Ashish Rajan: [00:00:00] Hello, and welcome to cloud security podcast. I have an amazing guest today. Her name is Fareedah Shaheed, more popularly known as cyber Fareedah. I’ll let her introduce herself. Welcome Fareedah. Thank you for coming on.
Fareedah Shaheed: Thank you for having me. So of course, my name is Fareedah Shaheed. I am a cybersecurity or online security and safety coach and strategist.
For non-tech savvy, small business owners and families who are just looking for how to protect the I’m
Ashish Rajan: glad you’re here as well, because small and medium-sized businesses. Cause I have a couple of startups or a few salads in the audience that I come in. And a lot of people have been asked to work from home and online security is kind of like your forte Blackboard, why not begin free to, and we’ll help her make others understand how they can be on secure, online, and work from home remotely.
Or somewhere else in the middle of Bahamas, some veterans in a secure way, how do I remain secure online in a world of all
Fareedah Shaheed: right. So I could give about three to five tips. So the first tip I would give is to make sure that your system itself is updated your, whether it’s Mac, whether [00:01:00] it’s a windows, computer, And a lot of Mac users always feel like they’re never going to get hacked, so they never have to do anything.
I’m like, oh no, I can click on all the links. I never have to update anything. And I’m like, no. So you just want to make sure you’re updated. And also another thing is that your internet that you’re using is good so that you have, you change your default passwords. A lot of people don’t do that. You have a strong password that you give it.
So you don’t just give it a password that you do all around. You’re using something. Of course a password manager, if you want to, or you can manage it physically. So some people are not tech savvy at all, and they’re really scared of the internet and they probably will lose their master password if they had a password security program.
So if you want to do that, do that, just make sure your passwords are really good. Another thing is huge thing right now is we call it, we started talking about the COVID-19 scams. So just being alert for the COVID-19 scans and telling them. Either, whether it’s your coworkers, your teammates, your employees, whatever it is, telling them about the scams and just staying on high alert for anything that mentions COVID-19 coronavirus, safe, safety measures, things like [00:02:00] that.
What’s the, what’s
Ashish Rajan: an example of a scam that you’ve heard from COVID 19.
Fareedah Shaheed: So the biggest one we’re seeing is scammers impersonating who, and saying there are safety measures, or there are new cases in your area, or there has been a cure or a vaccine and click here, download this, maybe a fake map. Those are the things that were.
Ashish Rajan: going to say, who is
No, cause I think another one that I’ve heard and I don’t know if it’s an Australia thing. A lot of older people were being given a phone call and they were getting voicemails saying that all we’ve found the diagnosis for, especially these are like people in the seventies and higher space. They’d been left a voicemail to say that, or give us a call back on this number.
We have a vaccine. Share your bank details, then we can transfer, make the payment and transfer it for you. So just make sure you have the address and the bank details in the response and the response you’re like teeth is like, I mean, I think it’s an opportunity playground for everyone, including the bad guys.
That’s how I see COVID-19 at this point then. So would the, a lot of people are working from home remotely, Jews recommend something like a VPN kind of connection as well, depending on how does it [00:03:00] get too technical for people, or is it an easier way to just kind of go down that, oh, I’ll update my Mac book, update my windows, anything else?
And password manager as well. Great. Yes. Yeah.
Fareedah Shaheed: VPN is good. Resume is good. Dropbox for sharing files. Just different things that you can use. Somethings, some people there’s like a level of non-tech savvy. Some people are non tech savvy in terms of technical technical, and then some people are non tech savvy, meaning anything ever to deal with the computer internet.
They don’t know how to open a word document and type. So. People who don’t know how to operate an application or software or browse the internet, that some simple things can be non simple for them. It usually in person training or on the phone training, but very slow walkthrough sharing the screen. If you can, certain things you can’t share screens with, but those things are helpful.
So it really depends on.
Ashish Rajan: Sure. And I think just for the audience where people may be founders of a startup or a small, medium sized business, they themselves may not be tech savvy, but they would have people around them who may be tech savvy. What do you recommend for [00:04:00] them at this point in time? So you’ve kind of mentioned how to keep, how to work securely from a remote perspective.
How do you share, what are your thoughts on online security for small to medium size business? Why is it important for.
