In this episode, you will be fascinated as our guests shares her journey from being an actress to becoming an award-winning ethical hacker! Learn how to transition skills successfully between career fields, valuable insights on proactive cybersecurity, and the significance of cyber peace. Don't miss this engaging conversation filled with valuable advice and inspiring stories
Guest: Gabrielle Botbol, Offensive Security Advisor, Desjardins
Website: https://csbygb.github.io/
LinkedIn: https://www.linkedin.com/in/gabriellebotbol/
Twitter/X: https://twitter.com/Gabrielle_BGB
Host: Dr. Rebecca Wynn
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/rebecca-wynn
________________________________
This Episode’s Sponsors
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
________________________________
Episode Description
In this episode of the Soulful CXO, host Dr. Rebecca Wynn welcomes Gabrielle Botbol, Offensive Security Advisor at Desjardins. Additionally, she is a trusted advisor to numerous organizations, an award-winning ethical hacker, and a distinguished cybersecurity blogger. She shares her journey from being an actress to becoming an award-winning ethical hacker and cybersecurity blogger. She discusses the importance of transitioning skills from other fields to cybersecurity, offers valuable insights on proactive cybersecurity measures individuals can take to protect themselves from cyber threats, the significance of cyber peace, and practical tips to safeguard against phishing attacks. If you're looking for motivation, career advice, or simply interested in cybersecurity, this episode is a must-listen!
________________________________
Resources
From Selfies to Security Breaches: Pentesting Android
https://www.rsaconference.com/Library/presentation/usa/2024/from%20selfies%20to%20security%20breaches%20pentesting%20android
CSbyGB's Pentips
https://csbygb.gitbook.io/pentips
Fraud Resources
https://www.occ.treas.gov/topics/consumers-and-communities/consumer-protection/fraud-resources/index-fraud-resources.html
________________________________
Support:
Buy Me a Coffee: https://www.buymeacoffee.com/soulfulcxo
________________________________
For more podcast stories from The Soulful CXO Podcast With Rebecca Wynn: https://www.itspmagazine.com/the-soulful-cxo-podcast
ITSPMagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
The Importance of Cyber Peace | A Conversation with Gabrielle Botbol | The Soulful CXO Podcast with Dr. Rebecca Wynn
[00:00:00] Dr. Rebecca Wynn: Welcome to the Soulful CXO. I'm your host, Dr. Rebecca Wynn. Please take a moment to like, subscribe, and share the show. We are pleased to have with us today Gabrielle Botbol.
Gabrielle is an Offensive Security Advisor at Desjardins, the foremost financial cooperative in North America, an award-winning ethical hacker, and a distinguished cybersecurity blogger. With an unwavering commitment to the banking sector, she navigates the complex realms of mobile applications and API exploration with unparalleled expertise.
Additionally, she is a trusted advisor to numerous organizations and holds esteemed positions on the Advisory Boards of prestigious institutions like APIsec University and the Canadian Cybersecurity Network. Renowned for her captivating speaking engagements and adept training sessions, she graces global stages and prestigious universities, including RSA, Blackhat, Defcon, and the University of Toronto.
Her contributions to the cybersecurity community have earned her well-deserved recognition, including being named one of the Top 20 Women in Cybersecurity in Canada, hailed as a Pentest Ninja at WSCJ, honored as Educator of the Year at AYA, acknowledged as a Top Influencer in Cybersecurity by IFSEC Global, and esteemed as Woman Hacker of the Year by CSWY.
Gabrielle, we are truly honored to have you on the show. So glad to see you here today.
[00:01:32] Gabrielle Botbol: Thank you for having me.
[00:01:34] Dr. Rebecca Wynn: You have a very impressive bio, but I didn't butcher it too much there. How in the world did you even get started in cyber security?
[00:01:42] Gabrielle Botbol: So I, used to be a long time ago.
I used to be an actress, so it's not exactly the same. So then at the time I was really passionate about building things on like with websites or building software or things like this. [00:02:00] At the time, I was actually building websites for Sierra or for if I liked actors or some, people, I would make a site, a website about it.
And I decided then that I would build it. Be also happy to, transition to application development. And so I, really had this, passion for programming. And so this is how I, switched. And, I, started to, so I, I did a degree for this. And I started to, work full time as a software developer, but then I was like I am delivering something.
I'm delivering a software. And I need to know if it's safe, I need to know if, customer trust us. So I really feel like I'm on today or something that is really safe. So [00:03:00] that's how I started to look Online on how I could make my applications and my software safer. And that's how I discovered about pen test.
