#169 From fast food worker to cybersecurity engineer with Tae'lur Alexis
01:20:11 Share

Security is so vast, okay? And like there's different areas of security, like there's the incident response, there's compliance, there's this and that. But I do recommend for those who are web developers or software engineers that want to transition to security.

You have a really, really good chance of getting into application security. And that's why I was honing in on the OWASP top 10 and like web vulnerabilities and stuff like that, because it already builds on what you already know. You already have like that solid foundation of web development. Now you have to learn about like different ways that like an attacker can

can try to explore your application. And so your job would be to help secure that application from those attacks and everything. Welcome back to the Free Code Camp podcast, your source for raw, unedited interviews with developers. Today, we're talking with Taylor Alexis.

She's a developer and cybersecurity analyst. Instead of going to college, Taylor spent years working at various fast food and retail jobs. She taught herself Python and JavaScript using FreeCodeCamp, then worked as a software engineer for five years before specializing in security engineering. Now, instead of building applications, she breaks them.

Support for this podcast comes from a grant from Wix Studio. Wix Studio provides developers tools to rapidly build websites with everything out of the box, then extend, replace, and break boundaries with code. Learn more at wixstudio.com. Support also comes from the 11,384 kind folks who support Free Code Camp through a monthly donation. You can join these chill human beings and help our charity's mission by going to donate.freecodecamp.org.

For this week's musical intro, with yours truly on the drums, guitar, bass, and keys, we're going back to 1990 with the theme from the Nintendo game, Estiniacs. Hey Taylor, welcome to the Free Code Camp Podcast. Hi. Hey.

Yeah, it's awesome to talk with you. I've known of you for many, many years, and I'm excited to learn a little bit more about you. First, I want to ask, what exactly does a security engineer do?

So that greatly depends on the domain that they're in. Like there's incident response, there's application security. What I do is it's kind of like a mix of different things because I work directly under a CISO at a consulting firm. So we offer a variety of security services to tech startups like in specific areas.

So if they need vulnerability assessments, we provide that. We're actually starting to do penetration testing as well or ethical hacking for those who are unaware of what that is. So being able to legally break into or find flaws in systems such as networks and web applications, mobile apps, and everything like that to help make those applications and systems and networks more secure.

We also do compliance. That's actually a lot of my work too now. So we help build security programs from scratch because a lot of these startups, they often ship the products first and think about the security afterwards. Right. So they'll need certain things in place in order to become compliant with different standards such as ISO 27001, SOC 2. I don't want to bore anyone with all the different standards and stuff. Yeah, alphabet soup.

Yeah. But that's actually often a really important thing if they're trying to secure funding or different customers, like if they are complying with certain standards and stuff like that because they're trying to see – because other potential customers are trying to see, can you – are you – do you have certain controls in place that will protect, like, our data and everything like that? Can we trust you with our stuff, basically? So we help prepare different tech startups for that.

for those like audits and getting those, uh, certifications and stuff like that. So, um, like my typical day, it's, it's a little interesting. Um, so as you know, like I'm, uh,

As a security analyst and everything, I'm actually working with like different startups. So one client could be, you know, need like a risk assessment done or another client could be asking a question about how, like recently, yesterday, they actually asked me for advice on implementing a DAS tool, which for those who don't know, that's the automated scanner that can help find like vulnerabilities and stuff like that. So from an external standpoint.

So like they need to help with like, you know, what kind of tools, you know, best fit our needs and everything like that, because the potential customer needed that needed them to have that implemented. So, yeah, it really depends. It kind of varies like the type of work I do.

Awesome. Yeah. So it sounds like a lot of what you're doing is kind of just helping people fix their fast move, fast break things, kind of like mentality and startups. Like everything is done as inexpensively as possible. Just trying to get the product out the door, see whether people like it, see whether people will pay money for it. And a lot of times security is just one of those many things that ends up as technical debt that people will eventually get to. Yes.

Yes. A lot of my work is actually educating, raising awareness on why security matters, why you need to have certain tools in place, why secure coding is important to help defend against vulnerabilities and everything like that. So for sure, it's a lot of trying to make people feel like... Make security an important step in the process, hopefully from the beginning of the software development lifecycle, but at any stage we can kind of get in. Yeah.

Yeah, and you worked as a software engineer for like five years before you got into security. And along the way, did you take for granted a lot of the things that you now know are very important about security? Yeah, actually. And I did not know a lot about secure coding when I was a front-end developer, actually. I didn't know much about... I did know of cross-site scripting, but I didn't have the knowledge that I have now. I didn't know about the OWASP top 10 and everything. And I've noticed that...

And I thought that made me less of an engineer until I got into security. And then I've met other very, very smart software engineers that don't know, like, that much security. And also, like, as you know, like, a lot of software development courses and coding courses, like, they don't actually teach about, like, secure coding or anything like that. That's taught as a separate discipline. So that was, like, an extra step that I had to kind of, like, go through, you know, trying to, like, figure out.

fill in those gaps and everything for sure. And also another thing is like, I didn't know a lot of Linux. I didn't know a lot of networking. And so when I was transitioning to security, I had to kind of build up my knowledge and that stuff, but having that software development, like background really helped me with getting jobs that I do have, because I know about Git. I know about the, you know, SDLC and everything like that. I know about the different tech stacks. I know about like, you know, React and Vue and everything. I know how databases work and stuff. So. Yeah. And SDLC is software development lifecycle, I believe. Yes. Yeah.

Okay. So it's basically like from cradle to the grave, what happens with an app? And all the many life events. Yep. Yeah. From design to deployment. Yeah. Awesome. So...

I'm very excited to learn more about security, but first I want to learn more about you. Many people probably already know who you are. You had this like photo of you, like, like mopping the bathroom or something at like a Boston market. And then it was like, that was the first one. And the second one was like you working as a software engineer. And yeah, I want to learn a little bit more about your kind of developer origin story and how you were able to

Yeah.

I was, I spent time, it was kind of half and half. Like when I was really learning how to code, it was actually in Orlando, Florida. So in central Florida. Ah, okay. Yeah. Yeah. So, um, take us back to that experience, like what you were doing. Cause you know, a lot of people when they finish high school, um,

they go to college if they have been like sufficiently academically inclined or if they have the money to go to college. Uh, if they live in a state that has an inexpensive, uh, community college, often they'll go there. What, what was your entire approach? Like take us back to high school. Okay. Yeah. So high school, I was not the best student. I'm just going to be honest. Like, um, I'm pretty sure if my math and science teachers saw me in STEM today, they would be like, wow, she actually made it. Um, yeah.

I was really, really shy. I don't really think I gave myself a chance, honestly, in class. I'm not even going to try to blame the system or anything like that. I think I was just really shy and very introverted, and I just didn't want to be around people, so I would just be off in my own world. And so I wasn't the best in math or anything like that. And when I graduated high school...

Didn't really know what I wanted to do. Growing up, I wanted to be a lawyer, actually. I wanted to go to Harvard Law School and everything like that. But things didn't work out, and I didn't have any money, and I didn't have the...

Like, the academic, you know, aptitude and everything to get into, like, a really good school and stuff like that. So I got into, you know, I did what a lot of 18-year-olds do. I got into fast food. Worked at, like, McDonald's and Macy's. And I just worked, like, a bunch of jobs, like, in, like, retail and fast food. I did not know of what coding or computer science was or anything like that. I'm not, like, I'm kind of...

It's really cool when you, like, meet, like, other people, like, in the industry who, like, started off, like, you know, taking apart computers and everything and, like, getting, like, hacking the systems and being, like, hacker forms. And they were, like, 10 years old. And I'm just like, dang. Like, when I was 10 years old, I was, I don't know, on Wikipedia. Like, I watched, like, VH1 or something. Yeah. Like, I wasn't, yeah. I didn't know about, I didn't know about any of that, I wish. But, yeah. It's just a different path, right? So, yeah.

