The Imposter Syndrome Network Podcast

Sean Wright

December 27, 2022 Chris & Zoë Season 1 Episode 22
The Imposter Syndrome Network Podcast
Sean Wright
Show Notes Transcript

Hello and welcome to the Imposter Syndrome Network Podcast, where everyone belongs, especially if you think you don't.

Our guest today is Sean Wright, Principal Application Security Engineer focused on all things.

Sean will share with us his reasons for making the transition from software developer to app security as well as his struggles in securing his first security job.

He will go into detail about his time in college, what he thought of his years there, and the exact moment that he realized how little did he know.

We will discuss how challenging it is for him to describe his career to his family, the importance of knowledge sharing to him, and the difference between a floppy disk and a stiff disk.

-
Sean's Links:

--

Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)!

We'd love it if you connected with us at the links below:

Make it a great day.

This transcript is machine generated and may contain errors.

[00:00:00] Chris: Hello and welcome to the Imposter Syndrome Network Podcast where everyone belongs, especially if you think you don't. We welcome all imposters. My name is Chris Grundman and I'm here with my co-host and cybersecurity Queen Zoe Rose. 

[00:00:24] Zoe: Hey. 

[00:00:25] Chris: This is the Sean Wright episode and it's gonna be a good one. Sean is focused on all things AppSec.

[00:00:32] Chris: Uh, that's application security for the uninitiated.

[00:00:38] Chris: Hey, Sean, would you mind introducing yourself to the imposter syndrome network? 

[00:00:42] Sean: Yeah, sure. Thanks for having me. So I'm Sean. I go by Sean Wright sec on Twitter and, and social media and YouTube and all that. One of the things I do love is sharing knowledge in that. So that's where I am. A bit about myself, background.

[00:00:58] Sean: Um, I started off as a developer. Basically when I started my career, info security wasn't kind of where it is now, but there was limited opportunities. So development was where I went into. Spent numerous years being a developer, always trying to find an angle from a security point of view. Then got my lucky break probably almost 10 years ago now feel old , and that's kind of where I moved into the application security.

[00:01:23] Sean: So it was kind of a logical shift from development into security and been in there ever since and enjoying. 

[00:01:30] Chris: Very cool. That's actually what I wanna start with is that transition from kind of software developer to application security. You covered it a little bit there, right? That maybe you were always interested in security but it wasn't really, didn't feel like a great path.

[00:01:42] Chris: Or, I mean, maybe start at the beginning of, you know, application development. Why do that? Where did that interest come from? And then maybe we can walk up to kind of what led to the switch over to application security. 

[00:01:55] Sean: Yeah, sure. Um, so. I, I guess I always started like a childhood. I always had a fascination with, with computers and tinkering with them.

[00:02:05] Sean: And , again, probably show my age. We talking about like stiffy discs. I think we wore South Africa, we called the stiffy discs like the, the disc that you shove in before CD-ROMs and then CD-ROMs came out and you had the side cars and all that, and you tinker with the computers and that. So I always had a joy of tinkering with computers. 

[00:02:24] Sean: And that kind of led me going into, uh, university Bachelor of Science. So like, it didn't even think about a bachelor science in computer science. Like it was a no brainer for me. So that, that's kind of the direction where I took. And one of the things around that is you get exposed to so many different things in that degree.

[00:02:43] Sean: You get exposed from like the lower level staff to development, to networking and all that. Unfortunately. The security aspect was very limited though in my three year undergrad Bachelor of Science, the closest that I came to doing any sort of security was cryptography, . Let's face it, if if you're not very good at that, that it'll probably put you up for it for sake, for quite some time.

[00:03:07] Sean: But luckily I found it interesting and where like InfoSec really kicked off for me was in my honors year. The fourth year at Postgrad, we had a course on network security. And it was really, really interesting and that's where it parked my kind of interest in these things. And we spent loads of time together as a group finding vulnerabilities on the internet, exploiting them.

[00:03:29] Sean: We didn't really go into too much depth of like what the actual vulnerability was of how they exploit work. We had a rough understanding, but we had loads of fun around that. And that really peaked my interest in security. And that was when I decided like, this is for me, this is where I want to get involved.

