×

DevOps Institute

[EP52] Science to Security with Farshad Abasi, CSO

DevSecOps and Cybersecurity, Humans of DevOps

September 27, 2021

On this episode of the Humans of DevOps, Jason Baum is joined by Farshad Abasi, Chief Security Officer at Forward Security. They discuss building his own videogames, how he went from being a biology major to a security professional, creating an eCommerce platform from scratch + more!

Farshad Abasi is an innovative technologist with over twenty-five years of experience in software design and development, network and system architecture, cybersecurity, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last eighteen years. He started Forward Security in 2018, with a mission to provide world-class information security services, particularly in the Application and Cloud security domains. Prior to creating Forward, he was a senior member of HSBC Group’s IT Security team with the most recent positions being the Principal Global Security Architect, and Head of IT Security of the Canadian division. Farshad is continuing an eighteen-year stint as an instructor at BCIT where he shares his passion for information and network security, helping others build a career in this exciting field. He is also the security correspondent for CFAX radio, BSides Vancouver/MARS board member, Vancouver OWASP chapter lead, a CISSP designate, and a UBC CS alumnus.

The lightly edited transcript can be found below.

Narrator 00:02
You’re listening to the humans of DevOps podcast, a podcast focused on advancing the humans of DevOps through skills, knowledge, ideas, and learning, or the SKIL framework.

Farshad Abasi 00:16
My boss was like, Oh, great, you can work on a similar thing. We worked on an intelligent ADSL piece of hardware called a D slab. And I got assigned to work on authentication and authorization, those kinds of pieces. So, somehow that wrote on my forehead that Farshad like security, I don’t even know it. And they just kept assigning me to these things.

Jason Baum 00:35
Hey, everyone, it’s Jason Baum, Director of membership at DevOps Institute, and this is the Humans of DevOps podcast. Welcome back to this week’s show. Today, I’m excited to talk to Farshad Abasi. Farshad is an innovative technologist with over 25 years of experience in software design and development, network and system architecture, cybersecurity, management and technical instruction. With a keen interest in security from the start. He’s become an expert in that aspect of computing and communication over the last 18 years. He started his own company forward security in 2018, with a mission to provide world-class information security services, particularly in the application and cloud security domains. Prior to creating forward, he’s a senior member of hspcs Group’s IT security team, with the most recent position being the principal global security architect and head of IT security of the Canadian Division. He’s continuing an 18 year stint as an instructor at BCIT, where he shares his passion for information in network security, helping others build a career in this exciting field. And he also is a security correspondent for Ceefax radio, besides Vancouver, Mars board member, Vancouver OWASP chapter lead a CISSP. And he’s a UBC CS alumnus. That’s a lot Farshad a lot. I never sleep, that he was just gonna ask when do you sleep?

Farshad Abasi 02:02
Rarely who needs sleep? Right? No, no, y’all need sleep? Six hours of minimum.

Jason Baum 02:06
All right. Well, welcome to the podcast, I’m gonna make you follow me around. And I’m going to give you my bios read when I walk in a room. It’s gonna be very short, don’t worry. Here’s Jason, thank you so much for joining us on the podcast and taking a few minutes out of this incredibly busy schedule that you have for yourself. My pleasure. And are you ready to get human? Let’s do it. All right, awesome. So where to begin? When when you have the resume that you do, other than let’s say, how did this all start for you? Like, where did Farshad Abasi say in his life? I’m going to go out on this courier adventure.

