May 1, 2020 • 33 mins
Once known for wrestling a bear, Phillip Wylie is now a leading penetration tester and mentor to many. In this episode, he tells our host, Jason Nickola, the story of his unlikely path to cybersecurity and how it's become a career he "lives and breathes."
He offers advice on how to become a mentor to others trying to build their career, as well as ways to overcome common fears like public speaking. Phillip and Jason also discuss the importance of sharing knowledge through teaching and community participation to increase confidence and learn new skills.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Jason Nickola (00:02):
This is“Trust Me, I'm Certified,” brought to you
by GIAC Certifications, apodcast exploring how to conquer
imposter syndrome.
I'm your host, Jason Nickola,and today we have Phillip Wylie
to talk about mentorship andteaching as a way of not only
learning the ropes, but alsobecoming a larger part of the
InfoSec community.
(00:27):
Hey, welcome to“Trust Me, I'mCertified.” Thanks a lot for
being here.
My name's Jason Nickola.
I'm your host and with us wehave Phillip Wylie.
Phillip is going to give us someinsight into his background as a
security professional and helpus dig into the importance of
mentorship and cybersecurity.
So with that, Phillip, thanks alot for being here.
Phillip Wylie (00:49):
Thanks for asking me to join you, Jason.
It’s an honor to be on yourfirst podcast.
Jason Nickola (00:52):
Yeah.
I've heard you called the ChuckNorris of InfoSec by others in
the past.
So I'm interested to dig intosome of the things that we're
going to cover here and yourbackground.
Phillip Wylie (01:01):
Okay.
Jason Nickola (01:02):
So let's start with your journey to InfoSec.
What was Phillip Wylie'sprofessional life like before
you started working intechnology as you’re kind of
trying to figure out what it isthat you want to do?
How did that look for you?
Phillip Wylie (01:17):
Yeah, so I’ll kind of give you the scenic
route.
I had an unusual path intoInfoSec.
When I was in high school, Ireally didn't know what I wanted
to do once I got out of highschool.
Some of my friends, since Icompeting in powerlifting and
lift weights, they said, you'rea big guy, why don't you go into
pro wrestling?
And I really hadn't thoughtabout that, that really sounds
kind of cool.
So I signed up for wrestlingschool.
(01:40):
I tried that for a few years.
I actually was doing televisedmatches and I got married and
decided to get out of it becauseI wasn't making enough money.
Jason Nickola (01:53):
Right.
Phillip Wylie (01:54):
As a wrestler and needed more stable careers.
So I kind of got out of that,worked in retail, a manual
labor, a lot of different typesof areas and nothing really
clicked, nothing I reallyenjoyed.
And one day I was watchingtelevision and saw a commercial
for a trade school and they hada computer assisted drafting
(02:15):
program.
So I went to school and learnedAutoCAD and became a draftsman.
And while I was working as adraftsman, I found out that I
had more of a natural abilityand knack for computers.
This was in’93,‘94 when I firstgot my first CAD job.
And before that I had noexposure to computers and from
(02:36):
working with them, people wouldhave problems, and I would
figure out how to fix thingsbecause back then, not a lot of
company had their own ITdepartments.
Jason Nickola (02:46):
Right.
Phillip Wylie (02:47):
And so that seemed a lot more interesting to
me.
And I was working for a companyand we had the consultant come
in and he was certified inNovell NetWare.
He was a CNE and they werebilling$50 an hour, which we
were making 15 bucks an hourwhere I worked, we were being
billed at$30 an hour.
(03:07):
So I'm thinking, this guy'smaking more money than I am.
I need to do what he's doing.
And it seems a lot moreinteresting.
So I taught myself how to buildcomputers.
And then I ended up taking aNovell NetWare network operating
system course, which lastedabout 90 days.
This was in‘97.
It was back when the dot comboom was really taking off.
So there's a lot of sysadminjobs.
(03:29):
So I got a job as a sysadmin.
I did that for a little over sixyears, moved into information
security.
First year and half I was doingnetwork security, working with
firewalls and intrusiondetection systems, and our
company got a new CISO and hehad more of a modern idea of the
(03:49):
way cybersecurity programs wererun.
And so he took us all of asudden, and the team did the
same exact thing.
So he split us up into differentfunctions.
And fortunately, I got movedinto AppSec, which really got me
interested in pen testingbecause I was using web
application vulnerabilityscanners.
I was starting to learn aboutpen tests.
(04:10):
And then in 2012, the company Iwas working for, they were
getting out of the mortgagebusiness and they said if they
couldn't sell the mortgagecompany, they were going to
close it down.
So fortunately I found a job inconsulting as a pen tester.
And so that's how I got my footin.
And out of all the things I'vedone in my career, it's been the
(04:30):
most enjoyable.
Coming up in March will makeeight years that I've been
working as a pen tester.
I've been in IT and cybersecurity for a little over 22
years.
This January made 16 years sinceI moved into InfoSec.
So it's been a really greatchange.
I've really enjoyed being anInfoSec from the beginning and
(04:51):
then getting into pen testing.
It's really kind of one of myhobbies.
I live and breathe this stuff,so I like it to share that with
other people.
So it's been a good fit for me,a really good career move.
Jason Nickola (05:04):
So that's such an interesting journey because as
you are going through yourdevelopment and building your
skills, you're almost doing itin tandem with the industry
overall and just the marketoverall deciding that hey, this
security stuff is something thatwe have to pay attention to.
So as you're building yourcareer, it's almost like there's
(05:27):
this platform ahead of you of acyber security industry that is
just ready to catch thatmotivation and that curiosity as
you're building those skills.
So it's a nice little match ofthe timelines there.
You got to develop your skillsearly on and then everything was
kind of laid out for you to tryto move into cybersecurity,
eventually into pen testing asthings are really coming into
(05:48):
their own as an industry.
Phillip Wylie (05:54):
Yeah, it was really fortunate because the
thing I was doing was what Iwanted to do.
And fortunately there were a lotof career opportunities and the
salary was good.
So that was really fortunate.
Jason Nickola (05:58):
So you mentioned learning about computers at the
office and you didn't have a tonof background or experience with
them before, but then you movedinto starting to build your own.
I'm just curious, what were someof the resources that you used
to be able to figure out thingslike that?
Because today in the modern daythat anything that you want is
right at your fingertips justwith a Google search away,
right.
But that hasn't always been thecase, especially for things that
were more technical or complex.
So where you kind of justhacking at it until you figured
it out or were there someresources or even people maybe
that that were really valuablein trying to get that stuff
figured out?
Phillip Wylie (06:45):
Actually where I was there back then, like you
said that there weren’t all theonline stores like there are now
to order components and stuff.
And fortunately the Dallas areahad a lot of stores that sold
computer components and one ofthe guys my wife used to work
with, she worked in healthcare,he had a side business doing IT,
computer repairs, and differenttechnology related services.
(07:09):
And he had shared with me theresources, places where he got
his parts from.
And so I went and got the partsand put it together and just
kind of followed what littledocumentation came with it.
And that's how I learned.
And it was a big learningexperience.
Just learning how to put acomputer together, how
(07:29):
everything works.
Because when you do that, noteverything works right the first
time.
So you get a littletroubleshooting experience from
that.
Jason Nickola (07:40):
Absolutely, yeah.
And little did you know backthen that, fast forward to your
life as a penetration tester andthere's an entire career in
trying to get things figured outand just sticking with it until
things bend the way that youwant them.
