Our guest today is Dominik Pickhardt, an InfoSec architect, and a recovering network engineer.
Dominik takes us through his career path, from IT helpdesk and structured cabling to network security.
We dive into the importance of being connected with the international IT community and the value of personal growth through unexpected avenues like role-playing games (RPGs).
He also emphasizes the lessons learned from failures, the importance of thorough testing, and the value of sharing "war stories" with peers in the industry.
I think from I learned much more from my failure than from my successes.
You have to sometime break something to learn from it, and you will not do that again.
Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)!
We'd love it if you connected with us at the links below:
Make it a great day.
This was transcribed by machines, including any and all mistakes:
[00:00:00] Chris: Hello and welcome to the Imposter Syndrome Network Podcast where everyone belongs, especially if you think you don't welcome imposters. My name is Chris Grundmann and I'm here with my co-hosts with the Mostess. Zoe Rose. Hey. This is the Dominik Pickardt episode and it's going to be a great one. Dominik is an InfoSec architect and a recovering network engineer with years of experience across many industries, and he's joining us today from his home in Berlin.
[00:00:42] Chris: Hey, Dominik, would you mind introducing yourself a bit further to the imposter syndrome network?
[00:00:47] Dominik: Hey, my name is Dominic. I'm here from Berlin at Network Autobahn on the Twitter. So I had the joy to meet Zoe and Chris multiple times on Tech Field Day events. Recently I met Zoe in Amsterdam in her hometown, which is pretty nice.
[00:01:03] Dominik: And yeah, and uh, the first time I actually listened to your Imposter Syndrome Network that. Actually a very good one and I need to join that club. Yeah,
[00:01:12] Chris: awesome. Perfect. Thank you. That's, uh, good to hear. And yeah, that's actually where I wanted to start today with the thing we have in common, which is tech field day.
[00:01:20] Chris: We've all been delegates as you mentioned, and we've also, I think all of us appeared on Gestalt it webinars and podcasts and things like that. And actually Dominic, I think you were there at the security field day where Zoe and I decided to start this podcast. So you've kind of been involved from the beginning, whether you knew it or not.
[00:01:37] Chris: And that's where I'd like to kick things off is kind of with your TFD story, call it, how did you get involved with Tech Field Day and what have you gotten out of it so far?
[00:01:46] Dominik: Yeah. So it's kind of crazy if you are, let's say, foreign, not in the us. So the first things, uh, kind of, I watched the first things and never had an idea that I could join.
[00:01:58] Dominik: The Tech Field Day was always kind of a US thing and very far away. And so on. I was working at this time for the German government. Yeah. And yeah, started just my blog. And even social media, I was kind of, for me, not the big presence. And so, and I just texted the Gestalt IT, uh, mailer and said, awesome event. I really like it and so on.
[00:02:23] Dominik: And then reach out to me and say, Yeah, we will fly you in. Let's come on. Let's come to the next event that we do. And yeah, that was kind the start of the story. I think it's all about building communities. It's one thing with vendor presentation and the tech and the other thing like we together to build communities, to meet people.
[00:02:45] Dominik: Um, it helps really if you talk to other people, smart people that are having experience in other directions or just seeing stuff from other perspectives. So this is, I think, the real magic about this tech field day event. It brings together people and exchanges ideas, and that's really, really a good, good event.
[00:03:06] Dominik: Yeah.
[00:03:07] Zoe: Yeah. From my perspective, when I met you, I don't remember the first. Time I met you, but I remember seeing you and then sitting down with the presentation and you always had such brilliant questions and I always felt like, Quite shocked because I feel like a lot of times when I'm sat there listening to presentations, I've gotta take a minute to put myself into context of what are they talking about.
[00:03:30] Zoe: And I always feel like you're, I don't know, you're, you seem to have a really good presence and a really good ability to quickly pick up what they're talking about in the context and ask really beneficial questions. So I suppose my question to you is, do you ever struggle with. Knowing how to present yourself in, like how can you sit there in front of a camera with X amount of people watching on the stream and admit, okay, I need to ask a question, but how do I ask a question with never not feeling like you're.