Farshad Abasi 02:49
Yeah, you know, it’s a, it’s a lot of it is just sort of happened by chance. And I guess, you know, also, sometimes it’s sort of like, I didn’t really plan it. opportunity was there. And then I had a knack for it. And it just sort of fell into place. And it all started with, you know, when I was a teenager, I think it was like 12 or 13 years old. My dad went to the UK and came back home with the President and it was a eight bit computer was a Sinclair’s that x spectrum 48 kilobytes of RAM. And he brought it home, except he didn’t bring any games. You know, we lived in Iran at the time. And, you know, the censorship Department took away the game. So they’re like, Well, you know, sorry, these you can’t bring the content, we got to go through the review. So the games got stuck in a censorship department and the Iranian government. So I got this computer with nothing, no games. So while we were waiting for the games to be released, which took months, they eventually released the games to us, but it took months. But in that time, I was like, Hey, I’m the shiny computer, I need to do stuff with it. And you know, it came all computers back in the day, they came with a book that it had, you know, the guide to basic programming languages and had examples, right. It was lots of code examples. My dad had also brought up magazine, no, the magazines back in the day, they would always publish sample code, right? It was common, you’d pick up a magazine, it’s like, oh, here’s a bunch of code snippets. If you write this, it’ll make XYZ. So I remember my dad and I sat one night and typed a bunch of code from either one of the books or the magazines that came with the computer. And it was, I think, was a chess game or was a clock or something. Yeah, I think was a clock. So we wrote that and I’m like, this is super cool. Programming is neat. I just made a clock and then I’m like, Okay, now I want to make a game like Pac-Man. So I started learning the basic book that it came with and figured out you know, how you make little characters that you can move around and how you can you know, do collision detection and how you can create a map and how you could walk around and hit the walls of detected the wall and all that kind of stuff. And no, I wrote my own little PacMan thing. It wasn’t very glamorous, but character moved and it was paths and all that type of stuff. And, you know, that really developed a passion and I thought this is super cool. So every day I would come home from school, every other kid would go to the street and play whatever they were doing. I come home right away, and just like sit behind that computer. You know, like go home at 330 Beyond that from that computer till eight nine parents are like Aren’t you gonna do some homework? You know, so then homework would be stuff that I did till like midnight, and sometimes I stay up late, you know, and my parents were, I was fortunate enough that they would let me do what I wanted, they knew that I was a responsible kid. So you know, I mean, I could play on my computer, as long as I wanted to, they knew that I would stay up as late as it took to finish the homework, right? Because I would do it. And then and that was really good. They provided me that with that freedom to explore and learn, and I had lots of space and time to do that. And yet doing it responsibly, right, like, and not getting lost in the computers, and just completely forgetting about school. It did impact school a bit, I think, you know, my grades did go down a bit, because I wasn’t studying as much but I mean, it did really help me in the long term. I mean, I’m where I am, because of those experiences, essentially. And, and so yeah, I mean, I know, I started writing games and doing all that kind of stuff. Next thing I knew I, I loved video games, and really got into that world. And then I developed a passion for also for 3d design, right? Like, at the time, everything was really basic, they’re all wireframes. But I just got super fascinated with, you know, how vector graphics work and how 3d programming works and all that stuff. And I started, you know, getting 3d software and doing 3d modeling and, and really like diving into it. So between trying to, you know, write some stuff, and then figuring out some 3d work and getting into video games, I had no free time. But I never thought that would become a career because I just loved computers so much in my, in my mind, I was like, I can’t imagine myself going to work for eight hours a day, doing computer stuff, and then coming home, and then doing more computer stuff. Like I just thought that that life would be not great. So in my mind, I was like, you know, I’m gonna pick a different career that has nothing to do with computers. So it doesn’t ruin my passion for computing. Right? So to me that was becoming a doctor, I thought, hey, great, you know, you know, I always wanted to be a doctor, my parents encouraged me to be a doctor, it sounds like a really cool thing. I liked life sciences. And actually, you know, quite enjoyed that as well. And so I went into got my biology degree, you know, specializes in animal physiology. You know, as a result, I know lots and lots about biology, virology and

Jason Baum 06:56
microbiology where you’re going to be a veterinarian is

Farshad Abasi 06:58
no, no, I wanted to be a human doctor. Okay. But it was easier to go into the animal route like the animal physiology was easier to get accepted into, then the human physiology, right, like human physiology, I think they only took like 10 people every year into that program. And, you know, my grades weren’t high enough to get into that program. So I went with the second-best option, but it was cool. Like, I mean, you know, I took courses on you know, virology and microbiology and organic you know, right now and there are all these conversations going on about COVID and stuff and I’m like, yep, took courses on retroviruses. I know exactly all that stuff works. I you know, I

Jason Baum 07:32
I haven’t good, we need to talk

Farshad Abasi 07:34
about DNA and mRNA. All that kind of stuff. I know how I got a degree in it. Right. But am I using it every day aside from deciphering what’s going on in the news? Probably not, right. I mean, it career-wise, that would have probably not landed me a job, where I have the opportunities that I have right now.

Jason Baum 07:50
And they didn’t really stress like, like video games, when they were out early on. It wasn’t like this is like a career future. I don’t think many people thought of it as the future path it became. I don’t think anybody thought of it that way. And the ones who did were really smart.

Farshad Abasi 08:08
It was a fairly young industry, it wasn’t very well established. People were just two, three people were writing games on the side of their desks at home, most of the, like, the really famous games were written by two, three, a team of four, one guy did all the coding, one guy did all the music, one guy did graphics, one guy put it together, you know, and then you had like Sim City, you had like massive games that were written by really small teams, and they were just doing it in their garage and home and all that now you got a company with a team of 100 that’s working on a release. Like it’s very proud. You know, it’s corporate ties. You know, it’s made manufactured back in the day, it wasn’t like that at all right?

Jason Baum 08:40
Yeah. And you could tell to like the Rockstar Games now. It’s like, my goodness, there must be a million people working on this thing. Yeah.

Farshad Abasi 08:47
And my friends have gone into Rockstar and those companies are already on there now like considered like seat super senior in their field, right? Because all these people that are completely new to the field, they never got to experience what was happening back in that, you know, 2030 years ago, essentially.

