Nikhil Mohanlal (00:00)
Hey, how's it going? Welcome to the first episode of CyBytes, the show that brings conversations of those working in cybersecurity across UAE and the world.
beginner or seasoned.
In this episode we have Juma Alhamli, an L2 analyst and a good friend of mine He's one of those guys who just simply gets it. He has well and truly carved out his path and his career with precision. He does work in defense, however he is a red teamer at heart, he is a pen tester, he loves it, and an avid gamer.
And he's very, very passionate about sharing his knowledge. And so in this episode, we get into a little bit of that. talk about how he went from being a gamer into being a pen tester, how he understood the concepts and fundamentals of cybersecurity way early on, and how he pivoted into defense and why he chose to go down the SOC analyst path. As well as that, we'll also get into the meat and potatoes of what it takes to become a efficient SOC analyst.
here in UAE, It's not all fun and Hope you enjoy.
Nik Mohanlal (00:58)
one, two, three. Let's keep it going. Cool. Welcome to the first episode. Welcome to the podcast. Joma, how's things? Yeah.
Jumaa (01:01)
Rolling, let's start rolling.
Thank you. Thank you for
having me. It's an honor to be here and you know Nick you're a great friend of mine and And also a co-worker as I would say Yeah, you're one of us so It's nice being here. Also. This is my first podcast ever like I have I have never done a podcast so I think
Nik Mohanlal (01:21)
Yeah, I'm one of you guys.
Mm.
Jumaa (01:35)
It is a great experience. It will be a great experience for me.
Nik Mohanlal (01:38)
Yeah, likewise.
let's jump straight into it. So like I said at the start, when I sent you all the notes itself is more going to be more about you as a person and kind of your involvement in cybersecurity and how you got started and stuff. you know, let me just pass it to you. Here's the torch, you know, like tell me a bit about yourself. What do you do? Give me your background.
Jumaa (01:59)
Yeah sure, so
my name is Jumaa AlHameli and I'm a cyber security enthusiast. I've obtained my bachelor's in cyber security not long ago and I started my role as a SOC analyst. I also have four different offensive security certifications and my latest one is OSCP. I obtained
my certifications while I was studying so I was a lot more focused in offensive security but as my job role is a soccer analyst it's like a different role than the offensive security but it is a great role because I'm learning the defensive side so I know how to pen test but
how to evade the defensive measures that are over there. So I'm learning a lot of things as a soccer analyst. During my free time, I have some kind of a lab set up at my home to develop my skills and knowledge in offensive security and also as a soccer analyst because in my home lab I have some SIEM tools that are
Nik Mohanlal (02:58)
Mm. Yeah.
Jumaa (03:26)
deployed and also with my you know the attacker machines trying to evade some of the same rules that I have implemented so yeah
Nik Mohanlal (03:38)
So that's actually something I'll get into in a bit actually. I'm quite interested in knowing that a little bit. Because obviously you see a lot online from people saying, you've got to build your own home lab. But very few people actually do. So I want to dig deep into that a little bit later on. But I kind want to ask you a little bit about your, I guess, interest in cyber.
Jumaa (03:57)
Hahaha
Nik Mohanlal (04:06)
It's an interesting thing because in the past, I guess, you talk to people of...
who have had 20, 30 years of experience in it, they never actually learned cybersecurity. They never really got into it. They kind of just fell into it. Maybe they were like technicians or they were IT engineers or something and they just somehow learned something about the cyber element, the security element came in. But nowadays it's a bit different, especially for us younger guys. We learn it in uni. So what was it to you when it came to actually grasping
Jumaa (04:31)
Mm-hmm.
Nik Mohanlal (04:43)
in cyber security, like what element of it made you go, I want to continue this.
Jumaa (04:49)
I remember, it was a long time ago, know, I used to play some games, MMO games, and you know, as a kid you want to cheat, you want to be the best. And I created a software where it's a fake, let's say it's a fake cheat, but it has a keylogger in it.
Yeah, so I was trying to take some, you know, accounts in the MMO game and it's a bad thing, like I don't condone this. A lot of people have done this before and you know, moving on forward, you know that it is a bad thing because what you're doing is wrong. It's like you're stealing someone's effort and it's like a childish thing that I have done and...