[00:03:45] Sean: But unfortunately at that time, like the only way you're got in security at the, at that stage was really niche consulting type roles. So there was nothing around job wise available for, for the likes of myself. And also coming outta university, you're trying to get that first job. You don't really care what it is.

[00:04:06] Sean: You just try to get that very first job so you can get on the career ladder. And that's kind of how it worked out for me. I started my first job. Actually working while I was still finishing off my honors. So yeah, as I said, you just grab that first thing. And then try to include security as much as possible along that journey.

[00:04:26] Zoe: That's really interesting to me, cuz I, I, I've done a lot of, or as you know, I've spoken a lot about developers and security with development and it's always, it's getting over that initial hurdle of, um, wanting to care about security. So it sounds like, well, I've just said it's been kind of your interest from the start even.

[00:04:44] Zoe: You said it was a little bit hard to get into it though. Was that because of where you physically were and the opportunities or did you meet Um, a lot of like, um, I guess hurdles of like, uh, you don't have a certification in security or you don't have this in security, and that's why it was more difficult. I dunno.

[00:05:00] Sean: Um, so I think it was a numerous combination of things. So certainly, um, the, the time, um, security was nowhere near where it is today. Um, and maybe location, cuz at that time was based in South Africa, so maybe the security field was a bit younger than maybe the rest of the world. But I think a large part of it was also around the view of security.

[00:05:24] Sean: So I remember going up to, uh, my boss at the time. It was a large retail company in South Africa, one of the biggest, and I showed them this vulnerability. And this proof of concept top exploits on our test environment saying, Hey, look, yeah, look what I can do to your entire company. Like shut down every single point of sales system in your entire company.

[00:05:46] Sean: And that should set off alarm bells. Like, oh my gosh, this is like something that I have a massive negative impact on our company. And all I got was a shrug of a shoulder, and that's kind of the things that you, that I found. I was dealing with another, the very first company I was working for, I said like, look, you need firewalls, you need all of this.

[00:06:05] Sean: And their response was, who's gonna attack us? A few years later I found out they got asked by their hosting company to shut down their porn servers. So , that was an interesting take. Yeah, the, I think a lot of the time it, it's, the opportunities aren't there and they aren't there for, for reasons like business reasons and that, and I totally get it, like the business needs to grow, then business needs to move forward and it's also times, times have changed.

[00:06:33] Sean: A lot of those arguments today probably wouldn't stack up very well. 

[00:06:37] Zoe: Do you think that the lessons you learned from a role that wasn't exactly what you wanted being the development, you're good at it, but it wasn't where you wanted to be. Do you think that it really, um, helped you with your security career being the role that you wanted more?

[00:06:50] Sean: Yeah. Yeah. Um, So this one you always gotta be careful cuz like I see like, oh, you can't get into security unless you know development or you can't get into application security unless you know development. In fact, one of the best people I worked with wasn't really a developer, but at the same time it definitely helps, like it helps you grasp the understanding of.

[00:07:09] Sean: How these different vulnerabilities work. And then you can also do other things around it. But at the same time, I am very wary of like that gate keeping, that we can't have that. Like yes, it helps, but there are many other things that you can do, can equally help as much. So yeah, it's something I would highly recommend, but if you don't have it, it's not the end of the world.

[00:07:29] Sean: There are other ways that you can contribute. 

[00:07:31] Chris: Yeah, that's fair. So, actually I wanna dive back a little bit. So one, the stuffy discs is hilarious to me. We call them floppy discs in the us I like stuffy discs a lot because you know, the very first ones right, the five and a quarter were actually kind of floppy, um, but not really very floppy.

[00:07:50] Chris: And then of course, the three and a half inch drives we're not floppy at all, but both of them, you did stuff into a computer. So I, I think South Africa could probably be got it right there. That's that's funny. 

[00:07:59] Sean: It's not stuffy, it's stiffy. So the, the F floppies were floppy and the stuffies were rigid. Stiffy. 

[00:08:05] Chris: Oh, that's even better.