So I find, and I don't know ifyou echo this sentiment, but I
find that people who haveextensive backgrounds in
troubleshooting professionallyor even just in their personal
lives, it translates really,really well the cybersecurity
because a lot of what we'redoing, especially in the
offensive arts is just kind ofstabbing at stuff and trying to
figure things out until we canstart to make things click.
Especially when you're startingout with very little information
or poorly written instructionsor manuals, right?
Phillip Wylie (08:21):
Yeah, I agree.
And troubleshooting's big,that's one of the things people
overlook because when I wasworking one of my first sysadmin
jobs, the first couple of jobs Idid were just basically install
after install and I went to workfor this company and their
environment had just kind ofrapidly grown.
They had acquired a lot ofdifferent mortgage companies.
(08:41):
Stuff was constantly breakingand there were three of us that
were on call, we would trade oncall and it felt like you were
there all the time and I wasreally close to quitting.
But then I stopped and steppedback and look at the situation.
I had all this extensive installexperience and I could install a
network operating system in mysleep, build computers and all
that.
But the piece I was missing wasthe troubleshooting.
(09:04):
So I stuck it out and it was avery valuable experience.
Like you said, that's a neededskill for security, especially
offensive security.
Jason Nickola (09:15):
Sure.
We talked a little bit about thegrowth of the industry and we're
at a point now where people whoare just coming in can be cyber
specialists, right?
And so they haven't necessarilyhad the background of being an
sysadmin or a networkadministrator and maybe don't
have as much expertise introubleshooting and they're just
exclusively focused oncybersecurity.
You do a lot of mentoring andyou're in higher ed and you do a
(09:40):
lot of teaching in thecommunity, which we'll get into.
But do you see that as apotential issue in trying to
flesh out the skills of somenewer people to the industry
that some of the backgrounds innetworking and systems
administration and things likethat aren't necessarily there
and what can we do to try tofill more of that in?
Phillip Wylie (10:03):
Yes, I totally agree with that.
And one of the things peoplethat are wanting to get in need
to understand, you need to buildthat base.
And one way you can look at itis like a college degree.
You take certain classes forthis certain degree for a
reason, your reading, yourwriting, your communication
skills, as well as thetechnology, and from a pen
tester perspective, if you'rewanting to break into something,
if you know that technology andhow to secure that technology,
it makes it easier to breakinto.
So yeah, a lot of people aremissing the fundamentals and the
basics and it's not wasted timebecause as a pen tester you get
command line or a shell to asystem and you know Linux
command line or Windows commandline, you're going to get a lot
further than someone thatdoesn't have that experience for
sure.
Yeah, you could still get it,but you're going to be doing a
lot of Googling and a lot moretrial and error and it's going
to take you longer to do thattask than someone that had the
background
Jason Nickola (10:57):
For sure.
Phillip Wylie (10:59):
But I think people really need to look into
getting those basics.
And even if they go through someof the basic certs before you
move on into cyber security,understanding how operating the
systems work and understandinghow networks work.
And then getting into some entrylevel security stuff.
Jason Nickola (11:19):
Right.
So at what point did you firststart to notice a formal
industry and cybersecuritytraining and certification and
what's some of your backgroundwith the training courses and
certifications?
Phillip Wylie (11:32):
Seems like a lot of that started catching on I
guess 2008 or 2010.
The industry had been out therefor a while.
There was a few courses and thetraining I got security wise was
related to pen testing.
And I remember back then one ofthe first courses I took, back
when I was getting into securitywas Foundstone had their
(11:53):
ultimate hacking course, youknow Foundstone, the writers of
the hacking exposed books.
Jason Nickola (12:34):
Right.
Phillip Wylie (12:35):
So I went through some of that.
There wasn't a lot of- thetraining back then was more
vendor specific.
So if you wanted to getcheckpoint firewall certified,
there was stuff related to thatand so it was more vendor
specific.
Now I'm seeing more vendorneutral stuff like SANS and some
of these other courses that aremore vendor neutral, which I
think is a lot better way tolearn.
That way you're not learning howjust to use a product, you're
understanding firewall rules andhow to configure those.
Jason Nickola (12:37):
Right, absolutely.
So you are very focused on kindof giving back and training some
of the next crop ofcybersecurity professionals.
Talk for a minute about some ofyour experience with mentorship.
Is there someone when you werecoming up, you mentioned your
wife's coworker who kind of gotyou started in catalogs and
where to order computercomponents.
Is there someone who showed youthe way or maybe had a path that
(12:59):
you could follow as you startedto develop your skills and, and
how has that been for you inbecoming what you are now, which
is one of the more well-knownmentors in the cybersecurity
industry?
Phillip Wylie (13:18):
Yeah, the approach I took and really
actually wished I had taken moreadvantage of mentoring and
really didn't think about itmentoring back when I was
getting started out.
But fortunately I had a coworkerthat we worked on the same team
as sysadmins and when he movedinto the security team it got me
interested in security and hewould share information with me
and I started to do the samething before I got into really
(13:41):
mentoring.
I guess I was kind of mentoringat some point, I would talk to
people that were interested inbecoming pen testers and I would
share resources with them.
And you know, by having a mentoror someone that's been there,
done that, you can really filterout some of the resources that
are not good because there's alot of information out there and
it's not always coming from agood source.
(14:03):
So it's good to have that goodsource or mentor that can really
help there.
So my starting out as mentoringwas just sharing information
with people at local meetups.
And then some people were alittle long-term mentoring.
I have a good friend of minethat I knew from my CAD drafting
days when he was trying to getinto security from IT.
We reconnected and I'd kind ofmentored him over the years.
(14:24):
And now he's actually in pentesting but started out just
sharing information and then oneof the things about mentoring is
mentoring doesn't all come inone size because there's
sometimes people on Twitterthey'll do like a Mentor Monday.
So someone's looking formentors.
You can look out there for thathashtag.
And if I find someone that needshelp, I'll talk to anyone and
(14:45):
just see what level of help theyneed, if they need a lot of
help.
Maybe at the time I've got toomany people I'm mentoring, but a
lot of times it's just peopleneeding to be pointed in the
right direction, just someresources and a starting point.
I have a lot of people onLinkedIn and Twitter that'll
(15:06):
send me direct messages askingthat.
But going to the local meetupsis was one of the ways I like to
network with people andconferences to meet people that
I can help out.
And I like to do workshops atconferences and webinars and
things to teach.
So it’s a very enjoyable thing.
An interesting thing about thatis, before I got into running my
(15:28):
own meetup, I started the PwnSchool project, which is
educational based.
But before I started that inteaching, I would watch like a
hundred movies a year, at leasta hundred movies in the theater.
So I love movies.
And then I noticed afterstarting Pwn School in 2018 and
I had started teaching thatyear, I was looking at my own
(15:49):
movie list and I thought, I'mnot gonna make a hundred this
year.
But one thing is I noticed wasthat I was a lot happier from
it.
And what things I like to giveanyone, if your purpose in life
or things you're trying to do,if you do it with a good intent,
I believe that you're going toreap success because a lot of
things I've done, I don't teachto make money, but it brings me
(16:10):
happiness.
But you know, I really haven'texperienced other activities.
Jason Nickola (16:13):
Right.
Yeah.
I can absolutely echo that.
One of the best pieces of adviceI ever got was to just focus on
doing the right thing and givingback and trying to bring as many
people along for the ride andimprove kind of the station of
as many people as you can andsuccess and happiness will kind
of take care of themselves.
And that is certainly been myexperience with it.
And it sounds like you're kindof in the same boat.