So what I did was, after I created that keylogger and everything, I posted it on a forum that is actually where cheats are being posted over there. one guy, so I think he reverse engineered my program and got my email address from it. So the email address that was, it was a set up email address, it wasn't my actual email address. And I contacted that person and I'm like, how did you do this?
he explained the process on how to do this so this got me like it made me so curious about it i wanted to learn more on you know all these kind of stuff it is a part of security but also it is a part of you know programming and a little bit of engineering it made me curious in a way like because i knew that i hardcoded some of my
Nik Mohanlal (06:27)
Mm.
Jumaa (06:36)
you know, information in that program. In a way it made me think like I have to understand more about security on how to secure myself, how to keep my information private. And later on, I didn't have the foundation knowledge of cybersecurity so I joined the college. I grew myself in college and how did I know that cybersecurity is my thing?
joined some platforms where they had cyber security training I don't want to mention any platform right now so I've joined some platforms and worked my way through it and I remember the first time I got a reverse shell on a machine when I got yeah man you know the dopamine the it's like the dopamine was flowing in my blood and I had this adrenaline rush
Nik Mohanlal (07:10)
this.
good feeling.
Jumaa (07:35)
So I kept on going and you know all these like I had some curiosity on how things work techniques I wanted to grow more on this field so I knew that cyber security is gonna be my thing once I did that I didn't feel bored I was going on it for hours days nights it got me interested in it and
Nik Mohanlal (08:01)
No, it's not.
Jumaa (08:02)
Yeah, I kept on reading blogs, going through the internet, trying to understand new things, learning. So yeah, I had the feeling of the practical work, while also studying the theoretical part in college.
Nik Mohanlal (08:18)
Yeah, That's actually another thing I want to speak about as well is that you clearly at an early stage, you had a inkling towards it somehow, some way, because someone showed you. Someone reverse engineered your code without you even realizing, and you kind of, again, you fell into cyber. You fell into the security portion without actually understanding what's involved with it.
Jumaa (08:32)
Mm-hmm.
Nik Mohanlal (08:44)
which led you on this path to go into actually pen testing and kind of red teaming, if you will. I want to dig into your brain a little bit about why or what makes you want to continue, right? Because now that you're working, it's a little bit different, right?
What is it when it comes to you when you want to learn something new? How do you approach something like this? What's your technique, if you will?
Jumaa (09:09)
So I think there are two different types of people on how they learn. Some people, when they see something that is done in front of them, they will grasp it immediately. Whereas the others who would go and search, look for some certain details, try to understand and build their knowledge around that. I like having both.
So I like seeing something that is being done in front of me to grasp it really fast. It's like based on if I have the understanding of it. But if I don't have the understanding of it, I'll go search on the web about it. let's say if I'm... Let's talk about Active Directory. So Active Directory pen testing. When I got into pen testing, I didn't start up with Active Directory. I started up with, you know...
services and networks, some like standalone machines and stuff like that. But I've seen that it is demanded by organizations and other companies to have some Active Directory knowledge and pen testing So I started researching how does the Active Directory work.
what is the Kerberos, how the TGS works and how the TGT works. I needed that foundation and knowledge of it.
Nik Mohanlal (10:33)
you clearly had the drive to want to be a pen tester, right? You were very focused in going into red teaming, learning, you you got Shell, you've got Root, you did a lot of boot to root stuff. That is your kind of driving factor, right? To be like, I know what to learn now because this aids my goal of becoming a pen tester, right?
Jumaa (10:36)
Mm-hmm.
Mm-hmm.
Nik Mohanlal (10:56)
What about for someone who doesn't know what they want to do? Even though they've spent about, let's say, two to three years of their life or their career in IT, maybe it is in a security role, maybe it's not, but yet they still just can't figure it out what they want to do. Learning something new can be quite difficult for them, especially when they don't know what it means to them. Why should they be learning? What would your advice be for someone
in that position, someone who's completely new to cyber or wants to pivot into cyber but has some experience in it, or in IT particularly, and they want to learn something new, you know, whether they can decide whether they want to go red team or blue teaming, what's your thought on that?