[00:08:06] Chris: Okay. I get it now. There was the floppy and then the stiffy. So the stiffy is the little one. Okay. Yeah. It's all coming together. It's all clicking . Um, so another thing that might be different in South Africa, or maybe not, that's where you went to school, right? We've talked to quite a few folks and a lot of folks in it today who, who have, you know, have been in it long enough to have like some successful careers under their belt, like, like yourself.

[00:08:27] Chris: A lot of them didn't go to college or university at all and just kind of fell into it. Maybe they got certifications, maybe they didn't, maybe they just learned, you know, through, through the ropes. But you mentioned that the degree did give you some good, you know, information around kind of it in general or technology.

[00:08:41] Chris: So I'd like to understand that a little bit more. I mean, what did you get outta college and what didn't you, right. Were there any areas that were, you know, you wish you would've learned something or wish you would've got exposed to? Obviously cyber security was one a little bit, but I'd love to understand that college experience a little bit more.

[00:08:53] Sean: Yeah, sure. Um, so I think one of the things I, I look back at my degree now and there's some areas that I'm really frustrated about. As I mentioned, like I went through three years of collage and we didn't really touch on anything security. Like SQL action, cross-site scripting, all of that. We didn't touch an entire three years.

[00:09:13] Sean: So I, I could have left my entire degree not knowing what SQL injection was. Cross-site scripting, no. It gets even worse. Like we didn't learn what HTML was or XML until my honors year and, but we were learning things like mass, which , sorry. All vast levers out there is totally irrelevant for most jobs out in the field, be it security or development like I've never used trigonometry in all my years of development and InfoSec, but I use like HTML or XML almost on a daily basis.

[00:09:45] Sean: So for me, that's one of the things that's most frustrating I find about my time at university is you're learning all the stuff that some you may say is not even really relevant and all the stuff that you find is relevant, you're not learning. And that's why like when probably my best point in my entire university career was we got our, our Bachelor of science and we did our three years and we were walking around and we were like, yeah, we got a degree.

[00:10:12] Sean: We know everything. We are the best. Blah, blah, blah. Within two weeks of our honors to yeah, we like, yeah, we know nothing. We absolutely know nothing. Um, and that was the turning point. I think what I learned in that single year, I learned more than my entire three years. And part of that was just the way the, the kind of way we had to approach things was totally different.

[00:10:36] Sean: We literally got going, here's this project off you go and do it. And we had to learn how to pick up and learn things. And that to me is not something that you can teach. That's something you have to pick up yourself, but is invaluable tool, especially in our our industry where things are changing so quickly.

[00:10:53] Sean: The ability to just go like on Google or something and start picking up all this information and processing it. To me, that was the turning point in my entire four years, and that's the thing that sticks with me the most. 

[00:11:06] Zoe: I like that actually. I came from a different route. I was an IT manager and then I went to college, which totally makes sense.

[00:11:14] Zoe: I know, and I remember thinking like a lot of the things. I had the benefit though a lot of the things that I learned were outside of the scope of what I wanted, but actually hugely benefited me. But I remember thinking like, oh, why don't they talk about like the normal business, you know, soft skills, but actually they're harder.

[00:11:32] Zoe: And the how do I learn something versus just filling in a spreadsheet or, you know, like those kind of things. I thought, uh, that was interesting. But we've had that discussion a couple times as academia and real life don't always align. Yep. And so it's almost like you have to choose the right university or right college without knowing the, you know, what you're doing as well.

[00:11:52] Zoe: So it's almost like it's own challenge or own skill sets. I wanna look at your current role and highlight what do you love about your current job. 

[00:12:02] Sean: Um, it's a good question. . Some days I just wanna pull my hair out to go... but, um, I think one of the things that I like about it is just the, the range and the diversity.

[00:12:15] Sean: Like me as a person, I get bored pretty quickly. So having something that I can pick up new technologies, learn new things, and it's not just that I have to context. The context switching sometimes can be a problem, but also can be a blessing. Like I can pick up new things, exciting things, like for in, for example, if there's like some critical vulnerability that comes out, I'll go off and do a bunch of research around that.