[00:04:04] Zoe: Being silly in your question asking.
[00:04:06] Dominik: Yeah, totally. I think it's all about a lot of the topics you don't know in detail. You are not, uh, super expert. Yeah. But it's also to, to have at least, um, understanding what this is about and then dig into things that are interesting and have a general. Understanding in my, let's say I'm now a couple of times, so I'm already one of the, uh, longtime Gestalt IT guys.
[00:04:33] Dominik: Yeah. But it's all the same. Yeah. If you see the technology, it always comes in waves. We have kind of the same ideas coming over and over again. And often if you understand the fundamental how things are going together, it helps you, uh, yeah, like in, uh, and all the ideas brought up again and discussed again. And, and I think I always try also to have an fresh view on things.
[00:04:59] Dominik: Yeah. So, um, often when, when people presenting something where they think, oh, that's, uh, the brilliant idea. So in my head, I try to compare this to the fundamental, where is this coming from, what it is all about. Then translate this to what is the new aspect that they are bringing with this new technology.
[00:05:19] Dominik: That's kind of my approach.
[00:05:21] Zoe: No, that's a really good point. I, I find it funny sometimes where we're sat down and we're like, I, I could hear, I could see that other people chatting in the chat being like, What use case are they actually bringing here? And then we figure it out and then we're like, oh, okay.
[00:05:34] Zoe: And then everybody is like, oh, I've seen this before. And that, and that before and that, and so it's really cool seeing the different almost generations of techs. Cuz I, I've put myself more in the junior side in our grand scheme of things, cuz I only have, what, just over 10 years and you guys have an exceptionally longer time than I do.
[00:05:52] Zoe: So it is really, really interesting. Uh, that kind of brings me to a question about, uh, career and your kind of journey. Um, why did you get into tech? Was it something you always wanted to do?
[00:06:05] Dominik: So I think it was a bit of all call accidentally, so I was like, like many people starting after work in Germany, you have to go to the Army or you had to go.
[00:06:17] Dominik: They, uh, don't do it mandatory for one year or you could go 14 months, uh, in a social environment. So I was in a hospital, big one here in Berlin, was doing IT staff support. Yeah. It was my first thing and then later I was, uh, at the university. And the university computer science is very mathematical. Then I was getting an opportunity to, to join a company, but they have here in Germany, kinda you start.
[00:06:47] Dominik: Your work and you do a two year, let's say, on the job training, and after that you get a state certificate that you are allowed to do a certain job. And in this job, first I was. University where you just have theories. And in this job they said, okay. The first six months it was a cons consulting company, which was also doing all sorts of cabling jobs and so on.
[00:07:13] Dominik: So the first six months I was just doing cabling. Yeah. And I said, oh, crazy. And fiber splicing and so on. And at the first spot of it, I kind of didn't like it. But afterwards, I have to say it's really good to understand the basic, how the structured cabling is going. So later in my career, it really helped me a lot to understand how yeah, networks are built and how this all got together.
[00:07:41] Dominik: Yeah, like many people, I was in a consulting shop. Firefighting. Yeah. Most of the time you were dragged in. Don't tell them that you just work class for one year. You are senior expert and you have to, to move around and uh, just yeah, help wherever you can and make things work, but it's intense. But you also learn very quick a lot.
[00:08:04] Dominik: Yeah. So I was doing security networking stuff. And yeah, like many people, I had kids and searched for something more, um, let's say where I can rely on work hours and more family friendly. So then I worked for a long period of time for the German government, which was also kind of interesting because in, in, in this you have a very big network.
[00:08:31] Dominik: Yeah. Bigger than most enterprise networks. And you could also learn a lot from, just from the side of it and. It was, uh, kinda a good time. I learned a lot in, in, in this also. This was the time I had the time to do some social, uh, let's say stuff like adding an account, starting a blog, going to Tech Field Day, and so on.
[00:08:54] Dominik: So from that time, yeah. And then, uh, from the government work, I returned to the, to the business side of thing, working now for an international law firm. Of course it is more 24 7. It's more demanding and kinda more of that side of things, but on, on the other hand, You also learn in an international company a lot of new social skills.
