Adam & Jerod catch up with our ol' friend, Suz Hinton! It's been a couple years since Suz was a regular on JS Party. Since then, she moved back to Australia, earned a degree in cyber security & won a fidget spinner from the NSA... but that's not all!
Welcome to ChangeLog, and friends, a weekly talk show about Beverly Hills, 90210. Thanks, as always, to our partners at Fly.io. Over 3 million apps have launched on Fly, and so can you in five minutes. Learn how at Fly.io. Okay, let's talk.
Okay, friends, here are the top 10 launches from Supabase's launch week number 12. Read all the details about this launch at supabase.com slash launch week. Okay, here we go. Number 10, Snaplet is now open source. The company Snaplet is shutting down, but their source code is open.
They're releasing three tools under the MIT license for copying data, seeding databases, and taking database snapshots. Number 9, you can use PG Replicate to copy data, full table copies, and CDC from Postgres to any other data system. Today it supports BigQuery, DuckDB, and MotherDuck with more syncs to be added in the future.
Number 8, Vect2PG, a new CLI utility for migrating data for vector databases to SuperBase or any Postgres instance with PG Vector. You can use it today with Pinecone and QDrant. More will be added in the future. Number seven, the official Supabase extension for VS Code and GitHub Copilot is here. And it's here to make your development with Supabase and VS Code even more delightful.
Number six, official Python support is here. As Supabase has grown, the AI and ML community have just blown up Supabase. And many of these folks are Pythonistas. So Python support expands. Number five, they released log drains so you can export logs generated by your suit-based products to external destinations like Datadog or custom endpoints.
Number four, authorization for real-time broadcast and presence is now public beta. You can now convert a real-time channel into an authorized channel using RLS policies in two steps. Number three, bring your own Auth0, Cognito, or Firebase.
This is actually a few different announcements, support for third-party auth providers, phone-based multi-factor authentication, that's SMS and WhatsApp, and new auth hooks for SMS and email. Number two, build Postgres wrappers with Wasm. They released support for Wasm WebAssembly foreign data wrapper. With this feature, anyone can create an FDW and share it with the Supabase community.
You can build Postgres interfaces to anything on the internet. And number one, Postgres.new. Yes, Postgres.new is an in-browser Postgres with an AI interface. With Postgres.new, you can instantly spin up an unlimited number of Postgres databases that run directly in your browser and soon deploy them to S3. Okay, one more thing. There is now an entire book written about Supabase.
David Lorenz spent a year working on this book, and it's awesome. Level up your Supabase skills and support David and purchase the book. Links are in the show notes. That's it. Super Bass Launch Week number 12 was massive. So much to cover. I hope you enjoyed it. Go to superbass.com slash launchweek. That's S-U-P-B-A-S-E dot com slash launchweek.
We can listen to Change Logging Friends With Adam and Jerry and people you know Change Logging Friends
Well, it's good to catch up with Suze again. Absolutely. You know, it's been years. That's no fun. A couple years. To be years. It's fun to catch up, of course, though. Right? That's the fun part.
Yeah, that's what kind of makes it all right again.
Yeah, I am noticing some familiar background items for you. I think a while back on Twitter you got some, maybe in the last year, I don't know, some requests or questions about your pegboard back there and your desk setup and what you're doing on it. I don't know, it seems familiar to me. Am I catching that wrong? You're not on Twitter anymore though, right?
Or X, whatever you call the platform these days.
Yeah, I'm not really on there anymore. I did chat with Quincy from Free Code Camp, and I promised him I would actually send him a picture for his Instagram or whatever of the background, and then I bloody forgot.
I just reminded you.
But I'll have to get around to it. So yeah, no, you were correct.
How far back was that? Because I recall it didn't seem maybe a year or two ago. I don't know. It seems familiar to me in terms of in my memory, but it doesn't seem like it was yesterday.
I might have actually, so the Quincy, Quincy and I chatted a couple of months ago, but maybe I shared a photo of kind of the initial setup on Twitter and it was probably one of the last tweets I did. So yeah, that's probably it.
Yeah. So how long ago do you think that might've been? A year, year and a half, two years?
Something like that. A year and a half maybe. Yeah. It was one of the first things I set up when I got into this space. So that would add up. It's very important to me.
Okay. It's very important. I do recall questions being asked, popular in terms of what you've done. And I think it was like you made it yourself. I don't know. What's the situation?
The background? Yeah, the pegboard. Oh, yeah. I didn't make the pegboard myself. That's just from Ikea. It's their like SCADIS range. Oh, that's right. S-K-A-D-I-S. I took inspiration from just some other pictures that I'd seen online. including someone I know called Thea. Her setup was really cool. She had the shelves with the pegboard underneath and I just thought that was such a cool look.
So I decided to sort of do my own take on it and then sort of put it into a corner to make it kind of look like you're surrounded by people your lab. Um, and so that was the look that I was after.
And so it, it, I mean, don't get me wrong, even though I didn't make the pegboard myself, it took a really long time and a lot of swearing to get everything up and like stable and like, you know, not actually pulling the walls out while I went along. So yeah, it was great. It was a great experience and it's actually a really versatile space. I've already rearranged it so many times. So.
I think actually when I saw this from you, I was like, what is that? Now I'm remembering you did not make it. So thank you for closing the loop on that. And that it was Ikea and that on Etsy, it's very hackable. Like a lot of people are making 3D printed things for it. Have you begun to like explore the vast world of SCADAS?
Yes, yeah, yeah. I have like a thingiverse like collection where I've just got them all saved and I definitely want to design my own. There's a few things that I want to put on the wall that just they're obviously like a specific product that I have, right, that someone might not have also owned and wanted to put on a SCADAS pegboard.
So, yeah, it's a work in progress as usual, but it's kind of that thing where like it sort of feels like tweaking your – you know, your IDE setup, your code editor. It's like there's only a certain amount of stuff you should really be doing for it before you just move on and actually use the space to make something, you know? And so I see it like that too, not to obsess too much about it.
Now, do you 3D print yourself or do you save these for later when you get the printer? What's your experience with 3D printing?
Yeah, so that's a 3D printer right behind me, the one with all the stuff stuck on it. It's also like my Post-it note board because it's just a big sheet of Perspex. It's got an enclosure on it because it's also a laser cutter and a CNC machine in one, so it kind of needs that enclosure around it. I mean, I've been in the 3D printing scene since, I think, 2009, 2010. Forever, basically.
Yeah, kind of when I got started as like a consumer at home sort of thing. And, you know, I released my own jewelry line, 3D printed jewelry line and all of that. And then since then, it's become much more sort of utilitarian for me. Like I use the 3D printers to solve my problems or to print like enclosures for my electronics products.
projects and stuff like that that's sort of why i also got it because being able to custom make parts is just very satisfying especially if you're interested in certain hobbies that require it what kind of problems are you solving what kind of problems do you have Well, right now I'm working on a silly project as usual.
And so I want to be able to mount that project to the wall actually and have sort of, you know, a little screen on it and some buttons and things like that. And so I can kind of 3D print this sort of plastic interface to hold the rest of the project and to mount it onto the wall. So that would be an example. But then I also do boring stuff like,
I have a set of drawers on my desk and they sort of had little like holes drilled in the drawers and you just put your finger in and pull it out. And it just got really annoying because if you've got stuff in the drawer, like your finger hits it and things like that. So I just ended up printing some draw knobs that work really well for that set of drawers.
And so you wouldn't even know that it was 3D printed. I color matched it exactly and things like that. But there's a lot of invisible things around here that are just really satisfying as well outside of the more exciting stuff.
Always with the funny, weird, offbeat projects going on. So for our listeners' sake who may not know that we've known you, Suze, for many years now, I think we met at OzCon, perhaps.
We did. Yeah, I still have the selfie that we all took together.
Oh, nice.
Yeah, I was really excited.
2018.
Yeah, July. There you go. Was it in Austin?
No, it was in Portland. Portland. Okay.
Yeah. And we had you on the show.
Was I on the show in the expo with you guys? You did a quick recording there. Because I think we'd done a show before, but then that was the first time we'd met in person.
Yeah, that sounds about right. We had you on the show, just cold email style, and then met in person there. And then did another show, maybe just part of a, we call them anthologies, where we just put together a bunch of interviews from a show. And I do recall that. And then after that... I was like, we got to get, we got to hang out with Steve's more often.
So I invited you as a JS Party panelist, right?
That was really fun.
You did something like 40 or so episodes on JS Party for a couple of years.
Yeah.
And we were, so we got to know each other and we were friends through a couple of transitions in your life. And then, I mean, it was Microsoft and then it was Stripe. It was New York and then Seattle or maybe the other way around. You can remind me.
No, you got it right.
Okay, I do.
New York and Seattle.
Yeah, that's right. I guess Microsoft would be Seattle. So yeah, New York, Seattle. I remember Stripe. And then Visa issues. I'm not sure how much you want to go into any of that, but you're obviously from Australia. Anyways, we didn't talk for a couple of years.
Jeez, Jared. Yeah, right.
And then I emailed you like, let's catch up. And then I realized you haven't talked... publicly online very much in the last couple of years. Not Twitter, your Twitch stream, which was one of the things that made you most well-known. Doesn't look like you've streamed for a while unless you have a new Twitch account. And now you're back in Australia. So as much as you're willing, tell us the story.
What's the last couple of years been like for you?
It's interesting you say that because it's sort of like someone else narrating their interpretation of it. It's actually really interesting. It's not inaccurate.
It's just like me putting it together from what I can gather. I have no idea what happened.
Yeah, I know. And it almost feels like... My goal, the goal I set out to achieve was actually successful based on what you said. Yeah, I don't know. So, you know, we all went through something pretty big, which was the pandemic, right? And I think I stopped doing JS Party around then, like 2020. And I actually really miss it a lot.
But yeah, we talked about sort of why I stepped away for a little bit off the record. And so since then, honestly, it's been kind of hectic. I was just having, you know, running into so many immigration issues and with the pandemic and the previous administration, everything just got really difficult to stay in the US.
And I found myself with fewer and fewer reasons to stay in the US and more and more reasons to just come back like home, which is where I consider my cultural home to be, which is Australia, right? And... Yeah, there were just a bunch of goals that I wanted to achieve that I couldn't unless I had some kind of permanent residency or citizenship in where I was living. Right.
