Last updated on June 20, 2020
Page Glave was a tenured Associate Professor of Kinesiology with a focus in exercise science and was successful in her field. However she came to the realization that she can’t see herself doing this for the rest of her life. This is her story. She offers lots of great advice on resume tips when switching, homelabs, certifications, and how she was able to break into the field.
I am an analyst, project manager, ethical hacker, and tech consultant with more than 10 years’ experience with research and project management. I spent awhile in higher education – long enough to get tenure and decide it was time to do something else. I have eJPT (eLearnSecurity Junior Penetration Tester), Security+ and Splunk User certifications. I love learning and tech, so digging into all of this stuff just makes me happy.
- 5 Months in to her first security job!
- Being in a small environment, she gets to do everything from governance to pentesting.
- Previous to this she was a tenured associate professor in kinesiology with a focus on biomechanics and obesity.
- “Pretty big adventure on a daily basis because no day is the same.”
- “Really is an environment where security is everyone’s job.”
- “I think I’ll always be in-house tech support for as long as I live.” [7:08]
- “I kinda got bored… I didn’t want to keep doing something that wasn’t challenging.” [7:28]
- “Do I really want to do this for the next 30 years?” [7:58]
- “…going through the headers, that should have been a clue that maybe tech would have been a good fit for me.”
- “You’d be hard pressed to find anyone in Information Security who was just thrilled with their budgets.”
- “Being able to translate that self-directed learning to something on my resume.”
Pacific Hacker’s Conference: https://phack.org/
Brakeing Down Security Podcast: https://www.brakeingsecurity.com/
Sam Bowne’s Class: https://samsclass.info/
Marco Palacios: https://twitter.com/MPalacios_Cyber
Keirsten Brager: https://twitter.com/KeirstenBrager
Getting Into Infosec
- Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/
- T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/
- Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe
Page Glave 0:00
And when you sit in your office, you look around us like do I really want to do this for next 30 years? And you just kind of get that sense of No, no, I do not want to do this for the next 30 years.
Ayman Elsawah 0:26
Welcome to getting into infosec. I'm your host, Ayman Elsawah. My guest this week is Paige Gleave. Paige was a tenured adjunct professor of Kinesiology when she realized this was not what she wants to do forever
Page Glave 0:37
finding that I was really enjoying the statistical analysis and the programming aspects of that more than the money side of things. It's like okay, well, maybe I need to do a little bit more of that outside and formalize what I've always done in close it lets me just find a better choice
Ayman Elsawah 0:50
when trying to switch you got creative about her resume
Page Glave 0:53
where your resume is, you're seeing on the front pages, a job that seems very unrelated. I have trouble getting looks but if you can find out Way to highlight the work you're doing with information security. I think you can help into your odds a little bit though,
Ayman Elsawah 1:04
we also discuss things you can do to help employers see that you're committed or interested in the field
Page Glave 1:09
just have to do something that gives someone a reason to take a chance on
Ayman Elsawah 1:14
and tactics for getting in the door.
Page Glave 1:16
If you're talking to somebody in cybersecurity, and they can't really talk about their home lab that's a bit troubling, especially for someone trying to break in because if you don't have systems to work on at work, how are you getting this experience? I would like to say that that helps me break into the field.
