Meet your MCRTP Bootcamp instructor: Filip Jodoin
We sat down with Filip Jodoin, Penetration Tester and Pwned Labs instructor, to find out more about his cybersecurity journey, and what he enjoys when he steps out from the office!
So tell us a bit more about who Filip is!
Well, I’m a half Swedish, half French-Canadian kiwi who lives in Montreal. I am a member of the Ordre des Ingénieurs du Québec (OIQ) and work as an ethical hacker at Packetlabs, leading the Microsoft Cloud penetration testing services. I am looking forward to leading the next Microsoft Cloud Attack and Defense bootcamp with Pwned Labs in May.
How did you become an ethical hacker? Did you always know you wanted to work in cybersecurity, or did it happen more by chance?
Haha, a very good question! My dad is an electrical engineer, and I’ve always had a mentality of wanting to find out how things work. So, following in my father’s footsteps, at university, I trained as an engineer as well; a computer hardware engineer. Whilst I was studying alongside software engineers, I learned a bit about the risks of code security, but it was when I came across an article on CPU abuse, that I literally was knocked off my chair, and needed to learn more, so I jumped down the rabbit-hole! From there I was fortunate to gain a role in the government as a cybersecurity analyst, before moving into the private sector and continuing to grow and expand as an ethical hacker.
Cybersecurity can be pretty intense - how do you manage your workload and avoid burnout?
This is really important - it’s very easy to go down the different rabbit holes to indulge your curiosities, and one of the most important skills I’ve developed (as someone who is chronically curious) is how to manage your time. Because of the work that I do, it’s not just about spending hours or days on one project, but having to manage multiple clients and projects, and so I break my day up into two-hour blocks to ensure that I’m spending my time efficiently.
Whilst moving from different projects helps keep the brain fresh, it’s also vital to be able to step away from the screen and enjoy some time offline. I’m fortunate to have family and friends close by, and we often connect over food and company. I also enjoy exercising, either in the gym or climbing, and I like to learn new things by listening to audio books, whether that’s history, finance, politics, etc.. For me, so far, swapping between mental and physical activities has helped avoid cyber-burnout!
What led you to be the lead instructor for the MCRTP bootcamp?
I've always loved sharing knowledge, whether that’s in-person or online, having the opportunity to help others gain cloud skills is a perfect opportunity to push myself to the next level. I was a Teaching Assistant at university, and since then I’ve led a number of training sessions across different companies on cyber security topics, so when I got involved with Pwned Labs, initially as a community member, and more recently supporting some of the sessions in the Discord, it seemed a perfect fit.
How will the experience of the MCRTP bootcamp differ from previous sessions?
For a start, it will be building on the great work that Ian and the team have been doing. It will include relevant Microsoft Cloud Updates, such as Entra Session IDs on tokens, and go deeper into more of the theory to help people understand more of the “why”. This is not to say that it’s been lacking in the past, but due to time constraints, a lot of these more theoretical conversations took place in Discord, and that could have led to people missing them as the thread could be buried deep by the time they come back online - by bringing these into the main sessions, hopefully everyone will get the full experience. Due to this, what you may notice though, is that the session will probably end up running a bit longer, so we’ll be having to manage time effectively!
Final question - looking ahead, how do you see cloud security evolving over the next few years, and where do you see yourself fitting into that future?
Well if I knew this, it would take most of the fun out of it! Seriously though, it is so difficult to be able to say with any certainty what’s coming as this industry moves so fast. The things that I think we’ll need to focus on are:
1. Cloud is only going to grow, and we should expect more organisations to require the skills to manage their instances. However, tied into this we are likely to see a massive increase in multi-cloud architectures, which is going to deliver a whole new set of challenges for businesses, as cyber teams are going to need to have deep expertise across multiple areas, and a breadth of knowledge required that ensures you are protected.
2. Obviously AI is going to heavily impact the future of cyber - whether it becomes a never-ending cat and mouse of red vs. blue AI agents, highly convincing social engineering powered by AI agents, or whether there are new attack paths the agents could devise. What is critical is that businesses are able to move fast to meet these new threats and protect themselves. For example, I recently dabbled with a new graphing tool which can leverage AI Agents and recommends different potential attack paths to test as part of a pentest - and these are only going to get more powerful!
3. The final piece that looks likely to become more of a focus is 3rd party and supply chain attacks (think about the 2024 xz backdoor). If we see that core businesses are becoming better protected through the use of better training, AI agents and more stringent platform configuration settings, today’s attack paths may no longer be viable. Launching a third-party supply chain attack may become the most likely point of entry. In any case, humans remain the weakest link, and with AI-powered social engineering, phishing will become a daily occurrence - let's just hope our tokens are truly phishing-resistant!
Thanks Filip! 😎
Filip will be leading the Microsoft Cloud Attack and Defense bootcamp, starting May 3rd. You can find out more about the MCRTP bootcamp here:
https://bootcamps.pwnedlabs.io/mcrtp-bootcamp