Jumaa (11:43)
So my thought about that before they even go for any certifications in regards of Blue Team or Red Team, know there are a lot of available platforms over there that can give some exercises and even the fundamentals of Blue Teaming or even Red Teaming. I'll advise them to go
Try the red teaming exercises and then try the blue teaming exercises and from there on they will know where they fit more basically It is like like you're saying they'll find some weaknesses in themselves and then they can You know list their cons and pros see what what is better for them? And what do they understand more?
Nik Mohanlal (12:21)
Hmm.
Jumaa (12:30)
Let's say if an IT guy who is responsible of Active Directory He's gonna work with both. So if he's put into let's say a SOC analyst he would understand what are the alerts what is happening and everything but and also if he wasn't red-teaming he'd understand how does Active Directory works, but he has to Have the practical work and try both of them
so he could see himself fit in which role or let's say in which team he can be in.
once I started it clicked immediately. I felt that this is the path that I want to be in. So once they start something, if they didn't feel the passion about it, they didn't give it enough time, let's say, I want to go back and do this.
right away so in your free time you want to do this you want to do that if they didn't have that feeling then i don't think it is the right direction for them but let's say they started something it doesn't have to be time consuming at least they have to have the passion for it
Nik Mohanlal (13:46)
Yeah, that's another thing as well is because some people will have the passion for it. You've clearly demonstrated that yourself. But for many others as well, it's more of a monetary pursuit. They'll look at videos on TikTok or even YouTube. You're like, make 400k being a stock analyst in Texas or Houston or something. would you consider that a valid drive or a valid mission?
Jumaa (14:12)
I'd say for some people, yeah
Okay, if you got the role itself, okay, let's say no one starts with $400k yearly of course, but you know have to build up on that so these people who as you said in TikTok and other social media platforms sometimes they just exaggerate you know with these kind of things but it's nice to have
Nik Mohanlal (14:20)
Yeah.
Wish.
Jumaa (14:43)
you know, goals, to set up goals, so let's say, I want, you know, to have this much of salary. I think it is a certain goal. And if you have, you know, something in mind to start with and pursue it, you can reach your goal.
it drives people to reach their goals. I think it's not only based on money. If you have both things, like passion and the salary itself, it will make you reach your goal very fast.
Nik Mohanlal (15:03)
Yeah. Yeah.
Yeah,
I mean, I agree with you. It's kind of a multifaceted thing here. It's not just one or the other. especially the money aspect, can really help people get started, right? Which is why I would say this whole TikTok thing it's attracting people to it and it does get people started, right?
Jumaa (15:27)
Mm-hmm.
Yeah. Yeah.
Nik Mohanlal (15:34)
and that's enough for them to actually experiment new things, experiment with red teaming, experiment with blue teaming, experiment with labs or heck even GRC or anything like that, I want to get into your experience as a SOC analyst because you're clearly a pen tester, you're here with a black hoodie, Black hoodie, it's actually brown. You know, you're clearly a...
Jumaa (15:51)
You're wearing a black hoodie too man Really? I thought it was black
Nik Mohanlal (15:59)
a very very apt pen tester. How did you end up becoming a SOC analyst?
Jumaa (16:05)
so I had two offers either as a SOC analyst or a pen tester but as a pen tester you have to wait let's say there is no opening for now you just have to wait six to one year six months to one year I chose the SOC analyst
I chose this role because I needed the job and to take care of myself, my family and all of that. I had to initiate this process and even sacrifice what I love.
Nik Mohanlal (16:46)
Fair enough, fair enough. I mean, SOC analyst, I was an L1, L2 for a little while as well. It was actually my first SOC analyst position after some time. Before this, I was a lab engineer. I creating labs for said platform, which is not gonna mention on this. And so, that experience for myself was...
an extreme journey because again, I was in that position. I didn't know what I wanted to be. Right. And I thought, let me make that decision to become a SOC analyst. And that in and of itself was a crazy learning journey. Aside from the shifts and aside from the crazy escalations, like what would you say is the negative element of it? Because there's a lot of positivity around this, which is great. But I want to showcase some of the negative sides of it just to balance of board a little bit.