It was really just a paperwork thing as well as obviously a cultural decision. And so, yeah, there were just things I wanted to do. I couldn't do them. I got sick of putting my life on pause. So I started taking a step back very gradually. So I stopped streaming online.
Around the time I decided that I was going to spend the next year sort of trying to find my way back to Australia, but sort of established myself in a smart, grown-up way where I'm, you know, obviously being able to do things properly and, you know, in the least stressful way possible. So I started pulling back more and more. I was going through...
college at the time too and that was taking up a lot of my time and it was actually something that I was really interested in and having a great time with so I also wanted to step away from Twitch just to give myself a bit more time to study and things like that so yeah so over that next year which would be from 2021 to 2022 because I think I gave up streaming in 2021 like May I bought a house.
I graduated with my first ever degree in my life, a bachelor degree in cybersecurity. I found myself a job that I could work remotely here that was based in the United States, you know, sort of like just planned everything, planned my exit. Because once you've lived in a country for more than a decade, you do have a lot of roots, right?
There's a lot of bank accounts and all these other things that you have to deal with, right, and taxes and planning. That kind of thing. And so I just did a lot of administrative stuff behind the scenes and packed all my stuff up, put it on a boat and all of that. So it was just a very tumultuous year, but I managed to move back here in the middle of 2022.
And since then, honestly, I've just been so busy reestablishing myself that... I haven't really wanted to be in the public eye while doing that, public eye, so to speak. So just been taking some time for myself and to reflect because this is a pretty big life change for me too, right? So I just wanted to be able to do it in reasonable privacy and have some space to do it. Yeah.
Yeah. Sounds like you did it though. It succeeded.
Yeah. It's been two years now. So I think I've been able to reflect back. I think it was a really tough two years, but I'm sort of settling into a good place and feel like it was a good decision in the end. But yeah, just, you sort of have to trust the process, I guess. So yeah. Trust the system.
What was the hardest part to step away from? It seems like maybe your Twitch stream because there was a lot of people that just loved to hang out with you every week. That stream, which I watched it a few times over the years, was very intimate and seemed like there was a lot of friends there. They probably missed you when you decided to stop.
It was really nice, actually. That was hard to step away. It was an easy decision for me to make just because I'd been doing it for five years. I didn't start the stream to become famous or to make lots of money or to get attention or anything like that.
I really did start the stream because I wanted to connect with people and sort of show them what it's like to work on open source and show them that JavaScript hardware is really not that difficult. You're still writing JavaScript. It's just a slightly different context. So it wasn't...
I have struck up some really lovely friendships with my mods and with a lot of the people that were contributing to the repos that I was sort of reviewing on, on stream and everyone, I just had such an amazing experience with it over five years, but it just felt like it was time to step away. So it was an easy decision, but obviously I miss that weekly community, right?
It was just really fun to have everyone in the chat, but it sort of wasn't something that I was relying on constantly. as an outlet, you know, to like seek approval or, you know, compliments or anything like that. So it just felt like it got to a point where it was too popular for me, to be honest.
It's not as if I was like the people that get millions of viewers, you know, in esports, but 300 people on a Sunday morning is a lot to handle, especially for my mods too. And I would say that that was just too successful for me. It's just, it broke outside of the tiny community that I would have been happier with. And we were getting less and less productive as a result too.
And I don't know, it just, it bothered me a lot. I was starting to lose a lot of privacy and I was just starting to feel that it wasn't really, I wasn't really streaming for myself anymore. I was streaming because there was an expectation too. That got really serious really quickly. I'm sorry.
But like, it just, I had such a nice time, but it, after five years, it really just felt like, you know, I just, I think that I go through a lot of change as a person and I think I was just ready to, you know, pull back a little bit.
It's hard to show up whenever you feel like you have to show up, not when you want to show up for the right reasons or even if you want to, but you feel like you have to perform versus just create and explore. We're seeing that on YouTube over time.
There's lots of cycles where long-time YouTubers will step away because they feel like they have to serve the algorithm, not their creative selves or their audiences sort of like
have an expectation and they will publish something or put something out that is like off from center from what their normal content is like hey can you get back to talking about this thing that I expect you to come on monkey dance you know kind of put the quarter in kind of thing and that's kind of bad when it comes to Because you kind of – it's kind of a double-edged sword, right?
You get out there and you do your thing and then it's like, well, you're kind of popular or you have some version of popularity. And that just kind of like compounds and morphs and grows. And some people like us, Jared and I, grow into a business and we're fortunate and we show up and we like doing it. And I think there's a part of our job even, Jared, that is chore and also very much love.
And that kind of comes with anything. At some point it becomes toil, right? How do you stay in the game and love the game and kind of keep that privacy that you want to when you're famous? Or at least internet famous.
Yeah, I know like famous is kind of this very highly contextual thing and like what we're talking about is we're all nerds and there's like we have X amount of nerds who want to interact, right, or like watch your stuff or listen to your stuff.
So I think you two are very well poised to talk about this again and like because you do so many of these recordings too, I can imagine there are days where you're just like I just don't want to show up. I just don't want to do this at all. But it is really rude when you have people expecting you to conform in a certain way. You know, it's like that monkey dance sort of thing.
And I think that where I was really fortunate was that because I didn't rely on it for my livelihood and, again, like I wasn't doing it for, you know, to feel like I was worthy or that I was, like, cool or anything. Yeah. it was just so easy for me to step away because, you know, as soon as it's not fulfilling in the intrinsic way for me, it was just way easier for me to walk away.
And so I think I'm thankful for that, but I think people didn't really understand at the time why I did it, because I think a lot of people aspire to be popular or famous or have people say really nice things about them and, and follow them online. And I've never given a, I've just never cared about Twitter followers or amount of followers or amount of this, blah, blah, blah. And so,
And I think that some people project those values on you because they have them and they look up to you and see you as having achieved something they want to achieve. That also made me feel uncomfortable too.
And so it is a lot easier to walk away when, you know, you compare it to YouTubers who are doing it full time and they need people to watch to make the money, you know, from the advertising and things like that. And so I think that's a really hard place to be in. But, you know, it's not something that I super relate to just because, yeah, like I can kind of do what I want, if that makes sense.
Why didn't you start it? What was your internal intrinsic motivation to begin with?
It's sort of what I said before, which was like I saw my friend Nolan Lawson to do a stream of him maintaining PatchDB. Remember when the offline sort of stuff started coming up in local first and all of that. Like I have open source libraries that I maintain, but like really small, you know, like just very small activity on them because they're very niche.
Whereas, you know, PatchDB was something that was being used by a lot of large companies, but also small startups and individuals. And so watching Nolan just... you know, maintain open source in his way and go through the issues and triage them and like bug squash and stuff. Just thought it was so interesting because it was a totally different open source experience that, you know, to me.
And I was like, that's so cool. And I remember thinking maybe this would take a lot of the fear out of, like, I just, I was already doing public speaking and I was already finding that people were putting me on a pedestal and I absolutely cannot stand that because I think that it's very self-defeating. And if you want to do things right,
you should just do them and you shouldn't let others you look up to make you feel like you're not good enough to do it and things like that. And so I already didn't like the reaction and the way I was being treated by others just because I was up there at certain conferences giving talks. And so I thought, I'm just going to show people that I'm just literally like everyone else. I sit and
my code editor and I stumble and I do typos. And also again, it's, you know, the JavaScript hardware stuff seems intimidating, but at the end of the day, it's writing in the same language that, you know, you write in for your job. If you're a front end developer or full stack, you know, sort of, Node.js web developer.
So yeah, it was really just demystifying stuff because I benefited so much from Nolan's stream that one time. I was like, geez, this is fascinating. And I just really wanted to help dispel a lot of that. And then ironically, I ended up even more on a pedestal for my stream, which you can see now why it was so frustrating for me where I was like, cool, that just made everything worse.
And I can't control how people are going to treat me right. And that was a lesson that I learned. You can't control the narrative in that way. You're just not going to be able to.
Yeah. There's a weird psychological thing. Maybe, Adam, you know more about this than I do from your brain science studies. But there's something about confidence that comes from not caring that actually refeeds the same loop, even with attraction. Where it's like the person who's not desperate ends up being more attractive to other people because of that mere fact that they aren't.
And so there's something about that with, I think, confidence as well, where it's like the fact that you weren't there for these ulterior motives is actually even cooler than than if you were. And it's like that feeds back into the coolness factor. You guys understand what I'm saying here? I don't know how to describe it very well, but there's something to that, isn't there, Adam?
I'm just not sure if confidence is the right word.
I'm not either.
I'm just talking.
I'm not very confident about this. So this might blow your mind, but I learned this recently. The confidence is memory of past success. So you have confidence and you move with confidence, I suppose, to use the word in the description or the definition. You can't do that. It's illegal. It's illegal, right? Yeah, it's illegal. Confidence essentially is memory of past success.
And so I'm not sure that translates, if that's true, if that translates like that. But maybe self-assurance. I think that when you're secure as a person, secure in who you are, secure in who you want to be, your identity is intact. You're not wayward with who am I, what am I, why am I. I think it's a little bit easier to be more steadfast and strong in those regards. Right.
And that is an attractive trait, obviously, or traits.
Right. I think self-assurance is a good way of describing it. And I think that it does take that in order to go live on the internet and code in front of strangers. I mean, you have to have some self-assurance because they're going to be watching near every move, right, Suze? I mean...
The fact that you're okay with just making mistakes in front of people requires a certain level of self-confidence. Ah, not confidence, I guess. It's okay. I'm still going to stick with it. I think it's self-confidence. It works. It's challenging as well. Yeah. It's a podcast. That a lot of people don't have. I mean, or you have to build it. Even your...
What about your keynote speaking, like speaking in public and stuff? Are those things that require practice, nerves, like all that kind of stuff?
Or do you have similar lack of fear in that area? I thought I'd call it a story. Suze, did you tell us a story about a speaking engagement? Was it private that you told us the story? Or is I'm remembering the wrong person? I feel like you told us a story. You were nervous when speaking. Does this ring a bell to you?
No. I mean, I get nervous when I'm speaking. I just don't think I told you this story. I'm not being, I'm not just like, no, I don't care.
Yeah. Like, no, I don't get nervous.
