July 7, 2025 • 30 mins
Episode Overview
Join host Phillip Wylie as he interviews Matt Brown, a cybersecurity professional, hardware hacker, and successful YouTuber who has grown from zero to over 100,000 subscribers in just two years. This episode dives deep into hardware security, IoT penetration testing, content creation strategies, and the future of cybersecurity careers in the age of AI.
Guest Bio
Matt Brown is a cybersecurity professional specializing in hardware hacking and IoT security. He's the creator of a popular YouTube channel focused on unedited, real-time hardware hacking tutorials. Matt has experience in offensive security, bug bounty hunting, and has won multiple live hacking events, including competitions hosted by Amazon. He holds degrees in IT and computer engineering with a focus on information assurance.
Key Topics Covered
Hardware Security & IoT Hacking
- Getting started in hardware hacking without expensive equipment
- Essential tools and techniques for IoT penetration testing
- Microcontroller vs. Linux-based device security
- Hardware security conference insights from Hardwear.io USA
- The growing demand for hardware security professionals
Content Creation Success
- How Matt grew from 0 to 100K+ YouTube subscribers in 2 years
- The power of unedited, mistake-inclusive content
- Equipment setup for hardware hacking videos
- Monetization through bug bounty opportunities
- Building authentic connections with technical audiences
Career Development
- Breaking into offensive security and penetration testing
- The value of diverse technical backgrounds (sysadmin, development, blue team)
- Academic vs. self-taught paths in cybersecurity
- Why communication skills are crucial for pen testers
- Job market opportunities in hardware security
AI and the Future of Cybersecurity
- How AI tools can enhance rather than replace security professionals
- Using AI for reconnaissance and information gathering
- The importance of critical thinking when using AI tools
- Career advice for staying relevant in an AI-driven world
Hacker Origin Story
Matt's journey began in junior high with an electronics and soldering class - an opportunity he notes many people don't have today. His first real introduction to hacking came through a YouTube video demonstrating WEP cracking using a bootable Linux CD. This experience of seeing his home network's Wi-Fi password decrypted sparked his passion for cybersecurity.
Connect with Matt Brown
- YouTube Channel: https://www.youtube.com/ @mattbrwn
- LinkedIn: https://www.linkedin.com/in/mattbrwn/
- Website: https://brownfinesecurity.com/
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
I was, I was doing somereconnaissance on a certain company
and trying to be like, arethey releasing any new IoT devices?
And basically the search toolcame back and said, nope, nothing,
nothing from this year.
And I was like, wait a minute,I don't think that's true.
And I was able to go throughto the FCC website and do a little
bit dig and dig a littledeeper and find out that they have
(00:20):
reported to the FCC thatthere's some new, new, new devices
under development.
And so there's little thingslike that where again, you can be
a creator, you can use it tocreate or you can consume it and
just assum it knows all.
Welcome to the Philip Wiley Show.
Take a look behind the curtainof professional hacking and hear
(00:42):
compelling discussions withguests from diverse backgrounds who
share a common curiosity andpassion for challenges and their
job.
And now here's your host,offensive security professional educator,
mentor and authority, Philip Wiley.
(01:06):
Hello and welcome to anotherepisode of the Philip Wiley Show.
Today, I'm excited to haveMatt Brown joining.
This is going to be especiallyfun for me because not only does
Matt work in cybersecurity,Matt is also a YouTuber and content
creator, which is one of thethings that I really enjoy geeking
out on.
It's kind of funny.
One of a good friend of mine,Arfal, that founded Dallas Hackers,
(01:29):
lunch last week, last Friday.
And one of the things we'retalking about, our interests span
more than just cybersecurity.
You know, some of the peoplethat either have been into cybersecurity
that long or that's their onlypassion and focus, that's all they
talk about.
And so sometimes it's not asmuch fun as when you've got people
around that have multipleinterests and you can discuss those
(01:49):
things.
And cybersecurity I get totalk about so much.
But the content creation isnot as frequent and common.
So it's always good to havesomeone that works in that area and
hopefully I can pick up sometips and tricks from you.
Welcome to the show, Matt.
Well, thank you.
Thank you for you for havingme on.
And excited to have this discussion.
Yeah, it's great to have you.
And before we started off, forthe, for the viewers, those that
(02:13):
are just listening only, youmay want to check out the YouTube
video because Matt's got apretty cool lab there in the background.
He's got all the hardware,hacking equipment.
It's really cool the way he'sgot his camera set up to look down
his workbench so he can, youknow, record or view whatever he's
working on at the time.
So that's pretty cool.
It's kind of interesting thekind of setup that you have to do
(02:33):
for the kind of contentcreation you do.
