 Hello everyone, welcome to the panel discussion. Vandana will be moderating the panel discussion today and I'll basically hand it over to her, stages yours Vandana. Thank you so much, Bhavan. Hi everyone, good morning, good afternoon, good evening, wherever you are. Today at the panel, which is diversity in cybersecurity, we will be discussing a lot of things, especially if I talk about cybersecurity. Cybersecurity is one of those areas which is picking a big time because whatever we do, the companies, people, everyone is getting breached. So we need cybersecurity. And as per the reports, there's a huge amount of skill shortage in this area as well. The one thing that can help fill the gap is diversity and it is not just about gender diversity. I do support the different communities but when it comes to diversity, diversity from different countries, from different areas, different age, different continents. So today if we talk about the diversity, this panel is also diverse. Here we have Hitesh from Belgium but I will let all the speakers introduce themselves. I'll just touch upon a bit on them. Hitesh is from Belgium. Judy is from Kenya and Nairobi. Shaira, my friend is from Israel. So we'll start one by one and they will introduce themselves and then we'll go straight into the panel. So Shaira, let's start with you first. Perfect. Thank you so much, Vandana. It's a pleasure to be here today with these great panel members and all the audience that joined us. My name is Shaira and today I'm the CEO of a cloud security company called Solvo. Solvo is a product that helps developers to produce more secure cloud products automatically. But putting that aside for a moment, I started this company with my co-founder David about a year and a half ago in the heart of the pandemic while we were not sure if this is the end of the world or not. But I was never that kind of a geek or PC kid that really loved computers. I had a normal childhood. I liked reading books and running outside. But like every Israeli at the age of 18, I was drafted to the military. Here we have a mandatory military service and I was picked to serve in the Israeli intelligence. And this is where I was first exposed to the world of cybersecurity. No idea what that means. And this is where I started my career. But from two years, it turned into a 13 years long career in cybersecurity in the Israeli intelligence. Four and a half years ago, I decided that it might be the right time for me to understand what is the tech industry outside of the military is all about. So I just left the military with no other job. Nothing really specific. I knew I wanted to do. And I started doing public speaking, which I will elaborate more about later. And I ended up in a cloud security company where I was leading the intrusion detection product. And after that company got acquired, I knew that now is the time to start my own journey. And this is how I ended up starting Solvo. Thank you, Shirah. That's amazing. Over to you, Judy. Thank you, Vandana. So my name is Judy Ngre. I am from Kenya, Nairobi, Kenya. So I have a very... My journey has not been that long. And I think that's good because considering all the work that we've done so far, I'm very, very impressed and very, very delighted to be here with such a beautiful audience and panel. So I started my journey. I have grown up years here, but I didn't start with the computer gig or computers were introduced to me when I was in college, when I was doing a business course, actually. And then when you had been taught how to use Microsoft Word or Excel, because in Africa, we don't have... We don't get any on access. Now it's different. And then the very first time I interacted with a computer, I was mind blown. I think the one thing that excited me was the fact that I could do calculations with Excel. That was very interesting to me back then. And I was like, this is the path I want to take. So I've been a very... There are those kids you see and you're like, this one will be a doctor, this one will be an artist. I think for me, people are like, this one might end up in jail, but now I think that turned out to be different because my path was just not defined and I liked that and I got to define it myself. So I joined the computer science class and I think being in that class felt like something was making a difference was actually fulfilling a part of me. And I started computer science but I started as a developer. I started writing code. We're just creating web apps. That's actually what got me to college and create websites for companies to get paid and then pay my school fees. It was very, very interesting. And when I finished, the first job I used to do was a web developer. But I got bored at some point when one day I was actually interning and this, I don't want to say, Asian guy. Let's go with Asian guy. I was working in the company and they found some vulnerability with the application I had created and my job was to find out how he did it and bring back the site because it was a customer site and the following day I had to do a presentation. I spent 48 hours trying to find why there is an excess on my site. It was the worst 48 hours of my life. And I was like, I need to get to whatever this is I need to find out how to get into it. And that's actually how I started getting into security. I started learning from this guy. He taught me so much. And as I said, the rest is history. Thank you. Yeah, that's right. So coming to you, Hitesh. Now, Hitesh, we would like to introduce yourself and there's another thing that we want to know with that. What was the first computer that you got your hands on? And don't worry, we're not going to judge your age based on that. That wouldn't be a problem. So, I mean, my interest in security began, my interest in security was there and I didn't know that my interest was in security. What I mean by that is that time it was mostly taken as an interest in computers rather than an interest in security. Like I did not know that what I'm interested in is called cyber security. I just like fiddling and fiddling with