Ayman Elsawah 1:31
This Week in getting into infosec News Twitter user, do you have no created the slowest way to learn cybersecurity called hoppers robbers named after Grace Hopper. I love that there's a whole section on the hacker mindset which is really essential in my opinion, the course is still being built out, but I would check it out. Lots of learning going on there. I also recently attended the Pacific hackers conference, great group of folks, check out their website p hack. org and look out for publications other slides soon. I would look for Marco Palacios talk on open source analogues of commercial security tools. It's great if you see a commercial tool on a job description and want to get similar experience using a free open source tool. I also had the pleasure of meeting Alan Orla kowski, the creator of Scotty VM, a df IR forensics VM that lets you collect, process and hunt data on a host machine. So I didn't know about Scotty VM, it's pretty cool because it lets you create an instance on your machine and you can collect data from your actual machine itself. So it's good to try it at home. You know, if you don't want to go out and collect all the different df IR tools, it's all in one place. There are other df fire tool VMs as well, but I would check out this and check out his open letter as well. I also stumbled upon Sam bones purple hacking costs online, which is really cool there. He provides a Splunk instance preloaded with data and then he provides some like trivia quiz questions that you have to answer. So you have to go through the logs and you know, find the answers to the questions. This is a really important skill in my opinion. So definitely check that out and can't be free. Check out the website getting into infosec comm for show notes, clickable timestamps, a preview of my book And more stay in touch on Twitter for more getting into infosec reflections. All right on to the show. Hi, Paige, welcome to the show.
Page Glave 3:05
Hi, thanks. I'm happy to be here.
Ayman Elsawah 3:07
Great. Yeah. Thanks for coming on. So from what I understand for listeners out there, you're relatively new to the information security field. Is that right?
Page Glave 3:15
I am. I've been officially in information security only since February. So I guess I'm up to five months now.
Ayman Elsawah 3:23
That's awesome. Well, congratulations. Welcome. Thank you. Yeah. So maybe you can give folks a little background on what you do today and how you got into the field.
Page Glave 3:32
So today, I'm involved with the information security for a large k 12 School District, which is a lot of fun, you get to see a lot of different sides of things. It's something I think we often don't think about schools as a critical target. Yeah. But when you look at the technology that most k 12 has have and the number of users it's truly a great environment, to work in. lots of advantages. And one of the things that I like best is I get to play with a lot of different things. We have a much more varied environment than I think he gets in a lot of corporate settings. And that makes it a lot of fun for me. So I get to do everything from governance and policy development to pen testing. And being able to play with all the toys, get your hands on all the things is probably the favorite part of this job for me, because it's really a pretty big adventure on a daily basis, because nowadays the same
Ayman Elsawah 4:22
nice and Well, I mean, seems like every day is different for you. Mm
Page Glave 4:25
hmm. I'm fortunate to be kind of in control of my schedule. So one day, I may focus on working on building our governments framework and other and they work on going through and doing bone scans on them over external facing IPS. And then you also have the tree hours aspect when something doesn't look right. So it's, it's nice to be able to touch on all the different pieces of the industry right now. And is it a big team that you work in? Does everybody have, you know, similar roles. The IT department is, I think fairly large for a school district, but in terms of size Security, we have a pretty small team. But I'm fortunate to have very security minded folks. In other areas, we have a really solid infrastructure and applications managers, so two people there who have really strong security mindsets. So it makes my life a lot easier when it really is an environment where security is everyone's job. Yeah, it may be my primary job. But I think we do a good job with keeping it at the forefront of everybody's mind.
Ayman Elsawah 5:26
Yeah, there's something to be said about being in an environment where other co workers have that security mindset. You're not just the only one out there. You know, it's a really good support system, wouldn't you say?
Page Glave 5:36
It is. And what I like is being able to bounce ideas off of other people. You know, sometimes having a focus team is great, but I think you can get a little insular and it's, it's nice to bounce your ideas off of other people. I would, of course, take a bigger team, but for the situation I'm in I think I'm really fortunate to work with some really great people.
Ayman Elsawah 5:54
Great, that's awesome. And so I met you before you're in information security. So you You know, walk us through how life was before you got this job. interviews are trying to study and things are going well, you know what made you want to go into this field?
Page Glave 6:09
What I do have kind of a humorous background? I guess so sure. I think when we first started talking, I was a tenured Associate Professor of Kinesiology with a specific focus on Exercise Science, my main areas for biomechanics and obesity, so not a lot of Venus overlap there. But for me, technology has always been a big part of my life. And with my specific focus, I did motion capture and things like that. So I was in a position where a lot of times I kind of functioned as a kind of ad hoc network administrator with making sure that our systems are functional and doing what they were supposed to do. And I taken basic in high school and learned learn Visual Basic in college, which I guess dates me a little bit but during that night, I always enjoyed it. And
Ayman Elsawah 6:57
were you the go to person when things went wrong?
