►
From YouTube: EDU.SIG DEI Community Office Hours (April 20, 2023)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right:
well,
hey
everyone
Welcome
to
our
brand
new
fancy
office
hours.
I
do
have
one
thing
to
say:
I
said
these
were
going
to
be
valuable,
so
I
didn't
have
to
do
all
these
meetings
everywhere
and
I
got
a
thing
at
like
midnight
yesterday
and
spdx
was
like:
can
we
get
some
help
with
diversity?
I
was
like
you
can
come
to
our
office
hours
that
we
have
tomorrow.
B
A
But
I
think
this
is
good.
I
mean
at
least
now.
I
could
literally
just
respond
to
that
and
not
have
to
give
them
a
bunch
of
advice.
I
just
told
them
to
come
to
here
so
they'll
be
able
to
know
they've
got
access
to
this,
so
they
should
be
on
the
next
one
yeah
so,
but
we'll
give
it
I
say
we
give
it
like
10
15
minutes,
there's
a
couple
of
things
to
cover
anyway.
C
B
C
B
So
it
was
when
I
checked
Monday.
It
was
121
total.
B
I
haven't
checked
recently,
but
we're
gonna
we're
gonna,
be
closing
it
on
the
alpha
omega
mentorship.
We're
gonna
be
closing
out
on
the
25th.
B
A
Which
is
next
Tuesday
yeah,
okay,
okay,
that's
good
yeah,
yeah,
I
think
those
are
good
opportunities.
Hey
son!
Welcome!
A
I
believe
so
Yesenia
I
haven't
contacted
you
just
yet
I'm,
also
wearing
some.
My
eye
socks
right
now,
sucks
but
I
know
right,
but
Christine
I
sent
you
and
Jay
an
email
earlier
today,
my
time
just
asking
I'm
trying
to
get
about
half
a
dozen
like
just
audio
recordings,
that
I
will
then
translate
on
Otter,
so
they
can
be
read
as
well
that
just
talks
about
like
it
literally
starts
with.
Not
what
do
you
do
now?
But
what's
the
first
thing
you
remember
doing
in
open
source?
C
A
Yeah
and
so
that
those
would
all
be
sort
of
digital
links,
digital
content,
that
people
can
dive
into
so
yeah,
you're,
predominant,
I,
think
it'd,
be
so
cool
all
right,
I
think.
B
C
D
So
I've
been
in
the
Pacific
Northwest
for
the
past
two
months,
right
now,
I'm
in
in
red
egg,
at
my
old,
where
my
parents
live
now,
I
won't
go
into
too
many
details
about
my
tumultuous
personal
life,
but
slowly
but
surely
moving
out
of
Texas
okay,
things
have
kind
of
been
up
in
the
air
for
the
past
two
months,
but
I'm
trying
to
get
back
into
it.
Finally,.
E
A
D
A
A
A
A
Yeah
I
think
that
would
be
cool
pretty
much
but
hey
son.
Do
you
have
any
questions
or
possibly
the
Yesenia,
on
a
mentorship
opportunity
at
the
Linux
Foundation
or
have
you
not
read
my
messages
this
week.
D
Hate
to
be
honest,
I
was
I
was
I
was
very
surprised.
I
was
very
surprised
that
Kate
Stewart
reached
out
to
me
because
I
haven't
been
involved
with
stuff
in
about
two
months
and
all
of
a
sudden
I
get
this
email
out
of
the
blue.
It's
like
okay,
I'm
gonna
forward
this
to
Sal
and
Aaron,
because
I
don't
know
what
else
I'm
supposed
to
do.
Yeah.
A
Yeah,
well,
they
didn't
they
weren't
able
to
make
it
there's
some
I
think
there
were
two
or
three
people
contacted
after
that,
but
I
do
I
want
to
make
sure
to
follow
up
with
them.
Tell
them
that
there's
another
one
that
they
need
to
show
up
to
these
spaces,
because
it's
not
about
bringing
everyone
to
spdx
the
xbx
going
out
and
doing
that.
Well,.
D
D
Yeah,
I
briefly
skimmed
over
that
thing
that
you
sent
me.
That's
this!
It's!
What's
that
thing
going
on
right
now:
it's
yasina
and
Jonathan
Elijah,
something.
A
D
Whatever
you
do,
don't
call
him
John.
He
doesn't
like
that
Jonathan
always
Jonathan
yeah,
no
I
did
bowling
with
him
once
and
yeah.
D
Height
and
then
I
picked
up,
one
of
those
I
picked
up
one
of
those,
oh
God
back
when
sonotype
had
those
little.
This
was
a
couple
of
osses
ago,
but
they
had
those
little
like
camera.
Slighty
cover
things
I.
F
D
A
It
looks
like
we've
got
one
more
person
in
here,
so
do
we
all
want
to
do
just
a
little
set
of
introductions,
because
it's
a
good
way
to
get
started.
B
Oh
well,
I'll
start
just
welcome
everyone.
This
is
our
first
education
Dei
office
hours
and
today
we're
kind
of
just
focusing
on
the
alpha
omega
mentorship
program,
I'm,
hoping
to
kind
of
give
that
a
little
bit
more
visibility,
even
though
I
may
have
dropped
the
ball
on
the
marketing
on
this
a
bit,
but
we
had
it
for
four
hours.
So
so
we
had
to
drill
down
to
an
hour.
B
I
didn't
know
how
that
was
gonna
work,
but
just
to
give
a
little
brief
introduction
to
myself
and
then
the
project
and
then
we'll
go
around
the
room.
So
I
am
on
the
open,
ssf,
Alpha
Omega
project,
focusing
primarily
on
the
Omega
side,
which
is
our
tool
chain.
We
have
four
components:
our
analyzer
our
triage
portal
under
the
analyzer.
We
also
have
a
feature
called
the
assertion
assertation
framework,
and
then
we
have
armandern
Omega
client,
which
essentially
does
the
the
automated
pull
requests.
