Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Do It Scared! The Journey from Pentesting Novice to Conference Speaker with Michelle Eggers
122 Plays12 days ago
Mainframe pentester Michelle Eggers joins us to share her incredible journey into cybersecurity, and specifically her niche in mainframe security.
George K and George A talk to Michelle about:
πͺ Her hustle and flow switching careers into pentesting, including 40+ interviews and an intense training cohort
π How she carved out a rare specialty in mainframe security through networking and seizing opportunities
π±"Do it scared" - her advice for speaking at conferences and pushing through imposter syndrome
π³ Why mainframe security matters (hint: it touches billions of financial transactions daily)
If you're trying to break into security, switch careers, or level up your technical skills - you need to hear Michelle's practical wisdom and refreshingly honest perspective on the journey.
ββββ
πβ‘οΈBECOME A SHOW SUPPORTER
https://ko-fi.com/bareknucklesbrasstacks
For as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!
Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.
We appreciate you!
Recommended
Transcript
Embracing Fear in Public Speaking
00:00:00
Speaker
Let's talk about advice to the up and comers who also feel like they want to give talks or they want to do what you've done. What is your advice to them? Do it scared.
00:00:13
Speaker
Do it scared. I am terrified leading up to a talk. I put a lot of effort in, I do my research, I prepare, I practice, and I'm still scared before I get up there all every time. But i so I love doing it too. There's a balance there. It's not just this pure fear response. I'm excited too, but it's hard. It's It's not easy, especially when you're newer in the field and I'm up here and I know there are there are people in the audience who've been doing pen testing or working with mainframe or even just it stuff for decades, actual decades and I'm, you know, on my a couple years in.
00:00:52
Speaker
a history leaning back on the things I've learned, but I have to remind myself, okay, just because they've been doing something for a long time doesn't mean they know what I know. They don't do what I do. I can still show them and teach them what I have discovered in my experience that they don't have, they don't have that experience.
00:01:17
Speaker
This
Introduction of Hosts and Guest
00:01:18
Speaker
is Bare Knuckles and Brass Tax, the cybersecurity podcast that tackles all the messy human bits in cyber. We're talking trust, respect, all the rest. I'm George Kay with the vendor side. And I'm George, a a chief information security officer. And today our guest is Michelle Eggers, pen tester. Not only that mainframe pen tester, longtime friend of the pod, known Michelle a couple of years, really, really, really psyched that we could get her on the show to talk about that journey that she's been on, which has been incredible and a product of a lot of hard work and hustle on her part.
00:01:53
Speaker
Oh yeah, I mean, Michelle's been a personal friend to both of us ah for a bit now and you know, we're both really impressed with her, you know, respectively from both of our different angles.
Michelle Eggers' Transition to Tech
00:02:04
Speaker
um She's an absolute brilliant personality. She's great to hang out with. She's awesome in the business context. She's awesome on a personal level.
00:02:12
Speaker
And I think the really cool part is her career narrative. You know, the fact that she had nothing to do with technology or cyber just yeah you know three or four years ago. And she figured out a niche. She made herself an expert in that niche. And now she's kind of taking over the industry, being an expert in that niche. It's a pretty great episode. We start talking about mainframes a little bit and I didn't even know that we can now digitally test mainframes. So that was really cool. So a lot of good learnings in this episode, and she really shares her perspective. I think it's really good value for the listeners. All right. Let's hand it over to Michelle Eggers.
00:02:52
Speaker
Michelle Eggers, welcome to the show. Hi. So happy to be here. Thank you for having me. Absolutely. I'm really stoked. We've been friends for a while now. And I think we've sort of danced around this, but I'm glad to have you on the show. And um I have also been privy to part of your cyber journey as you have been living it. And so I think that's a good place to start. You're on the practitioner side, which means I get first crack. So let's
Navigating Career Changes
00:03:22
Speaker
start there. Let's start with
00:03:24
Speaker
Just a little like two to five minute intro and how you found cyber and kind of quickly get us to where you are now. Sure. Well, it's interesting, George, you met me when I had just gotten laid off from my ah PM job at the ISP. So I had this big announcement on LinkedIn and it got a ton of traction. And that's when I ended up connecting with a lot of people. And I think you were one of them.