Jason Baum 09:01
Well, like those early rock stars that that early Grand Theft Auto was like such a basic, basic game. Yeah. And it just evolved. It’s

Farshad Abasi 09:08
just it was so fun. I mean, yeah, it was 2d open. Oh, top-level view. It was so fun. I I have Grand Theft Auto four and five. I couldn’t I think when I bought the last one. I played it for 30 minutes. I’m like, Oh, it’s so complicated.

Jason Baum 09:22
And there was in real-time it’s like you need to actually give up your life to live to go do this. Yeah. That long. Like there was the New York City one and I live here like to drive from new like basically the new year the Vice City over to New Jersey, I do this drive normally I don’t want to do this in a game in like real-time. So that’s so funny. Well, so So then as the 13-year-old kid going on doing life sciences you know, starting to become a doctor. What how did that how did you then get to the next step which was you know, eventually going into the field that you did

Farshad Abasi 09:58
get? I think it was partly luck, right? Like I think in life, life is always part like part hard work part making decisions, right? It’s, it’s, it’s never like so essentially with me, what happened is I, you know, my plan was to go to life sciences have my full-time job that has nothing to do with computers so I can come home and I can enjoy computers. But what happened is, you know, in the late 90s, it was that.com, boom, right? And without even having, you know, education and computer science, I was getting job offers, like, hey, you know how to program come in, make X money and do programming, like programmers were super demand, and everyone wanted to build something. But I took so what happened is I applied to medical school, and I think my grade point average was like, 83%, or something like that. It wasn’t bad. It was more than what they wanted. But you know, I got this letter saying, Oh, thank you for applying. There were dozens of people that had way higher marks, I think like they had people that were applying with, like, 95% grade point average. So I’m like, okay, you know, sure your minimum entry is like 73. And I’ve got like, 10 points over your minimum entry. But then there’s if there’s a line of people, and you’re only taking, I think they only took like 120 people a year or something like that if you’re taking that new people on designing people with 90 Plus grade point averages, then yeah, you know, so then they said, try again later. And then the way it worked is you could apply three years in a row until they didn’t accept your application. So a lot of people, the first time that we get rejected, it was pretty common. And then they would go and take some general courses and spend a year or maybe just go work a part-time job and apply the second year. And one of my, you know, closest friends, he did that. So he was like, You know what, I’m going to take a year off, I’ll go work in a restaurant and then come back and apply, you know, and try again, right? I was kind of like, you know, what, maybe this isn’t for me, maybe I need to consider computer science, because I’m like, Okay, I didn’t get into the medical school. And you know, I got good grades, but not as, you know, as crazy as some of the other people that are applying. But look, there’s this.com thing happening. And there are good-paying jobs right now. So my friend was like, okay, don’t go get that good paying job right now, go get a computer science degree, and you’ll get even a better paying job, because you already have the background. So if you have the backup with the education, and you know this, you already know how to program, you could go get a job, maybe it’ll pay you 50k. But if you don’t get the comm site degree, it’ll pay 60k. It’ll pay 75k. And it’ll open a lot more doors. So I took his advice. And I’m glad I did. And what I did is I went back to the UPC, and I said, Hey, I got this biology degree. What can I do with this? I want to do comm site. They’re like, well, we don’t have a lot of universities have a second-degree option, you can get like a major, major-minor. They’re like, No, we don’t really have that you have to go get a complete second degree, like go back and do campsite. And I’m like, Okay, now, by the way, they have that, like UBC now has a program where if you have an existing degree, you can go back for 18 months and get a campsite degree. But at the time, this was in the late 90s, that didn’t exist. So I thought, Oh, my God, four more years of university, but I was lucky. They looked at the courses that I take in and half of the courses were in math, or something to do with math or whatever. So that like, oh, well, you actually have taken 60 Out of the 120 credits that we need, you’ve taken half of it already in your first degree, those were all transfer. So I didn’t have to do any of that. I just took the core comm site courses. And then I was also lucky because all the core comm site stuff, you know, I already had a background in it already. Or she was so passionate that I learned really quickly. So I essentially went back for about 18 months, it was almost two years. And I just did the condensed, like I took everything as fast as I could and got the second degree. And then I didn’t have to wait to finish to have a job while I was partway through getting the degree. You know, it was again, it was the.com era, right? So I was working at a retail company, it was a sort of a Canadian retail chain, kind of like Best Buy was our version of Best Buy. And I was working in sales, right? Like, I needed money to pay for university, they had a computer division. I’m like, Hey, I get to work. And even through high school, I always worked at computer game stores because love games, if I’m working in the computer store, I get a discount on the games and on the computers, right? So got myself a job at Best Buy and, and was or sorry, not Best Buy. It was called AMD sound. And in sales, but then they’re like, wait a minute, aren’t you going to university and for calm? sigh we need a website built? Do you want to come and work in head office and build our website? Right? Well, what they meant by the website was eCommerce platform like the owner had no idea. This was like a 96. You know, I had no idea what’s the difference between a web page and a platform where you can sell stuff online, right? And these guys were an electronics retailer. They sold, you know, electronic equipment, they sold music, CDs, DVDs, all that type of stuff. So we came to the job, the owner of the company says, Hey, so is that website ready? Are you selling CDs online yet? I’m like, no idea. Like this is 96. Like we don’t have payment gateways, how am I going to take credit cards online? You don’t even have a web server, like I have to write a shopping cart, like where am I going to get those things? Right? So I’m like, give me two months. And you know, maybe you’ll have something so I basically had to figure out how to learn how to do you know, web programming, like I built static web pages, but I never built a web application so quickly picked up like, you know, everyone was writing web applications in Perl was a combination of Perl. JavaScript had just come out they were using it for some front-end stuff. And you know, PHP wasn’t there yet. You know, and all that kind of stuff. So I was like, Okay, I’m gonna learn Perl learn Perl in two weeks. I wrote all the framework skeleton within a month I had like, wrote my own shopping cart. Um, you know, they didn’t have a budget for like a database either, right? I said to my boss. Hey, What about databases like, well, we only budget for one server, it’s gonna be a shared server, you have to figure the rest of it out. I’m like, Okay, well, I just came, I just graduated from comm sigh. And I just took all these courses about algorithms and search trees and optimization, what I just write my own. So I just wrote, like, I’d learned about, you know, red black trees and index sorting, and blah, blah, blah, I’m like, I’m going to take some of that knowledge and apply it. So I wrote, I got them to dump all their product catalogs, in a sorted way, right, like sorted by index, which is how databases work. They’ve got a, you pick the column, you want to sort on an index, and they sorted internally and optimize it. So I just emulated that they went to their mainframe, they’ve dumped their product database sorted by, you know, by, by the product barcode, as well as by artists and title if it was music, or making model if it was other stuff, right. So now I had a bunch of large sort of text files. And I wrote my own binary search algorithm that just basically did a quick search, and I wrote a search module. And then I’m like, Okay, well, I need a shopping cart. Again, it was like, well, there were no Pearl shopping cart modules. So figured out how that works and wrote some shopping carts. And within two months, I had an online store, put up for them and learn everything there was about you know, web, CGI, web programming, and, you know, databases, and then my boss was like, Okay, well, now we have a bit of a budget, we can get your second server. So then they got me SQL Server, when I was like, oh, I gotta learn all this stuff, which was super cool. So I’m excited. So I migrated everything into SQL Server had to learn how Windows servers work, I had no idea how that stuff worked. And there’s all of it was really good, because it was all brand new. So I was always put in these positions that required me to figure these new things out and implement them. And I love to make