Yeah.
So like we were talking aboutbeforehand, I've taken a lot of hints,
a lot of setup advice actually.
There's a vibrant laptopmotherboard level repair community
on YouTube and some of theirmicroscope camera choices, I've modeled
after them so it's don't haveto create that all on my own.
(02:54):
Yeah, I'm sure that was took alittle more research and be able
to find the right placebecause, you know, most content creators
aren't doing anything whereyou have to actually see it.
Unless maybe someone that'sinto lock picking.
Then it wasn't be asspecialized in.
But you still have the camerapointing down at the locks or whatever
you're working on instead ofjust at yourself or just sharing
(03:14):
a screen.
Yeah, I've definitely evolvedmy camera setup over time, but I
think one of the things myviewers really like is seeing things
up close under a microscopeand having a camera and a microscope
set up where I can use twoeyeballs and have a, have a camera
attached.
There are some microscopeswhere you have to flip something
and you become, you become acyclops and you can only see out
(03:36):
of one eye and the cameratakes up the other, the, the other
spot.
But yeah, so, so this one, itcan do all that at the same time.
And I can do micro solderingwork taking apart IoT devices and
stuff like that at a reallyclose level, which.
Is fun, very cool.
And so it was kind ofinteresting that we finally got to
meet in person.
So Matt and I got tomeet@hardware IO USA.
(03:59):
It's a hardware securityconference and they also had some
training, a really cool training.
I was really impressed to seethat Joe grand was teaching training
there and looked like itlooked like some really good training.
I wished I'd known a littlebit more, knew about it ahead of
time that I could havepossibly tried to sign up for some
of the training because Idon't know anything about the hardware
side and could really use to,to learn that.
(04:20):
Yeah, the trainers there arereally what I would consider the
top, top professionals intheir specific niche.
Right.
So at the conference you havepeople who are interested in all
areas of hardware security,but within that, that niche there's
a bunch of these micro nicheswhere it could be, you know, somebody's
the expert on Bluetoothhacking software defined radio fault
(04:43):
injection was the class that Itook So I got to take that from Thomas
Roth, who was a really good instructor.
So yeah, a lot of world classtalent and teaching going on there.
Very cool.
So before we get too far intothe conversation, always have my
guests share their hackerorigin stories, kind of how they
got started and their story upto where they are today.
Yeah, so mine started.
(05:05):
I feel like I talked to a lotof people that have a similar story
that, you know, they justliked tinkering with electronics
and computers when they were a kid.
I actually had an incredible opportunity.
I feel like people don't havethis opportunity.
In junior high we actually hadan electronics and soldering class
where I got to learn to solderfor the first time.
(05:26):
And so I've always just beeninterested in taking apart stuff,
seeing how it works.
And my first introduction tohacking was watching a YouTube video.
Funny enough, all comes fullcircle with the content creation.
Watching a YouTube video oncracking WEP.
WEP, which as we all in theindustry know, is very vulnerable
wireless protocol, even backback then.
(05:47):
So I remember it was so cool.
I, you know, installed Linuxon a bootable cd, not, not a USB
stick, but a CD that was abootable Linux distro and running
a few commands that I, that Icopied from the YouTube video.
And just that experience ofgetting to see the WI FI password
of my home network come backand for IT to be able to decrypt
(06:07):
that was.
Was pretty eye opening for me.
And it kind of led me tocontinue in my journey of learning.
And so I did that in college.
I kind of did an IT degree inmy under and then in my grad school
I did, you know, computerengineering slash information assurance.
So kind of a cybersecurityfocused degree.
And from that point on I'veentered industry and gotten a chance
(06:31):
to do a lot of offensivesecurity, whether it was in more
of a consulting role or as aninternal IoT pen tester.
Very cool.
And so what I was, we weretalking earlier you mentioned how
you used to be involved in IoTVillage, so that.
That's pretty cool.
Yeah.
And actually so, so that was afun story.
So I worked with the IoTvillage folks for a little bit and
(06:53):
got to host the Village, whichwas fun because actually my first
time to DEFCON, I went andcompeted in the IoT Village CTF and
actually placed second in thatwhen I was competing by myself my
first time at DEF con.
So that was, that was a kindof fun experience and a fun introduction
to DEF CON as a whole.
The conference, butspecifically the Villages, which
is where you'll find me ifyou're at DEF con is definitely hanging
(07:19):
out in one of the manyvillages because I feel like those
are the spaces you get tointeract with people more one on
one instead of feeling likeyou're cattle that's just being herded
places.
The DEF CON success is great,but there's just a lot to do there.