And that's how I decided to train myself to become a pen tester. I did not like right away decided I would do a self study program. Because I started to look first at possible trainings or possible opportunities and it was very hard to find something that was not too expensive or that would take in account my background as a developer.
So it was very hard. It's a little complicated, and so that's why I decided that I was going to create a self study program. So I did not do it just like this. I actually used a lifelong learning concept which is called apprenance from Philippe Caille. [00:04:00] And it basically says that We are able to learn in many different situations and context.
And so I used it to create a program in multiple steps, including CTF. So CTF are Catch the Flag competition, which is cybersecurity challenges. And so it's, really hands on. So it's very interesting to have the hands on parts. Conferences. The. The the concepts and the difference because what I like about the conferences, it's also holistic.
You don't have just one specific some domain of cyber security. You can also have further conferences about, because it's a very cross domain area. So it's very nice to have also this further perspective. And also online courses and internships and volunteering. And. I documented this journey through a [00:05:00] blog and and also I started to share resources and my experiences with this.
And then after this, I started to look for a possible job opportunity. And at the time I was in France. Once again, I did not find a position right away, so I, looked at different possibilities. I had different interviews and, it was not really I did not really find something.
And I started, I said, okay, I'm going to apply drum flares from to go work abroad. So I applied to a job fair for Canada and the first interview I had was, the one that allowed me to to move in Canada and to also have my first position as a pen tester. So it was another company than the one I'm working for now is [00:06:00] a consulting company and and so that's how I.
I first got into, pen testing.
[00:06:06] Dr. Rebecca Wynn: That's a lot. First question I have for you based on that is, is how was it transitioning from being an actress to get into cybersecurity technology and what skills did you learn through the process of being an actress do you think has helped you on that journey?
[00:06:22] Gabrielle Botbol: It was, an interesting experience I felt like application development would keep the creativity part of this.
So this is definitely something that I love. So I was very happy to keep it. Also, it was very helpful for, Public speaking, really helpful for stress release and, be able to, be more comfortable when I'm in front of people.
And also what I didn't mention is that when I was doing my self study program, in the end, I did a [00:07:00] grid of skills that I have from my Previous experiences that I would be able to apply to cyber security.
And so this was definitely helpful because it really, and I really recommend to people who are switching. From another domain to cyber security to do this because it's really giving you the opportunity to, have already skills that you can show out for potential employers. And that's really that's helpful.
When you start somewhere to, to have something to broadcast already, it's really great.
[00:07:40] Dr. Rebecca Wynn: Can you walk the audience through how to do that a little bit? I know I work with people who are teachers, bartenders, they've been in retail, they've been in a variety of sectors about being prompt engineering. A lot of times they're very good prompt engineers, but what steps did you do?
Cause we do have a lot of people who are transitioning within the field and we also have people who are transitioning to the field and [00:08:00] they don't know how to translate those skills. And you've done that very successfully.
[00:08:04] Gabrielle Botbol: Yeah, sure. When I was doing dramatic arts, I was also, a hotel, receptionist.
And, I learned how to be careful with a customer. What I did is I took every experience I had and I looked at every task I did and for each task I was like, okay, so what is this task? What is the skill required to do this task? And that's why I was able to make the list of skills I had.
And this way I was able to say, oh I, looked up at job postings and that's also, I had looked also at university trainings for, the cyber. So this was very helpful [00:09:00] to, to see what the skills required and where, and I was able to do a match. So this. To see that the skills I have would work on cybersecurity.
Basically, yes. Take all the experience you have, all the tasks you've done, find out what is the meta skills for this specific task, and it's going to be definitely helpful to find the corresponding task in cybersecurity. You know soft skills are really crucial as much as technical skills, but we, often hear, Oh, it's very important to have technical skills, but I think also soft skills are very, important.
And unlike technical skills which can become obsolete soft skills Are always going to be relevant through, throughout a career. You, just need to be able to target it with the tasks you've, done before.
[00:09:54] Dr. Rebecca Wynn: Now people get discouraged quite a bit. And I've been there before too, when I've been switching jobs [00:10:00] where you're looking for that best fit, and you may be applying for positions that you know in your heart of hearts. It's not the best fit. When you talked in the beginning, you said that you did apply for a lot of jobs and it just didn't go your way. What do you suggest people do out there who are very discouraged right now trying to find their next position and to find it with a company who they think their skills can help that company out, but that the company can also fulfill them.
[00:10:25] Gabrielle Botbol: The blog, I was really helped me love them to give up because I was able to, I, I was feeling that it was going to be a way to impress what I'm able to do and to showcase what I'm able to do. So this was really helpful. And also when I started to go to conferences, I started to meet people as I started to network and it was also very helpful because, It's in the way you're able to see, and to always assess what you're doing to [00:11:00] see if it's okay.
