and some of the things that they know about. And so you can also check that out. We generally stream once or twice, a twice a month. And that's a really good way, I think as well, to just see what other cool things people are working on in the industry.
[00:40:09] Bec: And yeah, I think that's really it. Like you can always contact me on Twitter. You can always check out the OWASP DevSlop show.. And yeah, I'd be super keen if anyone, um, any of the listeners have like questions, comments, or anything like that. I always enjoy having a good chat about some of these like issues and like cultural issues at work and how to sort of resolve them or how to at least work through them.
[00:40:36] Bec: So, yeah.
[00:40:37] Chris: Fantastic. We'll be back next week.