computers. So, yeah, so this is something like back in, when I was in school, my dad brought home like a Pentium computer and it had Windows 95. And like there was a computer at my dad's office which had MS-DOS but I rarely got to touch it as a Mrs. kid. But like my proper first home computer was a Windows 95. So the reason I got into computer science, mainly you can say that I used to thinker with it. I somehow decided that, you know, Windows doesn't organize its files very well. So I copied everything into one folder and I rebooted and it wouldn't start. And I understood that yes, the places where the files are kept is kind of important to a computer. You can just really nearly move things as you like. So I had to bring the PC back into shape before he came home that evening and turned it on. So it was like a six hour race against time to fix Windows 95 as a 14 year old. So like these are the kinds of things that I got myself into. I would build computers like, you know, using off the shelf parts and give it to people and they would treat me to a small snack or something like that. So coming from Belgium, which was at that time like a very small town, these were the kinds of things and then I got access to the internet and so on and so forth. So that's how this whole thing began. Like back in the day, if you had a broadband connection, you could actually scan your way into your local network and see what's online, what's not online. Like you can't do that anymore. But for good reason, you can't do that anymore. But that's how this interest began. I mainly run a company called Annexgate and we do networking and security. We write software, Python firms, a good portion of the backend software that we write. So for me, it's been a real enabler if you personally ask me and I did my engineering master's degree. I worked in a company called FireEye in the Silicon Valley Bay area for like four or five years. Then I came back to start my own in Belgium. So in a brief, like a short summary of what I have been doing all these years. So I'm very, very glad and honored to be part of the panel. So thanks for having me as well. Thank you so much. Trayra, we'll come to you. What was the first computer or programming language that you got your hands on or you got to learn that? Maybe in school, maybe in college. Was it me now? Sorry. Yes. Okay, good. So thanks. Maybe just before I tell about my first programming language, I wanted to share a short story about how I got into a public speaking and doing some work around diversity. When I just left the military and didn't really have a job, I decided to maybe give some lectures, but it wasn't that simple. I was approached by a conference that asked me to speak about cybersecurity. And I thought to myself, well, why should I talk about it? I mean, there are so many experts out there. Who am I to speak about it with only 13 years of experience? So I said, no, I'm not going to talk about it. You need to find someone else. I can help you find someone, but I'm not the right person. And I said, like, why not? And I ran into an article about why aren't there more women in cybersecurity. And the article said that women don't see other women in the industry, so they don't have a role model and they assume that it's just not for them. And after reading that, and that was about five years ago, I decided that I have to be on stage just to show other women that it is possible and that there is room for everyone. And this is how I started doing public speaking, regardless of my day job. And the first time I got to do programming was first year of university. We learned C++. That was really my first time I ran into any kind of programming. Since then, I did most of my programming as more of a theoretical thing. I was using mainly MATLAB for research purposes. And ever since then, if I have an idea, I try to implement it with MATLAB and then ask more talented people to do it with Python or with a more popular and more useful language to build software. And so this is my programming experience. I don't practice it every day, but I preach about it a lot. Yeah, yeah, that's amazing. If I go back in time, I can remember there were so many things that were there and then you have to pick and choose which programming language you have to learn. And then now most of them are not in use because they've just gone away. Now we can see so many new languages talk about Java. Java has been there, but then Python is picking up big time and we are at PyCon talking about all of this. Now, when we talk about these languages, these languages are also actually very diverse. Different people are picking up different languages based on the kind of things that they want to build on. Now I can see that an organization has more than 20 languages where they're building their web applications. So this is becoming more and more diverse. And that's when, for the audience, now if I have to share one story when we were all at the backstage and we were preparing, prepping ourselves, so we were discussing what diversity is all about in this panel. So like I said that I am from Bangalore, Hitesh is from Balgam, Judy is from Nairobi and Shaira is from Israel. But still there is, we can see that the country diversity is there, city, state diversity is there and then we do have a gender diversity here. Generally we say we need to have one woman on the panel. Here we can say we needed one man on the panel. That's a good problem to have though. Yeah, right. So Hitesh I remember you were sharing some really nice stories about how you started different initiatives or how your group started different initiatives in Balgam. Because when you started talking about Balgam you mentioned that do you know Balgam? Because I know it because I'm in Karnataka but there are many people who don't know about it. But it's still a place which is growing at a very high pace and there are many initiatives from the diversity side and not just I'm not talking about gender diversity but including kids, including college students or including people from maybe different age groups. I know you've been