Phillip Wylie (16:38):
Yes.
And one of the things I'venoticed too is that things have
shifted because back when I wasgetting started in IT back in
’97, there were a lot of peoplethat didn't want to share
information because it was theirjob security.
They wanted to keep that edgeand so they didn't really share.
But I'm finding more and morepeople are opening up to it and
then leading as an example, somepeople see you helping out in
(16:58):
the community and inspires themto do the same thing.
Jason Nickola (17:50):
Sure.
Yeah.
Especially where somebodyvolunteers their time and maybe
they give a talk at a conferenceor they go to a workshop and
they teach somebody TCP/IP orsomething like that, share a
little bit of their story asyou've done here.
And I find that it can be soimportant for people going
through the process just to hearfrom and see and interact with
other people who have gonethrough the same kind of thing
(18:12):
and been very successful indoing that.
So when you’re trying to learnsomething complicated and not
quite getting it or looking forthat break, or kind of looking
for a shoulder to lean on to tryto discuss what some of the
troubles are, when you hear fromsomeone that looks like you or
sounds like you or comes fromwhere you came from, doing the
things that you want to bedoing, it's really motivating.
It can help you move throughsome of those difficulties and
getting started because there'sa lot and that's complicated
stuff.
And if you don't take time tonetwork and establish a
community and find a mentor,then it can be really difficult
to work your way through it.
Phillip Wylie (18:14):
Yeah, I agree.
And as far as the mentor goestoo, it's really cool when you
have these stories from peoplethat you helped out at one time.
And that's the reason I reallyencourage mentoring because you
don't understand sometimes thelittlest thing and how much it
means to someone, because I'vehad people come up back from my
CAD drafting days.
There was a guy that I workedwith that he ran blueprints and
did general office stuff andshowed him a little bit about
(18:37):
AutoCAD.
And he became a CAD draftsmanand later moved on to IT and we
met for dinner one night.
He reconnected and said, Iwanted to thank you for what you
did to help me, it changed mylife.
And it really wasn't a lot thatI did, but it meant a lot to him
and helped him.
So when you start getting thatfeedback, it motivates you to do
more.
Because I mean, I'm apowerlifter and I've helped some
of the first mentoring Iprobably did was coach people
(19:00):
and help them with routines.
But the thing I find mostrewarding about stuff career
wise is you're helping someoneput 20 pounds on their bench
press, after a year or two,that's not gonna mean so much.
But when you help someoneadvance their career, learn
something, that's a lifetimething or building block to the
bigger things for them.
Jason Nickola (19:22):
Absolutely.
Yeah.
So you've done a fair amount ofmentoring at this point and I'm
sure that you've seen even someof your mentees move on to have
some success in the field andbecome mentors themselves.
What are some of the things thatyou would recommend for someone
who thinks, I have a little bitof skills and I have some
knowledge and I have aninteresting path and experience
(19:44):
that I'd like to share withother people.
How do you get started being amentor?
Phillip Wylie (19:50):
I think attending different local meetup groups,
conferences or even socialmedia, cause a lot of times
people underestimate themselvesbecause, okay, say if you're on
help desk or maybe you're asystem administrator, you got
someone just trying to get intoit that doesn't understand and
you have a lot that you canoffer.
Even if you're just knowentering into a help desk,
there's things and experiencesyou can share with them that
(20:13):
will take them years toexperience.
So I think a lot of times peopleunderestimate themselves.
Try to help out.
You know, if someone needs help,offer your advice and a lot of
cases you're gonna find peopleyou can help.
If this particular person youcan do only so much for, there's
some people that you can domore, but just as you get
(20:33):
started with it and if youreally like mentoring, the word
gets out because people willrecommend you, but yeah, just
interacting with people.
If you're going to collegesomewhere, if you've got someone
in your class that's not gettingit, help them out.
(20:54):
Because I remember when I wasgoing through CAD school, I had
a hard time with the computerside of it and it ended up being
the part that worked the bestfor me.
It's just once people learn andget that experience then they
can advance from there.
But yeah, definitely just thedifferent social events and
through social media.
The thing too is once you mentorthese people, then they're
(21:15):
coming back with tools andarticles and stuff that help
you.
You've got the same interests.
They're building experience andas they're learning stuff, and
especially when people are new,they're doing a lot more
research and studying thanprobably the average person.
So they run across stuff thatyou may not.
So it's kind of a way to havepeople almost researching for
you, you know?
Jason Nickola (21:38):
Yeah, it definitely works both ways.
And I find that you mentionedpeople wondering whether or not
they have the knowledge orskills to really translate that
to anybody else.
Like what do I have to offer issomething that I hear a lot.
But everybody has something thatthey can teach others.
And not only that for you tolearn a subject enough to be
able to teach it to someone elseso that they can use it and
practically apply it is areally, really important part of
the learning process foryourself.
Right?
So teaching it is kind of thenext step of learning it, right?
So you learn it, you teach it,and that is so important in the
trajectory of anybody who wantsto become really well-crafted in
their field I think.
Phillip Wylie (22:28):
Yeah.
Totally agree.
To be able to teach someone howto do things, you go back
revisit tools or something youhaven't used in a while and
maybe you research a little bitmore to see some of the
functionalities.
So yeah, definitely teaching forme was I wanted to speak at
conferences and I'd spoke at aconference in 2015 on web
application pen testing.
But I was really trying to findsubjects and things that I could
(22:48):
offer at conferences.
And then just presenting on howto become a pen tester and doing
workshops.
And so that gave me something tospeak on at conferences and
teach about.
Jason Nickola (23:01):
When you first started trying to branch out and
give talks and go to meetups andgive workshops and these kinds
of things, did you have a littlevoice in the back of your head
that said, you know, maybe youshouldn't do this or you know,
other people know more than youdo or things like imposter
syndrome or those kinds ofthings.
Is that something that you hadto work your way through?
Phillip Wylie (23:23):
That was definitely there.
And one of the things I had thathelped me when I was teaching,
because I would teach a lecturesometimes and you know you do
something for a while, some ofthe more elementary stuff may be
boring.
And when I was getting startedout teaching, I would think,
man, this is so boring.
I hope they're not bored.
I hope they're getting somethingout of it.
Right.
And every time or pretty closewithin that time, some student
(23:44):
would come up and say, thanks alot.
That was really, really cool.
Very interesting, I didn't knowthat.
And you know, thanks forteaching me this and then you
get feedback at the end.
So it kind of taught me, yeah, Ihad those voices.
But then one of the things, andI hear a lot of other people
that are hesitant to start, butI told them realize this area of
pen testing, there's not awhole, I mean, it's not a super
overpopulated field.
(24:10):
There's a lot of people tryingto learn it and just knowing
something that they don't know,you're able to offer them
something.
So yeah, it was tough and Istill see that and there's times
that I want to move into moreadvanced topics and then I feel
like I'm not qualified to do so,but I just always remember that
there's always someone thatdoesn't know that.
And so yeah, I definitely gothrough that.
(24:31):
And a lot of other people I knowdo that, but you just get out
there and do it.
Once you get out there and teachit, you'll get that feedback and
you'll realize that youdefinitely need to, because by
being quiet you're one lessvoice that can help these people
and everyone has a different wayto explain things.
You may take the same similarcourse two or three times and
(24:53):
then one person explains it thecertain way.
Jason Nickola (24:55):
Right.
So there are a couple of thingsthat I have to ask you about.
So I heard you wrestled a bear.
Phillip Wylie (24:55):
Yes.