Page Glave 6:59
Yeah. I was, you know, in house tech support. It's right. It's funny because like that, I think I will always be in house tech support for as long as I live. Like, I'm not getting my Gmail messages, right. The internet is the internet is down, I can fix your ISP problem. 500 miles away. Yeah, that's it life, I guess. Right. But it's always done that been responsible for that side of things. And then as funny as it sounds, I just kind of got bored, huh? Yeah, I love teaching. I love doing research, but I didn't want to keep doing something that wasn't challenging
Ayman Elsawah 7:36
where you're at the top of your game at that time.
Page Glave 7:38
You know, it's hard to find top of your game. I was doing well. I was on track to go up for full professor in a few years. Okay, you know, in academia is kind of, I guess, top of your game, right. But I was at a regional as at St. Houston state, and I really, I really did enjoy it and a lot of things about it. Mm hmm. But when you sit in your office, you look around us like do I really want to do this for the next 30 years. And you just kind of get that sense of Oh, no, no, I do not want to do this for the next 30 years, okay, doing statistics, because that's a big secondary area for me and finding that I was really enjoying the statistical analysis and the programming aspects of that more than the money side of things. It's like, Okay, well, maybe I need to do a little bit more of that outside and formalize what I've always done implicit listening, justifying better choice, right? Because it's, it's hard to justify a high powered laptop when you're just writing documents. But kind of got to that point, I'm like, Oh, I, I need something, I need something else. And looking at academia, your trajectory is basically become full professor. And then if you want to advance towards go into administration, and looking at what Dean's and heads and all that it's not something that held a lot of appeal. I'm not saying that I would never consider going into management because I do enjoy project management and that sort of thing. But it was in the academic setting, you completely get away from kind of why you go into it in the first place. And you're sitting there going, Well, I could do data science, I like that. But I also really like the security side of things. I like breaking things. I like fixing things. So that was a good fit and stuff that I'd always done a little bit of on the site. Remember having Outlook Express back on it was kind of the thing, or one of the things you could do email with, when like the I love the virus came through and those things back in the early 2000s. Yeah, getting into Outlook Express back when you could right click on an email and pull up the entire email in its text format, and going through the headers and things like that. Yeah, that should have been a clue that maybe tech would have been a good fit for me. I basically just started studying as much as I could and jumping into things and was fortunate enough to get a ticket to a friend of a friend he set con in 2018. And kind of decided at that conference. Okay, this is a great tip for me, this is the direction I'm gonna go into nice and just kind of studied my full head off for the next eight months or so and have continued that. But you know, what kind of things you do when you're, you know, quote, unquote, studying one of the things you do. So I spent a lot of time on cyber Berry. And I've done a lot of loan hubs and pen test labs, and all of these really cool online resources that you can go through now and learn things legally. So those were big ones, you know, hack the boxes, has come up several times, done some book clubs that have really been helpful and going through the hacker playbook three chapter by chapter and writing that up. That was really educational, because one of the aspects of that you go and build out an Active Directory domain. And if you can do that on a small scale, it really helps prepare you to do it on a larger scale.
Ayman Elsawah 10:52
It's a book club. So how did you find these book clubs or like these like meetups and stuff, or
Page Glave 10:56
Well, this one was actually through another podcast. Okay. Breaking down security. And they had a slack and I just kind of jumped in there and found a book club and nice. Yeah, it's a good resource. I think we're fortunate at this point in time in information security that we do have a lot of really great resources for people to learn from.
Ayman Elsawah 11:16
Yeah, they're good folks. I met I think it was Brian Blake. at DEF CON last year. Really cool guy.