B
So
those
four
pieces
are
just
our
four
components
that
we're
currently
looking
at
to
deploy
into
con
or
engineer
into
a
full
Sledge
flow,
where
we
analyze
an
open
source
package
using
20
plus
different
security
tools
come
up
with
one
report,
because
we
all
know
that
these
security
tools,
loved
their
own
reports
come
out
with
one
Sarah
file
report.
That's
going
to
be
uploaded
one
day
automatically
into
the
one
day
live
triage
portal
that
were
so
hard
working
on
and
then
from
there
there
are
our
security
researchers.
B
This
is
where
Jonathan
light
shoe
kind
of
kicks
in
we'll
be
taking
the
findings
that
are
added
to
the
triage
portal
performing
their
vulnerability
disclosure
life
cycle.
In
that,
once
they've
become
aware
of
fixes
that
they
want
to
run
into
campaigns,
there
will
be
one
day
at
the
Modern
count
will
be
living
into
the
triage
portal
and
those
campaigns
can
be
and
Via
an
action
from
the
the
portal
based
on
the
status
of
a
specific
finding.
B
It's
a
12-week
program
paid
paid
into
two
installments
because
that's
how
they
have
it
set
up,
but
additional
funding
was
added
so
that
folks
could
join
us
at
b-sides
and
Defcon
this
year.
So
hotels
flights,
all
the
the
luxuries
have
been
added,
but
that
that
will
be
part
of
the
mentees
pay.
B
Maintenance
pay
is
paid
out
and
two
installments
six
weeks
in
six
weeks
out
and
we're
hiring
a
total
of
four
remote.
That
should
add
that
to
remote
us
eligible
individuals,
we
will
be
looking
at
expanding
it
to
outside,
but
to
get
this
program
out
quickly
within
the
summer
program
to
get
Talent
we
just
had
to
limit.
B
Two
of
them
will
be
working
with
me
on
improving
the
engineering
of
the
Omega
tool
chains.
So
getting
more
of
those
features
in
play.
Getting
it
live
in
the
cloud
I'm
working
on
the
full
project
plan
within
the
next
couple
weeks,
and
then
two
will
be
working
with
Jonathan
light
shoe
on
the
actual
vulnerability
disclosure
workflow
process,
we're
closing
out
the
applications
on
the
25th,
but
we
are
going
to
be
reviewing
it
on
the
24th.
B
So
we
are
asking
folks
to
submit
by
Sunday
the
23rd
that
way
we
can
have
our
time
Monday
to
review
it
and
then
reach
out,
and
then
anybody
else
will
be
reviewing
on
Wednesday
we're
hoping
to
provide
notices
of
moving
forward
by
mid
May,
so
that
folks
can
start
in
June
1st.
That
way
it
just
kind
of
coincides
and
then
at
the
end
of
your
mentorship,
you're
out
in
Vegas
with
us.
B
If
you
use
the
money
towards
that,
we're
not
meant
as
much
as
we
want
to
mandate
you
to
go
fly
with
us
and
party
with
us
in
Vegas.
We
can't
force
you
to,
and
that's
a
little
bit
about
me,
the
project
and
the
mentorship.
A
Super
cool
I'll
jump
in
real,
quick
Sal
chemek
I
am
all
around
the
Linux
Foundation,
but
I'm
not
paid
by
it,
which
means
I
just
get
to
have
fun
and
do
projects
I
care
about
by
Design
and
so
right
now,
I'm
focusing
a
lot
on
sort
of
the
education
and
Deni
efforts,
because
they're
one
in
the
same,
almost
the
majority
of
my
talent
comes
from
non-traditional
backgrounds
and
a
lot
of
those
come
from
non-traditional
spaces
for
Tech
I
specifically
found
today.
A
A
brand
new
Native
American
open
source
training
program
which
they
just
started
out
so
I'll
be
adding
that
into
our
IDE
and
I
list
as
well.
But
yeah.
That's
me
for
the
next
at
least
two
to
three
months:
I'm
at
a
company
without
a
marketing
team,
so
I'm
just
doing
whatever
I
want.
C
Okay,
so
my
name
is
Christine
Abernathy
and
I
am
currently
at
F5
and
I've
been
doing
a
lot
of
work
with
the
open
ssf
for
the
last
year,
and
one
of
the
things
I'm
most
passionate
about
is
dni,
so
kind
of
happy
to
support
in
any
way
shape
or
form
and
I'm
really
excited
about
any
opportunities.
There
are
to
actually
get
people
not
interested
into
open
source,
but
into
open
source
and
security,
which
is
a
super
super
important,
so
yeah.
That's
me.
A
Oops
you're,
you're,
muted,
stuff.
E
Hello,
can
you
guys
hear
me,
the
audio
is
probably
really
bad,
so
apologies.
My
name
is
Andre
survey.
I
am
currently
studying
CS
I'm
a
senior
at
mjit
and
yeah,
looking
to
improve
my
awareness
about
like
open
source
security
and
just
the
security
when
it
comes
to
open
source
stuff,
so
yeah
excellent.
D
Okay,
well
I,
guess:
I!
Guess
the
bottle
spun
and
pointed
at
me,
then
my
name
is
sen:
Hastings
I'm,
a
general
Linux
Enthusiast,
with
kind
of
a
focus
more
towards
embedded
Linux.
Occasionally,
people
pay
me
to
write
software,
and
you
know
Sal
found
me
lying
in
a
gutter.
You
know
sometime
middle
of
last
year
and
now
wherever
they
go,
I
must
follow.
So
here.
A
D
C
D
D
A
Yeah
and
you
gave
an
incredible
talk
so
basically
thank
you
and
sorry.
I
have
to
know
that
this
is
so
casual
between
Sun
and
I,
because
sen
is
my
part
time
whenever
I
need
a
virtual
assistant
virtual
assistant,
so
because,
like
I
have
somebody
that
can
actually
like
understand
what
these
emails
mean
right,
yeah.
C
B
C
D
I
apologize
for
effectively
destroying
any
semblance
of
professionalism
that
Sal
was
trying
to
bring,
but.
D
A
All
right,
yeah,
well
cool.
Well,
those
those
are
some
good
introductions.
Gotta,
say
yeah,
I,
think
on
the
mentorship
program.
I
think
it's
interesting.