[00:12:40] Sean: So I understand that in terms of our company and how it affects that. I also have tools that I need to look at and technologies and helping people and all that. So it's, it's that broad range as well as being able to get really in depth in some of these things from a technical point. It's, it's difficult to it, but I guess that's the best you could put it at.

[00:13:01] Chris: So to kind of follow onto that, what do you wish you could do more of or maybe less of? Right? What, what do you, what would you change about your current role in application security if you could? 

[00:13:10] Sean: Um, I think one of the things that is challenging, and I get it, but it's that conflict sometimes when you're dealing with other departments, especially around development departments.

[00:13:23] Sean: I think there's historically been a lot of friction and trying to break those barriers down is difficult. Getting them on board. Thankfully it's getting better, but I think all too often there's so much time wasted in that. I mean, I've literally had arguments or let's say debates, probably a better way of putting it with people against, um, fixing of vulnerability and where I'm like, the amount of time that you put in into.

[00:13:48] Sean: Trying to justify why you're not gonna fix it is far more than actually just going off and fixing it. But it's like kind of those things can be a huge time sink. It's, uh, unefficient creates friction where we really should be all working together to, at the end of the day, we're trying to achieve the same thing, right?

[00:14:06] Sean: We're all working for the same company. So I think that would be the biggest thing that I want to try, remove and get rid of. 

[00:14:14] Zoe: It's the perception, isn't it? It's like, I'm working with you. I want to work with you. This is an issue. Let's work together to fix it. That was a point that I really liked when we had a chat a bit back when I was building a talk that I was working on about security and development, and that was a point I really like that you made is essentially, we all have the same goal.

[00:14:33] Zoe: We just come about in a different way and let's work together and get to the point to succeed. Talking about perceptions. This question I really like, and I think yours would be interesting is what would a normal person think You do? What, what's, what does your mom think you do? 

[00:14:48] Sean: Oh, good. Uh, um, just, well, I can tell what my partner thinks I do.

[00:14:55] Sean: She, her quotes, I sit on my chair all day tapping away into a computer. That's it. Uh, well probably thanks a lot. The St. La just do stuff on computers. Therefore problem solving when her computer goes wrong. Yeah, , I've tried to explain. I, I can't get very far to explain it. Probably a lot to do with me explaining pretty poorly.

[00:15:21] Zoe: That's basically what my daughter thinks. She sits at my desk and she just hits my computer and thinks that's what she thinks I do. I follow you on Twitter obviously, cuz you're amazing. And I see you post a lot about like obviously what's going on in the industry and you have opinions about what's going on.

[00:15:39] Zoe: Do you find that, um, service security research is actually kind of, Almost a hobby as well as your job? Or is it something you separate quite a bit where you do it for work and not for play ? 

[00:15:49] Sean: Um, I would say that at times it's a hobby, so there will be times where I'll go off and do my own little rabbit hole research into some sort of tool, product, whatever.

[00:16:01] Sean: And that's done entirely in my own time. But there are times where whatever researcher might start off in my own time. Kind of morphs into my current role. So for example, like the commons text stuff, I spent a lot of, quite a bit of time like researching that 10 hour effects. But that actually played some part in my role.

[00:16:21] Sean: So there, there's an overlap certainly in some things, but not all things. Yeah, like the recent open SSL thing as well is like trying to keep, keep a handle on that because yeah, that pretty much affects, had the potential to affect pretty much all of us. So that's where spending your own time researching that can help you in your role.

[00:16:42] Sean: And also vice versa, like sometimes researching things in the work capacity can lead to helping out outside your role. 

[00:16:51] Chris: Very cool. And I think it's great, you know, so many folks in this industry, I think technology becomes a passion more than just a job. Right. And so, you know, it, it's, it's not completely common, I guess, but, but fairly common to see folks who work in technology, having some kind of, you know, technology related hobby.

[00:17:07] Chris: You know, having a home lab, you know, in your case, um, doing security research for, for fun. I guess. Is there any particular exploit or something you know, you've, you've found in your personal research that you're particularly proud of? Or, or, or that's just interesting enough you wanna tell us about? 

[00:17:22] Sean: Yeah, I, I think the one that's kind of the best that I've found, but I didn't find it.