Jason Baum 16:35
it up as you go. Yeah, reinventing it, or not reinventing, inventing it.

Farshad Abasi 16:40
Nowadays, like you want to do that what I did, like, I just go download these node modules. And as a shopping cart plugin for whatever plugin, you can just put it together in five minutes, right?

16:51
Are you looking to get DevOps certified? Demonstrate your DevOps knowledge and advance your career with a certification from DevOps Institute, get certified in DevOps leader, SRE or dev SEC ops, just to name a few. Learn anywhere, anytime. The choice is yours. Choose to get certified through our vast partner network self-study programs, or our new skill of elearning videos. The exams are developed in collaboration with industry thought leaders, and subject matter experts in the DevOps space. Learn more at DevOps institute.com/certifications.

Jason Baum 17:22
Well, this is like pre-eBay, right? I mean, this is like eBay just start. Just started and I mean, pre Amazon, for sure.

Farshad Abasi 17:30
I’m just gonna just start as long as I was a

Jason Baum 17:31
bookstore. Yeah,

Farshad Abasi 17:33
I actually, I actually got it. So it was a bookstore, and we were emulating, so I was watching them really closely. I’m like, Okay, how do they doing this? How do they doing that? Because I’m trying to build an E commerce platform too. Right. So I’ve tried to mimic their flows and their ideas, you know, why reinvent the wheel, right. But to your point, like, Amazon was brand new, all that stuff was brand new. So super exciting. We’re all learning at the time, right? And then, and funny. Funny note on Amazon, too. I actually had a job offer from Amazon, in like, 2000. When was it was 2001. I was working at a startup, you know, we did our own startup during.com. We were trying to build Netflix, essentially, like if our startup hadn’t gone belly up, we would, we would have had what Netflix has today. Like we had our own streaming client backend server load balancers, we had a licensing media division, we’ve been licensed content from Hollywood, it all was going really well. And then.com blew up. And then we didn’t have we went public at the wrong time. Didn’t have bridge financing, you know, carried the company through for three months without funding. And then we had, everyone had to know, basically go and find out their jobs. So I interview a buddy of mine had gone to Seattle worked in Amazon. So I went down there had to interview and it was for the position of building their Amazon store. So at the time that I Yeah, you know, you were a bookstore, but we’re looking at selling everything. So the position you’re applying for is to help us build that thing. The modules and things that can, you know, allow us to sell other things other than books. I went through the interview process, but it was there were two problems. When they got the job offer. It was $10,000 less than what Intel offered me like Uber so I’m like, You know what, I don’t have to move. I don’t want to move. I’m like love Vancouver is one of the best places Seattle is great. I go there all the time. But I don’t want to move and they’re paying me higher. So I took the Intel job. But in retrospect, Amazon job would have made me a millionaire because my friends that stayed there I mean the stock options were crazy in 2001 Can you imagine and Intel they close the shop so two years working in Intel here. They close this office late every off