Jumaa (17:33)
Yeah.
So
just to make you know so we don't let the viewers run away from this role path yeah being a SOC analyst is really great you'll have hands-on experience you will learn a lot you will see you know it is fun but the downside of it is you know being in shifts
Nik Mohanlal (17:44)
Hahaha
Jumaa (17:58)
having a lot of alerts in front of you. The triaging part and you know, the reporting you have to be 100 % focused on this because
Any small detail that you miss may have a big impact on the infrastructure. Maybe an adversary is trying to get in the infrastructure and you're missing out the small detail. In that case, you have to be someone who is considerate and 100 % clear with what you're working with.
also having an open mind not only that also it gives you the the knowledge of building up on how to think outside the box because it's not only based on what you're seeing sometimes you have to look like inside the infrastructure itself maybe something that has happened previously or you know doing some correlation in between alerts that were happening previously so
you have to have the right mindset for it. in, the negativity of it, can't seem to have a lot of negativity in being a SOC analyst except being in shifts, night shifts. It's basically my own perspective.
Nik Mohanlal (19:18)
Mm.
Jumaa (19:25)
because maybe some other people wouldn't mind being a night shift It ends up on a person's perspective on how he thinks it could work.
Nik Mohanlal (19:36)
It does take it out of you. Night shifts, man. I put on some weight on that time. But you're right. It is more than just the initial element.
There is a heavy impact on it. I think that messaging isn't Conveyed clearly or it's it's difficult to come across unless you actually do speak to said SOC analysts or someone who has been in the field Right God forbid there's an escalation or a p1 escalation right you have to make sure your information is accurate readable and actually
demonstrable to right it goes the L2 L2 passed on to L3 if it is a deep escalation they have to chuck it to the IR guys right their information or their direction is charged by the information you feed them right if it's bad information they can only do so much right
Jumaa (20:11)
Mm-hmm.
Yeah, it's like, you know, it's a big responsibility because it starts from, you know, the L1s itself, like as an L1, you have a big responsibility because if you miss anything, it's your job. You're the first line of defense. And if you missed that, who's gonna find it later on? So I think,
This job comes with a big responsibility so you know, you should take it seriously, not think of it as a simple job to do.
Nik Mohanlal (21:01)
100%. It can be very difficult to remind ourselves of that, But I want to ask you a little bit about mentorship. I've seen you around the office, you do have a very strong network. But from your experience, would you say...
Jumaa (21:08)
Mm-hmm.
you
Nik Mohanlal (21:17)
mentorship has played a key part if anything if not you know is that are there any steps that you're willing to take to actually get mentorship from someone
Jumaa (21:26)
I had some mentors in the company I'm working with and actually they taught me a lot. Most of what I know as a social analyst comes from them and basically I am looking for a mentor right now at my office.
but you know basically we like this shift, shift timings and all of that we don't have time to be shadowing someone or someone mentoring us so it is very hard but of course you can't build most of the knowledge by yourself you need someone to guide you
Nik Mohanlal (21:55)
Mmm.
Jumaa (22:08)
help you, just tell you, okay, I know what your capabilities is, but to even build up on that and be more productive, you have to do this and that. So basically, you will try to better yourself based on the mentor's advice.
Basically,
Nik Mohanlal (22:33)
Yeah.
Jumaa (22:35)
because of the shift timing, it's hard to get mentors with you and trying to guide you to the right direction.
Nik Mohanlal (22:44)
course. I think it does play a key part for students especially and new grads, know, people who are very new in the field.
Jumaa (22:50)
Mm-hmm.
Nik Mohanlal (22:54)
they don't know what they want to do, right? They are in the SOC analyst position. They don't have that technical background to be able to say, this is what I want to do. This is their first job. A SOC analysis L1 role is one of first jobs for many people. And as many want to do their first job, they want to succeed at it. They want to do the best they can.
I mentioned previously in our conversation offline as well on our notes and things, UAE is a, it's growing rapidly, right? With everything with, you know, G42 and Space 42 and everything, what not. There's massive, massive advancements here, but...
