From fast food worker to cybersecurity engineer with Tae'lur Alexis
Released Monday, 21st April 2025
From fast food worker to cybersecurity engineer with Tae'lur Alexis
From fast food worker to cybersecurity engineer with Tae'lur Alexis
Monday, 21st April 2025
Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
is so vast. There's a different
0:02
area to security. There's the incident
0:04
response, there's compliance, there's this and that.
0:06
But I do recommend for those
0:08
who are web developers or software engineers
0:10
that want to transition to security. You
0:13
have a really, really good chance of getting
0:15
to application security. And that's why I was honing
0:17
in on the OS top 10 and like
0:19
web vulnerabilities and stuff like that, because it already
0:21
builds on what you already know. You
0:23
already have like that solid foundation of web
0:25
development. Now you have to learn about like different
0:27
ways that like an attacker can try to
0:29
explore your application. And so your job
0:31
would be to help secure that application
0:34
from those attacks and everything. So
0:36
welcome back to the free code
0:38
camp podcast, your source for raw.
0:40
Unedited interviews with developers. Today
0:42
we're talking with Taylor
0:44
Alexis. She's a developer
0:46
and cybersecurity analyst. Instead
0:48
of going to college, Taylor spent
0:51
years working at various fast
0:53
food and retail jobs. She taught
0:55
herself Python and JavaScript using free
0:57
code camp. Then worked
0:59
as a software engineer for
1:01
five years before specializing in
1:03
security engineering. Now instead
1:05
of building applications, she breaks
1:08
them. Support for this
1:10
podcast comes from a grant from
1:12
Wix Studio. Wix Studio provides developers
1:14
tools to rapidly build websites with
1:16
everything out of the box, then extend,
1:18
replace, and break boundaries with code. Learn
1:21
more at wixstudio.com. Support also
1:23
comes from the 11 ,300
1:25
84 kind folks who support
1:28
Free Code Camp through a
1:30
monthly donation. You can
1:32
join these chill human beings and
1:34
help our charity's mission by
1:36
going to donate .freecocamp .org. For
1:38
this week's musical intro, with yours
1:40
truly on the drums, guitar, bass, and
1:42
keys, we're going back to 1990 with
1:44
the theme from the
1:47
Nintendo game, Astiniacs.
2:48
Hey welcome to the Free Coke Camp
2:50
Podcast. Hi. Yeah,
2:53
it's awesome to talk with you.
2:55
I've known of you for many,
2:57
many years and I'm excited to
2:59
learn a little bit more about
3:01
you. First, I want to ask,
3:03
what exactly does a security engineer
3:05
do? So greatly
3:07
depends on the domain that in.
3:10
like there's incident response, there's application security. What
3:12
I do is it's kind of like
3:14
a mix of different things because I work
3:16
directly under a CISO at a consulting
3:18
firm. So we offer a variety of security
3:21
services to tech startups like in specific. So
3:24
if they need vulnerability assessments, we
3:26
provide that. We're actually starting to do
3:28
like penetration testing as well or
3:30
ethical hacking for those who are unaware
3:32
of what that is. So being
3:34
able to legally like break into or
3:36
flaws in systems such as like
3:38
networks and web applications, mobile apps and
3:40
everything like that to help make
3:42
those applications and systems and networks secure.
3:45
We also do compliance. That's actually a lot
3:47
of my work too now. So
3:49
we help build security programs from scratch
3:51
because a lot of these startups, they
3:53
often like the products first and think
3:55
about the security like afterwards. So,
3:59
you know, they'll need certain things
4:01
in place to become compliant with different
4:03
standards such as ISO 27001, SOC2,
4:05
I don't want to bore anyone with
4:07
all the different standards and stuff. Often
4:14
a really important thing if they're
4:16
trying to secure funding or different customers
4:18
Like is if they are compliant with
4:20
certain standards and stuff like that because
4:22
they're trying to see because other
4:24
Potential customers are trying to see can
4:26
you are you do you have certain
4:28
controls in place? That will protect like
4:30
our data and everything like that. Can
4:32
we trust you with our stuff? Basically,
4:35
so we help prepare different tech startups
4:37
for those like audits and getting
4:39
those Certifications and stuff like that. So
4:41
like my typical day It's
4:43
a little interesting. So
4:46
as a security analyst and everything,
4:48
I'm actually working with different startups. So
4:50
one client could need a risk
4:52
assessment done, or another client could be
4:54
asking a question about recently. yesterday
4:56
they actually asked me for advice on
4:59
implementing a dash tool which for
5:01
those who don't know that's the automated
5:03
scanner that can help find like
5:05
vulnerabilities and stuff like that so from
5:07
an external standpoint so like they
5:09
need to help with like you know
5:11
what kind of tools you know
5:13
best fit our needs and everything like
5:15
that because the potential customer needed
5:17
that needed them to have that implemented
5:20
in order for them to work
5:22
with them so yeah it really depends
5:24
it kind of varies like the
5:26
type of work I do Awesome.
5:28
Yeah, so it sounds like a lot of
5:30
what you're doing is kind of just helping
5:32
people fix their fast move fast break things
5:34
kind of like mentality and startups like everything
5:36
is done as inexpensively as possible, just trying
5:39
to get the product out the door, see
5:41
whether people like it, see whether people will
5:43
pay money for it, and a lot of
5:45
times security is just one of those many
5:47
things that ends up as technical debt that
5:49
people will eventually get to. Yes,
5:51
a lot of my work is
5:53
actually educating, raising awareness on why
5:55
security matters, why you need to
5:58
have certain tools in place, why
6:00
secure coding is important to help
6:02
defend against vulnerabilities and everything like
6:04
that, so for sure. that it's
6:06
a lot of shine to make
6:08
people feel like. Make
6:10
security an important step in the process,
6:12
hopefully from the beginning of the
6:14
software building lifecycle, but at any
6:16
stage we can kind of get in. Yeah,
6:19
and you worked as a software engineer for like
6:21
five years before you got into security, and
6:23
along the way, did you take for granted
6:25
a lot of the things that you now know
6:28
are very important about security? Yeah,
6:30
actually, and I didn't I did not know
6:32
a lot about secure coding when I was
6:34
a front -end developer actually I didn't know
6:36
much about I didn't know of cross -size scripting,
6:38
but I didn't I didn't have like the
6:40
knowledge that I have now I didn't know
6:43
about the awas top 10 and everything and
6:45
I've noticed that And I thought that made
6:47
me a less of an engineer And so
6:49
I got into security and then I've met
6:51
other very very smart software engineers that don't
6:53
know like that much security and also like
6:55
as you know like A lot of software
6:57
development courses and coding courses, like they don't
7:00
actually teach about like secure coding or anything
7:02
like that. That's taught us a separate discipline.
7:04
So that was like an extra step that
7:06
I had to kind of like go through,
7:09
you know, trying to like. Fill in those gaps
7:11
and everything for sure and also another thing
7:13
is like I didn't know a lot of Linux
7:15
I didn't know a lot of networking and
7:17
so when I was transitioning to security I had
7:19
to kind of build up my knowledge and
7:22
that stuff but Have been that software development, but
7:24
like background really helped me with getting jobs
7:26
that I do have because I know about get
7:28
I know about the you know Sdlc and
7:30
everything like that I know about the different tech
7:32
stacks I know about like you know react
7:34
and view and everything I know how databases work
7:36
and stuff so Yeah, Sdlc is software development
7:39
lifecycle. I believe yes, okay So it's basically like,
7:41
from cradle to the grave, what happens with
7:43
an app? And all the
7:45
many life events. From
7:47
design to deployment. Yeah,
7:49
awesome. So I'm very excited
7:52
to learn more about security. But first, I
7:54
want to learn more about you. Many
7:57
people probably already know who you
7:59
are. You had this photo of you
8:01
mopping the bathroom or something at
8:03
Boston Market. And then it was like,
8:05
that was the first one. And
8:07
the second one was like you working
8:09
as a software engineer. And
8:12
yeah, I want to learn
8:14
a little bit more about your
8:16
kind of developer origin story and how
8:18
you were able to teach yourself
8:20
all these skills just using free learning
8:22
resources and also just leveraging the
8:24
community around you. One of the things
8:26
that you mentioned that you've used
8:28
in the past is free co -camp
8:30
of course. And yeah, I'm excited to
8:32
learn more about that. Period of
8:34
your life. My understanding is you were
8:37
in Jacksonville, Florida at the time.
8:39
Is that is that correct? I
8:41
was I spent time like it was
8:43
kind of half -and -half like when I
8:45
was really learning how to code it
8:48
was actually in Orlando, Florida is so
8:50
in Central Florida. Okay. Yeah Yeah, take
8:52
us back to that experience like what
8:54
you were doing because you know a
8:56
lot of people when they finish high
8:58
school They go to college if they
9:00
have been like sufficiently academically inclined, or
9:02
if they have the money to go
9:05
to college, if they live in a
9:07
state that has an inexpensive community college,
9:09
often they'll go there. What
9:11
was your entire approach? Like, take
9:13
us back to high school. Okay, yeah. So
9:15
high school, I was not the best student.
9:17
I'm just going to be honest. Like, I'm
9:19
pretty sure if my math and science teacher
9:21
saw me in STEM today, they'd be like,
9:23
wow, she actually made it. I
9:27
was really, really shy. I
9:29
don't really think I gave myself a chance, honestly, in
9:31
class. I'm not even going to try to blame the
9:33
system or anything like that. I think
9:35
I was just, like, really, like, shy and, like, very introverted,
9:37
and I just didn't want to be around people, so I
9:39
would just be, like, awkward, like, in my own world. And
9:42
so I wasn't the best in math
9:44
or anything like that. And when I
9:46
graduated high school, Didn't
9:49
really know what I wanted to do like
9:51
growing up I wanted to be a lawyer
9:53
actually like I I wanted to go to
9:55
like Harvard Law School and everything like that
9:57
But like things didn't like work out. I
9:59
didn't have any like money like and I
10:01
didn't have like the Like the academic, you
10:03
know aptitude and everything to get into like
10:05
a really good school and stuff like that
10:07
So I got into you know, I did
10:10
with a lot of 18 -year -olds do I
10:12
got into fast food worked at like McDonald's
10:14
and Macy's and I It
10:16
just worked like a bunch of jobs, like
10:18
in retail and fast food. I did not know
10:20
of what coding or computer science was or
10:22
anything like that. It's
10:25
really cool when you meet other people
10:27
in the industry who started off taking apart
10:29
computers and everything and hacking the systems
10:31
and being in hacker forms when they were
10:33
10 years old and I'm just like,
10:35
dang. When I was 10 years old, I
10:37
was... I don't know, on Wikipedia. Like,
10:40
or watch like VH1 or something. Like,
10:42
I wasn't, yeah. I didn't know
10:44
about, I didn't know about any of that I
10:46
wish, but yeah. It's just a different path, right?
