PG - You can be neurodivergent and succeed in InfoSec

anyway thank you for being here uh as he said my name is Randall um the title is you can be NE a Divergent infc and Thrive a little about a little bit about me I'm an application security and vulnerability management engineer at Cai meds I have a mcken counterpart here I'm sorry um I was diagnosed with being on the autism spectrum and generalized anxiety during the worst moment in the world during the pandemic um I'm a video game Lego and book nerd I just finished my I'm 27th I'm on my 28th book probably going to finish it this afternoon and I'll go on my 29th book out of 35 for the year I'm also a technofile way too

many gaming handhelds I actually have my Legion go in my room so I can play balers gate if I wanted to some facts in 2021 the unemployment rate for college graduates with autism was about 85% almost 20 uh almost 20 times the national average uh and about 22% of autistic adults are gainfully meaning they can pay their bills and have some sort of money to live on afterwards why this topic um there's tons of Articles written about how you get an osc it's you can say 30 days or take this course or lie in a resume don't do that it's stupid um there's also a gap of neurod Divergent Talent within the infosec community um we tend

to not go for the big roles because it's puts us out there and we don't like being in front of things why am I here essentially um so not everyone is a front of the house type of person again the question probably comes through your mind why is he doing this because it needs to be talked about uh not everyone is also suited to be a leader as it is currently meaning you don't have to be that front of the front of the pack person saying hey we're our team is going to do this you can be a support role or a servant leader um we can change what it means to be a manager

instead of one person leading and be a colle a collective of people so everyone makes a generalized agreement and they go forth with all of those and uh ner neur Divergent people getting into tech for many reasons Independence range of topics and to be honest the money's quite well um so you want to work in infac um many say that infos isn't really an entry level field it's quite true uh but there are some caveats to that um it's hard to also break into this industry unless you have a connection of some sort my connection was my manager I luckily I made that connection it's even harder if you're socially awkward exactly uh it can also be really difficult if

you don't feel like you're a perfect fit we've all been through Job searches where you're like okay this doesn't work for me so I'm not going to apply for this apply for it cuz it's just a basically throwing jell off the wall and see with sticks um like I said on here open rex were roll is scattershot and most of the people who put those rolls out there don't know what they're talking about and we also have a particular set of skills not killing things per se unless it's a process um we're particularly suited for Tech cuz in my mind infc is a puzzle and you got to figure out what how what pieces go where

um it can also typically get through a thought process faster than my neurotypical counterparts and it freaks them out sometimes but that's what we're here for uh leadership typically also doesn't have neurod Divergent people there it's mainly neurotypicals thinking like oh we have to do it this way this way this way but what about the other way what about combining two into one step instead of the other stuff also inherent understanding of things is not always good I don't work well with an incomplete set of instructions I have to keep telling my manager that but he'll learn eventually but which way to go um it's hard to really give confidence uh guidance on this um it depends on what

you want to do do you want to do uh Disaster Recovery do you want to do forensics do you want to do cryptography as crypto means cryptography not coins cuz that's just stupid um there's so many facets GRC there's other stuff uh neurodivergent people typically find a thing latch on until they burn out so many times and then they get back to it because that's what we do um and you can change the different specialities within it for instance I was doing application security I still do it but I'm also doing vulnerability management and asset management as well so you can you can move throughout everything um and again money everything's expensive and we like

things so the game is a foot let's get your together when you're looking for a job you can what I've done is I created a spreadsheet when I was looking for a job to put things in categories who I've spoken to what stage of the interview process are you in the company name and if it's a recruiter asks for the company because sometimes like oh it's this our client who is the client cuz I don't want to work for an awful company um ask for a salary and if it's a job ask for a job description if it's a cold call or just a random LinkedIn email as we all get sometimes so when you're interviewing what I

generally generally do if I'm interviewing I send an email prior to introducing myself and asking for some some accommodations like hey is it okay if I just you know have my camera off for after the initial introduction period um also if you ask for accommodations this and they don't typically give them to you that can clue you in sometimes on what the environment like is like at the actual employer um yeah if they say no run like I said if you ask to keep your camera off after the initial in Period camera fatigue is real um 75% of the meanss I'm in at work my camera's off cuz I also I look at myself in the

camera and I see myself speaking I'm like I look stupid stopped looking so I typically try to keep my camera off um and if person asks for accommodations for Des Cod this does not mean show up in jammies just be as casual as possible jeans button down or a polo it's also okay to say no if you don't want a job if you get to the end and you're like okay this isn't really going to fit for me it's okay to say no um you're interviewing the company just as they're as much as they're interviewing you you have to make sure you fit there and if the culture doesn't work or if you feel something's off then

generally you're little Spidey sens is is generally true but also which one do you go with if you get more than one job interview with job offer decision fatigue is also real that's why some people wear black and brown quick and easy put it on or um just saw someone tweet out about what their their wardrobe looks like for black hatat and Defcon it was black or white t-shirt jeans and shoes decision petique just I know I'm going to wear the next day and go on um create a list of pros and cons for the role so okay this has decent benefits for health insurance because medicine is expensive um Health Medical uh mental health is also perent there