So I did come across coding when I saw like a YouTube video, I think for like Code Academy or something like that, just like a coding like ad. And I was like curious about it. I was like, well, what is it? And so I did not know that like, you know, everything that we do like on our computers and everything like we're interacting like online.

with applications that are built with code. And I just, I had no idea I would be on the computer every day, like playing games, flash games, everything like that. But I never actually like thought about how do these things like work and everything. So, um,

Yeah, that's what I was doing. And I came across coding specifically in 2017. Okay, you're interested in coding, but how do you go about teaching yourself to code? That's like a major endeavor. It's one thing to know what coding is and appreciate that most of the things that are exciting in the world right now that are happening in software are happening because a developer willed them into existence, right? Or a team of developers willed them into existence. But...

It's another thing to actually put yourself in a position where you can develop. How did you do that? Honestly, diverse for my resources and everything. At that point in 2017, the main resources that were out was Free Code Camp and Code Academy. Those are the two sites that really stood out. And then, of course, Udemy. Udemy. So it was hard, honestly. When I first tried learning how to code, it was February 2017.

And I tried to print like hello world in Python and then I stopped immediately and I didn't actually resume learning how to code for like some months because I was like, I don't know what I'm doing. I didn't understand like the basic building blocks and what was the purpose of a function and comments. I just, I didn't understand. And I guess I just didn't think I would be technical enough or that I would have like the raw intelligence to be able to like take on this endeavor of learning how to code, honestly, for being honest.

But my father actually motivated me to like keep going. But at that time, so I was like 21. I had reconnected with my father and everything after because when my parents like divorced and I was like a kid, like I was my mom. So and I didn't get to talk to my dad really because like they were just they were separate.

living their own lives. And so I reconnected with him and like he saw that I was like on like free code camp and he was just like, you should keep going with that. You seem like it seems like it made me like happy or something. And I was just like, really? And then he died actually like a few months after that. So,

That's what kind of kept me motivated to keep learning how to code. And yeah, I try to tell people because I get a lot of people that reach out to me and they're saying that they don't feel smart enough to learn how to code and become a software developer because a certain concept is hard. And it's like, I'm like, that is such a cyclical thing.

feeling. Like, you're gonna have, like, that feeling, like, throughout your whole career, like, whenever there's, like, a new topic or concept that comes about. And there's things that, like, took me a long time to understand when it came to coding as well. So, it's just having to, like, go back to, like...

Sometimes it's the resource. So like if you're trying to learn from like one course and they're teaching a topic that you don't understand or that doesn't resonate with you, then diversify and try like another instructor, you know, or try videos maybe because maybe you're a visual learner as opposed to someone who as opposed to like, you know, learning from like books or written tutorials and stuff like that. So find like your learning styles important and being open to diversifying your resources. Those are the two things I would say that help me keep going.

Awesome, man. I'm glad your dad got to see you pursuing this passion before he passed. Yeah. Yeah, maybe you can put us into that moment. Not that moment that your dad passed, but kind of that area of your life. So you're kind of cycling in and out. And I experienced this too. I always say lots of people...

give up on learning the program. I gave up several times. Right? And so you're kind of like cycling in and out of feeling like you can do this. How did you have the temerity and the willpower to keep thrusting yourself back into it? I had to build my community and I didn't know I was building a community, honestly, because I had joined like the 100 Days of Code Challenge and I think that

public accountability kind of helped me keep going because I started to post about what I was like learning the struggles I was having with like learning uh programming and what I was building and just meeting like other people that were also like learning too like that is so key and I didn't have anyone around me um like out you know in the real world that uh was also doing this like no one no one else in my family was in programming actually correction I just found out

rather recently that I have an aunt that I knew that I did not know about that actually has like a computer science degree from like way, way back then, like seventies, eighties. And I was like, what's, but like I, at the time I didn't have anyone, I didn't have like a support system. Um, so yeah, like finding that like online and just keeping in mind, like what my dad, you know, told me and everything like that helped me for sure. Um, yeah, I didn't know what I wanted to do. So,

So you were able to leverage kind of this support system that you went out and built for yourself, kind of like a spider weaves a web to stand on, right? Yeah. Or a beaver builds a dam so they can control a part of their ecosystem. You kind of created...

Yeah.

Um, and so like, I, that was very helpful. Honestly, it was, it's very encouraging for sure. And honestly, like I had to motivate myself too. Cause I was like, I knew that I didn't want to be in fast food for long. I was like, I'm about to quit this job at Boston market. Like I'm not about to keep doing this job. Yeah.

So, and I wanted to see what would happen with soft development. And honestly, at the time, you know how, like, now soft development is, like, being pushed so heavy as far as, like, oh, make six figures and everything like that, like, get rich quick kind of thing. At the time, I swear, like, in 2017, I wasn't even drawn to it because of that. Like, I was seeing people, like, on YouTube, like, Coding Face, whoever, like, they just, I just liked the knowledge that they, like, gave, like, other people and, like, the, and everything. And I just, I wanted to create value, too, for others, too. So, yeah. Yeah.

Yeah. And there are a few things that you can do that just can unlock that much value for other people just like that you can do yourself, right? Like you can go and build houses for people, but it takes a lot of people to build a house for somebody, right? And it also takes a whole lot of lumber and a lot of other resources. Like you, if you have the developer skills, you can sit down with like

or you even go to a library and use the computer there. And you can build something that people can use. And that's kind of like the power and the leverage that software specifically gives people that other mediums of creation do not necessarily, is being able to help a lot of people at scale without using a lot of material.

I agree. Yeah, taking from idea and actually realizing that idea and everything, making it a reality. Like, that is a power for sure. Yeah. I think that's what drew me to front-end development, especially because, like, I was able to get, like, the immediate, like, results of, like, what I was, like, you know, coding and stuff. So were you working these retail jobs while you were teaching yourself coding? Yeah. Like, you had to do the two in tandem? Yeah.

Yeah, like at one point I was working at both like Walmart and Boston Market and I would work like especially at Boston Market. I'd be working like eight to ten hour shifts, sometimes without a break. And then I didn't have a car. So then I would run home and then I would get on the computer. And for some reason, like I was just like I was really on the computer for six or seven hours, like barely sleeping. Like I was just like.

I was just really fascinated, like, especially when I was, like, running into, like, problems with my code or, like, not understanding something. Like, for me, what drives me is, like, I have, like, this need to have to, like, understand something. So, like, I think that's what also is a really important trait for someone to have when they're trying to get into tech is, like, if an obstacle doesn't, like, put you off something.

from the whole mission, then you have a chance of getting into tech, honestly. Because that's a lot of what a lot of our journeys are is full of obstacles and be able to overcome them and be like resilient. So...

Yeah. I was working like my butt off for sure. Yeah. I often say like learning programming is more of a motivational challenge than it's like a specifically like technical challenge or – Yeah. Than it has anything to do with like aptitude or even like interest in computers early on because it doesn't sound like you really got that – I mean it sounds like you were like a curious kid who didn't necessarily perform well in school but was also – you were interested in stuff. Yeah.

And, uh, it's just that you were waiting for the right thing to come along and then you really took to that. Yeah. Waiting for my passion, honestly. Yeah. Yeah. Let's talk about that period between when you knew, oh, I'm really interested in this. And then when you got your first job. Yeah. So I want to say I was studying for about seven to eight months before I, uh,

got an email I received an email from a CEO of a small like consulting firm based in Seattle Washington and I remember the email um because I was like what is going on um basically like what happened was he like he reached out to me said he had actually been following my journey on Twitter for like a little while and they were hiring junior software engineers and he was wondering if I um

you know, would be interested in interviewing for the role. And I was like, yeah. And the role would require like relocation to Seattle. And I had never been to Seattle like ever in my life. At that point, I had only like lived in like, I think what California, Nevada, Florida and Georgia. Like I hadn't been to like places that most Americans have lived. Yeah. But I mean, you live on both coasts. That's cool. Yeah. Yeah, for sure.