Page Glave 11:21
Yeah, they're good people. They are. And there's a lot of good people on the slack that will help us resume reviews and things like that. And then awesome, do a ton of podcasts. Really, I will say I wish your book had come out like six months earlier.
Ayman Elsawah 11:34
He was about to step in here for a second, just let you know that I did not solicit this from Paige at all. She came up with this on her own. So there was no solicitation or anything about the book at all before recording. I mean, I do appreciate her comments. But yeah,
Page Glave 11:49
really, I will say I wish your book had come out like six months earlier. Because I think for people looking to get into it. It's such a concise overview. You have those insider things, that it's a really great resource to I've kind of been like, Okay, if you really want to know about getting into information security, listen to these podcasts read this book. It's crazy, because there's so much information out there and it's changing almost daily.
Ayman Elsawah 12:15
Yeah, I appreciate that. You know, I'm not trying to plug here, but I did write it, you know, for someone who's trying to start from zero. I really like all the stuff that's out there. I wish that was available for me when I was trying to get in. Yeah, but I think now it's kind of overwhelming. All that's out there. And so I wrote it in such a way that it's kind of a methodical, step by step right. Yeah. But anyway, I don't talk about my book.
Page Glave 12:39
The big thing, and then we could stop filming. But probably the thing in there that would be most, I'd say most valuable, was incredibly valuable is talking about the different roles and different aspects of information security, and I think it's easy to see information security, I just think it's fantastic.
Ayman Elsawah 12:56
Oh my god, it's such a pet peeve of mine.
Page Glave 12:58
Exactly. Yeah, it's like calling cyber criminals, hackers, as you know, I'm gonna do infosec. Right, right. Good luck with that.
Ayman Elsawah 13:07
Yeah, it's almost as bad as the black or gray hoodie. Yeah,
Page Glave 13:09
exactly. Yeah. But it's a hard thing to kind of learn the ins and outs of an industry without being in it. I think you've just got to kind of put yourself out there meetups are great. Mm hmm. Being in the Houston area. There's some really good ones. And I was fortunate, fairly early to go to one and kearson Fraser was talking about it. Mm hmm. But a couple other women there that we've kind of been supporting each other as we either continue in information security or get into this in person networking things I think are invaluable. Yeah. Those getting in and then after you are
Ayman Elsawah 13:40
absolutely, I mean, you said to yourself, when you I think you were thinking about the field, but until you went to that one conference in 2018, right is when you're like, Okay, I can do this, or I want to do this. Yeah.
Page Glave 13:51
Yeah, that was, it was I'm pretty sure I want to do this, right. I have no idea how long it's gonna take me to learn what I need to know. You know, you know, to take The foundation that I have learned how to actually do the job and then going to Houston. Okay, yeah, I know I have some gaps. Mm hmm. But I feel like I can fill them in relatively quickly, instead of going and going, Oh, there's no way I could do.
Ayman Elsawah 14:13
Yeah. And even for folks who have been in the field for any number of years, I think conferences are a good way to re energize because you kind of get drained because security sometimes, mostly a lot of times an uphill battle, depending on the environment and go into a conference just kind of helps re energize you and kind of reinvigorate you in wrapping in. I don't know.
Page Glave 14:34
Oh, yeah, definitely. And it's, I made the comment. I think last week, it's like, you know, being an information security on blue team, he almost have to wake up every morning thinking, Okay, is this the day that everything's going to hit the fan? Yeah, I didn't mean it in a pessimistic way as it sounded. Because that challenge is part of what I like that job, right. But it does wear you down. You do this for I can imagine 510 20 Yours, there comes a point where waking up and going in today could be the day where everything falls apart is no longer challenging. It's completely disheartening and conferences and meetups are a great way to help stave that off.
Ayman Elsawah 15:12
Yeah. So you've been in the field, quote, unquote, for five months? Yeah. Are you still feeling the honeymoon period? Or is it wearing down on you?