The
one
thing
I
do
want
to
clarify
because
I
clarified
it
before
was
that
it
is
open
to
those
of
non-traditional
backgrounds.
So
it's
quote
unquote
student,
but
it's
anyone!
That's
in
that
position
and
I
think
that's
really
valuable
because
increasingly
I
admiring
those
over
four-year
students,
so
yeah.
A
There's
not
so
many
really
clear,
Pathways
but
I
think
the
real
difference
is
the
incredible
hiring
deficit,
both
cyber
security
and
SRE.
So
it's
a
place
where
people
can
go
and
get
upskilled
like
I've
seen.
A
lot
of
people
do
really
good
and
if
you
are
still
in
a
school
position,
right
now
go
and
do
your
summer
internships
and
do
them
in
devops,
with
a
focus
on
SRE
or
devout
super
focus
in
cyber
security
and
get
that
on
your
resume
right
now.
A
A
B
F
A
Of
trading
that
they
have
the
skill
set
for
SRE
right,
because
it
really
does
take
about
three
to
six
months
in
those
fields
to
be
valuable
enough
to
be
in
an
entry
hiring
location.
Because
we
have.
We
need
200
000
in
the
UK
right
now
and
that's
less
than
what
the
US.
C
A
I
think
it's
interesting
because
I've
been
on
both
sides
of
that
when
I
hire
seminar,
I'm
working
with
someone
I
always
make
them
rewrite
their
job
description
for
what
they
want
to
be
doing
in
one
year,
and
then
we
compare
the
difference
with
training
right,
but
really,
if
you're
just
jumping
into
a
space
it.
It's
not
even
self-advocacy.
It's
about
not
wasting
your
time
right,
so
go
in
and
be
sensitive
to.
What
it
is
that
you
do
not
enjoy
like
I
will
tell
you.
A
I
got
that
I
was
already
in
like
devops
back
end
and
I
got
a
three-month
boot
camp
scholarship
to
go
study
like
react,
front
end
and
I
left
because
I
hated
it
I
hated
that
kind
of
development,
I
thought
it
was
stupid
and
awful
I
still
do
and
I
respect
people
that
do
it,
because
it's
a
hard
job
and
I
know
that
now,
but
but
really
it's
about
advocating
and
knowing
that
like
those
three
months
would
have
been
better
spent,
not
at
a
boot
camp.
But
back
in
my
job.
A
One
I
enjoyed
my
job,
but
two
it's
it's.
My
skill
set
it's
where
I
love
to
be
it's
the
kind
of
right.
So
it's
testing
those
out
and
being
able
to
you
know,
take
the
things
that
are
what
we
call
the
hard
disciplines
and
take
a
risk
on
it,
because
you're
probably
going
to
be
happier
in
five
years
in
that
career
than
you
are
doing
front
end.
B
Yeah
that
happened
to
me
in
my
career
was
when
I
started.
I
got
an
internship
as
a
tester,
and
then
it
happened
to
be
like
right
next
to
the
security
room
and
I've
always
wanted
to
be
security.
B
So
when
I
would
talk
to
my
advisor
for
the
internship,
they
were
like
well.
If
you
can
perform
well
in
your
testing
role,
you
know
we'll
we'll
think
of
putting
you
into
caring
I'm,
like
I
hate.
B
What
I'm
doing
like
I'm
not
going
to
perform
well
I'm
gonna
tell
you
straight
out:
I'm
not
going
to
perform
well
and
then
I
had
to
go
out
of
my
way
of
watching
the
security
folks
go
to
the
restroom,
because
it
was
on
the
path
and
then
just
making
friends,
and
then
I
ended
up
having
an
internship
there
less
than
less
than
my
internship.
You
know
I
already
had
like
secure
the
next,
because
I
was
like
no,
because
if
I
go
down
the
path
you're
putting
me
it's
not
going
to
work
out
yeah.
A
Yeah
and
I
I
do
think
I
think
I
mean
I've
absolutely
seen.
This
I
think
that
people
over
direct
non-traditionally
represented
people
they
over
direct
them
into
careers
that
are
typically
don't
pay
as
well,
but
often
are
much
more
like
customer
service
facing
and
I
think.
That's
just
that's
just
clearly
implicit
bias
and
I
think
that's
awful
right,
because
that
doesn't
mean
that
I'm
gonna
get
the
best
developer.
A
C
E
A
A
Yeah
well
I'll.
Take
that
real,
quick,
so
SRE,
so
everything
is
sort
of
under
the
larger
domain
of
devops
right,
but
devops
is
just
basically
it's
literally
called
like
what
developer
wait.
What
happens
when
developers
do
what
managers
used
to
do
themselves?
A
So
it's
all
around
automation,
practices,
SRE
is
site,
reliability,
engineering,
so
I'm,
asking
myself.
The
question
can
I
model
this
system
statistically
so
that
I
know
where
it's
most
likely
to
break.
There's
chaos,
engineering
site,
reliability,
engineering-
all
in
that
and
really
the
difference
is
devops.
Is
your
stable
job
that
you're
going
to
make
a
stable
normal
wage
at
you
can
get
the
devops
as
your
first
step
in
and
get
exactly
what
they
were
just
saying:
sort
of
a
dip
in
experience
to
what
are
in
the
pagerduty
domain.
A
So
that's
cyber
security
and
SRE
when
things
go
wrong,
there's
a
very
potential
that
someone
is
going
to
call
you
on
a
phone
and
you
have
to
fix
it
immediately
and
cry
because
it's
2
A.M,
but
those
jobs
off
the
bat
can
be
200
300
000
in
the
US
market
because
they
require
you
have
a
specialized
skill.
A
So
you
have
to
go
in
and
understand
devops,
and
then
you
want
to
sort
of
Shadow
on
an
SRE
or
cyber
security
team
and
then
you're
or
third
experience
what's
different
about
this
is
the
pathway
where
you're
not
really
Project
based.
You
have
to
be
embedded
onto
a
team,
and
you
have
to
demonstrate
your
ability
to
work
on
a
team
when
there
are
incidents
so
studying
incident,
response,
learning
and
understand
threat
models.
