Sean Tibor: Hello and welcome to Teaching Python. This is episode 87, and it's all about career paths in cybersecurity today. My name is Sean Tibor. I'm a coder who teaches. Kelly Schuster-Paredes: And my name is Kelly. She's Mr. Peritz. And I'm a teacher who codes. Sean Tibor: And I think we're joined by the largest group of guests we've had so far. Usually we try to gang up on one person, but we've got three people joining us today to talk about cybersecurity, and I'm really excited to welcome our guests this week. Kelly, these are actually some friends of yours. Kelly Schuster-Paredes: Well, one friend of them. One friend equals three friends. It's nice. I just have friends all over the world, so. Yes, Mike and I worked together a while ago in a school in London. Michele Darayanani: Okay. Sean Tibor: So you get to introduce him. Go ahead. Kelly Schuster-Paredes: Oh, my gosh. Well, it was a long time ago, so, yeah, it's been quite a while. Michele Darayanani: But I was admission files, Kelly, administering the entire state back eleven years ago. As you reminded me, it makes me feel much older than I feel. But I think if you want me to introduce myself, my name is Mikayla Dariana. If you're the pain of pronouncing my name, I go by Mix because makes life very easy. I work in cybersecurity, information security, lots of different names, but I specialize in the pharmaceutical and life Sciences industry. I think I'll hand over to my colleagues to introduce yourself. Nevena. Nevena Lazarevic: Thank you, Mikaela. Hello, everyone. My name is Nevena Lazarevic. I also work in cybersecurity and having software engineering backgrounds, knowing how to program. I focus more on the technical parts of cybersecurity, such as penetration testing and various maturity and security assessments. Sean Tibor: Very cool. Joe Farajallah: Yes. Thank you. My name is Joe Faragella. I'm also part of the team with Michele and Nevena. And I also have a background in computer engineering. And I also work in cybersecurity and the technical part, so that would mean anything related to penetration testing, red teaming. So it should basically be the ethical hacker who's trying to get into systems or try to hack into the other systems. Kelly Schuster-Paredes: Excellent. I love that. And I love how we've passed the buck on having to pronounce all your names. Thank you. Sean Tibor: Well, one of the things that I love about is we are connecting from all over the world today to have this conversation. And I think it really does go to show not just that this is a global issue that we are tackling each in our own ways, whether it's through education or testing or controls and security implementation. It's something that we all have a part to play, and we are doing it from all over the world. And that, to me, is kind of a beautiful thing. So the episode we have planned out today is really around careers that use Python and use other programming languages to talk about how they are incredibly relevant in today's day and age to have these skills, and also how the more durable skills of persistence, resilience, problem solving, and learning can really affect how fast your career can grow and maybe some unexpected directions that it can take you. So I'm excited to have our guests here with us today should be a really interesting conversation as I'm also trying to learn as much as I can about this topic as fast as possible. But before we get into that, I'd like to start where we always do, which is the win of the week. And so this is something good that's happened inside or outside of the classroom, something wonderful that has either happened to you or you've made happen. So maybe we can start with I'm just going around the room. I wish I had one of those number spinners name spinners. Joe, would you like to go first? Joe Farajallah: Yeah, sure. For me of the week, maybe it could be the great weather. We had been in Zurich this weekend, which is rare in this period. So we had the sun and it was quite well, it's quite good. Yeah. Kelly Schuster-Paredes: An ethical hacker needs to be happy, I think, right? Joe Farajallah: Yeah, exactly. It also needs to get out in the Kelly as well. Sean Tibor: Very good. Nick and Nevena, over to you. Nevena Lazarevic: I would say decided we'll start with my diet and exercising again. I have not started yet, but I just decided from next Monday I will stop. Kelly Schuster-Paredes: One day. One day next week. Excellent. Michele Darayanani: Mine is a little bit more work related. So we've made two offers this week from new candidates who have applied for jobs. Given that we're trying to grow being a very ambitious target. I think this has been a really big win for us in getting potentially two new people to the team. So that's my big win. Kelly Schuster-Paredes: That's an awesome thing. And you can always shout out on our Twitter feed because we have a lot of developers and people out there always looking for awesome cool jobs if you ever need that. Michele Darayanani: We're always looking for cool people to join the team. We actually have what, six openings? Eight openings. I've lost track of them. Anyway, we have open. Sean Tibor: So we're always hiring. Kelly Schuster-Paredes: Cool. You can add that link to the show. Sean, are you going to go with your win? Sean Tibor: Sure. Actually, my win this week was pretty cool. I'm on a new team, so it's a cloud engineering team and everyone on the team is new and we're all coming from different backgrounds and different experiences. And I got a really nice shout out in a team meeting yesterday for teaching one of my colleagues about how to use vs. Code