Yeah, so talk us through what that process was like. How did you react to getting that email? Did that feel real? I mean, you've been studying for like seven months at this point? Yeah, yeah. And I had built some projects. I built like a really... I remember the apps too. I remember them. And I was hosting them on GitHub. Yeah, what were some of your early apps? Yeah, so like...

For me, like how I developed ideas for like landing pages, since I wanted to be a front end developer, I thought of like startup ideas. So like I thought of like a beer and chocolate delivery service. So I created like a landing page for that. Um,

let's see uh I developed like a landing page for like a fake like beauty like e-commerce app because I was like oh I love to build like a beauty e-commerce uh app to like uh sell like Korean skincare and like cosmetics and stuff like that um based on like skin type like I was really going into like detail I was thinking of okay if I was going to sell like a startup this is what I would like you know want to like advertise and try like market and did it uh and so um

I did that. I also built, like, a real estate listings app, kind of like a Zillow clone. That was, like, the one I was, like, the most proud of because of the UI, honestly. There was, like, a lot of, like, gradient effects and everything. I'm sure it's, like, so dated now. Like, it's... But at the time, I was proud. So, yeah, those are the projects that I had on my resume and on my GitHub and everything. And so the interview process, like, basically consisted of the first call being with...

the CEO like virtually talking about like why I want to be in tech

and what, you know, I'm passionate about and everything. And then it moved on to, like, the technical portion, which honestly is, like, the least technical interview I've had since then. Like, I have to say, like, in total, because I've had, like, full-on, like, whiteboarding interviews, and this one was actually one of the more, like, laid-back ones. I was like, it's a really good, like, junior role, like, kind of, like, interview for sure. Basically, they had, like, me talk with two of the engineers on the team and walk through, like,

the code, the solution for like one of my projects that I had, which in this case, I believe it was the real estate listings app. So, um,

And they asked me questions like, you know, how, what is my process for developing, like, a new feature? How do I design it? How do I consider, like, accessibility and everything? Since they knew that I was also learning about, like, accessibility from the different resources that I was, like, using and everything. And so, oh, and also about, like, how to make, like, my app, like, responsive. Since at the time, I did not build, I did not build that website out responsive first.

So, um, like, yeah, they were just trying to see like my mind honestly, and like how I'm able to like communicate. And I think that's also something that I also try to tell people a lot is like these like interviews are really them trying to see like, how do you communicate and how do you like work through a solution? Can you work with a team member? Can they understand you and everything? Do you ask questions? Um, they're just trying to see how you perform. And of course, how do you perform under pressure as well, especially those whiteboarding ones. But yeah. Um,

Yeah, so that's what the interview process was like. And it was really simple. It was just, like, two steps. Yeah, and then, so, you go out to Seattle, and you start working as a software engineer? Yeah, it was, like, my first time, like, on a first-class flight. I felt, like, so cool. Yeah, I had, like, three cranberry vodkas. I was just, like, really, really happy. Yeah.

On the plane, but yeah. So, yeah. Like, it was my first time in Seattle and everything. And it was also my first time having my own place as well because they provided relocation. And so he was like, hey, before I came out there, he was like, can you find a place in Seattle? Mind you, I'd never been there, like I said. And I was like, yeah, sure. And then I found, like, a little micro studio. It was, like, super, super small. Like, less than, I don't even know anymore. Actually... Micro studio. So, like... Yeah. I mean, square footage, like...

So like this place for instance is like 35 square meters. I want to say like my micro studio was even less than that. Okay. So that's two square feet. That is like less than 400 feet.

So, so less than 400 square feet. And of course now you're in Bangkok, Thailand. We're going to talk about that. We're definitely going to talk about that a little bit, but I want to, so you're, I just want to give people context. So you're moving all the way across the country, like Jacksonville, Florida or Orlando to freaking Seattle. Like you could not travel farther across the continental U S yeah.

And you're moving into a... I mean, like, the room I'm standing in here is probably, like, 100...

50 square feet? Maybe 200? So this is not much bigger than the room that I'm in. Yeah, it's literally about that. It's about that size. I'm not even lying to you. That studio was about, I want to say around 150. There wasn't even a full kitchen at all. There wasn't even a full closet. There was a rack and that represented the closet. Like a single bed, yeah. But it was in such a nice part of Seattle. It was in Ballard. I don't know if you've ever been to Ballard.

It's like a suburb, like maybe like 10 minutes outside of like the downtown Seattle. And it's really nice. And it was five minutes walking from my office, like from my office and everything. So that's why I picked it as well. So it was like right there in the main street. So there's a bunch of like bars and restaurants. So it was really nice area. Very safe, honestly, but also close to my workplace. Yeah.

Yeah. So what was it like, like, the first few months working there, doing front-end development, being in a completely new city, not working in fast food? Yeah. So when I started that job, it was July 2018. And it was definitely...

a struggle at first for sure. I'm having to like adjust to like a whole new city and everything, but also at the same time I grew up as you, as you've heard, like I I've lived in different States and everything. So I was open to like living in like different places. It wasn't like foreign to me, but just being away from like not being close to my family. That was my first time being away from my mother for sure. Um, my siblings, like no one was in that same state or like nearby. And of course my father had passed. So I really felt extra lonely, honestly. Um,

But yeah, so it was, I was definitely like a recluse at first. And just like trying to like get like my bearings at work and trying to like, you know, just like become like accustomed to like this like new workload and everything. Because I went from having a workload of working at, you know, fast food, like working the drive-thru and cleaning bathroom floors. So like, oh, can you like help us like develop this like new future? It's like a whole different like mind shift, right?

For sure. And having to like learn about like sprints and everything and stand up like, you know, meetings that we would have, like, you know, just getting like used to that, that whole new culture working under like a project manager who has like roadmaps and deadlines and stuff like that. It was it was very different from like having to like build like follow up a tutorial like online from like a course and everything. They don't teach you all that, you know?

Yeah. So they don't necessarily, they're just teaching you the specific technical topics that you're going to be, that knowledge that you're going to be using on the job. They don't teach you the kind of a meta aspects of working on a software development team. Yeah. And yeah. And you see, you mentioned like, yeah, you had like a product manager or project manager that you worked under and they delegated different features and bugs and things to you. And then did you do like sprints? I mean, did you have like standup meetings? Did you have all that stuff? Yeah.

Yeah, daily stand-ups and everything like that, for sure. And having to, like, talk about, like, any, like, block, you know, any blocks that we were having, like, and, or questions that we have about, like, certain, like, features or, like, whatever tasks that we have to do and everything like that, for sure. And I also learned about other functions and...

in tech or in IT, such as what DevOps was. I didn't know what a DevOps engineer was and what role they play, system administrator, all that kind of stuff. So that was all very new. And actually, in that first job, we didn't have a dedicated security team. I believe that must have been outsourced or something. So I wasn't even exposed to security yet. So yeah, they taught me nothing about security. Yeah. Well...

That sounds like an exciting kind of like moment in your life. Like new city, new field. Can you like remember how much you were sleeping during that period? Like eating? Like was it stressful? I mean, I'm sure it was stressful. But like the more color you can put on that picture, that portrait of you in this new office. Like I just like to try to transport myself and put myself in your shoes to the extent I can.

It was a very, it's a very surreal feeling. Like it didn't really feel real. Like even like my first few like weeks or like months into like the role and everything. Um, and I was, I'm glad that I did get a proper, I wouldn't say I was given proper training, but I was giving, um, a lot of support for sure. Um,

on that job and everything so yeah it was it was just it's different it's just like you know you're just trying to like adapt like a whole new like mindset and you're trying to see like okay so like for me like where does Taylor fit into like this like team and everything um also like there's like different personalities and everything um

working on a tech team and everything. So, yeah, it was just being able to deal with people of different backgrounds and personalities for sure. That was another thing. Yeah. Were there other people on the team that had...

not gone to university. Like we think of like the typical like developer as somebody who went to university when they turned 18 and got a computer science degree and then just got an internship and then just kind of like wrote that like linear progression that I would probably say at least 50 or 60% of developers do that even today. Were there other people with less traditional backgrounds and journeys? I was...