Page Glave 15:22
I think it's still pretty much the honeymoon period. Okay. And who knows how long that may last? But it's one of those where you get to come in and you're learning so much. Yeah. I don't really have time to sit around and be like, Wait, is this what I thought it was going to be? Or is this what I want it to be? And being in a little different position? I think then a lot of people who transition over mid career, I still have a lot of autonomy, and I'm able to have more control and say in what I do, then maybe your typical sock analyst I think that's been a big advantage for me from coming from a place where I didn't really have anybody. Yeah, they was kind of telling me what to do on a day to day basis.
Ayman Elsawah 15:59
Yeah. How was it getting into the field interviews? Can you walk us through some good or bad interviews that you had in your experience? And
Page Glave 16:06
I had a couple phone interviews, and then the job that I got was my first in person. Okay, interview, I think the interview process is about what you're going to expect in any field. Some of those worst moments are when they ask you a question about tech that you just don't know. Mm hmm. Have you worked with this piece of technology? And, you know, I've worked with this that I think is kind of sort of similar, even though I don't think it really is. And that uncertainty I think, is always a little traumatic, but at the same time, it's impossible to know, all the tools in the state, just there's no way, you know, and the big thing for me with interviewing, doing some audits and mock interviews, and resume review, and that helped a lot that just being able to go and talk to people about infosec I thought it was fun, like okay, I'm going to go on an entity but I'm talking about the stuff that I really enjoy. So it doesn't necessarily matter if I get the job. But not because I get to go and geek out for a little bit. And that's certainly a position of privilege because I was in a job that I may not have enjoyed as much as I wanted, but it wasn't horrible. It was a good job, right? So I didn't have to have that kind of fear of not getting a job. I knew I could hang out in my current one and do the job well, but also knew that it was coming to an end. Mm hmm. trying to think of anything else stands out, you know, it's being prepared doing your homework on the companies, knowing what you're getting yourself into. I still kind of chuckle at job descriptions. If you look at it, and you're like, obviously HR wrote this because these certifications do totally different things. I'd like seeing that you could have set plus or a CISSP. But that also tells me you don't really know what you want.
Ayman Elsawah 17:46
Yeah, like having three to five years experience for a junior position. Really? Yeah, we will take
Page Glave 17:51
sec plus or ch so those can understand there's both kind of entry ish level certs that very different focus Maybe you want to think about this a little bit. But I think the field is just so young in some ways that we don't really know what we want in job descriptions. A lot of times, that's a tough thing to write. Absolutely.
Ayman Elsawah 18:09
Yeah. any bad interviews,
Page Glave 18:11
none of that I left just going, Wow, that was horrible. And I may be fortunate that I don't mind public speaking. And I'm usually Okay, talking to people in those interview settings. Else, one of my phone interviews just going, I don't even know why you were talking to me, because you're looking for somebody with five years of experience on a specific tool. And I don't have that. And I can't think of anywhere where I may have given you that impression, but it's a good learning experience.
Ayman Elsawah 18:36
Yeah, I think with every interview, there's always something to add. I sometimes tell hooks, interview jobs that you don't plan on getting, or you don't want to get just to get the experience. Yeah. After a couple of months to save the interviews for the ones you want to get because then you're really built up.
Page Glave 18:52
I can't get the awkwardness out of the way right early. Exactly.
Ayman Elsawah 18:57
Yeah. Awesome. And now a message from our Sponsor having trouble with your opsec is your paranoia on the naive side, we have a solution for you. Cyber vitamins. Simply take two a day and you start feeling effects after 24 hours. No longer will you be sending that unencrypted email, cyber vitamins with the ability just enough so you don't send that unencrypted email and you'll spend the time to actually encrypt your email. But wait, there's more. The same goes with logins. No longer will you log into email or bank account with just a password. Now you'll cow in the corner until you have two factor authentication enabled are special and proprietary formula adds the right dose of healthy paranoia to your bloodstream. Worried about nation state actors, charge rates enemy of the state formula side effects include agoraphobia, extremely friendly is a bro attitude or locking yourself in your basement. any worse stories that you can talk about publicly?