00:03:50
Speaker
um But funny thing about that job, I was in a tech org, right? But I was on the non-tech side, I reported to the COO. I had been at ah another tech job prior to that, same thing, non-technical role. And I'm sitting here and I'm seeing these engineers and these people with these seemingly very cushy lives and they're not getting you know yelled at as much and they're getting paid for pretty well. They don't have to interface with clients as frequently and I was like, oh my gosh.
00:04:23
Speaker
that That's what I want to do. I want to get into that. like I love working in tech period, but maybe it'd be nicer to actually have that tech role.
Breaking Into Tech: Education and Passion
00:04:34
Speaker
so While I was at that that internet organization, that company, um I just did a bootcamp. I did a six-month bootcamp. It was really intensive.
00:04:43
Speaker
um But at the same time I was doing that, I also was grinding super hard, you know, doing these one-off trainings, the free stuff from SANS, Black Hill Security things, anything I could get my hands on, anything I could sink my teeth into that I could throw on a resume, um you know, doing CTFs with Trace Labs.
00:05:04
Speaker
and Anything at all. Really that was of interest, genuine interest. I think that's important too. Like don't just dive into something because it sounds like it would make you money or other people are doing it. You actually have a bit of um authentic interest in it. so did the bootcamp, did all these additional trainings, fired out, you know, hundreds of resumes, did like 40-ish interviews over the course of maybe five months. Like I just hit it super hard until um something landed and what landed was the best fit I could have, I couldn't have even imagined. You know, I love pen testing so much and it's like exactly my personality type.
00:05:45
Speaker
Um, so I feel like I know I put a ton of work into it to get to where I'm at, but it's still, I still feel so lucky that I landed where I did. Yeah. And I remember when you first landed at your gig, it was kind of provisional probationary. Like you had to like still, you got in the door and you still had to earn stripes, right? yeah Before you got like full time. Yeah. Yeah. It's crazy. So even my training cohort was, um, somewhat experimental.
00:06:14
Speaker
And they were trying a new approach where it was a little more hands off. They still had like instructors dedicated trying to help us succeed, but um it was a condensed timeline. And it just really was like the proverbial fire hose of information. And half of my cohort didn't make it, which is really sad because we got really tight. We were trauma bonded.
00:06:37
Speaker
um ah I mean, truth truth. yeah Yeah, yeah, the attrition was high, though. um But I managed to survive. And um I even pivoted from that initial survival into a niche with mainframe. So that's been pretty sick. Do you do before I asked my other question, do you have a sense of, like, why some of them didn't make it? Like, what is the the litmus test there? Do you have a sense of that? Yeah, um, gosh,
00:07:13
Speaker
It's hard to say, but I think part of it was attitude um because you can't just have strong technical skills. You still have to be able to perform a readout, for example, or have positive internal communication. So that could be part of it. um There may have been some cheating, I'm not sure. So it's possible on like our last test that we were doing. um And then, let's see what else could have been it.
00:07:42
Speaker
I know someone was let go later because they weren't actually doing their testing. It can be because the supervision is so low with what I do. I mean, you can really be extremely lazy and you won't get caught for a while, which is a little scary to think about because of what we're being trusted to do. Um, but you will eventually get found out and they will cut you.