Fareedah Shaheed: I would say the biggest mines biggest block I see with security is mindset. And it sounds crazy. It sounds like, oh, they don’t have, I mean, of course budget is a big thing. Time is a big thing, but I would put mindset before budget.
The reason being is because if you don’t think you need it or you don’t think you need to learn it, then budget our time doesn’t matter anymore. We get to budget and time after we work with mindset. So the biggest thing I see with founders, starters, startups, whatever it is, even if they’re a CEO of a small, small business or micro business, 10, 15, 30 people in their business is they think, okay, the it people or the person that I hired to do my WordPress website for security.
Is the person to do and not me. And they think as a CEO, as a founder or as a COO, I don’t need to know these things. Only the technical people need to know. So breaking that barrier first [00:05:00] and pretty sure you listening to this podcast to begin with or watching this video, you’re already on the path of understanding.
Okay. My mindset. My mindset’s there, but if you have a partner, if you have a COO, if you have a CFO or whatever it is, getting them onboard and making sure that everyone is in the company, everyone on the team is on board with security. That’s the best first step. And then you can get into, okay, who do we hire?
What do we do? How do we get security, education and training, which is specifically what I do. Those things will come later after the mine.
Ashish Rajan: Sure. And so is your training more focus on non-technical people as well? And or is it just a broader category for both technical and non-technical. It’s
Fareedah Shaheed: mostly for non-technical people though.
I do have, I’ve had a client who was a technical person who was an engineer, but she didn’t know anything about security or real like deep dive into technology and practical use. He was just doing her engineering thing. So I do have people who are technical in the program, who’ve wanted to be in the program, whatever, but my main [00:06:00] audience is people who are not tech savvy, because those are the people who run away from security, more than people who are a little bit more.
Ashish Rajan: Right. And I think it’s a great segue to get into the program, which I a hundred percent really wanted to get into. So just to set some context for everyone else who, one of the conversations that Fareedah and I were having was Fred is developing a program, which is an online program. And being over at seasons, a lot of us security folks are either working from home or working remotely.
And we’re kind of trying to find either online courses or finding ways to educate. Maybe it could be your team within the organization. So to what Frida said, you’re a CFO or a CEO. You ha you have to make something online for them to consume. You can learn, run endless presentation for them and board them to debt.
But. The way I found out another way with Frida was that she is developing this program online where you don’t not just benefit the company or the clients, but you also benefit a broader set of people. So keen to get into, I am. This is for the first time I’m keen to make my. First online course on it could be online security or it could be, how do [00:07:00] I remain secure in a world of COVID while working from home?
How do I approach it as a technical person? Because some of those are, I’m sure a lot of people in the audience have a lot of technical knowledge and they would want to share it. How do, how do they, where does it start? What should they consider while making a program that you’ve consumed by wider?
Fareedah Shaheed: So I would say just like everything, just like I said about all my security and safety training, the mindset part.
I would say looking at the part that you’re probably not looking at, usually when you’re thinking of online course, you’re like, okay, how do I get it out? How do I make money? How do I et cetera, et cetera, how do I do this? What software do I need? But before that, you want to know who you’re talking to and who your target audiences who is going to actually need this.
And what problem yourself. So you want to go, okay, who’s my audience? What are they thinking? What are they doing? And then what problem do they have and how is what I’m doing, going to solve that problem. And so once you have that, then that’s when you can start with, okay, what am I going to use? What is the.
Is this going to be a webinar? Like, are they going to pay for it? Is this going to just be a quick mini series? Is it [00:08:00] going to be a course that has six weeks? Is it going to be a live course? This is going to be a prerecorded. So those are the things that you can start thinking about after you say, okay, this is my audience.
This is their problem. This is what I’m solving. I was start
Ashish Rajan: there. And maybe if you go a layer deeper into the whole target audience thing, because I feel like a lot of information online is on non-technical. How do you, or where do you start for the technical audience? Like, I mean, I guess I just narrow down even further for the cybersecurity folks listening.
And obviously you, you, maybe to a point you may be like, oh, I’ve got an online course for security. Where do I start finding my target audience? Is it, is it basis where I hang out or is it basis where they hang out?