too what is their time off policy like is it permissive to just take time off when you need it or do you have to acrw it um it all depends on what your needs are and ner division n individuals may take a bit longer to make a decision so be okay with sitting in that decision process don't you don't have to jump to it because oh this is a $130,000 job offer yeah but you may get 145,000 next one so just take the time think about it go through the pros and cons also it's okay to negotiate why why do we just say yes okay they have the money they're hiring you for a reason say I want more money

or I need extra time off or I need these accommodations so I'm in he said in his best best hacker voice I call this one in mapping the workplace I'm hoping most of you know what nmap is if not it's nmap a network you so Bally you scan the network see what's there open ports OS and all that stuff uh micromanagement is not fun I'm not a child um there's no children in here so good um it can make you feel like you're not doing your job well or make you feel like you don't know what you're talking about so that constant nagging impostor syndrome is almost reinforced with something like that uh asking for

frequent and constructive feedback I'd like to know what I'm doing well and if I can improve even if I'm doing well cuz there's always room for improvement no matter what it is also making meetings better I created a Confluence page at work that says how to make meetings better turn off your mic if you're not speaking don't talk over people wait a couple seconds before you respond to someone if you are on camera don't pick up your laptop and start ring around that's really distracting um and also if you send out an invite to a meeting please include an agenda most of us that have trauma based learning of oh we're going to get fired because there's

nothing on here and it's an important meeting that happens in 20 minutes s an agenda it's not hard um learn how and also learning how to self- advocate for yourself that's quite redundant but it takes time to learn how to say this is what I need and be confident in it and when you finally get a team that supports you and backs you it makes all the world a difference also be a servant leader I hate that saying but it's true um adap be adaptive to your team's needs if you're a leader lead assuming good intentions don't read into people's speech pattern if I generally speak with a flat tone don't think I'm coming off as being an or or

anything other than I'm answering your question I'm being direct with you uh things go wrong humans are messy people are going to be messy probably I don't know what 8:00 the pool party starts or something like that messy um honesty and trust is key also if you lose trust with me it's damn near impossible to get it back so don't break trust with netive indiv individuals people are different but for me if trust is broken good luck so what's next when learning do you go over style or sustenance that's a two Wong Fu reference if you guys don't know what that movie is uh learning new things is fun but can be very expensive ask me how I know several

books um one can learn a myriad of ways books YouTube videos training shirts and yeah guessing people don't understand that reference That's The King and I Y brener uh choosing your own adventure um there's no one correct way of learning everyone learns completely differently um sometimes I can read a book and say okay I think I think I know what this is and someone asked me a question from the same exact paragraph I'm like what what what do you mean and someone asked literally sometimes pointed out to what what they were asking um prescribing a one- siiz fits all learning course leaves out those who don't fit the mold thanks massen while there are drawbacks to IND

individ learning being flexible allows for greater absorption of the knowledge that may or may not be gleaned from it um just randomly going through clicking through a this is what a fishing email looks like doesn't work how are we going to teach people to look for these instead of just saying oh this link looks weird how about you open up the headers and see does it say threats him does it come from a different sender there's a different ways to learn about this for the normal person that's not really in technology can figure out oh this isn't real I shouldn't click this so what's next is what's good for the goose good for the gander what works for one may

not work for everyone the world is quite diverse as we can see there's different nationalities uh gender identities here everything it runs the gamut um understanding this and allowing to call your intentions help to expand your mind um once you realize that you're not the only person in the world and we are a speck in an infinite infinite reality and depending on if you believe in the string universe theory that decision will Branch off to other branches so what happen happens now or what even what happens next we don't know neurod divers doesn't present in any one certain way um and also this industry is in dire need of a shakeup more women more people of color more uh diversity

within gender identities just everything needs to be changed no more sorry old white men come on and if you met one person on the Spectrum you've met one person on the Spectrum we all different so if not now when be patient take things take time your career is that yours uh things don't happen overnight if they do um you really from apartheid South Africa or it's a lie also keep moving forward that's all you can do so that's about it for me um questions yes so how you support te the work what youen um question yeah so the question was how do you help your co-workers uh self- advocate for themselves or your manager how can your manager also helps advocate

for your you is is a little bit of a uh a sid step of what's happened recently my manager and I got on a call because something happened and he's like okay I understand this is the process you need to go through but realize that Randall is neod Divergent and things like this kind of are triggering for him and how can we make sure going forward that people don't misunderstand that he's just saying what he's saying and doesn't mean it awfully or any kind of um I can't think of the word just not being mean to people just I'm just making an off-hand comment or just being completely direct because people can read into that awfully yeah it's good