00:08:03
Speaker
at my job. They don't like to carry head weight. I mean, who does? Who does? yeah i' mean ah I'll just make one more comment and then we'll pass it over to George. ah i What stood out to me there in your journey is one, you treated the finding a job like a job, which is something I say all the time. like You had a system and you know went after it hard, but also you talked about getting anything that you could put on the resume from a skill side. You said CTFs, you said labs, you said, what you, I didn't hear you say is like chasing certs, chasing, you know, like really long expensive courses. And I don't know, it stood out to me because my co-host here has often talked about like, I would rather see curiosity and skills than a whole bunch of certs because that just tells me, you know, how to take a test. um yeah But yeah, over to you, George.
00:08:59
Speaker
Yeah, I
Reality Check: Cybersecurity Industry
00:09:00
Speaker
really um have a lot of thoughts because you just pumped in like three questions in one minute. So I was like, oh, where do I start? First of all, Michelle High, really, really cool to do a show with you. I like George. I consider you a friend, like an actual friend, like outside of all the cyber and the nonsense. So I have retired cybers. Hopefully we save friends.
00:09:23
Speaker
But I do think that there's something to be said about your resilience, right? Because what I hear from your story is that you set your mark on a goal and you put in the work necessary to achieve the goal regardless of challenges and you just work through every hurdle one one jump at a time.
00:09:42
Speaker
And you know not to be a bit of a hard ass, but the the longer I stay as a CISO, the more hardened I get to kind of the situation of people complaining. And so I don't think there's like necessarily a staffing crisis. I think there is there is an entitlement and a lot of people who have the dream of the big figure cyber job and they don't want to put in the work and learn the valued skills necessary to one, land a position and two, enable themselves to to accelerate their careers. They want things handed to them and they complain when it's not handed to them.
00:10:17
Speaker
You, my friend, are an example of someone with blue collar work ethic who did it, who achieved it. This is the kind of story that I think we should be platforming, and should be talking about. For a lot of people who are thinking about getting into the industry or working in the struggles of like, hey, I can't find a job, what do I do? And then they go on and complain about how there's no jobs available and LinkedIn is garbage. And indeed, because they are garbage, like the job posting game is garbage.
00:10:42
Speaker
But you demonstrated value. You demonstrated value, you were personable, you endeared yourself to people, and you got an opportunity. And when you went through a training course, yeah, crazy shit happened. It reminds me of being in the Army. When I was in the Army, there was a massive cohort when I started all my courses. And by the end, it went away to about one third because of the same shit. Some people didn't do work. Some people were lazy. Some people just weren't good enough.
00:11:07
Speaker
I think what I want to say and I want to ask you about is, where did you find the strength to dig deep when you hit those walls? Because I think that's the core of what but your story is is. You hit a wall and you don't just like get discouraged. You're like, cool, could I get around this? Can I jump over this? Can I jump through this? Like, where did you like a pen tester?
00:11:27
Speaker
Like a band actor, right? Where did you find that kind of intangible skill set to overcome the challenge? I think that's what listeners want to know is how do I get through it when it just seems like it's impossible to cross? A couple things come to mind.
00:11:45
Speaker
And one is having some kind of a support network, people to commiserate with, people who are beyond where you are currently at who can say, you're so close, don't quit, it's just around the corner. um And so having a nice variety of people who are really just wanna see you win and they're cheering you along, regardless of where you're at or the setbacks you have. um And then you say, I don't get discouraged, I got discouraged a lot.
00:12:12
Speaker
Oh, it was hard. It was really challenging, but I didn't stop. It's like I still encountered imposter syndrome and fears and horrible anxiety before interviews, all all the things that can happen to a person. I wasn't i didn't go into it with this superhero um ability to just withstand everything that came my way. It was it was hard.
00:12:37
Speaker
um But the other thing, aside from having the support network, is knowing that you can do it. And that's just something you have to have from your life and from other challenges maybe you faced and gone through as you've just taken your journey as a human on this planet. and You have to decide that it's something that you can achieve. And then if it's something you genuinely want, you will get there. And maybe it won't look exactly the way you had imagined it would look. um But in my case, it's even better.