[00:17:28] Sean: I'll, I'll go to say like, why I didn't find it, but I found it. But kind of thing, uh, was a baby monitor camera. It was the most roll camera and at the top you, the tech person, like, nah, I gotta get teched. It's gonna be the shiniest thing. Got to do all these cool gadget things. On the other half was like, we don't need that.

[00:17:46] Sean: I'm like, eh, we definitely need it. Yes, we entirely need it. So off we got it. And then I started seeing things popping up on my, my Home network. Like I had some, I think at the time was Alien Vault installed, started to see things popular down. I'm like, Hmm, what's. Start taking pro in pro being found. The mobile app wasn't doing certificate validation, so that was vulnerable to machine in the middle attacks.

[00:18:13] Sean: Um, and it was exchanging keys in that, so that, that was great. So I reported that to them and. It did get resolved, and then a while later, again, I noticed some things happening and I started investigating it further. And lo and behold, the actual device itself runs the operating system and it had a whole bunch of vulnerabilities basically, if you were on the same network.

[00:18:36] Sean: You could get the wireless secrets, the keys, um, control the camera, view the camera, feed, all of this stuff. And then to me this is important because it's pretty intimate thing if you're talking about a baby monitor. It's a camera now, thankfully. Hopefully. Most of the people didn't put this publicly on the internet.

[00:18:54] Sean: Some did, unfortunately. And the worst part about that is this is where I've go, like I found it, but I didn't find it, is when I was doing a write up and, and researching and trying to like search for some of the, the models and, and that kind of thing. It turns out that, uh, I forgot the company at the time actually found this years prior.

[00:19:14] Sean: And all these things were there, like what? It's, it's several years later they said they're gonna fix them. They didn't fix them. And yeah, it, it was really frustrating seeing that, but with the help of someone in the media, I managed to work with them who also got Motorolla involved, and eventually all the vulnerabilities got fixed.

[00:19:34] Sean: So that was quite a proud moment for me when I wanted to get these vulnerabilities like on a device that's pretty intimate. When they should have been in the first place, but yeah. Yeah. 

[00:19:46] Zoe: Very cool. Yeah, no, that's, that's really important I think. And that comment you made about, um, working with reporters as well, did you purposely go about that or was it you so frustrated you didn't know where to go and that's how you got there?

[00:19:59] Sean: So I, I, I dunno what it is with companies. So if I disclose of vulnerability on behalf of a company, generally I have like a really good success rate I think. I don't think I've ever had a case where I've disclosed of vulnerability on behalf of my company that I've been working at and never had it resolved.

[00:20:18] Sean: The flip side, if I did it privately, I don't think I've ever had, there'd only be one or two, and those weren't companies that are like open source projects. So companies. Just ignore me. So I dunno what it is. I dunno why. Maybe they think I'm after some money or whatever. I don't know. So there is that aspect.

[00:20:36] Sean: That's really frustrating when you're trying to do the right thing, trying to get things fixed. And I'm not looking for anything, literally, all I'm looking for is an email saying, Hey, thank you for the finding the vulnerability. That's it. I'm not looking for anything more and I don't even get. Yeah, so when I worked with this reporter, they knew people, so it was more of a thing of using contact to make sure the right people were informed, saying, Hey, there's some pretty serious flaws under the right circumstances.

[00:21:07] Sean: This needs to be fixed. And getting the right people involved is often what it takes. And then it got resolved, so I don't even think that report did a, a story on it. 

[00:21:18] Zoe: Nice. How did you connect with them? Is it just somebody who had met or knew? 

[00:21:22] Sean: Uh, through acquaintance. So they, they knew them and then I think I just reached out to them or they might have put me in touch.

[00:21:29] Sean: It's been a, a few years and I can't remember things. . My memory is terrible. 

[00:21:35] Zoe: I know me too. I was gonna ask also about, um, knowledge share. So one thing that, kind of a theme that I know is big with you is sharing knowledge and, um, kind of demystifying and clarifying when people say, oh, it's highly sophisticated.