Jason Baum 19:21
this could have been you could have been Netflix or you could have been on the early part of Amazon. You’re an almost millionaire

Farshad Abasi 19:29
never too late. We’re doing our own startup right now in cybersecurity and that’s doing really well. So this is my this is my third chance and as they say, you know sometimes you got to do three times before you hit the goal right so

Jason Baum 19:40
yeah, but like you said, I mean life is just a series of events that happen and it just kind of like where you are when you are it’s just kind of all happens all at once but the continuous learning for you, I think great I mean, it’s that seems to be the central theme here is you mean at 13 You are learning you want a video game Jill, you built your own that You know, when you were in college or just getting out of college during the.com, boom, you kind of took advantage of that and got the job building, essentially was a shopping cart in a time when that was not really. I mean, now, it’s so funny to think now of that not exist. It’s I mean, it’s so much progress has been made over the past. I mean, forget, 20 years, 10 years, with that piece of it that now like retail sales are, are so much online at this point where there if you go to an ad, I mean, I do a lot of like, retail, do a retail podcast, where they actually drive you online now to buy rather than even when you’re in the store. So it’s, hard to think about that not even being being here.

Farshad Abasi 20:43
Yeah, totally. And we take things for granted. Like right now you can go build an online shopping app, you just use the stripe payment gateway, there is an API not seconds, you can configure it, there was a payment gateway, we had to figure out. Okay, we’re gonna take these Visa, MasterCard orders, what are we going to do with them? So I could write like, a custom there was like a company that approached us like, Okay, we have, we’ve created reverse-engineered the protocol that’s used in the credit card swipe machines, because usually that when you go to the stores, they dial-up, right, they got a modem, and it’s in Canada, there’s a trans select as a company that offers it into the goddess specific protocol. So this company from Calgary came to us is that we’ve reverse-engineered that protocol. So if you have a modem in your computer, we have a little driver, so you could use our driver, and then it’ll emulate that card swipe. So from your web application, it would then call the modem driver, and then it would dial-up and then do the same thing that it translates, you know, machine we do, and then commit the track card transactions that way. So there’s a lot of like, makeshift ideas until, you know, I think PCI and all that kind of stuff got solidified in late 90s, the payment in Canada, IBM and Royal Bank work together on the first payment gateway that was launched in 98. Around that time, but that was after like, we were building the stuff in 9697. So we had to figure out what do we do until those things are made? Well, the banks didn’t have a payment gateway. So what do we do until there’s, you know, a web payment gateway available? So we had to come up with stopgap solutions and learn a lot by doing that. Right. And yeah, grateful for those experiences for sure.

Jason Baum 22:03
So there was the.com, boom, there was the.com. Bust and then y2k. And I’m sure that was all part of it. So much learning. Yeah, yeah. And then. So then coming out of that, I mean, how did you get so to HSBC? And and maybe talk a little bit about that. But yeah, we’d love to hear about your journey as it continued.