and a lot of the built in get and GitHub features for collaborating with code. So just basic things like opening pull requests and making branches and everything. But it really seemed to help her out a lot. And she gave me a really cool shout out in one of our team meetings. So it was one of those nice things where it doesn't feel like you did that much, but it meant something to someone else. Kelly Schuster-Paredes: Very cool. Well, funny thing is, my win of the week just changed because I just got a delivery of a second vestiboard for some reason. Very if you guys don't know what a vestiboard is, have you ever seen you do you have one in your office? Michele Darayanani: No, not a clue what it is. Kelly Schuster-Paredes: Do you know those old train stations where the numbers would flip and the old clocks where they flip each individual? Well, we have one. And I don't know if we got accidentally bought two, but we have two that and they are, I don't know, about 50 inches. I don't know how big they are. And you can control it with the app and you can send out positive messages. So the whole idea of social emotional learning within the classroom, we use a lot in order to change that mindset of I can't code or I can't do this or it's too hard or whatever. So we like to send out positive vibes and messages. One of our biggest one is you can't code yet or change or I can't to I don't know yet or how can I get it? Or I need help understanding. So it's one of those things that we added into the classroom. But my real win is we had circuit soldering again this week. Very fun. And we used a board that a junior at Pinecress designed and set up. And it was so cute. Little banana. And the kids were able to do it really quick, add in an RGB Led, and it just went off. It was really awesome. Nice Zen moment of soldering. Michele Darayanani: That's quite cool. Have you tried hacking into your vestibule? Kelly Schuster-Paredes: Not yet, but I'm going to figure out how I can change hasn't been signed up yet, but it is an app, so I'm sure it's easy to find out. Sean Tibor: Yeah, I know exactly which student would be the right candidate for it. So I think we can put it in maybe like a DMZ somewhere and let them go nuts on it. Kelly Schuster-Paredes: Excellent. I'm so excited about talking about this topic, Sean, so I really want to get into it because we get into conversations and we run out of time. And then I'm like, but a couple of weeks ago, I was thinking about this whole Shift Happens. Back in the times that we were working together. There was this film that came out that called Shift Happens by Carl Fisher, and he had this propaganda video was like, Where's the kids going to be ten years from now, the jobs don't exist that we know for the future. And it kind of got every teacher talking about how do we prepare kids for a future that's unknown? Well, there's been a lot of debunking with the figures that Carl produced in the video, but the thought still remains that most of the teachers back in 2007 didn't really understand what cybersecurity was or fintech or data science. It wasn't something that was always talked about in the computer science classroom. So I started thinking, how cool would it be for you guys to come on and tell us what you do? Sean Tibor: Why don't we start there with just kind of a basic explanation of what is cybersecurity? And I know that a lot of the basic pieces that go into cybersecurity, some of them have been around for a very long time. Michele Darayanani: I think you've hit the nail on the head there, Sean. It's really changed over the years. While in well, I'd say up to until ten years ago, cybersecurity was seen as a way to protect your data or potentially protect your organization. Over the last ten years, it's been transformed into a way to enable the business. So how do you really go from being the blocker, the protector, shall we say, of the data to being those people that help the business leverage that data in a safe and secure way? At the end of the day, most businesses will take some form of risk. That's the business model. You take the risk, and based on that risk, you hope for a return. Cybersecurity is just another enabler. Just another risk can be seen from one aspect. And the idea is how do you enable the business to make those decisions? Now, there's obviously a technical aspect to it, and that's why I've asked my colleagues to join me, because they are much more technical than I am. But if you were to break it down, you could break it down into what we call blue team and red team. So the blue team are the people who are actually helping defend, and the Reds team are the people who are helping defend by trying to break in. So generally, when we do this type of penetration test and this is only one of the things that you can do in cybersecurity, that's one of the cooler ones I want to focus on that you'll have a team being the Redskin pretending to be the bad guys pretending to break into your company. And by pretending, I mean they're actually going to try to break into your company, and then you'll have the blue team actually defending. So in a very similar way to a paintball game where you have two sides, you have two sites within the cyber world, and you try to break into the company and defend it. Once that's done and to the credit of most of our pen testers, once that's done and you have successfully broken in, you work with a company to see how you can actually protect the company and maybe most importantly, how much money you want to spend to protect the company. Because at the end of the day, ultimate security does not exist. If you want a