From his first "hack" (getting unlimited ammo on Oregon Trail) at age 12, O'Shea Bowens knew he liked working with computers. Despite studying a completely different field in college, he has built a successful career in cybersecurity. In this episode, he and Jason walk through his strategic path not just into infosec, but into progressively higher-level roles. They discuss the importance of effective communication, taking notes, and how determination can make a significant difference in getting the job you want - and succeeding once you get there.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Jason Nickola (00:01):
This is“Trust Me, I'm Certified,” brought to you
by GIAC Certifications, apodcast exploring how to conquer
imposter syndrome.
Welcome back to“Trust Me, I'mCertified.” I'm your host, Jason
Nickola, and on this episodewe're joined by O'Shea Bowens
for the first of a two partinterview in which we cover a
ton of really interestingground.
(00:23):
O'Shea is probably one of thefirst people who comes to mind
for me when I think of someonewho just grinds and really works
hard for the things he wants tomake happen in the world.
From his role as CEO and founderat Null Hat security, and
trainings he's offered at eventssuch as DEF CON, to speaking and
serving as an advisor at theSANS Blue Team summit, in
addition to a lot of the missionbased work that he does, which
(00:45):
is probably the thing that Irespect about him the most.
You don't have to spend muchtime with him before you get a
real feel for why he does whathe does and how passionate he is
about enabling others,especially as it relates to
communities of color.
With projects such as theIntrusion Diversity System
podcast, cybersecuritynonprofit, and the Boston
(01:05):
security meetup scene.
With such impressive things onhis resume and some real
momentum in his career over thelast couple of years, you might
think that InfoSec was anobvious professional path for
him, but as appears to be arunning theme on our show,
there's some real twists andturns to O'Shea's journey, which
were so helpful for me to hearand I think that lots of you
(01:26):
will find some real value heretoo.
So please enjoy round one withO'Shea Bowens.
All right, so we are joined byO’Shea Bowens.
I'm really excited to have aconversation with you.
Thanks a lot for joining us.
O'Shea Bowens (01:41):
Yeah, thanks for having me, man.
I greatly appreciate it.
Jason Nickola (01:43):
For sure.
So, let's start out with whatwas your path to security and
technology?
When did you realize that thiswas going to be it for you?
O'Shea Bowens (02:33):
Realized it was going to be it maybe 22, 23?
The introduction was in sixthgrade, so I was like 12 or 13.
There was a computer programmingclass, not necessarily like
assembly, but making gamesessentially.
I figured out how to getunlimited ammo on Oregon Trail
and I just thought that wasawesome.
Well, me and my buddy didactually, you can't take all the
credit.
Jason Nickola (02:52):
So you had that class in sixth grade?
O'Shea Bowens (02:52):
Yeah, that was a weird thing.
So I'm originally from Dallas,Texas, but I guess you guys
don't have, I'm in Boston now,but I guess there’s no
year-round school up here.
Jason Nickola (02:52):
No.
O'Shea Bowens (02:52):
So year-round school, it’s basically what it
sounds like.
Instead of having a summer, youget like two weeks off at a time
or three weeks.
And we had electives at myschool, and we had a computer
class and I was really hooked onthe computer class and
ironically enough that same yearhackers came out, my buddy's mom
bought the movie.
And as we were walking back hishouse, he was like, hey, do you
want to check out this movie mymom bought?
It's about people doing stuffand I remember specifically, I
was like, what's it called?
And he said“Hackers” and I hadno idea what that was.
Cause we were like 12 or 13.
And when we watched it, youknow, it was just awesome.
It still is awesome, of course.
But that was like the moment,not necessarily I thought about
security, but I was reallyunderstanding like what a
computer could actually do.
Jason Nickola (03:25):
Right.
You had this really progressivemiddle school that taught you
some kind of programming at thetime, which is becoming more
common today.
But especially 10, 20 years ago,it wasn't as common as it is
now.
And then“Hackers” came out andyou got exposed to it and you
just wanted to dig in tocomputers and figure out what
you can do with them.
O'Shea Bowens (03:45):
Yeah, essentially.
And then, you know, at this timeAOL was fairly big.
And I remember specificallytyping in, I was in some room
and I was asking, hey, how do Iget a virus?
It sounded like crazy newbie.
But I mean, I have a wholetheory about asking questions.
We can talk about that later,but some dude pushed me and he's
like, well, AOL really isn't theplace you should be talking
(04:07):
about that, here's this link tothis bulletin board site.
Then that led to a full-blownboard that seemed not as
friendly, but I got pushed tothis forum.
And then inside the forum waswhere I started to speak to
other people that were kind ofon the- whatever you want to
call it, black hat, dark artsside.
You know, but the fun side tome, cause I was a kid and
(04:28):
curious adolescent and learningthings and people treat you like
an adult when you're online.
They have no idea you're like 12or 13.
Jason Nickola (04:39):
Yeah.
So a very quick transition from,hey, this computer stuff is
cool, I'm going to use thingslike AOL to hey, here's your
entrance into the seedierunderbelly where people are
actually learning how to attackthings and exchanging techniques
and maybe even some binaries.
O'Shea Bowens (04:55):
Yeah.
And I didn't get into reverseengineering or anything, but it
was really getting these smallviruses on how to connect to
someone's- how to take oversomeone's chat channel.
So how do you throw thisexecutable and hopefully they
click on it and it commits abuffer overflow and then from
that buffer overflow, when itcrashes and the session comes
back up, you're in control andit was stuff like that, I didn't
totally understand how itworked.
(05:15):
I think even now today you canstill buy whatever malware
you're interested in for a priceand just click and go.
But that was just- it's stillfascinating to me to this day,
which is why I've stayed inInfoSec.
Jason Nickola (05:31):
Yeah.
Well especially at such a youngage to see, the kind of power
and the depth of, hey, there'ssomething behind all of this.
I love speaking with peopleyoung and older that don't have
a lot of experience intechnology.
And although it seems just superobvious to us, one of the first
things I love to show them isthese internet pages, these
pages that you’re going to inyour browser are really just
(05:53):
texts and it's just delivered toyour computer.
You can manipulate them.
And there's just anothercomputer somewhere that has this
text and then your screen justknows how to display it.
And you can kind of see, wow,there's something behind all of
this and it exists becausepeople created it, right?
O'Shea Bowens (05:57):
That's the really cool thing
It's not magic.
It's just people.