Jason Nickola (24:55):
And I think I've seen a picture floating around
on social media of you and abear.
Phillip Wylie (24:55):
Yep.
Jason Nickola (24:55):
Can you tell us about the bear?
Phillip Wylie (25:46):
Yeah, that that came about because whenever I
was wrestling, I wrestled once aweek and wrestled for WCCW for a
while, they were all over theSouth.
But then the local Dallaswrestling, world-class
championship wrestling out ofDallas.
I was wrestling there Saturdaysfor the television taping so I
could make a living off themoney from wrestling, but while
(26:07):
I was still trying to build thatcareer I was working as a
bouncer downtown.
(26:36):
And so this nightclub onSundays, they would do special
events because Fridays andSaturdays they would have a band
in there, but Sundays wereusually slow.
So they decided to bring in thiswrestling bear.
And since I was a hometown guyand I worked at the nightclub
and a pro wrestler, they helpedmarket this event with one of my
wrestling promotional picturesand the bear's picture.
And it was open to everyone towrestle, but it was more like an
(27:00):
event to try to bring people in.
And so it was an interestingexperience because whenever I
wrestled the bear and the otherpeople when they went up to
wrestle him, they were juststanding straight up and this
bear would actually grab themand take their legs out from
under them.
So when it came my turn, I knewI needed to get down like in a
wrestling stance or a linemanstance and get my feet out and
get forward.
.
And so I was able to keep himfrom taking me down.
But it was an interestingexperience.
So I wrestled him twice thatnight and the second time I
wrestled him, he ended up bitingmy ring finger, but it wasn't
too hard and the trainer for thebear was saying, hold on, we'll
get your finger out.
And I'm thinking, I'm not goingto wait in case this bear
decides to bite my finger off.
But it was an interestingexperience.
.
Jason Nickola (27:08):
So what, what was more nerve wracking for you-
wrestling the bear or the firsttime you gave a talk at a
conference?
Phillip Wylie (27:11):
Probably first time speaking at conference.
Jason Nickola (27:12):
I don't know if that's doing any favors for
people listening and hoping tohear that it's not so bad, but
it gets better, right?
Phillip Wylie (27:57):
Yeah, it does.
And one of the things I wouldadvise anyone if you're wanting
to speak at conferences and thething that helped me, and I
wouldn't be able to do it if itwasn't for that, was
Toastmasters.
So when I decided I wanted tospeak at conferences, I was at
one of the local meetups.
They were opening up CFPs forBSides DFW that year, and the
(28:20):
person announcing the CFP saidthe best job I got in my career
was because I spoke atconferences and once I heard
that next week I was signed upin Toastmasters and went through
Toastmasters.
And so that helped overcome thefears.
(28:46):
Just with speaking, you'renervous sometimes, but people
don't really see what you feel.
That's one of the things thathelped me get over that, and
then everyone can relate becausegetting up and speaking
sometimes can be nerve wracking.
But Toastmasters helped meovercome that.
And then teaching and speakingat conferences and stuff helps.
So before I'd be terrified andthere's no way I would get up in
front of an audience, but now Idon't care what size audience,
(29:08):
I'll get up there.
Jason Nickola (29:09):
And audiences are much more forgiving than I think
we assume they are.
Phillip Wylie (29:09):
Yeah, definitely.
I saw a tweet recently, someonewas talking about speaking at
conferences and they say thepeople want you to succeed, they
don't want you to fail.
The people can understandbecause not everyone thinks they
can get up there and do that.
Jason Nickola (29:09):
And it's just like power lifting, you get
enough reps and eventuallyyou're pushing your max and
you're on to bigger and betterthings.
Phillip Wylie (29:25):
And with speaking, you just got gotta
realize you're better at it thanyou think you are.
A lot of it's you feel nervousand all this.
And it's funny to get feedback,like in Toastmasters no one
could tell I was nervous, but Iwas like sweating and nervous
and no one saw that.
And then just like atconferences and you get feedback
(29:46):
on yeah, you did a good jobpresenting or whatever speaking
and you're kind of surprised.
So people are always better thanwhat they think they are.
You're your hardest critic andyou gotta realize when you're
speaking at conferences, peopledon't want you to fail.
They're trying to getinformation.
And there's a lot of people thatwould like to be up there doing
the same thing.
Jason Nickola (30:04):
Absolutely.
So Phillip, you're working on abook, right?
Phillip Wylie (30:04):
Yes.
Jason Nickola (30:04):
Tell us about the book.
Phillip Wylie (30:04):
Yes.
This book is going to be aboutpen testing and it’s based on my
talk that I give at conferencescalled the pen tester blueprint,
and is basically telling peoplehow to become a pen tester.
There's lots of books out thereon pen testing, but you know as
well as I do someone wanting toget into a certain part of
security or pen testing, theydon't understand the
prerequisites.
So this is a way to show themwhat they need to know upfront
before they even start theeducational process for pen
testing and then goes to thedetails.
My vision of this book is forpeople that want to be a pen
tester and then for management,say you're a security manager
that's going to get pen testsdone and you're managing them
either through your own staff orare consultants that you have an
idea of the process just toeducate people on the overall
process.
Jason Nickola (30:26):
So this is your first book.
Phillip Wylie (30:30):
Yes.
Jason Nickola (30:31):
So you are an experienced cyber security
professional and penetrationtester, but are new to the book
writing scene.
Is this something that you'reworking with someone who's more
established?
Do you have anyone who that hasgone through the process that's
helping you through it andcoaching it?
Are you, or are you kind offiguring it out the way that you
did with computers in thebeginning?
Phillip Wylie (30:53):
Just kind of figuring it out.
Although I was in the tribe ofhackers red team book and I
mentioned it on LinkedIn and oneof the people that worked for
the publisher contacted me,asked me if I was interested in
a book and I've had this ideafor a while.
I just wasn't sure whatpublisher to use.
And I thought aboutself-publishing, but I liked
idea of being published throughsomeone because it seems to give
(31:13):
you a little more credibility.
And so they approached me aboutdoing a book and this was
perfect.
So I shared my idea.
They had me do a proposal and anoutline and they accepted it and
I signed a contract back inOctober and started on it.
So I'm just kinda doing it on myown, although they've got
editors working for me, I have atemplate I can use for the book.
(31:37):
And then if I have anyquestions, there's a team of
people helping me.
So they're going to review thebook and they'll make
recommendations of things to addor graphics and that type of
stuff.
So I've got help with it.
Whereas that's the nice thingabout doing it this way opposed
to self-publishing, you get thehelp.
But I've got the people from thepublisher because they want the
book to be successful too.
(31:58):
So they're going to do theirbest to help you.
So it's been an interestingprocess so far and I'm really
looking forward to getting thebook completed and out there.
Jason Nickola (32:10):
So, where can listeners find you and interact
with you if they're looking toget some more information or
just get in touch with you?
Phillip Wylie (32:16):
Twitter or LinkedIn are the best ways and
my Twitter is just Phillip withtwo L's, Wylie, that's a real
good place.
And I post a lot information onTwitter and LinkedIn and I'm
very active there.
So there's a lot of people thatwill hit me up there and on DMs
to ask questions.
So those are the best ways tocontact me.
(32:36):
Plus if you contact, you connectwith me on Twitter, you can find
some other good people to followas well.
Jason Nickola (32:39):
Perfect.
Well, Philip, thank you so muchfor your time.
It's been great chatting withyou a little bit.
I learned a lot and I'm lookingforward to the book and
everything else you have comingup in the future.