[00:21:50] Zoe: Oh, it's critical actually. What is the reality there? So part of that is, I know that you do public speaking and also blogging. What's your motivation for that? Or why do you get into it? I, I assume it's part of the knowledge share bit, but what more.

[00:22:04] Sean: Um, so yeah, there's a few things. One of the things I do like doing is sharing and helping others out.

[00:22:11] Sean: That's definitely a part of it. I've done some things that hopefully have helped people out, um, and that's something I'm quite happy about and I don't want anything in return. It's just helping others out. But then there's also a aspect of myself as a person. Like I sometimes can be very OCD perfectionist type thing, which is a good and bad thing.

[00:22:34] Sean: And when I see things that aren't right or accurate, it just knaws at me. I'm like, I gotta fix that. I gotta, I gotta try to do as best the job I can to kind of rectify some of those things. And I'm not always right, like sometimes I might be wrong, but I try to. At least I wanna make sure that any information's put out is as accurate as possible.

[00:22:55] Sean: And I feel it's really important because take for instance, like this open SSL vulnerability the past week or whatever, there was a lot of uncertainty and panic maybe caused about it. Where in reality, look of what, how it turned out, where it's not such an issue after all. And the result is you potentially had a lot of people already stressed.

[00:23:17] Sean: Having more stress piled on them, more work piled on them, and it doesn't help anyone. So I guess kind of roundabout way it comes to helping others and trying to make things better, I guess. 

[00:23:29] Zoe: Yeah, no, for sure. And I think I like the approach you take and, um, I agree with you. It's, it's, it's almost like I've seen a couple times where it's almost like they wanna build up the issue and it doesn't, I don't know, I can't imagine They know that it's, they're overworking it and it's almost like they wanna push it and get their, you know, nice logo, nice icon to say, oh, this is the new name.

[00:23:51] Zoe: But it doesn't end up being as big of an issue. And it is very stressful for people in industry.. And companies cuz they're like, oh, is this gonna affect us? And then you get senior leadership. So being able to have a demystifying, easily understandable blog post or article is, uh, I think it really benefits organizations as well as the individual people.

[00:24:11] Zoe: On that, you're dealing with a lot of new information that you have to rapidly understand and put in context of things. Is there ever a time that you feel like, I really have no idea what I'm doing, or am I right, you know, like that kind of second guessing your opinion of Well, they keep saying it's a big issue and I don't think it is.

[00:24:31] Zoe: So am I missing something? 

[00:24:34] Sean: Yeah, all the time. So one of the things in our industry, like um, is just having that information come on and you almost have to be an expert at everything, which is just never gonna happen and never be possible , most of the time you just try to tread above and keep your head above water so, I try be as accurate as possible.

[00:24:56] Sean: I try research as much as possible, but I'm not always gonna be like that. And there, there are often times where I will sec... Well most of the time a second guess like, did I miss something? Am I overthinking things or am I under or not thinking things through enough? And yeah, like there's been plenty of times where I've, I've completely missed something.

[00:25:16] Sean: And I think it's important that we do that. Like if we always assume we are right, then that's probably a dangerous thing. Because we're human. We, we are gonna make mistakes. There are things that we're gonna miss. There's, there's contacts that we might miss. So this is why I'm a big fan of like community type things where you get different voices from many people and that should help resolve any sort of uncertainty or things that have been missed and that kind of thing.

[00:25:42] Sean: And learning from our mistakes. So like, um, by no means a perfect person to do things perfectly. I make many, many mistakes. I probably make more mistakes than get things right. So learning from those and improving on them I think is really important. 

[00:25:56] Chris: Yeah, I like both of those aspects a lot. Uh, to kind of restate what you said there, right, I think that idea of kind of leaning on the community to help you maybe spot your own misses or, or weak spots and then, you know, Taking everything as a learning opportunity, right.

[00:26:09] Chris: And then seeing that, you know, I actually should be making mistakes. It's, it's the times when I'm not making any mistakes that I start to get scared. Right. That, that's when I'm worried of like, okay, something's weird here. Something's, uh, something's going wrong. Um, unfortunately, we are just about outta time today.