Fareedah Shaheed: I would say go to where they are. So I was the first thing I went for my audience. I’ll just go for how I did it.
And people can kind of mirror to what ever their circumstances. W the way that I did it was I went on Facebook first. I was on Twitter. I was on LinkedIn, but those were all cybersecurity based. Most of the people that follow me on LinkedIn or Twitter, or just a cybersecurity professionals, but I went to [00:09:00] Facebook and I thought, you know what?
My target audience, which is like 25 to 40 is on Facebook. And that’s a huge, you know, market. So I’m let me go there. And let me build a relationships with them. Let me go to their events, let me support them. Let me figure out what they like, what they don’t like, let me have conversations with them. And that’s basically what I did.
And then I also was on Instagram, which is why the handles there. That happened by accident. Not going to tell the whole story, but the point was somebody and her name is Jane Franklin. She’s absolutely amazing. I think you interviewed her before on the show. She, yes. Yes. So she’s absolutely awesome. And she told me, Hey, Frida, you should be on Instagram.
And I thought no, no, no, one’s gonna. Looking for security, Instagram, Instagram’s about fashion food, you know, makeup. No one cares about that, but she pushed me for what? Yes. Yeah. She pushed me for months. She kept checking. She’s like, Hey, free to, how are you doing? Did you go to Instagram yet? I’m like, no.
So I finally joined and that actually helped me with my target audience as well. And so I found a lot of collaborations, a lot of partnerships, a lot of events, a lot of getting the word. Just [00:10:00] because I’m on Instagram. So I would say really look at the stats and take yourself and your feelings out of it.
If your audience is on LinkedIn, go on LinkedIn. If it’s on Twitter, Twitter, tick tock, tick tock, Snapchat, Snapchat.
Ashish Rajan: did you narrow down to this? You actually had a very specific number, 25 to 40,
Fareedah Shaheed: 75 to 40. I mean, there, there have been people below 25 over 25, but I don’t necessarily go after. That’s not the ideal.
I wouldn’t say it’s not ideal. Yeah. That’s just not something I focus on. If they come, they come, if I can bring you value, I will. But that’s not who I focus on.
Ashish Rajan: Right. Okay. And, but then to your point, so you were able to narrow that audience because you went on these different platforms like Instagram and other places to see if people are asking these questions, is that what you were looking for?
Like, what am I looking for? We’re looking just for people who are in the space and also have an account. Cause I mean, I have an account.
Fareedah Shaheed: Right. So if follow people that are in your target audience, people who have huge audiences or people have mid-size audiences, so thousands or millions or whatever, follow them if that’s your target audience.
So if you’re talking, if you want to be somebody who’s [00:11:00] like, I want to teach, it’s difficult on Instagram is easier on Twitter and LinkedIn, because they say what they’re interested in. So you want to teach, say, life students as cybersecurity, you would kind of follow different people on Instagram or Twitter or Facebook or whatever.
Who are in that audience and engage with them and ask some questions and whatever you don’t have to really go in their inbox, say, Hey, this is me. I’m asking you a question, but just build a relationship with them and say, this is what I do. And, you know, just ask them some questions. Sometimes, sometimes a survey can help.
So when I first, first started, this was before I even knew I was going to really start my business, but it really helped me was I developed a survey and I sent it to my friends and family about how much they knew about. And I wanted to know in general, in my audience how much they knew. And so that gave me a really cool thing.
Being a business owner makes me. I don’t know, more empathetic to do certain things. And so now I leave more reviews. Now I calm a little bit more because I understand what it takes to do certain things. So I’m more, I’m more likely to do surveys now, but I still [00:12:00] don’t do it as much because. If I don’t know you, I don’t know you.
So that’s why I only sent
Ashish Rajan: a dime as well. Sometimes. Like maybe see of, so it was just 10 pages long. You’re like, oh my God, that’s gonna take awhile.
Fareedah Shaheed: Yeah, I sit, I have to really be in the cause I really want to help somebody. And I like when they say take, it’s a
Ashish Rajan: great thing. You mentioned about students as well, because some of my audience members with students and would love if you share your journey or how you got into cybersecurity and to where you are now, students are listening and will have this constant question.