did I answer your question yes I've been called both direct and abive and it depends on the environment in it's appli completely depends on you're they're used to that typ of Engagement or not if it's back trying to right job exactly for the stream one second for the stream he said um has been called direct and abrasive and it depends on what the uh the environment calls for um direct and abrasive is essentially the same thing uh I'm sorry that you read into something that's not there that's on you do you trying to figure out what's wrong with you first and it's not my not my issue yes sir mentioned

shod yeah uh the question was what other recombinations have I requested for or of other people uh to be honest those are the only ones so I I tried to start at the bare minimum and it not only helps us neurodivergent individuals but also helps neurotypical people because you get sidetracked and someone asks a question and someone chimes in on something and you just like wait what happened where are we going with this conversation so yeah it's I started with those base minimum things um I've been trying to bra BR Branch into more mzin like hey you can't just throw meetings on calendars without saying what it's for I understand some things may be confidential but try to

drop a line somewhere tell me what it's for so I'm not freaking out yeah I think he was next in the blue shirt it's noral when youn you start to see that people and most people they don't know they are as well so in your work environment how do you approve that people start for them and make them see that they are they promote and help them problem that they not aware the question is how do you approach people and spread the basically evangelize um ner of Virgin accommodations essentially okay um good question I don't know cuz I've I've been working in my team and then slowly branching out from there with the teams the engineering teams around me so

stay tuned what are some green flags and red

flags question was what are green and red flags uh during search um it depends are you call or blind um

uh good question I I don't know to answer that uh typically if I read through the one thing is we're a family I'm sorry I don't know if we can cuss no the we're not we're co-workers we're here for a reason we're going to do a job we're not yes we're a team we can get along we can be close friends with inside of work but once work time stops it that connection is severed for me and like I I'll be friendly towards people but I'm not going to be like oh let's go to your house on the weekend no I go to my partner's house

sorry I believe we did but layoffs

function that dni oh I've heard Dei but that might be a pejorative to sign yes um I think so um the Dei person that was at C meds was let go during what we call the culling or The Happening um so there are resource groups employee resource groups for within like greater mesen it's um but with some companies throwing it out because it's a bad word now looking you Tractor Supply um I so some may have it some may not but I mean do your research uh glass store reviews are a great thing even if some may be lying just Google you don't L limit because it'll tell you what you want to hear um I think we're almost closed any

other questions as far as application processes they they always have the the disability question you know it's it's a yes no or don't want to answer you know I don't want to lie and say no and I don't want bias answer how much you think that into process the question is um disclosing potential disabilities on application paperwork uh it's up to the the applicant you do not have to disclose it if you get into the role and you say hey I'm asking for these these accommodations for a reason if they try to push into it that's that's illegal they can't ask why you don't have to disclose your disability and asking accommodation is good for

everyone not just neurod Divergent individuals do do you think they they actually industry bias it's kind of hard to yes there's absolute bias I've always I don't know answer like I don't give a yes or a not I'm looking at it from a personal privacy perspective for all of the questions like it doesn't matter what they're asking at that point it's qualified response job application Level we're not even in a relationship yet we just Lear so I don't want them to have that information I'm saying after s eight months of

rection um oh hello hello you're comfortable talking about being neurod Divergent yourself but it is also a medical diagnosis it is it's just the same as having AIDS or anything else right yes a lot of people don't want to talk about what their personal stuff is yeah how do you is it on you to advocate for yourself or do you want are you comfortable with others within your organization advocating for you do you feel like you grant them permission to do it first like you said your boss says these are triggering for Randall others might not be so cool with that like hey boss I told you that in private how do you navigate those sort

of social situations I guess it depends on the trust level with your manager because if you don't really trust your manager you're not going to kind of trust it also I'm comfortable with it because I I saw the the need for side conversation hey guys gentlemen Gentlemen please um I I talk about it because I saw a need for it there 's a huge gap in accommodating people because technology run goes fast and it goes through people faster so I mean it all depends on what company it is how what like again your manager how comfortable he is or she is or they are with who you are and it also depends on if you want to actually

disclose it you don't have to if it helps do it but it all depends on who you are in your circumstances I hope that's a good enough answer yeah uh would it be okay if I provide a second opinion on that question um so A good rule of thumb if you're dealing with you're dealing with specific individual ask that individual talk to that person say Hey you know so if you're the person just closing say hey I'm sharing this with you I would rather you not share it with anyone or I'm sharing this with you so you can help advocate for me um if you're on the other side and has shared with you make

sure and explicitly ask them if they don't say say is this something you'd like me to keep private is there something I can do to help advocate for you what can I do do you want to Signal me do you want me to always do it um and that's true of not just nerd Divergence but anything if somebody discloses something to you um and asks for your support um this is something that happens to women a lot in Tech is that um there's a lot of unasked for support in some areas and then in other areas we're not getting the support we need so sometimes we need someone to say hey did you hear what she just said or what this

person just said or whatever and sometimes that's kind of patronizing and we don't need that and so talking to the person involved is the most important thing here because everyone is different every situation is different absolutely yeah very well thank you Randall very much you let's give another round of applause