A
If
you
really
really
are
interested
in
that,
there's
a
threat
modeling
working
group
through
Linux
foundation
and
there's
a
bunch
of
people
that
work
in
there
and
work
tandem
with
open
source
projects
like
I,
went
in
and
I
did
a
threat
model
with
the
maintainers
behind
Argo
CD,
because
I
care
a
lot
about
Argo
CD
and
they
promised
me
one
of
their
plushies
and
they
saved
it.
For
me
at
this
last
Cube
gun,
so
I'm
getting
in
the
mail
but
but
yeah
so
I
went
in
and
I
had
never
done.
A
I
had
never
done
a
full
threat
model
for
this
particular
like
for
an
open
source
system,
which
is
a
lot
more
interesting
Integrations
than
others,
and
so
doing
that
built
out
my
skill
set.
It
gives
a
public
record
of
that
skill
set
I
work
with
an
open
source,
a
pretty
Central
open
source
project.
So
it's
things
like
that.
Learning
to
engage
in
cyber
security
in
open
source
projects
does
get
you
a
good
track
record
and
there's
things
like
bug
batches.
All
of
those
any
of
those
things
are
going
to
be.
A
It
proves
you
to
be
incredibly
valuable
because
when
I
see
somebody
that
has
even
three
or
four
really
really
nice
projects,
sometimes
that
doesn't
mean
they're
a
great
developer.
It
means
they're
a
horrible
team
player
and
that's
not
what
I
want
to
see
on
a
resume.
So
you
got
to
be
careful
about
what
you're
actually
showing
and
if
you
can
show
that
you
have
that
progression
from
demonstrating
a
skill
set,
bridging
that
to
a
new
skill
set
and
then
taking
that
and
making
it
something
new.
A
That's
what
it
is.
If
you
take
the
same
path
in
Academia,
it's
exactly
the
same.
So
in
your
postdoc,
in
your
like
graduate,
you
demonstrate
something
new,
your
postdoc.
You
extend
with
a
Venn
diagram
between
something
new
and
something
else,
and
if
you
move
on
in
your
career,
you
have
this
little
bubble
of
really
special
specialized
capacity
right.
That's
your
specialization
Matrix
and
that's
that
that
log
is
actually
really
strategic
in
the
way
that
people
write
up
grants
and
stuff.
B
B
Let's
say
you
want
I
use
the
cloud
engineering
example
right.
If
you
want
to
come
and
you're
looking
for
cloud
and
Engineers
your
your
digital
portfolio
should
reflect
what
a
cloud
engineer
should
be
doing
or
are
they
studying?
So,
if
you're,
an
academic,
you
know
go
ahead
and
just
share
on
LinkedIn
GitHub,
your
own
personal
website,
just
things
that
you've
worked
on
Lessons
Learned.
What
did
I
do?
B
Well,
what
could
I
have
done
better
next
time,
where
my
you
know
my
strength
and
my
weaknesses
on
those
projects
and
then
share
it
out
with
your
community
like
I'm
on
LinkedIn
and
I,
see
folks
are
like
oh
I.
Just
did
this
really
cool
thing
and
it's
a
hello
world,
but
it's
really
simple.
I
was
like
all
right:
cool,
you're,
you're,
one
step
closer.
You
know
it
takes.
It
takes
20
hours
to
learn
new
skills,
so
finding
your
platform
to
display
your
your
your
knowledge
and
your
your
learning.
B
Experience
becomes
what
your
digital
portfolio
is,
and
then
you
know
as
you're
searching
for
these
jobs
and
they
say
not
to
do
it
but
people
they
research,
you
right
or
if
it's
on
your
resume,
if
you
provide
your
LinkedIn
or
your
GitHub
and
stuff
like
that,
people
are
gonna,
go
there
because
you
provided
these
resources,
so
you're
kind
of
demonstrating
yourself.
As
for
this
case,
for
this
example
Cloud
engineer
so
I
go
on
a
LinkedIn
page.
B
It
should
reflect
what
a
cloud
engineer
looks
like
and
not
from
a
personality
perspective,
but
from
a
skill
set
and
your
volunteer
work.
As
she
had
mentioned.
You
know
working
as
team.
There's
several
Dei
communities,
there's
several
Tech
communities
out
there
just
start
joining
them.
Go
to
meetups
like
in
my
area.
B
There's
multiple
meetups
everyone's
different
I
live
in
a
big
bigger
city,
so
I
have
that
availability
and
then
the
other
thing
is,
you
know
looking
at
if
you
want
more
of
the
nitty-gritty
of
what
do
I
study
like
Tech
like
do
I,
do
python
or
do
I
do
JavaScript
go
on
LinkedIn
and
look
that
look
for
these
jobs.
So
once
again
the
cloud
engineer
look
at
these
different
Cloud
engineer.
B
Job
descriptions
see
the
ones
that
interest
you
and
I
always
ask
people
I
always
ask
my
mentees
to
take
to
take
it
to
make
two
lists.
The
skills
I
have
and
the
skills
I.
Don't
the
skills?
I
don't
become
your
study
path.
That's
where
you
now
go
and
you're
like
okay,
now
I
need
to
learn
a
cloud
provider
now
I
need
to
learn.
You
know
what
get
is
and
what's
the
ICD
means?
B
Oh
I've
done
this.
This
is
cool
I
played
with
python
Django,
so
I'm
gonna
add
this
to
now
to
my
resume
or
my
LinkedIn,
those
are
my
my
two
cents.
E
C
Like
okay,
you
just
like
you
just
pick
one
or
what's
in
your
experience,
I
know,
everyone
probably
has
a
completely
different
Journey,
but
I
was
always
interested
in
like
sometimes
you
don't
know
what
you
know
because
I've
seen
like
sometimes
I
will
tell
people
what
I
do
and
I
give
it
a
title
and
they're
like.
Oh
that's
what
I've
always
wanted
to
do.
I
just
didn't
know
it
had
a
name.
B
Yeah
yeah
and
corporations
are
interesting
because,
like
what
one
title
might
be
at
one,
Corporation
does
a
completely
different
role
at
that
same
title:
another
Corporation
and
I'm
a
curious
person,
so
in
cyber
security,
I've
been
all
over
the
place,
so
I,
usually
I,
usually
go
for
the
the
job
description
like.