Maybe. I mean, so I was really nervous when I gave that keynote at OzCon, the same OzCon I met you to, because they were, they said you have eight minutes. And then I came up with something super ambitious as usual, because to me, that was a pretty big opportunity.
to give one of the opening keynotes at OzCon and I wanted to and you know somebody had recommended me so I also was like oh my god their reputation is at stake you know and so I took it extra seriously I take all my talks seriously but I took that one extra seriously and you can see in the video like my hands are just like this because you know they had to zoom in it was like was it live coding or was it scripted I remember there was a demo was it live coding
It was live coding and it was semi-scripted. So I had like almost like a dice roll thing where I rolled the dice and it chose like a sensor and then like some kind of output, like a motor or a screen or something. And then I had to come up with an idea in between. And to be honest, it wasn't super planned.
I just knew that I'd be able to remember how to interface with every single device that I'd brought along with me. Right. And so it really was actually unplanned. And the the two things that I ended up rolling were actually random. I remember re-rolling just because the first one I was like, I just, I'm not feeling that one, but you know, the second one I ended up choosing.
So it was semi-scripted in that there was some constraints there, right. But I really had to do it on the spot. But the point was, I was trying to prove that again in eight minutes, um, if you know a little bit of JavaScript, it's really not that hard to take some, a sense of value and then like, you know, do something fun with it on the other side of it.
Um, but I think I ended up accidentally intimidating people more because they focus more on the fact that I was able to achieve it. And so I was like, but I was really nervous actually for that particular talk because it, it eight minutes and there were, you know, a thousand people in the audience there for the keynote. That was my biggest audience as well. I'm sorry.
I'm going to put this on my camera. Check this out.
Yeah, that was it. Oh, my God. You can hear it in my voice and everything. It's only because I was there with a camera.
I was really into photography then. Oh, you took that picture, Adam, huh? I took this photo. Yeah. Nice.
Yeah, that was it.
We can include this as chapter two if you like, Jared.
I think we actually talked to you shortly after that. I think you had just come off the keynote.
Almost directly after.
You were decompressing live in front of us. It was awesome.
It was a lot.
Because you were so wound up for it. There's something about that moment when you're done where it's like, everything's better, you know?
That's how I feel. It's funny because I always go into a hole afterwards, actually. I think that when the adrenaline washes off, some people feel that kind of relaxation and euphoria that they've done. And for me, I sort of go into a hole. And I think I'm not great at compliments. And so I got a lot of compliments and accolades as soon as I walked off the stage. People were sending me crypto.
as well like crypto micropayments and stuff it was just so weird and so see people kept stopping me on the floor and saying you know i want you to do more they're gonna put put some money in the in the coin slot see it's how it's how it works i was getting tipped on some platform where you can tip people and like a lot of it was crypto so it was really nice with people but i was getting this thing like great talk at oscon i'm like uh where is this coming from
And so again, when I got off the stage and people were like, I could never do that. That's when again, I was like, I failed. You know, I ended up just being a show off instead of being accessible. And so I fell into a hole about it because I felt that the attention that I got was unwarranted for the message I was trying to put out. So I just never learned that lesson apparently.
But I also just cared so much about creating. You know how when you go to the keynotes and a lot of them are sponsored and they're just like, oh, my God, like you're just waiting for them to finish. And I just didn't want to be that keynote, even though technically I did have to mention the sponsor, which was, you know, the company I was working for and everything.
But I was like, I just don't want it to feel like one of those really sterile, very clean, you know, keynotes that are just very constrained in what people are allowed to say. It's just doing the audience a disservice, right? I wanted to get them pumped up for the conference.
Yeah. How did you end up mentioning the sponsor or the brand you worked for at the time?
Yeah, so I think I had the easy setting working at Microsoft because you can basically choose almost anything as long as it's a Microsoft product. And so I was using VS Code, which at the time was almost like a cheat code for being able to get it in there. But I also think that I was...
mentioning something else that I was using, one of the workbench tool sets or something that was particularly good for Arduino that Microsoft put out at the time. And I think I also recommended another platform they have called MakeCode, which was this really cool in-browser IDE for interacting with some of their hardware pieces too. So I think I made mention of that at the end.
If people are feeling intimidated, that's actually a really good way to get started.
You gotta hate it when a successful keynote backfires, you know?
It sounds so ungrateful, doesn't it?
All you get is compliments and crypto.
It sounds so ungrateful, but I think that it's good to talk about this because it does explain why I sort of seemingly disappeared. I just don't think it's for me. Again, I never really sought the attention side of it and it just bothers me a lot because I am quite introverted and also I want people to focus on my work and not me. And I think that's where I also struggled too.
I was like, no, so I'm trying to show you this thing and you keep putting the attention back on me. And it just, I wasn't having the conversations with people afterwards that I wanted to be having. And so I felt kind of lonely and frustrated as well. And again, I think it's a huge privilege to be a public figure and you don't sort of feed off the attention.
And I didn't do it because I was sort of trying to fill that sort of void for myself. But at the same time, Yeah, it sort of made me feel very ungrateful for it because I know a lot of people would kill to be in my position and I just sort of, in their opinion, I might have thrown everything away. So, yeah, it's interesting.
Yeah.
I'm very grateful, obviously, for a lot of the doors that open as a result of me doing this. I want to make that very clear. And just the fact that I talked on ChangeLog years ago, that was because of the public work I was doing. So it's opened a lot of doors. Yeah, it's really helped me in my career. But I think they were just kind of surprising side effects for me at the time.
So it's sort of hard to, sometimes it's hard to really reflect on that as much as I should be. Yeah.
So given that, if you don't care for the attention put on you when you put yourself out there and your ideas, what is your perfect world in terms of when you show up to the world and you do what you do, what would the better or more preferred reaction be?
I think people coming up to engage about the technical parts of what I talked about, more just technical discourse. I don't know. I'm such a nerd. I just want to talk about that. And so like I caught up with someone recently who I hadn't seen in like 16 years. We used to teach together at the community college.
And I met up with him and we went for lunch and he was just like, what are you working on? And I told him about, you know, one of the projects I was doing. And I also told him about another hobby I've picked up, which tends to get a lot of questions very quickly and people going, that's so awesome. You're amazing. You know, and they focus on me again, but he was focusing on the tech stuff and
And he immediately started asking me technical questions about the project I was working on. And I wanted that because I wanted somebody to sort of like ask questions from their perspective, which will help me either improve the project or just talk things out, you know, almost like a rubber duck kind of way and just like nerd out with each other.
And so I think my idea would be just me having a, just going back to the early two thousands, like having a blog, like I used to have back then too, um, And publishing a project and like 99.9% of the online population does not care about it, but you get like, you know, two or three people that are like, this is awesome.
And like, can I send you this link to this other person who's done this thing that reminds me of your project? And like, I have some questions or I think you could improve it with this. That's the only discourse I really want. I want it to be about the works and about people helping each other change and improve and push things a bit further and not be about the personalities.
I think that's just what I want.
What's up friends. I'm here with a new friend I made over at Speakeasy founding engineer, George Hadar. Speakeasy is the complete platform for great API developer experience. They help you produce SDKs, Terraform providers, docs, and more. George, take me on a journey through this process.
Help me understand exactly what it takes to generate an SDK for an API at the quality level required for good user experience, good dev experience.
The reality is the larger your API becomes, the more you'll want to support users that want to use your API. And to do that, your instinct will be to ship a library, a package, and what we've been calling an SDK. There's a lot of effort involved in taking an API that lives in the world and creating a piece of software that can talk to that API.
Building SDKs by hand is a significant investment and a lot of large companies might pour a lot of money into that effort to create something that's like approaches good developer experience. And then another group of a more growing group of companies will rely on tooling like code generators.
And so they're very interested in, like, once you make the decision to use a code generator, you're kind of forfeiting some of your own opinions and what you think a good developer experience is because you're going to delegate that to a code generator to give you an SDK that you think users will enjoy using.
Okay. Go to speakeasy.com. Build APIs your users love. Robust SDKs. Enterprise-grade APIs. Crafted in minutes. Go to speakeasy.com. Once again, speakeasy.com.
Have you ever considered going anonymous?
Yeah.
Yeah.
I, I'm actually, I'm not close to my bookshelf. I think actually we talked about weird stuff like dead man switches and things like at Oscon. I'm not near my bookshelf right now in my living room, but I have, um, I forget the title of the book, but it's quite well known. It's something like how to completely disappear or something like that. Um, I forget what it's actually called.
I've thought about it a lot. I do have an anonymous pseudonym online and I do have the domain name for it. And I do have like, I got an artist to actually draw sort of like the character and everything. So yes, it's, it is a thing and it's something that I've thought about for a long time.
And I think that's what I'd like to do with certain projects just so that, you know, it's kind of like, you know, when famous authors do like a pen name or whatever, they have like a different name because they want to release the book but not have it be received with their infamy. I think it's very similar for me.
So we were talking with Chris Wanstroth a couple weeks ago, founder of GitHub, one of the founders. And obviously after GitHub sold to Microsoft, he took his money and went home and took some well-earned rest time. And during that time, he got eventually bored of
playing video games and stuff, and he got back into coding, but he didn't want anybody to know that it was him because everyone's going to treat him differently, especially on github.com being defunct, right? You're not going to just treat him like a regular person. And so he went and just created an anonymous handle, and he was contributing to people's projects for a long time.
as this just rando person that likes open source. And I think he had a lot of success with that. Eventually he said he pulled the mask off to a few folks who like he became friends with eventually that he was like longtime contributors to their project that became friends. And then he would tell them who he actually is, but he had a lot of success with that.
And I think that that's one way that you can get what you want. If what you want is like focus on the work, focus on the technical, focus on maybe my thoughts, my words, and not so much on my person, you know?
Yeah, 100% agree with that. And yeah, I feel like I'm on a very similar wavelength to him. Oh, the book, by the way, is called Extreme Privacy.
Okay.
And then the byline is something like how to disappear or whatever.
You could be like the Banksy of the programming scene.
But that's the thing. But now he has infamy, right? And people are going to find out who he is.
Right. You just can't ever pull the mask off. That's all.
I just have to do really lackluster projects as well.
Yeah, you just have to suck more, you know? Just don't be good.
Sorry for my spit tape. That was so gross.
It's wild to hear this because so many people, I don't really know why, I suppose, or what is drawing folks to this desire. But a lot of young kids, like I have young kids, and so I'm seeing them grow up and I'm seeing the friends that they are making and friends that I'd like them to make less friends with. And I just see their influences. And they're younger. They're not like in their teens.