00:13:14
Speaker
Yeah, can you x I was very interested that you said people who are beyond where you are. You know, I think
Interview Red Flags
00:13:22
Speaker
that's very valuable that when I see a lot of people coming up, they're coming up together and generally their contemporaries are all kind of in the same boat.
00:13:32
Speaker
maybe there's a mentor or someone but there are like many many layers right like you have like an executive who's mentoring you as many layers removed from where you are both in years and also like literal seniority. Yeah they're like creeping on retirement. Yeah someone who's like but someone who's like Just pass through the gate. I don't know. I think that's that's pretty valuable too. um I also remember you and I talking. I have vague recollections of your interview process and understanding.
00:14:06
Speaker
where you saw red flags. So I was wondering if you might be able to talk a little bit about that because people are generally when they're hunting for jobs, they're very hungry and it's very tempting to reach out for the first thing that but you know, where you get the interview or something. But I don't know. like Sometimes you shouldn't take that job, but i would just if you could share like where you would see things in an interview process, you're like, oh, maybe this isn't the one. Something that I saw, yeah. um At first pass, really bad communication from the organization is terrifying. If they can't even get you,
00:14:50
Speaker
out of the gates the right time for your interview or you're not you're not sure who you're even talking with or it changes midstream or they forget your interview time or you show up and they're late and there's this weird sense of internal chaos right at the beginning that's um probably not a ship you want to board necessarily. I mean if you're happy with being in a chaotic environment. And there are other really promising qualities. Maybe if you have that like startup mindset, you don't care how you live.
00:15:28
Speaker
um Not to drag them too hard. But yeah, or one thing I hate, and i don't I don't know if people are still doing this, but this did happen to me a couple of years ago. They want you to do a project like a free work, free work. Oh, fuck pump free labor. Fuck that.
00:15:44
Speaker
don't do it at all. Don't do the free work. Um, something I have heard more than once that was just weird. And I didn't even know how to feel about it is it'd be an older dude. And he would say like, Oh, you remind me of my wife. I'm like, Okay, what? What? enough What? Why? i don't Why is slavery at at all? Yeah, first of all, um,
00:16:08
Speaker
I'm trying to relate to you. My wife is ah is a female person who I know. everyone Hold on. female is Is that an issue of them being awkwardly trying to relate or are they low key hitting on you? Because i that's two different vibes too. They're both wrong, but two different vibes. I don't know. It's probably both. It probably makes it both in different scenarios. That will fail. And I think that ambiguity is part of the problem.
00:16:33
Speaker
yeah
Workplace Boundaries and Behavior
00:16:35
Speaker
yeah yeah And it's, you know, as a, as a woman in a field that is male dominated, of course we are going to encounter these things more than, I mean, it shouldn't happen at all flat out. You should never feel uncomfortable. You should never be in a scenario where.
00:16:51
Speaker
your coworkers, whether they're a peer or, um you know, senior to you, you should never feel like you have to accept some kind of weird treatment or strange behavior yeah in order to keep your job or be successful in your role. um It just slowly will poison even the quality of your work. It'll damage your mental health um having to deal with that. It's like allocating mental energy to something that you shouldn't have to allocate mental energy to. Yeah. And it's not funny and it's not entertaining and there's nothing chill about it at all. So I mean, just keeping that out of the interview process, the workplace period is, I don't know, it's just a smart, it's just how you do business. Business doesn't need to involve making other people uncomfortable at any level.
00:17:40
Speaker
absolutely Yeah, i mean that's that's kind of a big problem that I think a lot of people are not differentiating between kind of like personal feelings and and business behavior. Where do you find or I guess in your in your entry with new organizations and dealing with new business relationships. As someone who's going to become a senior or being a senior, you're going to deal with a lot of other external organizations, you're going to have a lot of sales relationships, you're going to have a lot of partnership relationships depending on the engagement.