Does
it
sound
exciting?
B
If
I
don't
know
what
the
words
are
then
just
do
like
a
Google
search
or
you
know,
reach
out
to
the
recruiter.
I.
Think!
That's
something!
That's
you
know.
Most
people
just
submit
an
application,
that's
it,
but
you
can
easily
nowadays
find
out
who
the
recruiter
is
and
be
like.
Hey
I,
just
I
just
want
to
learn.
You
know
15
minutes
of
your
time.
Just
tell
me
what
this
position
or
what
they're
looking
for
this
position
to
do.
B
It's
it
I
always
tell
folks
I'm,
like
you,
gotta
put
your
salesman
hat
on,
or
your
salesperson
hat
on
and
and
figure
it
out.
It's
a
little
uncomfortable,
but
we
wouldn't
be
making
moves
to
where
we
want.
You
know
to
Saul's
Point
earlier.
You
know
you
wouldn't
be
advocating
for
yourself
unless
you
advocate
for
yourself
or
get
in
the
position
once
you
advocate
for
yourself.
C
A
Yeah
I
think
I
think
it's
also
really
important
to
write
strongly
but
honestly
represent
yourself.
So
I
do
ask
when
I'm
working
with
people
that
are
earlier
in
their
careers
I
have
to
state
to
them
explicitly
like
you
should
write
out
every
single
type
of
Technology
you've
used
if
you've
done,
SQL
queries
sqls
on
your
resume.
That
may
not
be
what
you
want
to
do
with
your
life.
You
put
every
single
thing
that
you've
used.
However,
I
don't
want
to
see
just
a
list.
A
I
want
to
see
what
you
used
in
combination
just
literally
colon
this
this,
and
this
and
I
want,
above
that,
the
problem
I
was
trying
to
solve
you
enough
to
narrativeize
your
technical
experiences,
so
no
matter
what
job
you're
in
you're
a
project
manager
of
one,
and
if
you
can
demonstrate
that
you're,
a
great
project
manager
of
yourself
and
or
of
teams,
then
you're
super
hireable,
because
you
add
an
extra
value
that
nobody
else
has
developers
that
cannot
be
self-stimulated
are
very
very
hard
to
keep
going
on
a
team,
so
yeah
that
really
really
shows
it
and
I
also
think
that,
like
showing
up
for
your
failures,
it's
a
question
that
I
ask:
whenever
I'm
hiring
I
ask
someone
at
the
end
of
their
session:
I
prepare
them
for
it.
A
A
Do
they
then
say
that
this
was
a
team
issue
or
a
leadership
issue,
or
do
they
say,
hey
I
messed
up,
and
this
is
something
that
I
learned
from
technology
spaces
are
so
much
more
human
than
you
would
expect,
because
all
of
us
basically
have
the
same
skill
set
across
these
different
domains.
A
Right
Cloud
engineer
is
actually
about
three
or
four
different
roles,
if
you,
if
you
slice
them
up,
but
really
it's
about,
being
able
to
communicate
well
and
being
able
to
show
that,
like
growth
into
a
domain
of
specialty
and
anywhere,
where
you're
stuck
at
a
point
of
growth
right,
if
you're
stuck
not
being
to
make
that
Venn
diagram
or
the
next
jump.
That's
what
you
write
as
the
reason
why
you're
looking
for
that
experience
right
and
then
so?
C
I
really
like
that
explanation
about
kind
of
like
knowing
owning
your
failures,
because
whenever
I
am
interviewed,
I
also
like
to
ask
a
similar
question
and
it
always
a
red
flag.
If
somebody
says
no,
they
have
no
I've,
never
fails
or,
or
that
it's
like
it's
like
a
growth
opportunity,
but
also
just
being
strategic.
Even
if
it's
just
like
I'm
gonna
take
this
job
because
I
wanna
you
can
have
like
a
very
long-term
goal.
C
It
doesn't
mean
that
you
know,
but
let's
say
you
want
to
be
a
CEO
and
once
met
somebody
who
said
they
want
to
be
a
CEO,
so
every
job
they
took
from
the
beginning
was
to
learn
whichever
one
skill
they
needed
for
that
CEO
position.
So
if
it
was,
for
example,
just
learning
how
to
deal
with
people,
maybe
their
first
job
was
being
kind
of
like
a
team
lead.
The
next
one
is
kind
of
learning
strategy.
Maybe
they
learn
something
working
with
the
sales
team,
but
it
was.
A
Yeah
yeah
because
you'll
get
burned
out
the
second
you're
going
in
the
wrong
direction.
It
happens
to
all
of
us
more
than
once
in
our
careers,
but
the
people
that
stay
in
this
game
for
10
years
and
ones
that
can
beat
burn
out
because
they
stick
with
what
they're
passionate
about
it
sounds
flimsy.
But
it's
genuinely
true.
It's
genuinely
true
there's
a
huge
difference
between
those
engineers,
especially
in
open
source,
because
in
open
source
you're
I
mean
there's
people
who
happen
to
get
paid
for
the
things
that
they're
already
passionate
about.
A
In
the
most
part,
there
are
more
people
coming
in
for
it
as
a
business
measure,
but
a
lot
of
us
were
in
it
because
it
wasn't
business
before,
and
so
it's
really
cool
working
in
what
is
basically
a
creative
domain
with
people
who
I
think
would
consider
themselves
creative
but
then
actually
fixing
problems,
unlike
perhaps
an
art
case,
except
for
this
scene.
The
scene
will
do
both
I'm
obsessed
with
that
for
the
next
two
weeks.
So.
A
Oh,
my
last
note
there
as
you're
like
looking
into
career
options
and
also,
if
you
can
send
me,
maybe
I'll,
find
me
on
LinkedIn,
because
there's
there's
this
big
pathway,
like
learning
pathway
Christine.
Do
you
remember
where
that
big
pathway,
someone
sent
us
this
learning
pathway
that,
like
goes
through
a
bunch
of
it's,
not
cyber
security
specific,
but
it
was.
