Incident response: What I learned from a hands-on project | Guest Gamuchirai Muchafa

[00:00:00] Chris Sienko: Today on cyber work. I'm pleased to welcome Gamutri Muchafa of Africa's CyberGirls program. 

[00:00:05] Gamuchirai Muchafa: Cyber Girls is like one of the African slogans. Africa's largest tech mentorship for women and the application process was intense.

Oh my God, it was so intense. 

[00:00:16] Chris Sienko: Gamutri attracted the attention of Infosec's Keatron Evans when she posted her solution to an Infosec Skills project, an incident response problem that required full documentation. Keatron called it "one of the best, if not the best, answers to this problem I've ever seen."

[00:00:31] Gamuchirai Muchafa: you're given a suspicious, IP address and you have to find, the machine which was compromised one of a junior worker, they clicked on a malicious site. downloading a virtual machine, which was wrong.

[00:00:45] Chris Sienko: Gamu walks us through the challenge and her thought process along the way, and reminds listeners of the importance of learning to document your own thought process, not just for your resume, but to truly retain what you're learning. 

Documentation does not only help you to remember things, but it also opens up chances for feedback from others, And I use my LinkedIn to do that, to get feedback from people, connect with people, always remember that Knowledge shared is knowledge gained. Let's talk incident response, today on Cyberwork. 

The IT and cybersecurity job market is thriving. The Bureau of Labor Statistics predicts 377, 500 new IT jobs annually. You need skill and hustle to obtain these jobs, of course, but the good news is that cybersecurity professionals can look forward to extremely competitive salaries. That's why InfoSec has leveraged 20 years of industry experience Drawing from multiple sources to give you, cyber work listeners, an analysis of the most popular and top paying industry certifications.

You can use it to navigate your way to a good paying cyber security career. 

So to get your free copy of our cyber security salary guide ebook, just click the link in the description below. It's right there near the top, just below me. You can't miss it. click the link in the description and download our free cyber security salary guide ebook.

Your cyber security journey starts here. 

Now let's get the show started 

 

[00:02:09] Chris Sienko: Hello and welcome to this week's episode of the cyber work podcast. My guests are a cross section of cybersecurity industry thought leaders. And our goal is to help you learn about cybersecurity trends, how those trends affect the work of infosec professionals, and And leave you with some tips and advice for breaking in or moving up the ladder in the cybersecurity industry. My guest today, Gamuchirai Muchafa is a cybersecurity professional with a passion for incident response. She is a fellow of the Cyber Girls Fellowship, Africa's biggest training and mentorship program for young women. Born in Zimbabwe and raised in South Africa. Gamutri combines her passion for practical hands on work with her innovative approach to solving cyber security challenges.

Her inquisitive nature and deep curiosity drives her to explore the how, why, and where behind threats, constantly seeking to gain more knowledge and break down complex issues to develop effective responses. In her spare time, Gamutri enjoys reading and is a fan of the Big Bang Theory. She also finds peace and serenity in the ocean, which helps her find balance in her busy life. Uh, so I wanted to invite, uh, Gamu on the show today because, uh, I'll, I'll let her explain it to you a little more, but, uh, needless to say, uh, InfoSec's own Keetran Evans was exceedingly, uh, impressed with, with Gamu's skills. And I want to have her, uh, walk you through some of that. So Gamu, thank you so much for joining us today and welcome to CyberWerk. 

[00:03:29] Gamuchirai Muchafa: Thank you so much, Chris.

[00:03:32] Chris Sienko: It's a pleasure to have you. So, uh, so to give our listeners a chance to get to know you a little bit and, and your origins. Could you tell us about the first interests you had in tech and security and how you discovered and joined the cyber girls program?

[00:03:47] Gamuchirai Muchafa: First of all, thank you so much. It's amazing to be here. As you already mentioned, I was born in Zimbabwe and, I was born in Zimbabwe and raised in South Africa. Funny enough, I didn't start out wanting to become a cyber security. I didn't want anything to do with it because I thought, oh heckers, my dream was actually to join the Air Force and become a pilot.

But life took a different turn and financial issues made me put the dream on hold. I ended up working as a healthcare assistant for a short while, which was rewarding too, but not really exciting. Then I got my first, first, first taste of tech through the ALX software engineering program. It was tough. I don't want to lie to you.