Phillip Wylie (32:39):
Thanks for including me in your first
podcast.
I enjoyed it.
Jason Nickola (32:40):
Awesome.
Well thanks everyone for tuningin.
We really appreciate it.
Hope you enjoyed it and we'llsee you next time.
This is“Trust Me, I'm Certified,” brought to you
by GIAC Certifications, apodcast exploring how to conquer
imposter syndrome.
I'm your host, Jason Nickola,and today we have Phillip Wylie
to talk about mentorship andteaching as a way of not only
learning the ropes, but alsobecoming a larger part of the
InfoSec community.
(00:27):
Hey, welcome to“Trust Me, I'mCertified.” Thanks a lot for
being here.
My name's Jason Nickola.
I'm your host and with us wehave Phillip Wylie.
Phillip is going to give us someinsight into his background as a
security professional and helpus dig into the importance of
mentorship and cybersecurity.
So with that, Phillip, thanks alot for being here.
Phillip Wylie (00:49):
Thanks for asking me to join you, Jason.
It’s an honor to be on yourfirst podcast.
Jason Nickola (00:52):
Yeah.
I've heard you called the ChuckNorris of InfoSec by others in
the past.
So I'm interested to dig intosome of the things that we're
going to cover here and yourbackground.
Phillip Wylie (01:01):
Okay.
Jason Nickola (01:02):
So let's start with your journey to InfoSec.
What was Phillip Wylie'sprofessional life like before
you started working intechnology as you’re kind of
trying to figure out what it isthat you want to do?
How did that look for you?
Phillip Wylie (01:17):
Yeah, so I’ll kind of give you the scenic
route.
I had an unusual path intoInfoSec.
When I was in high school, Ireally didn't know what I wanted
to do once I got out of highschool.
Some of my friends, since Icompeting in powerlifting and
lift weights, they said, you'rea big guy, why don't you go into
pro wrestling?
And I really hadn't thoughtabout that, that really sounds
kind of cool.
So I signed up for wrestlingschool.
(01:40):
I tried that for a few years.
I actually was doing televisedmatches and I got married and
decided to get out of it becauseI wasn't making enough money.
Jason Nickola (01:53):
Right.
Phillip Wylie (01:54):
As a wrestler and needed more stable careers.
So I kind of got out of that,worked in retail, a manual
labor, a lot of different typesof areas and nothing really
clicked, nothing I reallyenjoyed.
And one day I was watchingtelevision and saw a commercial
for a trade school and they hada computer assisted drafting
(02:15):
program.
So I went to school and learnedAutoCAD and became a draftsman.
And while I was working as adraftsman, I found out that I
had more of a natural abilityand knack for computers.
This was in’93,‘94 when I firstgot my first CAD job.
And before that I had noexposure to computers and from
(02:36):
working with them, people wouldhave problems, and I would
figure out how to fix thingsbecause back then, not a lot of
company had their own ITdepartments.
Jason Nickola (02:46):
Right.
Phillip Wylie (02:47):
And so that seemed a lot more interesting to
me.
And I was working for a companyand we had the consultant come
in and he was certified inNovell NetWare.
He was a CNE and they werebilling$50 an hour, which we
were making 15 bucks an hourwhere I worked, we were being
billed at$30 an hour.
(03:07):
So I'm thinking, this guy'smaking more money than I am.
I need to do what he's doing.
And it seems a lot moreinteresting.
So I taught myself how to buildcomputers.
And then I ended up taking aNovell NetWare network operating
system course, which lastedabout 90 days.
This was in‘97.
It was back when the dot comboom was really taking off.
So there's a lot of sysadminjobs.
(03:29):
So I got a job as a sysadmin.
I did that for a little over sixyears, moved into information
security.
First year and half I was doingnetwork security, working with
firewalls and intrusiondetection systems, and our
company got a new CISO and hehad more of a modern idea of the
(03:49):
way cybersecurity programs wererun.
And so he took us all of asudden, and the team did the
same exact thing.
So he split us up into differentfunctions.
And fortunately, I got movedinto AppSec, which really got me
interested in pen testingbecause I was using web
application vulnerabilityscanners.
I was starting to learn aboutpen tests.
(04:10):
And then in 2012, the company Iwas working for, they were
getting out of the mortgagebusiness and they said if they
couldn't sell the mortgagecompany, they were going to
close it down.
So fortunately I found a job inconsulting as a pen tester.
And so that's how I got my footin.
And out of all the things I'vedone in my career, it's been the
(04:30):
most enjoyable.
Coming up in March will makeeight years that I've been
working as a pen tester.
I've been in IT and cybersecurity for a little over 22
years.
This January made 16 years sinceI moved into InfoSec.
So it's been a really greatchange.
I've really enjoyed being anInfoSec from the beginning and
(04:51):
then getting into pen testing.
It's really kind of one of myhobbies.
I live and breathe this stuff,so I like it to share that with
other people.
So it's been a good fit for me,a really good career move.
Jason Nickola (05:04):
So that's such an interesting journey because as
you are going through yourdevelopment and building your
skills, you're almost doing itin tandem with the industry
overall and just the marketoverall deciding that hey, this
security stuff is something thatwe have to pay attention to.
So as you're building yourcareer, it's almost like there's
(05:27):
this platform ahead of you of acyber security industry that is
just ready to catch thatmotivation and that curiosity as
you're building those skills.
So it's a nice little match ofthe timelines there.
You got to develop your skillsearly on and then everything was
kind of laid out for you to tryto move into cybersecurity,
eventually into pen testing asthings are really coming into
(05:48):
their own as an industry.
Phillip Wylie (05:54):
Yeah, it was really fortunate because the
thing I was doing was what Iwanted to do.
And fortunately there were a lotof career opportunities and the
salary was good.
So that was really fortunate.
Jason Nickola (05:58):
So you mentioned learning about computers at the
office and you didn't have a tonof background or experience with
them before, but then you movedinto starting to build your own.
I'm just curious, what were someof the resources that you used
to be able to figure out thingslike that?
Because today in the modern daythat anything that you want is
right at your fingertips justwith a Google search away,
right.
But that hasn't always been thecase, especially for things that
were more technical or complex.
So where you kind of justhacking at it until you figured
it out or were there someresources or even people maybe
that that were really valuablein trying to get that stuff
figured out?
Phillip Wylie (06:45):
Actually where I was there back then, like you
said that there weren’t all theonline stores like there are now
to order components and stuff.
And fortunately the Dallas areahad a lot of stores that sold
computer components and one ofthe guys my wife used to work
with, she worked in healthcare,he had a side business doing IT,
computer repairs, and differenttechnology related services.
(07:09):
And he had shared with me theresources, places where he got
his parts from.
And so I went and got the partsand put it together and just
kind of followed what littledocumentation came with it.
And that's how I learned.
And it was a big learningexperience.
Just learning how to put acomputer together, how
(07:29):
everything works.
Because when you do that, noteverything works right the first
time.
So you get a littletroubleshooting experience from
that.
Jason Nickola (07:40):
Absolutely, yeah.
And little did you know backthen that, fast forward to your
life as a penetration tester andthere's an entire career in
trying to get things figured outand just sticking with it until
things bend the way that youwant them.
So I find, and I don't know ifyou echo this sentiment, but I
find that people who haveextensive backgrounds in
troubleshooting professionallyor even just in their personal
lives, it translates really,really well the cybersecurity
because a lot of what we'redoing, especially in the
offensive arts is just kind ofstabbing at stuff and trying to
figure things out until we canstart to make things click.