It's just somebody else justlike you, you know.
Jason Nickola (05:57):
Yeah, I love the way you put that, that it's not
magic because I've talked aboutthose kinds of things so often
because especially in securityand technology, there are lots
of people that like to makethings seem so much more
complicated than they are.
I think as a validation of thefact that they understand it and
can use it and that if youcan't, then it's a
one-upsmanship kind of thing.
But none of it's magic.
There were people in a room thatdecided how TCP was going to
work, that decided how C++ wasgoing to compile, that decided
how Nmap was going to work, andthe list goes on and on and on
and they created it.
And you know, if you have theinterest and the drive and the
stick-to-itiveness to keep goingwith it, you can figure it out.
And I find that more thananything else, certainly more
than the technical skill isreally the hallmark of somebody
who's going to have a lot ofsuccess in this industry is can
you really just work past someof the challenges and just stay
interested and stick with ituntil you get it.
O'Shea Bowens (05:58):
Yeah.
I think a lot of determinationand also communication.
Like I'm a big fan ofinterpersonal and extra-personal
communication.
Like how do you just speak topeople in a fashion where it
seems like you're open versusstandoffish.
I don't have that pride in methat’s like, I don't ask for
help.
If I don't know, I'll ask forhelp.
I was raised like my mom with Iguess a Southern saying, closed
(06:20):
mouths don't get fed.
Like if you don't ask thequestion, you're just starving
yourself of that potentialknowledge.
Cause you're too proud to ask itor you're embarrassed, you have
to just get over that.
No one is born with this.
It's not innate to anyone.
Everyone asks a question at somepoint.
Jason Nickola (07:40):
Right.
So it sounds like you were kindof brought up that way, but have
there been times, especiallyearlier on in your career when
you're, or even when you were akid and trying to learn this
stuff, have there been timeswhen you were more hesitant to
voice questions because of howyou would come off or maybe
environments where it was easierto stay quiet than others?
Has that been something thatyou've dealt with or seen in
other people that you've dealtwith throughout your career?
O'Shea Bowens (08:22):
Yeah, I mean it's mostly as an adult to be honest.
I think when you're dealing withother people, when you're, at
least from my perspective, fromteenager years, I never really
had that from the IT side or thetechnology side.
I never really dealt withsomeone that I felt embarrassed
to speak with.
I guess what you would call the2600 group in Dallas, everyone
was really, really friendly atthe time and we had we had a
(08:43):
bazaar every other Saturday orthird Saturday of the month and
you can go there and pick upboards and drives and things
like that.
(09:07):
And everyone there was fairlyopen.
I didn't really run into thatuntil my second job.
I was working for a defensecontractor and there was just
this one guy, I didn't pick upon at the time, but it’s one of
those things you start torealize because someone's
buddy-buddy with me at workdoesn't necessarily mean they're
on your side.
He just constantly tried to makeme question myself.
And then at this point I was ina position where I was actually
(09:30):
shadowing him.
So it became uncomfortable toreally ask him for help.
And in regards to learning thesystem or learning the
environment, he would kind ofjust make it seem like, oh, you
don't know that?
Oh, well what are you doinghere?
You know, it was that type ofthing.
And then eventually you kind ofrealize just don't speak to him.
(09:50):
Like there's some people, youknow, there's no there's no
reasoning with them because theyhave an idea in their head
that's driving their actions andwhen they have that seed
planted, however long it tookthem to plant, that seed is
going to take longer for you totry to remove it.
And as you're spending 40 hoursa week with this person, is that
really what you want to investyour time into?
So it's happened once at a roleand that was super uncomfortable
for like three months.
Jason Nickola (10:11):
So did you just try to segment yourself from
that person and find otherpeople to kind of be your
immediate clique at work or didyou just ignore him?
O'Shea Bowens (10:31):
No, it's actually kind of hilarious cause it still
holds true now.
So this was a very junior levelrole and there were a couple of
seniors on the team that forsome reason I didn't want to
approach them cause I thought,you know, maybe that's what they
thought of me because this iswhat he thinks of me and he's
been here for a while and he'smore connected with these guys.
Jason Nickola (10:50):
Maybe it's representative of the larger
culture.
O'Shea Bowens (11:10):
Yeah.
Like that's what therepresentative body thinks of
you.
And when I started to speak tothe seniors that they were 360
degrees different.
They’re like, oh, so why don'tyou just pull up a chair next to
me?
There’s a guy named JamesFisher, he's still in Dallas.
And James, he's more like asecurity architect.
But he was instrumental in beinglike,“oh, this is our
environment.
This is how it’s built out, whatare you up to?
What's your background?
Oh cool, I'm going for my PhD,if you have any questions, let
(11:33):
me know.” And I still speak toJames every so often when I'm
stuck on something.
But it was one of those things Iwas like, maybe I should just
speak to someone else.
I reached this point of justgetting over the embarrassment
part because I wanted to performwell.
I'm there to perform.
My performance is suffering.
If you know me, I freak out- notfreak out, but I'm one of those
people that whatever they sayabout me, they can't say his
(11:53):
performance was horrible.
I kind of pride myself on mywork and end result, you know, I
try to be the best version of mein the personal and professional
life, as corny as it sounds.
So if my work is representativeof me, I want that to be on par,
you know?
Jason Nickola (11:56):
Right, right.
So backing up a second.
You talked about some of thethings that you did when you
were a kid and first startedgetting into technology.
When you look back at it, arethere kind of generic traits
that knowing where you would endup, you go like, oh well duh,
obviously I was gonna end upbeing a security professional
and working in technology andbreaking things and fixing
(12:16):
things and defending things.
But it's really hard to see thatahead of time.
But looking back, do you thinkthat those traits were there and
what are they?
O'Shea Bowens (12:28):
Well, yeah, I guess to go back a bit, I didn't
know that was really going to gointo the security side until I
was like maybe 22.
Because when I went to college,I went to college for fashion
design.
I kind of wanted to take a breakfrom technology and I've always
had this kind of a weirdobsession with fashion.
The idea that you can createsomething and someone will
basically wear your idea, whatyou've made is what someone else
is wearing, you know, and that’sstill a fascination with me.
My ultimate goal is to makeenough money to sponsor a young
designer and then hopefully theyblow up and then I get to go
hang out at fashion week.
(13:05):
But when I do look back though,there were certain challenges or
certain parts of my personalitythat did kind of click with
security, like the curiousaspect of wanting to put things
together.