doing that. So you would like to know about that. Like what have you been contributing to? Definitely and just on the outside like it's me speaking but it's probably the work of many other people who I am speaking for. So take what I say as being 115th or probably 120th of my contribution but there's a lot of people behind the scenes. So we run a lot of initiatives. We have this thing called Make a Space Balgam in the city. We run the Science Hack Day India chapter out of India out of Balgam also. So we have noticed the following things. One is that you, me or probably everyone on this panel is fortunate enough to go to a school that has an English education. And most of the times that's not the case in at least a lot of year 2 and tier 3 cities in India. Yes, there are English speaking schools and things like that but not as much as one would want it. So it's nice to see when we bring a lot of students from different schools together. So we may have like 10 or 15 students from a school in the 8th grade or the 7th grade which is a Canada speaking school which is a local language and bundle them up with another 10 students who come from an English speaking school. So and they sit and figure out simple problems together. They either build a small motor for themselves or they write the last time we did a workshop was in something called Kutipai. Basically trying to use a small microcontroller. So there is a good amount of feedback that we get after these events where students from schools that mostly have people who are quite well off meet students from other schools who are not well off and try to understand how to communicate with someone who probably doesn't speak the same language as you. That goes a long way in trying to tell 12 or a 14 year old that hey listen there is this other side of the world that probably you will not see maybe sometime until later in your life until you sort of graduate and go see the outside world. But even at the age of a school student they are able to talk to each other and try to solve a common problem. Maybe there is sort of a jogadu technique, a small hack that the rural school student has learned living in his village that the city school kid doesn't know about and vice versa. So they get to see a lot of these kinds of things and it's very nice to make at least the people who come from the rural school believe that they are if not brighter at least as bright as the students studying in a school that is in a bigger city. So it acts like an equalizer and helps them give that confidence that it's not necessary for me to be in like a capital of a country to be able to build something. So once they convince themselves that yes I can build something then it's just a matter of if someone takes an interest and takes it forward or it doesn't take an interest and leaves it, that's okay. At least they know that they can do it. That makes a big difference. So we've been doing that science hack day ever since 2016 and even though I have not been part of it in the last chapter because I was getting married but the team does a phenomenal job year on year. I would encourage people to go and look it up online and see what they can find and I'm sure it'll amuse them. Yeah, I think this is amazing. I just stuck to one word that you said which is to the panelists and to everyone who's listening. Some of you might be aware but most of you who are not aware of this word this is like getting things done in a totally innovative and a different way. So we Indians calls ourselves and especially some engineers, specifically engineers I would say they call themselves Jigaru because they can make things work in totally different way where people will not even imagine. Like on this panel we all have contributed in totally different ways. And coming from different background it teaches us different technologies, different way of thinking and even thinking. Now if I go to Judy, Judy has been contributing to bringing more people, more diverse contribution in Nairobi area. I have not seen many people doing in that area. So I would like to hear from her what's her experience and actually how did she started her diversity initiatives, trainings and CTFs in that area. So yeah it's true with you know I think I not mention this that I was able to do in 2019. In 2019 we founded a women of security chapter here in Nairobi and you know that was just to do you know diversity inclusion. We as a continent we have a low number of women in tech overall actually. Not just cybersecurity in every aspect of technology. So you know women of security was you know was here to solve that problem. Actually this occurred to me when I was in a meeting and when I looked around I realized it was me there to discuss the tech and then there was a CIO lady at the table. But then the table was of around 20 people and those were the only two women in the cybersecurity area. And we were there to discuss about strategy and I was like this has to stop. So this need to be solved. So women of security was born through that and you know we were just there to make sure you know that we have yes enough number of women in the industry but it wasn't about deluding the industry it was just bringing in the right people with the right knowledge. So if you find the people with the people with the passion but then they don't have the knowledge how do you solve that problem as well. So women of security also brought that aspect where we were training guys you know on different areas of cybersecurity because we don't have cybersecurity courses in my country. We don't have you know like a four-year program where you can learn about cybersecurity maybe once in a while you go to UWE or you go to LinkedIn learning and find a course that you want to do but physically speaking we didn't have that much. So but then there were you know cybersecurity incident incidents coming up especially with a country like mine where we are digitizing almost everything now especially payments and we had cybersecurity incidents but then we didn't have people to solve them. So there were opportunities there was demand