Farshad Abasi 22:26
Yeah, no, I think, as I said earlier, part luck part, you know, making choices. But like, let’s talk about the security right. Even before HSBC, I was working at Intel as a software engineer. And one of my manager managers worked at the local BCIT, which is why what I teach now, he sent an email and he turned, the whole team is like, hey, the other instructor who just quit, like the course starts this week, and this guy quit. And he’s teaching security is anyone in the team interested in teaching security, I mean, we are software engineering team, but he just shot in the dark. And you know, I was working on security aspects of our product. And so by luck, it’s always happened to me that wherever I work, I get assigned to as an as a software developer, I was not assigned to build that security thing, right. So when I worked at Motorola, I got my managers like, guess what you’re, you know, you’re going to work on GPRS. But you’re going to implement the authentication piece. So when customers connect to the GPRS network, you know, it authenticates them. And it gives them access to the particular services and particular internet gateways they should have access to, and all that kind of stuff. So I had to learn how like radius authentication or sa PPP works, or the security of authentication authorization frameworks. That was it wasn’t by choice, it just happened. And then my next job, I didn’t tell, my boss was like, Oh, great, you can work on a similar thing. We worked on a, you know, intelligent, ADSL piece of hardware called a D slam. And I got assigned to work on the authentication and authorization, those kinds of pieces. So somehow, that wrote on my forehead that Farshad like security, I don’t even know it. And they just kept assigning me to these things. And then so when, when I worked at Intel, my manager sent that message about teaching, I put my hand up, I said, You know what I’ve never taught. But over the course of my software development and engineering work, I’ve had lots of experience with security, like I built, you know, I contributed code to iOS 11. For the PPP authentication, I learned everything there was about iOS by having worked on it, I learned, you know, security by working on Motorola’s GPRS products I, when I built that E commerce platform for that, for that company. We got hacked, right. Like, we don’t have all the classic web application problems that happened to me, right, like we got our database dumped, you know, every credit card like 80,000, or however many credit cards got exposed, your shopping card got exposed. All those classic web application problems happened to me as a developer, and I knew I knew how that I knew about those things because I read up on it and try to deal with it. So I thought I’d give teaching a shot and they interviewed me they said, Well, you don’t have experience teaching. I mean I TA that university as a teaching assistant, but I hadn’t formally done that. They gave me a shot and then I guess I must have done something right. And then they kept me around and I’m you know, it’s that was what like 19 years ago now. I’m still doing it. So I you know, and that was kind of like luck at the right time. You know, it was sort of that thing, right? Like me putting my hand up at the right time. The next thing I know, I’m teaching a security course now. It that was 2002, I continued to do software development until, you know, in that in the IT field until about 2008. HSBC thing that was also kind of accidental, I was having lunch with a friend and he worked at HSBC. And he’s like, Hey, fresh? Are you thinking of changing jobs? Or like, No, I’m happy with my current job. And he’s like, you know, you should consider it because HSBC has their global center of excellence in Vancouver. And I’m like, No way. I had no idea that they had a massive development center here. That was my number one, question, surprise. And then the second thing is like, apparently, this thing is 700%, large. And they’re building all hspcs flagship applications that are used globally, in the center in Vancouver. And I thought, Hey, that sounds really cool. I should give it a try. So that a posting for a security architect for a senior security architect, and I’m like, Whoa, okay, well, I’ve never had full-time security on a security job. All my titles have been software developers, software engineer software, something or IT manager like, I’ve also done a lot of work in the, in the network and sysadmin side of things, right, I spent about five years, building networks, and being a sysadmin, and all that. So I’ve got great experience on building things, never a full-time security person, I applied for the job. Again, I must have said the right things because I got the job. And next thing I know, I have a title of senior security architect, a senior security consultant at one of the largest banks in the world. So, in the beginning, was scary, because I thought, What did I get myself into. And you know, I had to work extra hard. I remember like that first six months, I was working Friday night, seven o’clock, my friends are at the bar, they’re asking where I am, I’m like, I’m still at work. As I’m trying to figure out, I got myself into this position. And there’s a lot of gaps, and I want to learn and I want to impress them, I want to show them that they hired the right person. So I went over and above what was expected for me. And I just studied and learned everything there was about application security, so I could fulfill the role that I was put into, which was being you know, leading the security architecture for some of the largest systems in the world. Like, I’ll give you an example. One of the systems I worked at HSBC net is, is I believe, is one of the largest enterprise applications there is composed of over 400. Jar Java jars, Java applications, and it’s used by Microsoft, Nike, Amazon, they use it to like, you know, do all their internal enterprise banking. And you know, this is something that I ended up working on, which was really, really cool, but scary at the same time. So yeah, that’s how I ended up there apart lock Park, being at the right place at the right time, and standing up and putting my hand up and going for it. And I guess, partly also written on my forehead that I like,

Jason Baum 27:32
some of this stuff, for sure. I’d like security.

Farshad Abasi 27:35
Didn’t know, I guess I didn’t.

Jason Baum 27:38
Well, someone picked a good career path for you. Pretty much. Yeah. Well, no, I mean, it’s great. And you know, we actually talked about imposter syndrome actually, on this podcast in the past. And that, especially like when you get a position, and you’re like, your own self-doubt, like, do I belong here? Like, I’m here? Do I belong here? And it’s, it’s interesting to hear how many people I think so many people feel that way. And then going that extra mile to kind of prove yourself

Farshad Abasi 28:07
that that web development job that for that ecommerce platform, that’s exactly what it was because I was fresh out of university, only thing I built was projects for my classes. And all of a sudden, they’re like, oh, zero, massive Canadian retail chain, you’re gonna go build this thing for them that’s going to sell CDs. Like I literally was like, Oh, my God, what did I get myself into? I remember that. The moment my boss was like, so yeah, next week, we’re gonna see a demo. And he drove away. And I’m like, Oh, I better go and download, I went in right away, downloaded that how-to on Pearl. I’m like, here’s the quick start guide on Pearl. I better learn this. And in two weeks, I learned Perl, I’d mastered it. I’m like, Okay, I have no choice. Because I’m in this position. I don’t, I’m not going to disappoint them. And my usual default mode is don’t disappoint, go learn it no matter what it takes. And that’s what I did have, you know, built it and, and no part of it was in use until the company. They shut down operations in 2005, I think, but they were still using that stuff that I built in the late 90s. For them, a majority of it was still in use, which was awesome.