10:48
So, I did come across
10:50
a coding when I saw like a
10:52
YouTube video, I think for like Code
10:54
Academy or something like that. Just like
10:56
a coding like ad and I was
10:59
like curious about it. I
11:01
was like, well, what is it? And so, I
11:03
did not know that like you know
11:05
everything that we do like on our computers
11:07
and everything like we're interacting like with
11:09
applications that are built with code and I
11:11
just I had no idea I would
11:13
be on the computer every day like playing
11:16
games flash games everything like that but
11:18
I never actually like thought about how do
11:20
these things like work and everything so
11:22
um yeah that's what I was doing and
11:24
I came across coding specifically in 2017. Okay,
11:26
you're interested in coding, but like how
11:29
do you go about teaching yourself to code?
11:31
That's like a major endeavor. It's one
11:33
thing to know what coding is and appreciate
11:35
that like most of the things that
11:37
are exciting in the world right now that
11:39
are happening in software are happening because
11:41
a developer will them into existence, right? Or
11:43
a team of developers will them into
11:46
existence. But it's another thing to actually put
11:48
yourself in a position where you can
11:50
develop. How did you do that? Honestly,
11:53
diversity and my resources
11:55
and everything. At that point
11:57
in 2017, the main resources that were
11:59
out was Free Code Camp and Code Academy.
12:01
Those are the two sites that really
12:04
stood out. And then, of course, Udemy.
12:09
It was hard, honestly.
12:12
When I first tried learning how to code, it
12:14
was February 2017. and I
12:16
tried to print like Hello World in Python
12:19
and then I stopped immediately and I didn't
12:21
actually resume learning how to code for like
12:23
some months because I was like I don't
12:25
know what I'm doing. I didn't understand like
12:27
the basic building blocks and what was the
12:29
purpose of a function and comments. I just
12:31
didn't understand and I guess I just didn't
12:33
think I would be technical enough or that
12:35
I would have like the raw intelligence to
12:37
be able like take on this endeavor of
12:39
learning how to code honestly. I'm
12:41
being honest. But
12:43
my father actually motivated me
12:45
to keep going. But
12:47
at that time, so I was 21, I
12:50
had reconnected with my father and everything. Because
12:53
when my parents divorced and I was a
12:55
kid, I was with my mom and I
12:57
didn't get to talk to my dad really
12:59
because they were separate. um living
13:01
their own lives and so I reconnected with
13:03
him and like he saw that I was like
13:05
on like free co -camp and he was just
13:07
like you should keep going with that you
13:09
seem like it seems like it made me like
13:12
happy or something I was just like really
13:14
and then he died actually like a few months
13:16
after that so That's what
13:18
kind of kept me motivated to keep learning
13:20
how to code. I try
13:22
to tell people because I get a
13:24
lot of people that reach out to me
13:26
and they don't feel smart enough to
13:28
learn how to code and become a software
13:31
developer because a certain concept is hard. I'm
13:34
like, that's a cyclical feeling. You're going
13:36
to have that feeling throughout your whole
13:38
career, whenever there's a new topic or
13:40
concept that comes about. And there's things
13:42
that took me a long time to
13:44
understand when it came to coding as
13:47
well. So it's just having to go
13:49
back to it. Sometimes it's
13:51
the resource so like if you're trying to
13:53
learn from like one course and they're teaching
13:55
a topic that you don't understand or that
13:57
doesn't resonate with you then diversify and try
13:59
like another instructor you know or try videos
14:01
maybe because maybe you're a visual learner as
14:03
opposed to someone who as supposed to like
14:05
you know learning from like books or written
14:07
tutorials and stuff like that so find like
14:09
your learning styles important and being open to
14:11
diversifying your resources those are the two things
14:13
I would say that help me keep going.
14:16
Awesome, man. Uh, I'm
14:18
glad your dad got to see
14:20
you. Uh, pursuing this passion, uh,
14:22
for a pass. Um, yeah. Um...
14:27
Yeah, maybe you can put us
14:29
into that, that moment. Like, not that
14:32
moment that your dad passed, but like,
14:34
kind of that, that area of your
14:36
life. So you're, you're kind of cycling
14:38
in and out. You're, you're, and I
14:40
experienced this too. Uh, I always say,
14:42
like, lots of people... up on
14:44
learning the program. I gave up several
14:46
times, right? And so you're kind of
14:49
like cycling in and out of feeling
14:51
like you can do this. How
14:53
did you have the temerity and
14:55
the willpower to keep thrusting yourself
14:58
back into it? I
15:01
had to build my community and
15:03
I didn't know I was building a
15:05
community, honestly, because I was, I
15:07
had joined like the 100 Days of Code
15:09
Challenge and I think that public
15:11
accountability kind of helped me keep going
15:14
because I started to post about what I
15:16
was like learning the struggles I was
15:18
having with like learning programming and what I
15:20
was building and just meeting like other
15:22
people that were also like learning to like
15:24
that is so key and I didn't
15:26
have anyone around me like out you know
15:28
in the real world that uh, was
15:31
also doing this, like, no one else in
15:33
my family was in programming, actually, correction.
15:35
I just found out, rather recently, that I
15:37
have an aunt that I did not
15:39
know about that actually has, like, a computer
15:41
science degree from, like, way, way back
15:43
then, like, 70s, 80s. And I was like,
15:46
what? But at the time,
15:48
I didn't have anyone. I didn't
15:50
have a support system. So
15:53
yeah, finding that online and just keeping
15:55
in mind what my dad told me
15:57
and everything like that helped me for
15:59
sure. Yeah, I didn't
16:01
know what I wanted to do. So
16:03
you were able to leverage kind of
16:05
this support system that you went out
16:07
and built for yourself, kind of like
16:10
a spider like weaves a web to
16:12
stand on. Right? Or a beaver builds
16:14
a dam so they can control a
16:16
part of their ecosystem. You kind of
16:18
created this mind space and these people
16:20
around you. And that was what you
16:22
needed in order to be able to
16:24
sit down and grind through all the
16:26
learning resources. Yeah. There are
16:28
people that have been in
16:30
tech for 10, 20 years.
16:33
that were like being like super encouraged into
16:35
a lot of us in the community like
16:37
in the 100 days of code or code
16:39
newbie community on Twitter um in so like
16:41
that was very helpful honestly it was it's
16:43
very encouraging for sure and honestly like I
16:45
had to motivate myself too because I was
16:47
like I knew that I did not want
16:49
to be in fast food for long I
16:51
was like I'm about to quit this job
16:53
at Boston Market like I'm not about to
16:55
keep doing this job so and I wanted
16:57
to see what was happy with soft development
17:00
and honestly at the time You know how
17:02
like now software development is like being pushed
17:04
so heavy as far as like oh make
17:06
six figures and everything like that like get
17:08
rich quick kind of thing? At the time
17:10
I swear like in 2017 I wasn't even
17:12
drawn to it because of that like I
17:14
was seeing people look on YouTube like coding
17:16
phase whoever like they just I just liked
17:18
the knowledge that they like gave like other
17:20
people and like the and everything and I
17:22
just I wanted to create value too for
17:24
others too so yeah. Yeah, and
17:26
there are a few things that you
17:28
can do that just can unlock that
17:30
much value for other people just like
17:32
that you can do yourself, right? Like
17:34
you can go and build houses for
17:36
people, but it takes a lot of
17:38
people to build a house for somebody,
17:40
right? And it's it also
17:43
takes a whole lot of lumber and a
17:45
lot of other resources like you if
17:47
you have the developer skills you can sit
17:49
down with like a laptop or you
17:51
like even go to like a library and
17:53
use that either there and you can
17:55
build something that people can use. And
17:57
that's kind of like the power
17:59
and the leverage that software specifically gives
18:01
people that other mediums of creation
18:03
do not necessarily, is being able to
18:05
help a lot of people at
18:07
scale without using a lot of material.
18:10
I agree. Yeah, taking from idea and
18:12
actually realizing that idea and everything,
18:15
making it a reality, like that is
18:17
a power for sure. I think
18:19
that's what drew me to Frontend Development,
18:21
especially because I was able to
18:23
get the immediate results of what I
18:25
was coding and stuff. So
18:28
were you working these retail jobs
18:30
while you were teaching yourself coding? Yeah.
18:32
Like either two in tandem? Yeah.
18:35
At one point I was working on
18:37
both Walmart and Boston Market and I
18:40
would work... Like especially at
18:42
Boston Market, I'd be working like eight
18:44
to ten hours shifts sometimes without a break
18:46
and then I didn't have a car
18:48
so then I would run home and then
18:50
I would get on the computer and
18:52
for some reason like I was just like
18:54
I was really on the computer for
18:56
six to seven hours like barely sleeping like
18:58
I was just I was just really
19:00
fascinated like especially when I was like running
19:02
like problems with my code or like
19:04
not understanding something like for me what What
19:06
drives me is I have this need
19:08
to have to understand something. So I think
19:10
that's what also is a really important
19:12
trait for someone to have when they're trying
19:14
to get into tech. If an obstacle
19:16
doesn't put you off from the whole mission,
19:19
then you have a chance of getting
19:21
into tech, honestly. Because that's a lot of
19:23
what a lot of our journey as
19:25
artists will have obstacles and be able to
19:27
overcome them and be resilient. Yeah,
19:29
I was working like my butt
19:31
off for sure. I often I often
19:33
say like learning programming is more
19:35
of a motivational challenge than it's like
19:38
a specifically like technical challenge or
19:40
Yeah, and then it has anything to
19:42
do with like aptitude or even
19:44
like interest in you know computers early
19:46
on Because it doesn't sound like
19:48
you really got that I mean it
19:50
sounds like you were like a
19:52
curious kid who didn't necessarily You know
19:54
perform well in school, but was
19:56
also you know you were interested in
19:58
stuff and It's just
20:00
that you were waiting for the
20:02
right thing to come along
20:04
and then you really just took
20:06
to that yeah Waiting for
20:08
my passion honestly. Yeah, yeah Let's
20:10
talk about that period between
20:12
when you knew oh, I'm really
20:14
interested in this and then
20:16
when you got your first job
20:18
Yeah, so I want to
20:20
say I was studying for about
20:22
seven or eight months before
20:24
I Got an email I received
20:26
an email from a
20:29
CEO of a small
20:31
consulting firm based in Seattle,
20:33
Washington. And I remember
20:35
the email, because I was
20:37
like, what is going on? Basically,
20:40
what happened was he reached out to
20:42
me, said he had actually been following
20:44
my journey on Twitter for a little
20:46
while. And they were hard -engineered software
20:48
engineers. And he was wondering if I
20:50
would be interested in anything for the
20:52
role. And I was like, yeah. And
20:55
the rule would require relocation to Seattle,
20:57
and I had never been to Seattle, like,
20:59
ever in my life. At that point,
21:01
I had only lived in, I think, what,
21:03
California, Nevada, Florida, and Georgia?
21:05
Like, I hadn't been to, like, Seattle. One
21:07
place where most Americans would live, yeah.