[00:09:18] Dominik: Yeah. You have to deal with people from a lot of different corners of the world. And that is also kind of exciting. The side of the tech. It's, uh, a lot has to do now social engineering is always a bit negative, but I would say social skills. Yeah. With people to, to understand how things working, how things are getting together.
[00:09:42] Dominik: The world is built on trust. How to convince people in cybersecurity. I would say it's just half the way. If you sort out the tech, the other half of the way to make it something secure is to sort out the social relationships and trust inside the corporation. Yeah. Or organization.
[00:10:03] Chris: Yeah, absolutely. I, I couldn't agree more.
[00:10:05] Chris: We've talked about that quite a bit. I think Zoe and I both on the podcast over the last few weeks and months, which is that, you know, a lot of us kind of came to tech maybe to hide away from people at least initially. And then learned that, you know, real success actually came from figuring out how to deal with people.
[00:10:22] Zoe: Literally my journey.
[00:10:24] Chris: Yeah. Right. But I'm interested, right? I mean, so you, you started on that it help desk. And, and kinda got into structured cabling and, and really was like a network engineer at first. I mean, I know you wore a lot of hats and I wanna talk more about that here in a minute, but kind of started on the networking path and now you're more kind of full-fledged security.
[00:10:41] Chris: And I wonder, you know, if you could talk to us a little bit about that transition of how you kind of went from networking to security, why that happened, you know, was that kind of another accident or something you really intentionally pursued, or what interested you about security to bring you over to that side or, you know, just anything about that transition?
[00:10:57] Dominik: Now, so like for many people it started with network security. So first building a lot of data center. Then of course there's always the portion of firewalls that you came from, and that was driving me a bit into the security world. So you start with, with this background of network security and then when you start working more on security focused stuff, you see there's the whole world.
[00:11:24] Dominik: It's very broad world in security. You have to wear so many hat I'm talking about when it comes to technology, endpoint security, uh, logging technology, VMs, all that stuff. Yeah. So it's very broad and you have this whole compliance world. And you have a lot of the auditing world and it's own parallel. Um, I think in security, what I like about this is kinda you're doing a bit of everything.
[00:11:54] Dominik: So if you are, let's say a storage specialist, in most cases you just do this one thing and you do it very good. In security, you have to work with all the teams. It's an multidiscipline, interdiscipline, uh, topic. Yeah. So you have to, let's say, at least be a bit informed of if you talk to a developer, what are their terminology, what do they care about?
[00:12:21] Dominik: And so on. And, uh, maybe on five minutes later you have a, a discussion with the storage people and they have. Very different things that they, uh, care about and so on. So it, it's kind of also changing your perspective very often, wearing many hats and let's say you sort out all the technology to make something secure.
[00:12:42] Dominik: Then you have also to have the organization, the processes, all that sorted out. So I think to understand how all these pieces come together and how you build one layer over the other. This is kind of interesting for me. Yeah. So this whole concept and yeah. My background is networking and I think this is a very good fundamental knowledge that most security people should have.
[00:13:08] Dominik: Yeah. To, to understand how or going. But of course also we have so much, uh, when I look at all the hacking scheme and how exploitation is working and so on. By, um, no matter I'm an, uh, expert in, in that field, but I can at least understand e uh, on how it's work, how the methodology is, how these people think, how they do something.
[00:13:32] Dominik: I can do. Yeah. Even I'll give you an, uh, basic example. Pen testing. Yeah. Uh, some people doing this for living 24 7. I'm not, yeah. But I can at least understand what is their methodology, how, how do they. Interact with something and so on. And as a security person, this is also what I like. If you can choose kind of the areas in that you focus and you can also kind of put your career in a specific corner.
[00:14:04] Dominik: Yeah. So there are so many opportunities if you like, I don't know, to do application security more. You can go in that direction. Or you do more compliance, whatever it's you need. So this is kind of for everybody who's starting new cybersecurity business, it's so broad and you have to know so much stuff.