00:18:12
Speaker
Do you find that you go through a boundary setting period with people at the very start where like, you know, you kind of put some things out there to let them know like, hey, these are some things not to cross or is it a by necessary, like by necessity? make Because I think I feel like the industry could use more overt conversations around boundary setting for generally in these relationships because all all we hear about are people complaining about boundaries being broken, but then I'm like, hey, but do we do we talk about the boundaries at the start? Or is there some kind of like unspoken presumption that then gets broken?
00:18:48
Speaker
Because I feel like like how do we how do we start getting to the point where we can start addressing this issue? And it feels like you have the right kind of energy naturally. so So how do you approach kind of building those relationships in a safe manner?
00:19:02
Speaker
So if you're waiting till the conversation, write your initial conversation with this person to set a boundary, it's already too late. These people should have the training and the awareness before you're in that situation. It shouldn't be ah There shouldn't even be an opportunity for them to think that it would be okay to start boundary stepping and crossing lines. um Let's say you're in a Zoom meeting with, you know, five, eight other people and then someone makes an off-color joke and it's kind of like, ha, ha, talk, talk, I shouldn't be on the spot to have some kind of retort or quip to fix it or
00:19:40
Speaker
put them in some kind of place or make it a teachable moment. I'm like, I'm here to work. We're all here to work. Why do I have to do extra to train you how to be ah a human, like a kind person, a respectful individual? That's so much extra energy for me. I'm just trying to get through this Zoom meeting to talk about this technical thing.
00:20:00
Speaker
there's no there's no reason for that and I don't think it's fair to expect women or whoever is being targeted for a strange treatment um to put the onus on them to come back and fix it in the moment. Because then you have heightened responses and then maybe you're triggered or there's additional anxiety that comes into play and you're like, oh my gosh, who in this room will support me? Am I going to take somebody off for coming back? Like what is the read? And it's just too much all at once. They should come into the situation already aware. If you're waiting till that conversation, it's too late. um All right, we will take a short break and then we will be right back.
00:20:45
Speaker
um
00:20:49
Speaker
Hey listeners, if you like what we do, the snark, the stories, and the big swings we take, we'd appreciate your support. With the link in the show notes, you can become an official supporter of the show. You can send us a one-time gift or sign up as a member to provide ongoing support. Memberships start for as little as $1 per month. Each membership tier comes with a unique set of benefits, including exclusive discounts to the BKBT swag shop. So really, for less than you'd pay for one cup of coffee per month, you can support the show. Use the link in the show notes. It covers our hosting fees, helps us make cool swag, and it lets us know that what we're doing is of value to you.
00:21:32
Speaker
Many thanks to recent supporters Jessica, Jason, and Maria. We'd love to have yours too. Michelle, you pointed out earlier, you talked about the mainframe niche that you've carved out for yourself in terms of pen testing.
Entering Mainframe Pen Testing
00:21:50
Speaker
Can you walk us through that a little bit? Like how did you got your foot in the door or in we're doing work and then just talk a little bit about how you kind of threw yourself at this particular problem, because it's going to be a ah ladder that we climb to ask other questions.
00:22:07
Speaker
Sure. Yeah. So this is actually a great example of a classic you know Caucasian male in the workspace who is actually a helpful, awesome person, right? Just because you're a certain way doesn't mean you're necessarily the problem. Guy who's our director, Phil, he got hired after I did Phil Young, and he has all the all this experience with mainframes. And we were in the same ah you know one of the training Um, meetings they have at work where they're unrolling, you know, some kind of internal process. I'm like, Oh, you're new. I'm new. Nice to meet you. Introduce myself. Nothing much. I see some months later, he's going to be doing a workshop at DEF CON. Oh, I met that guy a few months ago. I remember that. So, Hey, do you need help at your workshop? I'm going to be at DEF CON. He said, yeah, actually I could use the TA. I'm like, Oh,
00:23:00
Speaker
sick, let's do it. And our entire conversation about mainframe, because the workshop wasn't even on mainframe, it was on nmap, writing your own scripts with little on different things. So I go and I help with this workshop. And he goes, I'm going to get you in mainframe. And I was like, Oh, that sounds interesting. Sure. Let's see how it goes. And ah training got on my calendar a couple of weeks later, and I've been doing it ever since. So it's been about a year and a half. And to me,
00:23:25
Speaker
You can look at it as like, Oh, this person has this experience. They brought you in, but really I reached out. I introduced myself. I offered to help. I showed up. I already had plans to be at this conference through other work I had done and other connections and organizations, black girls hack that I work with. And so I had been already piecing things together. Did I know it would lead to mainframe? No, but it did.