secure system, turn it off, bury it seven years underground. Don't connect to it perfectly secure, no Usability, and it does absolutely nothing. Sean Tibor: But it's secure until someone gets tobacco anyways. Michele Darayanani: Indeed, you need to balance that. It's a risk decision. You need to balance that decision. And sometimes when we're talking to organizations looking at making that risk decision, the question of why would anybody attack us? Comes up, and then it becomes a whole different conversation around what are your threat actors? What are your risks? So there's a whole broad spectrum, but at the end of the day, cyber, cybersecurity, information security, call it whatever you want, is really about enabling the business by protecting that business. Kelly Schuster-Paredes: Before you go on, just out of curiosity and for our listeners, why would someone want to attack? And I know it depends on the business. I understand that. Would they be getting out of there? Just name data. Michele Darayanani: The most basic two reasons that people will attack a business, a government, an individual or anything else is either financial or reputational. So you might attack a business so that you can put your name out there and go, hey, look, my name is so and so, and I've managed to break in. I'm a great hacker or financial I'm not sure if Joe has any others to add to that. Joe Farajallah: Maybe I would also add the activist groups or try to send a message or target a certain country or certain political side to try to reach a point or to prove their point. There's also the governments who tried to attack other governments also for political reasons. This could be another reason for governments to attack companies of another country as well. Michele Darayanani: Yes. Sean Tibor: And I think one of the things we're seeing right now and it's very timely is that we're probably engaged in some of the most overt cyber warfare right now with the conflict in Russia and the Ukraine from in both directions. It's getting very hot behind the scenes. And you've seen a lot of successful and so far unsuccessful attempts to deny services, to shut down systems, to leverage and gather information and intelligence. So there's quite a bit going on right now. And even though right now it may be very, I would say, very prevalent in making the news, it's kind of a constant state of cyber warfare that's going on all the time. Would you agree with that, Joe? Joe Farajallah: Yeah, definitely. Of course. Sean Tibor: So one of the things I wanted to ask about is like, how do you get started in this? So for people who may not have a background in cybersecurity, this is not necessarily something that even existed ten years ago. Right, Joe and Navina, you mentioned software engineering or systems engineering backgrounds. Was that the starting point for you, or was there something else that led you into this career path? Nevena Lazarevic: Yes. So when I was thinking about the University and what I should study, I decided to go with software engineering at that point, I did not know what it means, what it is, but I just heard that you should be thinking logically and trying to solve some problems in different ways, trying to find a solution for every problem in a different way. So that's why I decided to try it and see what it is. And actually the first programming language was Python. I have to say that at that point I was not good at all. I did not understand anything. What the for loop is, what if statement is expression? Nothing. But I just want to say that people should not be discouraged. Everything takes practice and it takes time. And maybe for someone it will take a little longer for someone less. But if you are persistent and if you really have, let's say, if you are willing to achieve something and learn something new, then there's no obstacle on the way. Also, being around great people who are willing to help you and share some great tips with you is a great way to achieve something. So when I started studying and going into the learning programming languages, it was difficult. But at some point I also started learning about Cybersecurity at the courses at University. And I always wondered why we do not start thinking about cybersecurity at an earlier stage when doing programming, because this is really an important aspect of any programming code. But I had a feeling that programmers or software engineers do not take that into consideration. So I had few courses related to Cybersecurity. One was defending online payment systems, the other was more around cryptographic algorithm. And I really liked it. And both my Bachelor pieces and masterpieces were related to Cybersecurity, in particular, the implementation or programming of cybersecurity systems such as an asset management system or CM solution, which is basically a solution for monitoring, logging events, detecting some potential incidents. So that's my way into it. And after I finished the studies, I was deciding whether I should proceed with software engineering career or whether I should start with a Cybersecurity role. I have said I applied to several software engineering roles and only one Cybersecurity role. And I just told myself if it's meant to be Cybersecurity and if I get offered the job for the Cybersecurity position, I would take it. And it's meant to be. And it was that way and it's great. Kelly Schuster-Paredes: I love that. And I love two important things that you said, one about learning Python at a later age. So there's still hope for me. I've only been doing Python now for four years, so I can one day maybe work for you. Mick, I'll