Page Glave 19:45
publicly talk about? I think I can talk about this one. It's amazing to me how good fishes are getting because it's always kind of, I guess fun for people in the industry to be like oh, you know We're not going to get to this shirt. I can't believe people fell for that. We had one come in, and we were collateral damage. I don't think we were the specific target, but credit harvesting thing and looking at it, it was exactly the way that Gmail abbreviates messages. So you know, when you view a message on your phone in Gmail, or a long thread in Gmail, web access, and it'll truncate them, and basically just a message clips, oh, yeah, it was indistinguishable to the human eye. Oh, wow. That it was different. And it was sad because I'm sitting there going. This was really well done.
Seriously, this was a great phishing campaign.
And it's like, I wish you would not be so excited about this. I'm like, No, I mean, we shut it down. But this was a well done one. And then the same week, I got one on my personal email looks exactly the same. I'm like, You gotta be kidding me, huh? I'm like, Okay, I have to click on this. Because I have to see if it's actually that. No, it was the real one. But it looked exactly the same. The only difference was the legit ones, instead of just expanding to show you the message, the fish took you to a sign in page. Okay. And that was a pretty ingenious campaign. And I completely understand how people fall for it. Because when you're checking email on your phone, it's not unusual to click on a link or something like that and get redirected to the login page. Right.
Ayman Elsawah 21:26
Yeah. And, you know, what are some unique challenges that you, you know, facing the kid as well, I know, I had Jared on before and he runs opsec. edu, like a nonprofit for security and education industry. So you know, what are some unique challenges that you're facing? They're probably the
Page Glave 21:43
biggest one is, you know, we have all of the students who are old enough to really be online are a huge insight. It's a little bit different type of insider threat and you get in the corporate world, but yeah, it's just like, think about it for some of us. What would we have done sitting With a laptop in front of us for eight hours a day, right? And high speed internet access. I mean, I can just imagine. And it's like who these kids like. It's hard to resist that. So the number of insider threats is challenge. One of the other things that's kind of unique is in the typical corporate world, GC, maybe two or three login flow today where you've got just everybody getting on their system, and maybe the start of the work day, and then again, at lunch, in the K 12. face, you're likely to see that and higher education as well. You see that almost hourly. Because as people transfer classes or shift classes, they're shutting down and reconnecting thinking you have to kind of norm your environment differently to deal with that. When you're dealing with a large industry sized environment on a sled budget. That's of course a challenge as well. But I think you'd be hard pressed to find anyone in information security who's just thrilled with their budget. So yeah, that's me. Probably not unique, right?
Ayman Elsawah 23:01
Yeah. And have you ever had to work with law enforcement? In the time? You've been there?
Page Glave 23:06
Not yet. Mm hmm. I know that it can happen. And we do have an internal police department are really, you know, a big ISD is basically a city. And we have 40 plus different sites and a lot of challenges associated with that sort of thing. No police involvement yet, thankfully. Okay, that's good.
Ayman Elsawah 23:25
Cool. So what are the top three things that helped you in particular, in learning where you are right now,
Page Glave 23:30
probably the biggest one is just being a very self directed learner. Because being able to go out and research and that research background certainly paid off, because I was able to dig in and find resources and find free trials and things or free tools that I could learn as much as possible. So that just being a self motivated learner, and I think that holds for the industry in general. The second thing would be using the free resources the online market Because between contests or exercises in labs, and cyber Berry, and Professor Messer, and all these other things, you have a ton of tools at your disposal. So you have to have that motivation, then you get the resources. And then the last thing that I think helped me was being able to translate that self directed learning into something on my resume. And that's, that seems to be something that as, as I'm involved in hiring, hiring now that I'm seeing some disconnect is if you've built up a home environment where you've set up Active Directory, and you have run different pentesting scenarios, that needs to be on your resume as you're trying to transition in to demonstrate that you have those hands on skills.