It was tough because number one, I didn't have a laptop. So you can only imagine coding without a laptop, how hectic it was. And also I admit, I didn't fully understand how much dedication it would take for me and you know, the commitments and everything. So I had to leave the program, but that experience taught me about resilience.

And later I completed my Harvard CS50. course on introduction to computer science. Then I stumbled on cyber security. Then I got into open source through the all in Africa. Uh, that's when actually I started understanding not through the contribution, though, but When I was doing the CS50 introduction to cyber security, that's when actually cyber security came into my radar.

So last year, November, I learned about the Cyber Girls Fellowship through two of their Cyber Girls alumni, whom I got in touch with and asked them a few questions. And through their response, I was immediately interested. 

Cyber Girls is like one of the African slogans. Africa's largest tech mentorship for women and the application process was intense.

Oh my God, it was so intense. 

We went through four stages. The first one was writing an essay. Uh, second was the exam. You had to pass it over 70%. So the pressure was high. And then third, you had to record, uh, video. Why do you think you're the perfect candidate? And also the last stage was also to prove your identity.

If this person was applying, are you the person who you say you are? It made me push myself. And it also had, it worked on my mindset. I have to say it worked on my mindset. Uh, because already there I could tell that I can't create this because I can't go through. That whole process to just create and cyber goes, honestly, became one.

It became more than just a program to me and still is not just a program. It's a sisterhood that, that you, you, you, you, you guys as a sister, sisters, you face challenges, you grow through them and you celebrate each other's wins and everything. And it also taught me the definition of you and your sister's keeper.

And I made amazing friendship. So yes. That's my whole process on getting into tech.

[00:07:03] Chris Sienko: I want to go back to something you said before and ask you a little bit about it You said that when you first started programming you were programming without a laptop. What were what were you? What were you programming with

[00:07:14] Gamuchirai Muchafa: With my phone.

[00:07:17] Chris Sienko: were you were doing programming with just the phone keypad Wow

[00:07:23] Gamuchirai Muchafa: my phone, with my mobile cell phone. So yes, I would do that. But hence, it was so hectic, I had to quit. I did it like, I think, I enrolled four times. Luckily, they were allowing us So I would defer, come back, defer, come back when, you know, it gets hectic, especially when you're doing C. Then you need to do, you need to use your visual editor, the VM, the VIM.

So it was kind of tricky to use a form. So hence I had to quit.

[00:07:51] Chris Sienko: Wow. Okay. So yeah, that's, uh, but, but that's, that's, that's some determination though. I don't know too many people who, who would even know where to start programming with a cell phone. That's a, that's, that's pretty amazing. So, uh, as you said,

[00:08:02] Gamuchirai Muchafa: Thank you.

[00:08:03] Chris Sienko: we, we, we, we've come to meet you through the cyber girls program.

Can you briefly describe the types of study and hands on projects that you're working on in your cohort of the cyber girls program? What are your, what are your favorite things that you're, you're learning?

[00:08:17] Gamuchirai Muchafa: Hmm. Let me just start using, uh, the CyberGirls Fellowship. You see, on the CyberGirls Fellowship, they have different, like, cyber security sectors. I'm in the SOC.

[00:08:29] Chris Sienko: Okay.

[00:08:30] Gamuchirai Muchafa: enrolled on the SOC analyst. Currently, we're working on our final CyberGhost project with my team. We we are developing an automated incidents detection and response system using open source tools like was you we have been having a lot of challenges.

I don't want to lie to you. It has been crazy. It has been hectic, but my teamwork has been incredible. I have to give them their flowers have been incredible and resilient and we're trying to push through and I believe that By the day of the presentation, we have it, uh, done. Uh, actually the journey of Cyber Girls has come to an end.

We are about tomorrow. I'm writing my final exam. And then this November, I think in two weeks time we are presenting. So the journey has come to an end and also these, this. So I have a goal mantra that I'm actually thinking right now, which goes by I'm knowledgeable, resilient and excellent. I'm a fountain of value and an ardent problem solver.

I'm a voracious learner, so nothing is too difficult for me to master. I'm a doer with genius intellect and I am a cyber girl. So. You know, that whole if you listen to it, it's like you're saying a prayer that keeps us motivated. And I believe that we're all overwhelmed right now, but we're gonna excel this and also outside of me working on that project.

I'm also learning. Digital forensic with the security blue team. It's part of the SAPACO. I have to complete it and write an exam. Uh, the forensic right now, I'm finding it's so fascinating. It's so interesting. I'm very inquisitive. So you can only imagine digging, you know, uh, uncovering evidence and solving problem it's so perfect for me right now and I'm enjoying, I'm enjoying.