be knocking on the door in Switzerland now. But the one thing that I love about this is why we do not start thinking about Cybersecurity. And that's one of kind of the aspects that Sean and I always discuss is we are not teaching students necessarily. You have to learn Python. This is the most important language is the only thing you have to learn, but how to think about things. And having that question come into mind for you at that stage of learning is something that we're hoping kids start thinking about. Like what implications does this coding have on my future, on how I use the computer, how my parents pay for products or something? I think that's a really nice that's what we call an education, like an essential question that you could have a great discussion with. Thank you for that. Michele Darayanani: Don't you think that there's also a generational shift with digital natives being a little bit more security aware? Especially when we talk to younger generations who have grown up with Facebook, with LinkedIn, with Twitter, Instagram. They're much more aware of what content is posted. And people like myself who are not digitally native and go out put everything on every scale. Kelly Schuster-Paredes: They know the term be careful what you post. However, I would almost bet to say that most of our kids don't really understand the tracking that comes on with their photos, the tracking that they'll turned off, the tracking on some apps, but then they don't realize when they just push. Okay, okay. Through the permissions what is really happening with their data. They may be able to use their products a lot better than the way we were when we were kids, but they don't really put two and two together. This is our digital world and this is our physical world. They don't see how they're actually the same kind of place. Right. They wouldn't go walking at night with their money hanging out because they know that's not safe, but yet they might post something about their place of living and not really think about it. So they haven't quite made that connection, that these two worlds are seamless and that there's risks in both worlds. Unknown: Always. Michele Darayanani: You raise an interesting point and I know we're straying a little bit, but on the next next side of things, I will admit I have never read through the full terms and conditions of Apple. It's 40, 50 pages. Whoever reads that, there's an element of usability there that's really missing from a security perspective. Kelly Schuster-Paredes: But sorry, I am strange this happens and that's why we always like to invite guests back. So don't worry. Sean or Joe. Sean Tibor: Yeah, Joe. Did you have a similar experience starting out or did you start from a different place when it came to your current cybersecurity path for me? Joe Farajallah: As I said before I started at University, I went to an engineering school where I learned like I was focused on telecommunication and electronics and electricity engineering and I showed interest. I had interest in cybersecurity during my studies. I heard about cybersecurity as a career and I was searching for it and was interested in it. So I looked by myself about it. I read on the internet articles and things about what is cybersecurity and how can we enter into the cybersecurity field? And I started also to experience by myself. I tried to check some tools and try to experience with some cybersecurity tools, see what they are used for and just to learn how to use them. And what I like most about that is the challenges that you face during cybersecurity, because everything in front of every system or every machine is trying to verify its security level. It's a challenge. It's a challenge to hack it or try to get into it. Yeah. Try to extract these information that are inside. So I like that challenge. And that's why I continued. And I wanted to pursue this as a career. And I had the opportunity as well to have cybersecurity as specialty in my University. So I continued. I specialized into cybersecurity at University, and that's where I got to learn the basics of cybersecurity and then pursue that as a career. During my courses, I also had a lot of programming courses as well during my Adversity curriculum or C Sharp or C Plus Java. All of these languages were also part of my courses, and they helped me build that knowledge that I needed to learn more about cybersecurity and about how can I use this information to pursue a career in that nice. Kelly Schuster-Paredes: Sorry. Help me work through this. When you go and you use these skills with cybersecurity, do you pick through all these languages and you're kind of just like, oh, I'm going to have to solve this problem in this language? Or is there one language that works better? Joe Farajallah: There are different uses for each language that are different use for it. I would say, for example, C Sharp, C Plus Plus and Java are more used to develop certain tools or applications or things that are more I would say more complex or more developed Python. I would use it more to develop like a small script to automate a number of activities or repeatable activities that I need during cybersecurity engagement or a challenge or any cybersecurity related hacking between codes. So, yeah, Python helps a lot in automating a lot of simple tasks. For example, when you try a bunch of combinations, for example, try to brute force a password or try to guess a password, you need to have a whole list and try multiple combinations. And this is easily scriptable or easily writable in Python where you can send these automated way these whole number of requests and