Ayman Elsawah 24:44
Yeah, where does someone put that in the resume though, that's kind of a tough place to put.
Page Glave 24:47
So for me, when I was interviewing, I basically turned my resume on and said, okay, instead of leading with employment, which is, I think your norm my resume started with with kind of a skills section, and then for my current job at the time, I picked out items that were relevant to information security. So with research studies, data security comes into place and risk management. So I highlighted things like that. Oh, interesting. Then I also had an activity section where I talked about, I've worked through this book, this is my home environment. This is the setup that I have. These are some of the tools I've worked with. I wasn't coming into it as, Oh, I want to do information security, and I want you to hire him and so I can learn how to do it. It's I'm learning I'm doing. I'm just not getting paid for it. Mm hmm. Okay. And that's one of the things that I heard on, and I don't even know where at this point podcasts or whatever, it's, if you're talking to somebody in cybersecurity, and they can't really talk about their home lab. Hmm. That's a bit troubling, right, especially for someone trying to break in because if you don't have systems to work on it, work How are you getting this experience? I would like to say that that helps me break into this field.
Ayman Elsawah 26:06
Yeah. I think employers want to see that you've taken some initiative. Mm hmm. To start some of this on your own.
Page Glave 26:15
Yeah, definitely. And I think not being afraid to reorder your resume is important. Yeah. Because when you're just looking at resumes, and you're having to do it so quickly, if all you're seeing on the front page is a job that seems very unrelated. Yeah, you're gonna have trouble getting looks. But if you can find a way to highlight the work you're doing with information security, I think you can help increase your odds a little bit, though, realistically, probably the best thing you can do is network and talk to people and start to develop that support system that making sure your resume is on point got help.
Ayman Elsawah 26:51
Yeah, I think that's a really great piece of advice. Just reordering your resume so that it highlights random beginning what is relevant to the job because if you're trying To be a career switcher, you know, being a specialist in exercise science might not be directly.
Page Glave 27:06
I would hope that people look at that and go, this has nothing to do with this job. What are you thinking? Because that's kind of my thought about it. So I had to really be mindful of that and show. Well, how does what I've done connect with this? Yeah. And how have the things that I've done in the past prepared me to work in this field? You know, when I bring the things every day that benefitted me going through and getting a PhD, you learn certain skills, and there's research and thinking and all of that. Mm hmm. I bring that to work every day. It may not look exactly the same. But being able to relate that to information security, I think helps me quite a bit.
Ayman Elsawah 27:49
Yeah. And it's kind of like a tournament, right? They the resume, you're trying to just get that first phone interview. And then after the phone interview, you want to get to the next stage and In person interviews, so these are all part of the steps, right? You know, the
Page Glave 28:03
just have to do something that gives someone a reason to take a chance on. Yeah. And when you turn in a resume that may look very much like what you've turned in in the past. It doesn't give anybody who's looking to interview a reason to say, this person may have potential. You know, that's one of the things that you see, as people debate the whole, is there a talent shortage in cybersecurity saying, Hmm, well, is it or is it other issues? Is it just people? There's a job shortage is a skill shortage, but a lot of people talk about wanting to hire on potential and enthusiasm and talent, but you have to give the people who are looking for that a reason or justification to at least interview? Yeah. And if nothing there looks promising. If you can't show potential, then you're never gonna get a chance to get your foot in the door.
Ayman Elsawah 28:51
Yeah. So let's talk about two things. One, your blog, you have a lot of walkthroughs on your blog. Would you say that helped you in Getting into the mindset, right? Like running up the walkthroughs of activities you did?