So, and. After I've written my final exam, I'm going to be sharing the project that I'm working on. So yeah,

[00:10:28] Chris Sienko: Um, can you talk about some of the, you said that you were, it was, it was a very challenging time right now in terms of you're working on, did you say an, an automated incident response system for, for the SOC? Is that what it is? Could you talk a little bit about some of the challenges of that?

[00:10:43] Gamuchirai Muchafa: uh, so we redeveloping an automated incident detection and response system using was you. So what? What? My team and I were doing. We Having to get our wazoo to work and connect different systems. So on my side, I have to connect my Linux, uh, distros, connect my windows. I'm not using my, my operating system, like my windows.

I'm using a, a, a windows, uh, virtual, uh, virtual machine. So what happens is that every time we connect one of the devices, somehow it gets disconnected. So it's challenging on that because we are not even on stage two. Stage two. We have to use Kali Linux, the Hydra. We need to brute force so that we can get locks, um, logs and alerts on everything that is happening.

We're going to have like all of us. We are five in a team, so we have to have 10 devices connected to the wazoo. Each person have to have. 10 devices connected to the wazoo, which is like your windows and your Linux. And then from our ends, everybody has to do something so that we get different logs and everything.

And we all have to brute force so that we can get, uh, great alerts and, uh, great investigation on it. So far, We had, we, we, we, we had to disconnect it. We had to delete everything. It has just been crazy because the problem is with the dashboard. Every time when you think that you got it right, something comes up, it gets disconnected and we not understanding what is the issue. Why is it getting disconnected?

[00:12:35] Chris Sienko: are on the edge of their seats because I think a lot of them have probably gone through similar things and, and are, are, are cheering from you from the sidelines. But, uh, I, I know that, um, yeah, an awful lot of, uh, especially beginning cybersecurity work is, is exactly that.

Delete everything, start over, reinstall, don't know why it's still kicking you out. Uh, and just trial and erroring it until one day it stays on. So I wish you luck with that. That sounds really amazing. And, and yeah, we might have you come back to talk about your findings at the end of it there. But, uh, so as I previewed at the start of the podcast, um, we're talking today because you submitted a solution to an incident response problem, and shared it with InfoSec's VP of Portfolio Project Strategy and Cybersecurity Instructor, Keetran Evans, uh, over on LinkedIn.

So Keetran, uh, is. Not unknown to InfoSec listeners. He's one of our, our favorite, uh, instructors and now sort of runs all of the education programs. Uh, he replied to your, um, uh, you know, your, your note on LinkedIn that it was one of the very best and possibly the best solution he'd ever seen for this type of problem.

So we really wanted to have you on so that you could talk us through the process of how you did this. So, um, we have a share screen function here. Uh, Gavin, could you show our listeners? little bit about the original problem and then walk us through your problem solving thought process in solving this, uh, incident response problem.

So, uh, once you, once you share your screen and we can take a look together.

[00:14:06] Gamuchirai Muchafa: so much for bringing that up. It feels so surreal to be, uh, Being commented by one of the best because, you know, he's like, I don't want to lie. It was really amazing. I'm going to share my screen.

Can you see my screen? Yes. Okay, this is the questionnaire that we got. Uh, you're given a scenario. This is the scenario above.

And this is the course that I took. You first have to go through before you even, um, able to do the, the whole process. This is the course through the InfoSec skills. Um, you get different things. And then this is the course place, the incidents response project course. Um, my finding here it is my findings, so I had to, you know, as you know, I, I believe.

Everybody in school does that in wait, like in my old school, what you do, you have to make sure that you answer every question in proof details. So what I did was initially to copy the scenario so that whomever when I share it, whomever is going to read on, this will understand where the project is about.

So I shared the, the, the, the, the scenario, but in, in like switching to my own words somehow, but not entirely. Um, you're asked, like 

you're given a suspicious, 

uh, 

IP address and you have to find, 

uh, the, the, the, if I'm correct, the virtual machine, no, no, no, the, 

the machine which was compromised 

is, uh, 

one of a junior worker, they clicked on a malicious site.

Uh, 

downloading a virtual machine, which was wrong. 

I did my network analysis through Wazuu. I monitored every packet until I got the, the, the, the, the IP address and the logins through using my Wireshark. And then through the Wireshark, I was able to get more details. More than that. I found the destination IP, the source IP of the, the.