[00:14:22] Dominik: And sometimes it's a convincing, uh, conversation with the CISO to, to get the funding and the money to, to buy something that you really need to, to make, uh, things better or more secure. Yeah. So it's challenging with all that stuff.
[00:14:38] Zoe: I would agree with that statement, that final statement. I feel like. Out of all the years that I've worked in technology, working in security, I have made the most PowerPoints.
[00:14:49] Zoe: So actually that's a huge part of security. But, but I do, I do agree with that point also about choosing the area you want to work in to. I think sometimes people get intimidated because security is so vast and there's literally no way you can know everything, but you can know specifics about, like, it's, it is almost like, um, You have that broad understanding.
[00:15:13] Zoe: You don't have the depth in all of the areas, but you have it in certain areas that you're good at. And that's what I've taken away from kind of figuring out my place in my career is, uh, recognizing where my limitations are, but also recognizing that even though it's not considered the sexy side of security, I like it.
[00:15:35] Zoe: So it is to me, you know, I like documentation. I know I'm a weirdo. I like networking. I like collaboration, and so figuring out how I can work together in an organization in a secure way is really interesting to me. So doing that threat modeling, figuring out what works for that situation. Some people find that really boring.
[00:15:57] Zoe: And I think sometimes in our career we've kind of, or sometimes in this career, we've kind of almost put a limitation by saying, oh, it's red team or blue teaming. You know, you're offensive or defensive, and that's putting everybody in a little box and not allowing them to realize that maybe they like pen testing and they like building a network.
[00:16:17] Zoe: You know, maybe they like this and they like that. It doesn't have to fit within one little category.
[00:16:23] Dominik: What really helped a lot is putting myself in the shoes from somebody else. Changing the perspective. Yeah. Not to always think from, I don't know, compliance or whatever. Sometimes to have the view from, I don't know, the normal secretary and the office or, so yeah.
[00:16:40] Dominik: Going down these, these steps. Yeah. Another thing also, you need a driver that is pushing you forward in all these discussions. Yeah. For me it's kinda, I like to achieve. Little things. So when I go at home where I take joy in my work, if I say, okay, I've changed this something, I made a difference. This is a little step to make something more secure.
[00:17:04] Dominik: Some people have other stuff that are motivating them for their work, but. I really like to achieve something, to to have the feeling, okay, this is tweaked to the next level, and sometimes this tweaking can even be that you teach somebody cybersecurity awareness. Yeah, you haven't changed anything, but you had a good conversation with the classroom or people transferred some knowledge and they are going out and maybe having something learned from you.
[00:17:33] Dominik: Yeah. So that's also great joy, I think.
[00:17:36] Zoe: Yeah, that in my career that that's also one of the things that I've taken away as being the most impactful was when I did awareness training. That was like teaching people how to hack, not to make a little hacker a army, but to get them excited about a topic that formally they really didn't like, and it wasn't really difficult either.
[00:17:57] Zoe: It was building a little tiny lab, doing very simple things, and it was so rewarding. So I think, I think it's also kind of putting in perspective as to what actually brings you joy.
[00:18:10] Dominik: Yeah. I think about hacking because you brought it up. Hacking is, for me a mindset. It's not a specific skill, it's a mindset.
[00:18:17] Dominik: Not use things in a way how they are supposed to be used. To tear them apart into little pieces, check out what loopholes you can find and so on. This kind of mindset. Yeah, and it's hard to transfer this to people, but if they understand that this is a methodology, I think everybody can learn hacking skills.
[00:18:37] Dominik: Yeah. At the end of the day. Hundred percent.
[00:18:39] Chris: Absolutely. I think so for sure. And I really like that. I've never heard anybody say it that way, that it's a mindset, but that's definitely how I understand it, right. Is it really? Hacking is all about. Repurposing things for things they weren't intended to be used for in all kinds of ways, right?
[00:18:53] Chris: Whether it's physical or, or virtual or, or software or hardware or whatever. You know, talking through this, Dominik, I mean obviously I think you have a lot of confidence in, in your abilities and you've been able to kind of work across a lot of different areas of technology and so you've picked up a lot of skills and as Zoe pointed out, right, you're one of the most confident speakers we've seen as kind of a delegate in in some of these events, and being able to ask questions and kind of put yourself out there.