Page Glave 29:04
Oh, definitely, it's one thing to read a book or to go through some tutorials and oh, yeah, I get this. But then when you're writing it up and putting it out for public consumption, even though realistically, like, it's unlikely anyone's going to read this, but someone might. So you need to make sure that it's solid, and put it in a way that people could understand. One of the targets that I have is other people trying to break in information security, I want it to give them enough information to get where they need to go. But not so much that they don't have to do some research on the room. And being able to communicate that I think also really helped me prepare for interviews, because I'd already written down what I was doing. And once you've written it down and talking about it becomes much easier.
Ayman Elsawah 29:49
Yeah. Just like anything. If you want to really learn something, teach someone else, that item and you'll learn so much faster and thoroughly. So that's good. I recommend everyone, check out your blog. on a page in sec.wordpress.com, I'll have the link in the show notes. One last thing, you know, it's always controversial, but I do see it listed in here about me. But certifications, what's your hot take on certification?
Page Glave 30:12
Oh, sir, that that's real controversial certifications versus degrees. Not that's Yeah, I've got a blog post bouncing around my head on that. So get some pretty strong opinions. I think it really depends on who you are and where you're at in your career. Because for me, I wasn't going to invest in doing a degree. While I was working in another industry. It wasn't to me the right thing, but a certification was a good way to demonstrate that if you're in the field, you're working your way up, and you're not having trouble getting into the roles that you want. certifications probably aren't that important. And degrees may or may not be depending on the situation. But if you're trying to break in or you're trying to pivot in your career, as much as we like to align certifications, it's a good See ya thing for the people who are hired. Mm hmm. And unfortunately, I don't think we'll ever completely get away from that gatekeeping. You know, if you're just a prodigy who can do whatever they want behind the keyboard, probably don't need them, you may be able to get away without him for a good deal of time. But if you need something to demonstrate ability, or give some people some confidence or reasons to call you in there a good tool for that,
Ayman Elsawah 31:22
there you go. It's a tool.
Page Glave 31:23
It's a tool, just like anything else, and you should use them strategically. I see people sometimes with certifications and 20 different things, and part of me is like, Ooh, that would be fun. But you also have to think about where you go. is a particular certification, the best for getting you where you want to go.
Ayman Elsawah 31:42
Mm hmm. Really well thought. I really appreciate that.
Page Glave 31:45
Thanks. That's a soapbox topic right there.
Ayman Elsawah 31:47
Yeah, it is. any parting words and advice for folks out there?
Page Glave 31:51
I think the biggest thing is just keep learning and know when you need to step away. It's easy in infosec first To the 24, seven job, and you have to keep learning are you going to fall behind, but it's okay to take a day or a week or a month and just step back and enjoy life and get back into your normal learning routine should make it something sustainable because burnout is real. Yep.
Ayman Elsawah 32:17
Did you experience any burnout when you're learning
Page Glave 32:19
and not really with learning as had burnout in the past, I kind of know what to look for with it. And when I get to the point where I start to recognize, okay, I'm getting a little burnout. I'm pretty good about just putting it aside. And it's hard because you want to learn everything and you want to get better and you want to do things, but there are periods of time and period yourself, your life Where's, you know, I'm going into my learning into my job and outside of work hours, I need to be focused on other things. And it's just getting to know yourself well enough to know whether that's an excuse or a need. Interesting. What's that? Thank you.
Ayman Elsawah 32:56
Well, Paige, thanks for the words of wisdom. It was really fun talking with you.
Page Glave 33:00
Thanks. I've enjoyed it. And
Ayman Elsawah 33:01
yeah, I look forward to meeting in person,
Page Glave 33:03
right? Yeah. Awesome. Sounds good.
Ayman Elsawah 33:04
All right, thanks. As always, if you like the show, please thank my guests for their time and let others know about the show. Intro Music is Cascadia by trash at trashy comm check out the website getting into infosec calm for show notes, clickable timestamps, a preview my book and more and stay in touch on Twitter for more getting into infosec reflections every week that my guests pick their outro music this week. It's front porch blues by Chris Hagen See you next time.