They're younger than teens. And I have an older daughter, too, and so she's in her 20s. And I'm seeing this shift between different folks. For a while, their people want to be YouTubers. They want to be Instagrammers or whatever this thing is. They want, for some reason, this spotlight. Even at a young age, and I'm not really sure what exactly it is that attracts them there.
I suppose it's the opportunity of various influence. But I think even at a young age, I couldn't imagine having influence in my 20s. If I was influential in my 20s, like, wow, the world would suck a whole lot more or less or more. It would suck more. Yeah. Then it already does. It would not have been a positive thing for me to have any sort of primary influence on the world in my 20s. Right.
It's so strange that people seem to chase some version of fame or influence. And that's wild.
I don't find it strange. I mean, I think it's... Pretty common, right? Strangely common. The desire for fame and fortune is deep down inside of us, isn't it?
I suppose, but it seems like it's a cultural norm where it's dramatically more than there was. Let me think of when I was a kid. Let me show some of my cards. I desperately wanted to be a ninja when I was growing up as a kid, right? And I think that's maybe a character. I wasn't seeking fame. Now, I can also say that for a long time there, I said I wanted to be a corporate lawyer.
And the only reason was because I thought I could be rich. And I didn't know any better. I was young. Because you're a really good storyteller, right? Something like that. But other than that, I was not interested in like...
Being famous. Were there any heartthrobs, Adam, when you were growing up and you thought, I would love to be like him? For instance, I can say, when I was young, I have an older sister, three years older, and she had friends. And so, of course, younger boy, older sister, sister's friends, very stereotypical, right? And they were very much into New Kids on the Block. This was like 1990. For sure.
So I was eight, nine, ten years old. And specifically, was it Donnie Wahlberg? I don't know. I can't remember who the Naked Kids on the Block were. But they were heartthrobs. They'd walk into a room and all the women would scream. And then they'd have all this money and these cars and everything. And it's like, I wanted to be that guy. I don't think that's abnormal.
Did you have anything like that? Or you just wanted to be a corporate lawyer ninja?
Yeah. Corporate lawyer ninja all the way. I think I'll answer your question, but I think what I'm driving towards is a little different. Okay. And I don't disagree with what you're saying necessarily, but I'll share the story because this is fun. This is fun stuff. This is fun. Susie, you having fun over there?
I'm very excited about this story, actually.
90210.
Okay, so you wanted to be Matthew Perry. No, not Matthew Perry. That's from Friends. Well, either. I guess so much either. But Jason Priestley, I was like, if I could be that.
Jason Priestley, that's his name, yes. If I could be him, my life is solved. Because of the sideburns.
Sure. The wavy hair. I don't know. All of it. California. All of it. Yeah. You know, pick a... They were very cool.
They were extremely cool. They were very cool.
They were cool. And what an interesting TV show. What an interesting premise to even reflect on mentally right now. But I think what I'm talking about is different than that. And maybe it's different, but kind of the same. And I think what I mean by that is that it seems like kids are really into Jordans. There's like shows about Jordans, like, you know, pawn shops, getting them people.
Yeah.
Like, you know, that's always been a thing. Jordans have been a thing, but I think there's a lot of people trying to show off the things they do on the internet, primarily on YouTube, everything from really cool Lego building, which is like super admirable, very engineering focused, a lot of opportunity if you chase it. to Lego cooking. Who watches Lego cooking? Lego cooking? Lego cooking.
Never even heard of it. Suze, tell me. You're with me on this.
I'm sorry. I've never heard of this.
Oh gosh. Okay. So do you cook Legos? No. When you go and you find out Lego cooking, you're going to be like, oh yeah, this is the coolest. It is stop motion film. The person cooks. It's just stop motion film. It's very artistry.
Okay.
And they make everything. So they take a hatchet and cut something and it's Lego inside. Like it's all Lego. Everything's Lego. Everything's Lego.
Okay.
So that's cool. Stop motion video. I love it. I just feel like all this stuff in this media is getting people to want to – they see the people they look up to be famous through platforms. Right. And so it's obvious, like 90210, Jason Priestley. Although I didn't want to drive a Corvette and I didn't want to be any of those people. But I was like, if I could do that, I would have arrived.
Suze, who did you want to be when you were a little kid?
Did you have any – Yeah, it's a really good question. I don't really remember. I'm sure I had them.
Yeah.
mostly so i was very unpopular in high school so any female pop star i just wanted to be as attractive as them more than anything because you know i think that everyone i think latches on when they're young to what their model of power is right and so you know i think these days having a youtube channel making lots of money and then being able to have the freedom to do what you want with that money that's power right um
And so for me, I was, you know, when you grow up as a cisgender woman, you are told that your power is in your looks. So I don't know if I looked up to anyone specifically and wanted to be them. But I remember just thinking, like, I would probably not be treated as poorly as I was if... you know, if I looked more like Britney Spears or something like that. Yeah.
So, sorry, that was a very disappointing answer, but I just, honestly, I don't remember if I, if there was anyone who I wanted to be.
That's fair. What did you say? Something of power. Remind me of the phrase you said.
I just think that everyone has their own idea of what would give them power and how to actually get there. And I think power is a lot of different things, right? It's the ability to influence and, So, yeah, like I just think that people latch onto a certain form of power that they want and they think that they have a chance of sort of being able to acquire.
But yeah, I think, you know, when you're a teenager, you. You're not quite moved out. You're not quite, you know, a kid anymore. And you're trying to have more control over your life and you're trying to establish your identity and things like that. And I think that's a very influential time and formative time.
And I think that's where you sort of really start thinking about power in a grown-up way as well and how to acquire that power. Yeah.
I'm glad you mentioned that because I think that's spot on because I think you may have answered my question, which is what is the reason why? I don't really think it's super strange behavior, Jared, to want to be famous, but I think it's kind of strange that it's so it's so pervasive. It's so out there for everyone. It seems at least and I could be just being hyperbole.
But I think you're right, Suze, that when you're especially when you're younger.
teens 10 to 16 you're trying to assert yourself you're trying to assert your any version of dominance regardless of gender you're trying to showcase that you can control situations or be in control of your own life and your own destiny and you're trying to direct things and I think that that probably is a reason is like well if I have this then I have I have power to assert my beliefs my ideas control over my future etc and
I think we just see it more now because it's so easy to put yourself out there. Whereas you go back to when we were children and those people who wanted to be famous, well, they had to go move to Los Angeles and wait tables while they did all these tryouts and stuff. And their failures weren't public. They happened, but we didn't see them. Or their desires to be that thing, nobody knew.
that I wanted to be Donnie Wahlberg or whatever his name was. I actually More than that, I remember being like, man, girls like the New Kids on the Block. I wish I was one of them. That was a fleeting moment. But my desire was more to be a professional athlete, which is another route to all the exact same things.
And so I wanted to be either Michael Jordan or Ken Griffey Jr., so baseball or basketball. Those are actually guys that I really wanted to be. Same with Ken Griffey. Whereas a passing fancy was like, oh, I'd love to be a famous singer. But I actually was like, if I could be Ken Griffey Jr. and do what he did, that would be a great life.
And so I actually put effort into that kind of stuff for a while. I don't know. I just feel like we see it more. I think it's more tangible to how easy it is. I mean, it's hard, but it's also easier now. I mean, there's more.
It's more accessible, I think. Yeah. I think it feels more achievable. Like you cannot be what you cannot see. And I think if you see regular people, even Justin Bieber and Billie Eilish, right? Oh, they had a SoundCloud or whatever. Right. That's how they blew up. I think that that story now just feels much more accessible than the moving to LA thing. I think you've got something there.
Should I close the loop for you, Jared, on the names of all the NKOTBs? Yes, please do. Jordan Knight, Jonathan Knight. Yes, brothers. Joey McIntyre. Okay, the baby face. That's right. There's always a baby face in these boy bands, right? Yeah, there's the bad guy. Donnie Wahlberg may have been the bad guy. Yeah, I think Donnie was. And then Danny Wood.
Now, when I say... What does that make you think of? Hangin' Tough, right? Hangin' Tough. There you go. Yeah.
Suze, do you remember New Kids on the Block? Were you around?
I do, but I'm a tiny bit younger than you. So I do. It was more... NSYNC. Yeah, Backstreet Boys, NSYNC. Yeah. What is it? 98 degrees, 90 something degrees. Oh, yeah. 98 degrees. Blue. Do you remember blues? The UK guy?
I'm blue. Did I die?
No, no, no, not I-465. There was a UK group called Blue. But anyway, but I do remember like Wham as well. And like, so I'm an 80s girl. So I do remember a lot of that stuff. It's just by the time I was sort of at that impressionable sort of, you know, like tween stage, it was Backstreet Boys and things like that.
That was actually more my timing as well. It was my older sister that was new kids on the block. So I just, I think I was more, I had them at a younger age, but yes, in my formative years, it was NSYNC and Backstreet Boys. And by then I didn't want to, I didn't look up to those guys. I was just kind of annoyed by them. Although there is some talent there. But thanks for closing the loop, Adam.
Now, please move us to a new loop before we start singing again.
Yeah, I'm not going to sing again. I just had to say that. I hummed, basically. It was not a sing. Hey, friends. I'm here with Todd Kaufman, CEO of Test Double. You may know Test Double from a friend of the show, Justin Searles. So, Todd, on the homepage for Test Double, you say, Great software is made by great teams. We build both.
That's a bold statement. Yes, we often are brought in to help clients by adding capacity to their teams or maybe solving a technical problem that they were, you know, didn't have the experience to solve. But we feel like we want to set up our clients for future success and the computers just do what we tell them. So, well, at least for now.
We try to work with our client teams to make sure that they're in a great state, that they have clarity and expectations, healthy development practices, lean processes that allow them to really deliver value into production really quickly. So we started a lot of our engagements by just adding capacity or technical know-how.
We end a lot of our engagements by really setting up client teams for success. Very cool, Todd. I love it.
So, listeners, this is why Edward Kim, co-founder and head of technology at Gusto, says, quote, give Test Double your hardest problems to solve, end quote. Find out more about Test Double's software investment problem solvers at testdouble.com. That's testdouble.com, T-E-S-T-D-O-U-B-L-E.com. And I'm here with Farash Abugadije, founder and CEO of Socket, socket.dev.
So Farash, you put out this fire post recently on X. And I'm going to paraphrase. You say the XZ package backdoor was just the tip of the iceberg. Give me just a peek behind the scenes of this incident and what you mean by it's just the tip of the iceberg.