Especially when you're startingout with very little information
or poorly written instructionsor manuals, right?
Phillip Wylie (08:21):
Yeah, I agree.
And troubleshooting's big,that's one of the things people
overlook because when I wasworking one of my first sysadmin
jobs, the first couple of jobs Idid were just basically install
after install and I went to workfor this company and their
environment had just kind ofrapidly grown.
They had acquired a lot ofdifferent mortgage companies.
(08:41):
Stuff was constantly breakingand there were three of us that
were on call, we would trade oncall and it felt like you were
there all the time and I wasreally close to quitting.
But then I stopped and steppedback and look at the situation.
I had all this extensive installexperience and I could install a
network operating system in mysleep, build computers and all
that.
But the piece I was missing wasthe troubleshooting.
(09:04):
So I stuck it out and it was avery valuable experience.
Like you said, that's a neededskill for security, especially
offensive security.
Jason Nickola (09:15):
Sure.
We talked a little bit about thegrowth of the industry and we're
at a point now where people whoare just coming in can be cyber
specialists, right?
And so they haven't necessarilyhad the background of being an
sysadmin or a networkadministrator and maybe don't
have as much expertise introubleshooting and they're just
exclusively focused oncybersecurity.
You do a lot of mentoring andyou're in higher ed and you do a
(09:40):
lot of teaching in thecommunity, which we'll get into.
But do you see that as apotential issue in trying to
flesh out the skills of somenewer people to the industry
that some of the backgrounds innetworking and systems
administration and things likethat aren't necessarily there
and what can we do to try tofill more of that in?
Phillip Wylie (10:03):
Yes, I totally agree with that.
And one of the things peoplethat are wanting to get in need
to understand, you need to buildthat base.
And one way you can look at itis like a college degree.
You take certain classes forthis certain degree for a
reason, your reading, yourwriting, your communication
skills, as well as thetechnology, and from a pen
tester perspective, if you'rewanting to break into something,
if you know that technology andhow to secure that technology,
it makes it easier to breakinto.
So yeah, a lot of people aremissing the fundamentals and the
basics and it's not wasted timebecause as a pen tester you get
command line or a shell to asystem and you know Linux
command line or Windows commandline, you're going to get a lot
further than someone thatdoesn't have that experience for
sure.
Yeah, you could still get it,but you're going to be doing a
lot of Googling and a lot moretrial and error and it's going
to take you longer to do thattask than someone that had the
background
Jason Nickola (10:57):
For sure.
Phillip Wylie (10:59):
But I think people really need to look into
getting those basics.
And even if they go through someof the basic certs before you
move on into cyber security,understanding how operating the
systems work and understandinghow networks work.
And then getting into some entrylevel security stuff.
Jason Nickola (11:19):
Right.
So at what point did you firststart to notice a formal
industry and cybersecuritytraining and certification and
what's some of your backgroundwith the training courses and
certifications?
Phillip Wylie (11:32):
Seems like a lot of that started catching on I
guess 2008 or 2010.
The industry had been out therefor a while.
There was a few courses and thetraining I got security wise was
related to pen testing.
And I remember back then one ofthe first courses I took, back
when I was getting into securitywas Foundstone had their
(11:53):
ultimate hacking course, youknow Foundstone, the writers of
the hacking exposed books.
Jason Nickola (12:34):
Right.
Phillip Wylie (12:35):
So I went through some of that.
There wasn't a lot of- thetraining back then was more
vendor specific.
So if you wanted to getcheckpoint firewall certified,
there was stuff related to thatand so it was more vendor
specific.
Now I'm seeing more vendorneutral stuff like SANS and some
of these other courses that aremore vendor neutral, which I
think is a lot better way tolearn.
That way you're not learning howjust to use a product, you're
understanding firewall rules andhow to configure those.
Jason Nickola (12:37):
Right, absolutely.
So you are very focused on kindof giving back and training some
of the next crop ofcybersecurity professionals.
Talk for a minute about some ofyour experience with mentorship.
Is there someone when you werecoming up, you mentioned your
wife's coworker who kind of gotyou started in catalogs and
where to order computercomponents.
Is there someone who showed youthe way or maybe had a path that
(12:59):
you could follow as you startedto develop your skills and, and
how has that been for you inbecoming what you are now, which
is one of the more well-knownmentors in the cybersecurity
industry?
Phillip Wylie (13:18):
Yeah, the approach I took and really
actually wished I had taken moreadvantage of mentoring and
really didn't think about itmentoring back when I was
getting started out.
But fortunately I had a coworkerthat we worked on the same team
as sysadmins and when he movedinto the security team it got me
interested in security and hewould share information with me
and I started to do the samething before I got into really
(13:41):
mentoring.
I guess I was kind of mentoringat some point, I would talk to
people that were interested inbecoming pen testers and I would
share resources with them.
And you know, by having a mentoror someone that's been there,
done that, you can really filterout some of the resources that
are not good because there's alot of information out there and
it's not always coming from agood source.
(14:03):
So it's good to have that goodsource or mentor that can really
help there.
So my starting out as mentoringwas just sharing information
with people at local meetups.
And then some people were alittle long-term mentoring.
I have a good friend of minethat I knew from my CAD drafting
days when he was trying to getinto security from IT.
We reconnected and I'd kind ofmentored him over the years.
(14:24):
And now he's actually in pentesting but started out just
sharing information and then oneof the things about mentoring is
mentoring doesn't all come inone size because there's
sometimes people on Twitterthey'll do like a Mentor Monday.
So someone's looking formentors.
You can look out there for thathashtag.
And if I find someone that needshelp, I'll talk to anyone and
(14:45):
just see what level of help theyneed, if they need a lot of
help.
Maybe at the time I've got toomany people I'm mentoring, but a
lot of times it's just peopleneeding to be pointed in the
right direction, just someresources and a starting point.
I have a lot of people onLinkedIn and Twitter that'll
(15:06):
send me direct messages askingthat.
But going to the local meetupsis was one of the ways I like to
network with people andconferences to meet people that
I can help out.
And I like to do workshops atconferences and webinars and
things to teach.
So it’s a very enjoyable thing.
An interesting thing about thatis, before I got into running my
(15:28):
own meetup, I started the PwnSchool project, which is
educational based.
But before I started that inteaching, I would watch like a
hundred movies a year, at leasta hundred movies in the theater.
So I love movies.
And then I noticed afterstarting Pwn School in 2018 and
I had started teaching thatyear, I was looking at my own
(15:49):
movie list and I thought, I'mnot gonna make a hundred this
year.
But one thing is I noticed wasthat I was a lot happier from
it.
And what things I like to giveanyone, if your purpose in life
or things you're trying to do,if you do it with a good intent,
I believe that you're going toreap success because a lot of
things I've done, I don't teachto make money, but it brings me
(16:10):
happiness.
But you know, I really haven'texperienced other activities.
Jason Nickola (16:13):
Right.
Yeah.
I can absolutely echo that.
One of the best pieces of adviceI ever got was to just focus on
doing the right thing and givingback and trying to bring as many
people along for the ride andimprove kind of the station of
as many people as you can andsuccess and happiness will kind
of take care of themselves.
And that is certainly been myexperience with it.
And it sounds like you're kindof in the same boat.
Phillip Wylie (16:38):
Yes.
And one of the things I'venoticed too is that things have
shifted because back when I wasgetting started in IT back in
’97, there were a lot of peoplethat didn't want to share
information because it was theirjob security.
They wanted to keep that edgeand so they didn't really share.