Jumaa (23:25)
Of course.
Nik Mohanlal (23:32)
I personally feel from my perspective and from conversations and observations I've had is that It's quite difficult for newbies to find these roles in these new companies or start-ups and you know, what's your thought on that? What would you encourage new students or grads to do to get into that position?
Jumaa (23:52)
So, let me just say this, I remember when I was in college, I didn't know what to do, so I was in the same shoe as everyone else. I knew that just the foundational knowledge that is coming from the college isn't enough. I want to be that person who stands out when I'm at work or let's say if I'm going to the internship and you know start my training, I want to stand out.
So what I did was I first searched what kind of jobs I might have in cybersecurity. You know, they had a lot, GRC, SOC Analyst, Pentester, and no other roles. So I'm like, okay, let me just look at each one of them, see what is their responsibilities and what do they do.
their daily works. I was lucky, so the first thing I stumbled on was pen testing and you know it was a big shortcut for me, I didn't have to go and research a lot about everything else. So I started doing my pen testing on the platforms and all of that and I'm like okay how can I help these students who are with me in
being like me, like I wanted to see myself, I wanted to see myself in these students so what clicked up in my mind because I've joined a lot of CTFs throughout UAE I'm like why don't I do a CTF for these students you know give a workshop and try to introduce them to offensive security like because I've been in their shoes I know what they're feeling they feel lost
they don't know what to do. So I'm like, okay, let's do that. And I did the local CTF in my college and what happened was everyone in cybersecurity joined. the second, third year students and fourth year students joined that CTF. It was really impressive and the college really liked it. Everyone, you know, were, you know, they were interactive.
they were learning a lot and once it was done I had some impact on a few of the students so let's say maybe four or five students who are currently getting first places with a lot of reputable companies who are hosting and organizing CTFs so I felt really good you know because these students it felt like I was a mentor to them
Nik Mohanlal (26:48)
Mm.
Jumaa (26:49)
and I'm seeing how they progress and they're really progressing really well so it was a good impact on them. I think it is a way to know, gamify cyber security to students just to let them learn on how things work. I know it is not like the real world you know scenarios but you're trying to make it as real as it gets.
Nik Mohanlal (27:07)
Yeah.
Jumaa (27:19)
And basically it was like something that was missing. So let's say something was missing in the college itself and I found that thing.
But it's not only about offensive security. We have to also bring the defensive side. And that's more important. Maybe some people won't like the offensive side. Because it's not like everyone wants to be a Pentester. If everyone wants to be a Pentester, then you won't find people who are willing to be a SOC analyst.
Nik Mohanlal (27:50)
Yeah.
Yeah.
to man the SOC.
that's pretty cool actually. You really took it upon yourself to, you took the initiative to build your own workshop, right? You felt, think it, me if I'm wrong, but like you took the time to say, look, this is what I've learned. This is what I'm good at. Let me showcase it to my peers. Let me tell them how I did it, how to do it and actually created competition within your teams.
friendly competition to actually showcase that. And off the back of that, you actually got a few students on your little mentorship game. You can then continue to develop your own skills that way. And I think that's a really key thing is even for myself, ever since I became a trainer, my communication came into play. I never used to be able to talk so frequently. so...
Technically, if you will, right as to your point, you know, there's also the defensive aspect that needs to be taught. There's not just No one wants to just do the sexy stuff of hacking constantly, right? There is a defensive aspect and on both sides there is communication which is key, right? That's that's what the directors are gonna look for anyone can do a boot to root CTF and be amazing at it, but
Jumaa (28:55)
Mm-hmm.
course.
Nik Mohanlal (29:20)
when the director of the security comes down and asks you what happened the other day, you should be able to successfully and concisely make him understand.
Jumaa (29:23)
You should be
I think, I think this like, because you know, teamwork, like why do we have teams? So I think if we can incorporate like someone who can report back, so you have an actual guy who does the job as let's say a pen tester, so he's a hands-on guy, and then you have someone who you know can relay the message back to other people. I won't say
the manager or the director but I'd say to stakeholders or let's say the clients if you're working for a client so yeah it's good to have a designated person who is actually you know skilled in that way to relay the message and explain what happened in a fashionly mannered way not
just the cyber security, know, technical way.