How do I go about getting into cyber security? Do I need to get a degree? Do I need to find a course or we’d love to hear your story on that. I’m
Fareedah Shaheed: really not the poster child for what you should do,
Ashish Rajan: but I think that’s a good thing. I feel that’s a good thing,
Fareedah Shaheed: but I could still say what I did and I’m not, there is, there’s no part of me that feels like what I did was any in any way wrong.
It was not the path that I wanted to take. That was the initial thing. I’m sure. Plant oriented. So when I first got into security, I actually was studying information technology in college. It was really cool. Nice, but a bit boring. And I have this [00:13:00] thing in me that if I don’t believe that something can give an impact to somebody in my I’m not saying technology is not giving impact.
I’m saying that me doing technology, I didn’t feel that I could be the best that I could be in. People the best was technology. And I had a conversation with my dad in the car and he said, Hey, you know, security is really good. I think you’d be perfect for security. There are not a lot of black woman or Muslim woman or black Muslim woman, whatever insecurity period.
So, or technology period. So if you go into security, I have a lot of contexts I can hook you up. And I said, oh, okay. You know what, let me do that. And so that’s when. I spent three, four months researching security got in, and then I kinda got tired of the whole college thing. And we talked about the phone.
I was like, I’m learning all of this. And I was talking to people that I connected with and networking. And they had master’s degrees and they had, you know, 500,000 security, different degrees, 50 11 security degrees, you know, of course, making up the number and not degree, excuse me, certifications. And they had a lot of experiences and they created their own labs and they still couldn’t find a job.
And I looked at my situation. Wait a [00:14:00] minute, if I, me and you’re you, and you can’t find a job, but I’m not doing this. And I was, it was, it was taking a lot of time and money out of my own, my own self. And I thought, let me find it. So that’s kind of my first beginning journey with that. So I got into corporate and originally I wanted to be in the most extremely technical position ever.
And I think it was a part of me I’ve been reflecting on that is probably a part of me feeling that I can do it and I’m going to show them that I can do it. And that’s not a, to me that’s a good mindset, only short term, and it’s not good. Long-term and I’m glad I realized that. And I’m glad I kind of push it back and went, okay, what do I do?
And then what can cause if I’m doing something to give value to other people, I can’t do it if I don’t want to. And so I went, I researched, I thought, okay, ethical hacking. So the thing I’m like, oh, you know, I don’t mind a little bit of coding. I didn’t really want to do coding, but I didn’t mind it. And then I started it and I went not eight hours a day.
Not happening, not happening.
Ashish Rajan: Yeah. It’s funny because I had a similar exquisite bend testing as well. When you first hear about cybersecurity automatically, everyone’s [00:15:00] like, That is my dream thing to be that I’m day one on the job. I hated it. I was like, oh my God, I have to do this for like how many hours?
And yeah, a hundred percent. But I feel like I know it’s not for me because I tested it. I went in and tried doing it. That’s why I know it’s hard. It’s not for me. Same for you as well. You kind of broke down. I can get bought to see if it is for you or not. And then you could make the call that actually I’m not really bad technical Lord.
I don’t have to be a technical. I can still be a good cyber security person without being too technical. So
Fareedah Shaheed: I did network security and I thought that was the thing. Cause I loved it. I loved it so much. I mean, it was just to me, I just, I loved it, but then it, when it came practical terms, like you said, I didn’t, I didn’t like.
And so I think it’s important just to try things. And I knew that.
Ashish Rajan: Yep. Yep. So four students are listening to this and as you mentioned, you may not be a poster child, but you’ve had success. So, and I love different approaches. People have taken to Gordon to get into cyber security. Cause I think you don’t have to have a cyber security degree to be a [00:16:00] security person.
It could be from any. It’s the approach you’ve taken, which I found really interesting where meetups and all the other things. Could you talk a bit more about that as
Fareedah Shaheed: well? So while I was in corporate, I thought I was going to be technical. Then they said, Hey, you have a background in mentoring, coaching, and et cetera.
So why don’t you do kind of that type of thing. So I started to do a security awareness at the company and I. Apparently pretty good at it. And there are people who write emails. They’re like, oh my God, we didn’t. Haven’t had people explain security the way Frita does. We love how you do it. A lot of people came up to me after my lunch and learns and said, Hey, can you do this outside of work?