Jason Baum 29:00
That’s awesome. So I guess the motto here is you’re not afraid of a challenge.

Farshad Abasi 29:05
No. And there are always challenges in software in our field. Absolutely.

Jason Baum 29:09
So what’s some wisdom, you know, maybe that you teach your class, I would love to hear that. But like, that you can kind of give to our listeners who might be unsure what they want to do. Maybe they’re life sciences majors, and they’re sitting at home listening to this, but what kind of advice can you give to those who might be earlier in their career right now and choosing the path that they’re going to go down?

Farshad Abasi 29:32
I think Yeah. I think that the biggest advice is like, don’t narrow your focus on the thing that you’re working on. And, and really learn how stuff works, right? I remember at Motorola I had a colleague my role at Motorola was very narrow and then a lot of the companies you know, you’d work on a tiny little piece right like before Motorola, I worked at that retail chain the sound and I was full stack I’m building databases front and back end is selling the server running this stuff, maintaining operations, I’m doing everything I’m learning, not only how to build it, how to deploy it, how to maintain it. That’s what today’s DevOps is about, right? You used to get that experience working at a small company. It wasn’t that it was called fancy DevOps. It was like, Well, you have two people, you got to do everything. That’s what it was, right? It’s like when I moved to low toil, I’m like, Whoa, wait a minute, all of a sudden, here, I get to write a couple of pieces of code that contribute to this, you know, so I was in the team that created a routing gateway for the GPRS. Network. And so it was like, Yeah, you five people get to write the code and Farshad, you get to write the authentication piece. And I’m like, Oh, do I get to install the stuff after? Do I get to plug it all together? Like, no, no, no, you write your code, you check in your code, someone packages it, someone else takes it passes it. And then when it’s tested and packaged, there’s an AI operations team, they’ll go and install it and deploy it and run it. And they do all that stuff. So you’re far removed from what else is going on. To me, that was a shock, because I came from that small company thing where you needed to do everything right, like, quote, unquote, DevOps, as we call it. Now, but But you know, that one of my colleagues, we were going for lunch. And for me, that’s not good enough. Like, I need to know how everything works, like it’ll show you gave me this slice. But as an engineer, I wouldn’t read up on how all of the other pieces of the GPRS network work end to end from the cell phone to the base station, to how the base station distributes all the traffic and how the switches work at that level, and how our piece integrates with the rest of the system. Because to me, that’s really important to have an understanding of how what you’re building impacts the rest of the environment or the rest of the architecture, if you will, a colleague at lunch, I was like, hey, so you know, aren’t you excited? We’re gonna be deploying this. And I know, I was telling him that I wouldn’t think but that the phones that support our, you know, our GPRS network and let you know what he said to me, he’s like, Farshad, not interested, like, I come here, I write my code for what I’m doing. And I go home, don’t bother me with the rest of it. And I, I was shocked. I’m like, how could you not be interested in what how what you’re building contributes to the rest of the system and how it fits within the rest of the system, right. And it’s pretty sad. But sadly, I find that a lot of people are in that position, they don’t stick their head out and look around and see, hey, I’m building this, but what does it mean, within the bigger context? What is the impact of what I’m building on the rest of the system? How does the rest of the system integrate with me? And how does the whole thing work? Right? If you get that understanding of how the whole thing works, and how that will be a huge advantage that you’ll have as a software engineer or developer over a lot of other people, and you’ll be able to contribute in a lot more meaningful way. And so that’s my one of my biggest advice is that if you want to succeed, and you want to contribute in a meaningful way, figure out how what you’re making works, how it works within the rest of the bigger picture, and kind of look at look at that view,

Jason Baum 32:37
essentially, that’s great advice. And that can be taken for anything. I mean, that’s really applies to anything, not just you know, with engineering or anything. It’s like that’s a great way to approach anything that you happen to be doing. What how does it work holistically, what is its purpose in what I’m doing? I think that’s great advice. So one of the questions that we asked towards the end of the podcast, we kind of surprise you. If you’ve listened to the podcast, you might know what I’m going to ask. But so what is one unique thing about you that maybe you haven’t shared publicly, maybe it’s not something that you’ve shared with colleagues? And just to give you an example, while you think of the answer, no, we’ve had people, multiple people actually, who have hiked the Himalayas, I found out are jazz musicians. So what is your one thing?