Nik Mohanlal (30:30)
Yeah, hacker came in. APT34
Jumaa (30:33)
I
utilized this tool to get a virtual and I deployed a DLL and then side-loaded it and the client is like, what are you saying? I don't understand. How is it affecting me? What am I losing? That's what they understand.
Nik Mohanlal (30:41)
Mm-mm.
Yeah.
What is all this? Yeah. Yeah.
Yeah,
honestly, that's one of the things I've realized the most, especially no matter how technical you are, there's someone who needs to know needs to know their technicality in an easier fashion, i.e. know, a director or a C level someone, a C level exec needs to know what has happened. They only have five minutes, like I always tell them in my sessions, right? They only have five minutes to understand the attack. How are you going to explain a
four-hour campaign in five minutes. It's tough. And so I really agree with you on that point to have a designated person to collect information. They don't have to be technical. They don't have to be superior in a certain technology, but they should have communication skills to be able to understand the attack, relay it clearly in a way with a solution, a possible solution maybe.
Jumaa (31:28)
It's really tough.
Yeah
yeah I think yeah that's a great point like even like happened to some workshops and yeah having someone you know explaining the whole thing in a short and let's say fashion fashion mannered way is optimal because you know you have to just get to the point and
Nik Mohanlal (31:54)
Yeah, that's it.
Jumaa (32:21)
how to mitigate, let's say, the attack that happened. And I think that is not only gonna make the technical guy's life easier, but also it can create jobs in the future.
Nik Mohanlal (32:37)
Yeah, exactly. It's never gonna go away. Cool, man. I want to dig deep before we wrap things up a little bit into yourself as a person. This doesn't have to be too cyber related if you don't want it to be, but it's just really what your motivation is.
Jumaa (32:52)
Yeah, that's fine.
Nik Mohanlal (32:56)
whether it is cyber security learning or if you're learning a new skill or even if it's dealing with a family or something like that or anything, right? We all face moments of self-doubt, right? It's inevitable. It can either consume us or we can do something with that fuel. We could do something with that pain or however we want to choose to see it, right?
How do you handle that, right? When you do have this feeling of self-doubt, this like inkling of like, can't do it or I'm not able to do it or this anxiety that comes up.
Jumaa (33:30)
I had this kind of feelings...
but in life, if you're facing a problem, whatever happens, any kind of problem, you know, these problems, they will teach you something. So let's say if you didn't... So something happened to you or anything and it's like...
Nik Mohanlal (33:39)
Of course.
Jumaa (33:55)
some kind of experience even if you doubt yourself, I had this happened to me or this happened to me I'm afraid that it's gonna happen again. So you take what happened to you as an experience and you know try to better yourself, think of it as a way that okay what did I do wrong and how can I you know not have this or not do the same mistake again
what kind of approach should I take? You have to sit and think about it, or as in the other factor where you like you doubt yourself into, succeeding something if you have an exam or whatever it is, and you keep on doubting yourself, I don't think I'm gonna pass, or I think I'm gonna fail, man, just go for it. It's like, don't wait, don't think about it.
Do what you gotta do, study for it, and just go straight forward on it. You're not gonna lose anything because as long as you're alive, is, you know, you can redo it again, you can retry it again. You're not failing. There is no such thing as failure. It's like, it didn't go well, or it went well, and you you can do it again.
Nik Mohanlal (35:17)
That's a really good approach to that. Myself, I'm gonna ask this to a lot of my guests as well because I'm a very anxious person. I don't know if you can tell but...
I myself, apply the same sort of thinking when it comes to outside of cybersecurity. I play music, I'm in a band, right? it's, finally reached that stage of, you I no longer have stage fright. It's not a problem anymore. It used to be the case where you're panicking so hard before the show or, you know, I'm going to play the right notes or, you know, talk to the right band member or plays, all the sort of stuff can go wrong. So many things can go wrong, but...
Jumaa (35:42)
Mm-hmm.
