Seif: My idea and motivation behind creating the YouTube channel in the first place was the same as teaching, is to give back to the community and guide people in their careers.
Caroline: From Cobalt at home, this is "Humans of InfoSec," a show about real people, their work, and its impact on the information security industry. Today my guest is Seif Hateb, a security engineer at Twilio, who has over a decade of experience in the telecommunications and healthcare industries. Seif guides the design, testing, and implementation of leading-edge technology solutions while balancing security initiatives to risks, business operations, and innovations. Seif is very passionate about this field. He's an active member of the cybersecurity community, and runs a YouTube channel that helps people to learn more about InfoSec, specifically how to land their first role in the industry. You may know him from his newsletter, "Cybersecurity and Much More." Thank you Seif for joining me today.
Seif: Thanks, Caroline. Thanks for having me. I'm really excited to talk to you and share my experience in cybersecurity.
Caroline: What a pleasure it is to connect with you today. Seif, let's kick off our conversation by learning a bit more about you. Can you share with our listeners how did you get started in security and what drives your passion for it now?
Seif: Well, while it's not an exciting story in which I discovered a zero-day when I was in elementary school, I'm just kidding, or maybe... Yeah, or from passion for computers as old as the Commodore 64 from the early '80s. But in fact, when I was 8 years old, I was playing with a walkie-talkie that I borrowed from my cousin and I was able to hop in on calls and listening to people, and that was amazing. It's like, oh my God, this is great. But at the same time, I think I'm not supposed to be, like, on those calls. So, I think there is something wrong with these cellular networks. Of course, it was 1G networks. Of course, that wasn't, like, the...
I didn't start in InfoSec when I was 8 years old, but it ignited my passion for, like, electronics and computers. My grandfather was an engineer and I grew up around electronics components everywhere. So, I was interested in that at like early age. But I got interested in security when I was in high school. Then through college when I got interested more into mathematics and cryptography. From there I continued my graduate studies in telecommunications and networking. Then computer science while making sure all my projects and internships had a security focus, because we didn't have an option to do like a master's in InfoSec or cryptography. So, I did it my own way and made sure, it's like, I do more projects that are more information security related. So, then after a couple of summer internships, junior level position, like post-graduation, I was able to join an elite telco vendor and work on 2G, 3G, and 4G projects.
Caroline: You know, it's incredible, Seif, I can just imagine you as an 8-year-old boy playing with these walkie-talkies, you know, and then you grow up and you're actually working on these. So, I think that's so cool. I also understand that first of all, your voice has a beautiful sound to it and your accent is due to your coming from Algeria, I understand that you spent time as a graduate teacher for cybersecurity in Algeria. I wonder if you can tell me more about that time in your life. What is it that inspired you to pursue that role? How did you work with your students? And can you share any lessons with us that you learned from your students?
Seif: So, it started a couple of years after I graduated. So, I was working, I was getting more responsibilities and it's like evolving in my career, but I always had that passion for teaching because I consider myself a lifelong learner. I always want to explore and discover new topics but also have that deep feeling of like giving back to the community and society in general, because my school teachers and university professors both had a great impact on me personally and academically, so I wanted to have that same connection with the next generation of builders and thinkers. So, because interacting with students and like-minded people in general, including the other professors helps build deep relationships and that sense of community, but also develop collaboration, communication skills for both the teachers and the students. So, this is the summary of why I wanted to do that and why I was doing it.
Caroline: That's fantastic. It's very clear to me hearing you speak, you're so passionate about helping people to learn and develop themselves and to join our field. I also wanna share with our listeners, you've done videos on your YouTube channel, and in particular there is one video where you talk about the challenges of people having to get a college degree in order to get their first cybersecurity job. I'd love to hear about what was your idea behind this particular video?
Seif: My idea and motivation behind creating the YouTube channel in the first place, was the same as teaching, is to give back to the community and guide people in their careers. To share tips and tricks from real-life experience and at the same time document my journey as a professional and lifetime learner. So, starting with a video that talks about getting into security without a degree, it's because people usually create a lot of blockers for themselves or think that they have to get, let's say, a bachelor's or master's degree in computer science or information security in order to get their first job. But in reality, they can start smaller.
They can target the jobs that requires less technical skills and then they can continue their journey to maybe get a degree or get more certification while working in the InfoSec field because it will be more beneficial to them to evolve and to discover what they like. Because it could be a waste of time to do five years to then discover that you don't really want to work in security, you like more programming or maybe networking. So, that's why I encourage people to first dive in, and it's like the same thing when you compare doing theoretical stuff to learn a topic or dive in directly and do hands-on labs to learn, like, about networking instead of just reading a book. It's, like, the same concept. Get your foot there, start your first job, get into the field and then that will change your mind. That was like why I created that video.