21:09
Yeah? Oh. I mean, you live
21:11
on both coasts, that's cool. Yeah,
21:13
yeah, for sure. Yeah,
21:16
so talk us through what
21:18
that process was like. How
21:20
did you react to getting that
21:22
email? Did that feel... I mean, you've
21:24
been studying for like seven months
21:26
at this point. Yeah. Yeah. And
21:28
I had built some projects. I built like
21:30
a really, I remember the apps too. I remember
21:33
them and I was hosting them on GitHub. Yeah.
21:35
What were some of your early apps? Yeah.
21:38
So like, for me,
21:41
like how I developed ideas for like landing
21:43
pages since I wanted to be a front
21:45
end developer, I thought of like startup ideas.
21:47
So like, I thought of like a beer
21:49
and chocolate delivery service. So I created like
21:51
a landing page for that. Let's
21:53
see. I developed a landing
21:56
page for a fake beauty e -commerce
21:58
app because I was like, oh,
22:00
I'd love to build a beauty e
22:02
-commerce app to sell Korean skincare and
22:04
cosmetics and stuff like that based
22:06
on skin type. I was really going
22:08
into details. I was thinking, if
22:10
I was going to sell a startup,
22:12
this is what I would want
22:14
to advertise and try to market. I
22:18
did that. I also built a real estate listings
22:20
app, kind of like a Zillow clone. That was
22:23
the one I was the most proud of because
22:25
of the UI, honestly. There's
22:27
a lot of gradient effects and everything.
22:29
I'm sure it's so dated now. But
22:32
at the time, I was proud. Those
22:35
are the projects that I had
22:37
on my resume and on my
22:39
GitHub and everything. The
22:43
interview process basically consisted of the
22:45
first call being with the CEO virtually
22:47
talking about why I want to
22:49
be in tech and what... you know,
22:51
I'm passionate about and everything and
22:53
then it moved on to like the
22:55
technical portion which honestly is like
22:57
the least technical interview I've had since
22:59
then. Like I'd have to say
23:01
like in total because I've had like
23:03
full on like whiteboarding interviews and
23:05
this one was actually one of the
23:07
more like laid back ones that
23:09
was like this is it's a really
23:11
good like junior role like kind
23:13
of like interview for short. Basically they
23:15
had like me talk with two
23:17
of the engineers on the team and
23:19
walk through the code. the solution
23:21
for one of my projects that I
23:23
had, which in this case, I
23:25
believe it was the real estate listings
23:27
app. And they
23:29
asked me questions like, What
23:32
is my process for developing like a new
23:34
feature? How do I design it? How do
23:36
I consider like accessibility and everything since they
23:39
knew that I was also learning about accessibility
23:41
from their different resources that I was like
23:43
using and everything and so oh and also
23:45
about like how I would make like my
23:47
app like Responsive since at the time I
23:49
did not build I did not build that
23:51
website out responsive first So,
23:54
yeah, they were just trying to see my minds,
23:56
honestly, and how I'm able to communicate. And I
23:58
think that's also something that I also try to
24:00
tell people a lot, is these interviews are really
24:02
them trying to see how do you communicate and
24:04
how do you work through a solution and can
24:06
you work with a team member? Can they understand
24:08
you and everything? Do you ask questions? They're
24:11
just trying to see how you perform. And
24:13
of course, how do you perform under pressure as well,
24:15
especially those white boarding ones. But yeah. Yeah,
24:19
so that's what the ANP process was like, and
24:21
it was really simple. was just like two steps. Yeah,
24:24
and then so you go at
24:26
the Seattle and you start working as
24:29
a software engineer? Yeah, it
24:31
was like my first time like
24:33
on a first -class flight. I felt like
24:35
so cool. Yeah,
24:38
I had like three Cairnberry Vacas. I was
24:40
just like really, really happy on the
24:42
plane, but yeah, so yeah. Like it was
24:44
my first time in Seattle and everything
24:46
and it was also my first time having
24:48
my own place as well because they
24:50
provided relocation And so he was like hey
24:52
before I came out there. He was
24:55
like can you find a place? Um
24:57
in Seattle mind you I never been
24:59
there like I said and I was
25:01
like yeah sure and then I found
25:03
like a little micro studio It was
25:05
like super super small like less than
25:07
I don't even I don't even know
25:09
anymore actually micro studio so like I
25:11
Mean square footage like So like this
25:13
place for instance, it's like it's 35
25:15
square meters. I want to say Like
25:17
my micro studio was even less than
25:19
that. Okay,
25:21
so that's two square
25:24
feet. That is like
25:26
less than 400 feet.
25:29
So less than 400 square feet. And
25:31
of course, now you're in Bangkok, Thailand. We're
25:34
going to talk about that. We're definitely going to talk about that
25:36
a little bit. So
25:38
I just want to give people
25:40
context. So you're moving all the
25:42
way across the country, like Jacksonville,
25:44
Florida, or Orlando. To
25:47
freaking Seattle like you could not
25:49
travel farther across the continental
25:51
US And you're moving into a
25:53
I mean like the room.
25:55
I'm standing in here. It's probably
25:57
like 150 square feet. Maybe
26:00
200 so this is like not
26:02
much bigger than Yeah, it's
26:04
literally about that. It's about that
26:06
size and not even lines
26:08
you like that studio was about
26:10
I want to say like
26:12
around 150 there yeah
26:15
there wasn't even like there was not a full
26:17
kitchen at all there wasn't even a full
26:19
closet like there was a rack and that represented
26:21
the closet like a single bed yeah but
26:23
it was in such a nice part of Seattle's
26:25
in Ballard I don't know if it been
26:27
said Ballard Um, it's like a suburb,
26:29
like maybe like 10 minutes outside of like
26:31
the cap, uh, the, the downtown Seattle and
26:34
it was really nice. And it was five
26:36
minutes walking from the, from my office, like
26:38
from our office and everything. So that's why
26:40
I picked it as well. So it was
26:42
like right there in the main street. So
26:44
there was a bunch of like bars and
26:46
restaurants. So it was really nice, um, like
26:48
area, very safe, honestly, but also close to
26:50
my workplace. So. Yeah. So what was it
26:53
like, like the first few months? working
26:55
there, doing front -end development,
26:57
being in a completely new city, not
27:00
working in fast food. Yeah,
27:02
so when I started that job it
27:04
was July 2018, and it
27:06
was definitely a struggle at first for sure,
27:08
having to adjust to a whole new
27:10
city and everything, but also at the same
27:12
time I grew up, as you've heard,
27:15
I've lived in different states and everything, so
27:17
I was open to living in different
27:19
places. It wasn't foreign to me. But just
27:21
being away from, like, not being close
27:23
to my family, that was my first time.
27:25
Being away from my mother, for sure. My
27:28
siblings, like, no one was in that same
27:30
state or, like, nearby. And, of course, my father
27:32
had passed, so I really felt extra lonely,
27:34
honestly. Um, but
27:36
yeah. So it was, I was definitely like a
27:38
recluse at first. And just, like, trying to,
27:40
like, get, like, my bearings at work and trying
27:42
to, like, um... you know, just like become
27:44
like accustomed to like this like new workload and
27:46
everything because I was from having a workload
27:48
of working at, you know, fast food, like working
27:50
the drive -thru and cleaning bath and floor. So
27:53
like, oh, can you like help us like
27:55
develop this like new features like a whole different
27:57
like my shift for sure. And having to
27:59
like learn about like sprints and everything and stand
28:01
up like, you know, meetings that we would
28:03
have like, you know, just getting like used to
28:05
that. that whole
28:07
new culture working under like a project manager
28:09
who has like roadmaps and deadlines and
28:11
stuff like that it was it was very
28:13
different from like having to like build
28:15
like follow tutorial like online from like a
28:17
course and everything they don't teach you
28:20
all that you know yeah so they don't
28:22
necessarily they're just teaching you the specific
28:24
technical topics that you're gonna be that knowledge
28:26
that you're gonna be using on the
28:28
job they don't teach you the kind of
28:30
a meta aspects of working on a
28:32
software development team Yeah, and
28:34
you mentioned like you had like a
28:36
product manager or project manager that you
28:38
worked under and they delegated different features
28:40
and bugs and things to you and
28:42
then did you do like sprints? I
28:44
mean did you have like stand -up
28:46
meetings? Did you have all that stuff? Yeah,
28:49
daily stand -ups and everything like that
28:51
for sure and having to like
28:53
talk about like any like block you
28:55
know any blocks that we were
28:57
having like or questions that we have
28:59
about certain features or whatever tasks
29:02
that we have to do and everything
29:04
like that, for sure. And I
29:06
also learned about other functions in tech
29:08
or in IT, such as what
29:10
DevOps was. I didn't know
29:12
what a DevOps engineer was and what
29:14
role they play, system administrator,
29:16
all that kind of stuff. So that was
29:18
all very new. Actually, in
29:20
that first job, we didn't have a
29:22
dedicated security team. I believe that must
29:24
have been outsourced or something. So I
29:27
wasn't even exposed to security yet. So
29:29
yeah, they taught me nothing about security.
29:32
Well, that sounds like
29:35
an exciting moment in
29:37
your life. New city, new
29:39
field. Can
29:42
you remember how much you were
29:44
sleeping during that period? I'm
29:50
sure it was stressful, but
29:52
the more color you can put
29:54
on that picture, that portrait
29:56
of you in this new office, I
29:59
just like to try to transport myself
30:01
and put myself in your shoes to
30:03
the extent I can. It
30:05
was a very surreal feeling. It
30:07
didn't really feel real, even my first
30:09
few weeks or months into the
30:11
world and everything. I'm
30:13
glad that I did get
30:15
proper I
30:18
wouldn't say I was given proper
30:20
training, but I was giving a
30:22
lot of support for sure on
30:24
that job and everything. So
30:26
yeah, it was, it was just, it's different. It's just
30:28
like, know, you're just trying to like adapt like a whole
30:30
new like mindset and you're trying to see like, okay,
30:33
so like for me, like where does he like fit into
30:35
like this like team and everything. Also
30:37
like there's like different personalities and everything,
30:39
you know, Working like on a tech
30:42
team and everything so yeah, I was
30:44
just like being able to like deal
30:46
with people of different backgrounds and personalities
30:48
for sure That was another thing. Yeah,
30:50
we're where there are other people on
30:52
the team that had Not gone to
30:54
university like we think of like the
30:57
typical like developer as somebody who went
30:59
to university when they turned 18 and
31:01
got a computer science degree and then
31:03
just got an internship and then just
31:05
kind of like rode that like linear
31:07
progression that I would probably say at
31:10
least 50 or 60 percent of developers
31:12
do that even today. Were
31:14
there other people with less traditional
31:16
backgrounds and journeys? I
31:19
was I
31:22
actually don't know. I didn't even
31:24
inquire about a lot of their
31:26
backgrounds or like what degree they
31:28
had and they didn't ask me
31:30
either. But I want to say
31:32
like the two senior engineers, they
31:35
were twins actually. I
31:38
don't believe they had degrees. Yeah, I remember them
31:40
telling me that. And they were also from Florida, too.