Nik Mohanlal (35:57)
For me, it changed when I kind of just came to terms with the fact that it's not gonna fail, you're just gonna keep going, you're gonna keep going and it's gonna be fine. If you screw up a little bit, if you have a whole day ahead of you, the day is gonna move on, it's gonna be Tuesday tomorrow and no one's gonna remember what happened.
Jumaa (36:17)
course
so the same thing as you know when you're presenting something to a very big crowd I remember I had you know this kind of anxiety or let's say the stage fright if you want to call it and you know at the first 10 20 30 seconds you will be a bit you know stuttering maybe afraid to say something wrong or you know and
Nik Mohanlal (36:40)
Yeah. Yeah.
Jumaa (36:47)
it will get your heart pumping and blood flowing so I remember I had these kind of things but you know just kept on going I tried to you know not think about it a lot and it just went for it and yeah a time after time after time after time and I got used to it so I can speak publicly in front of a big crowd you know no hesitation and all of that so
Nik Mohanlal (36:51)
You
Yeah.
Repetition is another key point here, right? Repetition legitimizes. The more you do it, just the better you get at it. That's simple as that, right?
Jumaa (37:19)
is the key. Yeah.
Of course.
Nik Mohanlal (37:27)
You know, a lot of us tend to make cyber security our lives. We tend to go deep into learning and become so engulfed into it and it just kind of consumes us. Clearly you were a gamer before, right? I was gonna say, is that something you do still or? Yeah, man.
Jumaa (37:31)
Mm-hmm.
I stopped long time ago like it's It's it's time consuming. I don't have time
like I want to progress I don't want to play games I do that maybe once a month for an hour, you know, just change up a bit and have fun. It's like You're doing that for fun. But it's you don't have to do it every day. You know, there are some
Nik Mohanlal (38:01)
Yeah.
Jumaa (38:09)
other ways to have fun.
Nik Mohanlal (38:09)
of course.
Yeah. Which are, in your case?
Jumaa (38:13)
creating labs, do some pen testing, this is what I see as fun right now.
Nik Mohanlal (38:17)
Hahaha
Fair enough, fair enough.
Nice. You're glued behind that screen, man, constantly.
Jumaa (38:27)
Wow.
with work and everything I used to you know have some certain screen time like I do 12 hours a day but right now because you know with all the shift and stuff like that you know work it is more than 12 hours so I'm staring into a screen for like maybe 16 hours something like that which is a lot and you know I have to get some glasses for the
Nik Mohanlal (38:42)
Yeah.
Easily.
Yeah.
the blue light blockers. I need to find a company to sponsor this podcast that provides those.
Jumaa (38:59)
you know, the blue light blockers.
If your podcast is all about cyber security then yeah they will
Nik Mohanlal (39:14)
Whoever's watching, bring them my way.
man, cool. So I do want to get your advice, right? For listeners who are tuning in to a new podcast, learning about this industry, about this country.
Jumaa (39:24)
Mm-hmm.
Nik Mohanlal (39:32)
what would be your recommendations or advice to those in that situation, whether it's a new career change or pursuing something in cyber or anything, you have a unique perspective to share, go for it.
Jumaa (39:44)
I think it's a great opportunity for people who are from outside the country to come here and explore more about the job opportunities in cybersecurity as well as UAE is rated as the top one country in security not only cybersecurity but also as in law. It is safe to live here.
Nik Mohanlal (40:10)
Yeah.
Jumaa (40:12)
and the people are really great. We have a lot of nationalities over here and everyone treats everyone the same way. You can't find people who are being rude to someone else or anything. It is a safe country to live here and even grow a family over here. So I think it is a great thing for people to come and
Nik Mohanlal (40:30)
Mm.
Jumaa (40:40)
explore UAE and get their job opportunities over here and work here. Also for people who are trying to move into cyber security as we discussed earlier about finding what the key part and finding what role they want to be in the future because they already have some experience in IT or whatever so they will need to understand more about that role before moving into it.