Farshad Abasi 33:28
I have a lot of one things, as you can tell, I’m interested a lot of things, right. I mean, I guess the thing about me is, that’s not as well known as I’m at music. I love music. As much as I’m passionate about computing. I’m also quite passionate about music. So I produce music, electronic music. I’ve been DJing for 25 years. And I collect, I’m a collector. So I mean, as a child, I was always a collector. So I collected, you know, comic books and all that stuff. But as you grow up, you know, being a collector, I’m like, hey, what do I collect now? And music was a great thing. And I worked at music stores and all that type of stuff. So I started collecting that. So in the 90s, I ended up, you know, just really getting into it, my CD collection grew to be like 1000 CDs, but then CDs got to be uncool. It’s funny enough, because, you know, they got rid of records in the early 90s. And then when they got rid of them, they became cool. So that all of a sudden by the mid-90s, records are cool. And CDs are not cool. So I was like, oh, man, nobody wants that. So I started collecting records. And now I have a record collection that’s about over 8000 records and every genre I’ve got like basically anything that’s been popular from the 70s Until now, if you need to have it if it’s an essential record, I have it in my collection. I love meeting fellow audio files. Yeah, yeah. And you know, and obviously, the focus of it is like I’m passionate about like that. I got into all this stuff, partially to the DJ through computers, right, because computers had electronic music. I was, you know, I was reversing demos, ripping off music off of demos and it was all electronic music and then that’s how I discovered who prodigy was are all those electronic artists through. You know that the demos that I was getting the music from then I Hey, that’s a cool genre. So I really got into dance music and then went pretty heavy on collecting dance records, I have like a million dance singles, everything you can imagine, a lot of them are quite collectible. So that’s, that’s interesting about me,

Jason Baum 35:12
I’m going to start the musicians of DevOps because I think that there, I, you are now the second DJ that or maybe a third, who we’ve had on the podcast, you know, passionate about music, there’s a scent there is a theme here underneath at all with how many musicians we have on this podcast

Farshad Abasi 35:31
less so now. But back in the in the.com days, a lot of my programming friends were also DJ so it was a thing is like, you know, your work programming during the day, and then do all DJ on the side like committees, that kind of stuff. Yeah, music and I’m not, we’re not talking about like wedding DJs and for top 40 clubs, but people that were loved music, a lot of them were programmers AND, OR, and also a climber. So that was another thing. A lot of rock climbers, also programmers. So there’s something about rock climbing and electronic music that the programmer mindset is attracted to. So

Jason Baum 35:59
I was a psych minor dropout. So that would be an interesting project to work on. Well, Farshad this has been an awesome conversation. I really appreciate you coming on the podcast. Please come back another time because this is this was great. We could probably go on for another two hours or something

Farshad Abasi 36:16
talk and we didn’t talk about hacking demos and stuff. We can talk about that in another Yeah.

Jason Baum 36:19
Oh, we’ll definitely talk about that another time. Maybe that’s the gray area version of this podcast. Farshad thanks so much for coming on. My pleasure. My pleasure. And thank you for listening to this episode of the humans of DevOps Podcast. I’m going to end this episode the same as I always do, encouraging you to become a premium member of DevOps Institute to get access to even more great resources just like this one. Until next time, stay safe, stay healthy, and most of all, stay human, live long, and prosper.

Narrator 36:49
Thanks for listening to this episode of the humans of DevOps podcast. Don’t forget to join our global community to get access to even more great resources like this. Until next time, remember, you are part of something bigger than yourself. You belong

Graphic of person with laptop for Upskilling IT 2023 Survey with button to take the survey

Community at DevOps Institute

related posts

Get to Know the Singapore SKILup Festival Speaker Lineup

Get to Know the Singapore SKILup Festival Speaker Lineup

The first-ever DevOps upskilling experience in the Asia Pacific region–SKILup Festival: Singapore–is quickly approaching on November 15, 2022, taking place at e2i West Venue. This is going to be an EPIC in-person one-of-its-kind event as Developers, IT Operations,...

[EP 89] Cybersecurity with a Song featuring Rachel Tobac

[EP 89] Cybersecurity with a Song featuring Rachel Tobac

Episode Details Episode 89 of the Humans of DevOps Podcast features Rachel Tobac. Rachel is a hacker and the CEO of SocialProof Security where she helps people and companies keep their data safe by training and pentesting them on social engineering risks. Rachel was...

DevOps Institute Announces Singapore SKILup Festival

DevOps Institute Announces Singapore SKILup Festival

Early Bird pricing and registration is now open for the conference dedicated to empowering the people who power IT LEHIGH ACRES, Fla,–Sept. 27, 2022 – DevOps Institute will host SKILup Festival in Singapore on November 15, 2022. The event will empower the people who...