31:42
They are from Miami. And they
31:44
were some of the smartest people that I've
31:46
met. Actually, a lot of the smartest people I've
31:48
met, they don't have degrees. Like my current
31:50
boss, actually, he doesn't have a college degree and
31:53
he's a CISO, which is pretty cool. But
31:56
yeah, at that time, no. A
31:59
lot of people were still... you know,
32:01
coming from a traditional background and everything, for
32:03
sure, having a computer science degree. Yeah.
32:06
And CISO is Chief Information
32:08
Security Officer? Is that correct? Yes.
32:10
Okay, cool. Yeah, I try to like
32:12
break down the acronyms for people listening. Like,
32:14
I'm not even sure of that, but
32:16
basically he's like, it's the equivalent of the
32:18
CTO for security. Yes, yeah.
32:20
He carries out all the executive
32:22
decisions when it comes to
32:24
security. He develops the security strategy
32:26
for a company and he
32:28
executes that. Yeah. So,
32:31
do you have any particularly
32:33
trying memories from that moment
32:35
when you were working in
32:37
Seattle where you got really
32:39
stuck or completely overwhelmed or
32:41
were there any moments where
32:43
you were just like, I'm
32:45
not sure if I'm cut
32:48
out for this? Yeah,
32:50
honestly, I remember this. I
32:52
had a project manager and
32:54
she was like really... Hard
32:57
on me. I would and I want to
32:59
say she was like really just like hard
33:01
on the team And I guess like she's
33:03
like under pressure herself because you know now
33:05
As I'm older I tried to think about
33:07
I try to have like more compassion I
33:09
try to be like more mindful of things
33:11
so like I'm not even trying to like
33:13
put her in like a bad Way
33:16
or anything like that, but I
33:18
want to say she probably was just
33:20
a perfectionist and she probably was
33:22
just like learning her job as well
33:24
Because she sent me like ten
33:26
tasks like 11 p .m. On slack
33:28
like to do and she wanted that
33:30
done like by 9 a .m. In
33:32
the morning what mind you yes,
33:34
yeah, so just to be clear like
33:36
you have ten hours and it's
33:38
Yeah, and I'm already like I'm I'm
33:40
asleep Cause like when I wake
33:42
up in the morning, she's like, Hey,
33:44
she's like, what's the progress on
33:46
the task that I've assigned to you?
33:48
I literally shows that like she
33:50
assigned those tasks to me at 10
33:52
PM. And I was just like,
33:54
this is, I'm not, I
33:56
haven't even looked at this. I just woke
33:58
up and work doesn't even start until nine.
34:00
Like we're not even like, we're not, um,
34:02
you know, it wasn't expected of
34:05
us to go into office until nine AM.
34:07
And so like that's usually when I was
34:09
starting my day. And I was like, yeah,
34:11
like when I, like clock in for work
34:13
and everything like I can begin those tasks
34:15
she's like she just really gave me like
34:17
a hard time about that and like at
34:19
the time I hate it now because like
34:21
the way I am now is like I
34:23
don't show emotion like um I really don't
34:25
like because you don't I don't know but
34:27
uh but then at the time like I
34:29
was just like oh my god like I
34:31
didn't really know how to like process it
34:33
so like I was internalizing and I felt
34:35
really really bad and I just felt like
34:37
oh my god it's like for me um
34:39
at the time and I was definitely questioning
34:41
like if I should like even like stay
34:43
in this job but I was just like
34:45
I'm already here um yeah I mean a
34:47
dream it almost feels like a hazing ritual
34:49
or something like Alright,
34:51
let's see if she's tough enough
34:53
to hang. Yeah, and
34:56
there were some other guys on the team
34:58
that said that she's done other stuff like that
35:00
to them as well. And
35:02
they're just like, I don't care. They're
35:05
just like, it's unreasonable.
35:07
Because at end the day, our CEO,
35:09
he's a very understanding person. And so
35:11
he wasn't honest at all about that.
35:13
So she was just, I don't know.
35:15
I know, I know for a fact,
35:17
I wanted to tell my boss so
35:19
bad, like, can you please not have
35:21
her be my project manager? Like, because
35:23
we had another one that was much
35:25
better. But I just, I
35:28
didn't even say that. I didn't even, like, raise the issue.
35:30
I just, um, you
35:32
know, I really leaned on the support of,
35:34
like, my teammates for real, like, on, you know,
35:36
just being good to, you know, co -workers and
35:38
everything like that and helping guide me and
35:40
stuff. So, and now the work place.
35:43
similar to like how when you were learning
35:45
to code and undergoing, you know,
35:47
extreme difficulty because learning programming
35:49
is hard. Similarly,
35:52
you kind of like went out
35:54
and you kind of crafted an environment
35:56
for yourself, supportive people. And
35:59
it sounds like you did the same
36:01
thing with your colleagues at the company. And
36:03
so you had kind of like the
36:05
support network and you all were able to
36:07
like vent and discuss like, oh, it's
36:09
kind of messed up that someone so expects
36:11
this of me. And it
36:13
seems like that was a big part of
36:15
how you kind of coped and stayed strong.
36:17
What did you say? Vensing? Because
36:19
I never vented to my coworkers, but
36:21
I more so was just like asking for
36:23
like guidance on how to like navigate
36:25
certain things. Okay. On how to develop my
36:27
communication skills more. Because I
36:30
think that was also like something to like
36:32
being able to like stand firm like in
36:34
your communication. Okay, like I cannot like and
36:36
working with the project manager to set better
36:38
deadlines for things Those are the things that
36:40
like I learned a lot from the more
36:42
senior engineers that kind of like took me
36:44
under their wings when I say that they
36:46
when I like that support system They yeah,
36:48
so yeah, that's kind of learn how to
36:50
manage the manager Yeah,
36:54
and how to be a better, yeah, how to
36:56
just be like a more communicative developer because it's,
36:58
like you said, it's not even just about the
37:00
technical skills. It's everything. You
37:03
know, it's being able to set
37:05
realistic expectations when it comes to deadlines
37:07
and projects and everything that you're
37:09
given. It's being able to be vocal
37:11
and to communicate things without being
37:13
overly emotional. You know,
37:15
and it's also setting inside like your feelings like
37:17
in the workplace. That's why say I don't even
37:19
like, Display
37:21
a motion like at work like that, you
37:23
know, like of course like you are
37:25
friendly you're kind and everything like that But
37:27
if you're like under stress or like
37:29
under pressure like I just try to have
37:31
like a Try to just center like
37:33
my thoughts and my emotions and everything like
37:36
that and just not yeah Yeah, just
37:38
just get that ice in your veins where
37:40
you're gonna Knuckle up. I'm just gonna
37:42
do this. I'm not gonna let them see
37:44
me bleed right that James won't ever
37:46
let them see you bleed And
37:49
it sounds like that's a big part of
37:51
how you navigate it, is just be really stoic
37:53
about it. Yeah. Yeah.
37:55
What are some of the biggest lessons,
37:58
the biggest takeaways from that first shot?
38:01
Oh, wow. Get.
38:09
It's so funny that that's the
38:11
first thing. I swear. I
38:13
remember the senior engineer, he
38:15
taught me how to Create
38:18
my first branch and you know
38:20
push commits and everything like that and
38:22
like the importance of writing like
38:24
meaningful commit messages and like that's really
38:26
taken me very far Having like
38:28
knowledge get so yeah And also not
38:30
being afraid to ask questions That
38:32
was another big takeaway because there were
38:35
a lot of things I didn't
38:37
know like I didn't know what vagrant
38:39
was and that was what we
38:41
used a lot for environment Yeah, big
38:43
right. It's a dev ops tool
38:45
for like Just having like a preconfigured
38:47
environment Now
38:51
people have like kind of like migrated
38:53
on over to like other like virtual
38:56
machines and everything like that. But yeah,
38:58
well, Vagrant is used to
39:00
configure like virtual machines and everything,
39:02
but like now they've migrated on
39:04
over to like other tools. But
39:06
yeah, I haven't used Vagrant in
39:08
years. But you got your first
39:10
exposure to that type of tool.
39:12
Yes. At the job. Yeah. And
39:14
that's what made learning like other
39:16
tools like such as like Ansible
39:18
or like terraform like not that
39:20
form of a concept they're like
39:23
learning like infrastructure as code because
39:25
you are writing You are code
39:27
like your infrastructure like invagrant So
39:29
yeah, yeah, awesome. And so When
39:31
did you decide to leave that
39:33
job and move on? Oh
39:35
my gosh, I got laid off got
39:37
laid off. Yeah, they laid off all
39:40
the juniors They laid off the instance.
39:42
Yeah, it was actually I've looked up
39:44
that company. They've changed the name Um,
39:46
but they, all the developers
39:48
that I, you know, had worked
39:51
with, they're no longer there. Um,
39:53
so like, I don't know. And I guess like
39:56
they completely like restructured the company. But yeah, they
39:58
had like, uh, they told me that, you know,
40:00
they were just like running out of like money
40:02
really, like of clientele and stuff. So, um,
40:04
they just had to like, you know, just make
40:06
a decision to like keep like the more senior
40:08
developers and everything. And yeah, that crushed me. That
40:10
I was, cause I was stuck. Yeah,
40:12
you're in Seattle. Like you've
40:14
uprooted your entire life. Yeah,
40:17
yeah, that happened around the holidays. It
40:19
happened around Christmas. What
40:21
did you do? Oh my gosh,
40:23
I was like depressed, but I have money
40:25
though because since I lived in a micros, because
40:27
I had thought about it when I initially
40:29
was looking for a place right before I started
40:31
my position. I was okay. Like I knew
40:33
how much I was going to make. post
40:36
taxes because I use this website called
40:38
smartasset and it kind of gives you
40:40
a good estimate of how much your
40:42
paychecks would be after taxes, depending on
40:44
the state, sometimes the city, all
40:46
that kind of stuff. And
40:48
so I had an idea of how
40:50
much I'd make, and so I found
40:52
an apartment that was way less than
40:54
that, so my apartment was $900 at
40:56
the time, which was probably considered a
40:58
lot for such a small apartment, but
41:00
yeah. And so
41:02
I had savings and everything like that. So I
41:05
was living off my savings, honestly. And
41:07
I started freelancing, actually. Because my best
41:09
friend, he had a contracting company and everything
41:11
like that. So we started just, we're
41:13
just like, hey. I was like build out
41:15
some like mobile and like web apps,
41:17
like let's just get this money like this
41:19
way. And I was like, okay, cool. And
41:22
so that exposed me to like work with like different
41:24
clients, stuff like that. So that's what I was
41:26
doing for a while. And then I was able to
41:28
like, you know, give my own clients off of
41:30
Twitter as well, just from, you know, having the tech
41:32
presence on Twitter and everything like that. So I
41:34
was doing that for a long time. So
41:36
first of all, that's really cool that you
41:38
like live well within your means and you were
41:41
able to kind of plan. Because
41:43
a lot of people when they
41:45
get the first job, they're like, all
41:47
right, I'm gonna go get a
41:49
lease on it. You're like like
41:51
you planned out and you had
41:53
like this kind of emergency fund and
41:55
then you were able to leverage
41:57
the social media presence that you built
41:59
up to find clients and you
42:01
were able to Do client work and
42:03
make yeah, what was that like
42:05
that period of your life? It
42:09
was definitely interesting Because
42:12
I was traveling I was giving
42:14
conference talks like so I spoke in
42:16
Believe like Seattle. I spoke in
42:18
San Francisco. I spoke in Germany, which
42:20
is really cool Chicago and stuff
42:22
like that So I was doing that
42:24
but then I was also like
42:26
getting clients and everything and I also
42:28
found clients like not even through
42:30
like online, but just from I remember
42:32
I was at Uh, Linux
42:34
mall in like Atlanta is like this big mall and
42:37
I was coding on my computer. I was just like
42:39
working on like a project or something like in the
42:41
food court. And then like, there was some like random
42:43
person that was like, Hey, like, are you coding? I
42:45
was like, yes. And they were like, I have an
42:47
app and it was just everyone like, so I just
42:49
ran into people and they were just like, I have
42:51
an app and everything like that. Or like, I, you
42:53
know, I want to eat commerce store. And that's, I
42:55
really, really got good with like WooCommerce and Shopify. Um,
42:58
cause a lot of people, like they had, you know, they
43:00
wanted to set up storefronts and so I just, and I
43:02
learned that from YouTube. Yeah. So
43:06
I was, they were like, Hey, can you build
43:08
this? I'm like, yeah, sure. Whatever I didn't know,
43:10
I just like learned how to do. Like I
43:12
just looked it up on like YouTube or something
43:14
or found documentation, definitely a lot of documentation, um,
43:17
to like build themes and like whatnot. So
43:19
yeah, that's, it was definitely interesting period
43:21
because like I knew that. I
43:23
didn't want to be in front of web
43:25
development forever. I knew I wanted to get into
43:28
security at some point. I'm
43:30
just trying to make ends meet. I'm just trying to
43:32
do my thing. I'm trying to travel and everything. I
43:36
think I was also writing coding
43:38
tutorials as well. I was trying to
43:40
stick to that as well. If
43:42
I can make a few
43:44
observations, first of all, you
43:46
just did whatever the client needed. And
43:48
you weren't like, well, I'm not going to
43:50
do WooCommerce or WordPress. You
43:52
didn't get all up on your high horse.