The malicious site and the malicious virtual box we come from and come to be and one of the things that Mr. Ketron emphasized on which I love the most, I didn't know you were able to do, is you're able to extract, uh, malicious document from the Wireshark, which also shows the power of Wireshark on its own.

I never knew you can able to do that. Here's the finding of it. I was able to extract the document, which I did analysis on using digital forensic and Actually, we used a tool called Virtality. So, you, you, you scan the Virtality, you do net scan, you need to find what is inside. You, you go in, like I wasn't able to go through every command of it, but I use Virtality.

It is a powerful tool. You're able to find more and he also emphasized on if you are unable to, to, to know every like every detail on how to use a fertility. Normally ask fertility, fertility slash age. It will give you all the, um, The command, how to use it, the, the, the extended version of it, like extended commands on it, which I did.

And it was so fun because then also it is also fun right now as I'm currently doing digital forensic, as I emphasize. And then I did a pro, uh, pro, uh, pro dump on it. Vitality. Uh, we did, you first use Zeke and then Vitality and then To get the real data of it and There's something there's a word that is missing in my mind.

I'm sorry. Uh, oh my god. What is the word? The word just it just finished. I'm so sorry for that. But yeah, with Fortality you're able to get more than just, um, the raw data. You're able to get the, the ports where, you know, you're able to also say, okay, on this port, give me what was happening. Give me the results.

Uh, uh, Uh, share with me like where did the give me the mother? These? Um, what happens with directory? There is a child is a mother. There is a parent, you know, all those things you're able to dig deeper to get information because you can't just go surface space. You have to go deeper. You have to know where did the problem start?

How did it go? Which system did it affect? Uh, how did they handle? Did it spread? What was the the initial, um, malware supposed to do? Uh, did it do what it was supposed to do, you know? And then how do you also now remove it from your system without affecting, you know, even when you go and search on What is the malicious, um, quote supposed to do?

You have to do it very safely. You have to use sandbox, which he also emphasized. And then he says something about you. Also, you have to go search on Wireshark. No, sorry, not Wireshark virus total. But be careful when you share such documentation, especially if you're working for an organization to not share too much as you might expose the virus.

the organization's data. So that's what I learned from the whole process, which was so amazing because some of the things you're like, Oh my God, I was not aware of this. I was not awake. So the project on its own, give me insight of the whole process. As I said, Give me insight on you're able to extract malicious file from my shop, which I didn't know you're able to do.

I just knew how to monitor locks. So already that is an added experience using volatility. You know, the power of fatality when I was using it. It was so far. It's fast and it's fun to dig with. And I'm currently going to also have to go back and redo it because I'm still in the process. I wouldn't say I understand it fully.

But I understood it when he was explaining every time when I was stuck, I'll go back to the project and Listen again to what he said. Listen, listen, because he shares profound message on it.

[00:20:27] Chris Sienko: what I was going to ask you about because I remember when we first talked to you said, uh, that the thing that really helped you come through was that you, you said, you know, just keep reading the instructions, make sure. Cause there's a lot, there's a lot, you know, coiled within there. And it sounds like you really, Understood the assignment in terms of you. If you were confused, you just went back and he said, all the clues are there basically, and all the, all the things you need to do. So, um, you know, based on the feedback that you got from, from Keatron and from your own experiences, uh, can you give any sort of advice to other cybersecurity students? About the best methods of approaching problems like these in your studies.

Like what, what, what incident response advice would you give based on this uh, particular, um, this particular exercise that you did?

[00:21:15] Gamuchirai Muchafa: My biggest advice, uh, and also a lesson to myself is always document everything. Make sure that you listen and don't be afraid to ask questions because I'm one of those people I'll ask questions before you ask question. Don't jump to asking people question. Ask yourself if you're able to prove as I said with the incidence, incidence response.

Course what I did every time was to go back and listen to what he's saying because there's a thing of you Listen too quick to apply and listen not to understand So what I did was every time i'll go and listen to understand, you know, i'll discover. Oh my god The first time I listened to this I didn't understand this the more i'll go back to listening to what he's saying The more I learn and then i'll search on i'll go on.

Um On youtube youtube is my Best right now, I search on everything, go on YouTube, search, how can this problem be solved? How, how can this work? Listen to another person, what advice they have to say and everything, and learn how, uh, learn the importance of writing things down, even if they seem very small.

