Season 1, Episode · 1 year ago



Welcome to our first episode of this PodCast. 

Join @joubinj, @DGelici, and @InfosecVandana from the start of the official OWASP PodCast. 

We hope to bring you a mini PodCast from inside of OWASP. 

... We're breaking your names from inside Obas. What brought you guys into APP sack and and what brought you into our so panderap what brought you into absack up? Sick actually of destiny. That made me brought into it APSET, because I was internetwork security and I was never ever thinking of moving to application security. So it just happened that I joined one of the organizations and they said, we hired you for a network security but then right now we need people in application security, and I told them that I've never worked in application security. They said you three months, gear up yourself and go for it. It took me a good day, two days, to think about it, and I said, okay, let's do it, because they told me on Friday and Saturday. Sunday was a big roller goes journey, because then you you are switching your domains and then there's something new that is waiting you. So I just went for it and I was introduced to oversp then because, oh, ask web testing. Ide was the thing that was introduced by the person who was actually guiding me through the oversp and for good two years I was just thinking that over asp is overask top ten and over ask web testing ide and that's about it. And later in one of the trainings, one of the ovask leaders told me like Oask Bangalore leaders told me that there is a community. And that's how my journey started. where I started became I became a volunteer, then became a chapter leader, then the game women, an appst lead, and then the game one of the global would of directors. That's that's very cool. What brought you into security, like in general, like before appsack? Okay, that was also cyrendimity, because in college back then cybersecurity was not a career, like nobody knew that cybersecurity could be a career. So and when I happened to be in my first job,...

...they said that there's one project where you going to be moving after the training. I said, okay. So when I was introduced to this project, they told me to cybersecurity project, and again I was at zero because I had no idea. But one good thing was that it was netbook security project, so I had basic understanding of land van and submitting all of that. So which helped me and I think it just went on for good four, four and a half years, and I never realized that time flew so fast, because every day was a new learning, something new was coming up, and now it's a passion that are so awesome. Did. What about you? What brought you into appsack? I'll start with the security room first, because I guess that comes before and it was all chance. I I did business administration, so but I wanted to do something in it, and in Turkey, if you haven't studied engineering and computer computer science, you're not really going to get a job in it. So but luckily, and stay young, they had an it auditor entrance entered position and I applied and I got in, and that's how I thought it was something about it. I didn't know it was security related and I didn't even know what security was. So I learned everything on the job and I'm so glad I happened to stumble upon that job and it really changed my life. And then into APP sack. That happened like three or four years ago. I realized, after doing ten years of information security, that I didn't understand anything about APP sack. So I felt really embarrassed and really felt really bad. I couldn't give any guidance to the developers in their area. So I kind of got really obsessed about..., and that's also how I found about all of us, because that's where I went to to find all the information and guidance and help the developers to do security basically. So that's how I and initially I also thought that all was but just overs top ten, but then I realized Oh, was past the Bible for epsay. So it's like my first point of reference whenever I have a question. Yeah, that's that's so true. How about to? That's a good question. So I grew up in Iran, and in Iran the Internet is very, very controlled and you can't get get out to the Internet to do anything. So when I was a kid, I wanted to play these games. At the time there were servers around the world that you could connect to without with your dialog modem and and to try to play these person to person games. But unfortunately the websites where you would get that Ip addresses for the Games were blocked because of their running government that don't like something about I don't know what it was. So I had to figure out how to like set up proxies and set up vpns and how to get away, get out of the Iranian firewalls I got. I loved security, like this idea breaking people's how like somebody's trying to prevent me to do something and if I can break around it or go around it, that is that is the coolest thing ever. So that got me into security. In College I wanted to be a doctor, so I started going to doing all the premed courses and I wanted to go to medical school and I'm like this is so boring. Computers are so much more interesting. Nothing against anybody who went to medical school, but like it just didn't didn't do any anything for me. And I'm also scared of blood like all that, like there's so much memorization. I'm not good at biology. So I started computer science again and the...

...way computer science taught, at least at my university, was very much like a development, like computer science and seferdevelopment go and handinhand. It doesn't have to, but but it did at my university and when I graduated I was a developer. I did sufferdevelopment for a bunch of places, but I always had this draw towards towards security and naturally I just went to APP Seck and, like many people, I didn't know much about APP sack. When I got into APP sack and and ost top ten was was one of the few things that were out there and you look at. So I thought, I ask, was a lost top ten, but once I started reading a last top ten and once I started looking at the cheat sheets and what everything that ost has, it just showed me like the big world of APP Seck that there is today. I do want to add one thing, though, and I want to get you as a take on this. Why do you think APP Seck is important today? I'll give my answer first, give you guys a second to think about it too. I'm sure it gets have many answers. So I think everything is APP seck today. So I think the days where there is anything outside of APP Seck. Now there's not other security areas outside of APP SEC. But I think APPSAC is one of the largest security areas for the decade to come because if you think about cloud computing, if you think about anything that we're doing, where traditionally network engineers were building those more and more their software define network software, define infrastructures, offware to find everything. So I think a lot of the lessons we've learned in the APPS community easily translate of it right. How do you write the software to find things and and that's why I'm so excited about what lost has we just celebrated our twenty anniversary. I think the next twenty years are going to it's going to be amazing. I agree. Currently everything is as code and developer let... it's it would be not a safe walk if we didn't have APP sick. And I'm not saying everything is safe and secure. There's no never going to be a hundred percent secure things, but we use hundreds of APPS every day. Everything we do online is done by a APPS. So we do need applications to be secure so that and people, consumers, they expect them to be secure and they don't even know that they're not secure. So we need to really give the consumers what they really expect from us as companies. Talking with all of the security in did. It would not be a safel place because that's the place where anyone can end entered into an organization. If the entry point itself is not safe, I'll can you stop the bigler's right. You're just giving the key to your house to someone else and saying that I'm giving you the Dy, save guard my house and don't danger. And what happens next? Everyone knows. Yeah, well, well said. That's interesting. So I want to ask botty guys in indeed, I will start with you. What do you want out of this podcast? So, as we said before, even us who are now in, all of us deeply, we thought all was was only of US pop time, and even though I've been volunteering for the last year, I still don't know about all the projects that all of us pass and there's like hundreds of them. So I want us to discover them more, first for my own benefit and while we're going through this journey, I want others to benefit from our journey or in understanding what types of things that all of us community is able to produce for...