00:23:49
Speaker
um And it's been so cool that it's a niche that not a lot of people are doing. I've been able to give talks on it because not a lot of people are doing it. There are very, very, very few mainframe pen testers that exist in the world. um And that's that's a fact. I mean, you can research that. As far as people who test Kix apps,
00:24:11
Speaker
um I've probably tested more Kix applications then than anyone on a global scale because it wasn't even able to really be tested into ah until a couple of years ago with some tooling that's recently come out. so i I like being in a niche. I like feeling that I'm in kind of this almost cozy space where I get to know everyone else in that realm and it I'm able to contribute more meaningfully. I'm not just in a sea of millions doing the same thing. So that's very specific to my personality type, ah but it's actually just a cool technology too. So it's really been a win-win for me.
00:24:54
Speaker
Yeah. I mean, I remember when you were at besides that year in Las Vegas, and I think you were also taking an end map workshop, which means you were studying it like just before going to Defcon. But as you said, which what you said encapsulates what Seneca said over 2000 years ago, right?
00:25:10
Speaker
luck is opportunity meets preparation. So you were doing the networking, you were doing the the outreach, you were connecting the dots and you were availing yourselves of that opportunity. And that's amazing. And I would also say to listeners who are just trying to break in what you've also done is by creating or occupying a niche, you have also added value to the company. Right. That's something that the company now has as a service that, you know, is of hard skill set. If they're not a lot of people, like you said, doing it just by dent of supply and demand, you know, that is a, that is a competitive advantage. um That's awesome. I have to ask as well, I'm kind of a niche dude as well, because I'm a TI person. So like, there's a lot of people that talk about CI, there's very few people who do full time CI. I have to ask, you know, do you ever find people
00:26:02
Speaker
people ever come at you with the, so what? Like, so why should I care about mainframes? Why should I understand their connectivity across the environment? Why should I understand that they're a critical piece of infrastructure, right? Just like I deal with a lot of pushback. Why should I spend money on this? Why should we bother doing it? Why should we care what the threat actor does? Like, how do you find dealing with the resistance? Because I find, you know, I get to have these lucky conversations where people understand the value of it and I'm like, cool, let's actually talk about what's going on.
00:26:31
Speaker
And then there's like the other conversations where you're like, I have to educate people on why it's important. And I, I find that really frustrating. Perhaps you are a better person than me and you're happy. But a bit of a knucklehead and, you know, uh, I'm just like, no, it's really fucking important. Why don't you understand this?
00:26:54
Speaker
um how do you How do you deal with trying to, co i guess I guess, justify the value of what you do and and and really letting people know that, hey, this is something that's really relevant and you should know about it. How do you cross that bridge?
00:27:10
Speaker
It's actually pretty easy with mainframe. People initially come into it thinking, oh, this is old. No one uses it. This, it's just like in a dusty warehouse somewhere. And then once they realize that every single debit card transaction touches a mainframe on a daily basis, billions of them.