[00:26:23] Chris: Sean, thanks for being here and for sharing your story with the Imposter Syndrome Network. Really appreciate it. 

[00:26:30] Chris: And to all of the imposters out there tuning in, we know that your time and attention are the most valuable resources you have, and we really, really do appreciate you spending them with us. 

[00:26:39] Chris: Now, Sean, before we turn the lights off here today, I, I am curious, you know, if you could roll back the clock or, or open up a, a wormhole and, and whisper something into your own ear, you know, back maybe right before you started university or maybe right when you got out of it.

[00:26:54] Chris: I don't know, somewhere in that early days of, of when you were kind of turning your passion for technology into a career. What advice would you give yourself when you were just starting out? 

[00:27:01] Sean: That's a good question. Um, to be perfectly honest, like I don't think I would change anything or, or, or do anything.

[00:27:07] Sean: It's. It's been a journey and I'm happy where it's gone. I'm happy where I am, and if I did things, who knows how that may have turned out. It might have made things better, it might have made things worse, so hindsight's wonderful and all of that, but I'm also looking forward to the future. There's that as well.

[00:27:26] Sean: So, Yeah, I can't, I can't think of anything. 

[00:27:29] Chris: That's great. And No, no worries at all. I, I, I wonder, you know, if, if, I mean, obviously, you know, things have fallen into place to get you to where you are now. Has there been any kind of, I don't know, did decision making algorithm, any kind of process you've used as far as kind of choosing the next thing so that your career did end up where it did, or was it all just total chaos and luck?

[00:27:49] Sean: I'd definitely say luck has had a large part in it. I'm not gonna dispute that in some many aspects. I got lucky along the way. But I think it's also different things that I tried. So one of the things, and I know people hate Twitter often. For me, that was a massive turning point in my career that changed a lot of things.

[00:28:10] Sean: I was kind of going through the motions and heading that limits, and then as soon as I joined Twitter, it started going me blogs and talks and interacting and networking. Really, that's what it's about, and sharing ideas and that, and helping others or changed. Once I joined Twitter. Yes, Twitter has a lot of negative.

[00:28:30] Sean: Things associated with it, but it can bring a lot of positive. So yeah, like that I guess is the defining moment for me. 

[00:28:38] Chris: I like that. Yeah. And it sounds like a little bit, I mean, obviously Twitter, the platform itself was maybe right time, right place, but the networking in general and kind of connecting with the community of people doing similar things to what you were doing maybe is actually the more important piece there.

[00:28:49] Sean: Yeah, exactly. Twitter's a tool to enable you to do that or launch you to do that, and then once you've got a handle network with people there, then you meet them at cons and, and all of that kind of stuff. 

[00:29:00] Chris: Exactly, yeah. Yeah. And for me, you know, I, I came from a place where I was very socially anxious as a kid, had a really hard time with people at all.

[00:29:07] Chris: And that mediation layer of having the internet between us actually really helped me to form those relationships, which then turned into real relationships. By one kind of mediating that, like Twitter was, you know, in between me and the other person. And also quantifying it, right? Like keeping track of those people and seeing likes and, and that kind of stuff.

[00:29:24] Chris: Which again, there's some negative connotations there, depending on how far you go down that rabbit hole. But, uh, but for me it really helped quite a bit. Do you have any current projects that you would like the imposter syndrome Network to know about? Anything we should, would know about? And if not, you know, just maybe where folks can, can get ahold of you.

[00:29:40] Sean: So nothing specific at the moment. Um, I've got a bunch of talks that I've left the last minute as as typical. Um, so yeah, that's my fault. But hopefully in the near year I'll, I'll be spending a bit of time, um, I do stream or do try to stream every Thursday evening on Twitch and cover different things from like CTRs to new tools to trying to explain some of the vulnerabilities.

[00:30:08] Sean: So I guess if you're talking about projects that kind of an ongoing issue project, trying to just share that knowledge and experience and opinions and that kind of stuff. 

[00:30:18] Chris: Cool. Shoot us a link to how we can find that Twitch and we'll make sure we, uh, put it in show notes so folks can find it easily. And that's it.

[00:30:25] Chris: We'll be back next week.