I actually don't know. I didn't even inquire about a lot of their backgrounds or, like, what degree they had. And they didn't ask me either. But I want to say, like, the two...

like, engineers. They were twins, actually. I don't believe they had degrees. And, yeah, I remember them telling me that. And they were also from Florida, too. They were from Miami. And they were some of the smartest people that, like, I've met. Actually, a lot of the smartest people I've met, they don't have degrees. Like, my current boss, actually, he doesn't have a college degree, and he's a CISO, which is pretty cool. Yeah.

But yeah, at that time, no. A lot of people were still coming in from a traditional background and everything, for sure, having their computer science degree. And CISO is Chief Information Security Officer? Is that correct? Yes. Okay, cool. Yeah, I try to break down the acronyms for people listening in. I'm not even sure of that. But basically, it's the equivalent of the CTO for security.

Yes. Yeah. He carries out all the executive decisions when it comes to security. He develops the security strategy for a company and he executes that. Yeah. So...

Do you have any particularly trying memories from that moment when you were working in Seattle where you got really stuck or completely overwhelmed? Or were there any moments where you were just like, I'm not sure if I'm cut out for this? Yeah, honestly, I remember this. I had a project manager.

And she was really hard on me. I want to say she was really just hard on the team. And I guess she's under pressure herself. Because now, as I'm older, I try to think about... I try to have more compassion. I try to be more mindful of things. So I'm not even trying to put her in a bad...

way or anything like that. But, uh, I want to say she probably was just a perfectionist and she probably was just like learning her job as well. Um, because she sent me like 10 tasks, like at 11 PM on Slack, like to do. And she wanted that done like by 9 AM in the morning. What? Mind you. Yes. So just to be clear, like you have 10 hours and it's,

Sleep has to go before you can work. Yeah. And I'm already like, I'm asleep. Because when I wake up in the morning, she's like, hey, what's the progress on the tasks that I've assigned to you? It literally shows that she assigned those tasks to me at 10 p.m. And I was just like, this is... I'm not...

I haven't even looked at this. I just woke up and work doesn't even start until 9. Like, we're not even, like, we're not, you know, it wasn't expected of us to go into the office until 9 a.m. And so, like, that's usually when I would start my day. And I was like, yeah, like, when I, like, clock in for work and everything, like, I can begin those tasks. She's like, she just really gave me, like, a hard time about that. And, like...

at the time I hate it now because like the way I am now is like, I don't show emotion. Like, um, I really don't like, cause cause you don't, I don't know. But, uh, but then at the time, like I was just like, Oh my God, like I didn't really know how to like process it. So like I was internalizing and I felt really, really bad. And I just felt like, Oh my God, it's just like for me, um, at the time. And I was definitely questioning, like if I should like even like stay in this job, but I was just like, I'm already here.

Yeah, I mean, that's a big dream. It almost feels like a hazing ritual or something like, all right, let's see if she's tough enough to hang. Yeah, yeah. And there were some other guys on the team that said that she's done other stuff like that to them as well. And they're just like, I don't care. They were just like...

You know, it's unreasonable. Because, I mean, at the end of the day, like, our CEO, like, he's a very understanding person. Very... And so he wasn't, like, on us at all about that. So it was just... She was just... I don't know. I know for a fact... I wanted to tell my boss so bad, like, can you please not have her be my project manager? Like, because we had another one that was much better. But I just... I didn't even say that. I didn't even, like, raise the issue. I just...

You know, I really leaned on the support of, like, my teammates for real. Like, on, you know, just being good to, you know, coworkers and everything like that and helping guide me and stuff. So... And now it's a cool workplace. It sounds like...

Similar to like how when you were learning to code and undergoing, you know, extreme difficulty because programming is hard. You similarly, you kind of like went out and you kind of crafted an environment for yourself, supportive people. And it sounds like you did the same thing with your colleagues at the company. And so you had kind of like this support network and you all were able to like vent and just

Like, oh, it's kind of messed up that so-and-so expects this of me. And it seems like that was a big part of how you kind of coped and stayed strong. I wouldn't say vensing because I never vented to my coworkers, but I more so was just like asking for like guidance on how to like navigate certain things. Okay. And how to develop my communication skills more.

Because I think that was also, like, something to, like, being able to, like, stand firm, like, in your communication. Like, okay, like, I cannot, like, and working with the project manager to set better deadlines for things. Those are the things that, like, I learned a lot from the more senior engineers that kind of, like, took me under their wings when I said that they, when I had, like, that support system. They, yeah. So, yeah, that's how I learned how to manage the manager. Yeah.

Yeah. Yeah, and how to be a better... Yeah, and how to just be, like, a more communicative developer because it's... Like you said, it's not even just about the technical skills. It's everything. You know, it's being able to set realistic expectations when it comes to deadlines and projects and everything that you're given. It's being able to be vocal and to communicate things without being overly emotional. You know, and also setting aside, like, your feelings, like, in the workplace. That's why I say I don't even, like...

Yeah.

Yeah, just get that ice in your veins where you're just like, all right, I'm going to knuckle up. I'm just going to do this. I'm not going to let them see me bleed, right? James Bond, never let them see you bleed. And it sounds like that's a big part of how you navigate it is just be really stoic about it. Yeah, yeah. What are some of the biggest lessons, the biggest takeaways from that first show? Oh, wow. Get...

Like, um, it's so funny that I, like, that's the first thing, like, I swear, like, um, I remember like the senior engineer, he taught me like how to like, you know, uh, create my first branch and, you know, push commits and everything like that. And like the importance of writing like meaningful commit messages and like, that's really taken me very far, um, having like knowledge of Git. So yeah. Um,

And also not being afraid to ask questions. That was another big takeaway because there were a lot of things I didn't know. Like I didn't know what Vagrant was, and that was what we used a lot for environment. Yeah, Vagrant, it's a DevOps tool for like just having like a pre-configured environment. Yeah, being able to...

Yeah. Yeah. Because now people have, like, kind of, like, migrated on over to, like, other, like, version machines and everything like that. But, yeah, we... Well, they created you to configure, like, version machines and everything, but, like, now they've migrated on over to, like, other tools. But, yeah, it...

I haven't used vagrant in years, but... But you got your first exposure to that type of tool. Yes. At the job. Yeah, and that's what made learning, like, other tools, like, such as, like, Ansible or, like, Terraform, like, not that foreign of a concept, or, like, learning, like, infrastructure as code because you are writing... You are coding, like, your infrastructure, like, in vagrant. So, yeah. Yeah, awesome. And so when did you decide to leave that job and...

move on oh my gosh i got laid off you got laid off yeah they laid off all the juniors they laid off the interns yeah it was actually i've looked up that company they've changed the name um but they all the developers that i you know have worked with they're no longer there

So like, I don't know. And I guess like they've completely restructured the company. But yeah, they had like, they told me that, you know, they were just like running out of like money, really like of clientele and stuff. So they just had to like, you know, just make a decision. So they keep like the more senior developers and everything. And yeah, that crushed me that I was because I was stuck. Yeah, you're in Seattle. Yes. Like you've uprooted your entire life. Yeah. Yeah. That happened around the holidays. It happened around Christmas. What did you do?

Oh my gosh. I was like depressed, but I have money though, because, um, since I lived in a micro cause I, I thought about it when I initially was looking for a place, right. Before I started my position, I was okay. Like I knew how much I was going to make, um, post taxes because I use like this, uh, website called smart asset. And it kind of gives you like a good estimate of like how much your, um, your paychecks would be after taxes, depending on the state, um, sometimes the city, all that kind of stuff. Um,

And so, like, okay, I had, like, an idea of, like, you know, how much I'd make. And so, like, I found an apartment that was way less than that. So, like, my apartment was, like, 900 at the time, which was probably considered a lot for such a small apartment. But, yeah, um...