Yeah.
So before you got into thehardware hacking, did you start out
the traditional pen testingand hacking route?
(07:40):
Yeah, so I definitely startedin more of a traditional kind of
like IT infrastructure.
I actually, you know, held IT jobs.
I've kind of held all sorts ofjobs around the tech space.
I've, I've done some dev work,I've done some system administration
and, and then also some moreblue team type roles, whether it's
(08:01):
part time while I was incollege or in the workforce.
And so those experiences haveall given me this other perspective
when I am doing pen testingand kind of lets me psychoanalyze
the other side a little bitand be like, if was a developer,
if I was a system admin, howwould I make mistakes?
What, what shortcuts would I make?
(08:21):
And then I try to exploit those.
Obviously being on theoffensive side, I.
Would think with thatbackground too makes sharing the
remediation steps a little bitbetter than just, you know, folks
that don't have that background.
Yeah, I, I, I tell people thisall the time.
If you, if you can communicateclearly and you can, you know, do
the technical work of whetherit's pen testing, you will go, you
(08:43):
will go so far in thisindustry because that is, it's almost
more important than thetechnical findings of a pen test.
Right.
Is being able to communicatethem and being able to give practical
recommendations or giverecommendations on how to completely
remediate the vulnerability.
But if you can't do that, howto defend or detect against that
(09:05):
vulnerability and if you'vehad that experience on the blue team
side or sysadmin side, youhave a lot better handle on.
And I'm sure with having thatsysadmin experience makes things
a little bit easier.
If you get a shell to a system opposed.
If you just purely came injust learning the offensive side.
Yeah, yeah, you, you know,where, yeah, where, where, where,
where they're likely to makeshortcuts and mistakes and, and all
(09:27):
these things that are, yeah,if you, if you just came purely from
the offense side you, youmight, you might try some way more
technically challenging way ofexploiting a system than the easier
routes.
Yeah.
So for someone that wanted toget into offensive security, what
would you recommend education wise?
Ooh, that is such a tricky question.
So obviously I went theacademic route, right.
(09:49):
I got an undergrad degree andthen I got a master's degree and
I personally enjoyed thatexperience and it was a good experience
for me.
But I meet so many people inthis industry that have none of that
and they're very proficient inwhat they do technically and in their
career advancement.
Obviously getting in the doorin an entry level role is going to
(10:11):
be a little bit more of achallenge if you don't have that
academic background.
But I would say not to be likewatch my YouTube channel.
But there's so many goodcontent creators out there that are
giving away top world talentlevel advice and teaching for free.
We were talking earlier, youcan go watch Nahamsek in his videos
(10:34):
and he's a world class bugbounty hunter and he just for free
gives away advice on how hefinds vulnerabilities, his methodology
and things like that.
And of course there's also,you know, training courses by those
same people that are very cheap.
Right.
Compared to that formalacademic degree.
So I would say if you aresuccessful in the academic world,
(10:58):
I still think there's value in that.
And especially having a courseset like computer science.
Right.
If you really understand thefundamentals of how computers work
and you're a good programmer,that is going to make you an excellent
security researcher oroffensive like, like a, in a, in
a pen testing role.
But I don't think it's necessary.
I think you need to be a selfstarter and you need to just go dig
(11:20):
into some labs, find sometargets and get hacking.
And you learn by doing it moreso than learning about hacking.
Yeah, I think sometimes thatthe academic side gets downplayed
too much, although it's notthe only way to go.
But one of the things I wouldsay is if you're, if you're not really
self disciplined and you kindof lack structure, sometimes the
(11:42):
structure of a college oruniversity can help you.
Maybe there's things that youdon't realize that you need to learn
like you know, it baseddegrees or computer science or even
cybersecurity degrees orsoftware development courses.
There's a lot of basics thatpeople gain there that they may not
otherwise know about unlessthey really thoroughly do their research
(12:04):
on what they need to learn tobuild that base knowledge before
they get into the actualsecurity piece or the hacking piece
of offensive security.
Absolutely.
In my time, so I went to IowaState University for both my undergrad
and my graduate degree One ofthe really cool, there's a lot of,
a lot of things I liked about it.
One of the really cool thingsthey had was a student group that
(12:26):
was, it was like a club, right?
It's a bunch of other likeminded people that are interested
in hacking and security andthings like that.
And they would just meet andgive talks and they would collaborate
on projects.
And then they also hostedthese cyber defense competitions
where they would give you aset of VMs that were chocked full
of vulnerabilities and giveyou like a month to secure those.