Caroline: You know, it reminds me a little bit about something that I experienced myself when I was a student actually studying computer science, which is, there's quite a lot in computer science that I don't actually enjoy doing very much. Now fast forward, I've had several years, been able to work in the cybersecurity industry. There are so many different facets to cybersecurity and some of them I enjoy and some of them I enjoy a little bit less. And some of them there's a lot of opportunity. So in any case, I completely agree with your statement that one should not abandon ambitions to work in cybersecurity just because a person doesn't have a technical degree. You know, not everyone in the field has a technical degree. In fact, many of the guests that I've had on this podcast have had very successful careers despite having studied something entirely different like architecture or business, or economics. I've got a couple of guests, maybe two or three actually, who in fact did not complete a college degree at all and have found themselves to be very successful in the field.
Seif, here's another misconception that I want to discuss with you. Some folks may have an idea that once you start your career. If you progress, you'll inevitably become a people manager, 10 to 15 years down the line, and that would involve doing less tactical hands-on work and more people management work. Of course, there's nothing inherently wrong with that if that's what a person wants to do. But what about people who don't necessarily aspire to be people managers? What do you think about this?
Seif: This is an important topic that I wish I knew, like, years ago because while it might be just a luxury found in tech more than in other industries, growing as an individual contributor or IC is a great option for engineers who wanna stay hands-on and do the technical work while growing in responsibility, impact, leadership, and even compensation. To be honest with you, from my personal experience, I can tell you that it's a blocker to not have the option to do so. I moved from a director role to an IC role to work as an architect, and from an architect role where I could no longer move forward in the career ladder to an engineering IC role. But that is one thing to keep in mind. While this is a great opportunity for people who wanna stay technical, evolving as an IC doesn't mean working in a vacuum and being 100% technical, because the more you climb the ladder, the more soft skills you will need. It's like whether you choose to manage people or to be an IC, you will have to work on your soft skills.
In addition to that, as an IC, you will have to mentor people and be a thought leader who participates in setting strategies and plans to enhance, like, the overall security posture. Like, if we talk about security engineers the same way a director would do. So, it's a great option to have first the ability to choose between both paths. So, if you are working in a company where it's possible, that's an amazing thing to do. But then how to make the decision, it's based on your goals, it's based on your skills. If you managed people in the past and you wanna switch to an IC role, I think it would be easier for you. But the opposite may be more difficult because it's not easy to manage people, especially, like, the first time, so you need to make sure you have mentors that will guide you and will help you be ready for it.
Caroline: Yeah, a lot of what you've shared resonates with things that I've observed throughout my career as well. One of the things that we intentionally set up a few years ago when we were building Cobalt's career path, we said, look, there's a manager path and there's a maker path, and you can advance just as far along the maker path as you can along the manager path. In fact, we're actually, today we're recording this in mid-December, next week I'm delighted to have a new colleague join my team and this individual will, in fact, be an individual contributor working at a director level. Seif, you have dedicated so much of your life, in fact, more than 15 years of your career to the cybersecurity industry. What drives your passion for it? Why do you stay in cyber? And why would you want to work in InfoSec in general?
Seif: What still drives me into learning more about this field and working as a security professional is the fact that it became like an intersection of multiple fields and technologies. Security became the responsibility of everyone. It's no longer luxury. It's a must. And it touches all the leading-edge technologies from AI to crypto, from 5G to quantum computing, and from finance to healthcare. You can be doing information security to defend your country, to secure a financial institution, or any of the critical infrastructures like power grids for example. Or you can contribute to making people's life better and secure a pacemaker that's saving somebody's life. So, that's why I really love this field. It has a great mission, sense of purpose, and you can find the specialty or the industry that meets with your values. So, everybody can work in this field if they are lifelong learners because there is always something new. At the same time, for sure you will find that company or that industry that will help you evolve as a professional but also be happy and be proud of what you are doing.
Caroline: I couldn't agree more. I think that your words certainly resonate with me personally as well as it's something I've observed in so many of my colleagues that they are very mission and very purpose-driven. Seif, I've got a fun and also a very practical question for you to round up our podcast today. Degree or no degree? If you're 16 years old and you're looking at how to approach your career in your life, Seif, what is your advice on who should go to college and maybe who shouldn't go to college?
Seif: That's a great question. If you are 16 years old listening to this, I would say that it won't hurt you to do two years of a community college. Not only to get the foundations but also to connect with people who have the same goal. Because networking is a key success factor in the tech industry in general and especially in InfoSec because it's based on trust. However, it depends on your skills and abilities, and background. For the people who wanna gain deep knowledge and have an environment that keeps them accountable, keeps them around like-minded friends who help them immerse themselves in computer science and information security, yes, go to college and get a degree.
Otherwise, you can just define your target role specialty company and build a learning path that will help you gain the skills needed to get the role, your dream job maybe. But make sure you give back to the community and show your work. That's how you build your brand and connect to the people working in roles like yours or like the one you wanna be evolving in. So, those people could be your future colleagues, team members, or managers. It's not like one-size-fits-all thing. It's based on what do you want, what stage in your life or career you are, and what do you wanna achieve.
Caroline: Seif, I think that's very sound advice. Thank you so much for sharing with our listeners. Hey, it was great connecting with you today. Thanks for being a part of the podcast. Thanks for your role in the industry. Thanks for your YouTube videos. We so appreciate you. "Humans of InfoSec" is brought to you by Cobalt, a Pentest as a Service company. You can find us on Twitter @humansofinfosec.