Yeah, so I think the XZutils backdoor was really eye-opening to a lot of developers. It showed the vulnerability of the open-source ecosystem. You had this maintainer who had been tirelessly maintaining this package for 15 years, who was targeted by nation-state actors. who created like literally, it's like a spy movie, right?
They had multiple personas, fake personas that were contacting this poor maintainer and working on him psychologically to convince him over the course of two years to add them to the repository and give them publish permissions. And they did this through a bunch of kind of negative messages, but also by being helpful and by sending good positive pull requests.
And what they were able to do is get access to this package. This is built into pretty much every Linux server out there. And what this would have let them do is it would let them SSH into any server and run any command without knowing the password, without being authenticated to the server. So this would have been like a world ending, potentially kind of an attack, right?
It would have been probably the worst attack we've ever seen. I'm not exaggerating. It could have been that bad. But we were lucky. Through a total accident, this backdoor dependency had made it into the beta builds of some popular Linux distros. And a developer who was testing out the beta versions of these Linux distros noticed some weird behavior.
He noticed that his SSH connection was taking half a second too long. And so he he pulled the thread and traced it back to this this backdoor dependency. And we were we were all saved because of this total accident. It's mind blowing to me in a couple for a couple of reasons.
Like one, obviously, like, wow, there's there's there's literally states out there, countries that are that are trying to target open source now. Clearly, there's like a team behind this. They probably didn't just work on this one dependency. They were probably working on getting access to many other ones in parallel.
If you just look at the time between the emails they sent to the maintainer, they were about a month between some of these emails. So they were probably working on other maintainers and trying to get access during that time. So that's really scary. I also think it's pretty scary to see kind of the fact that it took an accident to find the attack.
It makes me think like how many have we not caught as a community? How many have we missed if this one was caught by a total accident? It was eye-opening to a lot of people and it made people realize that there really is a threat in the open source ecosystem. And it's not because most people are bad, it's the opposite.
Most people are good, but there are few bad actors out there taking advantage of the trust in the system. That's really where we come in. We're trying to give every company the tools to protect themselves from those types of attacks. And that's what we do at Socket.
Okay, friends, go to socket.dev. Security dependencies. Socket is on the front lines of securing the open source ecosystem. They're a developer-first security platform that protects your code from both vulnerable and malicious dependencies. Install the GitHub app or book a demo. Again, socket.dev. That's S-O-C-K-E-T dot dev. What is on your mind?
What is it that's got your attention in terms of technical prowess, exploratory? Are you playing with hardware still yet? I did not catch your conversation with Quincy yet, but I'm understanding that you're now a white hat hacker and the NSA sent you a fidget spinner? Yeah. Without sharing the whole entire podcast. Now that's cool. Hold on. Yeah. Let's stop right there and talk about that.
Well, without sharing, I mean, you can go probably listen to the conversation with Quincy, but like without like literally copying what was there, what are you into?
Yeah, so I was a little bit just like, that was such a tongue-in-cheek moment in the podcast that I didn't realize it was going to become like this big thing and part of the title and everything. No, honestly, I went through the bachelor degree to get my cybersecurity diploma and mostly because I just wanted like a curated curriculum, right?
Because I tried to learn cybersecurity before that and it was just, it's so broad and so deep, you know, it felt like, Yeah, it just felt like sort of starting again. And so I went through that degree program, just really, really enjoyed it, to be honest.
And through that, you know, through the Cybersecurity Club at the college I was at, you know, I got exposed to the Capture the Flag competitions, which are like hackathons, but instead you're actually hacking, right? So they're giving you puzzles to solve and boxes to hack into and stuff. you know, across all the different disciplines of cybersecurity. And so I was just really enjoying that.
Right. I've always been very interested in not just front end development, which is how we met, but like just everything to do with tech. I just love learning new things and I love Being able to sort of like I have the breadth now over the years, but I love being able to choose something and go, I'm going to go super deep for a bit and then sort of come out and then look for something else.
And cybersecurity was sort of the most recent deep dive for me. And just I still really, really enjoy it. And then I landed a job at a cybersecurity company right as I was graduating, which was just dumb luck. And, you know, because I was putting... a lot of my certifications and CTF results and stuff on LinkedIn. And I think that got a recruiter's attention.
So yeah, that's sort of how that conversation with Quincy came about. It was just something that I'd been into and I'm still actually pursuing that in my spare time, pursuing cybersecurity projects and learnings and deep dives and stuff like that.
How do you cybersecurity?
What do you mean?
Exactly. How do you cybersecurity? Like what exactly is cybersecurity? If it's so broad, I'm also sort of mesmerized and also enamored by the, you know, the idea of hacking things were being aware there's a box over there and there's some sort of vulnerability. I've got to find it. And there is a way in. But it's up to me to find the 10 or 15 or hundreds of ways you could get in.
That to me is interesting. I'm not pursuing a person, but it's it's very there's a lure there for me.
Yeah, I think that's what the lure is for almost everyone getting into cybersecurity. It's that intrigue. And it's kind of getting to feel like the bad guy without being arrested and put in prison, I guess. Right. Yeah. I mean, honestly, a lot of people just say the same thing as what you'd tell to somebody who wants to learn to code, right? Just jump in, just get going, like find some resources.
There's so many resources online.
Kali Linux, right? Spin up a VM of Kali Linux or install that.
Yeah, Kali Linux, spin up a bunch of VMs, blah, blah, blah. Yeah, exactly. It's not difficult to get started. It's just that It's the same thing when you start anything, you don't know what you don't know. And you can just feel lost. You're just like, there's all these different directions I could go in. It's exactly the same as someone learning how to code.
It's just a slightly different technical discipline, I guess. But yeah, there's a lot of appeal in just having a go at these CTFs because it is really, it is a really fun puzzle. It's like an escape room, essentially kind of vibe. Like if you really enjoy escape rooms, obviously you'll really enjoy cybersecurity as well.
Did you enjoy the movie escape room?
I haven't actually seen it. I've seen Panic Room, but I haven't seen Escape Room. Oh, Jodie Foster? It might get you.
I've not seen Escape Room either. It might get you. What about Mr. Robot?
That's too intense for me. I like occasionally I come around to the idea of I'm going to watch it, but I'm very sensitive as a person. And so I actually get my friends to pre-vet most of the shows that I watch because they're like, is this, is this something Suze can watch or not? Because if it's a bit too full on, I either can't sleep or it's just like, I'm not relaxing while I'm watching it.
You know, like I'm, I'm not sort of there for the tension thrillers and things, I don't get a sort of thrill out of it like a lot of people do. But I love the idea of Mr. Robot because I've heard it's quite technically accurate. So it can be really satisfying to watch.
I can concur with that. From what I understand of how do you cyber security, it was a joke to ask you how do you cyber security. It was not meant to be a perfect sentence.
I'm bad at jokes, yeah.
Yeah, sorry about that. I can attest that Mr. Robot was an amazing series. It doesn't go where you think it should. You may enjoy it, but it's very technically accurate and quite scary in terms of... Maybe how fragile the world is. You probably see that now that you're deeper into it, how fragile the world can be with cybersecurity.
We just had a major outage, a BSOD across the world, and it's crazy. It's now sort of front and center to everyday citizens globally because it was a global scenario. Yeah.
Yeah, 100%. Full disclosure, I just left that company. Okay. So it was very close to home when it happened because I left CrowdStrike in March. Oh, wow. And so the fact that I was on the inside, I know a lot about how the software's developed. I know how careful the company is about rolling that stuff out. And I do respect the company a lot, really enjoyed working for them and did enjoy working
learning about how a company does modern antivirus software, right? And so even seeing a company that's doing so well just make one small mistake, I think that what you're saying is a really good point.
And considering I had even more context, I was actually quite surprised that it happened, just given how cautious I've seen them, you know, having worked for the company, that, yeah, even the good guys can take everyone down, right? Right. And so it is incredibly vulnerable and it grounded flights. You know, it was very much like that diehard,
movie with like justin long where they figured out how to you know manipulate all the traffic lights and all the things around the city right you'd be surprised at how few of these systems are actually well secured and you know my time at crowdstrike i did a little bit of work on industrial control systems as well and just knowing there's like this what is it called the seven bullet rule or something it's like with just seven bullets you can do a lot to take down most of the you know
important energy infrastructure in the United States. Like I'm talking off the top of my head. So I'm getting a lot of the details probably messed up, but there's this kind of like saying in industrial control systems, the seven bullet theory, like if you had them, like, could you take down entire grids? And yeah, like a lot of those systems are running on old software.
Like you see ATMs running windows XP, right. When you see a crash and it's just horrifying to, how fragile those systems are. And when you work for a cybersecurity company and you're watching customers get hacked and you're seeing how it happened, a lot of the CTFs aren't necessarily very contrived as far as the vulnerabilities that they're leaving on the machines.
They're quite realistic vulnerabilities. They're just a contrived storyline and narrative, but it's really not that different from everyday ransomware attacks and things like that, right?
So CTFs are fun. I did those back in college. I really loved it. And I think working on a red team would be super cool. I don't like the fact that at the end of it, you just have to write this long report. I don't know. Maybe, maybe the LLMs write that for you now and it's less cumbersome, but I hated that part. It's like, oh, now we've got to write a hundred page report.
And it's like, well, I'd rather just do the hacking and you write the report. Thank you very much. But is that what you were actually doing was red teaming and stuff or what's your day to day?
I'm of the same opinion as you. I think it would be very tedious as well because it's not like you're sitting there having fun on a Saturday night with a whiskey. You're having to be very methodical as well about how you go about things. You have to be very careful not to take down their systems. It's not a sort of a realistic hacking scenario, right?
There are the rules of engagement, which is literally a document you have to cover with them first and then You have to make sure that they're not going to call the cops on you if you physically get into the building, but then they catch you. It sounds thrilling, but it's actually quite methodical and I think it takes a lot of the fun out of it.
So I was working on a research and development team for threat hunting technology, essentially. So the human side of cybersecurity where you're constantly looking ahead and trying to find
heuristics and um like you know what's what are the latest sort of nation state hacker groups like what are the tools that they're using what are the technologies like how can we get ahead of them how can we design tools that are sort of always ahead of the curve and not necessarily just trying to be sort of whack-a-mole and and things like that so it was more i worked with data scientists and
researchers you know really smart people with PhDs and I'm like this code monkey you know helping them prototype their ideas and things like that so that was I was definitely more on the blue team side and not the red hat hacking yeah that sounds better actually that sounds pretty sweet it's still a game right like we were still playing the game we're just yeah on the other side of the game and so it can be really satisfying if you design a tool that helps track down something that hasn't been tracked down before you know um
or just helps threat hunters do their job much more efficiently so that they can just kind of look like these supernatural hunters. There's just something that was really interesting about that problem that I really enjoyed working on.