(12:47):
And then they brought inprofessional pen testers on the weekend
who just wanted to go, youknow, wreck these kids systems for
eight hours on a Saturday and,and really give them a real world
experience of what it's likehaving, you know, a professional
hacker come at their systemsand try to defend them.
And then there's a debriefwhere they get to learn all of the
(13:08):
hacking tools that were usedagainst their systems.
So I learned so much in thoseexperiences and getting to talk to
these people who are workingin the industry.
So that was one of the coolthings that a lot of these colleges
are doing nowadays.
They're giving a lot of handson experiences.
But like you said too, there'sthe background, right?
There's, there's like everyday where I don't have one of those
(13:30):
critical skills, I'm having tokind of backfill it.
So I always feel this wayabout electrical engineering.
I went more the software routein college and I'm always trying
to backfill some of thisfundamental electrical engineering
knowledge doing hardware hacking.
And I'm like, man, if I wouldhave just taken that one course in
college, like I would, I wouldhave this background.
So you sometimes don't knowthat you need it until way later
(13:52):
on in your career.
Yeah.
So kind of speaking of thehardware hacking and hardware security,
for someone that wants to getinto that, how would you recommend
they train themselves?
I mean, because that's just asnot as obvious as all the web app
pen testing courses you findout there.
All the network pen testingcloud, you name it.
You know, that doesn't seem aseasy to find and maybe you'd really
(14:13):
need to know those resourcesto know what would be a good resource.
Yeah, I, yeah, I agree with that.
And that's what, that'sprobably a, that's a big question.
I get on my YouTube channeland in my Discord server, a lot of
people are wanting to get intohardware hacking and especially,
especially if they watch avideo like mine, they're like, oh,
you have like all thisexpensive top tier equipment back
(14:34):
here behind me.
And if, if you see that as theonly image then you're like, I can't,
I can't aff that I can't getinto it.
And so what I always encouragepeople to do is to find a simple
target to hack on.
Like maybe you just go toGoodwill or another thrift store
and you find some old WI firouter and then you start taking
(14:55):
it apart and you start tryingto learn more about that system,
that device.
And then only when youencounter a problem that you need
a tool to solve, then you andgo and acquire that tool and you
kind of do it bit by bit like that.
And you don't need to buy themost expensive tools at first.
There are lots of cheapoptions for tooling.
But the way I learned is thatthat's, that's kind of how I learned.
(15:17):
And there, then there's someblogs out there where people will
write up, you know, hey, thisis how I took apart this device and
I found this vulnerability orI dumped the firmware and you can
just go try to replicate.
So, so the first thing I wouldsuggest to people is find some, something
cool that you saw, whetherit's in a YouTube video or a blog,
and just try to replicate whatthey did.
(15:38):
And that will give you a lotof hands on experience with the tooling
and hands on soldering that,that you might need to do.
Very cool.
So are there any kind of kitsthat anyone can buy to learn hardware
hacking?
Ooh, there, there are somekits out there.
I, that's, that's generallynot the way I go, but there is are
some from a company calledAddify and they've got a bunch of
(16:03):
supplies and some targetsinvolved in that.
The thing about hardwarehacking, that's hard and I kind of
alluded to this in thedifferent niches that are within
that hardware, like at theconference that were within the hardware
security conference, there'smany different kinds of targets.
So for example, I focus mostlyon Linux based IoT devices and those,
(16:25):
the tooling that you use toattack those is of a certain type
of.
And then what I'm trying toget more into is attacking microcontrollers
which are a completelydifferent architecture, require a
different set of tools to go after.
So yeah, so that's why mysuggestion is usually find the thing
you want to hack on and thenfind a guide that's going to walk
(16:47):
you through that step by stepand try to replicate it before you
and a kit might provide that,but I find the self kind of exploration
approach is usually best.
And so one of the things Idefinitely wanted to discuss too,
since you've, you know, you'rea content creator, you have a YouTube
channel, and I just wanted toget into that a little bit with you
and kind of discuss thatexperience with you.
(17:08):
Yeah.
So I started the YouTubechannel a couple years ago, and my
goal for it, I was like, thisYouTube channel will be successful
if over my lifetime I hit like10,000 subscribers.
That it very quickly, youknow, showed me that, wow, there's
more potential than I wasthought in this space.
And so.
But my, My philosophy for theYouTube channel, which is very different
(17:32):
from other people's style ofcontent, is for the most part, it
is unedited.
I'm not.
Not carefully editing togethermy video.
I. I hit record over here onmy computer, and I have, you know,
a couple cameras that I canswitch between.
Right.
So I have, I have this camera here.
I can, I can screen share mycompute, my computer screen if we're,
if we're doing something with software.