...the whole world. To you. So that that is my view and vision from this. Yeah, well said. I what about you? What do you want this out of this podcast? I am all the Dre so point of view that there are so many projects, there are so many chapters which people are not aware about. This so much to offer from overst site, but people are not aware about it, that how to geture that. So from this podcast, I think we can reach the masses wherein when they need help, they know where to go. It's not just that there is a especially for students. If I talk about or the people who want to switch their careers, they're lost most of the dimes because they have no idea which all the resources which they can actually look at. An Internet is full of resources nowadays, so over ASP has so many things at one place where they can go, and I think what this podcast, we would be able to deliver that point of view to the people and those resources to the people. Yeah, that's this really well sad for me. What I think I like out of this podcast is to invite those that haven't been part of the Oask community or the oast culture in and I think if we can have a platform on top of what you as all said, but if we can have a podcast that makes it really easy for any member, anyone out there who thinks they can contribute in a meaningful way to all ask mission, which is to better APSET. I want them to be able to do that very quickly. I'll be honest. I've I've known us all my career. Since sens a loss of existed. I've known of a lost and I'm I've been volunteering, I've been a chapter lead and now I have the honor being being a board member with Wandan a. You know it. It's such an amazing organization,...

...but I don't know everything about it and deeply embedded into the organization. They's things that I learned every single day. I can't imagine like the number of times where at work we're trying to solve the security problem and somebody goes, Oh, have you seen this, a lost project, this and my first thing is like yeah, I've seen all the lost projects, but then immediate and like Nope, I have not seen that project. That is so cool. It's like I'm part of a lost and I don't know this stuff. So how do we how do we make that more attainable for listeners? And that's my goal for this podcast. So rank with their two guys. What don't you want from this podcast? What is something? What are some of your known rules for this podcast Landon? I'll start with you. We would you would not let you get bored. We will make it as interesting as you can think of. Or might they cannot think of so that's what we are planning. So stay tuned for that also. That's it, a good one. Put it. That's a taller. And now we have to like do something entertaining. We have been committed. Did are what about you? Yeah, I don't have anything to add and I have no no knows. It's like everything goes but this podcast, whatever we think of, sky, is the limit it's going to gives. We enjoyed doing it. I think people will enjoy listening to it. All right, I want to get I want to get your and put on this. So I'm thinking what I don't want this podcast to be is news of the day. I think they so many upset podcasts out there, so many like security podcasts out there. Do you guys? Because agree with that. I get like this is not the podcast people come to to learn about the latest meltdown or the latest dependency confusion. This is this is not that podcast. I agree. Now, maybe there should be a caveat. If there's a lost project, that perfectly solves a problem. For that maybe we can talk about it in terms of that news. But but this is not this is not your come. You come... to to learn about new INFOSEC News, the vulnerabilities. Yeah, yeah, all right, we're in. We're in violent agreement on that. All right, so I think let's go ahead and close off this first podcast. But before we do, how about you guys tell me something that's interesting or fun, like a fun fact about you? I know I didn't give you guys any time to think about this, so I'm putting you on the spot. I guess I'll start first, since, in some kind of the question, I haven't given a thought either, so this will be fair for all of us. I think a fun fact about me is I really enjoy skiing and and I've skied most of the years of my life, with exception when I couldn't walk, and this last year with covid. By when I couldn't walk, I mean when I was a baby and hadn't learned how to walk, I saw the dice face. I like I sho probably clarify that. And and with this last year with Covid, I couldn't ski it and I'm really looking forward to covid being over and then I can ski again. Okay, I'll go next. Mine is easy because so I used to be a very shy person. So and I wasn't very so I didn't have self confidence to like do something like this, for example. It would be a big, big nightmare for me. So every year I picked up a hobby that will boost my confidence, and one of those years it was stand up comedy. So I did stand up comedy for a year and I did real gigs and stuff, but then I stopped. So that's something that's everybody. That was about me one and if we ever are not entertaining, we can have the DI. I do some stand up comedy for us on the PODCAST. Yeah, absolutely. What about you? What about you, Wandana? I'm...

...just thinking of it. That what's interesting about me. I mostly do upseick all or I can't. I love cooking, like I am a big fan of cooking. So this one thing with some only some people know that. Whenever I travel, like I'm a crazy person about traveling. So any conference, where the whenever I'm going to speak at anything, I make sure that I spend at least three days after before that so that I can see the city, and I always carry Indian food with me, so I can't live without that. So I always carry and I try and book some AIRBNB's or hotels which have some cooking place so that I can cook for myself. Like I'm open to eating anything and everything. I always try that, but I always carry in your food because I can't go without any of food for three days, so I always carry that. Yeah, I think. I think one and I just agree to cook for us at the next conference. I will. I will do the grocery shopping and the cleaning afterwards. I don't mind. I'll actually cook the Indian authentic Indian food or punch having food. That is awesome. That is awesome. I promised to do the cleaning in the grocery shopping afterwards. If you do the cooking, that's that's amazing. I can help with the cleaning as well. That's as under together. As long as you're in my help with the cooking, because I will be careful.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (4)