try these large number of combinations. Python has also used another sophisticated tools as well. And there's a lot of tools that are part of every penetration testers toolbox. I choose Python because of all of these libraries that are developed in Python that help the attacker communicate with certain known services and protocols. And these libraries are very useful today, and they have used and are still currently used to create also more complex tools such as Impacket, for example, or crap map. Exactly. There are two tools that are very known for every Pen tester. Sean Tibor: So both Joe and Nevena mentioned a few skills that were really valuable, both technical skills, the knowledge of Python and tooling and things like that. But also Nevena, you mentioned persistence. Right. And Joe, I don't know if it's a skill, but that mindset of enjoying a challenge, of viewing something hard as being a challenge and not being a block. Are there other skills that have been very useful for you or that you rely upon regularly in your role in cybersecurity that maybe students or teachers don't even know that they have, but maybe it could help them see this in a new way? Joe Farajallah: I would say being patient is a very useful skill, because when you're trying to crack these challenges or to hack into the systems, you need to be patient. You need to understand what is wrong, what is working, what is not working, and also try to understand what is in front of you and what is these information that are in front of you and how everything works in order to be able to find these weaknesses or these vulnerabilities in those systems. Nevena Lazarevic: What I would add is what I think someone who would like to pursue a career in cybersecurity needs to have as a skill is the commitment or willingness to constantly learn new things because things change quite quickly in our area and we need to keep up with the latest updates and latest security, potential security attacks, libraries which have been published, and so on and so on. So that commitment to constant research and learning is really important. Michele Darayanani: Actually, that ties back directly to what Kelly was saying before around how do we teach the next generation for a job that might not even exist by the time they're out of University? And you have the challenge of not just teaching the next generation, but also making sure that you're moving goal posts actually are vaguely in the right direction. We struggle enough with keeping up with what's changing in the marketplace that we're working eight plus hours a day in. So it is a huge challenge of giving the kids, the students, but also the teachers, all the foundational knowledge, but also preparing them for a future that doesn't exist yet. And actually, that's where coding is very useful, because I'm aware that Python is a preferred language for a lot of people. I actually didn't grow up with Python. I grew up with C Sharp. But what I learned in C Sharp, I can then apply to other languages. So if the next language is something new and unknown, what you've already learned can be applied to the next language and is very valuable. So that mentality of being able to leverage what you know to do something new is one of the most fundamental skills. And here I think Joe and Nevena will laugh a little bit, but one of the certifications that our pen testers aim for is called OSCP. And the motto of OSCP is Try harder. If you ask the organization, while you're learning how I couldn't do this lab, I couldn't figure this out. What should I do? The response will always be try harder. And the idea is really try to figure it out on your own. Leverage what you know, lever what you do. But also go out and find out, explore yourself and try harder. And that is one of the most frustrating lines. You can say working in security, but it's also one of those lines that they will go, I know exactly what that means. Kelly Schuster-Paredes: That makes my heart happy. See, this is we've connected eleven years. So, you know, the whole teacher in him, he had to work in a school he never taught, but he has a mother who hasn't been a teacher forever. And so Sean and I always say to the kids, go away, go figure it out. That's my favorite statement. I'm like, go away, get away from my desk. Go figure it out. And everyone gets mad at me, and I'm just like, Google everything else. There's so many answers out there that I don't even know. Go figure it out. And so it's nice to hear a professional who's in the business that try harder. I try to stay away from try harder because they may be trying hard as a ten, 1112 year old. But go figure it out is a little bit nicer, I think. Michele Darayanani: But also, being able to Google, being able to do a bit of research is a fundamental skill. The ability to say, hey, look, I don't know this, but I'm going to go and do some research. Okay? Nowadays we say go and Google it. Go and look online. But back in, quote, unquote, my generation going to the library and looking up the information. It's a fundamental skill that transcends technology. Sean Tibor: One of the things I wanted to poke out a little bit also as we talked about the skills that are necessary here and the technical skills in particular is, could you imagine doing a cybersecurity job without having programming skills? Michele Darayanani: Right. Sean Tibor: Is that something that's even possible? I think one of the things that has kind of blown my mind a little bit recently and Navy, and I think you can probably speak to this more directly. But even something like a log ingestion tool that takes logs from a number of