And so I had like savings and everything like that. So I was like living off my savings, honestly. And I started freelancing actually, because like my best friend, he had a contracting like company and everything like that. So we started just was like, hey, let's like build out some like mobile like web apps. Like, let's just get this money like this way. And I was like, okay, cool. So yeah.

And so that exposed me to like work with like different clients, stuff like that. So that's what I was doing for a while. And then I was able to like, you know, get my own clients off of Twitter as well, just from, um, you know, having the tech presence on Twitter and everything like that. So I was doing that for a long time. So first of all, that's really cool that you like live well within your means and you were able to kind of plan. Uh, cause a lot of people, when they get their first job, they're like, all right, I'm going to go get a lease on it. Mustang. Yeah.

For sure. You planned it out and you had this kind of emergency fund and then you were able to leverage the social media presence that you built up to find clients and you were able to do client work. What was that process like, that period of your life?

It was definitely interesting because I was traveling. I was giving conference talks. So I spoke in, I believe, like Seattle. I spoke in San Francisco. I spoke in Germany, which was really cool. Chicago and stuff like that. So I was doing that, but then I was also getting clients and everything. And I also found clients not even through online, but just from... I remember I was at...

I was coding on my computer. I was just working on a project or something in the food court. And then there was some random person that was like, hey, are you coding? And I was like, yes. And they were like, I have an app. So I just ran into people and they were just like, I have an app and everything like that. Or I want an e-commerce store. And I really, really got good with WooCommerce and Shopify.

um because a lot of people like they had you know they want to set up storefronts and so I just and I've learned that from YouTube actually yeah so I was they were like hey can you build this I'm like yeah sure whatever I didn't know I just like learned how to do like I just looked it up on like YouTube or something or found documentation definitely a lot of documentation um to like build themes and like whatnot so yeah that's it was definitely interesting period because like I knew that

I didn't want to be in front-end and web development forever. I knew I wanted to, like, get into security at some point. So it was definitely, like, just, you know, I'm just trying to, like, make ends meet. I'm just trying to, like, do my thing. I'm trying to travel and everything. And, yeah. And I think I was also writing, like, coding tutorials as well. Like, I was trying to, like, stick to that as well. Yeah. Yeah.

So if I can make a few observations, first of all, you just did whatever the client needed and you weren't like, well, I'm not going to do WooCommerce or WordPress. You didn't get up on your high horse. You're just like, sure, I'll learn WooCommerce. I'll build this app. You didn't think of yourself as a...

XYZ developer, you're just like, okay, I'm just a Swiss Army Knife dev. I can do whatever. Wherever the business leads me. Yeah. It sounds like you're very pragmatic about making ends meet. Yeah.

At the time, yeah. I mean, and also I had exposure to WordPress from having my own blog on there. So when I had my portfolio site, when I was like looking for a job and like how my, that CEO, how he found me and everything, I had my portfolio site on there and it was built with like WordPress. So I already had that exposure. So it just made like sense.

to, like, you know, with clients or, like, ask about, because it's just WordPress and Shopify and other, like, CMS, like, solutions are just, like, always, like, a really perfect, like, solution for small to, like, mid-sized, like, businesses and everything, like, where they need something, like, fast and that's, like, easy to manage. And I was really good with, like, with teaching people how to use things. So not only was I, like, building the websites, I was also teaching them, like, um,

You know, how to, like, update their content and everything like that and how, like, WordPress works and everything. So... And then when they did want to expand into, like, a WooCommerce or, like, you know, add in, like, that shopping feature, then I was also able to help them. And I was just thinking of that. And I...

I guess like having like my best friend who was like really like deep into business like that helped me as well with like being able to sell my services and all that kind of stuff. So yeah, and it just it also like made sense. Like I knew like React and JavaScript and everything like that. So I wasn't afraid of like, you know, digging to the front end and customizing like code or anything like that. So yeah.

And PHP isn't, it's not that foreign of a language, you know, compared to JavaScript, which is what I was working with at work and everything. It's not as big of a WTF as like Java is for me. Yeah. I would not want to code in Java. Like, yeah, I definitely can hear you there. Like the jump from Java to JavaScript is like the jump from car to carpet. Yeah. Yeah.

What language do you work with the most in? Mostly Python and JavaScript. Python. Okay. And I just keep it simple. You know, like PHP. You mentioned PHP. Peter Levels. Yeah. He just does everything in PHP. And he, like, every single project, he just uses PHP. Yeah. You know, SQLite, I think. Yeah. Yeah. And so, like, whatever the tools that get the job done, those are good tools to use. You'll talk to, like, these...

seasoned carpenters that are using basically the same tools that they've been using for the last 20 years to get things done. And there might be some newfangled tools, and maybe they'll experiment with those, but there's a high bar to clear for actually adopting a new tool and moving to a completely new stack and all the new learning that is necessary with that. So would you say you've been relatively focused, at least when you were front-end dev, on JavaScript, Python, and then a little bit of PHP? Yeah.

Yeah, yeah, definitely. It was those languages for sure. I mean, I was always interested in like learning like other languages and everything. But as far as like what I was like on a day to day, like I was definitely focusing on those. Those are my like my bread and butter. And those are also languages that like I recommend to people when they want to learn how to code because they're still so popular today. JavaScript and Python. Yeah.

Awesome. Let's talk about your journey into security because I'm very interested. A lot of people listening to this may already be working as devs or they may not have figured out how they want to specialize. And security is one of those things where they're always going to be like North Koreans trying to hack you. And you need to be ready, right? Yeah.

Um, okay. So how I got into security, I started learning it through like try hack me. Um, that was actually like what got me like into it and also TCM security. Cause they had a lot of courses on YouTube for sure. Um, around that time. And I want to say I started learning like in 2022, 2022 is when I joined like try hack me and everything. And, um, I,

This is the thing, though. This is what I tell people, is that, like, you don't just start off by, like, learning security. Like, for the most part, if you're trying to get a technical role in security, you usually have to start off with learning, like, Linux. Like, you have to, like, learn, like, operating systems and, like, networking. And I did not know those two things, like, in depth. I knew basic terminal commands and everything like that from being a developer, from having to, like, use, like, Git and everything. But I wasn't as confident with, like, with Linux in general. And so I definitely learned, like, a lot, like,

I was reading books like Linux Bases for Hackers. There was another Linux system administration book that I was also going through and learning about how to set up a LAMP stack, which for those who don't know, that's what's commonly used to help push out WordPress applications. They're using your development servers that are built with PHP, MySQL database,

Apache, like, web server and Linux. So, like, that's what makes up the LAMP stack. And so I was definitely, yeah, I was, like, learning how to, like, build that from scratch because I was like, well, like, I know, you know, how to run a web, you know, WordPress application. I didn't even know so much about setting it up, like, from scratch because you know how you can use, like...