I’ve pretty much spent themajority of my career on the
defensive side of security.
I know some awesome pen testers,I always say I suck at pen
(13:25):
testing even though I've had topick up more and more offensive
traits to kind of become a fullteam, full-sided, transitioning
from blue team to I guess purpleteam essentially.
So you gotta get an attack todefend, you gotta defend to
attack.
But the idea of puzzle piecesand how things are separate and
how to bring them together.
When I began intrusion analysisfrom a layer 3 or from a
networking perspective, what wasreally kind of cool with me, I
(13:47):
remember the first time I sawWireshark, I thought it was
awesome that you could runpattern matching against a pcap
and then just string togetherpieces of traffic or particular
protocols that may look out ofplace and make them line up to
equate to something.
That was a really awesome day.
And I remember specifically thefirst couple of times I began to
like working in an intrusionanalysis base.
I didn't think I was reallygoing to move away from network
security because that was reallythe big interest of mine for
probably for three yearsstraight was really
understanding what's happeningon the wire.
Like, how can I detect, how canI get better and how can I
analyze?
It wasn't until later in thecareer where I started to pick
up other disciplines.
Jason Nickola (14:38):
So you studied fashion design in school and
then you come out and around 22,you start to pursue a career in
technology.
Was it right into security andwhat did you do to try to build
your chops for that first role?
You had a lot of experience asan enthusiast in your younger
years, but how did you reallymove into becoming a
professional technologist andthen eventually security
(14:59):
professional?
O'Shea Bowens (15:03):
Yeah, so I was going to school at Texas Tech
University for fashion design.
I left that to essentially workat this smaller startup that my
friend's brother had created.
And after that, I started tothink, well, what do I to do
with my career?
You're 22, you have to make adecision and your buddies are
going to be graduating soon.
Not to say that was a hugedriver, but it was really
(15:23):
thinking down the line, what doyou want to do?
So luckily I was able to find anetwork engineering job at a
telecom.
It was at AT&T.
And ironically enough, Metro PCSheadquarters were right in the
same courtyard as AT&T inRichardson, Texas.
(15:48):
So I don't know why competitorswere- this was the first year of
Metro PCS was around.
This was really, really early,hadn't gone public, very, very
new.
And there was a gentleman I metone day when I was parking who
was the director of security atMetro PCS.
And keep in mind, this was like2008 right?
So there's not a lot of securityjobs.
It gets difficult now to readthrough security job
(16:08):
descriptions.
You wonder if you're qualifiedor question your qualifications.
So go back, you know, 2008 whenthere wasn't a lot of searching
online for the roles and theyweren't very well written.
But this is borderline stalker,but essentially what happened
was the manager or the directorof security at Metro was a
smoker.
And from my desk at AT&T I couldsee him going down into the
(16:33):
courtyard and he smoked.
I knew his habit after a coupleof weeks, cause I was always
asking, hey, are you hiring?
So when he's smoking I wouldlike bolt downstairs maybe like
a minute before he was finished.
And I would just ask like, oh,hey, did you see this happen in
the news?
(16:53):
Or hey, what do you think aboutthis tool?
What are you guys using toanalyze network security?
What are you guys using toanalyze the tags or is there
something that you think someoneshould know to come work with
you?
And this went on for a couple ofmonths.
So every time- his name was Andy- every time he would go down to
smoke, not every time, but mostof the time, especially if I saw
him, I would bolt down thestairs because the elevator was
too slow.
(17:18):
So I'd literally run down thestairs, walk outside and just
kind of pester the dude.
And he knew I didn't smoke.
He was like, what are you doingman?
But after two or three months ofthat he had an opening for a
junior intrusion analyst.
That's how I got the job.
I just kept bothering him,really borderline stalking him
and watching him when he smoked.
But I also would always kind ofbust his chops around like, hey,
(17:41):
I saw this happen.
What do you think about this?
I remember one time I wastalking about some piece of
malware that's a key logger orsomething.
And I was like, if I were todeploy this in your environment,
how would you guys catch it?
And I think that was kind ofwhere he was like, okay, well I
think he's serious right now.
He's thinking about how toactually capture this and report
on it.
Jason Nickola (18:05):
Well, in security, we're allowed to say
that you social engineered him.
You didn't stalk him.
O'Shea Bowens (18:09):
True.
I say that now, yeah.
Jason Nickola (18:12):
Right.
So what about the technical sideof things?
What did you do to really try tofill in- like how did you learn
about key loggers and malware?
Granted, you had the experiencewhen you were younger digging
into that stuff, but how did youmake the transition to becoming
a professional in that regard?
O'Shea Bowens (18:29):
I basically broke a lot of stuff in my home
environment.
I'll back up.
So from a layer 3 perspective- Iwish I could remember the
website, but there was a websitewhere you could basically build
out virtual environments forCisco routers and switches.
Cause I was working innetworking at AT&T so I had
access to this site.
(18:49):
I just can't recall the name ofit.
But basically, I abused thatsite.
I was constantly learning aboutrouting and BGP, about different
protocols and how routersactually are functional within
large environments.
And how to stand up a networkand how to take down a network,
things like that.
And around that time I was stillhanging out on different sites,
different websites or whatnot, Iguess you could say forums.
(19:15):
And I was still interested inhow attacks occur from layer 3
sites.
That’s basically what I wasinterested in as a kid, it was
networking.
Like how does the internetbackbone work?
How am I speaking to this dudein Germany in this chat room
right now?
How the heck is that possible?
So a lot of it was based onhaving access to that CCNA lab,
which was a lifesaver because Ilearned so much on the layer 3
side and building outenvironments.
(19:36):
But also I built out homeenvironments.
And then from the homeenvironment side, what I would
basically do is run samples Igot offline at the time into my
environment and then watch myrouting protocols break or watch
something become introduced inthe virtual environment.
(19:59):
And it was books and speaking toother people.
But a lot of it was really mejust on my own, not to say I did
everything on my own.
I had people I would askquestions to, but none of my
friends were into this, so itwas mostly me just grinding away
at night, everyone else was kindof out doing whatever and I was
at home on my laptop, bangingaway, trying to get better.
(20:20):
And the one thing I do remembervividly doing was following most
of what was going on at DEF CON.
It was a lot of learning whatthose guys were up to because
even now I still look at some ofthe people- it sounds maybe fan
boyish- but some of the peoplethat present at DEF CON are just
ridiculous.