(17:53):
But then I also have the deskcam and the microscope camera.
I think people want, like, alot of the feedback, the positive
feedback that I got was that Iwould show people my mistakes.
Right.
I would, I would encounter amistake, I would make a mistake,
and then I would correct it.
And that was something thatwas a little bit more real life for
people, and that resonatedwith folks.
(18:14):
Yeah.
So.
So how many subscribers areyou up to?
Cause you tried.
You talk about wanting to hitthe 10,000 mark.
Yeah, I, I recently, you know,I, I like, I got my plaque.
So I've gone over the 100,000mark, and I think I'm sitting at
166 or 167k right now.
(18:34):
Yeah.
Wild ride.
It's been.
Congratulations.
That's pretty awesome.
Two years, right?
Yeah, yeah.
I was setting my goals for2025 back in November, December,
and I was like, at the end of2025, I want to hit 100,000.
And then one video just tookoff and it like, knocked that goal
(18:55):
out really fast.
I'm like, oh, I need to setnew goals.
So where we.
Where did you get yourinspiration for your content creation?
Did you have any resourcesthat you look to.
To kind of help you along your way?
Yeah, actually.
So there's a couple of reallygood youtubers out there.
Live Overflow, which he is actually.
Sorry.
So Live Overflow and Stack Smashing.
(19:16):
So Stack Smashing is ThomasRoth, who is actually the trainer
that I trainedunder@hardwareio this year.
So that was a cool experienceto get to go to his training.
And so both of their videosare really well done in the cybersecurity
space.
And then Thomas Ross, or StackSmashing, he specifically does hardware
hacking YouTube content.
So topically, those are acouple of my big inspirations.
(19:40):
There's a bunch of others thatI couldn't possibly name all of them.
But then the method though,because my method is very different.
So there's a YouTuber calledLouis Rossman who does MacBook board
repair.
And so he does some differentcontent now, but that's how he got
started.
And he would do, you know, 30minute, 45 minute, an hour long video
(20:02):
uncut of him under amicroscope or on the overhead camera
doing soldering, doing repairof these laptops.
And I was seeing the number ofviews he was getting in the sub count
and I'm like, oh, there's,there is still a market out there
for long form, unedited,almost livestream style content that
even in the day and age of,you know, short attention spans and
(20:24):
things like that, there is amarket for that kind of content,
which I was inspired bybecause that fits more my style of
just talking about my processand making mistakes and fixing things.
So that's the approach I wentwith and kind of combined that approach
that I saw from him in the, inthe repair space and the cyber security
influence.
Yeah, I think it's great thatyou're doing that because, you know,
(20:47):
we live in an Instagram worldwhere people are only showing the
polished, perfect, you know,end results and you know, you going
through and you mess up, youfigure it out.
People kind of learn sometroubleshooting along the way.
So I think that's great theway you're doing that.
Yeah, I certainly wouldn'thave it any other way.
And yeah, it seems to resonate.
So I'm glad, I'm glad mymistakes can help somebody.
(21:08):
So as far as the contentcreation's gone, how's that kind
of helped you out career wise?
Yeah, so that's been kind of incredible.
So the YouTube channel, veryearly on I got hit up by someone
who was participating in alive hacking event in the bug bounty
space.
And I had never done bugbounty before, so I got invited to
(21:29):
an event that was being put onby Amazon to hack on some of their
devices and to find vulnerabilities.
That's the basic concept inbug bounty.
And then you get paid moneybased on how critical those vulnerabilities
are.
And what category the devicesor the asset falls into.
And so I ended up partneringup and me and me and me and my teammate,
(21:53):
we won the event.
And so that kind of launchedme into, into the bug bounty space
to the point where I've gotteninvited back to a number of these
events.
I'm actually wearing the shirtI got from Scotland.
So I got to go, got to go toScotland and hack on Amazon and AWS
targets and yeah, just meetsome of the smartest people in the
world in the bug bounty scene.
Yeah, that's very cool.
(22:13):
And then congrats on yoursuccess on YouTube.
That's pretty amazing becauseI've seen some people that have been
doing it for years to reachthat or some people have been doing
a long time.
It hadn't for me.
For instance, my YouTubechannel turned 18 years old this
month.
Wow.
But my YouTube channel startedout as a place for me to post videos
for my powerlifting meets.
(22:34):
So I do powerliftingcompetitions and I'd upload the videos.
That was the first thing Ireused it for.
And then I got into teachingand I uploaded some of my lectures
from the college, my pentesting lectures up there as well
as, you know, then the podcastand then did some streaming before.
So that's pretty cool to seethat you're able to reach that level
of success in such a short time.