00:27:26
Speaker
constantly and that every bank uses a mainframe and that airlines are using mainframe for ticketing processes and that it supports so many critical industries and that it can have almost no downtime in a given year. It's like the financial sector is held up by this technology. Once you just give them a handful of facts, um their entire demeanor completely changes. Their face kind of goes,
00:27:52
Speaker
It's like this wash of realization. Part fear, part awe. Yeah. It's like, oh my gosh, I didn't know that. I'm like, well, I'm, yeah, now you do. And I can almost promise you you're working with it and just don't know it. So it's really not a hard sell in the sense that I have to convince people that it's important because the facts are there and it's been, it's being used.
00:28:19
Speaker
heavily and consistently. So I mean, if if someone has it, they're going to want it tested. It just honestly, though, really, it wasn't able to be tested until more recently. So it's like. Follow up to that, Ben, because it's such a critical piece of the infrastructure is why are there not more of you?
Significance of Mainframes
00:28:41
Speaker
Because no one could do it before. Really, this is it's very it's new. It's weird because it's this This crossroads, the sort of juxtaposition of this tech that seems old, but is really actually quite modern and no one could test it, but we can now. And so it's like the field is just ripe for gleaning at this point for testing mainframe. And that's where I've been able to come into play and it's been really fun.
00:29:11
Speaker
Yeah, talking offline, I would love to actually get into the nitty gritty of the text on that because I would love to look at control-based assessments and possibly you know like lines of business and some other projects that George and I are doing. But um I think we could give Michelle another opportunity to talk about technical stuff later. George, over to you.
00:29:31
Speaker
All right. So Michelle, as you said, you were able to leverage, you know, getting in networking, availing yourself of this opportunity. And then from there being able to get into a niche and then from there start giving talks because they're not a lot of people with this area of expertise. So let's talk about advice to the up and comers who also feel like they want to give talks or they want to do what you've done. What is your advice to them? Do it scared.
00:30:03
Speaker
Do it it's scared. I am terrified leading up to a talk. I put a lot of effort in, I do my research, I prepare, I practice, and I'm still scared before I get up there all every time. But i so I love doing it too. There's a balance there. It's not just this pure fear response. I'm excited too, but it's hard. It's It's not easy, especially when you're newer in the field and I'm up here and I know there are there are people in the audience who've been doing pen testing or working with mainframe or even just it stuff for decades, actual decades and I'm, you know, on my a couple years in.
00:30:43
Speaker
a history leaning back on the things I've learned, but I have to remind myself, okay, just because they've been doing something for a long time doesn't mean they know what I know. They don't do what I do. I can still show them and teach them what I have discovered in my experience that they don't have, they don't have that experience. So you know, all the different lengths of career aside, it it doesn't matter. If you have something to share, and you probably do, just share it, do it scared.
00:31:15
Speaker
I love it. Oh my God. I love that advice so much. And it was very much gels with my own experience. You, you find your voice and you find some unique aspect of your experience because there's literally no way that everyone can have had the same experience. So once you kind of sit in that, you know, you have a voice, you have something to share and add to the conversation rather than like, I'm just trying to mimic what this other person has also done.
00:31:38
Speaker
but looks's like I think you never know like really cool shit happens like when I was at DevCon last year and I ended up doing like speaking at Blue Team and Cloud Team Village. I had an actual adversary that I defended against in years past walk up to me after a talk and I was like I met my adversary in person like here live.
00:32:00
Speaker
Yeah, man. Yeah. How are you? I don't know. I'd be interested in that. It freaked me the fuck out. She's totally cool. I was like, oh my God, I'm here. I'm a loser. I'm Delta H. But don't you feel like finding you go up to like those events like that, though? Like you are awestruck by the level of intelligence and just like skill and brilliance that you're surrounded by. Like that's the cool thing. You don't feel that? 100%.
