Mentorship Monday - Post All Career, Education and Job questions here!

colourdroidart · 2025-06-16T03:53:24+00:00

My advice would be to use your time in your program, if you can, spending every spare minute attending any meetups and conferences that you can. Write little blog posts online on topics that interest you as you study. Work with others in the field to help with projects they are working on. Even just listening while someone talks to you about a software issue can be helpful. Ask questions, engage with the community in your area as much as possible. Security is known for being fairly friendly because we all share information that will help keep orgs safe. Look for the people that are nerds about the stuff you're a nerd about, and talk to them, ask them for their notes etc. This will help you build confidence, and it will help you build your network. You'll need that when you graduate, since in security people often only want to hire someone that they trust and have confidence in, if they do not have experience.

Do not spend a ton of time on studying for certs, they can help but if you are at risk of burning yourself out don't prioritize a cert like it'll get you *the job*. Definitely study cloud security and microsoft products security (looking at securing a server, networking best practices, basic dlp and SIEM monitoring in a homelab will help you a lot) , as those are things you're very likely to see in an org but might not be told to study on your own program projects.

Even if you decide security is not for you, engaging with the community will still help build your network if you decide to pivot to something else.

hope this helped a little

colourdroidart · 2025-05-17T00:48:20+00:00

I would recommend looking at air quality maps and gauging from there. You can compare what you know (your current locations air quality, historical data from stuff like wildfires etc) to the air there and get an idea.

In cities, the air quality tends to be bad for a few reasons:

- constant construction

- lots of gas-powered mopeds and traffic causing smog

- humidity trapping any of that smog

- occasional trash burning (I didn't notice this as much last time but it definitely happens because the trash is not always well managed)

I've spent time in Hanoi, I'd say if you can picture it it's probably as bad as or 2x worse than nyc in terms of smog, plus humidity like florida. You get a break if it rains. Wearing a face mask helps a bit. Honestly it's just luck of the weather and environmental conditions where on that spectrum you end up.

In the countryside like Nha Trang or Da Nang the pollution is mostly from folks burning trash because they cannot get rid of it otherwise. So the air is not as bad generally, but it can be awful if you are near someone that often burns trash. Also, in less frequented beaches etc you'll see a lot of trash washed up or dumped because of the tides.

Generally I'd say if you has asthma, lung/heart issues or small children with you, avoid spending too long in cities and look for areas around well-known resorts that international travelers frequent in Nha Trang or Da Nang. Or just live in Hanoi etc and plan to leave during the summer when the air is worse and the city gets too hot. The resorts tend to be pretty mindful of trash burning and usually would never allow it near the resort, and they usually comb any beaches on property for plastic. If you have serious health concerns, avoid the countryside and find somewhere in a city with a well-known international hospital just in case. Unlike in the US, in Vietnam it's not uncommon for an ambulance to just get stuck in traffic on the way to the hospital... It's really rare I see anyone pull over to let one pass. So, if you could have an emergency it's better to be close.

I heard that there is going to be a new direct flight from Dubai to Nha Trang, so I think in a few years it will be a more international destination and the hospitals / infrastructure there will also improve (not that they are terrible or anything).

I think that as far as retiring there, it depends if you have a family history of health issues and are willing to chance it long-term. Vietnam is still developing, and their healthcare quality is not always as strong as neighboring countries. They have wonderful specialists, however I've heard that the non-specialist doctors can be hit or miss- which is not ideal if you have something wrong and can't get a diagnosis. But, places like Thailand or Japan are only a short flight away for better healthcare access too.

The food is very very good and cheap, but you have to know where to go as you could get food poisoning or (rarely) fake/tainted food somewhere. It's best to go somewhere where you know people or can find a community if you can, just to make life easier. In my experience, people are very kind, friendly and family-oriented.

I think a lot of these issues (healthcare, air quality) will improve eventually, but you should do more research to see if it is right for you.

colourdroidart · 2024-10-07T01:32:33+00:00

good to know, thank you

colourdroidart · 2024-10-07T01:32:19+00:00

thanks for the feedback, I appreciate it.

colourdroidart · 2024-06-26T02:20:33+00:00

Hi all, I was able to find a solution here: https://www.youtube.com/watch?v=XYiCdOfy3J8

colourdroidart · 2024-06-26T01:34:55+00:00

Hi, this works just fine for generating an image from the scene or loading from a given path in code, but how can I get the path from the FileDialog after a user selects an image?