But I'm finding more and morepeople are opening up to it and
then leading as an example, somepeople see you helping out in
(16:58):
the community and inspires themto do the same thing.
Jason Nickola (17:50):
Sure.
Yeah.
Especially where somebodyvolunteers their time and maybe
they give a talk at a conferenceor they go to a workshop and
they teach somebody TCP/IP orsomething like that, share a
little bit of their story asyou've done here.
And I find that it can be soimportant for people going
through the process just to hearfrom and see and interact with
other people who have gonethrough the same kind of thing
(18:12):
and been very successful indoing that.
So when you’re trying to learnsomething complicated and not
quite getting it or looking forthat break, or kind of looking
for a shoulder to lean on to tryto discuss what some of the
troubles are, when you hear fromsomeone that looks like you or
sounds like you or comes fromwhere you came from, doing the
things that you want to bedoing, it's really motivating.
It can help you move throughsome of those difficulties and
getting started because there'sa lot and that's complicated
stuff.
And if you don't take time tonetwork and establish a
community and find a mentor,then it can be really difficult
to work your way through it.
Phillip Wylie (18:14):
Yeah, I agree.
And as far as the mentor goestoo, it's really cool when you
have these stories from peoplethat you helped out at one time.
And that's the reason I reallyencourage mentoring because you
don't understand sometimes thelittlest thing and how much it
means to someone, because I'vehad people come up back from my
CAD drafting days.
There was a guy that I workedwith that he ran blueprints and
did general office stuff andshowed him a little bit about
(18:37):
AutoCAD.
And he became a CAD draftsmanand later moved on to IT and we
met for dinner one night.
He reconnected and said, Iwanted to thank you for what you
did to help me, it changed mylife.
And it really wasn't a lot thatI did, but it meant a lot to him
and helped him.
So when you start getting thatfeedback, it motivates you to do
more.
Because I mean, I'm apowerlifter and I've helped some
of the first mentoring Iprobably did was coach people
(19:00):
and help them with routines.
But the thing I find mostrewarding about stuff career
wise is you're helping someoneput 20 pounds on their bench
press, after a year or two,that's not gonna mean so much.
But when you help someoneadvance their career, learn
something, that's a lifetimething or building block to the
bigger things for them.
Jason Nickola (19:22):
Absolutely.
Yeah.
So you've done a fair amount ofmentoring at this point and I'm
sure that you've seen even someof your mentees move on to have
some success in the field andbecome mentors themselves.
What are some of the things thatyou would recommend for someone
who thinks, I have a little bitof skills and I have some
knowledge and I have aninteresting path and experience
(19:44):
that I'd like to share withother people.
How do you get started being amentor?
Phillip Wylie (19:50):
I think attending different local meetup groups,
conferences or even socialmedia, cause a lot of times
people underestimate themselvesbecause, okay, say if you're on
help desk or maybe you're asystem administrator, you got
someone just trying to get intoit that doesn't understand and
you have a lot that you canoffer.
Even if you're just knowentering into a help desk,
there's things and experiencesyou can share with them that
(20:13):
will take them years toexperience.
So I think a lot of times peopleunderestimate themselves.
Try to help out.
You know, if someone needs help,offer your advice and a lot of
cases you're gonna find peopleyou can help.
If this particular person youcan do only so much for, there's
some people that you can domore, but just as you get
(20:33):
started with it and if youreally like mentoring, the word
gets out because people willrecommend you, but yeah, just
interacting with people.
If you're going to collegesomewhere, if you've got someone
in your class that's not gettingit, help them out.
(20:54):
Because I remember when I wasgoing through CAD school, I had
a hard time with the computerside of it and it ended up being
the part that worked the bestfor me.
It's just once people learn andget that experience then they
can advance from there.
But yeah, definitely just thedifferent social events and
through social media.
The thing too is once you mentorthese people, then they're
(21:15):
coming back with tools andarticles and stuff that help
you.
You've got the same interests.
They're building experience andas they're learning stuff, and
especially when people are new,they're doing a lot more
research and studying thanprobably the average person.
So they run across stuff thatyou may not.
So it's kind of a way to havepeople almost researching for
you, you know?
Jason Nickola (21:38):
Yeah, it definitely works both ways.
And I find that you mentionedpeople wondering whether or not
they have the knowledge orskills to really translate that
to anybody else.
Like what do I have to offer issomething that I hear a lot.
But everybody has something thatthey can teach others.
And not only that for you tolearn a subject enough to be
able to teach it to someone elseso that they can use it and
practically apply it is areally, really important part of
the learning process foryourself.
Right?
So teaching it is kind of thenext step of learning it, right?
So you learn it, you teach it,and that is so important in the
trajectory of anybody who wantsto become really well-crafted in
their field I think.
Phillip Wylie (22:28):
Yeah.
Totally agree.
To be able to teach someone howto do things, you go back
revisit tools or something youhaven't used in a while and
maybe you research a little bitmore to see some of the
functionalities.
So yeah, definitely teaching forme was I wanted to speak at
conferences and I'd spoke at aconference in 2015 on web
application pen testing.
But I was really trying to findsubjects and things that I could
(22:48):
offer at conferences.
And then just presenting on howto become a pen tester and doing
workshops.
And so that gave me something tospeak on at conferences and
teach about.
Jason Nickola (23:01):
When you first started trying to branch out and
give talks and go to meetups andgive workshops and these kinds
of things, did you have a littlevoice in the back of your head
that said, you know, maybe youshouldn't do this or you know,
other people know more than youdo or things like imposter
syndrome or those kinds ofthings.
Is that something that you hadto work your way through?
Phillip Wylie (23:23):
That was definitely there.
And one of the things I had thathelped me when I was teaching,
because I would teach a lecturesometimes and you know you do
something for a while, some ofthe more elementary stuff may be
boring.
And when I was getting startedout teaching, I would think,
man, this is so boring.
I hope they're not bored.
I hope they're getting somethingout of it.
Right.
And every time or pretty closewithin that time, some student
(23:44):
would come up and say, thanks alot.
That was really, really cool.
Very interesting, I didn't knowthat.
And you know, thanks forteaching me this and then you
get feedback at the end.
So it kind of taught me, yeah, Ihad those voices.
But then one of the things, andI hear a lot of other people
that are hesitant to start, butI told them realize this area of
pen testing, there's not awhole, I mean, it's not a super
overpopulated field.
(24:10):
There's a lot of people tryingto learn it and just knowing
something that they don't know,you're able to offer them
something.
So yeah, it was tough and Istill see that and there's times
that I want to move into moreadvanced topics and then I feel
like I'm not qualified to do so,but I just always remember that
there's always someone thatdoesn't know that.
And so yeah, I definitely gothrough that.
(24:31):
And a lot of other people I knowdo that, but you just get out
there and do it.
Once you get out there and teachit, you'll get that feedback and
you'll realize that youdefinitely need to, because by
being quiet you're one lessvoice that can help these people
and everyone has a different wayto explain things.
You may take the same similarcourse two or three times and
(24:53):
then one person explains it thecertain way.
Jason Nickola (24:55):
Right.
So there are a couple of thingsthat I have to ask you about.
So I heard you wrestled a bear.
Phillip Wylie (24:55):
Yes.
Jason Nickola (24:55):
And I think I've seen a picture floating around
on social media of you and abear.
Phillip Wylie (24:55):
Yep.
Jason Nickola (24:55):
Can you tell us about the bear?