00:32:27
Speaker
Yeah, I love learning about what people do. I think it's so interesting. People are just interesting in general and being able to sort of dive into that microcosm of the workspace that that we occupy. um Sometimes it feels like the whole world, but it isn't. There are so many other industries. ah It's just, I love the conference vibe when I get to go and just be surrounded by all that, like you said. Yeah, it's it's really, it's like a,
00:32:57
Speaker
refreshing experience in a way. Yeah. Yeah. And also like, as you said before, the way you had networked into mainframe and the, it compounds over time, right? Because
Power of Networking
00:33:07
Speaker
you're going to not only meet new people the next year, but you're going to be able to solidify the relationships with the people you already know. And you maybe come up with different collaborations, right? And it's sort of just, I don't want to say it's snowballs, but if you're putting energy into it, you're going to continue to get energy out of it.
00:33:26
Speaker
Well, I'm still on the more hard tech side, not necessarily on the sales or you know more client facing side. A lot of us are introverts. We don't get out much. We work at home in our you know home offices or you know we're more quiet in our day-to-day life. So getting out of that that mode and seeing all these people and being kind of immersed with your friends, doing you know all the learning, it's it's awesome. I really like it.
00:33:57
Speaker
All right. Well, final word here. Let's say we got a junior pen tester or someone who's trying to break in.
Advice for Junior Pen Testers
00:34:04
Speaker
I feel like pen testing is like the gate that everyone tries to pass through. What's like your top three. These are the steps you should take to advance your career, not necessarily get a job. Yo, Michelle, you can't control that. This economy is bananas. What is the top three? Just like these are the things you junior pen tester can control and you should focus your energies on.
00:34:27
Speaker
um Keep learning. Always keep learning and staying fresh. And I always like to pair that with the caveat of making sure it's something that's genuinely interesting to you. um So keeping your mind active, keeping your mind engaged. Another thing that I think would apply to anyone ever really is having balance in your life because when you're trying to achieve a big goal, it can really, it can start to feel really heavy when you're not seeing the progress the way you wanted to see it at the timeline. Maybe you had imagined or, you know, maybe you're not offered the amount of dollars at first you thought you were going to get. um
00:35:09
Speaker
staying balanced so that you understand this is this is just a career. I mean, it is, it's an awesome career. It's a really sick field to be in, but it's your job and your life is so much more than your job. So keeping that in mind and then a third thing, I need a third thing.
00:35:27
Speaker
um
00:35:30
Speaker
Yeah, I guess to reference back what we talked about earlier is having that resilience and and knowing it will work out for you. Really, really believing it too, not just telling yourself, it's going to work out and I'm going to get it, but genuinely holding that in your in your soul, in your bones, and knowing that this is going to work for me. um That will carry you through a lot, keeping that positive outlook. And it's not toxic positivity. You got to understand there's ups and downs, but
00:36:02
Speaker
um Letting that carry you through that strength, that intrinsic internal motivation is, ah that will carry you further than a lot of other things. Beautiful. Nice. I mean, yeah, it's just a podcast, but I'm so glad we got to talk. This is going to sustain me until Vegas next year when we're going to see.
00:36:25
Speaker
Yeah, we got to hang out more next year, this last year. yeah like that Remember when we got drunk with Marcus? That was sweet.
00:36:34
Speaker
ah yeah well cute but Michelle Eggers, thank you so much for taking the time out of your day to talk with us. Thank you. I'm so glad we found a time to make it work. i'm I'm honored to be here truly. And it's been cool to see the journey and growth of this podcast and your guys' careers too. It's just, we're all winning and it feels so good.
00:36:59
Speaker
If you liked what you heard, be sure to share it with friends and subscribe wherever you get your podcasts for a weekly ballistic payload of snark, insights, and laughs. New episodes of Bare Knuckles and Brass Tax drop every Monday. If you're already subscribed, thank you for your support and your swagger. We'll catch you next week, but until then, stay real.
00:37:22
Speaker
I think you might be tapping the desk slightly when you are emphatically gesturing, and it is picking up on the mic. Dude, I'm absolutely worse for it. Don't don't feel bad. It's OK. I give him shit all the time. Some Arab. Go on. I know you're Arab, but still. Hands away. I'm talking my hands.