[00:22:23] Chris Sienko: Documentation does not only help you to remember things, but it also opens up chances for feedback from others, 

[00:22:29] Gamuchirai Muchafa: like I got feedback, which, which can be very valuable. For some people, they think, you know, when you're documenting, you're using it for getting a job. Yes, it's going to be helpful, but sometimes it also shows the, the, the, the, the hard work that you apply.

It also gives you the, the, the, the, the opportunity to get criticism, get feedback, you know, criticism in the sense of somebody will come and be like, you could have done this better. You can have done that. 

[00:23:00] Chris Sienko: And I use my LinkedIn to do that, to get feedback from people, connect with people, 

[00:23:06] Gamuchirai Muchafa: get a different suggestion and get support and also people saying, wow, thank you so much for sharing this and 

[00:23:13] Chris Sienko: always remember that 

[00:23:14] Gamuchirai Muchafa: knowledge 

[00:23:15] Chris Sienko: Knowledge shared is knowledge gained.

[00:23:18] Gamuchirai Muchafa: So writing things down does not only, it doesn't only help you to explain the concept more clearly, but it also helps you with the skill. It actually is a skill you keep improving over time. So yes.

[00:23:31] Chris Sienko: I agree completely. There, there's a lot, there's a lot to, a lot to sort of emphasize in there. Uh, Gamu, that's, that's very, very wise. Um, I want to also just, yeah, point out or reemphasize, as you said, uh, from. You know, as, as students who not have yet a lot of job experience, uh, documenting your thought process in your work.

We hear this all the time from people who hire that they want to see how you're, how you're thinking through a problem. They don't care if you're able to, uh, necessarily, if you're able to solve a big problem, but they want to at least see your thought process because that's, that's what they're hiring.

They're hiring your, Your problem solving skills. They're not hiring a, you know, as much a degree or, or a piece of paper. They want to know, uh, what your skills have taught you. And, and I think also that's a really great piece of advice about getting criticism. We had a recent guest on, uh, named Paige Hanson, whose best piece of career advice was. Uh, she said, quote, treat feedback like a gift, uh, which I thought was very profound. And, and I, I'm glad to see that that's, uh, already also in your toolbox as well, because it's, it's very hard to, evolve and improve your skills. If you're not willing to take criticism about things that could be improved.

And so by, by knowing that early on, I think that's a very good sign and very exciting. So, uh, I really appreciated hearing that. So, um, as we wrap up today, again, what are your plans after you complete this cohort of cyber girls? Like what do you see for yourself as a cybersecurity and incident response professional over the next few years?

[00:25:09] Gamuchirai Muchafa: With the cyber goes already coming to an end. My next step is to lend of definitely an entry role, uh, entry level role and put my skills to work. I'm skilled in phishing analysis, threat intelligence, threat detection, some monitoring the security information, event management, monitoring digital forensic and incidents response.

So I feel like I'm ready for that entry, uh, entry level role. And where do I see myself in the future? Wow, that's interesting. Looking down the road, uh, I would love to become a security operation manager because I believe that I have great leadership skills. So leading a team is something I believe I'll do well.

And I want to make big impact also as, um, as already I learned the skill of documenting. So I believe that that skill will help in developing and implementing a crisis communication plan. developing and implementing security policies and procedure and also providing technical guidance and reporting to the chief information security officer to name a few.

And also my goal is not just to become a sock manager. My goal is also to raise more awareness about digital security, especially since A. I. And tech is becoming more part of our everyday life and is becoming Something that is also scary on its own. So educating people on topics like deep fake, which is like one of the crisis that is going on.

I don't know if you heard, they released an open source tool on deep fake, which is so crazy because Anybody can use it and teaching people how could how they can protect themselves in the future, especially as the Internet is becoming more accessible to young kids. So you can only imagine I can be tech smart and have my sibling, my young sister.

You know, use my phone and click already. I'm compromised. So having, uh, having a security become our everyday life, not only to adults, but to children to be aware, you know, getting it in TV production, getting it on radio, making it our everyday speech. And, you know, I think it will help, you know, if children, I believe if you teach children very young, they become very wise when they grow up.

And since they are on social media, why not teach them, give them content that has to do also with security, you know, let them be aware of such things. And also, you know, If such things were to happen, let them not shy away from being afraid because I think fear when it comes to security, there's a sense of fear when you're compromised, you're unable to report because now you're so ashamed.