Jason Nickola (20:37):
Yeah, I agree.
O'Shea Bowens (20:43):
It's like, how did you do that?
You find yourself in thisposition thinking like, okay,
maybe I won't be at that level.
But if I can at least understanda percentage of what the heck
he's talking about, I canprobably use that.
You know?
And I still use that to thisday.
I still use that technique tothis day.
I don't need to understand ahundred percent but if I can
understand enough that I couldapply it to my life or what I'm
(21:03):
doing, then I consider that awin.
Jason Nickola (21:07):
Yeah.
And I think that’s such animportant realization.
It's not that to learnsomething, you have to know
every single prerequisite pieceof information and be able to
absorb everything in the newtopic.
I really don't think thatlearning works that way.
I think it's expose yourself toas many even tangentially
related things as you can andpick up something from all of
them.
I can't tell you how many timesthree years down the line I'll
understand something because ofsome random piece of information
or get some opportunity becauseof some random connection or
something that I just happenedto do for no reason a few years
ago and then it all just kind ofstarts to make sense and
connects.
But if you don't stay busy, ifyou're not trying to learn new
things and you don't have thosenights that you described where
it's just you getting your handsdirty and doing what you can to
try to work through things, thenI don't know if you get that
same reward of being able toconnect the dots over the long
term in that way.
O'Shea Bowens (22:04):
Yeah, totally.
And I think another big thing todo is- okay, I'm an avid note
taker.
It looks like a madman in myoffice cause there's like legit
notebooks from like three orfour years ago that I filled
out, but I refuse to throw themaway.
Something that I've learned isnotating what you do and moving
back towards that in a latertime period.
A good example is a couple ofweeks ago, I was creating this
(22:26):
lab for this workshop that I'mleading actually this Saturday
I'm leading this blue teamingworkshop.
And there were some notes I tookon shamu, that old ransomware
from a couple of years ago fromthe Saudi Aramco attack.
And I remember there werecertain indicators that I had-
now I'm giving away a couple ofthe exercises.
(22:54):
But I remember there werecertain indicators that I wrote
out how you could carve them outfrom IDA Pro and, I just wrote
them out.
I was like this, this, this andthis, you know.
And then a couple of nights agoI was stuck on something.
And I was like, I know I havethis written somewhere.
Where’s that book from 2017,where's that notebooks?
I know I have it, but because ofthose notes it allowed me to
kind of refresh around what thatpiece of ransomware does.
So being an avid note taker canbe so helpful cause there's a
(23:16):
lot of times I think yourknowledge is almost recursive.
Like you're doing this backwardslook up on something you've
learned previously and you’relikely going to forget a lot of
this stuff unless you have aphotographic memory.
But when you have massiveamounts of notes that you can
rely upon going back months andmonths or probably a year based
upon your own research, yeah,that is like gold in your hands.
Jason Nickola (23:44):
Right?
Yeah, I'm very similar withnotebooks.
And for a while I transitionedto using a Surface so that they
could all be in one note and Iwouldn't have to keep a bunch of
notebooks, but there's somethingabout a physical pen and
physical paper that just makesme learn more easily than
another screen, you know?
O'Shea Bowens (23:46):
Yeah.
I try to remove myself from thescreens if I can.
So I think pen and paper and Ithink most studies show that
too, you're more likely toremember or it helps with
memorization, you physicallyhave to write it out as you're
thinking it.
Jason Nickola (24:00):
So changing gears a little bit, was there a time
when you started to have aconcept of your larger career
and an arc that, I'm here nowand I want to get somewhere
else.
Here are the places that I haveto go and the things that I have
to do to fill in the gaps inbetween.
Was that a thing for you or isit more of I'm going to do the
next right thing and keepworking harder?
O'Shea Bowens (24:32):
No, I definitely plan it out.
I would say it was around 2012,2013.
Like I said before, most of mybackground at the time was from
a network security perspective.
But something I realized aroundthat time I was working for the
Department of Energy in Vegasand subcontracted out to NSA.
And it was one of the first timeI had exposure to basically a
(24:54):
broad unit of individuals withdifferent talents.
We had some Air Force dudes thatwere great with intel, and then
we had some people that weregreat with forensics and then we
have some people that were kindof like me, kind of a generalist
around network security, butknew a little bit on the system
side.
(25:22):
And when I had that exposure tomultiple individuals with
multiple disciplines, I realizedmoving up for my next 10 year
plan, if I wanted to be in aposition of management and not
management as a title type ofthing.
The way I think about managementis you have broad perspectives
on different areas ofdisciplines for cyber or for
(25:44):
security.
But now you can incorporate thebit of knowledge that you know
to build out a program.
And then bring in some moretalented and hardworking
individuals that are specialistsin the areas that you're a
generalist.
Not only to grow your ownknowledge and your own passion,
but also to build out a strongteam and a strong program and
(26:06):
help the organization.
So when I looked at myself like2013 timeframe, okay, I had to
map out essentially what's thenext five years look like?
If you want to move into amanagement position, what do you
need to understand?
And then if you think about your10 year plan going into 2023 or
2024, where do you want to be inyour life, right?
Is that quote unquote like aCISO position, is that more so
on the technical side andleading projects or is that
running your own shop?
Like what does that look like?
But what I did know at the timewas even if I didn't have an
answer for the three previousquestions, it was staying a
generalist and continuing thatdown that path and picking up
different bits and pieces ofknowledge from people that I
knew that were great withdigital forensics and people I
knew that were great with intelwill help me move down my path.
And that's essentially whathappened.
I moved from essentially ageneralist from network security
to learn a bit more on thesystem side.
And then that led into IR.
(26:26):
And then IR led into a bit ofmalware analysis, analysis will
begin to incorporate threatintelligence inside of
organizations that werefortunate enough to have an
intel program, right?
You start to pick up these threeor four different areas.
What I think is superfascinating especially about our
field is there are some greatspecialists out there that you
can follow and listen to andjust keep ramping up, but just
doing that work on your ownfirst to start understanding
(26:48):
these different areas.
Jason Nickola (27:46):
That was the first of our two part interview
with O'Shea Bowens.
Thanks to you for listening andto him for joining us and
spending the time to delve intohis origin story.
Don't miss part two with O’Sheain two weeks to hear about how
he grew his skills and activelycultivated his career, as well
as tips he has for how you cando the same thing.