When I was a developer and I was building out the WordPress sites, the WordPress sites were already hosted up by using a one-click solution from DigitalOcean, which is a cloud hosting provider. And so they've been brought an easy way for you to deploy a WordPress application without having to know all the mechanics behind it.

that's going into it. But when I was learning like security, you know, it is kind of like important to learn about how like those things like are built and everything. So, um, I was on try hack me. I was doing that. And then I learned about action directory, which I had not known what that was at all. Um,

For those who don't know, that's what, you know, it helps you use to manage, like, Windows, like, environments and everything like that and control, like, users and create policies and deploy those and everything like that. And so I, you know, I learned how to build and set up, like, a domain controller and, you know, in a virtual machine. Definitely learned a lot of virtualization because everything that you're using, whenever you're practicing, like, a tax or you're setting up anything, you're using it all, like, in virtual machines.

which are isolated from like your actual host machine. Um, and so I, you know, I learned how to, you know, set up like a whole, um, domain controller and like hooking up to like windows, like hosts and everything and like learning how to like run attacks against them. Um,

So it was just a lot about learning how to build a thing and then how to break the thing. And it was a constant cycle of that, for sure. So yeah, I was using TriHackMe, but I always tell people to learn how to build stuff like yourself in VMs. And that's how you really get your hands dirty, and that's how you actually understand things. Don't just do modules.

that wasn't how I like retained the knowledge. I'm a very hands-on person. Um, so yeah, I was, I was doing like a lot of that. I was doing courses. I was reading books and I just became fascinated. Okay. Quincy, like I swear, like,

I was listening to this podcast called Darknet Diaries. Oh, excellent podcast. Everybody who's interested in security should definitely listen to that. I love Darknet Diaries. Yes. And it's a really, really good podcast and it goes over real stories of different hacking events and incidents that have happened or just even covering interesting stories and paths of people that are in security like Jason Haddix and people like that. So

Um, shout out to Jason Haddix, actually. It's really cool. Um, but yeah, so, and I just, that would keep me motivated because I was just always, like, interested. I started to learn about people like Aaron Schwartz. Um, if you don't know who that is, like, he was, like, one of the co-founders of Reddit. And I'm actually a whole Reddit junkie, like,

because I definitely use a lot of Reddit to build up my roadmap, honestly, for security. So when I was curious about what should I learn from being a developer to being in security, there's 10,000 people that ask the same exact question. And so that's how I learned about resources like TryHackMe and PortSwigger, which is a great resource. It's free and it's online and it's always updated with different labs to learn different web vulnerabilities. And that was great.

that's how I pivoted into security. That's how I kind of honed in on my focus. So, yeah, I was building, like, Active Directory labs and stuff like that and just, like, labs in general to, like, learn about different attacks. But, like, my specialty, I guess, was web application, like, security and everything because I knew how to build it. So now I was, like, curious about, like, what, like...

making applications behave like in ways that it wasn't intended to is really interesting. So that's where the OWASP 10, like a lot of the different common attacks come from is there are a lot of websites out there and a lot of them are running outdated versions of PHP and stuff. And they don't have security engineers on their team because they're a tiny startup. And when you're a dev team of like two or three people, like,

You don't necessarily have a dedicated security person. So if

If I can recap some of the advice you gave there. So I love, like, learn how to build things. And, like, I'm a big advocate of learning how to build things. Learn how to build software. And then learn how to break that software open and do things that the people who control those servers did not intend for you to do. Because that's how you find out what... And again, North Korea is going to be like... They hack everything.

Like, it's a huge portion of their gross national product is, like, them basically, like, you know, stealing people's Bitcoins and stuff like that, right? So you have to think about, like, okay, what are the most sophisticated state actors who have, like, these teams of, like, military people that have, like, spent all this time? Like, they're going to attack your website. You need to be ready. And that's what, like, a lot of security is. This is essentially, like...

you know, having like a strong defense against those types of bad actors. Right. And there are threat actors that target certain, um, industries. So if you are, let's say, uh, you're a developer that's working for a bank and you're getting into security and you're learning about like the different like tactics, the TCPs, they call it the tactics techniques. And, um, uh,

I forgot the other. I forgot what it all stood for. But basically, studying the behaviors of attackers and everything. And so there are APTs, which stands for Advanced Persistent Threat. There are different APT groups that specialize in attacking the financial industry and everything like that. So let's say you're on the red team, or let's just say you're on a security team at a bank or something like that. Then you would be studying those tactics and learning about how to defend against

you know, those potential, like, threat actors. So, yeah. In my case, like, what I currently do, like, at my job, like, APTs aren't, like, a common threat for us. It's more about, like, the average, like,

Script Kitty who might be trying to run different SQL injection payloads or something like that. So you have to make sure that all your input fields on your web applications have proper validation and everything like that, encoding defenses to protect against different injection attacks and stuff like that. Yeah.

Yeah.

You have a really, really good chance of getting into application security. And that's why I was honing in on the OWASP top 10 and like web vulnerabilities and stuff like that, because it already builds on what you already know. You already have like that solid foundation of web development. Now you have to learn about like different ways that like an attacker can try to exploit your application. And so your job would be to help secure that application from those attacks and everything. So I recommend that for sure for people.

Awesome. Yeah, and that is super actionable advice for any devs listening to this, what Taylor just said about

leveraging the fact that you already have this expertise because there are advanced persistent threats, right? There are these state threat actors that are out there literally doing military operations against people, right? Like the SolarWinds attack or something like that where they get into tons of computers by exploiting some vulnerability and like

something that is deployed everywhere, right? Like Windows machines. You know, all the ransomware attacks and stuff like that. But for every, you know,

persistent threat, I think is the acronym you use. Yeah, like for every one of those, there are a lot of what are called script kitties, which are just people that don't necessarily know a lot about security. They're just using some tool. Like there are these tool packages that, you know, what is it called? It's called like exploit. I can't remember the name. Yeah.

Yeah, Metasploit. Yeah, like there are entire security packages, and you can just sit there with your...

nacho cheese Dorito covered fingers and drinking you could you can go in and like screw up somebody's website pretty badly yeah like throwing like some of these tools at them and so one of the things that you do it sounds like it's just batten down the hatches and cover like the most common types of attacks that are everywhere and that pretty much anybody who didn't like

want your website to be up could potentially call upon to bring you down. Yes. Yeah. Um, at my current position, uh, well, yeah. Okay. Actually I'll start into like my first, uh, job in security. Cause I was about that. Yeah. So it was a struggle. So like, if you thought that like my whole journey and getting into like web development was like hard, like getting security was like even like harder because security isn't, I do understand people say when they say security is not entry level, um,

Because it does build on, like, you having, like, some type of, like, knowledge in something else. Like, for instance, like, okay, like, web development, like, you just, you learn how to code, you get a job in tech. There you go. There's entry-level jobs in software development or, like, in system administration or in networking or whatever. Security kind of, like, builds on some type of knowledge of either one of those domains that I just, like, named off for the most part. And so...

like, a big barrier for me was lack of experience. Even though I had, like, the years of experience in software development, it was, like, the recruiters, like, recruiters would be, like, yeah, like, that's cool, but, like, you don't have, like, actual cybersecurity experience, and so, like, that was really hard, and it's very hard to get cybersecurity experience without being in a cybersecurity role. Now, there are, I do say, like, now with the

knowledge that I do have, um, of like the industry, like a way to get experiences like through bug bounty hunting, which, um, if you don't know what that is, like that's basically where people can find like vulnerabilities and flaws, um, on applications such as Facebook and Twitter, um,

Or, like, other, like, public-facing, like, assets or sites. And they report, like, bugs and everything. And they can receive, like, a reward, like, a monetary, like, money, like, for it. Yeah, I see. Which is pretty cool. Yeah, I think, like, OpenAI. It's like a bounty hunter, like, brings in the pirate hunter Zorro and gets their, you know. Yeah. And it can pay, like, depending on the severity of the bug. Like, I think, like, at OpenAI, they're offering, like, bounties up to, like, over $100,000.

for, like, a critical flaw. So I'm just like, wow, like, really good money, life-changing money. But, yeah. So it was really hard to find a job in security and everything like that. Of course, there were entry-level, like, penetration testing, which is definitely the rule. That's what I wanted to be, is a pen tester, which that means that someone who is able to, like, ethically, like, legally hack, like, web application systems, networks, whatever is put in front of them, being able to, like,

break it and find flaws in it. Um, and yeah, like, there were junior princesses roles, but it was, it's very, like, um, it's very, uh,

for sure. Because there's people that have computer science degrees. Not only computer science degrees, they've been coding since they were 10. And they also have found CVEs and so many bug bounties. And they have a really, really flawless resume. So a CVE, that stands for Common Vulnerabilities and Exposures. And that is a publicly disclosed vulnerability. So yeah, that's what a CVE is. Something people already know about, basically. But it's like...