What are the various tools in the tool belt of a threat hunter?
I don't know if I can talk about the specific ones at that company because of an idea. Sure, generalize maybe. Yeah, but in general...
Working with Intel groups so that they can, you know, there are a lot of Intel groups that around the world that including, you know, governments who are embedded in these groups and operating under pseudonyms online and are actually interacting with these groups and finding out information. So a lot of it is Intel, but also threat feeds like being able to see new signatures and things like that.
But the actual tools themselves tend to be tools that allow these threat hunters to look at an intrusion after it's happened, be able to kind of look at the chronological events that took place,
you know, and just get a holistic view of it, you know, it gets to the point where threat hunters can look at a couple of lines of command line commands that would run on like an infected computer or a computer with a successful intrusion, a compromised one, and they can immediately say, oh, that's that threat actor in China, you know.
And so it's more about knowledge and knowing patterns and being able to then be incredibly agile and with being able to get ahead of the, I guess, the attacker.
What kind of signatures are they leaving? Like, what's the breadcrumbs they're leaving behind? Is it, like, literally a signature? Is it, like, a DAT file that's left behind with, like, you know, a one-liner?
That sounds really cool. That sounds really cool.
That sounds like not a very good hacker if they leave their signature behind. Or they leave a file that says, you know, don't delete me, read this message.
Like, it was Banksy. It was somebody named Banksy. Mm-hmm.
It can be everything from did this person switch to a specific language keyboard. It can be the specific actual hacking tool. So, for example, let's think of a hacking tool like Bloodhound or Mimi Cats or something like that, you know. what specific tools are they using and in conjunction with other tools.
It can also be things like, okay, does this country have a major national holiday and was there zero hacking activity on this machine that day? And then it resumed the next day. Okay, well, maybe they're located in a specific country then, which narrows it down to a smaller collection of threat actors, right? And so...
There are all these little sort of bits and pieces that come together and, you know, a threat hunter needs to be able to find something that happened, piece together what actually happened and be able to inform future, you know, detections.
How do these threat hunters get access to the infected systems without fear of additional hacks? Is it like the Heisenberg effect? By inspecting it, you're actually modifying it. Is it like clone a snapshot of the disk and work with it offline? Or what do they do in order to actually go about their work?
Yeah. So I think you're also thinking of things like forensics. I am. I think that's probably more the appropriate discipline. Threat hunting is not exactly quite like that. It's more sort of data sifting than anything. And so I'm just being really careful about my NDA right now.
I knew can tell, like there are certain things I'm sharing that are very vague because I don't know what would be considered proprietary information. I don't talk about this topic very often. So it is very difficult for me to delineate that.
But yeah, I think you're talking more about forensics and that's something that I learned in college, how to successfully image a hard drive without actually changing a single bit. which is harder than it sounds. It is. And I think this is also a lot of incident response too.
So incident response and forensics are a little bit different to threat hunting in that they tend to be doing the hands-on work and actually getting into the machines and doing that. I think threat hunters are taking information after the fact that's being collected and they're not necessarily doing that work.
So yeah, like I said, cybersecurity is really broad and so you can split these skill sets out into different focuses. Yeah.
Yeah, I definitely was categorizing forensic people with threat hunting, but I assumed they would be operating at least in similar timeframes with regards to a breach, but...
How do they get their tasks? Are they just sitting in JIRA getting threat hunting tasks? I'm just joking, of course, but how do they get their missions? How do they know what systems? Are they active in literal crime scenarios? Are they working for folks like the NSA and the FBI or private companies like you were?
It's usually like a self-destructing letter, isn't it?
Ten seconds, and then it self-destructs. yeah like private institutions um so for example like CrowdStrike threat hunters are actually threat hunters for hire so they work with companies directly And, you know, if you look at the product offering online, it's called Overwatch.
There are different tiers of it where they'll even give you, you know, briefings on the latest threats to look out for and things to maybe specifically look at for your industry even. So, you know, if this company is a financial tech industry and they're working with CrowdStrike, the Overwatch team, the threat hunters can, you know, give actual briefings on what they're seeing as trends in that
financial industry based on attacks on other companies that are similar to them. And so the threat hunters do a lot of different services. And so it's going to depend on whether you're in the private or public sectors to like what tools you use as well. So I'm sure that there are teams that use Jira to keep track of intrusions and dump a bunch of data in there.
But I think that a lot of these tools tend to be very proprietary. And so, you know, they've been designed and developed and incrementally, you know, improved based on the specific kind of work that these threat hunters doing at their institution. That's all I can say.
Yeah. What's the best way in to get into this, this layer of cybersecurity, whether it's threat hunting or, you know, looking at signatures or something like, what's the, is it go to school for it? Just get steeped in it, find a community. What's the best way in?
It's exactly the same as coding, really. I think if you know what you want to do in cybersecurity, such as threat hunting specifically or forensics or something related to that, I think that makes it a lot easier. What you can do is just try and look online for resources, for free resources, or you can actually enroll in...
some certification programs as well which will give you the foundation so you kind of know where to go from there and obviously taking part in ctfs like so the code breaker ctf that nsa puts out the national security agency of the united states You know, we all can have complicated feelings about that company. I just want to sort of like, you know, preempt that.
But they have a CTF every year called Code Breaker and it's a reverse engineering competition. And that's where I sort of got the fidget spinner from because I took part in it and I sort of placed at a certain level to get a fidget spinner. But that particular CTF I would recommend for Threat Hunters because it's
There's a sort of fictional narrative they put out as part of the CTF and they keep drip feeding you all of this additional evidence of a breach and you're supposed to unwind what happened. And so the one that I participated in, they were giving you everything from compromised Docker containers to network logs to, yeah, like Wireshark PCAP dumps showing network traffic.
And so you had to reverse engineer a bunch of,
binary executables you had to figure out how the docker container got compromised then you had to reverse engineer the protocol that the threat actors were using on the network and then you had to kind of then hack back into their computer to find further evidence you know and i think being able to sift through evidence like that is probably the the best skill to practice when it comes to wanting to get into that side of cyber security
How much does that draw out your coding skills? I imagine quite a bit as you go through that stuff because there's so much TDM otherwise.
Yeah, I'd say I had a huge advantage in a lot of the CTS because I could write simple scripts even, right? So let's say you get a giant Apache log file, right? And like, it's a pretty structured log file, right? And so you can use, you know, bash one liners, you can use orc and you can use like truncate and... unique and all of those command line tools.
And you can just kind of like glue something together. But if you want to do something a bit more complex, that's where scripting just really comes into its own. And so during these CTFs, I was writing all sorts of different scripts to filter things and to count things and to accumulate things and
also there was one time where there was something was encrypted using RSA and it was kind of hard to find a tool online to just like dump the text in and decrypt it and I think that was the point of the CTF they were trying to make it difficult so I was able to just write a quick JavaScript implementation of the RSA algorithm that sort of like brute forced through and figured out the key and they obviously gave us a weak key because otherwise you need like a quantum computer to crack it but
that was so advantageous. Most people either didn't solve it or they had to find a tool online that only let you put in one character at a time to crack it. Whereas I had it written in, you know, like maybe 10 minutes and it was done. So it's a huge advantage, I think being able to code, but also you, you understand how computers work as a foundation, right?
And that gives you a really good intuition for solving problems. Like I've seen people who have come into cybersecurity and but not having an IT background. And there's a certain intuition that they're missing where you can infer things from certain pieces of evidence.
And even the Docker container thing, like I was able to just jump in, whereas a lot of people were like, I don't even know how to run this thing. I'm going to have to spend half an hour an hour learning Docker. So I've always had a huge advantage in CTFs because I do have that coding background.
Yeah, it's a lot easier to know what to look for in an Apache log if you've actually managed an Apache web server for a while for whatever reason, or if you've, it's a lot easier to use Docker if you've used Docker and all these things.
I mean, maybe that sounds obvious, but when you lack that context, you really are poking out a black box, you know, and you're just like, you can't really get in past the surface very easily. So was, were you on your own or is it Teams?
that particular one code breaker, it was very strictly by yourself. And so I think there were 10 problems and I made it to problem eight. And that's where I felt that I was hitting a ceiling, right? It was very specialist reverse engineering. Like I ended up looking at the solution afterwards from people doing write-ups and I was like, I never would have got that.
You know, you had to sort of do this weird, um, you had to roll the protocol correctly, but then you also had to kind of plant a buffer overflow in order to sort of get through it.
And I'm just like, I was like, I know how to do toy buffer overflows when the conditions have been presented to me in the correct way, but I can't actually sort of, you know, it's a lot harder for me to do that because I don't have a lot of practice with it. So, yeah.
Yeah. That's as far as I got back when I was in school. I understood how they work, and I could recreate one given certain circumstances. But if you wanted me to actually go in and execute arbitrary code with the no-op sled and stuff, I don't know how long to do this thing in order to land in the right spot. Yeah.
Yeah. Yeah. And like, how much do you keep going until you give up? Because you're just like, just one more, just one more, you know, one more knob. And so in the end, the solution was to use a, was it called a ROP chain as well, right? So using gadgets, using assembly gadgets after the knob sled in order to then like return to C or whatever that is.
so that you could then run little snippets of the assembly code that were present in the program itself to get what you need. And so I looked at that and I was just like, yeah, there's no way I'd be able to assemble that. That's something that I want to practice that for next time sort of thing.
Yeah, that's some expert level stuff right there. Us mere script kiddies can't go there. We can just run the script.
Well, it was interesting because one of the write-ups that I read was by a high schooler and I've never felt so insecure in my life after.
Well, that's the thing. They're on YouTube getting impressed at a young age. And next thing you know, white hat hacker for the NSA. Yep. You said you did eight of 10. Is that right? How did you even get involved in this, capture the flag in the first place with the NSA? Like what made you find it, discover it, want to do it?
Yeah, it was through my cybersecurity club at my community college. It was actually a really high quality cybersecurity club. I'm still in contact with them. I still volunteer and help people ramp up to doing CTFs. Like I'll teach them the coding sort of stuff. It's like, oh, here's how GitHub works.