Please don't forget to subscribeto the show wherever you listen
and sign up for notificationsabout new episodes at
(28:09):
giac.org/podcasts.
Thanks so much for joining usand we'll see you in two weeks.
This is“Trust Me, I'm Certified,” brought to you
by GIAC Certifications, apodcast exploring how to conquer
imposter syndrome.
Welcome back to“Trust Me, I'mCertified.” I'm your host, Jason
Nickola, and on this episodewe're joined by O'Shea Bowens
for the first of a two partinterview in which we cover a
ton of really interestingground.
(00:23):
O'Shea is probably one of thefirst people who comes to mind
for me when I think of someonewho just grinds and really works
hard for the things he wants tomake happen in the world.
From his role as CEO and founderat Null Hat security, and
trainings he's offered at eventssuch as DEF CON, to speaking and
serving as an advisor at theSANS Blue Team summit, in
addition to a lot of the missionbased work that he does, which
(00:45):
is probably the thing that Irespect about him the most.
You don't have to spend muchtime with him before you get a
real feel for why he does whathe does and how passionate he is
about enabling others,especially as it relates to
communities of color.
With projects such as theIntrusion Diversity System
podcast, cybersecuritynonprofit, and the Boston
(01:05):
security meetup scene.
With such impressive things onhis resume and some real
momentum in his career over thelast couple of years, you might
think that InfoSec was anobvious professional path for
him, but as appears to be arunning theme on our show,
there's some real twists andturns to O'Shea's journey, which
were so helpful for me to hearand I think that lots of you
(01:26):
will find some real value heretoo.
So please enjoy round one withO'Shea Bowens.
All right, so we are joined byO’Shea Bowens.
I'm really excited to have aconversation with you.
Thanks a lot for joining us.
O'Shea Bowens (01:41):
Yeah, thanks for having me, man.
I greatly appreciate it.
Jason Nickola (01:43):
For sure.
So, let's start out with whatwas your path to security and
technology?
When did you realize that thiswas going to be it for you?
O'Shea Bowens (02:33):
Realized it was going to be it maybe 22, 23?
The introduction was in sixthgrade, so I was like 12 or 13.
There was a computer programmingclass, not necessarily like
assembly, but making gamesessentially.
I figured out how to getunlimited ammo on Oregon Trail
and I just thought that wasawesome.
Well, me and my buddy didactually, you can't take all the
credit.
Jason Nickola (02:52):
So you had that class in sixth grade?
O'Shea Bowens (02:52):
Yeah, that was a weird thing.
So I'm originally from Dallas,Texas, but I guess you guys
don't have, I'm in Boston now,but I guess there’s no
year-round school up here.
Jason Nickola (02:52):
No.
O'Shea Bowens (02:52):
So year-round school, it’s basically what it
sounds like.
Instead of having a summer, youget like two weeks off at a time
or three weeks.
And we had electives at myschool, and we had a computer
class and I was really hooked onthe computer class and
ironically enough that same yearhackers came out, my buddy's mom
bought the movie.
And as we were walking back hishouse, he was like, hey, do you
want to check out this movie mymom bought?
It's about people doing stuffand I remember specifically, I
was like, what's it called?
And he said“Hackers” and I hadno idea what that was.
Cause we were like 12 or 13.
And when we watched it, youknow, it was just awesome.
It still is awesome, of course.
But that was like the moment,not necessarily I thought about
security, but I was reallyunderstanding like what a
computer could actually do.
Jason Nickola (03:25):
Right.
You had this really progressivemiddle school that taught you
some kind of programming at thetime, which is becoming more
common today.
But especially 10, 20 years ago,it wasn't as common as it is
now.
And then“Hackers” came out andyou got exposed to it and you
just wanted to dig in tocomputers and figure out what
you can do with them.
O'Shea Bowens (03:45):
Yeah, essentially.
And then, you know, at this timeAOL was fairly big.
And I remember specificallytyping in, I was in some room
and I was asking, hey, how do Iget a virus?
It sounded like crazy newbie.
But I mean, I have a wholetheory about asking questions.
We can talk about that later,but some dude pushed me and he's
like, well, AOL really isn't theplace you should be talking
(04:07):
about that, here's this link tothis bulletin board site.
Then that led to a full-blownboard that seemed not as
friendly, but I got pushed tothis forum.
And then inside the forum waswhere I started to speak to
other people that were kind ofon the- whatever you want to
call it, black hat, dark artsside.
You know, but the fun side tome, cause I was a kid and
(04:28):
curious adolescent and learningthings and people treat you like
an adult when you're online.
They have no idea you're like 12or 13.
Jason Nickola (04:39):
Yeah.
So a very quick transition from,hey, this computer stuff is
cool, I'm going to use thingslike AOL to hey, here's your
entrance into the seedierunderbelly where people are
actually learning how to attackthings and exchanging techniques
and maybe even some binaries.
O'Shea Bowens (04:55):
Yeah.
And I didn't get into reverseengineering or anything, but it
was really getting these smallviruses on how to connect to
someone's- how to take oversomeone's chat channel.
So how do you throw thisexecutable and hopefully they
click on it and it commits abuffer overflow and then from
that buffer overflow, when itcrashes and the session comes
back up, you're in control andit was stuff like that, I didn't
totally understand how itworked.
(05:15):
I think even now today you canstill buy whatever malware
you're interested in for a priceand just click and go.
But that was just- it's stillfascinating to me to this day,
which is why I've stayed inInfoSec.
Jason Nickola (05:31):
Yeah.
Well especially at such a youngage to see, the kind of power
and the depth of, hey, there'ssomething behind all of this.
I love speaking with peopleyoung and older that don't have
a lot of experience intechnology.
And although it seems just superobvious to us, one of the first
things I love to show them isthese internet pages, these
pages that you’re going to inyour browser are really just
(05:53):
texts and it's just delivered toyour computer.
You can manipulate them.
And there's just anothercomputer somewhere that has this
text and then your screen justknows how to display it.
And you can kind of see, wow,there's something behind all of
this and it exists becausepeople created it, right?
O'Shea Bowens (05:57):
That's the really cool thing
It's not magic.
It's just people.
It's just somebody else justlike you, you know.
Jason Nickola (05:57):
Yeah, I love the way you put that, that it's not
magic because I've talked aboutthose kinds of things so often
because especially in securityand technology, there are lots
of people that like to makethings seem so much more
complicated than they are.