43:55
You're just like, sure. WooCommerce,
43:57
I'll build this app. You didn't think
43:59
of yourself as an XYZ developer. You
44:01
were just like, OK, I'm just a
44:03
Swiss army knife dev. I can do
44:05
whatever. Wherever
44:07
the business leads me. Yeah.
44:11
Yeah. So it
44:13
sounds like you were very pragmatic about making
44:15
it into me. At
44:18
the time, yeah. I mean, and also I had
44:20
exposure to WordPress from having my own blog on there.
44:22
So when I had my portfolio site, when I
44:24
was like looking for a job and like how my,
44:27
that CEO, how he found me and everything,
44:29
I had my portfolio site on there
44:31
and it was built with WordPress. So I
44:33
already had that exposure. So it just
44:35
made like sense to like, you know, with
44:37
clients or like ask about... WordPress
44:39
and Shopify and other CMS
44:41
solutions are just always a really
44:43
perfect solution for small to
44:45
mid -sized businesses and everything, where
44:47
they need something fast and that's
44:49
easy to manage. I
44:51
was really good with teaching people how
44:53
to use things, so not only was I
44:55
building the websites, I was also teaching
44:57
them... You know how
45:00
to update their content everything like that and how
45:02
like WordPress works and everything So and then when they
45:04
did want to expand it's like a blue commerce
45:06
or like you know add in like that shopping feature
45:08
Then I was also able to help them and
45:10
I was just thinking of that and I I
45:12
guess like having like my best friend who
45:15
was like really like deep into business like that
45:17
helped me as well with like being able
45:19
to sell my services and all that kind of
45:21
stuff So yeah, and it just it also
45:23
like made sense like I knew like react to
45:25
new JavaScript and everything like that So I
45:27
wasn't afraid of like, you know digging take the
45:29
front end and Customizing like code or anything
45:31
like that. So it helped in PHP isn't it's
45:33
not it's not that formidable language You know
45:36
compared to JavaScript, which is what I was working
45:38
with that work and everything. It's not it's
45:40
not as a big of like a WCF
45:42
as job it is for me. I
45:45
would not want to
45:47
go to Java. I
45:49
definitely can hear you there. The
45:51
jump from Java to JavaScript
45:53
is like a jump from a
45:55
car to carpet. What
45:59
do you work with the most
46:01
then? Mostly Python and JavaScript. And
46:04
I just keep it simple.
46:06
Like PHP, you mentioned PHP,
46:08
Peter levels. He just does
46:10
everything in PHP. And every
46:12
single project, he just uses
46:14
PHP and SQLite, I think. Yeah.
46:18
And so whatever the tools, they get the job
46:20
done, those are good tools
46:22
to use. You'll talk to these seasoned carpenters
46:24
that are using basically the same tools that
46:27
they've been using for the last 20 years
46:29
to get things done. And there might be
46:31
some newfangled tools. And maybe they'll experiment with
46:33
those. There's a high bar
46:35
to clear for actually adopting a new
46:37
tool and like moving to a completely new
46:39
stack and all the new learning that
46:41
is necessary with that. So
46:44
would you say you've been relatively focused
46:46
at least when you were front of
46:48
dev like on JavaScript, Python, and then
46:50
a little bit of PHP? Yeah,
46:52
yeah, definitely. It was those languages for sure.
46:54
I mean, I was always interested in learning
46:56
other languages and everything, but As far as
46:58
what else I got a day to day,
47:00
I was definitely focusing on those. Those are
47:02
my bread and butter. And those are also
47:05
languages that I recommend to people when they
47:07
want to learn how to code. Because
47:09
they're still so popular today. JavaScript
47:11
and Python. Awesome,
47:14
let's talk about your journey into security
47:16
because I'm very interested a lot of people
47:18
listening to this may already be working
47:20
as devs or they may not have figured
47:23
out how they want to specialize and
47:25
security is one of those things where they're
47:27
always gonna be like North Koreans trying
47:29
to hack you and You need to be
47:31
ready, right? Okay,
47:34
so how I got into security I
47:36
started learning it through like try hack
47:38
me That was actually like what got
47:40
me like into and also TCM security
47:42
because they had a lot of courses
47:44
on YouTube for sure Around that time
47:46
and I want to say I started
47:48
learning like in 2022 2022 is when
47:50
I joined like trihack being everything and
47:53
I This is the thing though This
47:55
is what I tell people is that
47:57
like you don't just start if I
47:59
like learning security like for the most
48:01
part You're trying to get a technical
48:03
role in security Usually have
48:05
to start off with already like Linux
48:07
like you have to like learn like
48:09
operating systems and like networking and I
48:11
did not know those two things like
48:13
in -depth I knew basic Terminal commands and
48:15
everything like that from being a developer
48:17
for how much like use like get
48:19
and everything but I Wasn't as confident
48:21
with like with Linux in general and
48:23
so I definitely learned like a lot
48:26
I was reading books like Linux
48:28
Bases for Hackers. There was
48:31
another Linux System Administration book that I
48:33
was also going through and learning
48:35
about how to set up a lamp
48:37
stack, which for those who don't
48:39
know, was commonly
48:41
used to help push out
48:43
WordPress applications. You're developing
48:45
servers that are built with
48:47
PHP, MySQL database. Apache
48:51
like web server and Linux so like that's
48:53
what makes up the lamp stack and solve stuff
48:55
Yeah, I was like learning how to like
48:57
build that from scratch because I was like well
48:59
like I know you know how to run
49:01
a web, you know WordPress application I didn't know
49:03
so much about setting it up like from
49:05
scratch because you know how you can use like
49:08
I was using when I was a developer
49:10
and I was building out like the WordPress sites.
49:13
The WordPress sites already hosted up by like using
49:15
like a one click solution from like Digital Ocean,
49:17
which is a cloud hosting provider. And so the
49:19
people are like an easy way for you to
49:21
like deploy like a WordPress application without having to
49:23
like know like all the mechanics that's going into
49:25
it. But when I was learning like security, you
49:27
know, it is kind of like important to learn
49:29
about how like those things like a built and
49:31
everything. So. I was on try
49:34
hack and I was doing that and then I
49:36
learned about Active Directory, which I had not known what
49:38
that was at all. For
49:40
those who don't know, that's
49:42
what, you know, it's helps you use
49:44
to manage like Windows like environments and
49:47
everything like that and control like users
49:49
and create policies and deploy those and
49:51
everything like that. And so I, you
49:53
know, I learned how to build. and
49:55
set up a domain controller in a
49:57
virtual machine. Definitely learned a lot of
49:59
virtualization because everything that you're using, whenever
50:01
you're practicing a tax or you're setting
50:03
up anything, you're using it all in
50:06
virtual machines, which are isolated from your
50:08
actual host machine. And
50:10
so I learned how to set
50:12
up a whole domain controller and hooking
50:14
up windows like hosts and everything
50:16
and learning how to run a tax
50:18
against them. So
50:21
it was just a lot about learning how to build a
50:23
thing and then how to break the thing. And it was
50:25
a constant cycle of that for sure. So
50:27
yeah, I was used to trying to hack
50:29
me, but I always tell people to learn how
50:31
to build a stuff like yourself in VMs.
50:33
And that's how you really get your hands dirty,
50:35
and that's how you actually understand things. Don't
50:37
just do modules. That wasn't how
50:39
I retained the knowledge. I'm a very hands
50:41
-on person. So
50:44
yeah, I was doing like a lot
50:46
of that, I was doing courses,
50:48
I was reading books, and I just
50:50
became fascinated, okay, Quincy? Like, I
50:52
was listening to this podcast called... like
50:55
Darknet Diaries. Oh, excellent
50:57
podcast. Everybody who's interested in security, you
50:59
should definitely listen to that. I love
51:01
Darknet Diaries. Yes, and it's a really,
51:03
really good podcast and it goes over
51:05
like real stories of, you know, different
51:07
like hacking events and like incidents that
51:09
have happened or just even covering like
51:11
just like interesting stories and paths of
51:13
like people that are in security, like
51:16
Jason Haddix and, you know, people
51:18
like that. So shout out to Jason
51:20
Haddix actually. It's really cool. But
51:23
yeah, that would keep me motivated
51:25
because I was always interested. I started
51:28
to learn about people like Aaron
51:30
Schwartz. If you don't know
51:32
who that is, he was one of the
51:34
co -founders of Reddit, and I'm actually a whole
51:36
Reddit junkie. Because I definitely
51:38
use a lot of Reddit to
51:40
build up my roadmap, honestly, for
51:42
security. So when I was curious about
51:44
what should I learn from being a developer
51:47
to being in security, there's 10 ,000 people that
51:49
ask the same exact question. That's
51:52
how I learned about resources like TryHackMe
51:54
and Portswigger, which is a great resource.