So if you need to clone down a tool that you can't find anywhere else and get it running, here's how to sort of use GitHub in its basic form. And Yeah, so it was through the Community College Cybersecurity Club. They have a Discord that you can join when you're a student and they just put, there's like specific channels set up even for specific CTFs.
So it's almost impossible to miss out on when there are actually CTFs going and people will announce them and they'll also hold information sessions. And like I said, like tutorial nights where you can go along and follow along and learn a new skill that will help you to tackle those CTFs better.
And then for the CTFs that have teams, that school would also help people form teams as well, which was really cool. So I think that getting involved in the cybersecurity community is one of the only ways to really know, unless you literally Google like cybersecurity CTF list or something, that can also help. But most of the CTFs I was doing were the collegiate level too.
So they were a bit easier, I think. And so that was a huge help just to get sort of your feet wet.
You're making me kind of want to get back in the game and give it a shot.
It's been probably... Yeah, I didn't know you used to do this. It's really cool.
Yeah, I had an information assurance sub-program at my university. And so I spent the last two years doing all InfoSec things. I actually did some penetration testing right out of college. And between the report writing and the fact that I felt like when you audit somebody, you do your best, but you can't really say anything at the end of the day except for, well, we did our best.
And it's better than not having been audited. But I always was like, there's like a false sense of security that you have now, which I don't feel really, I don't feel great like selling that, you know, as a service, a false sense of security. And so I realized also I wasn't that great at it. Like I don't have as much of a hacker's, a breaker's mind as I do a maker's mind.
I like to create more than I like to break. It's kind of what I learned about myself, but also just that I was like, I kind of went a different direction from there. I managed some Linux networks for a while, and that's when I found out about web development and started doing all that kind of stuff. That just mapped to my mind better than breaking in and breaking stuff.
But it was fun, and I think the CTS was the best part because they were very much like... you know, stereotypical, like drinking Mountain Dew, staying up all night, you know, like doing all the things that you, that happens in the movies, you know, and without having to like write a report afterwards or stamp a thing that says you're secure on it, you know, they're just, they're just fun.
They're way more fun than actually doing it as work for sure. And I relate to the point about feeling like a hacker and stuff. Like I always put on like the mood lighting in here and then I'll put on the synths and the garage tracks and, you know, all of that kind of thing. And like... I really go all in.
And if it's just a weekend, like, you know, I don't have a family, so I can just literally lock in with the Mountain Dew and just do it. And so it's a lot of fun. And again, it's very low stakes, right? But you learn a lot and you're still tickling the part of your brain you want to just, yeah, like there's no responsibility, I guess, to it either. So, yeah.
Yeah, and I mean, they do design the CTFs to be really satisfying too. There's nothing more satisfying than running a bunch of checks on a company and you're like, well, you guys are pretty good, but we can't give you a guarantee. It's like what you said, it's very anticlimactic, whereas they design the CTFs to specifically be a game.
And so you do get those moments where you just miss something and then you find out the answer and you're like, oh, you know, and then there are other times where you're one of the only people that found something and it feels really thrilling.
I think the escape room analogy is a, is a good one. Like the way it feels.
Yeah. Are you trying to find something like you may have said this and I glossed over, but like the goal is to find a secret or get into a certain place. What exactly, like what is the artifact that you find? Is it a physical or a digital physical thing or is it just access or is it something you take back and you show, Hey, here's proof I've got this thing.
Joe, what were yours like before I got here?
The main ones that we did were, there was a planted vulnerability, and it was teams. And you were attacking each other's machines and protecting your own. I'm not sure if that has a very specific name to it, that style of Capture the Flag. So then there would be a vulnerability on everybody's network. and the vulnerabilities were all different.
And so as a team, you'd have to fortify your network while attacking the other people's networks, basically. And there would be some sort of a proof, like a flag, whatever imagine a flag would be, like a string of characters that you'd have to fetch off of their remote machine in order to prove that you penetrated it.
And in the meantime, you'd have to be trying to find whatever vulnerabilities were on your machines in order to remove those vulnerabilities before you got hacked. And I remember one time we did them nationally And we got hacked and we got completely destroyed in like 18 minutes one time. Like we were just like, we were like, had our mountain dues and we're ready for a Friday night.
And like, we lost within the first half an hour because somebody was so much better than us. And I was like, oh, very talk about anticlimactic. It's like, oh, and we're dead. So that was fun, but it could have been more fun if we were better at it. That's the ones that I did. I'm not sure. I'm sure there's different ways they can set them up to do different things.
Yours sounds like it was levels, like there's levels of things that you have to do that you progress through.
Yeah, I think I did a mix of them. So I did CCDC, which is the Collegiate Cyber Defense Competition. I did that with a team and that was just the defense side of what you just said. So they do hire professional red teamers and there are, you know, like, you know, a team from every single college that's participating and this, you know, I think eight of us, and you have to lock down.
They give you an incredibly vulnerable network. The gist of the story is they've just sacked the entire IT team and they've hired you on as the new IT team. And you have to like basically audit the whole system, find out how it's vulnerable, lock it down. So it's the same as what you were saying, but we don't have to attack anybody.
But you spend the first day just auditing, trying to lock things down. They interrupt you with business requests. So you're emailing the CTO. He's like, oh, I want you to look into crypto as a product. Can you like give me a report on crypto by the end of the day or something, you know?
And so they're constantly interrupting you and trying to simulate a real business environment where you're just fighting for your life. And then, yeah, like you said, if they just find one vulnerability, which they will, all of a sudden you've got two, two trains on your console and then certain other boxes are boot looping and you're just like, oh my God.
And you're just like, it's an actual fire right now. And so that was a very stressful one that I did, but the others were more about They're trying to give you experience with everything in cybersecurity. So, you know, there'll be an encryption section where there's puzzles. They'll give you a bunch of encrypted texts and they're like, what does this say?
And it's more about answering the questions and completing as many of the challenges as possible. And they're just smaller toy challenges. And they'll also, you know, challenge you to actually get into a box, for example, and then, yeah, find the flag and report what the flag was. And so I've done a big mix of them.
And then there was the reverse engineering one, which was NSA, and that's totally different again. And so, yeah, it's been a variety. I think I like the ones where I can just sit and tinker. But the cyber defense one, I really feel like I leveled up, especially in Linux. We spent months practicing and running password reset drills and things like that and being able to audit.
And we had this big notebook we were all throwing notes into for each other. And we were on a Zoom call for the entire weekend talking to each other. And it was very high stress. It took me a few days to recover. But I really feel that it forced me to level up. And I'm sure you felt similarly, Jared.
For sure. For sure. And it definitely felt like my Linux administration skills were peaking at that moment. Because you have to know all the commands. And you have to usually, I mean, the heat is on, which is the way it is, I guess. I've never been on a network that's under attack.
in the real world but i'm sure it feels a lot like that where it's like if you have a an actual threat actor who has access to your internal network i mean it we're moving as fast as we can right like you got to figure out what machines they have access to how they got in like all these things what are we going to turn off or unplug or like it is a got to be a very stressful situation
And so when the heat's on, you've got to know the commands. You can't be sitting there Googling, like, how do I reset the password on this and that? All those things kind of go out the window, and you've got to just move fast. And so I definitely leveled up through those experiences, even when it only lasted 18 minutes. Those are good 18 minutes.
Yeah, but it's so satisfying sometimes when you see, you'll run a couple of commands and you'll run who, for example, and you see someone's logged in and then you find their process ID for their telnet session or SSH and then you kill the process and you're just like, they're out. And it's like, then you're sort of scrambling. And so it can be incredibly satisfying.
And then you run it again and they're back and you're like, no, they're back.
Yeah. Yeah, we ended up having, we ended up using Tmux and just opening all of these different sessions. And we had Who running and Top running and, you know, Netstat and everything. And we had them sort of self-updating constantly so that we could just keep track of it. And everyone was assigned two machines to look after. And that was way too much overhead as well, right? It was just so hard.
Yeah.
What are the things you would look for on top? Like a new process ID that just seems obscure, doesn't belong?
Yeah, something that's burning up a lot of CPU too. Some of the tools are really badly written, so they'll rise to the top of that list and you'll actually see it burning a lot of stuff.
What we need is top, top. Top of the top. Top of the top.
I feel like we should team up and do one. I need a team. I don't have a team anymore, sis. Although you're located three-quarters of the way around the world from me, so it probably wouldn't be the best.
It has been really difficult, yeah. I've stopped participating in the team months now because of that, which sucks. The last team one I did, I actually was in San Diego for a work trip, and so I stayed an extra couple of days through the weekend because there happened to be one going on, and that was really cool. Hacking from the hotel, it felt even more...
hack a movie right from a hotel room do people travel to do these a lot like is that is it meant to be in the same space really is that where the the fun really is that like co-located yeah prior to COVID I think that was much more common the cyber defense competition that I did we all did it remotely but if you for the regionals but if you make it through the nationals you actually go there in person and you're put in a room
And you can only bring print books. You can't bring anything digital. And so you've got Linux freaking command line books and you've got all of these printouts of cheat sheets you're going to use and stuff. And so they're very strict and locked down. And I think those can be really fun too. But I mean, a lot of people go to DEF CON because there are a lot of
ctf competitions there too i went to b sides in canberra last year which is um our capital state so there were lots of feds there as well um but they were holding a ctf and you could just go into the room and just play the ctf from there and pop in and do a little bit of it if you wanted to so i think it's like esports there are a lot of in-person stuff i would see it as an esport almost they're probably doing them live on twitch you probably twitch stream this
Yeah, a lot of people are probably doing Hack the Box and Try Hack Me, which are both like online VM platforms that give you puzzle boxes to solve. There's a lot of people on Twitch doing those. Even if they're not talking, they're just streaming themselves doing it.
Mm-hmm.
Is there a big career in this? Obviously, as software eats the world and systems morph and you've got more and more things being obviously modernized, is this a lucrative, or not even lucrative since you're not chasing fame or money, but is there a major upside?
If there's people listening to this thinking, geez, I haven't thought about this, or I've got a fancy for it, but I never considered that I'm super bored in this current position and maybe I can pivot.
I think there's a lot of job security in it because depending on the role you're in, because like it's going to be whack-a-mole forever. There's always going to be hackers and it's impossible to release code without vulnerabilities. There's always going to be those kinds of things, right? And so it is really good job security in a depressing way.