I think as a validation of thefact that they understand it and
can use it and that if youcan't, then it's a
one-upsmanship kind of thing.
But none of it's magic.
There were people in a room thatdecided how TCP was going to
work, that decided how C++ wasgoing to compile, that decided
how Nmap was going to work, andthe list goes on and on and on
and they created it.
And you know, if you have theinterest and the drive and the
stick-to-itiveness to keep goingwith it, you can figure it out.
And I find that more thananything else, certainly more
than the technical skill isreally the hallmark of somebody
who's going to have a lot ofsuccess in this industry is can
you really just work past someof the challenges and just stay
interested and stick with ituntil you get it.
O'Shea Bowens (05:58):
Yeah.
I think a lot of determinationand also communication.
Like I'm a big fan ofinterpersonal and extra-personal
communication.
Like how do you just speak topeople in a fashion where it
seems like you're open versusstandoffish.
I don't have that pride in methat’s like, I don't ask for
help.
If I don't know, I'll ask forhelp.
I was raised like my mom with Iguess a Southern saying, closed
(06:20):
mouths don't get fed.
Like if you don't ask thequestion, you're just starving
yourself of that potentialknowledge.
Cause you're too proud to ask itor you're embarrassed, you have
to just get over that.
No one is born with this.
It's not innate to anyone.
Everyone asks a question at somepoint.
Jason Nickola (07:40):
Right.
So it sounds like you were kindof brought up that way, but have
there been times, especiallyearlier on in your career when
you're, or even when you were akid and trying to learn this
stuff, have there been timeswhen you were more hesitant to
voice questions because of howyou would come off or maybe
environments where it was easierto stay quiet than others?
Has that been something thatyou've dealt with or seen in
other people that you've dealtwith throughout your career?
O'Shea Bowens (08:22):
Yeah, I mean it's mostly as an adult to be honest.
I think when you're dealing withother people, when you're, at
least from my perspective, fromteenager years, I never really
had that from the IT side or thetechnology side.
I never really dealt withsomeone that I felt embarrassed
to speak with.
I guess what you would call the2600 group in Dallas, everyone
was really, really friendly atthe time and we had we had a
(08:43):
bazaar every other Saturday orthird Saturday of the month and
you can go there and pick upboards and drives and things
like that.
(09:07):
And everyone there was fairlyopen.
I didn't really run into thatuntil my second job.
I was working for a defensecontractor and there was just
this one guy, I didn't pick upon at the time, but it’s one of
those things you start torealize because someone's
buddy-buddy with me at workdoesn't necessarily mean they're
on your side.
He just constantly tried to makeme question myself.
And then at this point I was ina position where I was actually
(09:30):
shadowing him.
So it became uncomfortable toreally ask him for help.
And in regards to learning thesystem or learning the
environment, he would kind ofjust make it seem like, oh, you
don't know that?
Oh, well what are you doinghere?
You know, it was that type ofthing.
And then eventually you kind ofrealize just don't speak to him.
(09:50):
Like there's some people, youknow, there's no there's no
reasoning with them because theyhave an idea in their head
that's driving their actions andwhen they have that seed
planted, however long it tookthem to plant, that seed is
going to take longer for you totry to remove it.
And as you're spending 40 hoursa week with this person, is that
really what you want to investyour time into?
So it's happened once at a roleand that was super uncomfortable
for like three months.
Jason Nickola (10:11):
So did you just try to segment yourself from
that person and find otherpeople to kind of be your
immediate clique at work or didyou just ignore him?
O'Shea Bowens (10:31):
No, it's actually kind of hilarious cause it still
holds true now.
So this was a very junior levelrole and there were a couple of
seniors on the team that forsome reason I didn't want to
approach them cause I thought,you know, maybe that's what they
thought of me because this iswhat he thinks of me and he's
been here for a while and he'smore connected with these guys.
Jason Nickola (10:50):
Maybe it's representative of the larger
culture.
O'Shea Bowens (11:10):
Yeah.
Like that's what therepresentative body thinks of
you.
And when I started to speak tothe seniors that they were 360
degrees different.
They’re like, oh, so why don'tyou just pull up a chair next to
me?
There’s a guy named JamesFisher, he's still in Dallas.
And James, he's more like asecurity architect.
But he was instrumental in beinglike,“oh, this is our
environment.
This is how it’s built out, whatare you up to?
What's your background?
Oh cool, I'm going for my PhD,if you have any questions, let
(11:33):
me know.” And I still speak toJames every so often when I'm
stuck on something.
But it was one of those things Iwas like, maybe I should just
speak to someone else.
I reached this point of justgetting over the embarrassment
part because I wanted to performwell.
I'm there to perform.
My performance is suffering.
If you know me, I freak out- notfreak out, but I'm one of those
people that whatever they sayabout me, they can't say his
(11:53):
performance was horrible.
I kind of pride myself on mywork and end result, you know, I
try to be the best version of mein the personal and professional
life, as corny as it sounds.
So if my work is representativeof me, I want that to be on par,
you know?
Jason Nickola (11:56):
Right, right.
So backing up a second.
You talked about some of thethings that you did when you
were a kid and first startedgetting into technology.
When you look back at it, arethere kind of generic traits
that knowing where you would endup, you go like, oh well duh,
obviously I was gonna end upbeing a security professional
and working in technology andbreaking things and fixing
(12:16):
things and defending things.
But it's really hard to see thatahead of time.
But looking back, do you thinkthat those traits were there and
what are they?
O'Shea Bowens (12:28):
Well, yeah, I guess to go back a bit, I didn't
know that was really going to gointo the security side until I
was like maybe 22.
Because when I went to college,I went to college for fashion
design.
I kind of wanted to take a breakfrom technology and I've always
had this kind of a weirdobsession with fashion.
The idea that you can createsomething and someone will
basically wear your idea, whatyou've made is what someone else
is wearing, you know, and that’sstill a fascination with me.
My ultimate goal is to makeenough money to sponsor a young
designer and then hopefully theyblow up and then I get to go
hang out at fashion week.
(13:05):
But when I do look back though,there were certain challenges or
certain parts of my personalitythat did kind of click with
security, like the curiousaspect of wanting to put things
together.
I’ve pretty much spent themajority of my career on the
defensive side of security.