A
A
I
can't
remember
what
it
was.
Of
course.
If
you
want
access
to
any
of
that
information
get
on
the
Linux
Foundation
slack
or
the
open
ssf
Slack
under
the
Deni,
and
that's
where
we
have
our
conversations.
E
I
remember
we're
seeing
that
a
couple
weeks
back
where
it
was
a
kind
of
like
a
road
map
of
security,
certifications.
C
A
A
Oh,
yes!
Well,
sorry.
My
last
note
is
like
for
cyber
security
SRE.
They
pay
well
they're
lots
of
fun,
but
you
can
only
do
it
if
you
have
a
specific
type
of
Personality
I've
seen
people
have
panic
attacks
in
that
space.
It's
pager
Duty
so
like
when
I
was
when
I
started.
Sre
I
had
a
manager
pull
me
aside
and
he's
like
you
know
what
you're
gonna
have
to
now
develop
a
pagerduty
personality
and
I
was
like
what
does
that
mean?
A
He
was
like
I
identify
and
I
now
identify,
but
this
manager
was
like
I
identify
as
the
dude
from
that
one
like
1990s
movie
he's
just
like
always
send
out,
and
it's
like
it
doesn't
matter
how
many
servers
are
on
fire.
I
am
the
dude.
I
am
the
dude,
so
it
is
it.
It
is
like
you
have
to
find
a
personality
fit
for
the
attack
more
than
you
have
to
find
a
tech
fit
for
yourself.
I
found
that
genuinely
be
true.
B
B
But
it's
a
it's
a
it's
a
good
learning
experience
but,
like
you
said
it
has
to
be
a
particular
personality
and
to
be
able
to
work
with
different
personalities.
Sometimes
you
gotta,
you
gotta,
make
those
tough
calls
at
two
in
the
morning
to
call
somebody
wake
them
up
and
be
like
hey.
A
But
what
I
put
in
right
there
are
specifically
for
cyber
security,
but
these
are
some
of
the
best
I,
like
literally
I'd,
recommend,
if
you
think,
you're
interested
in
cyber
security
show
up
once
to
every
single
one
of
these
meetings.
It's
gonna
be
about
one
day's
worth
of
hours
for
about
15
years
worth
of
experience,
you
can
ask
anyone
on
those
calls
any
questions.
You
have
that's
what
I
would
do,
that
is
in
part
what
I
did
and
why
I
have
so
many
contacts
in
cyber
security
and
Linux.
C
I
can
attest
to
that
having
not
knowing
knowing
much
about
security
just
like
listening
and
for
the
first
few
months.
I'm
like
I
have
no
idea
what
they're
talking
about,
but
over
time.
You
kind
of
now
kind
of
know
the
words
and
it
starts
to
all
come
into
Focus
five
plus
one
yeah
catch
up
and
stuff
yeah
plus.
A
It's
nice
to
get
new
faces
in
there
because
more
than
once,
I've
had
like
a
new
face
come
on
and
someone
has
to
like
clarify
an
acronym
for
them
and
it
turns
out
half
of
the
people.
Who've
been
there
for
six
months,
didn't
know
what
the
acronym
was
so
like.
Really
we
got
it's
worth
it's
worth
asking
dumb
questions,
because
maybe
we
need
more
of
that.
B
Yeah,
it's
definitely
something
that
I
recommend
for
folks
entering
is
like
Join
one
of
the
working
groups.
I'm
like
look
at
this
page.
Look
at
all
the
cool
things
we're
working
on
and
just
Join
one
of
them
that
makes
you
excited,
you're
gonna,
be
like
industry.
You
know,
experts
and
just
folks
that
are
just
trying
to
solve
this
problem
and
I
know.
Andre
has
been
on
the
vulnerability
disclosure
working
groups
with
us
and
then
the
alpha
omega
as
well.
So
thank
you.
B
Do
you
have
any
more
questions
or
if
anybody
else
had
questions.
A
I'm
just
adding
in
resources
but
absolutely
do
follow
up
on
or
off.
This
call,
if
you
have
any
other
questions,
I'm
always
curious,
especially
getting
people
into
these
harder
domains,
and
everyone
on
this
call
wants
cyber
security,
but
I
secretly
also
still
need
more
sres.
So.
C
A
I
think
absolutely
so:
we've
got
so.
We've
got
a
couple
of
resources
up
there,
but
I've
just
put
up
some
of
the
working
groups
and
then
I
did
add
some
of
the
training
for
the
Linux
Foundation,
but
I
think
the
ask
is
for
anyone,
that's
jumping
in
and
who
wants
to
know
more
about
specifically
security,
not
just
education,
because
we'll
still
we're
going
to
be
bringing
out
some
more
of
that
content.
A
But
if
you
want
to
understand
more
about
really
the
real
life
of
cyber
security
education
jumping
into
any
one
of
those
working
groups,
will
give
you
clear
insight
so
and
there's
some
of
the
friendliest
people
you'll
ever
meet
I.
C
B
A
D
D
Oh,
don't
speak
too
soon,
so
this
is
the
first
one
of
these
meetings
to
ever
happen.
Yes,.
D
A
Well,
I
can
origin
story
this
office
hours
for
you
a
little
bit:
okay,
it's
that
across
education
indeeds,
which
are
pretty
relatively
more
Blended
than
some
of
the
other
cigs,
so
much
external
interest
and
engagements
stuff
like
the
spdx
email.
You
sent
me
yesterday,
lots
of
impact
requests
that
Canon
should
be
centralized
because
most
of
those
aspects
should
be
working
with
each
other
as
well
and
using
these
as
topics
topic
oriented
spaces.
Today
it's
for
the
mentorship
program.
Oh.
A
D
You'll,
forgive
me
it's,
you
know,
9
A.M
here
and
in
California
land,
so
still
moving
a
little
bit
slowly.
B
Yeah,
it's
the
first
one
and
I
I
know.
One
of
the
things
we
want
to
do
is
set
up
like
kind
of
like
a
schedule,
so
folks
can
see
which
ones
are
coming
up
or,
like
you
know,
the
next
two
might
be
this.