Is it really going to work if I do it this way? Should I do it differently? And every interview I had was listen for the next one I was able to, okay these questions, I need to work on this and okay, this other question, I also need to work on this. And I was able to get a few topics I would have to work on for the next interview.
So this was very helpful. What kept me motivated was actually continuing to work on it and also having a big, goal like, it's, it can be overwhelming. So what's also helpful is to cut a big goal into smaller tasks. This way you, have a more rewarding feeling every time you achieve one task.
And. That's also really motivating.
[00:11:57] Dr. Rebecca Wynn: Yeah, I think one of the big things is you only [00:12:00] can do the best that you possibly can do, and you should always be representing who you are as a whole. And, you do need to, generally speak, interview with a lot of companies to see if they're a proper fit for you, as well as they're a proper fit for them.
And a lot of times we take it personally. And I try to remember that when I'm interviewing people too, it's not a, it's not personally against them. Is that, They're not fitting my team structure. They're not fitting where we need to go. And I personally, as an interviewer, I try to listen to them to see if there's somebody else I know who that's the right fit.
I wish everybody would do that. So then I can say, Hey, here's this person who is not a right fit for my company, but I think they're a great fit for your company. I liked how you said that you do an after action report to put it back into more technical terms about what went well, what didn't go well, I think one of the things to look at too is to see what the patterns are. Is that a sector that. [00:13:00] For some reason, just doesn't resonate with both sides is that the size of the company. Things along those lines, a lot of times will lead you to maybe a better sector, a better size of a company that you will have.
A higher chance of getting with your peeps, instead of just doing the hope and pray, everything's going to be okay. And we'll just spray out resumes out there. That's what it sounded like you did too. On that reflection, you also refined who you were actually interviewing with or targeting to try and work for.
[00:13:30] Gabrielle Botbol: Yeah. That's, also something that I was doing to check out, the company culture and to check out. Does it also, does it align to your values? That's I do have strong values. So I think it's important to say, I want to, so I wanted to help people. That was the first value.
I wanted to help people. And I was like, [00:14:00] okay, how can I help people with cybersecurity? It's self use, right? It's the core of working in cybersecurity is helping people. This changed. Everything for me to, realize that I was doing something that had value and that was very close to my personal values, and That's, how I stay motivated, I, because when I feel like I have, an impact on something.
Most of the times, you will be able to find if a company has The same values. If you look at the company culture, if you look at different websites, you have many websites that will give have former employees reviews on the company. And you can also also see if the actions they do actually need something that aligns to [00:15:00] your value.
So that's definitely something interesting to do. And also if you. If you're just not sure, if you think it's a fit, but then it turns out it's not a fit, you can always, go somewhere else and try to find something else. At least you will have the experience and you will have, it's, never a waste.
It's always, you always learn something out of it. I think it's also a way to do it.
[00:15:29] Dr. Rebecca Wynn: I agree. A lot of times we have a habit of when we leave a position, maybe you get laid off, maybe just wasn't a good fit on either side. That was a step and learning to get you to where you're supposed to be next. That might not be the end of the journey.
That might be the 1st step. of that staircase. A lot of times we think that's the last step. So I tell people out there, keep encouraged that and look back. Like we said, those after action reports about what are the lessons that you learn [00:16:00] and take them into your new job and know that you're going to be okay.
That's what I tell people. You're going to be okay. You're not alone out there.
[00:16:07] Gabrielle Botbol: Yeah. Thank you. It's a lot of trials and error. And I think it's always how you learn the most by, Learning from your mistakes or learning from experiences. If, everything was working out the first time, you wouldn't learn anything, I think.
And if you, something doesn't go the way you want it to go, you can stop for a moment and say, okay, what did I not see? And how come that I, I went into this situation, what happened, that I should have seen before, what was the flag, or what was the way to see it, and then you can learn from it.
I think we are always, always very successful in everything. I, you actually see a lot of people [00:17:00] that also share the fact that and I really like this we see more and more people on social media who say, okay I, I failed with this, but what I learned from this is this, and I think it's very inspiring to do this as well because it's really, You don't feel as lonely when you see this.
[00:17:20] Dr. Rebecca Wynn: Yeah, I read an article a long time ago. I think they said something like in every day, we make 85 percent errors or something like that throughout our whole day. And it was like, okay, maybe it was even higher than that. But we forget about all those missteps that we do on a daily basis. And if you don't believe me, when's the last time you, tripped today, even maybe getting your first cup of coffee, right?
That's a failure, but you keep going.