People just haven't fixed it. It's actually not to the knowledge of the organization or the application or whoever is in charge of the software that she found the vulnerability in. They don't know about it until you reported it. And then they can choose to disclose that vulnerability. And so it gets assigned a CVE ID. So now it becomes public knowledge and it's kept in a public database. I believe the NVD, which is National Vulnerability Database.

Okay, so basically, let's say hypothetically you run some sort of web server and somebody figures out some exploit there. They find a vulnerability. And so everybody who is using that web server should know and it should be patched and the update should be rolled out. But now everybody knows that this exists out there and you need to update your software.

Well, yes, yes. And so when you do report it, they do go through the process of remediating that, or however they do choose to treat that vulnerability. So then it becomes part of public knowledge. Like, okay, you need to update or patch up your Apache systems, for instance. Let's say you do find a vulnerability there.

like a directory traversal or whatever kind of vulnerability, like in Apache, like web server version, one point, whatever. Now you can report that vulnerability and then it gets publicly disclosed and everything. Then it's like, okay, boom, like it's documented publicly for everyone to know like Apache system, because like there was a certain vulnerability and it will be that CVE ID that I say that, you know, that you get assigned when you do find like that CVE or when, you know, when it does get accepted as a CVE.

That would forever be, like, tied to, like, that CVE ID. So...

Yeah. Okay, cool. Thanks. And I didn't know what that was and now I do. And hopefully some of the people listening didn't know what that was either. And that's used in a lot of the tools, like a lot of the security scanners. Like if you've heard of like SAS or DAS, like which are basically tools that you can scan against like code or like web applications. It's mainly like, especially like in SAS tools or SCA, which is used to scan against like open source libraries, for instance, and dependencies that we use right as developers. Yeah.

Like, yeah, that's what's used. Like, so basically like how like those security tools work is that it scans like your code against like a whole database of like, of CVEs. And so that's how, um, yeah. Yeah.

Yeah. So that's how that works. Awesome. And so that's good to know that like this is publicly disclosed and then it's actually used to help people identify, oh, you've got these known issues in your code, but you need to go fix these real quick. And a public service announcement for everybody, like don't turn off auto updates on your computer. I know it's annoying to have to update your software, to update your phone, but you should always keep everything on the latest version for precisely this reason. They're constantly little updates.

being discovered that are getting patched and you don't want to be like running some old, like you should literally abandon software that is no longer supported. Like FreeCodeCamp, we migrated from using Ghost. We were on like this old version and when they announced they were not going to support it anymore, we had to migrate. We're not going to try to like, we're not going to leave ourselves wide open. So that is a compelling reason to just keep, like security is a real important concept.

in what software you use and whether there are people actively maintaining it and whether you have a reasonable expectation that these CDEs are being patched. I'm not sure if I'm using the term CDEs, if that's the correct way to say it. But basically, yeah. So I have so many questions. We've only got a few minutes left, and I just don't want to start firing them off at you. First of all, you live in Bangkok, Thailand.

That is awesome. And I'm excited to learn a little bit about how you got out there and your decision-making process. Okay, sure. So at the time, when I first visited Thailand, it was August of last year, of 2024. And

And I spent two months like backpacking Southeast Asia because I was like a bucket list goal that I've had currently since I was like maybe 12 or something. And so I spent two months like traveling like Thailand, Vietnam, Indonesia, Malaysia. And Bangkok was like what spoke to me like the most. Like that was the first city that I visited out here in Asia. And I was like, yeah, like I was like, I could live here. It was like a passing thought when I was on a back up like a motorbike because that's how we kind of get around and do like motorbikes out here.

And so, and I was like, yeah, I could live here. Like, I just really, it felt very comfortable for me. And so, uh,

I knew that that's where I wanted to like live and when I got offered this most recent position that I'm in um that was in October and at the time when I had when I interviewed for that job I was in Vietnam and so like I had actually told him that in an interview because he was like oh how he's like oh it's dark out there and I was like yeah it's like 11 p.m here I'm in Vietnam he was like oh he's like okay so um and the world was like remote and everything and um

After I got the job, like, I started researching about relocating. Like, I did, you know, ask my boss. Like, I was like, how do you feel about people, like, relocating? Like, to, you know, to, like, a different, like, country or something like that. Or, like, working remotely from another country. I didn't know how long I wanted to be in Bangkok, but I just knew I wanted to be there for an extended period of time. And he's like, yeah, I don't care. He's like, I live on a boat. And I was like, wait, what? And, like...

He actually, like, my boss is a CISO, a Chief Information Security Officer, and he literally, like, lives on a boat, like, sailing the Caribbean. And so, like, I think he was just, like, more, like, open-minded to people just because of, like, his own situation and everything like that. So I was like, okay, as long as I can handle the time zone difference, that was the thing. So, like, I saved up money. I basically, like, stacked up for, like, three months and...

and I researched visas, um, the different visa options out here. And so I just recently got the digital nomad visa or the DTV, which basically allows me to like live in Thailand for up to five years. Um, and yeah, and like work remotely in Thailand so I can legally work remotely out here. Just can't work for a Thai employer. I can work for an overseas employer though, which it literally works out for me. So, um, yeah, I just got approved for that. Um,

and yeah, that's, that's how I'm living out here and everything. I got my apartment when I was still in, uh, Florida. Um, I found the apartment on Facebook, uh,

in one of like the Facebook groups and everything like that. And I got a virtual tour and everything within my leasing agent really just, he helped me find this spot. And so, yeah, I moved out here January 11th of this year. So I've been out for three months. Yeah. That's amazing. And I want to dig a little deeper. Like, first of all, everybody should check out Taylor's YouTube channel where she's doing a short kind of video essays, tutorial types about her move out there and like,

immigration considerations, lifestyle, like safety, all those things. But what inspired you to like live abroad? I mean, you could just be comfortable back here in the States probably. And yet you're, you're seeking out like these completely different cultures, dramatically different time zones. Yeah. That's a great question. I've always been interested in wanting to immerse myself in other cultures. I've always wanted to. I try, like,

I think maybe since I was like five or six, like I was given, um, by a family friend, a book, um, a world of psychopedia book. And I remember I read that till the pages fell off, like from start to finish. So like as a kid and I learned about different countries and I was just like always so fascinated. Then as I got older, I would get on YouTube and I would see like these like travel vloggers, like make these like, you know, videos, like trying different food markets, like out in Bangkok and everything. And, um, or people like learning, you know,

different languages like Chinese or, you know, French or whatever, and being able to speak to, like, the natives in that, like, that language and just seeing, like, how, like, they just built, like, those connections. Like, because, you know, like, this person's from a whole different culture. This other person's from a whole different culture. They may not, you know, be able to have, like, a whole full-on, like, in-depth conversation in that language, but just the effort that she made to try to, like, learn their language, like, it meant a lot for them. And I just, I like that.

honestly and also the people in Thailand are just so sweet like the Buddhism like I always say that it's like the Buddhist Buddhism like really permeates like throughout the culture and it's how you know and how like they treat you and everything how respectful they are and the kind you know just the kindness and the politeness like all throughout the atmosphere here so I was just always really drawn to that and I was just like yeah and I'm also someone that

I could probably spin a globe and be like, okay, I'll live here. Like, I'll see what it's like for like a month or something. I'm just, I'm always like, you know, within reason. Um, it's always been like barely open-minded to that for sure. Yeah. So it didn't even scare me. I was just like, let's just go do it. Yeah. Yeah.

If somebody wanted to plan to move overseas like you did, what would be kind of like a checklist in terms of how much should they save up? How far in advance should they start planning for such a move? Assuming – let's presume they're in a situation like you where they don't have kids and they don't necessarily have aging relatives they're taking care of or anything like that.

Right. I would definitely. So what I did, I saved up. I well, first off, I calculated like my what I thought my average cost of living would be on a monthly basis. And I use how I determined that was $1.