You
know
we
just
yeah
we're
so
figuring
out,
but
it
just
kind
of
giving
a
pathway
for
folks
to
also
ask
questions
and
just
come
in
either
for
what
we're
doing
with
Dei
or
they
might
be
within
those
groups.
They'd
be
like
hey.
B
How
do
I
just
get
started,
I
think
just
giving
folks
that
space.
A
A
If
we
can
send
it
out
in
advance
and
ask
people
if
they
have
any
topics
that
they
would
like
to
cover,
which
we
can
ignore
if
we
have
a
major
topic
to
cover,
but
it
gives
us
a
backlog
of
things
that
people
are
interested
in
and
I
think
it
might
be
worth
it
because
this
is
such
an
it's
such
a
valuable
group
for
the
kind
of
conversation
we
just
had
I
think
it
would
be
really
good
to
time
box
those
topic
specific
conversations
to
30
minutes
and
ensure
that
we
have
30
minutes
in
these
open
source
sort
of
office
hours
for
General
discussion
for
people
to
jump
on.
B
Yeah
we
can
probably
do
the
the
pre-recording
or
just
have
a
do.
The
first
30
minutes
record
that
right
and
that's
kind
of
like
the
marketing
piece
that
we
share
record
the
conversation
of
course,
because
there's
going
to
be
valuable
information
out
of
it.
But,
like
you
said
time
slot
it
I
think
that'd
be
nice,
yeah,
I
think
so.
Yeah
cool.
E
That's
like
one
additional
question:
there's
a
kind
of
like
this
new
trend
with
insecurity,
where
it's
like
more
privacy
focused
and
there's
a
real
emphasis
on
like
privacy.
What
are
some
ways
that,
like
you,
know,
you're
kind
of
learning,
those
Technologies
or
kind
of
looking
at
the
space?
Or
how
do
you
even
feel
about
the
space
in
the
first
place?.
B
So
privacy
has
been
around
forever
just
like
security,
but
it
takes
something
to
make
it
into
light,
so
it
has
been
where
security
and
privacy
have
worked
together,
but
now
they're
kind
of
spanning
off
into
different
degrees
like
GR,
ass
governing
risk
and
compliance
GRC,
those
groups
and
organizations
kind
of
work
with
both
but
they're
also
working
with
regulations.
B
So
if
that's
an
area
that
you're
looking
to
go
into
for
privacy,
privacy,
security,
I,
usually
recommend
looking
at
regulations
and
understanding
a
global
wide
of
house
how
different
countries
and
organizations
are
handling
handling.
These
regulations,
like
gdpr
gdpr,
light
in
California
the
executive
order.
Those
those
type
of
rows
go,
there's
multiple.
B
You
can
engineer
and
things
of
that
nature,
but
they
also
tend
to
go
more
as
an
auditor
or
the
folks
that
put
the
policies
and
procedures
in
place
and
then
validate
that,
so
that
when
Auditors
do
come
in
it,
it's
like
a
quicker
turnaround
and
then
I
don't
know.
If
anybody
else
wants
to
add
to
that
or
if
I
fully
answered
your
question.
E
Oh
and
just
like
something,
I
think
from
like
one
of
the
meetings
from
yesterday,
they
were
talking
about
specifically
like
policies
and
and
processes
which
one
kind
of
takes
more
of
like
a
a
priority.
If
you
will
yes,
I
guess,
yeah.
B
Those
are
interest
always
interesting.
It's
like
policy
standards,
Frameworks
procedures,
processes,
I
I
still
to
this
day,
get
them
a
little
confused,
but
a
policy
tends
to
be
more
of
an
for
me.
For
my
understanding,
my
experience
tends
to
be
more
of
like
an
external
piece
right.
This
is
what
the
company
or
the
organization
has
to
legally
Oblige
by
a
process,
is
kind
of
like
the
flow
that
we're
gonna
do
it.
Oh
you're
gonna
create
this
you're
gonna.
Do
this
you're
gonna?
B
Do
that
and
then
the
procedure
more
of
the
person,
who's
handling
it
or
the
folks
involved.
The
users
involved
the
different
steps.
So
oh
you're
gonna
enable
this.
Oh
you're
gonna,
send
me
an
email
or
it
they
all
kind
of
get
a
little
blurry
and
everybody
has
their
own
little
definition
of
it
in
in
the
industry.
E
Just
one
typically
take
priority
because
I
remember
working
for
a
institution
before
and
one
of
the
things
that
they
were
trying
to
instill
was
one
of
our
policies
to
go
basically
like
before
our
processes,
but
like.
E
Kind
of
weird
sense,
where
it
was
like
the
processes
where
then
kind
of
more
in
charge
of
introducing
policies
or
puncher.
A
Yeah
well,
I
think
I
mean
there's
some
semantic
Loops
here
that
can
break
down
because
they're
not
consistent
across
both
sectors
and
even
individual
companies,
but
I'm
just
gonna
I,
don't
know
if
this
is
gonna
answer
your
question,
but
I
always
think
an
SRE
first
and
basically
we
have
slas
slos
and
slis.
A
Those
are
real
things,
so
system
level,
agreement,
system,
level,
objective
and
system
level
indicator,
so
SLA
is
something
like
if
a
server
goes
down
for
this
amount
of
time
legally,
the
person
doesn't
have
to
pay
anything
anymore
right
and
SLO
is
a
quantitative
number
that
keeps
you
below
the
SLA
and
an
SLI.
Is
that
like
sort
of
continuous
indicator,
that's
a
running
average
underneath
that,
and
so,
when
you're
looking
at
the
difference
between
a
process
and
a
policy
it
has
to
be.
Is
it
something
that's
able
to
be
moved
and
rearranged?
A
That's
a
so!
Is
it
like
goal
post?
That's
a
policy.
If
it's
a
process,
it
can
be
tied
to
kpis
or
slos
I,
guess,
I
guess
for
me.
A
I
always
have
to
very
much
make
distinct
it's
operations
if
it
doesn't
have
anything
that
can
be
quantitized
sort
of
quantitative
to
it,
but
there's
a
lot
that
we
can
have
quantitative
in
cyber
security
and
SRE
that
we
just
have
indicators
of
what
our
next
actions
are
and
that's
why
it
really
feels
much
different
to
develop
in
that
space
because
I'm
not
usually
sweating
on
the
keyboard
until
something
has
gone
wrong.