different systems and watches for aberrations changes, events that are concerning could be thousands or millions of log entries per minute or per second even. And just the volume of information that has to be processed and analyzed is enormous. Is cybersecurity something you can do without having programming skills or automation knowledge? Nevena Lazarevic: Definitely. So when I applied to our current position or current company, I imagined that I will program all day long, like everything that I will do will be related to programming or trying to protect systems in a way of programming additional security measures. However, I quickly realized that I will not program that often. So when I joined, I have to say that I had finished few security courses, as I mentioned, and I was not aware of what the cybersecurity world can offer. So my mission at the beginning was to start the career and within a year or two try to be involved in many different projects and areas of cybersecurity and then try to understand where I would fit and what's the best area that really would satisfy my expectations, where I would also be really happy doing what I do currently. So having the technical background, I assume that I would be more happy doing the more technical engagement. As I mentioned, penetration testing and hardening of different systems. And I was really true about it. But I want to say that there are different areas of cybersecurity in which you do not need to have programming skills at all. You need to be aware of different, let's say, foundational cybersecurity aspects. But having the programming knowledge is not necessarily required. Having the mindset of that problem, resolving mindset and really looking at the detail oriented mindset and looking and having the critical thinking mindset really helps in achieving better results. But necessarily having the knowledge of programming is not needed. Michele Darayanani: Now, to add to that, I think one of the big challenges is that when people think cybersecurity, they think Joe in a hoodie, packing until 03:00 a.m. In the morning, eating pizza, drinking Mountain View. Kelly Schuster-Paredes: Is that what Joe does Tibor such a vast deal? Michele Darayanani: So we spend literally hours and days working with people who don't even have a smartphone and help them understand what cyber is and help them understand how to secure themselves. So the technical skills do create a fantastic foundation. But there's a whole element of cybersecurity that's around communication, soft skills, working with people, communicating to third parties. There's a whole area of cybersecurity around certification and compliance where you're going and assessing and validating. It's one of those amazing in my opinion. I work in the field, but it's one of those amazing fields where your background isn't so relevant. It's more around a curiosity to learn. And I think that's exactly what Nevena was getting into was saying with regards to your curiosity to learn, your curiosity to have that mindset of I want to know more. Is that fundamental requirement then if someone knows how to code or not? Of course, if you know how to code, the technical side becomes a lot easier than having to learn it from scratch. But not having it is not an impediment. We have a person on our team that actually came from a counterterrorism background. We have a history of art major and one that I can do politics and management. So it's a very diverse skill set which really adds to that complexity and this is actually where there's a wonderful story. There was a Gent in the UK who lost his job. He wasn't very good with computers, lost his job, and by his own admission said, I didn't know what to do. So I smoked a lot of weed and wanted to find out if NASA had evidence of aliens. So he spent the next six months researching, attempting to find out things. And from there, he actually learned to break into a couple of very simple lowlevel computers. After I think it took him about a year of research, of learning, of curiosity. He actually did manage to get into one of NASA's biggest and most sensitive servers, at which point the American government found out and he had solved quite a few people, excuse my language, but he got caught, arrested, extradited from the UK. But by his own admission, he went, Look, I knew nothing about computers, but I had curiosity. I wanted to learn and I had no job, so I had nothing to do. So that's what I did. So that curiosity, that willingness to learn, I think, is a fundamental requirement. Sean Tibor: I have one last question. I know we're running out of time and this is kind of a big question for only having a few minutes to answer it. But going the opposite direction from the hard skills and knowledge and desire to learn how much of cybersecurity is about character and integrity and trust as the people that you work with, the people that you work for, how does that play a role in cybersecurity? Michele Darayanani: That's a loaded question. To a certain extent. I was hoping to avoid my screen at the time, Kelly and I worked with a little secret. I actually went to the school that Kelly and I then worked at. And when I was a student there, the It Department bought five laptops for the library. And these five laptops were not like the others. They were Windows instead of Mac. So they were kind of stand alone left there and very quickly compromised by the students. Kelly Schuster-Paredes: But you were a favorite of everybody. Michele Darayanani: What was our sysadmin at the time? And we were in famous because what we did is we actually changed the password. So we ended up