(22:56):
Yeah, it's definitely beensurprising and, and a fun, fun ride
to be on.
No, but, but those channelsare cool too because I always appreciate
following people on YouTubeand it's so interesting to see when
their content style or thething that they're interested has
changed because you really,you really do get to feel like you're
connected to like a real person.
Right.
When you, when you see that intheir content.
(23:17):
So like a very micro niche ofthat is like, like I said, I kind
of started on these Linuxbased devices and in a few of the
most recent videos and in somethat will be released soon, I've
been targeting moremicrocontroller based devices.
So like it's fun to seepeople's progression through their
YouTube, their, through their content.
So you being on the hardwarehacking side, do you think that's
(23:39):
a really promising area forfolks to get into?
Because I would, from my pointof view, I just don't see as many
people having the experiencewith that.
Like some of the other areasare kind of flooded with, with people
doing that particular thing.
Yeah, there's.
Wow.
Yeah.
Yeah.
I actually got, I actually gotasked this recently and I feel like
we're all having theseconversations of is AI going to steal
(24:00):
our job?
I'm, I'm just, I'm an optimistgenerally in life, so I don't, I
don't think that's going to happen.
But there's, there's thisfunny billboard and I feel like I've
seen this all over socialmedia where like this construction
company put up anadvertisement and it was like, hey,
chat GPT finish this buildingwas the, was the ad, right?
And so I always think aboutthat when I think of hardware hacking
(24:23):
and you know, job security, right?
It's like, yeah, sure, maybethey'll make a robot someday that
can like desolder to the flashchip over here and automatically
analyze the firmware.
Who knows, maybe I'll work onthat next.
But I do feel like this is agood area to get into now.
The opportunities are fewer,the amount of people in the space
is fewer, but theopportunities are fewer.
(24:43):
So I'll just give you anexample of bug bounty.
I would estimate of the bugbounty assets that are out there,
which are prettyrepresentative of tech in general
and cybersecurity demand, Iwould say probably about 95% of those
targets are web or mobile, andmaybe 5%, that might even be a generous
percentage to say 5% of bugbounty targets are hardware based.
(25:06):
And so you extrapolate that tothe industry.
It is a niche, right?
So being at the Hardware IOconference, it was a conference of,
you know, 200, 300 people andthese are the best hardware hackers
in the world, right?
And so there is a smaller,there is, there is a smaller niche
there.
But I do think it's going to grow.
I think, I think stuff isgoing to continue to grow.
(25:27):
More of this AI stuff is goingto go on the edge, meaning out to
devices where that processingused to be done back in a, back in
a data center.
And so more people want AI onthe edge of, of their smart device
networks and stuff like that.
So I think that is going toalso drive just a ton of demand for
(25:47):
hardware security.
Yeah.
So from, since you bring up AIfrom a career perspective, do you
think it's important forcybersecurity professionals to learn
something about AI?
Yeah, just like, you know, Idon't know, like a carpenter who
has like a hammer and thenlike somebody comes along like, here's
a nail gun, right?
You're going to, you probablywant to learn how to use that tool,
(26:08):
but you also don't want to so,you know, lend yourself to the tool
that you wouldn't know yourCraft without it is what I would
encourage people.
There's an individual, DanielPriestley, I've been reading his
book and I have been listeningto some of his work and he's got
a saying where he says that AIwill create two different groups
(26:29):
of people.
They'll create, it'll helppeople create more than they ever
could or consume more thanthey ever could.
So in this industry, youdefinitely want to, you know, keep
thinking with your brain andthinking outside the box.
And I think that's how, inusing AI to do that or to speed up
the, or to automate away theannoying stuff that you, the repetitive
(26:52):
stuff you do all the time,that will be a big help.
But yeah, I don't have any.
Again, I'm very optimisticthat my job's not going to get taken
away.
It might change.
It might change.
It's always interesting tohear the point, point of views on
how quickly, you know, jobswill be replaced because of, of AI.
But then again, I didn'treally look into it, but the paper
(27:13):
that Apple came out with thatsays the artificial general intelligence
is further out than whatpeople think it is.
Yeah, I read that paper andthat it's like when, when presented
with, yeah, I, I assume we'retalking about the same paper when
presented that the, that thealgorithms, the LLMs, when presented
with a new reasoning, new typeof reasoning challenge that they'd
(27:34):
never seen before, that atleast the current LLMs are kind of
falling on their, on theirface when they try to, when they
try to attempt those problems.
Right?
And that's, and that'ssomething that I experience all the
time, right?
So the thing I use AI for alot of time is reconnaissance and
information gathering, right.