A
E
Thank
you,
guys,
like
like
gonna,
be
expresses
to
read
a
bomb
to
camouflage,
get
more
knowledge
about,
like
kind
of
the
differences
between
like
Slauson
or
just
kind
of
the
context
behind
those
or
just
adjacent.
A
Oh
sorry,
yeah
actually
I'll
send
you.
So
if
you
want
some
more
context
around
that
I'll
look
into
it
a
little
bit
more
because
I've
been
meaning
to
write
this
up.
But
this
that
sort
of
context
driven
approach
you
can
use
that
anywhere.
I
use
that,
in
my
daily
life,
I
use
that
for
brushing
my
teeth,
I
love,
slos
and
slis,
so,
but
so
it
can
be
non-operational,
but
also
new
resources.
A
I'll
have
to
find
them,
because
I
want
to
make
sure
that
I
get
both
separate
SRE
and
cyber
security,
and
that
might
also
further
demonstrate
to
you,
here's
a
common
framework
between
them
and
very,
very
different
sort
of
approaches
to
them,
because
basically
it
goes
this
way
an
SRE.
We
want
to
have
like
a
nice
plushy
like
error
budget.
A
We
want
things
to
go
wrong
and
we
they
just
have
to
go
wrong
in
a
way
that
the
End
customer
can't
see
so
like
we're
as
lazy
as
possible,
whereas
the
same
kind
of
indicator
system
in
cyber
security
is
completely
different.
They
want
to
do
as
much
preventative
care
as
they
can,
because
one
failure,
every
single
customer
will
be
aware
of
so
right,
totally
different
jobs,
totally
different
worlds.
F
F
F
F
B
A
Well,
yeah
so
I
mean
at
the
beginning.
We
just
talked
a
little
bit
about
the
Apple
Omega
mentorship
program
coming
out,
and
then
we
spent
kind
of
the
last
half
of
it
just
talking
about
sort
of
like
careers
and
how
to
look
at
getting
started,
particularly
music,
like
Linux
Foundation,
is
your
jumping
Point
I
thought
it
was
a
great
first
session.
I
was
happy.
We
put
this
together,
I
think
so.
Yeah.
C
F
F
Well,
well
so
I'm
a
traditionalist
right,
I,
I,
started
I
was
in
I
started
doing
information
security
before
it
was
sexy
right.
So
so
you
gotta
understand:
I
came
up
in
the
game
with
through
understanding
risk
and
risk
management,
and
this
was
this
was
some
20
20
something
years
ago.
F
Information
security
was
concept,
was
conceptual
at
best
at
that
point,
but
my
but
then
I,
but
then
you
know
educationally
and
of
course,
I
got
trained
in
the
home
of
information
security,
which
is
the
dod.
So
so
I
you
know,
and
then
of
course,
academically
I
mean
one
of
my
degrees
is
information.
Security,
information
security
systems
like
that
I.
F
Have
that
that's
so
it
wasn't
like
I,
came
into
the
game
later
on
and
and
found
it
and
then
and
then
found
a
a
one,
one
bright
spot
in
it
that
I
wanted
to
learn
now.
F
I
I
was
exposed
to
everything
and
I
did
everything
so
I
I
talked
about
the
under
the
need:
the
need
to
understand
administrative,
Technical
and
physical
aspects
of
information
security
and
then
drilling
down
deeper
into
what
aspect
of
the
information
security
one
that
you
want
to
dive
in
on
and,
of
course,
cyber
security
being
a
subset
of
that
supply
chain
security,
which
is
a
newer
concept
right
I
mean
like
this
there's
a
there's,
a
like
I
said:
My
Views
are
on
there
a
little
excuses,
I
think,
fundamentals,
the
key
and
then
I'm
one
of
those
individuals.
F
That
said,
there
are
too
many
people
out
here
that
know
how
to
play
instruments,
but
don't
know
how
to
read
cheating
all
right
so
so
that
that's
you
know,
learn
how
to
read
the
sheet.
Music
is
also
is
also
where
I
sit
on.
That
too,
like
I
said
just
if
it's
cute,
but
that's
my
that's
my
two
minute
take
on
on
that.
F
A
Hey
Jay
I,
don't
know
if
you've
seen
this
email
for
me
yet,
but
I
sent
it
to
you
in
what
is
now
your
morning
and
I'm,
asking
for
a
five
minute:
audio
recording
where
you
talk
about
your
entry
into
open
source,
but
I
have
specific
requests
for
the
way
that
we
go
about
it.
So
it's
not
boring
and
awful
and
professional
I
want
you
to
actually
speak
to
people
about
what
it
feels
like
to
be
in
this
space.
A
F
F
And
you
said
a
five
minute:
video
do
it?
What
format
does
that
need
to
be
in?
It
might
have
just
recording
this
on
on
my
request
on
my.
F
C
F
D
A
It's
just
an
audio
recording
which
I
will
then
take
and
Auto
translate,
so
it's
both
readable
and
audio,
but
no
video,
it's
just
audio,
because
it's
being
a
QR
add-on
to
a
Zine,
because
we're
cool
these
days
and
I
promised
the
zine
once
it's
done,
I'll
be
over
it,
but
I
will
mention
it
six
times
a
day
until
it's
not.
E
B
D
Yeah
and
actually
I,
just
wanna
I
guess
I'll,
just
I'll
just
double
check
here.
Did
you
get
that
other
other
email
from
John
metric
so.
A
D
The
there's
like
the
the
the
working
group
saying
next
Wednesday
ooh.
A
Steering
committee
thing
ooh:
yes,
I
will
double
check
it,
but
also
send
me
a
slack
message:
real
quick,
so
it
stays
inside
of
my
head
and
past
the
stuff
yeah
yeah
yeah.
You
can
do
it
on
a
separate
call,
though,
because
this
ain't
Alpha
Omega.
This
is
this-
is
us
trying
to
work
with
spdx
I.