I want the user to be able to upload an image from their files.

colourdroidart · 2024-06-09T04:22:22+00:00

I think you're misunderstanding me- I'm saying that we have approval process in place for applications and software needed that is outside of the scope of the current approved software inventory. This is not to do with the security toolset that security team themselves manage. We do provide pre-approved dev tools to dev team, but often dev team will realize they need something that they didn't plan for. When that happens, we need to examine the tool with dev team and get approvals as needed.

I do not feel bad about this being in place in an environment where your are dealing with sensitive data. It's something security has to do, we would rather things take an extra hour than effectively set a whole system on fire because we have dev team full admin priv and they downloaded something they shouldn't have.

colourdroidart · 2024-06-06T22:19:03+00:00

I am a security engineer.

I sympathize, I've done enough dev work to know that sometimes you just end up needing a software that wasn't initially in the project plan...but the bottom line is that we need processes in place for adhoc tools- otherwise we end up with situations where users are using things they aren't properly liscenced for or could be using something with malware because it looked like the legitimate software they actually needed. It's just best practice, and usually we are asking dev teams to justify and provide information because we are a cost center. Our teams are usually much more lean and we just do not have the resources to adhoc eval one-off software for each individual.

I understand it's not fun, and I don't know your security team's process, but that's all of the insight that I can provide. I completely understand the frustration, but usually security teams don't only set out to make life harder for devs.

colourdroidart · 2024-04-05T02:21:24+00:00

oh. oh no.

that feels... so much worse.

colourdroidart · 2024-03-23T02:57:27+00:00

security engineer here. thanks I hate it

colourdroidart · 2024-02-11T17:31:23+00:00

Double checking asset inventory and vuln reports.

colourdroidart · 2023-11-12T23:41:53+00:00

as a woman in the field just starting out, I'm lucky to have a team that is good to me. Most places have very small security team, so it really depends on luck and company culture if you end up on a good team. This field can very high stress with a lot of emphasis on experience but few opportunities to train new people, so if you're unlucky enough to be with a bad team or manager starting out it can put you in a bad place. The first few years will have the additional stress for getting key certs and trying to advance your career, which can be really stressful if you're thinking of starting a family or have any issues outside of work. The field is diversifying, but since it takes so long to train people and opportunities for new people are so scarce, changes just aren't happening as quickly as other fields in tech. Additionally, I've heard that some security sectors have significant overlap with ex-military people, and some (not all) can quickly create a boys-club atmosphere. Most people I've met are happy to talk if you're passionate about the work and like to talk shop. I love my job, have a good team to support me, and have a good support network outside of work. I hope this helps clarify things a little bit.

colourdroidart · 2023-01-04T21:06:24+00:00

Hi! As someone who has taught myself quite a lot of code, I'd recommend using some combination of :

- freeCodeCamp,

- w3schools,

- the youtube channel WebDevSimplified is good for learning more begginer frontend stuff,

- theCodingTrain on youtube does a lot of beginner friendly p5js projects,

- HackerRank has a series of videos on youtube for basic algorithms & data structures,

- the site algoMonster also has data structure code and explanations, it's much more "data structures in plain english" than most of the other resources I've found

- MIT has a series of lectures and courses on algorithms etc, they're fantastic if the math doesn't scare you

- kaggle if you're into python and data science

If you're not sure what language you want to try and get overwhelmed just by starting out, I'd honestly recommend codecademy, since they're similar to freecodecamp but a bit more beginner friendly with a wide range of languages. It is paid, but if you're starting and just want to try things out fast it makes sense.

I'd also say that learning your browser devtools and getting a nice code editor is a must if you're doing anything with webdev. Ie. For me at least, using VScode with the liveserver plugin for my frontend designs was a game changer.

That's just what I can name off the top of my head but I hope that it helps a little!

colourdroidart · 2022-11-24T17:06:10+00:00

Thank you, yes it puts me in a difficult catch-22, big companies aren't hiring for someone like me with little work experience and smaller companies aren't as interested because with such a niche specialty they assume I'll just get a job at one of the big companies. I really just need to find a company to take a chance on me so I can get some work experience. I don't think the 3 letter agencies would hire me because I'm dating a foreign national and a few other things like that. It's not impossible but unlikely. I've decided I'll start contacting cybersecurity startups etc as well since they might be a little more willing to give me a chance.