I might read a serial numberof a chip off of a board and then
(27:57):
I might throw it into, youknow, a deep search or something
like that and say, okay, giveme all of the information back.
Is there any vulnerability information?
You know, are there any knownvulnerabilities about this?
Go out and kind of scatter outand do a search.
And the other day I was doingthis, I was, I was doing some reconnaissance
on a certain company andtrying to be like, are they releasing
(28:19):
any new IoT devices?
And basically the search toolcame back and said, nope, nothing,
nothing from this year.
And I was like, wait a minute,I don't think that's true.
And I was able to go throughto the FCC website and do a little
bit dig and dig a littledeeper and find out that they have
reported to the FCC thatthere's some new devices under development.
And so there's little thingslike that where again, you can be
(28:41):
a creator, you can use it tocreate, or you can consume it and
just assume that it knows all.
And once you do that, you'rekind of handicapping yourself to
its abilities.
Yeah, that's some good points there.
It's pretty interesting to seehow it's taken off in the popularity
of AI and you just always kindof wonder, you know, you see a lot
of stuff out there, you reallywonder if it's hype or accurate.
(29:02):
And then you have the thingslike this Apple paper coming out
that's saying that thingsaren't as far along as people are
saying.
So it's always interesting tosee the two opinions.
Yeah.
Oh, yeah.
So we're getting down towardsthe end of the episode.
Is there anything that you'dlike to share before we end?
Yeah, just if anyone isinterested in Iot security, Iot hacking.
Yeah, just I, I, I do have adiscord community where people come,
(29:24):
they ask questions, they doresearch projects together so that
that link can be found in thedescription of pretty much any one
of my YouTube videos.
So if anybody wants to findout more or ask questions, there's
a ton of people, really smartpeople, people smarter than me, that
are actively participating inthat community.
So I just encourage them to gocheck that out.
Yeah, thanks.
And we'll include that in theshow notes.
(29:45):
So make it easier for peopleto find your YouTube channel and
your discord.
Cool.
So, yeah, thanks for joining.
It was great chatting with youand good to learn more about the
hardware side of things andthen also to get to discuss content
creation, which I don't alwaysget to, but which is always fun.
Try to learn from, from peoplelike yourself.
Yeah.
Thank you so much for havingme on.
It was a blast.
Oh, thank you.
(30:06):
Thanks everyone.
And we'll see you in the next episode.
Thank you for listening to thePhilip Wiley Show.
Make sure you subscribe so youdon't miss any future episodes.
In the meantime, to learn moreabout Philip, go to thehackermaker.com
and connect with him onLinkedIn and Twitter @ Philip Wiley.
(30:27):
Until next time.
I was, I was doing somereconnaissance on a certain company
and trying to be like, arethey releasing any new IoT devices?
And basically the search toolcame back and said, nope, nothing,
nothing from this year.
And I was like, wait a minute,I don't think that's true.
And I was able to go throughto the FCC website and do a little
bit dig and dig a littledeeper and find out that they have
(00:20):
reported to the FCC thatthere's some new, new, new devices
under development.
And so there's little thingslike that where again, you can be
a creator, you can use it tocreate or you can consume it and
just assum it knows all.
Welcome to the Philip Wiley Show.
Take a look behind the curtainof professional hacking and hear
(00:42):
compelling discussions withguests from diverse backgrounds who
share a common curiosity andpassion for challenges and their
job.
And now here's your host,offensive security professional educator,
mentor and authority, Philip Wiley.
(01:06):
Hello and welcome to anotherepisode of the Philip Wiley Show.
Today, I'm excited to haveMatt Brown joining.
This is going to be especiallyfun for me because not only does
Matt work in cybersecurity,Matt is also a YouTuber and content
creator, which is one of thethings that I really enjoy geeking
out on.
It's kind of funny.
One of a good friend of mine,Arfal, that founded Dallas Hackers,
(01:29):
lunch last week, last Friday.
And one of the things we'retalking about, our interests span
more than just cybersecurity.
You know, some of the peoplethat either have been into cybersecurity
that long or that's their onlypassion and focus, that's all they
talk about.
And so sometimes it's not asmuch fun as when you've got people
around that have multipleinterests and you can discuss those
(01:49):
things.
And cybersecurity I get totalk about so much.
But the content creation isnot as frequent and common.
So it's always good to havesomeone that works in that area and
hopefully I can pick up sometips and tricks from you.
Welcome to the show, Matt.
Well, thank you.
Thank you for you for havingme on.
And excited to have this discussion.
Yeah, it's great to have you.
And before we started off, forthe, for the viewers, those that
(02:13):
are just listening only, youmay want to check out the YouTube
video because Matt's got apretty cool lab there in the background.