51:56
It's free and it's online. always
51:59
like updated with like different labs to
52:01
like learn different web vulnerabilities. And that
52:03
was that's how I pivoted into security.
52:05
That's how I kind of honed in
52:07
on my focus. So yeah, I was
52:09
building like active directory labs and stuff
52:11
like that. And just like labs in
52:13
general, so I learned about different attacks.
52:16
But like my specialty, I guess, was
52:18
web application, like security and everything because
52:20
I knew how to build it. So
52:22
now I was like curious about like,
52:24
like, Making applications behave like in ways
52:26
that it wasn't intended to is really
52:28
interesting. So and that's where the OWASP
52:30
10 like a lot of the different
52:32
common attacks
52:34
come from. There are
52:36
a lot of websites out there and
52:38
a lot of them are running outdated
52:40
versions of PHP and stuff and they
52:42
don't have security engineers on their team
52:44
because they're a tiny startup and when
52:46
you're a dev team of like two
52:48
or three people, you don't necessarily have
52:50
a dedicated security person. If
52:54
I can recap some of the advice
52:56
you gave there. So, I
52:58
love, like, learn how to build things. And,
53:01
like, I'm a big advocate of
53:03
learning how to build things. Rekookive .org,
53:05
learn how to build software. And then,
53:07
learn how to break that software
53:09
open and do things that the people
53:11
who control those servers did not
53:13
intend for you to do. Because that's
53:15
how you find out what, and
53:18
again, North Korea is going to be
53:20
like, they hack Everybody like it's a huge
53:22
portion of their gross national product is
53:24
like them basically Like you know stealing people's
53:26
bitcoins and stuff like that, right? So
53:28
it's a you have to think about like
53:30
okay What are the most sophisticated? State
53:33
actors who have like these teams
53:35
of like military people that have
53:37
like spent all this time like
53:39
they're gonna attack your website you
53:41
need to be ready and and
53:43
that's what like a lot of
53:45
security is is essentially like You
53:47
know having like a strong defense
53:49
against those types of bad actors,
53:51
right? And there are
53:53
threat actors that target certain industries. So
53:57
if you are, let's say, your developer
53:59
that's working for a bank, and you're getting
54:01
into security, and you're learning about the
54:03
different tactics, the TCP's, they call it, the
54:05
tactics techniques. I
54:08
forgot what it all
54:10
stood for. But basically,
54:12
studying the behaviors of attackers and
54:14
everything. And so there are APTs, which
54:17
stands for Advanced Persistent Threat. There are
54:19
different APT groups that specialize in attacking the
54:21
financial industry and everything like that. So
54:23
let's say you're on the red team, or
54:25
let's just say you're on the security
54:27
team at a bank or something like that,
54:30
then you would be studying those tactics
54:32
and learning about how to defend against those
54:34
potential threat actors. So yeah.
54:36
In my case, what
54:38
I currently do at my job,
54:41
APTs aren't a common threat for
54:43
us. It's more about the
54:45
average script kitty who might be
54:47
trying to run different SQL
54:49
injection payloads or something like that.
54:51
And so you have to
54:53
make sure that all your input
54:55
fields on your web applications
54:57
have proper validation and everything like
54:59
that, encoding defenses to protect
55:01
against different injection attacks and stuff
55:03
like that. That's
55:06
the thing. Security is so vast.
55:08
There's different areas of security. There's the
55:10
incident response, there's compliance, there's this
55:13
and that. But I do recommend for
55:15
those who are web developers or
55:17
software engineers that want to transition to
55:19
security. You have a really
55:21
really good chance of getting into application security
55:23
and that's why I was honing in on
55:25
the OS top 10 and like web vulnerabilities
55:27
and stuff like that because it already builds
55:29
on what you already know. You already have
55:31
like that solid foundation of web development. Now
55:34
you have to learn about like different ways
55:36
that like an attacker can try to explore
55:38
your application and so your job would be
55:40
to help to cure that application from those
55:42
attacks and everything. So I recommend that for
55:44
shorter people. Awesome.
55:46
Yeah, and and that is
55:48
super actionable advice for any
55:50
devs listening to this what
55:52
Taylor just said about Basically
55:54
leveraging the fact that you
55:56
already have this expertise because
55:59
there are advanced persistent threats,
56:01
right? There are these state
56:03
threat actors like that are
56:05
out there literally doing like
56:07
military operations against people
56:09
right and like the solar
56:11
winds attack or something like that
56:13
where they get into like
56:15
tons of computers by exploiting some
56:17
you know uh vulnerability and
56:19
like something that has it's deployed
56:21
everywhere right uh like windows
56:23
machines uh you know all the
56:26
ransomware attacks and stuff like
56:28
that uh but for every uh
56:30
you know advanced persistent threat
56:32
i think is the acronym you
56:34
use uh yeah like Every
56:36
one of those, there are a lot of
56:38
what are called script kitties, which are just
56:40
people that don't necessarily know a lot about
56:42
security. They're just using some tool. Like,
56:45
they're these tool packages
56:47
that, you know, what
56:50
is it called? Like, it's called,
56:52
like, Sploit? I can't remember the
56:54
name. Metasploit? Yeah, Metasploit. Yeah,
56:56
like, they're entire security packages.
56:58
And you can just sit
57:00
there with your... Not
57:03
-so -cheese Dorito covered fingers and drink
57:05
and be great and you could you
57:07
can go in and like screw
57:09
up somebody's website pretty badly Yeah, like
57:11
throwing like some of these tools
57:14
at them and and so one of
57:16
the things that you do It
57:18
sounds like it's just batting down the
57:20
hatches and cover like the most
57:22
common types of attacks that are everywhere
57:24
and that pretty much anybody who
57:26
didn't like Want your website to be
57:28
up could potentially call upon to
57:31
bring you down Yes, yeah, at my
57:33
current position. Well, yeah,
57:35
okay, actually I'll start into like my
57:37
first job in security. Yeah, I thought
57:39
about that. Yeah, so it was a
57:41
struggle. So like if you thought that
57:43
like my whole journey in getting into
57:46
like low development was like hard, like
57:48
getting security was like even like harder
57:50
because security isn't... I do understand people
57:52
say when they say security is not
57:54
insurable. Because it does build
57:56
on like you having like some type
57:58
of like knowledge and something else Like
58:00
for instance like okay like web development
58:03
like you just you learn how to
58:05
code you get a job in tech
58:07
there you go There's entry -level jobs
58:09
in in software development or like a
58:11
system administration or a networking or whatever
58:13
security kind of like builds on some
58:15
type of knowledge of either one of
58:17
those domains that I just like named
58:19
off for the most part and so Like
58:23
a big barrier for me was lack
58:25
of experience even though I had like the
58:27
user experience a software development It
58:30
was like the recruiters like recruiters would
58:32
be like yeah, like that's cool But
58:34
like you don't have like actual cyber
58:37
security experience and so like that was
58:39
really hard and it's very hard to
58:41
get cyber security experience without being in
58:43
a cyber security role now there are
58:45
I would do say like now with
58:47
the knowledge that I do have Of
58:49
like the industry like obey to get
58:51
experiences like do bug bounty hunting Which
58:54
if you don't know what that is
58:56
like that's basically where people can find
58:58
like vulnerabilities and flaws on applications such
59:00
as Facebook and twitter um... or like
59:02
other like public -facing like assets or
59:04
sites and they report like bugs and
59:06
everything and they can receive a uh...
59:08
like a reward like a monetary like
59:10
money like for it which is pretty
59:13
cool yeah it's like a bounty hunter
59:15
like brings in the the the pirate
59:17
hunter zoro and gets there you know
59:19
yeah and it can pay like depending
59:21
on the severity of the bug like
59:23
i think like at open a i
59:25
Um, they're offering, but like bounty's up
59:27
to like over 100 ,000 for like a
59:29
critical flaw. So I'm just like, wow,
59:32
like really really good money. Life changing
59:34
money. Um, but yeah. Um,
59:36
so it was really hard to
59:38
find a job. In security and everything
59:40
like that. Of course there were
59:42
entry -level like penetration tested, which is
59:44
definitely the rule. That's what I wanted
59:47
to be as a pen tester,
59:49
which that means that someone who is
59:51
able to like ethically like legally
59:53
Hack like web application systems networks Whatever
59:55
that is put in front of
59:57
them being able to like break it
1:00:00
and find flaws in it And
1:00:02
yeah, like the word junior pen tester
1:00:04
rules, but it was it's very
1:00:06
comp like it's very competitive
1:00:11
for sure because there's people that
1:00:13
have like computer science degrees not only
1:00:15
computer science degree they've been coding
1:00:17
since they were 10 and they also
1:00:19
have founds like CVEs and so
1:00:21
many bug bounties and they have like
1:00:23
a really really flawless resume so
1:00:25
a CVE that stands for common vulnerabilities
1:00:27
and exposures and that is a
1:00:29
publicly like disclosed vulnerability so yeah that's
1:00:31
what a CVE is and so
1:00:33
like something people already know about basically
1:00:35
but it's like People
1:00:37
just have to fix it It's actually
1:00:39
not of it's not to the knowledge
1:00:41
of like the organization or like the
1:00:43
application or whoever is like in charge
1:00:45
of like the software that she found
1:00:47
the vulnerability and like they don't know
1:00:49
about until you reported it and Then
1:00:51
like they can choose to like disclose
1:00:53
that vulnerability and so it gets assigned
1:00:56
to CVE ID So that now becomes
1:00:58
public knowledge and it's kept in a
1:01:00
public database believe the NVD, which is
1:01:02
national vulnerability database Okay, so
1:01:04
it's basically like let's say like hypothetically
1:01:06
you run like some sort of web server
1:01:08
and somebody figures out some exploit there
1:01:10
or like they find a vulnerability and so
1:01:12
Everybody who is using that web server
1:01:14
should know and it should be patched and
1:01:16
the update should be rolled out But
1:01:18
now everybody knows that like this this exists
1:01:20
out there and you need to update
1:01:22
yourself Well, yes, yes, and so like when
1:01:24
you do report it they do go
1:01:26
through the process of like remediating that and
1:01:28
then like they will or
1:01:30
however they do choose to like treat
1:01:32
that vulnerability and then like yeah so
1:01:34
then it becomes like part of like