I know some awesome pen testers,I always say I suck at pen
(13:25):
testing even though I've had topick up more and more offensive
traits to kind of become a fullteam, full-sided, transitioning
from blue team to I guess purpleteam essentially.
So you gotta get an attack todefend, you gotta defend to
attack.
But the idea of puzzle piecesand how things are separate and
how to bring them together.
When I began intrusion analysisfrom a layer 3 or from a
networking perspective, what wasreally kind of cool with me, I
(13:47):
remember the first time I sawWireshark, I thought it was
awesome that you could runpattern matching against a pcap
and then just string togetherpieces of traffic or particular
protocols that may look out ofplace and make them line up to
equate to something.
That was a really awesome day.
And I remember specifically thefirst couple of times I began to
like working in an intrusionanalysis base.
I didn't think I was reallygoing to move away from network
security because that was reallythe big interest of mine for
probably for three yearsstraight was really
understanding what's happeningon the wire.
Like, how can I detect, how canI get better and how can I
analyze?
It wasn't until later in thecareer where I started to pick
up other disciplines.
Jason Nickola (14:38):
So you studied fashion design in school and
then you come out and around 22,you start to pursue a career in
technology.
Was it right into security andwhat did you do to try to build
your chops for that first role?
You had a lot of experience asan enthusiast in your younger
years, but how did you reallymove into becoming a
professional technologist andthen eventually security
(14:59):
professional?
O'Shea Bowens (15:03):
Yeah, so I was going to school at Texas Tech
University for fashion design.
I left that to essentially workat this smaller startup that my
friend's brother had created.
And after that, I started tothink, well, what do I to do
with my career?
You're 22, you have to make adecision and your buddies are
going to be graduating soon.
Not to say that was a hugedriver, but it was really
(15:23):
thinking down the line, what doyou want to do?
So luckily I was able to find anetwork engineering job at a
telecom.
It was at AT&T.
And ironically enough, Metro PCSheadquarters were right in the
same courtyard as AT&T inRichardson, Texas.
(15:48):
So I don't know why competitorswere- this was the first year of
Metro PCS was around.
This was really, really early,hadn't gone public, very, very
new.
And there was a gentleman I metone day when I was parking who
was the director of security atMetro PCS.
And keep in mind, this was like2008 right?
So there's not a lot of securityjobs.
It gets difficult now to readthrough security job
(16:08):
descriptions.
You wonder if you're qualifiedor question your qualifications.
So go back, you know, 2008 whenthere wasn't a lot of searching
online for the roles and theyweren't very well written.
But this is borderline stalker,but essentially what happened
was the manager or the directorof security at Metro was a
smoker.
And from my desk at AT&T I couldsee him going down into the
(16:33):
courtyard and he smoked.
I knew his habit after a coupleof weeks, cause I was always
asking, hey, are you hiring?
So when he's smoking I wouldlike bolt downstairs maybe like
a minute before he was finished.
And I would just ask like, oh,hey, did you see this happen in
the news?
(16:53):
Or hey, what do you think aboutthis tool?
What are you guys using toanalyze network security?
What are you guys using toanalyze the tags or is there
something that you think someoneshould know to come work with
you?
And this went on for a couple ofmonths.
So every time- his name was Andy- every time he would go down to
smoke, not every time, but mostof the time, especially if I saw
him, I would bolt down thestairs because the elevator was
too slow.
(17:18):
So I'd literally run down thestairs, walk outside and just
kind of pester the dude.
And he knew I didn't smoke.
He was like, what are you doingman?
But after two or three months ofthat he had an opening for a
junior intrusion analyst.
That's how I got the job.
I just kept bothering him,really borderline stalking him
and watching him when he smoked.
But I also would always kind ofbust his chops around like, hey,
(17:41):
I saw this happen.
What do you think about this?
I remember one time I wastalking about some piece of
malware that's a key logger orsomething.
And I was like, if I were todeploy this in your environment,
how would you guys catch it?
And I think that was kind ofwhere he was like, okay, well I
think he's serious right now.
He's thinking about how toactually capture this and report
on it.
Jason Nickola (18:05):
Well, in security, we're allowed to say
that you social engineered him.
You didn't stalk him.
O'Shea Bowens (18:09):
True.
I say that now, yeah.
Jason Nickola (18:12):
Right.
So what about the technical sideof things?
What did you do to really try tofill in- like how did you learn
about key loggers and malware?
Granted, you had the experiencewhen you were younger digging
into that stuff, but how did youmake the transition to becoming
a professional in that regard?
O'Shea Bowens (18:29):
I basically broke a lot of stuff in my home
environment.
I'll back up.
So from a layer 3 perspective- Iwish I could remember the
website, but there was a websitewhere you could basically build
out virtual environments forCisco routers and switches.
Cause I was working innetworking at AT&T so I had
access to this site.
(18:49):
I just can't recall the name ofit.
But basically, I abused thatsite.
I was constantly learning aboutrouting and BGP, about different
protocols and how routersactually are functional within
large environments.
And how to stand up a networkand how to take down a network,
things like that.
And around that time I was stillhanging out on different sites,
different websites or whatnot, Iguess you could say forums.
(19:15):
And I was still interested inhow attacks occur from layer 3
sites.
That’s basically what I wasinterested in as a kid, it was
networking.
Like how does the internetbackbone work?
How am I speaking to this dudein Germany in this chat room
right now?
How the heck is that possible?
So a lot of it was based onhaving access to that CCNA lab,
which was a lifesaver because Ilearned so much on the layer 3
side and building outenvironments.
(19:36):
But also I built out homeenvironments.
And then from the homeenvironment side, what I would
basically do is run samples Igot offline at the time into my
environment and then watch myrouting protocols break or watch
something become introduced inthe virtual environment.
(19:59):
And it was books and speaking toother people.
But a lot of it was really mejust on my own, not to say I did
everything on my own.
I had people I would askquestions to, but none of my
friends were into this, so itwas mostly me just grinding away
at night, everyone else was kindof out doing whatever and I was
at home on my laptop, bangingaway, trying to get better.
(20:20):
And the one thing I do remembervividly doing was following most
of what was going on at DEF CON.
It was a lot of learning whatthose guys were up to because
even now I still look at some ofthe people- it sounds maybe fan
boyish- but some of the peoplethat present at DEF CON are just
ridiculous.
Jason Nickola (20:37):
Yeah, I agree.
O'Shea Bowens (20:43):
It's like, how did you do that?