Nik Mohanlal (41:10)
Thank you for for providing your advice on this. You you clearly have a lot of experience that's quite, quite unique and quite personal. And that's my objective with this podcast is to showcase that right. Not many people get to get a chance to speak with soccer analysts such as yourself who have had this experience. And so I'm really keen to get
Jumaa (41:23)
Mm-hmm.
haha
Nik Mohanlal (41:30)
people such as yourself on this podcast.
Jumaa (41:33)
I can give the experience to people who haven't yet started a job or they're still, you know, undergraduates. So I think it is a very good opportunity for these kind of people to, you know, relay this kind of information to them and
for them to listen to this kind of podcast they can figure out some kind of things that may it may it may help or it may not help but i think it might help some people
Nik Mohanlal (42:03)
Yeah, 100 % as well. I
We each have our level of skill and experience, right? Whether it's three, four years of exoc analysis or 20 years of exoc analysis, right? you are where you are and you're looking towards a particular goal, right? I might be butchering this analogy, but you're here and the mountain you're going for is over here, right? You have this much years of experience and someone coming here is also looking at that mountain, but they're so afraid about getting to that. They need to know how to get to where you are so they can make the same steps, right?
Jumaa (42:32)
Mm-hmm.
Yeah, like this guy throws a really good, you know, explanation on how it works. Of course, I can see someone who is on top of the mountain, but sometimes if he's going to tell me some information, I might not understand. So I have to look for someone who is at least, you know, midway through the mountain that I can shadow follow this guy's steps as in how did he reach that point? How did he become,
where he is right now. So the same goes for people who are just starting in cyber security like if I told them something that is let's say as an expert they wouldn't understand that so I to break it down you know from the bottom to up explaining every level and everything until we reach the point that they're asking about.
getting people who are from different, let's say, of experiences, let's say, having someone who is, let's say, one year experience and then having someone who is five years of experience and then having someone who is 20 years of experience. And being in that podcast, everyone would, like, a person who has five years of experience can look at that guy who has 10 years of experience and be like, I understand what he's saying.
I mean. Yeah.
Nik Mohanlal (43:55)
yeah, no, 100%.
Yeah, yeah, Nice, man. Cool. I mean, I do want to give you the opportunity to kind of showcase anything you might be working on right now or any personal projects or maybe even businesses.
Jumaa (44:13)
what me and Nick suggested is a lot of people are thinking of the offensive part but they're forgetting about the defensive part so we found a gap and we're trying to fill out this gap by you know creating some workshops trainings and challenges for
you know universities, companies just to get the people started and see how both worlds work maybe they get interested in defensive instead of being offensive so yeah these currently are the two projects I'm working on
UAE. I think it is a great way to introduce something to a lot of people.
Nik Mohanlal (44:54)
Yeah.
Yeah, make make defense great again. Oh, Jumaa thank you so much for this. This was awesome. Thank you for joining this podcast or being on the pilot episode. You know, it was a little workshop, a little things here and there, but I'm excited to kind of showcase this to people and release it out.
Jumaa (45:03)
Yeah, make defense great again. Yeah, that's correct. I think we should have it as a slogan, you know?
Thank you.
You
think it's great opportunity and maybe I'll be in the sequel episode. Yeah.
Nik Mohanlal (45:35)
Yeah, maybe, maybe. Yeah.
How can people reach out to you if they want to get in touch?
Jumaa (45:44)
So my LinkedIn is open for everyone. Anyone can shoot me through LinkedIn message over there. You know, I reply to everyone. It doesn't matter who is it, where is from, or how many followers you have. I like replying to questions. I like talking with people, getting to know a lot of people. So yeah, like my DMs are open over there.
Nik Mohanlal (45:58)
You
Sounds good. thank you all for listening to the first episode. you need to get in touch with myself or Jumma, you can get in touch through LinkedIn or any other forums you might see us on.
Thank you all.
Jumaa (46:24)
Thank you.
Nikhil Mohanlal (46:26)
Thank you guys for listening to the first episode of Cy Bytes. I hope you liked it. As I said earlier, if you want to get in touch with myself or Juma, you can find our details in the show notes.
Feel free to send us a DM, get in touch. We can chat a little bit. If you want some advice in the industry here, we're more than happy to help. See you in the next episode.