but there was no supply and the supply that was there was just biased so we had to change that narrative and women of security came in in play through exactly that. Absolutely I've seen that the things that you've been doing and contributing and changing the face of Nairobi I could see there were so many awards there were so many initiatives that's been taken so kudos to you for that. Coming to you Shaira I remember you've been you've served in defense forces and your journey as a speaker has been totally incredible but we do want to know like I personally know you from so many years but I am sure people at the panel and people who are listening to this panel do want to know your contribution in the diversity initiatives which you are leading in Israel. I'll happy to share a little bit of that my focus was more around women in cyber security in recent years even though Hitashi's work is so impressive and inspirational because he brings the opportunity to everyone regardless of their gender and it's also very important to enable the opportunities but my focus in the recent years was around women in cyber security because I just realized that less even though even looking at my military service right you have about the same number of men and women starting in cyber security in a way maybe even more women but as you climb up the ladder you see less and less women around the table until I did not see it as an unusual thing to be the only woman on the table and as I left the military it only looked natural to me that I'm the only woman in the room I didn't feel uncomfortable about it and I didn't understand why are there so many organizations trying to help women in the tech industry or in cyber security I just thought to myself well if you're good then you're going to succeed what's the big deal why do you need extra push to do that but only when I started working I realized that maybe I have a thick skin but there are so many junctions along the way that you know I show you the way out or not being supportive enough to give you room in the table it might be a small comment from someone it might be people just not making you feel a part of the team it's the topics that they talk about it's just jokes that they make it's you not being promoted because you might want to be a mom in the future so it's small things that show you that you don't have the room and this is not for you so I thought this is when I started realizing that it shouldn't be this way and it's bad for the industry it's bad for everyone that this kind of behavior is the norm so I started a mentoring program here in Tel Aviv called Security Diva and we brought women who wanted to get into cybersecurity and women from different areas in the cybersecurity industry from marketing to incident response we had everything and we met it was almost one-on-one sessions but you could walk around and talk to anyone you wanted everyone introduced themselves what kind of help would they need and what kind of help can they provide and most women got to talk to all the other mentors we had a really great event and a few months later I was in my office taking the elevator and I ran into a familiar face of a woman wearing a name tag I quickly took a look and she saw I was staring at her and she said hey did you organize that diversity meet up a few months ago and I said yes what are you doing here and she said I got my first job in cybersecurity and I was so happy for her so I told her that she has to be the speaker for our next event and she came and she told her story and given her background really she had every excuse to give up she's a mom she immigrated with her kids to Israel she didn't speak the language but she decided that she's going to get into cybersecurity and that she's going to do everything it takes and she did it and it was super inspirational and I thought to myself well we need more success stories recently during COVID it was really hard to have this kind of events but we keep on trying to have online events or one-on-one meet ups just to enable this kind of experience and mentorship totally amazing Shaira now coming to you Judy do you think she wanted to say something I just wanted to thank Shaira thanks for your words and if you allow me if you've noticed in the last say 12 or so years this is something that I noticed back when I was in grad school doing research under my professor so if you draw if you look at how platforms and social networks and communication platforms online have become more sensitive towards female abuse especially these issues have been taken care of only when there were women at the table who had a stake in saying something because I remember a good friend of mine was abused had to undergo abuse on a platform online it's only in the last six or seven years when that platform actually fixed the problem and that happened because there are people like you guys who are pushing more women to come into cybersecurity because otherwise it's not an idea of what we are doing I mean you can solve a problem only when you face the problem and sometimes people on the other side of the gender scale don't face the problem I see that especially when it comes to cyber-economic offenses is when things have gotten better for the world overall because people say that there is this form of abuse that you guys never experienced because it's not directed towards you so I totally agree with what you said the more the more different voices at the table probably the more better things are yeah absolutely and it's more of our mindset needs to be changed that yes we can do it and there was one point where we'll agree that we don't see more of role models who are allies, who support us who are being there if we see that yes people are there talking about these things that yes we need more people in different areas and not just in cybersecurity but in general tech because if we see the number of people that are there in IT they keep on getting reduced over a period of time because sometimes that they feel I might not be able to do it or they feel that yes you have to take this journey