You find yourself in thisposition thinking like, okay,
maybe I won't be at that level.
But if I can at least understanda percentage of what the heck
he's talking about, I canprobably use that.
You know?
And I still use that to thisday.
I still use that technique tothis day.
I don't need to understand ahundred percent but if I can
understand enough that I couldapply it to my life or what I'm
(21:03):
doing, then I consider that awin.
Jason Nickola (21:07):
Yeah.
And I think that’s such animportant realization.
It's not that to learnsomething, you have to know
every single prerequisite pieceof information and be able to
absorb everything in the newtopic.
I really don't think thatlearning works that way.
I think it's expose yourself toas many even tangentially
related things as you can andpick up something from all of
them.
I can't tell you how many timesthree years down the line I'll
understand something because ofsome random piece of information
or get some opportunity becauseof some random connection or
something that I just happenedto do for no reason a few years
ago and then it all just kind ofstarts to make sense and
connects.
But if you don't stay busy, ifyou're not trying to learn new
things and you don't have thosenights that you described where
it's just you getting your handsdirty and doing what you can to
try to work through things, thenI don't know if you get that
same reward of being able toconnect the dots over the long
term in that way.
O'Shea Bowens (22:04):
Yeah, totally.
And I think another big thing todo is- okay, I'm an avid note
taker.
It looks like a madman in myoffice cause there's like legit
notebooks from like three orfour years ago that I filled
out, but I refuse to throw themaway.
Something that I've learned isnotating what you do and moving
back towards that in a latertime period.
A good example is a couple ofweeks ago, I was creating this
(22:26):
lab for this workshop that I'mleading actually this Saturday
I'm leading this blue teamingworkshop.
And there were some notes I tookon shamu, that old ransomware
from a couple of years ago fromthe Saudi Aramco attack.
And I remember there werecertain indicators that I had-
now I'm giving away a couple ofthe exercises.
(22:54):
But I remember there werecertain indicators that I wrote
out how you could carve them outfrom IDA Pro and, I just wrote
them out.
I was like this, this, this andthis, you know.
And then a couple of nights agoI was stuck on something.
And I was like, I know I havethis written somewhere.
Where’s that book from 2017,where's that notebooks?
I know I have it, but because ofthose notes it allowed me to
kind of refresh around what thatpiece of ransomware does.
So being an avid note taker canbe so helpful cause there's a
(23:16):
lot of times I think yourknowledge is almost recursive.
Like you're doing this backwardslook up on something you've
learned previously and you’relikely going to forget a lot of
this stuff unless you have aphotographic memory.
But when you have massiveamounts of notes that you can
rely upon going back months andmonths or probably a year based
upon your own research, yeah,that is like gold in your hands.
Jason Nickola (23:44):
Right?
Yeah, I'm very similar withnotebooks.
And for a while I transitionedto using a Surface so that they
could all be in one note and Iwouldn't have to keep a bunch of
notebooks, but there's somethingabout a physical pen and
physical paper that just makesme learn more easily than
another screen, you know?
O'Shea Bowens (23:46):
Yeah.
I try to remove myself from thescreens if I can.
So I think pen and paper and Ithink most studies show that
too, you're more likely toremember or it helps with
memorization, you physicallyhave to write it out as you're
thinking it.
Jason Nickola (24:00):
So changing gears a little bit, was there a time
when you started to have aconcept of your larger career
and an arc that, I'm here nowand I want to get somewhere
else.
Here are the places that I haveto go and the things that I have
to do to fill in the gaps inbetween.
Was that a thing for you or isit more of I'm going to do the
next right thing and keepworking harder?
O'Shea Bowens (24:32):
No, I definitely plan it out.
I would say it was around 2012,2013.
Like I said before, most of mybackground at the time was from
a network security perspective.
But something I realized aroundthat time I was working for the
Department of Energy in Vegasand subcontracted out to NSA.
And it was one of the first timeI had exposure to basically a
(24:54):
broad unit of individuals withdifferent talents.
We had some Air Force dudes thatwere great with intel, and then
we had some people that weregreat with forensics and then we
have some people that were kindof like me, kind of a generalist
around network security, butknew a little bit on the system
side.
(25:22):
And when I had that exposure tomultiple individuals with
multiple disciplines, I realizedmoving up for my next 10 year
plan, if I wanted to be in aposition of management and not
management as a title type ofthing.
The way I think about managementis you have broad perspectives
on different areas ofdisciplines for cyber or for
(25:44):
security.
But now you can incorporate thebit of knowledge that you know
to build out a program.
And then bring in some moretalented and hardworking
individuals that are specialistsin the areas that you're a
generalist.
Not only to grow your ownknowledge and your own passion,
but also to build out a strongteam and a strong program and
(26:06):
help the organization.
So when I looked at myself like2013 timeframe, okay, I had to
map out essentially what's thenext five years look like?
If you want to move into amanagement position, what do you
need to understand?
And then if you think about your10 year plan going into 2023 or
2024, where do you want to be inyour life, right?
Is that quote unquote like aCISO position, is that more so
on the technical side andleading projects or is that
running your own shop?
Like what does that look like?
But what I did know at the timewas even if I didn't have an
answer for the three previousquestions, it was staying a
generalist and continuing thatdown that path and picking up
different bits and pieces ofknowledge from people that I
knew that were great withdigital forensics and people I
knew that were great with intelwill help me move down my path.
And that's essentially whathappened.
I moved from essentially ageneralist from network security
to learn a bit more on thesystem side.
And then that led into IR.
(26:26):
And then IR led into a bit ofmalware analysis, analysis will
begin to incorporate threatintelligence inside of
organizations that werefortunate enough to have an
intel program, right?
You start to pick up these threeor four different areas.
What I think is superfascinating especially about our
field is there are some greatspecialists out there that you
can follow and listen to andjust keep ramping up, but just
doing that work on your ownfirst to start understanding
(26:48):
these different areas.
Jason Nickola (27:46):
That was the first of our two part interview
with O'Shea Bowens.
Thanks to you for listening andto him for joining us and
spending the time to delve intohis origin story.
Don't miss part two with O’Sheain two weeks to hear about how
he grew his skills and activelycultivated his career, as well
as tips he has for how you cando the same thing.
Please don't forget to subscribeto the show wherever you listen
and sign up for notificationsabout new episodes at
(28:09):
giac.org/podcasts.
Thanks so much for joining usand we'll see you in two weeks.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com