And this was way before I even thought of, you know, having a business. And so that kind of sparked me to learn a little bit more about security awareness and there, and I thought, you know, Paying me because I really want to be technical. And there is this huge thing with woman insecurity. That’s a very good thing, but also backfires where it’s it’s they want to see women being technical that when you’re not [00:17:00] there, it’s like an offense.
Right. And so I got that. So when I switched from technical to coding network security, Cisco routers, all of that. And then I switched to security where it is. There are some people who are like, kind of upset with me for doing that. Yes. Yeah. Because there’s a good side. Cause you want more women insecurity.
Yep. But what happens is because we don’t see a lot of women in technical roles, anytime your insecurity, they’re like, oh, don’t be a project manager or don’t do this. You have to be the most technical person in the room. And so it just, they’re basically saying that me going into security awareness was basically feeding into the concept that women can’t be technical.
And I was like, okay,
Yeah, it was really weird. So I got that a couple of times. And so that kind of worried me in the beginning or I thought, oh my God, is this going to be it like, will I be stamped as like, you’re not really smart enough? And so that’s why you’re doing security where it is. And I think a biggest thing about this entire journey is understanding that there are different types of intelligence and we have in, in at least in the U S I’m not sure how it is.
[00:18:00] In the U S this there’s huge thing where like an intelligent person is someone who is intelligent in, in math or science. Right. But we don’t have respect for people who are intelligence for street intelligence, social intelligence. They have a, they have an intelligence when it comes to social relationships, they have an intelligence when it comes to it.
Well, just, there’s so many different things, art and music, those things are. So when we kind of put in a, in the security world, we have this huge thing where the more technical you are that means the better that you are, and that’s not necessarily true. And so if you can get rid of that concept and figure out what is your natural innate intelligence, and then go from there, that’s, that’s the best.
So that’s kind of like how I did it, where I thought, okay, I’m really good at public speaking and communication and relating to people and having conversations and something. Technical things have been always a part of my life. I grew up reading Cisco books. My dad was in, you know, security and it for a long time.
But at the same time, that’s not my passion and I can do more and I can service people in a [00:19:00] different way. So going down deep and under and understanding what is my purpose? Why am I here? Those things really help your career. So you can have a satisfying career and not just be the most technical person.
Ashish Rajan: Yeah. Yeah. And I think to, to your point, I’ve got like a slight indifferent view and it’s more in terms of sometimes to, to start a career in cyber security, you may have to be a bit technical to get that first job and kind of like what we were saying earlier, once you get that foot in the door and you kind of realize, actually this is not really for me, but because you’ve had that entry into that role.
I mean, you can go back into say, you can go into a non-technical field if you want to as well that doesn’t, that door never closes. And I think just on the technical part as well, I think I consider myself technical, but I know for sure that I would not want to be taking it for the rest of my life.
Like, I think there will be a point, like I’m not that old, but I feel like I’m old enough that I’m like, oh, I’ve done it enough for like over 10 years now that I still have to be technical, which is good, but I don’t have to be too technical to the point that I’m hacking into like a nozzle server. But I’m technical enough to know if I see someone door, I know what’s going on.
That’s right. I think [00:20:00] that’s kind of where it doesn’t have to be. Like, I know the latest tools that are running on the platform, but you’re going to have to get to that stage. And the starting point could be that you start off with that, where you have technical knowledge, and then you kind of use that to get an entry to the door.
What about events and participating in meetups while you are studying? As well, was that in any way contributing in landing that job as well?
Fareedah Shaheed: Yeah, so I went into a program called year up and I was having a lot of trouble finding a position that was right for me. And yeah, it, especially because I wasn’t a full-time student, so a lot of the internship programs, you had to have financial aid, you have to be a full-time student.
It was just checklist stuff, the checklist. And I never met any of them. And there was only maybe three or four things that I could meet, but the chances of me getting it was low. And I didn’t know. And so I was searching online, found a program called year up, and it basically takes the young adults and just puts them into the corporate world, kind of bridging the divide between, you know, school and corporate.