installing video games, but controlling what was getting installed on the computer. So we didn't end up with all sorts of garbage and viruses and malware because we were controlling rather than society. But this is also one of the shifts. If you had asked me this question ten years ago, maybe even 20 years ago, large parts of the cyber community either came from the good guys, the white hat hackers, so to speak, the people who have been defending systems for years, or you take someone like Kevin Mitnick and a very famous hacker that has been caught in jail, paid his dues, and has become one of the defenders. But increasingly, as the industry, as the educational spectrum learns about cyber. We now have University degrees, not just at the master's level, but also the bachelor's level. In cybersecurity, we're starting to push cybersecurity courses at high school and potentially Nevena at middle school level. So the field and the breadth of skills we get expand quite drastically. And suddenly you have a choice between the guy who was hacked into the central bank, who might have all the skills on the planet but may not be the most ethical person on the planet, and someone who has learned through it's the hard way, shall we say, gone through all the courses and has the ethical background. And suddenly, from an employee perspective, the ethical element is much more valuable. So if you were to go to a job interview nowadays saying, hey, look, I hacked into your website. Here's the evidence that I managed to hack into your website. That would be a pretty big red flag. So the ethical side is absolutely critical. Kelly Schuster-Paredes: That reminded me when you were talking to a couple of things, but lack of time. There was a set of courses that did go out, and I sent it to a student who loves because students do that. Students do what you did in the past. I have a student never does anything in computer science, but he's a brilliant coder. He brings two computers into class. He has a Mac and a Dell, two laptops. If he's on his Mac, he's doing work for school, and every kid knows this. But if he's on his desk, he's playing his entire PlayStation, which he uses to go to his network at home and get into all his games and stuff. And so I sent him these courses on ethical hacking. I was like, well, you're able to do all these things. Maybe you could start thinking about the good that you can do if you're capable of doing that. But you've got to start somewhere, I would say, right. As long as you're not corrupting. Michele Darayanani: You have no idea how heartwarming it is to hear that, because one of the challenges I think that teachers have is to take all that curiosity, all that pent up intelligence, shall we say, and direct it in the right direction, rather than ending up like myself was kind of bored in the library and went, well, let's see if I can break into the system. It's really one of those things that is a huge challenge, because quite often it's that student who is born with class, who has finished all his work in the first 15 minutes and is sitting there going, what can I do now that ends up putting silly images on the whiteboard or on the Zoom call? Kelly Schuster-Paredes: Absolutely. Sean Tibor: Well, I think that just about runs us out of time for today. Unfortunately, I want to keep talking. It's been great to meet each of you, and we're so thankful that you joined us today to talk about this. I'd love to do a follow up episode to talk more and go into more details because as you mentioned, there's just such a breadth of opportunity within the cybersecurity space and it would be fascinating to dig into that a little bit more and share a little bit more with our audience about what opportunities could look like. But I think we're going to have to wrap it up here. Kelly Schuster-Paredes: I have a burning question, Joe, because we're doing a lesson in 8th grade about libraries in Python and every child is looking through a library that sparks their interest. We've done requests. I know you're calling up requests is like a good one. What's a really fun library that you use all the time. Maybe in Python that is your favorite library on the spot. Joe Farajallah: I would say a very useful one to know is the one called Python Altar Library, which is used to communicate with the Altar Protocol, which is very used in companies today. Cool. Kelly Schuster-Paredes: I will look at so many people that are interested in finance, cyber hacking, whatever. So I'm going to point them into a direction. Thank you. And Mike, I could teach you Python before when you were trying to teach me all your coding stuff back in the days. I can teach you Python now. Michele Darayanani: I'm a girl kid at heart, so. Kelly Schuster-Paredes: I'll make sure that Rick and Marshall hear this episode so they'll be happy to hear from your voice if you haven't seen them. Sean Tibor: And Kelly, if you say hello from Joe, Nevena and Mick on the vestiboard in the next few weeks, you'll know that I helped them do it. Kelly Schuster-Paredes: That's hilarious. Joe Farajallah: All right. Sean Tibor: I think that just about does it for this week. Another great episode, as always. Thank you again, everyone, for joining us. If you have thoughts about this or you'd like to connect with us, you can always reach us on Twitter at Teaching Python. We're also on the web at Teaching Python FM. If you'd like to hack our site, please don't. We are not paying cybersecurity professionals to keep it up and running, so try to avoid that one if you can. So for teaching Python. Kelly Schuster-Paredes: This is Sean and this is Kelly signing off.