alone so not everyone is able to sustain it needs people to support each other now the way industry is picking up big time wherein there are so many new languages which have come there are platforms which are getting changed we are shifting to cloud we are talking about IoT we are talking about AI we are talking about 5G and what not now when these technologies are coming up even if you take a break for like two months you feel guilty that why did you even take a break I know I have a friend and that's not a woman it's a man who wanted to take a sabbatical because that person wanted to do an MBA and that person was thinking big time that should I go for it or not whether I'll be able to come back or whether I'll get a job or how it will be like you have so many misconceptions and we all have that it's just that till the time we don't share it we don't share our experiences we would never be able to move ahead and I think I had so many discussions about myself also but people like Shera, Judy, Hitesh people like you helped me overcoming them being on the stage I was a total introvert I would say to college I never used to speak too much people and now ask me to talk to like 10,000 people I'll just go ahead and start babbling about it and especially cyber security I can speak in my dreams so Hitesh you want to say something Hi I wanted to hear from Judy since you wanted to ask her something Yes So Judy I want to ask you all of these experiences you've had in Nairobi as well so from your experience how exactly people are perceiving python as a motivator as a driving force in Nairobi area like what are some most uncommon common stories we heard from everyone but most uncommon stories you've heard or you've seen people playing around with python or any other language I think so when it comes to python insecurity it's a big thing it's a really big thing I don't think I've seen guys do you know the one language that seems to stick in every talk or in every CTF or in every presentation let me automate this with python it's easier to automate this with python I think I've seen a lot of python news in cyber security in the last few years to a point where I was like do I need to learn do I need to go back to school and learn this python thing and then every tool you run you have to have some python dependencies and like this is crazy then I need to understand at least some python because I was more conversant and everybody seemed to make it sound so easy to use python rather than any other programming language especially in cyber security and we as a community we're obsessed with automating a lot of they say automate the boring stuff it seems to be easier to do that with python I've seen python conferences here and you know when you do such a conference you expect python developers to be in this kind of conferences but you see cyber security people like I have 10 python conferences because I want to see what is new what are guys doing what has been automated with python and it's easier to use as compared to a lot I feel like I'm selling python I feel like this is a python sales page but I can say there's a lot of python news in cyber security in not just Nairobi present Africa in most of the event conferences and people that I've talked to then I have seen even maybe in other development areas it's mostly on cyber security I get it, I get why yeah I mean I don't know whether people know this or maybe it's for the benefit of people listening to the panel but especially if you're on the malware side or I think Shia might know this since you did intrusion detection if you're reverse engineering malware at any point and you're either dealing with a tool like idapro or now radar is a new tool it is if you know python and you get into this kind of domain where you have to use these tools it's almost like a superpower because I remember writing tons of python scripts in IDA just to be able to unpack malware had I not known python that would have been a big impediment for me and it takes I don't know for people who there are other people who reverse engineer malware but it takes hours and sometimes days to unpack a single binary so the fact that you're able to do and that's the point where python is the only language where do you apply python but if you're in the reverse engineering domain or in the binary analysis domain python is the only language I think there is C++ also but then that's like living life in extra hard mode so I could never do that but probably it helped a lot so there is so many especially whether it's you're doing offensive cybersecurity or defensive doesn't really matter you are going to at some point if you hit a wall and you know python it's going to almost feel like a superpower of sorts so it's I think it's the tool if I have to place a bet and say that if you're in security and you don't know python then it can get difficult but if you know it there's nothing like it absolutely I can share that python is the newest language that I learned after mainly doing most of my programming in C and I just remember during the course that I took the instructor says ok now let's write a code that will take this array and do those things and put those items and I'm like ok I'm going to do it with the for loop and another loop inside of that and like no this is done in like a single line of code what is wrong with you why am I doing it in like 10 lines when you can do it in one line so python is a very very very easy and intuitive language to use and I think that this is why it's the go to for most people who need to learn their first coding language it's the right thing to start with it's easier than other languages it's very useful it's very popular and also from the cybersecurity perspective it's really easy because other tools were written in this language and it's really easy to integrate your new tools to the existing frameworks so I think that it's super useful I know that many people ask themselves if they need to know how to program in order to be in cybersecurity the short answer is no you don't have to program in order to be in cybersecurity there