Why was I not so smart and everything? So as making it a talk, it opens doors. That people will not be compromised. Not much. I think if we talk about it, it's not gonna make a great, great impact, I believe, and also organizations, you know, so yeah, and also a lot of speaking engagement are allowed to attend event and share my opinions on matters.

So definitely suck. Analysts suck manager. Uh, Creating content that is relatable, security, awareness and speaking engagement.

[00:28:31] Chris Sienko: it. Now, you, you should definitely go to some, uh, uh, some, some, some live events. I believe people are really gonna, uh, enjoy talking with you. Uh, you're, you're very, uh, charismatic and, and, and very eloquent in your, um, explanations of your, of your thought process. I, I, I'm sure. Uh. People will love to meet you.

So to that end, as we wrap up today, um, can our listeners get in touch with you if they want to connect? I know you have a LinkedIn page cause that's how we met, but, uh, do you have any, uh, information on if people want to connect and, and, and exchange information with you, should they? Go to your LinkedIn page or give other places you'd rather have them go.

[00:29:08] Gamuchirai Muchafa: Definitely, I love to also connect on LinkedIn where I share my journey regularly. I'm also working on, uh, I don't know if I should say a podcast or, uh, something, but it's on creating security content. I'm using YouTube, Facebook. Facebook was the main main platform that I wanted to work on as Facebook has been like for me, uh, alarming site of scammers, TikTok, Spotify, Buzzsprout.

And I'm making security tips easy for everyone using simple jargons. And I'm trying to. Involve a visual, uh, I have already released to two episodes, but they're not so good. But yeah, I'm proud to get started. I'm also on medium

[00:29:56] Chris Sienko: Good.

[00:29:57] Gamuchirai Muchafa: and get help as well where I post my, my beginner friendly resources and project.

So yes,

[00:30:03] Chris Sienko: Well,

[00:30:04] Gamuchirai Muchafa: you can connect me with the

[00:30:06] Chris Sienko: we're, I'll get those links from you after the episode and we'll, we'll put them up at the episode description. So people can, can find out about all the things you're doing. You're doing so many things. This is really exciting. So, uh, as we wrap up today, thank you so much for your time and insights.

Uh, again, it was, it was so much fun to speak to you. I really appreciate it.

[00:30:22] Gamuchirai Muchafa: yes. Thank you so much. Can I just share one last thing? Um, I'm kindly asking to the viewers and whomever to kindly support on Sabah Girl Fellowship as, uh, your support is, uh, your support will go a long way. You're not just only supporting, but you're changing somebody's life for the better. So we're asking for donation.

It is an amazing program that helps women across Africa get into tech, and it's truly life changing. I heard one, uh, this, this. Saying that says, if you educate a woman, you have educated the entire generation. And would it be, wouldn't it be amazing to have more women in tech and get rid of the gender inequality, you know?

So please your support, please support this journey. This is a great opportunity for people like myself. It gets us in the tech world. It gets our voices out there. So thank you to whomever is going to support and everything.

[00:31:21] Chris Sienko: Yeah. If you haven't seen, uh, folks who are on LinkedIn, go check out the Cyber Girls Foundations. They have a video explaining that they've had, they've run into some, some funding issues and, and are definitely looking for support. So I hope you'll go check that out as well. so as we wrap up today, I just want to thank everyone who watches, listens, and writes into cyber work, the podcast with feedback.

If you have any topics you'd like us to cover or guests you'd like to see on the show, just drop them in the comments and we'll do our best to get them for you. So before we go, don't forget infosecinstitute. com. It's a place where you can get a whole bunch of free and exclusive stuff for cyber work listeners.

You can learn about InfoSec's new career immersives, which can take you from complete beginner to job ready in six months time by a combination of live instruction, hands on practice, and personalized career coaching that can fit into any schedule. InfoSecInstitute. com is still the best place to go for your free cybersecurity talent development playbook. You'll find our in depth training plans and strategies for the 12 most common security roles Including SOC analyst. There you go. Penetration tester, cloud security engineer, information risk analyst,

[00:32:26] Gamuchirai Muchafa: much.

[00:32:30] Chris Sienko: One more time, that's infosecinstitute. com slash free, and the link is in the description below. more time, thank you so much to Gamuchirai Muchafa, and thank you all for watching and listening. This is Chris Senko signing off. Until next time, keep learning, keep developing, keep evolving. Don't be afraid to take criticism and feedback, and don't forget to have a little fun while you're doing it. Bye for now.