[00:19:14] Chris: Seeing things through other people's eyes. And I wonder kind of with all of that as a backdrop and all your years of experience, do you ever feel like you are not smart enough or feel like you're out of place or, or feel like an imposter?
[00:19:26] Dominik: Yeah, I think every day. Every day. So, uh, I would say there is so much to learn.
[00:19:33] Dominik: Yeah. And you always stumble about new stuff and we grow with that. Yeah. So don't take it as a negative. Take it always as a positive. So I still can remember my first Tech Field Day where we had. All the big guys in, in the rooms and like Zoe was saying, yeah, when, when they have a deep dive discussion on routing protocols and you think your routing protocol knowledge is just, uh, let's say rudimentary.
[00:20:01] Dominik: It's, it's kind of, uh, yeah. Hard to follow up. But at the end of day with all these smart people and so they have also fields where they don't have this expertise and I, what I really like, if you go to people and say to them, okay. I'm not the expert here. Can you maybe help me with that? A lot of the times on conference and so on, the people are helpful.
[00:20:22] Dominik: Yeah. You met somebody. He has a big name. He is maybe the inventor or has written the RFC for a certain technology, but most of the people, if you reach out to them, have a technical discussion. Most of them are super positive, helpful, and of course, You have to, you cannot come with first level questions to somebody who is already at the high level.
[00:20:47] Dominik: Yeah. You have to, to adopt a bit who you ask in your journey. So in mentorship, of course it'll change you. You start with people that bringing you the first steps on a way, and then of course you're getting more expertise and it's rising higher to whom you reach out and so on. It's a journey.
[00:21:06] Zoe: Yeah, definitely.
[00:21:07] Zoe: Definitely a journey. I had a, a kind of a, a linked question. Is it regarding, I mean, from an external point of view, you're very impressive and it's really cool sitting with you in these tech field day events and hearing your perspective and hearing your questions. But is there ever a time that maybe you weren't as confident and maybe you actually made a massive mistake or maybe you screwed up quite?
[00:21:34] Zoe: Drastically. And how did you recover from that? And maybe how did that affect you?
[00:21:39] Dominik: Yeah, so giving you an example, we were, uh, I was working for consultant for a unnamed big hospital here in Germany, and they wanted to send out a little message that is that the PC go or on sleep before the maintenance thing.
[00:22:01] Dominik: So, yeah, we programmed a little message, uh, let's make online packet. Okay, checked out, looks easy, let's send it out to everything. But in the moment, we sent it out, there was a massive electricity peak, and then the breaker comes in and the whole hospital was going for moment down and had no power until the massive ups and the diesel engine kicked in.
[00:22:26] Dominik: And when a diesel kicks in and enter this status and it's super loud. So yeah, we felt very sorry about this and had to explain.
[00:22:34] Chris: But wait, did the message cause the power to go out? Um, uh
[00:22:37] Dominik: yeah, because too many PCs were shut down at the same thing at the same moment. And then there was caused like a spike back.
[00:22:44] Dominik: Yes, yes.
[00:22:46] Chris: Oh man, that's a wild one. That's brilliant. Oh man. Because that's one of those things, like you usually, when an outage happens, I mean it sucks, but it's contained to the virtual world and this is an outage. Yeah. That's spilled over into the physical world. Yeah, that's, that's why, and especially at a hospital where I'm sure there's machines that are plugged in and uh, oh man, I can't imagine.
[00:23:06] Dominik: I was super junior admin, so actually one of my colleagues did the script, but yeah. We are one team. We come together with both. Both at the end, working out and not, but yeah, things like that happen and yeah. Uh, I think from, I learn much more from my failure than from my successes. Yeah. So you have sometimes to break something to learn from it that you'll not do that again.
[00:23:34] Dominik: Yeah. So learn the lesson, test your scripts. Be mindful of how powerful something can be. Yeah. And I think it's, it's, I like to talk about war stories with people because I have not met a single person that didn't have fucked up at one time in his career. Something, yeah. It, it's kind of something we all need to do and yeah.