are many different roles you can do without being a programmer but having said that I always tell people who ask me that I highly recommend getting even basic coding skills because it's the difference between walking and having wheels you can make it to those places but you can make it faster and more efficiently so it's only up to you how do you want to get to new places I totally agree and I think python has given wings to us in cybersecurity where we can develop tools in python which are like it's just a script but it acts like a tool and if you need to execute these scripts on any of the servers it'll be so easy so I feel that it has improved my hacking skills in a positive way where people say yes hackers are bad but we do hack our organization to secure them and now when we talk about python or any other programming they do have some kind of syntax some kind of experience associated with it so I want to know your experience per se wherein you have got specific recognition because of that working or maybe tool maybe the you're working on a product so how it has changed that product it says you worked on creating something for students right so how it has changed their skill set their mindset around using these languages because I know that python is not difficult to learn not easy to learn it's in the midway but if someone starts liking it that means it's going to go very long way for them because I've seen at my home my brother started liking this language and he is just getting more and more into this so what's your experience with that so I'll start off with Judy this time okay alright cool so my best python project I think I did it when I was doing when I used to do a lot of bounty that's bug bounty and there is a whole 360 process for getting for finding bugs so I used to get so bored at the beginning where I have to list up domains and then I have to find the ones that are serving on you know different ports and sorry different you know several requests and then the ports and they are like okay this is a very tiresome process but then there were tools that are already available for this so I thought why don't I just put all these together just give me a simple because this doesn't need a lot of human interaction I just need a specific output I need a subdomain that is you know it's a web it serves on this port you know it's actually accessible on the web it's not you know if it's an API you know I want this specific output so I just created a program in python I'll just do this so I just combine three four tools together and the output you know it just saved me a lot of time so I think that has been my best I hope I can find that program I haven't done bounty in a while but you know I was able to like that is something that was worth you know doing learning python you know online and you know I still feel python is you know even now I still use it especially for you know threat intelligence but then that was I think that was my starting point understanding why I'd rather use python to do a lot of cyber security work as compared to other languages and it's easy to learn like python if you've done C C++ python is like English C C++ is like speaking I don't know what languages is that it's Greek it's Greek versus English yeah and you know we don't know I don't know how to speak I think English is easier yeah so I think that's my best experience thank you yeah coming to you Hitesh yeah so two things one is that especially with what happens with what I've seen happen is that we normally interact with kids that are in the 7th, 8th, 9th grade so they've not yet actually been exposed to C and C++ right so sadly we don't control curriculum at universities yet but we've seen that normally when they start writing in python they automatically are comfortable with adopting more complexity going forward because they see that if there's this one language that can do a simple addition or subtraction in two or three lines of code then maybe this is for me or this is not for me what happens is that people have to make that call once they are in a degree program or something and they have to start with C right so it at least helps them make that decision okay I understood python it was fun let me try and grasp a language that is probably a little more complex in the way things are defined in the language right the other thing is that especially like for me how it helps a lot especially in security is that I did I was a research assistant for a couple of years like when I was doing my degree right so my job was gather data on bitcoin its prices its fluctuations things like that right what do I use to get the data python right scrape everything download it dump it into a database do the analysis give it to my professor we write a paper right this is python is sort of the bare bones for it I'm reverse engineering android malware every APK is a zip file I need to unzip it past the XML work into the job python right and I need to write some shell code need to remove slash null hex bytes try to obfuscate the shell code then pass it to a program what do I need python right so it sort of been like a Swiss knife for me and it's I think that I would not go as far as to say that you probably don't need programming in cybersecurity maybe you don't need it if you're choosing not to do exploits and things like that but if you choose to do things like exploits you obviously need but there's quite a lot you can do in cybersecurity without knowing programming it's like 85 or 90 percent that way but if you sort of if you are if you know python and want to get involved in security maybe I can talk to you later on but it's a big enabler if I have to say it right and in fact most of the code that we write today as a part of products in our company are on python right there's a reason for that right because it just when it works it works you don't have to worry about it things like that so I think people who like tinkering and are good with python should especially explore fuzzing and and exploit kind of techniques with python and maybe that might incline them towards whether