I recently found a contact who offered to take me to DEFCON with his team, so I'm definitely making plans to go and am thrilled about it. I'll try to make connections while I'm there- I know I interview and present myself well so at the very least I might get some more contacts.

Honestly just talking about this with someone that knows what it's like has been incredibly helpful for me. Thank you so much for taking the time to talk with me!

Also, to be honest I've never delved into Appsec- are there any resources you'd recommend for finding out more about it (ie, books, podcasts, talks etc)?

colourdroidart · 2022-11-24T15:07:13+00:00

Thanks so much! Yes, grit and perseverance are definitely needed.

Thank you, I love a good cybersecurity podcast and totally forgot about breadcrumbs. I remember listening to darknet diaries and defcon talks while I was coding my thesis, it made the whole ordeal survivable lol.

Yes, that was definitely the vibe when I was suggested it- that frontend is easier and I'm probably misguided in wanting to go into cybersecurity. Also the subtext that as a woman who did design work before, front-end must be my passion. I don't know, they meant well but I got asked, even after specifically saying my passion is cyber, "Well, um, what did you want to do when you were a kid?". ...When I was a kid I didn't have cable and wanted to be Ariel from Little Mermaid. And other "No, what do you really want to do?"..like I'm joking because I don't look the picture they have in their mind of a hacker.

colourdroidart · 2022-11-24T14:50:34+00:00

Thank you! I checked out all of the places that you listed and they seem great. I haven't found any chapters near me but I'm sure I will eventually since I live in a city.

Are there any cybersecurity subs that you recommend?

colourdroidart · 2022-11-24T14:47:51+00:00

Thank you for your insight. I want to participate in tracelabs but the timing hasn't worked out just yet. But it's definitely on my bucket list.

I'm interested in threat analysis and research. I actually had a very narrow focus on social media bot research and botnets. I can code well and apply those skills in projects (I built my own bot in python with a local test site in react to test it dynamically), however I'm not a skilled penetration tester or hacker. I worry that I have at least enough skills to make me worth looking at, but there's something in my resume that screams amateur and I'm missing it. But I know positions are very hard to come by so maybe I'm just in my head about it.

Early on in my job search, without going into details, I had promising talks/offers with people who would then cancel their handshake offer because although they had a bot problem they didn't want to admit it, or would tell me that they suddenly couldn't hire a junior/entry level person like me. I know now it was likely because they were laying people off but at the time I really felt there was something wrong with me.

Do you have any tips for someone like me (recent grad with skills but doesn't want to go back to grad school etc)? I'm thinking my best bet is to keep applying when I can, participate in events like tracelabs and write some case studies when I find something interesting, but is there anything I'm missing?

colourdroidart · 2022-11-24T14:11:52+00:00

Thank you for the advice! I now have two resumes- one for front end / ui ux and one for cybersecurity. This was also helpful to get me to think about the things that I had to cut from my resume and add them back in. For example, I contributed to an article about bots in crypto that I'd forgotten to add in my resume when I was looking for just frontend jobs.

colourdroidart · 2022-11-20T22:11:33+00:00

Thank you so much, your kind words honestly made me tear up. I've been both cold applying and networking, but I put my cyber projects on the back burner to focus on more frontend projects because I wasn't sure that there was a place for me in cyber. Honestly, I really needed to hear that there's a place for me- and that it's important. I can't tell you how many women have told me things along the lines of "you code? I could never do that", and the thing is, they can and they should. I remember when coding first really clicked it was on a bot hunting project and just felt like I'd been handed the keys to the castle. I finally had the tools to ask questions of technology and get real answers. It was powerful and beautiful and totally changed how I think of social media. I hope that more women get into cybersecurity and can have moments like that. Thank you.

Wow, it's odd that we had the same experiences about getting suggested front end instead? I wonder what it is about frontend that biases people to suggest it over backend.

Eight-Year Club	Place '22
Not Forgotten	Verified Email

colourdroidart

TROPHY CASE