1:01:36
public knowledge like okay like you need
1:01:38
to like update or patch up your
1:01:40
Apache systems for instance like it let's
1:01:42
say you do find a vulnerability like
1:01:44
a directory traversal or whatever kind of
1:01:46
vulnerability like in Apache like web server
1:01:49
version one point whatever now You
1:01:51
can report that vulnerability and then it gets
1:01:53
publicly disclosed and everything then it's like
1:01:55
okay boom Like it's documented publicly for everyone
1:01:57
to know like a patch system because
1:01:59
like there was a certain vulnerability and it
1:02:01
will be that CVE ID that I
1:02:03
say that you know that you get assigned
1:02:05
when you do find like that CVE
1:02:07
or when you know when it does get
1:02:09
accepted as a CVE that will forever
1:02:11
be like taught like that CVE ID so
1:02:14
Okay, cool. Thanks. And I didn't
1:02:16
know what that was, and now I do. And
1:02:18
hopefully some of the people listening didn't know what
1:02:20
that is either. And that's used in a
1:02:22
lot of the tools, like a lot of the security
1:02:24
scanners, like if you've heard of like SAS or DAS,
1:02:26
like which are basically tools that you can scan against
1:02:28
like code or web applications, especially
1:02:31
in SAS tools or SCA, which is
1:02:33
used to scan against like open source
1:02:35
libraries, for instance, and dependencies that we
1:02:37
use right as developers. Like
1:02:40
yeah, that's what's used like so basically
1:02:42
like how like those security tools work
1:02:44
is that it scans like your code
1:02:46
against like a whole database of like
1:02:48
of CVE's and so that's how Yeah
1:02:50
Yeah, so that's how that works awesome
1:02:52
And so that's good to know that
1:02:54
like this is publicly disclosed and then
1:02:56
it's actually used to help people identify
1:02:58
Oh, you've got these known issues in
1:03:00
your code, but you need to go
1:03:02
fix these real quick and
1:03:05
a public service announcement for everybody like
1:03:07
don't turn off auto updates on your
1:03:09
computer I know it's annoying to have
1:03:11
to update your software to update your
1:03:13
phone but you should always keep everything
1:03:15
on the latest version for precisely this
1:03:17
reason they're constantly little vulnerabilities being discovered
1:03:19
that are getting patched and you don't
1:03:22
want to be like running some old
1:03:24
like you should literally abandon software that
1:03:26
is no longer supported like free cooking
1:03:28
up wheat we migrated from using ghost
1:03:30
we were on like this old version
1:03:32
and when they announced they were not
1:03:34
gonna Support it anymore. We had to
1:03:36
migrate. We're not we're not gonna try
1:03:38
to like We're not gonna leave ourselves
1:03:40
wide open So that is a compelling
1:03:42
reason to just keep like securities a
1:03:45
real important consideration in what software you
1:03:47
use and whether there are people actively
1:03:49
maintaining it whether you have a reasonable
1:03:51
expectation that these cds are being patched
1:03:53
right I'm not sure if I'm using
1:03:55
the term cds like if that's the
1:03:57
first way to say it, but well
1:03:59
basically yeah, so I have so many
1:04:01
questions. We've only got a few minutes
1:04:03
left, and I just want to start
1:04:05
firing them off at you. First
1:04:08
of all, you live
1:04:10
in Bangkok, Thailand. That
1:04:13
is awesome. And I'm excited to learn
1:04:15
a little bit about how you got
1:04:17
out there and your decision -making process. OK,
1:04:21
sure. So at
1:04:23
the time, when
1:04:26
I first visited Thailand, it was
1:04:28
August of last year. of 2024 and
1:04:30
I spent two months backpacking south
1:04:32
east Asia because I was like a
1:04:34
bucket list school that I've had
1:04:36
plenty since I was like maybe 12
1:04:38
or something. And
1:04:41
so I spent two months like traveling like
1:04:43
Thailand, Vietnam, Indonesia, Malaysia, and Bangkok was like what
1:04:45
was what spoke to me like the most
1:04:47
like that was the first city that I visited
1:04:49
out here in Asia and I was like
1:04:51
yeah like I was like I could live here
1:04:53
it was like a passing thought when I
1:04:55
was gonna back up like a motorbike because that's
1:04:58
how we kind of get around it to
1:05:00
like motorbikes out here and so and I was
1:05:02
like yeah I could live here like I
1:05:04
just really it felt very comfortable for me and
1:05:06
so uh I knew that
1:05:08
that's where I wanted to live. And when I
1:05:10
got offered this most recent position that I'm in,
1:05:13
that was in October. And
1:05:15
at the time when I had any before that
1:05:17
job, I was in Vietnam. And
1:05:19
so I had actually told him that in the
1:05:21
interview, because he was like, oh, he's dark out
1:05:23
there. And I was like, yeah, it's like 11
1:05:25
PM here. I'm in Vietnam. And he was like,
1:05:28
oh, he's like, OK. And the
1:05:30
world was remote and everything. After
1:05:34
I got the job like I started researching
1:05:36
about relocating like I did you know ask
1:05:38
my boss like I was like how do
1:05:40
you feel about people like relocating like to
1:05:42
You know to like a different like country
1:05:44
or something like that or like working remotely
1:05:47
from another country I didn't know how long
1:05:49
I wanted to be in Bangkok But I
1:05:51
just knew I wanted to be there for
1:05:53
extended period of time and he's like yeah,
1:05:55
I don't care He's like I live on
1:05:57
a boat and I was like wait what
1:05:59
and like He actually like my boss is
1:06:01
a CISO a chief information security officer and
1:06:03
he Literally like lives on a boat like
1:06:05
sailing the Caribbean And so like I think
1:06:08
he was just like more like open -minded
1:06:10
to people just because of like his own
1:06:12
situation and everything like that So I was
1:06:14
like, okay as long as like I handle
1:06:16
the time zone difference. That's that was the
1:06:18
thing so like I saved up money I
1:06:20
basically like stacked up for like three months
1:06:22
and I researched visas the different visa options
1:06:24
out here and so I just recently got
1:06:26
the digital nomad visa or the DTV and
1:06:29
basically allows me to live in Thailand for
1:06:31
up to five years. Yeah,
1:06:33
I work remotely in Thailand, so I
1:06:35
can legally work remotely out here. Just can't
1:06:37
work for a Thai employer. I can
1:06:40
work for an overseas employer, though, which it
1:06:42
literally works out for me. So yeah,
1:06:44
I just gotta prove for that. And
1:06:46
yeah, that's how I'm living out here and
1:06:49
everything. I got my apartment when I was
1:06:51
still in Florida. I
1:06:53
found the apartment on
1:06:55
Facebook. in one of the
1:06:57
Facebook groups and everything like that, and I got
1:06:59
a Bristol tour and everything, but in my leasing
1:07:01
agent, it really just, he helped me find this
1:07:03
spot. And so, yeah,
1:07:05
I moved out here January 11th of
1:07:08
this year. So I've been out here for three
1:07:10
months. That's amazing. And I
1:07:12
want to dig a little deeper. Like,
1:07:14
first of all, everybody should check
1:07:16
out Taylor's YouTube channel, where she's doing
1:07:18
a short kind of video essay
1:07:20
tutorial types about her move out there
1:07:22
and, like, immigration
1:07:24
considerations, lifestyle, safety, all
1:07:26
those things. But
1:07:28
what inspired you to live
1:07:31
abroad? I mean, you
1:07:33
could just be comfortable back
1:07:35
here in the States,
1:07:37
probably, and yet you're seeking
1:07:39
out these completely different
1:07:41
cultures, dramatically different time zones.
1:07:45
That's a great question. I've always been
1:07:47
interested in wanting to immerse myself in
1:07:49
other cultures. I've always wanted to. a
1:07:52
chart like I think maybe
1:07:55
since I was like five or
1:07:57
six like I was given by
1:08:00
a family friend, a book, um, a World
1:08:02
of Psychopedia book, and I remember I read
1:08:04
that till the pages fell off, like, from
1:08:06
start to finish, like, as a kid. And
1:08:08
I learned about different countries, and I was
1:08:10
just, like, always so fascinated. And as I got
1:08:13
older, I would get on YouTube, and I
1:08:15
would see, like, these, like, travel vloggers, like, make
1:08:17
these, like, you know, videos, like, trying different
1:08:19
food markets, like, out in Bangkok and everything, and,
1:08:21
um, or people, like, learning, you know, different
1:08:23
languages, like, Chinese or, uh... you know French or
1:08:25
whatever and being able to speak to like
1:08:27
the natives and that like that language and just
1:08:29
seeing like how like they just built like
1:08:31
those connections like because you know like this person
1:08:33
from a whole different culture this other person
1:08:36
a whole different culture they may not you know
1:08:38
be able to have like a whole full -on
1:08:40
like in -depth conversation in that language but just
1:08:42
the effort that she made to try to
1:08:44
like learn their language like it meant a lot
1:08:46
for them and I just I like that Honestly
1:08:49
and also the people in Thailand are
1:08:51
just so sweet like the Buddhism like I
1:08:53
always say that it's like the Buddhist
1:08:55
Buddhism like really permits like throughout the culture
1:08:57
and it's how you know and how
1:08:59
like they treat you and everything how respectful
1:09:01
they are and the kind you know
1:09:03
just the kindness and the politeness like all
1:09:05
throughout the atmosphere here so I was
1:09:07
just always really drawn to that and I
1:09:09
was just like yeah and I'm also
1:09:11
someone that I could probably spend a
1:09:13
globe and be like, okay, I'll live here. I'll
1:09:16
see what it's like for like a month
1:09:18
or something. I'm just, I'm always like, you know,
1:09:20
within reason. I've just
1:09:22
always been like barely open minded to that for sure.
1:09:25
So it didn't even scare me. I was just like,
1:09:27
let's just go do it. Yeah.
1:09:31
If somebody wanted to plan to move overseas
1:09:33
like you did, what would be like
1:09:35
kind of like a checklist like in
1:09:37
terms of like how much should they save
1:09:39
up? Like how far in advance should
1:09:41
they start planning? or such a move.
1:09:43
Assuming, like let's presume they're in a
1:09:45
situation like you where they don't have kids
1:09:47
and they don't necessarily have like aging relatives
1:09:49
they're taking care of or anything like that.
1:09:52
Right. I
1:09:54
would definitely, so what I did, I
1:09:56
saved up, well first off
1:09:59
I calculated like my, what I thought
1:10:01
my average cost living would be on a
1:10:03
monthly basis and I used how I
1:10:05
determined that was I looked at my spending
1:10:07
habits, so what would I spend more
1:10:09
on? What would I spend less on? And
1:10:11
then I also looked into how much
1:10:13
the average studio or one bedroom costs out
1:10:15
here in Thailand for instance, or specifically
1:10:17
Bangkok. So I kept that in mind. And
1:10:19
then I also did a lot of
1:10:21
research. I watched a lot of YouTube videos
1:10:23
of people who also share their cost
1:10:25
of living. That's why I also shared mine
1:10:27
still on my YouTube channel. That
1:10:29
whole transparency, I learned a lot from that.