either they want to be on a red team of and actually red teams in most organizations now have a developer on board right because it's not they need someone to actually rip up the exploits and package it properly and do it reliably right so it's not just that you know someone crafts an exploit and it's done you need a programmer in python who can sort of package it as well so I know especially that the bigger companies now which have red teams have developers full-time developers as part of those teams so it's a wonderful thing to have if you if you know python absolutely coming to you Shaira how was your experience with the different projects that you've worked upon using python so we as a company decided to write our product using python we use serverless technology and it made a lot of sense it seemed like python is quite popular today with the developers by the way when we do our hiring process we don't look for a specific knowledge in python because even if you come with a Java background you will easily pick it up so so when when we do the hiring process when we interview candidates we always ask them to write code in the language that they prefer that they feel most comfortable with again most of our software is written in python but we know that a developer will learn a new language if they need to not specifically with us but generally speaking I think that the opportunity to write microservices potentially if you are an organization with 20 different languages then they can all orchestrate really well because every microservice stands on its own with an input and an output so even if one of your developers insists on writing in COBOL it's probably going to work maybe it's not the best thing to do but it's going to work so this is our experience with python we really like it by the way we recently published a survey that we ran with developers in different kinds of organizations different sizes and asked them about their favorite python is definitely one of the two most popular it was head to head with the javascript it was the same in every every kind of organization from the smallest to the biggest this is something we see all the time so I think that python is definitely here to stay absolutely I totally agree with you now before we part ways I do want to know one piece of information from each one of you starting with Hitesh we'll go to Judy and Chaira if you can recommend some podcasts, newsletters books or talks which you really like or feel people should know especially the python community should know about those should be around cyber security so when it comes to python and cyber security I feel and this is probably biased because of what I like doing I think that if you can if you're someone who's looking to build any kind of let's say you just want to learn pentesting as a skill being able to just craft fuzzy HTTP messages and things like that it's a skill that you can do even if you just know basic thing formatting in python so at least I feel that if you're I wouldn't go on to say that if you're trying to learn python for cyber security go and learn a library I would say that try to apply what these basic things are in ways that are more oriented towards security for example you want to write a simple connect to a TCP socket send in some shell code something very simple it's a socket program shell code takes probably a few bytes to write so you don't have to overwhelm yourself in learning something major yes it depends upon where you go for example if you really get into reverse engineering you will have to read about the libraries that come for reverse engineering tools and things like that but overall most cyber security tools and tasks that we automate using python are using the standard library of python probably nothing else more than that also I mean this is something that we do most of our security products have a front end and all that front end is written in Django a web developer has a space in security as long as he understands a bit about what's a port, what's a firewall what's a what's a TCP stream and things like that you have to basically bring in 20% of security into your programming role and involve yourself in cyber security or learn 20% of python and use it as an enabler for you to do things faster it can go either way but I think that for most cases you're just with learning the base language and fuzzing things around than to do something something big to start with coming to you Judy anything that you feel that people should know and we'll take one more minute and then we'll go to questions I can see that the people are curious about cyber security and they are asking questions now alright when it comes to podcasts I so this is a learning process I learned with cyber security you can't consume everything at once it's a bit too overwhelming so even when people ask do I need to learn a programming language for me to be in cyber security I say it's based on where you are in the cyber security journey so the more you get into security the more you probably want to automate a lot of the stuff that you were doing manually before and you know when you're at that point you also get to learn specific areas of Python if you want to work with Python so for me I'd say even not in terms of podcast in terms of just learning materials for you when you want to streamline and work with Python I'd say just work with what there's do because it's the same thing you're coding you're writing code so things like Udemy I am a big fan of Udemy I have 20 courses on Udemy and for me this happens because I got into something that I wanted to learn how this works and I prefer videos to audio but when I was learning Python I also did the videos on Udemy but then there's the W3 schools if you're good with the visual this is a place you can learn LinkedIn learning as well I'm not sure about podcasts maybe the Python bytes but I don't listen to podcasts mostly but that's also a podcast I've heard is very very essential yeah so that would be my recommendation to you Shaira I have one short recommendation I recommend all of you to join the