You talk a lot about cyber, having cyber peace and you don't really see that too much in writing and I did do a double take when I saw that myself and I'm like, yeah, that makes sense.
Can you explain a little bit on how that actually motivates you ?
[00:17:56] Gabrielle Botbol: Yeah, sure. To me, cyber [00:18:00] peace is like hitting balance and the cyber space that will respect privacy, that will respect democratic, values. I think it's, actually this, it's the fact that we are, we, we have we, cannot do anything without using a computer without using, today it's really omnipresent and we have to use a phone, we have to use many different tools. What I like about what I do is that, And I'm able to help governments, to help people, to help companies and organizations be safe and stay safe and, foster cooperation, and I think this is what also helps to build resilience to make sure [00:19:00] that, that that's, what speaks to me.
I, feel like alone I, cannot do so much. That's with collective intelligence and with collaboration, we can build together a space that is going to be more respectful of privacy, that is going to also help stop cyber criminals. It might seem a little, idealistic, but, it's also, I think it's also, What drives me to, make sure that, okay, we have ways to do, we have ways to make things better.
We can learn from, just like we said before, it works for an individual, but it also works for our collective. We can learn from our mistakes and we can better things. So yeah, how do we create this balanced space? How do you, how do we, Make sure that we are resilient. We could, [00:20:00] have a ma a training on cyber hygiene and help everyone to be able to, understand the risks.
And so that's, yeah, mostly advocating for, education and and contributing to because I think. In a way, cyber security is a common good. Ethical hacking is really helpful to to protect this, common good. And it's, really what's going, and it's proactive. When we do pen test, we are going to be proactive and we are going to have a step in efforts from the cyber criminals.
We are going to try to get into a system and this way we are going to be able to find vulnerabilities in the system. We are doing it before a potential cyber criminal would do [00:21:00] it. So that's really proactive in a way. That's how really I think we can with this and many different other frameworks or many different other ways, be able to one day make every Organization and every citizen more resilient and also, I mentioned education.
I think it's very important and I think we should from an early age, be able to make, like in the way made cyber security a popular culture and make it normal, like it's something I'm using a computer, so I have to have, practices that are going to be safe and I'm going to, do things really safely.
So also we need organizations and we need businesses to, to help us achieve these goals.
[00:21:59] Dr. Rebecca Wynn: I [00:22:00] don't want me to be amiss and not ask you a hacker question. What do you recommend that people do it actually to try and proactively protect themselves? themselves from companies and from hackers out there who might be taking your data or being able to do a security breach or something that against you, what should they be doing that they're, that you see consistently people aren't doing or applications aren't doing?
[00:22:20] Gabrielle Botbol: One thing that I that I think is probably one of the biggest cause of attack and the way that cybercriminals are actually able to get in a system would be. Phishing and phishing is getting more and more sophisticated. And, now we also have people who are going to call you to try to trick you.
So it's getting even more coming from every more a lot of different ways and platforms, but for the if someone is calling you to say I'm, this company, [00:23:00] I need you to give me a, I'm your bank and I need you to give me your account number because we have a problem. Don't answer the question right away and call, hang up the phone and call the, company with the official number.
And this way you are sure that you're talking to the right person you need to talk to. And this way you are going to be able to know if it was actually. Legit or, a scam. And for phishing, you always it, can seem pressing and, you can be under pressure because you they, want you to feel like you're under pressure to do something.
There's always time to check contact your, the person you need to, contact to check because it's, always worth checking. And sometimes it's really what is going to help you be safe from From the cyber attack is to making double checks. And it's exactly like a multi factor [00:24:00] authentication.
You have. You have backups ways to, be safe. You have it's another way to, it's another layer of security in a way. Double check and and activate MFA everywhere is also giving you another layer, so this way if your password gets hacked, you can actually, you have actually the security that is also going to, help you being, safer.
[00:24:30] Dr. Rebecca Wynn: I would just add real quickly, call the number that's on your bank card. Just in case your browser or something like that been hijacked.
[00:24:38] Gabrielle Botbol: Yeah there's also a lot of countries that have organizations that are dedicated to to people who are victims of cybercrimes. Find out your local organization in case I've talked and this way you have a quick way to to actually check that something that you're going through is [00:25:00] legit or not.
[00:25:00] Dr. Rebecca Wynn: I want to thank everybody for joining us please, if you haven't already done so, please subscribe and share this episode. Please go ahead and subscribe to the Soulful CXO Insights newsletter and follow us on all channels there as well too, as well as the YouTube channel.
Remember in the description, you will have resources as well as contact information on Gabrielle.
Gabrielle, thank you so much for coming on the show and sharing your expertise with us today. Thank you for having me.