1:10:31
And so I did that times that by
1:10:34
12. Because
1:10:36
like the cost of living out here is not
1:10:38
that expensive compared to the states. So like my
1:10:40
cost of living like right now is to be
1:10:42
like $1 ,300 in total per month and that's
1:10:44
including my rent. And so I just
1:10:46
times up by 12 and I made sure
1:10:48
I had like a good savings account that equated
1:10:50
to that before I moved out here. But
1:10:52
usually people say like you know save up at
1:10:54
least six months. If you save at least
1:10:56
six months, you're so far ahead of other digital
1:10:58
nomads because I've met people out here that
1:11:01
moved out here with nothing. And I'm
1:11:03
just like, no job, no savings, what are
1:11:05
you doing? I would
1:11:07
definitely do not move with your next
1:11:09
check. Definitely save up at least a few
1:11:11
months because you want to have that
1:11:13
whole thing going. And then also research the
1:11:15
visas. That's the next thing to do
1:11:17
once you get the savings set up. Research
1:11:19
to visa options like out here definitely
1:11:21
consider the digital nomad visa You don't even
1:11:23
have to be remote workers even qualify
1:11:25
for it. You could if you want to
1:11:27
sign up for cooking classes like out
1:11:29
here in Thailand They will sponsor that Muay
1:11:31
Thai lessons and everything. They'll provide, you
1:11:33
know, that's another way to get the TV
1:11:35
Thai boxing. Yeah, that's how which is
1:11:37
so cool soap. I know I should right here,
1:11:40
but yeah And so just
1:11:42
like look up the visa options and look
1:11:44
at what's right for you I wanted to
1:11:46
even Japan has a similar like digital nomad
1:11:48
visa I think it's a little bit different
1:11:50
because you can't extend that visa like or
1:11:52
the periods that you can stay like as
1:11:54
opposed to like in Thailand, but like there's
1:11:56
some differences, but yeah So like look up
1:11:58
the visa situation and everything like that and
1:12:00
then also look up the try to like
1:12:02
learn about like the culture and the customs
1:12:04
and like how like, you know, just like
1:12:06
how people like behave out here and everything
1:12:08
like that. So then you can be respectful
1:12:11
of other cultures and everything. Um,
1:12:13
yeah. And then you just
1:12:16
go from there, honestly. Um,
1:12:18
definitely like just look up like other like, like YouTubers
1:12:20
that have like done like the whole movement transition and
1:12:22
everything, but try to sift through the people who are
1:12:24
just trying to like sell you something or like that
1:12:26
try to like BS their way through. Like,
1:12:29
yeah. Yeah. You
1:12:32
seem like the type of person
1:12:34
who kind of makes up their
1:12:36
mind like I'm gonna do this
1:12:38
and then you figure out a
1:12:40
way to do it If you
1:12:42
had a goal in mind, let's
1:12:44
say you had a new goal
1:12:46
like let's say hypothetically your goal
1:12:48
is to What is a goal?
1:12:50
Do you have any goals right
1:12:52
now? I'm actually in the process
1:12:54
of trying to get my OACP.
1:12:56
So that's Yeah OACP. Yeah OACP
1:12:59
a pension security certified professional So
1:13:01
that is a hands -on exam
1:13:03
where you basically have to
1:13:06
break into six different machines, including
1:13:08
an Active Directory network and
1:13:10
then three standalone machines, which could
1:13:12
either be Linux or Windows
1:13:14
machines, and being able to
1:13:16
root those systems, which means being
1:13:18
able to escalate your period just
1:13:20
from a regular standard user to
1:13:22
being able to be administrative on
1:13:25
that machine. Basically, when you
1:13:27
become administrative user on a machine,
1:13:29
that means that you've pwned the machine,
1:13:31
that means you've got it, you
1:13:33
compromise it fully. But yeah, so what
1:13:35
I do for that is I, how
1:13:39
I got set like that goal is I
1:13:41
try to set aside time every day to
1:13:43
it, at least like an hour to a
1:13:45
day to that whole thing. And then I
1:13:47
also write my goals a lot in a
1:13:49
journal, which I don't even realize that I'm
1:13:51
doing. But I do write every day, and
1:13:53
I guess people call that manifesting, but I
1:13:55
don't. This
1:13:58
is what I do. I don't even think of it
1:14:00
like that. But I guess so. So
1:14:02
yeah, I keep myself in that
1:14:05
mindset. I also subscribe to kind
1:14:07
of surround myself with everything around
1:14:09
that. So I will subscribe to
1:14:11
different Reddit feeds, or I'll read
1:14:13
different blog posts or anything about
1:14:15
that just to keep me engaged
1:14:17
in it. So
1:14:19
yeah, that's how I do. I just, I immerse
1:14:21
myself in it. That's how I kind of like
1:14:23
get into a goal and I execute it. Just
1:14:25
like, and that's the same kind of approach I
1:14:27
guess I did with moving out here to Thailand.
1:14:29
I immersed myself in it and made sure I
1:14:32
did like all my research about it and then
1:14:34
I executed as I went. The
1:14:36
thing is like, there's such things
1:14:38
being too overly prepared at some point you're
1:14:40
gonna have to like try. and be afraid
1:14:42
and not be afraid to make a mistake
1:14:44
because it'll happen or not be afraid of
1:14:46
failing while trying to execute that goal because
1:14:48
I've definitely failed at times. Like,
1:14:50
for instance, I failed the OSP the first time,
1:14:52
so I'm on Brown too. So
1:14:55
that's just my whole process,
1:14:57
that's my whole learning process for
1:14:59
sure. Yeah, so to recap,
1:15:02
plan, immerse
1:15:05
yourself, listen to the podcast,
1:15:07
reading Reddit threads, just kind
1:15:09
of like trying to grab all
1:15:12
the different meta knowledge the tacit
1:15:14
knowledge it is like other people
1:15:16
are carrying around with them just
1:15:18
trying to absorb that and then
1:15:20
not over preparing but going forward
1:15:22
at some point if yeah and
1:15:24
if you fail just try again
1:15:26
yes absolutely yeah because I think
1:15:28
I do think a lot of
1:15:30
people get paralyzed in the preparation
1:15:33
phase yeah you are extremely modest
1:15:35
and humble like it but like
1:15:37
the things you've accomplished are dramatic
1:15:39
like I think it's
1:15:41
incredibly impressive. You're
1:15:44
quite young and just to make
1:15:46
such a dramatic series of career
1:15:48
pivots to go from like working
1:15:50
at Walmart and Boston Market to
1:15:52
working as a software engineer to
1:15:54
getting laid off and figuring out
1:15:57
how to like scrap for you
1:15:59
know freelance work essentially and then
1:16:01
Just deciding I want to further
1:16:03
augment my skills and I want
1:16:05
to move in the security direction
1:16:07
and now pursuing this big formal
1:16:09
certification Like you're very modest But
1:16:12
like how do you strike a
1:16:14
balance between being joking yourself deprecating
1:16:16
and getting people to take you
1:16:18
seriously? That is
1:16:20
Wow, that is that's a
1:16:22
really powerful question actually that's definitely
1:16:24
something I that I battle
1:16:27
with like internally because there's definitely
1:16:31
Exposing yourself to and by being
1:16:33
vulnerable especially like in public kind
1:16:35
of opens you up to criticism
1:16:37
and people questioning your intelligence and
1:16:39
your place in the industry and
1:16:41
so I'm kind of I was
1:16:43
back and forth for a long
1:16:45
time about like being so open
1:16:47
about it, but I realized that
1:16:49
It's It's really about how you
1:16:51
feel about yourself, that's like the
1:16:53
most important thing, and I hope
1:16:55
that doesn't sound too cliche. Because,
1:16:58
and it's taken a long time for
1:17:00
me to actually feel like as if
1:17:02
I am capable, because like I definitely,
1:17:04
like that self -deprecation was rooted in
1:17:06
me actually believing that I was not,
1:17:08
you know, smart enough or anything like
1:17:10
that or whatever, but like having to,
1:17:12
I had to really, really work on Removing
1:17:16
like the negative self -talk and everything and
1:17:18
having to remind myself that I am capable
1:17:20
and I try to just keep like my
1:17:22
head down and just try to like stay
1:17:24
focused I don't even try to like think
1:17:27
about all the successes or accomplishments like like
1:17:29
for instance I'm always thinking about like the
1:17:31
next thing and like what I want to
1:17:33
achieve and everything like that and that's the
1:17:35
kind of like keeps me going But it
1:17:37
does help that when you do gets like
1:17:39
motivate like other people just from like existing
1:17:41
and you know being yourself and stuff like
1:17:43
that Yeah, it's definitely
1:17:45
a fine balance. I just
1:17:47
have a sense of humor. That's
1:17:50
so cool. Just stay in focus. Don't think
1:17:52
about the accomplishments. Don't think about the criticism.
1:17:55
One the things that you said
1:17:57
there that really resonated with me
1:17:59
is a lot of times people
1:18:01
are self -deprecating it and they joke
1:18:03
about their shortcomings because the fact
1:18:05
is they are a little bit
1:18:07
insecure. It's
1:18:10
hard to not feel insecure. when you
1:18:12
are surrounded by people who've been coding
1:18:14
for a long time and have CS
1:18:16
degrees and all this stuff, and here
1:18:18
you are just trying to learn and
1:18:20
catch up with them. That
1:18:22
resonates with me, and I think
1:18:24
that's probably going to resonate with a
1:18:26
lot of people. Taylor?
1:18:29
You're such a big inspiration to me
1:18:31
and I know to the developer community
1:18:33
at large. I really appreciate you taking
1:18:35
this time out to talk with us.
1:18:37
It's like super late over there. I
1:18:40
don't want to keep you up too
1:18:42
late. I just want to thank
1:18:44
you again for everything you're doing. Thank
1:18:46
you. No, literally thank you for the platform
1:18:48
that you created. I literally
1:18:50
push your YouTube channel. It's
1:18:53
like such a it's a goldmine of a resource
1:18:55
I still use it this day because it all
1:18:57
just like all the different like topics that you
1:18:59
cover like on the channel all the different people
1:19:02
that you like bring on and everything to like
1:19:04
teach and just the fact that you've made it
1:19:06
free and accessible for like everyone like I think
1:19:08
you don't realize how much you've actually made an
1:19:10
impact on people like me because I don't think
1:19:12
I would actually even be in tech today because
1:19:14
I couldn't afford to like go back to school
1:19:16
or to go do a boot camp or anything
1:19:18
and just the fact that you've made quality resources
1:19:20
like it's It's meant to lots
1:19:23
of people like me that are so tall, so thank
1:19:25
you. That's why when you reached out to me, I
1:19:27
was like, oh my god. It was full circle, really. You
1:19:30
absolutely made my day. Thank you for
1:19:32
your kind words. And
1:19:34
again, seriously, everybody listening to this,
1:19:36
check out Taylor's YouTube channel. If
1:19:38
you want to live abroad in
1:19:40
Thailand, she's got lots of detailed
1:19:43
advice, super actionable, and
1:19:45
tons of luck. with
1:19:47
the second try at the
1:19:49
electric pee. Thank you.
1:19:51
Thank you. Yeah. Good luck balancing
1:19:53
like sleep and work and study for
1:19:55
that while you're living in this
1:19:57
new culture. But yeah, like
1:19:59
just going out there and things
1:20:02
done and inspiring us all. Thank
1:20:04
you. And everybody, until
1:20:07
next week, happy coding.
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2025 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us