OWASP project it is run by our friends mainly Nancy Garishe from OWASP and a few other really awesome women who interview every week one person from the development or security or DevSecOps community we learn something new we get to ask questions so I highly recommend you to join every Sunday it's also on YouTube so you can watch previous episodes and learn about different aspects of how to do secure coding absolutely, I'm a huge preacher of open source and yes please do join and support the communities, learn from cyber security communities as well now there is an interesting question I know we're almost at the R let's take this question and then we can have further questions on Twitter or maybe at the other chat box so Judy this question is for you that are there any bug bounty programs where we can start off and how to get started in cyber security okay, when it comes to bug bounty that's a very common question I recommend the Haka1 Haka101 the Haka1 platform has their own getting started into bug bounty content so this is like the best place because this is a bug bounty platform they tell you what to get into what to do then there is Twitch I'm always streaming on Twitch when guys come in they're learning from this guy who found this bug this one who made a million dollars for a bug bounty so also Twitch is a big place to be and it's free resource all this I'm saying are free resources you don't have to pay for this and then there's the Udemy classes the Udemy classes that I think Naham said I produced one that's very very good and I recommended it to most of my students when they're starting getting started in bug bounty yeah and he does have a YouTube channel so go ahead and check just check for Nahamsek N-A-N-A-H-A-M-S-E-C yeah Nahamsek and there's a friend of mine called U-ServoSwar is African Senegalese also has a program yeah yeah interesting and now question to you Shaira what are the top one or two tools or guideline services you would suggest a developer that needs to know about the issues in web apps great so it's really good that we talked about OWASP just a minute ago if you're unfamiliar with OWASP OWASP is a non-profit organization that works worldwide so there is probably a chapter near your home and if there isn't now during COVID all the meetups are online anyway so it's not a problem for you to be in Bangalore meetup in Los Angeles so you know the world is now very well connected and in OWASP you're going to learn about the top vulnerabilities on web applications and actually today it's in applications in general also on mobile applications in the I-Security you will have all the information that you need about most common mistakes and how to solve them and also prevent from doing them there are lots of learning materials and everything is for free all you have to do is check OWASP's website and pick one topic there is probably lots of material written material and workshops around it all you have to do is just start my favorite project is the serverless project you actually run a cloud formation template and spin up a serverless application and you can start investigating it you don't have to write the application so you don't have to know how to code but you are using an application on your private AWS account it's really fun and it's very very useful and thank you to Tal Milam for this great project wonderful and I am a huge fan of OWASP and if you are all in Bangalore I am one of the chapter leader for OWASP Bangalore you can reach out to me anytime I will be more than happy to share any resources that OWASP has or just go to OWASP.org and there is so much more that you can look for and we do need help from people who are working on Python to help around different projects that we have and specifically developer security now coming to you coming to you Hitesh there is a question how do you address the issues while developing a software like monitoring or monitoring a dark web for women and child abuse content and alert system it may affect the mental health of people so it's more around scrapping the dark web first of all I mean if you are doing work on this kudos to you because it's a very hard thing to work on which is substantiated by your second point saying how do you how do you be sensitized when you are working on it I don't think I have a good answer for it because it's hard to say that don't be affected and think of it as a job because if you are going to be looking at things that happen on the dark web it might it might disturb you to a certain extent by looking at certain things but I would say in that case stop as soon as you feel that even for a second and probably don't do it for a couple of days but it's sort of like you are doing God's work if you are doing something like this because I have seen less than my share of bad things but I wouldn't want to see anymore at all of the kinds of things that are there on the dark web so yes it does affect you feel bad that the internet is being used for something such as this but I frankly do not have a good answer to your question about how can we prevent this because it's practically not possible if you are able to find certain content that is deplorable please report it and hope that it gets taken down soon we have done this in the past with people who do credit card abuse and you will be very surprised that like visa and all these guys are very strict in case there is money being used for these kinds of services I will also be sort of in the delta hall in the delta hallway track if people want to talk a lot more about security and things like that but yeah that's what I can say probably to this question and in fact just before when Shira was talking cuckoo sandbox which is a project for running malware in a sandbox environment is entirely written in python so I think most malware engines would not be one-tenth their weight installed if you want to chat up more I will be hanging because I know we have exceeded an hour of our time so I will be in the delta hallway track if you guys want to chat further thank you so much to each one of you it was wonderful discussion