eLearnSecurity Student Spotlight: Paula González Muñoz
A week ago, we asked several eLearnSecurity students to tell us about themselves and some of the experiences they’ve had since stepping into the security industry.
Over the next few days, we intend to share their stories with you, in the hope that you could perhaps pick up a bit of advice, motivation, inspiration – or even just a few laughs – from them, just like we did!
See the previous Student Spotlight post here.
Paula González Muñoz
Security Consultant – Security Project Manager, GMV
Where did you first hear of eLearnSecurity?
I was finding different options for online security courses that would be highly practical and Google did its magic.
Which of our training courses have you taken?
What made you choose that particular course?
I got the PTS Barebone on a giveaway and found it pretty good for learning the basics. The WAPT course, I choose it because I’m already an OSCP but noticed that I had a knowledge gap when pentesting web applications.
What topics would you like to see eLearnSecurity cover next?
I would love to see a forensics course. Not only incident response, but also the full forensic cycle for when we have to go to court when an incident has happened.
Tell us a bit about what you do.
At this moment I’m a security consultant, which means that my time is divided between pentesting and other tasks such as evaluating infrastructure and advising on how to improve it, project management and mentoring for the junior members of my team.
How did you get into security?
I took a couple security courses at college and, when I started working, I convinced my employer that having at least a person with red team knowledge on our company would be positive. A year after that, I got offered a position as a pentester.
What is the most important part of your work?
For me is transmitting our findings to our clients. It does not matter how good is your analysis if the client does not understand the full implications of their weaknesses or how to mitigate them.
Do you have any interesting stories about security incidents you’ve handled in the past?
There was this one time, years ago, when a full department was infected due to a malicious file copied onto one of the department shared folders. It took us several days to contain the incident and discover the origin only to have the user, and management team, asking us how could we not have prevented that.
The funniest (now, at the moment was pretty frustrating) thing was that a couple of weeks before the incident, we proposed an employee awareness course for all employees, in order to mitigate risks, and the same management team told was that “nobody would be stupid enough to open a file from an unknown source”.
Has the increasing shortage on security pros had any effect on your work?
There’s a lot of work in general, but I have not noticed nothing spectacular… although it is true that I see much more movement than friends that work at other IT areas.
Is there something about security that could convince students, enthusiasts, or other IT professionals in general, to pursue this career path?
It is a challenge. We touch the latest technologies as soon as companies start using them, because everybody wants to know if they are secure. This means an always changing environment and working with both cutting edge technology and things that were ancient when I was born all in the same week.
Any skills in particular that you think are crucial in today’s security landscape?
I believe that creativity is a big need in this job. You have to listen, everyday, “this is impossible” and have to come up with ways of showing them that it is not. Additionally, you need a good background in both systems and applications so you can deduce how things are working with only a glimpse of their functionalities.
What would be the best advice you could give to someone just getting started in the field?
Don’t give up. This field is hard and always changing but, at the same time, pretty rewarding. So, when you feel that you want to throw your computer through a window… keep up. In the end, you’ll get your reward on the form of a critical or high vulnerability and a ton of knowledge for the next time.