Phillip Wylie (25:46):
Yeah, that that came about because whenever I
was wrestling, I wrestled once aweek and wrestled for WCCW for a
while, they were all over theSouth.
But then the local Dallaswrestling, world-class
championship wrestling out ofDallas.
I was wrestling there Saturdaysfor the television taping so I
could make a living off themoney from wrestling, but while
(26:07):
I was still trying to build thatcareer I was working as a
bouncer downtown.
(26:36):
And so this nightclub onSundays, they would do special
events because Fridays andSaturdays they would have a band
in there, but Sundays wereusually slow.
So they decided to bring in thiswrestling bear.
And since I was a hometown guyand I worked at the nightclub
and a pro wrestler, they helpedmarket this event with one of my
wrestling promotional picturesand the bear's picture.
And it was open to everyone towrestle, but it was more like an
(27:00):
event to try to bring people in.
And so it was an interestingexperience because whenever I
wrestled the bear and the otherpeople when they went up to
wrestle him, they were juststanding straight up and this
bear would actually grab themand take their legs out from
under them.
So when it came my turn, I knewI needed to get down like in a
wrestling stance or a linemanstance and get my feet out and
get forward.
.
And so I was able to keep himfrom taking me down.
But it was an interestingexperience.
So I wrestled him twice thatnight and the second time I
wrestled him, he ended up bitingmy ring finger, but it wasn't
too hard and the trainer for thebear was saying, hold on, we'll
get your finger out.
And I'm thinking, I'm not goingto wait in case this bear
decides to bite my finger off.
But it was an interestingexperience.
.
Jason Nickola (27:08):
So what, what was more nerve wracking for you-
wrestling the bear or the firsttime you gave a talk at a
conference?
Phillip Wylie (27:11):
Probably first time speaking at conference.
Jason Nickola (27:12):
I don't know if that's doing any favors for
people listening and hoping tohear that it's not so bad, but
it gets better, right?
Phillip Wylie (27:57):
Yeah, it does.
And one of the things I wouldadvise anyone if you're wanting
to speak at conferences and thething that helped me, and I
wouldn't be able to do it if itwasn't for that, was
Toastmasters.
So when I decided I wanted tospeak at conferences, I was at
one of the local meetups.
They were opening up CFPs forBSides DFW that year, and the
(28:20):
person announcing the CFP saidthe best job I got in my career
was because I spoke atconferences and once I heard
that next week I was signed upin Toastmasters and went through
Toastmasters.
And so that helped overcome thefears.
(28:46):
Just with speaking, you'renervous sometimes, but people
don't really see what you feel.
That's one of the things thathelped me get over that, and
then everyone can relate becausegetting up and speaking
sometimes can be nerve wracking.
But Toastmasters helped meovercome that.
And then teaching and speakingat conferences and stuff helps.
So before I'd be terrified andthere's no way I would get up in
front of an audience, but now Idon't care what size audience,
(29:08):
I'll get up there.
Jason Nickola (29:09):
And audiences are much more forgiving than I think
we assume they are.
Phillip Wylie (29:09):
Yeah, definitely.
I saw a tweet recently, someonewas talking about speaking at
conferences and they say thepeople want you to succeed, they
don't want you to fail.
The people can understandbecause not everyone thinks they
can get up there and do that.
Jason Nickola (29:09):
And it's just like power lifting, you get
enough reps and eventuallyyou're pushing your max and
you're on to bigger and betterthings.
Phillip Wylie (29:25):
And with speaking, you just got gotta
realize you're better at it thanyou think you are.
A lot of it's you feel nervousand all this.
And it's funny to get feedback,like in Toastmasters no one
could tell I was nervous, but Iwas like sweating and nervous
and no one saw that.
And then just like atconferences and you get feedback
(29:46):
on yeah, you did a good jobpresenting or whatever speaking
and you're kind of surprised.
So people are always better thanwhat they think they are.
You're your hardest critic andyou gotta realize when you're
speaking at conferences, peopledon't want you to fail.
They're trying to getinformation.
And there's a lot of people thatwould like to be up there doing
the same thing.
Jason Nickola (30:04):
Absolutely.
So Phillip, you're working on abook, right?
Phillip Wylie (30:04):
Yes.
Jason Nickola (30:04):
Tell us about the book.
Phillip Wylie (30:04):
Yes.
This book is going to be aboutpen testing and it’s based on my
talk that I give at conferencescalled the pen tester blueprint,
and is basically telling peoplehow to become a pen tester.
There's lots of books out thereon pen testing, but you know as
well as I do someone wanting toget into a certain part of
security or pen testing, theydon't understand the
prerequisites.
So this is a way to show themwhat they need to know upfront
before they even start theeducational process for pen
testing and then goes to thedetails.
My vision of this book is forpeople that want to be a pen
tester and then for management,say you're a security manager
that's going to get pen testsdone and you're managing them
either through your own staff orare consultants that you have an
idea of the process just toeducate people on the overall
process.
Jason Nickola (30:26):
So this is your first book.
Phillip Wylie (30:30):
Yes.
Jason Nickola (30:31):
So you are an experienced cyber security
professional and penetrationtester, but are new to the book
writing scene.
Is this something that you'reworking with someone who's more
established?
Do you have anyone who that hasgone through the process that's
helping you through it andcoaching it?
Are you, or are you kind offiguring it out the way that you
did with computers in thebeginning?
Phillip Wylie (30:53):
Just kind of figuring it out.
Although I was in the tribe ofhackers red team book and I
mentioned it on LinkedIn and oneof the people that worked for
the publisher contacted me,asked me if I was interested in
a book and I've had this ideafor a while.
I just wasn't sure whatpublisher to use.
And I thought aboutself-publishing, but I liked
idea of being published throughsomeone because it seems to give
(31:13):
you a little more credibility.
And so they approached me aboutdoing a book and this was
perfect.
So I shared my idea.
They had me do a proposal and anoutline and they accepted it and
I signed a contract back inOctober and started on it.
So I'm just kinda doing it on myown, although they've got
editors working for me, I have atemplate I can use for the book.
(31:37):
And then if I have anyquestions, there's a team of
people helping me.
So they're going to review thebook and they'll make
recommendations of things to addor graphics and that type of
stuff.
So I've got help with it.
Whereas that's the nice thingabout doing it this way opposed
to self-publishing, you get thehelp.
But I've got the people from thepublisher because they want the
book to be successful too.
(31:58):
So they're going to do theirbest to help you.
So it's been an interestingprocess so far and I'm really
looking forward to getting thebook completed and out there.
Jason Nickola (32:10):
So, where can listeners find you and interact
with you if they're looking toget some more information or
just get in touch with you?
Phillip Wylie (32:16):
Twitter or LinkedIn are the best ways and
my Twitter is just Phillip withtwo L's, Wylie, that's a real
good place.
And I post a lot information onTwitter and LinkedIn and I'm
very active there.
So there's a lot of people thatwill hit me up there and on DMs
to ask questions.
So those are the best ways tocontact me.
(32:36):
Plus if you contact, you connectwith me on Twitter, you can find
some other good people to followas well.
Jason Nickola (32:39):
Perfect.
Well, Philip, thank you so muchfor your time.
It's been great chatting withyou a little bit.
I learned a lot and I'm lookingforward to the book and
everything else you have comingup in the future.
Phillip Wylie (32:39):
Thanks for including me in your first
podcast.
I enjoyed it.
Jason Nickola (32:40):
Awesome.
Well thanks everyone for tuningin.
We really appreciate it.
Hope you enjoyed it and we'llsee you next time.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com