And I got into there and I got an internship from that [00:21:00] program and I got into I financial institution and that’s kind of like how I got. So I really got lucky in that sense, because without that, I probably would be doing something else. So without my job that I’m in now, I would have been probably second goal for another five, 10 years.
And then I would have switched because that’s, I want to teach. So I probably would have been teaching something technical. I don’t think I would be where I am today. If I didn’t have the team that saw something in me and said, Hey, you know what, we need somebody who can. To teach cybersecurity who can speak to the audience who can write certain things.
So I’m glad that they saw that in me. And that’s kind of how I went down that path. No, that
Ashish Rajan: is awesome. And that’s a good segue into my last section, which is a fun question section, which I didn’t tell you about and the reason why I didn’t take your mind. So what do you spend most time on when you’re not working on tech or cyberspace?
Legal legends. Legend.
Fareedah Shaheed: Yes. I play a lot on league of legends.
Ashish Rajan: Yes. Yeah. Cool. Good to know. I need to talk to you about games after this. What is something that you’re proud of, but not, [00:22:00] which is not on your social?
Fareedah Shaheed: I think the biggest thing I can be proud of is the amount of growth that I’ve had in such little time.
And it kind of scares me because it means that I’m being prepared for something. Absolutely great. And it, and I didn’t, I was, I have always had some sort of confidence, but, and I’ve always had parents instilling confidence in me, but I grew up in Rio, Saudi Arabia. It was one of the only black, black girls and American girls in the school.
So, you know, you kind of grow up and you feel like, oh, I’m not intelligent. I’m not beautiful. I’m not smart enough. I can’t, I can’t, I can’t. But when I came home, I kinda got that, that mothering thing, that, that space of feeling confident, but I still wasn’t to the point where I could understand my full potential.
And I met this state right now. That I understand deeply my, my fullest potential ever. And it is such a crazy feeling because I know that it will be great. And so I’m proud that I came to it really quickly and I know that means I’m being prepared for something [00:23:00] great. But that’s what I’m most proud of that I haven’t really talked about a lot on social media and I don’t really talk about a lot because.
It’s something that’s very deep and I’m probably going to start talking about it just to kind of give people the journey to where I am and where I’m going to go. Cause I’m still not fully, you know, we, we all got to work so that there, but I’m so proud of that. I’m so proud
Ashish Rajan: of that. Well, cool. No, thanks for sharing.
That’s a great answer. What’s your favorite cuisine or restaurant?
Fareedah Shaheed: Oh, God, I love everything. So I’m going to take two different approaches. So my favorite, because I love all different cuisines. Like just everything under the sun. I love, I mean, my favorite is probably Mediterranean Indian, Chinese. Those are the ones, Caribbean.
Those are the ones that really like, I love Chick-fil-A. Everyone knows. I loved Chick-Filet probably, I had a blog written it’s I’m hackers in heels. And one of the things they said is she talks about Chick-fil-A and league of legends is cybersecurity. And I was like, wow, that’s me just like all wrapped up.
So, and I was like, that’s so crazy. They got it from that like little blog, but yeah. So that’s what I, like. I make homemade. [00:24:00] So I’m re I always say if Gordon Ramsey’s watching this by any chance. Make him the best French rights he’s ever seen in his life or even,
Ashish Rajan: yeah. So the next step off training is to go to on live TV and make French fries, Gordon Ramsay,
Fareedah Shaheed: and I’ll have him critique me.
And I don’t care if he does like it. It’s going to be great. I don’t care.
Ashish Rajan: Just the experience will be amazing. Well, that was what we had time for. And I really appreciate that you spent so much time with us on this. So in a time when the whole COVID thing and all that secure. Kind of becoming more important for a lot of people.
Where can people find you on in Dumfries socials to find out a bit more about honor security or what they could be doing in this brave new world of internet?
Fareedah Shaheed: So you can find me at cyber Frida. So it’s cyber F a R E D H. That’s my Twitter handle. I’m Instagram from there. You’ll be able to go to my website.
You’ll be able to talk to me from there. There’s always all sorts of links.
Ashish Rajan: If you read that and I’ll leave the links in the show notes as well for people to just go in and have a look at, but thank you so much for taking the time. I really appreciate it. Stay safe. Thank you for coming on
Fareedah Shaheed: the show. Thank you for having me.