And there is a lot of money in it if you specialize. There's a lot of really great career opportunities that, again, sometimes it can feel like you're actually doing something important as well. I think that the feeling of, again, it depends on the role you're in, but feeling like you are preventing citizen data from being breached.
Like if you work on the defense side, even the pen testing side, you're helping companies, you know, lock down their systems better. I think there's a lot of reward in it, even if it can be a bit of a depressing industry to be in because you see a lot of stuff you can't unsee and it does make you feel more worried about just how vulnerable a lot of systems are.
It can be incredibly rewarding, I think, because I think some of the jobs are a bit more tangible. You're not just shipping things to make more sales, right? Yeah. which I've done in previous jobs. I've worked for a shoe retailer and it's like, yay, we made more money this quarter. Woo. You know, it's just, that's not very fulfilling for some people, including myself.
Whereas if you're like, I helped develop this tool that kept out the hackers or I pen tested this company and now they're going to be in a much better security position. Like that just feels a bit more tangible and a bit more rewarding that you're actually helping add some good in the world.
Yeah, I think it depends on where you land, because I've definitely heard horror stories as well. And I've heard a lot of infosec industry people kind of liken it to game dev, you know, which is of all the software development careers, game dev is like, looks like the best, but is actually the worst. Yeah. Because everybody wants to be one. They're like the sweatshop of developers.
Yeah, it's so crunchy. It definitely depends on where you're at. And a pretty depressing example of that too is if you're in forensics, there are a lot of really nasty stuff that you can have to sift through in forensics. You know, it's the same as content moderation. You're seeing similar things.
And so I'm really interested in forensics, but I don't think that I, again, if I can't watch Mr. Robot or if I can't watch scary movies, there's no way that I can work in forensics without feeling psychological damage from that and it affecting my mental health. So cybersecurity has a lot of mental health problems just because of the nature of how things are really messed up.
And I think that it's a tech community too. So it has its own sort of toxic parts, which we're all familiar with in coding communities as well, right? There's just, yeah, I think that tech has a lot of immaturities that still, you know, haven't resolved as well as they could. And so I see very similar patterns in cybersecurity, to be honest. Yeah.
It does come with a warning, but I think given that cybersecurity is such a broad field, there are a lot of things you can do that can either keep you out of trouble or can find your niche without really being exposed to some of the darker parts of cybersecurity. But I think that's a really good point that you bring up. It's not all sunshine and rainbows, that's for sure.
And you can ruin your hobby if you're not careful. I think that if I did pen testing as a hobby... it would be way more fun than doing it professionally, such as like bug bounty, right? Like you can make quite a bit of money from bug bounty. If you find a particularly bad vulnerability, you can have a $10,000 payout.
And so I know a lot of people chase that as a bit of a game or a side hustle, and that can be really satisfying.
Well, what's next for you, Suze? Is that something that's predetermined or you're still trying to figure it out? Still trying to figure it out. Can you talk about it or no?
I can't talk about it because I don't know and I'm trying not to put too much pressure on it. I think I have a lot of options.
That's great.
And I don't want to rush into something. So just for full context and if anyone's watched my recent interview with Quincy, they'll know, but I quit my job in March and then I focused on finishing my master's thesis. I did a master's in education technology. So very different from cybersecurity and my coding background. Teaching is something I did early in my career, really enjoyed it.
I'm starting to think that it's possible I might want to go back. But also I just found, I just thought that that was a really interesting topic for me to study just for my own satisfaction as well. So there's not a lot of pressure on whether or not I want to go back to teaching again.
community college I'd teach technical topics obviously maybe I can do some online courses or something like that but there's just a have a lot of options right like you know I have a 20-year career to look back on and I can get a coding job I can go into another cyber security role I can do teaching part-time maybe and freelance for the rest of it I'm sort of considering my options right now but I've sort of I very deliberately planned my position to have some time off because I'm
pretty burnt out right now. So I'm trying to focus more on the things that bring me joy. And then I think it'll eventually lead to something that will be really enjoyable and fruitful for me. So yeah. And then just doing my own silly projects again, I think that four years of college, both a bachelor's and a master's really took a lot of time away from me being able to be over in this corner.
Like I'm always at the, this corner, the computer corner, and I'm not in the cool lab corner. And so I want to get back to that corner of the room. And then on top of that, I'm getting my pilot's license. So that's requiring a lot of study and time commitment from me as well. So I'm sort of trying to focus on what I currently have going on and then I'll sort of figure it out from there.
A lot of facets to you. Seriously. No wonder why people are so interested in you. Just throw on the pilot's license in there. Yeah, so many facets.
Yeah, I don't talk about it a lot because it tends to get a lot of, I think that's what I was alluding to earlier when I said I have other hobbies and then people sort of latch onto it and they're like, that's really awesome. And I'm like, no, but can we just talk about the planes and can we talk about the laws and regulations? I find that really interesting.
But then they just want to be like, oh, so you're going to be a pilot. And I'm like, it's not about me. I just want to talk about aviation. So it's the same thing, you know. But yeah, no, I just love learning and I love machines. And I think that planes or aircraft are a particularly interesting human machine interface, actually. Like I drive a manual car. I just love machines.
And it's not just computers.
You must love knobs and...
Yeah, like, yeah, that kind of stuff. So I'm learning in a Cessna, an old school plane, because it has all of the knobs and the vacuum instruments. And it's a bit sort of flying on hard mode compared to some of the more modern glass cockpits. But I just love anything that's a human machine interface. And so to me, the pilot made sense. But everyone's like, why are you doing that?
And I'm like, well, it actually makes sense if you track all the way back to what my interests actually are. But it can seem a bit eccentric to people sometimes, I think.
More dangerous than eccentric in my mind. You know, I think about flying planes and I'm like, well, what about when you're not good at it? Isn't that when you crash?
I'm not very good at it at all. I've only got like 35 hours, I think now, but I have gone on my first solo and I didn't crash the plane. So I can't be super terrible.
Right. You must be all right.
But here's the thing. Planes are a lot more tightly regulated as far as safety goes, as far as the maintenance required. And they're very strict on, you know, after the next amount of hours, you need to completely overhaul the engine and It's actually safer technically than, you know, being on the highway.
But I know with ultra light aircraft and light aircraft, you know, the danger level goes up a bit compared to a commercial airliner.
Yeah, the smaller the plane, the scarier I, the more scared I am.
Yeah, I'm in a four seater. The one that I learn in, it's the Cessna 172, which is a classic student pilot plane to learn. But it's also a very common one that you can rent. once you've got your license. So it's sort of, it's a good fit. But yeah, there's a lot of things that can go wrong.
100%.
Yeah. Motorcycles are scary. Yeah, for sure. I've never been a motorcycle guy personally. I just was thinking like, I see so many people here in Texas not wearing helmets because it's legal to not wear a helmet. And I'm like, you do not like your life at all. I mean, you have no concerns or cares because like there is no way you crash and come back from that.
No, it's not. Like when I was a kid in elementary school, we got asked like, oh, what car do you want to drive or something? I forget why they even asked us this. And I was like, I want to ride a motorcycle. That's what I'm going to do. And then I got older and I realized I don't trust myself and I don't trust anyone else on the road. So it is interesting that I picked up aviation because I think
it does feel like it's a lot more dangerous because you're adding like another dimension, right? Like cars are 2D and like planes are 3D and they're much more susceptible to weather as well. And so there's a lot more variables to them. And so motorcycling seems, and I think is a lot more simpler as well, just to pick up and actually learn.
But it's interesting that the danger levels are actually very different from each other.
Well, the skies are more wide open. There's less idiots out there in the skies. You still have issues, I guess, with who's landing when and where. But that's the problem with motor vehicles. It's like everybody else making bad decisions.
You can't control them, right? Yeah, pretty much. And I think as a student pilot, I've been taking my time because I feel that the more dual hours I get in the plane with an instructor, the better. Because I can be exposed to a wider variety of scenarios, but have the safety of having someone who can take over immediately if they need to. And that's been really beneficial.
And even just facing an incident on my second solo and my third solo in a controlled airspace, right, where air traffic control knows I'm on my solo so they can give me additional instructions and instructions.
things like that, I think it is really important to expose yourself to as many of that as possible because I don't, you know, I'm getting my license in a few months quite close, but right now I feel that I want more time to face those uncertainties to really get a feel for how I would handle them under pressure.
Sounds cool. Well, how do we land this plane, Suze? I think we just say goodbye. Love catching up with you. Up to cool stuff. I'm looking forward to your pseudonymous, anonymous, open source contributions upcoming.
I won't know.
I won't know it's you. But I just, I like the idea that you're out there, that you're out there doing your thing, even if nobody knows.
You'll find her signature in something, I'm sure. She's got a pattern you can match to. Right. We should threat hunt Susan in open source. Mm-hmm. Yes, it was good catching up with you.
It's good to see that you're well, good to see just generally your, you know, the way you approach life, you know, the way you approach decision making, even from things you're fearful of or concerned about or things that give you more comfort and safety. It's interesting to see that part of your life.
Yeah, I appreciate talking to you guys. I miss you guys a lot, actually. I was just, yeah, I was saying in the email, I was just thinking about you guys and then you emailed and I was quite thrilled. So I always feel like our conversations always go this way. They're always very fruitful, very thoughtful.
And yeah, I'm just glad that you sort of understand the journey that I'm on right now because I think it's a very privileged one, but it's also maybe not as typical and I'm really enjoying just quietly living my life, I think. So it feels like you guys get that. Yeah.
Yeah. We get it. We do get it. And we appreciate you opening up and sharing with us. Absolutely.
Bye, friends.
What do you think? Should I dust off my old copies of Nmap, Wireshark, and Metasploit and try my hand at capturing the flag once again? Let us know in the comments. We love hearing from you. One more thanks to our sponsors of this episode, Supabase, Speakeasy, Test Double, and Socket. And of course, to our partners at Fly.io and to our beat freak in residence, Breakmaster Cylinder.
Oh, and don't forget Sentry. Use code CHANGELOG when you sign up for a Sentry team plan and save yourself $100. Why not, right? Next week on The Changelog... News on Monday, Ryan Wuerl from Warpstream on Wednesday. And our next edition of the award-worthy Pound Define Game Show on Friday. Have a great weekend. Leave us a five-star review if you haven't yet. And let's talk again real soon.