I looked at my spending habits. What would I spend more on? What would I spend less on? And then I also looked into how much the average studio or one-bedroom costs out here in Thailand, for instance, or specifically Bangkok. So I kept that in mind. And then I also did a lot of research. I watched a lot of YouTube videos of people who also share their cost of living. That's why I also shared mine still on my YouTube channel. That whole transparency, I learned a lot from that. And so I did that, times that by 12.

And because like the cost of living out here is not that expensive compared to the States. So like my cost of living right now is going to be like $1,200, like $1,300 in total per month. And that's including my rent.

And so I just times up by 12 and I make sure I have like a good savings account that equated to that before I moved out here. But usually people say like, you know, save up at least six months. If you if you save at least six months, you're so far ahead of like other digital nomads because I've met people out here that moved out here was like nothing. And I'm just like, no job, no savings. What are you doing? Right.

I would definitely do not move with your next check. Definitely save up like at least a few months because you want to have like your, you know, like that, you know, whole thing going. And then also research the visas. That's the next thing to do. Once you get the savings set up, research the visa options. Like out here, definitely consider the digital nomad visa.

You don't even have to be a remote worker to even qualify for it. If you want to sign up for cooking classes out here in Thailand, they will sponsor that. Muay Thai lessons and everything, that's another way to get the DTV. Muay Thai is the Thai boxing...

yeah, the type, which is so cool, so fun to watch out here, but yeah, um, and so, just, like, look up the visa options and look at what's right for you. I want to say even Japan has a similar, like, digital nomad, uh, visa. I think it's a little bit different because you can't extend that visa, like, or the periods that you can stay, like, as opposed to, like, in Thailand, but, like, there's some differences, but yeah. Um,

So, like, look up the visa situation and everything like that. And then also look up the, try to, like, learn about, like, the cultures and the customs and, like, how, like, you know, just, like, how people, like, behave out here and everything like that. So then you can be respectful of other cultures and everything. Yeah. Yeah.

And then you just go from there, honestly. Definitely just look up other YouTubers that have done the whole movement tradition and everything. But try to sift through the people who are just trying to sell you something or that try to BS their way through. Yeah. You seem like the type of person who kind of makes up their mind, like, I'm going to do this, and then you figure out a way to do it. If you had a goal in mind, let's say you had a new goal. Let's say, hypothetically, your goal is to

What is the goal? Do you have any goals right now? I'm actually in the process of trying to get my OACP. So that's... Yeah, yeah, I got you. OACP. Yeah, OACP. Apprentice Security Certified Professional.

So that is a hands-on exam where you basically have to break into six different machines, including an Active Directory network and then three standalone machines, which could either be Linux or Windows machines, and being able to root those systems, which means being able to escalate your privileges from a regular standard user to being able to be administrative.

on that machine. Because that, basically, when you become an administrative, like, user, like, on a machine, that means that you've, like, pwned the machine. That means you've got it. You've compromised it fully. But, yeah, so... So what I do for that is I...

How I set that goal is I try to set aside time every day to it. At least an hour to a day to that whole thing. And then I also write my goals a lot in a journal, which I don't even realize that I'm doing. But I do write every day. And I guess people call that...

manifesting, but I don't like, I'm just like, this is what I do. I didn't even think of it like that, but I guess so. So yeah, I just, I keep myself in that mindset. I also subscribe to like, also like kind of surround myself with like everything like around that. So I will subscribe to like different like Reddit feeds or I'll read different like blog posts or anything that are like about that just to keep me like engaged in it.

So, yeah, that's how I do. I just... I immerse myself in it. That's how I kind of, like, get into a goal and I execute it. Just like... And that's the same kind of approach I guess I did with moving out here to Thailand. I immersed myself in it and made sure I did, like, all my research about it and then I executed as I went. The thing is, like, you...

There's such things being too overly prepared. At some point, you're going to have to try and be afraid and not be afraid to make a mistake because it'll happen or not be afraid of failing while trying to execute that goal because I've definitely failed at times. For instance, I failed the OSP the first time, so I'm on round two. So that's just my whole process. That's my whole learning process for sure. Yeah, so to recap...

immerse yourself, you know, listening to the podcast, reading Reddit threads, just kind of like trying to grab all the different meta knowledge, the tacit knowledge that is like other people are carrying around with them, just trying to absorb that. And then not over-preparing, but going for it at some point. And if you fail, just try again. Yes, absolutely. Yeah.

Yeah. Because I do think a lot of people get paralyzed in the preparation phase. Yeah. You are extremely modest and humble, but the things you've accomplished are dramatic. I think it's incredibly impressive. You're quite young, and just to make such a dramatic series of career pivots, to go from working at Walmart and Boston Market to working as a software engineer to getting laid off and figuring out how to...

for freelance work, essentially, and then just deciding, hey, I want to further augment my skills and I want to move in the security direction and now pursuing this big formal certification. You're very modest, but how do you strike a balance between being joking and self-deprecating and getting people to take you seriously? That is...

Wow, that's a really powerful question, actually. That's definitely something that I battle with internally because there's definitely exposing yourself to... And by being vulnerable, especially in public, kind of opens you up to criticism and people questioning your intelligence and your place in the industry. And so I was back and forth for a long time about being so open about it, but I realized that...

it's, it's really about how you feel about yourself. That's like the most important thing. And I hate that. I hope that doesn't sound too cliche. Um, because, and it's taken a long time for me to actually feel like as if I am capable. Cause like, I definitely like that. So that self-deprecation was rooted in me actually believing that I was not, you know, smart enough or anything like that or whatever, but like having to, I had to really, really work on, uh,

removing like the negative self-talk and everything and having to remind myself that I am capable. And I try to just keep like my head down and just try to like stay focused. I don't even try to like think about all the successes or accomplishments. Like for instance, I'm always thinking about like the next thing

and what I want to achieve and everything like that. And that's what kind of keeps me going. But it does help that when you do get to motivate other people just from existing and being yourself and stuff like that. Yeah, it's definitely a fine balance. I don't know. I just have a sense of humor. That's so cool. Just stay in focus. Don't think about the accomplishments. Don't think about the criticism. One of the things that you said there that really resonated with me is a lot of times people are self-deprecating.

deprecating it and they joke about like their shortcomings because the fact is they are a little bit insecure. I mean, it's hard to not feel insecure when you are surrounded by people who've been coding for a long time and have CS degrees and all this stuff. And here you are just trying to like learn and catch up with them. And yeah, that resonates with me. And I think that's probably going to resonate with a lot of people. Taylor,

You're such a big inspiration to me. And I know to the, you know, the developer community at large, I really appreciate you taking this time out to talk with us. It's like super late over there. I don't want to keep you up too late. I just want to thank you again for everything you're doing.

Thank you. No, literally, thank you for the platform that you created. I literally push your YouTube channel. It's a goldmine of a resource. I still use it to this day. Because all the different topics that you cover on the channel, all the different people that you bring on and everything to teach, and just the fact that you've made it free and accessible for everyone. I think...

you don't realize how much you've actually made an impact on people like me. Because I don't think I would actually even be in tech today because I couldn't afford to, like, go back to school or to go do a boot camp or anything. And just the fact that you've made quality resources, like, it's meant to lots of people like me that are self-taught. So thank you. That's why when you reached out to me, I was like, oh, my God. It was full circle, really. Yeah.

Yeah. You absolutely made my day. Thank you. Thank you for your kind words. Um, and again, seriously, uh, everybody listening to this, check out Taylor's, uh, YouTube channel. If you want to live abroad in Thailand, she's got lots of detailed advice, uh, super actionable and, uh, very,

Tons of luck with the second try at the LFPP. Thank you. Thank you, Quincy. Yeah, good luck balancing sleep and work and studying for that while you're living in this new culture. But yeah, just keep going out there and getting things done and inspiring us all. Thank you. And everybody, until next week, happy coding.