[00:23:57] Dominik: If you don't fall down, you, you don't learn how to run. Yeah.
[00:24:01] Zoe: It's a, it's an achievement.
[00:24:03] Chris: It's like a badge of honor. Right. It's like a rite of passage.
[00:24:05] Zoe: It's, it's a badge of order, I mean, Yeah, and especially if you're working, like networking for example, like you take down the network at least once you, you have to, that's just a part of being a network person and then the security, I don't know, maybe I have to cause a breach
[00:24:20] Chris: To be clear, we're not recommending that
[00:24:25] Zoe: it will happen. On the flip side of that, on the flip side of that, what's your greatest achievement in your career? It doesn't have to be a big thing, just what's the thing you're most proud of?
[00:24:35] Dominik: I think to be connected in an international community to, to have context. Uh, I, I really like that this is, these days possible.
[00:24:45] Dominik: Back in the day, people had only known. People, their area and so on. And now this, this little security networking community, it's, it's international. It's very nice, very lot of helpful people and I'm humbled to be part of it. Yeah,
[00:25:01] Chris: unfortunately that is about all the time we have today, so we'll basically leave it there.
[00:25:08] Chris: Dominik, thank you so much for joining us and for sharing your story with the Imposter syndrome network. And thank you to all the imposters out there listening to us. We know that your time and your attention are the most valuable assets you have, and we really appreciate you spending them with us.
[00:25:23] Chris: Please do consider joining the LinkedIn group to give or get career advice, and definitely be sure to share this episode with a friend, a family member, a colleague, uh, maybe a student you're aware of who might find it interesting or informative. I do have one more question for you, Dominik, before we shut down completely.
[00:25:40] Chris: Kind of related to what you talked about just a few minutes ago about learning from failures over successes more, but maybe not. What I wanna know is what would you change about your career so far, if you could, and why?
[00:25:52] Dominik: I wouldn't change anything. I'm happy with every moment. So yeah, it's always a journey and a path and yeah, I'm totally, uh, let's say in sync with myself and where I landed, so, It's good.
[00:26:06] Dominik: Maybe I have some spots I would that I will check out on my career path, but so far I'm happy with everything. Yeah,
[00:26:13] Chris: that makes sense to me. Are there any projects that you have going on right now that you'd like us to know about or one to highlight for the Imposter network?
[00:26:21] Dominik: Yeah, you can check out my blog at Network Autobahn, but, uh, I, I would like to share one thing.
[00:26:27] Dominik: Yeah. That really helped me a lot. In, in, in my thing. It, it sounds crazy, but I'm doing RPGs. Yeah. So pen and paper RPGs for a long time. Since I have a group of people I'm doing this, uh, since the late nineties, same group of people and it's really helped me a lot in the job to have this role playing aspect.
[00:26:47] Dominik: To put your mindset in somebody else. Yeah, so sometimes it looks a bit nerdy, very famous Dungeons and Dragon and all that stuff, but I think for keeping your mind fresh, to put yourself in other perspectives, some of this really can help you to, to always be fresh, to have the. Ability to think a bit like a child.
[00:27:13] Dominik: Yeah. To be more curious about things.
[00:27:15] Chris: I love that. That's great advice. I also am a, I'm a big role player, both tabletop kind of pen and pencil, although that's, most of, that's moved to like zoom and things. Now we use, uh, some online tools and things, but kind of try to keep it the same, but also some of the, you know, games and things online.
[00:27:29] Chris: The in-person stuff though is definitely where you really get, at least for me, where you really get to put yourself in. You know, if you're doing it right anyway, I think put yourself in your character's shoes and, and make decisions that you wouldn't make, but that that character would. That's awesome. I, I like that advice a lot.
[00:27:43] Dominik: Yeah, it, it keeps us a bit away from this pure adult thinking and giving us back a bit of the childhood thinking. Yeah,
[00:27:51] Chris: absolutely. All right, so I assume folks can find you on LinkedIn and Twitter also your blog network, Autobon. We'll have all those links in the show notes. That's all Brilliant. This has been fantastic and we'll be back next week.