He's got all the hardware,hacking equipment.
It's really cool the way he'sgot his camera set up to look down
his workbench so he can, youknow, record or view whatever he's
working on at the time.
So that's pretty cool.
It's kind of interesting thekind of setup that you have to do
(02:33):
for the kind of contentcreation you do.
Yeah.
So like we were talking aboutbeforehand, I've taken a lot of hints,
a lot of setup advice actually.
There's a vibrant laptopmotherboard level repair community
on YouTube and some of theirmicroscope camera choices, I've modeled
after them so it's don't haveto create that all on my own.
(02:54):
Yeah, I'm sure that was took alittle more research and be able
to find the right placebecause, you know, most content creators
aren't doing anything whereyou have to actually see it.
Unless maybe someone that'sinto lock picking.
Then it wasn't be asspecialized in.
But you still have the camerapointing down at the locks or whatever
you're working on instead ofjust at yourself or just sharing
(03:14):
a screen.
Yeah, I've definitely evolvedmy camera setup over time, but I
think one of the things myviewers really like is seeing things
up close under a microscopeand having a camera and a microscope
set up where I can use twoeyeballs and have a, have a camera
attached.
There are some microscopeswhere you have to flip something
and you become, you become acyclops and you can only see out
(03:36):
of one eye and the cameratakes up the other, the, the other
spot.
But yeah, so, so this one, itcan do all that at the same time.
And I can do micro solderingwork taking apart IoT devices and
stuff like that at a reallyclose level, which.
Is fun, very cool.
And so it was kind ofinteresting that we finally got to
meet in person.
So Matt and I got tomeet@hardware IO USA.
(03:59):
It's a hardware securityconference and they also had some
training, a really cool training.
I was really impressed to seethat Joe grand was teaching training
there and looked like itlooked like some really good training.
I wished I'd known a littlebit more, knew about it ahead of
time that I could havepossibly tried to sign up for some
of the training because Idon't know anything about the hardware
side and could really use to,to learn that.
(04:20):
Yeah, the trainers there arereally what I would consider the
top, top professionals intheir specific niche.
Right.
So at the conference you havepeople who are interested in all
areas of hardware security,but within that, that niche there's
a bunch of these micro nicheswhere it could be, you know, somebody's
the expert on Bluetoothhacking software defined radio fault
(04:43):
injection was the class that Itook So I got to take that from Thomas
Roth, who was a really good instructor.
So yeah, a lot of world classtalent and teaching going on there.
Very cool.
So before we get too far intothe conversation, always have my
guests share their hackerorigin stories, kind of how they
got started and their story upto where they are today.
Yeah, so mine started.
(05:05):
I feel like I talked to a lotof people that have a similar story
that, you know, they justliked tinkering with electronics
and computers when they were a kid.
I actually had an incredible opportunity.
I feel like people don't havethis opportunity.
In junior high we actually hadan electronics and soldering class
where I got to learn to solderfor the first time.
(05:26):
And so I've always just beeninterested in taking apart stuff,
seeing how it works.
And my first introduction tohacking was watching a YouTube video.
Funny enough, all comes fullcircle with the content creation.
Watching a YouTube video oncracking WEP.
WEP, which as we all in theindustry know, is very vulnerable
wireless protocol, even backback then.
(05:47):
So I remember it was so cool.
I, you know, installed Linuxon a bootable cd, not, not a USB
stick, but a CD that was abootable Linux distro and running
a few commands that I, that Icopied from the YouTube video.
And just that experience ofgetting to see the WI FI password
of my home network come backand for IT to be able to decrypt
(06:07):
that was.
Was pretty eye opening for me.
And it kind of led me tocontinue in my journey of learning.
And so I did that in college.
I kind of did an IT degree inmy under and then in my grad school
I did, you know, computerengineering slash information assurance.
So kind of a cybersecurityfocused degree.
And from that point on I'veentered industry and gotten a chance
(06:31):
to do a lot of offensivesecurity, whether it was in more
of a consulting role or as aninternal IoT pen tester.
Very cool.
And so what I was, we weretalking earlier you mentioned how
you used to be involved in IoTVillage, so that.
That's pretty cool.
Yeah.
And actually so, so that was afun story.
So I worked with the IoTvillage folks for a little bit and
(06:53):
got to host the Village, whichwas fun because actually my first
time to DEFCON, I went andcompeted in the IoT Village CTF and
actually placed second in thatwhen I was competing by myself my
first time at DEF con.
So that was, that was a kindof fun experience and a fun introduction
to DEF CON as a whole.
The conference, butspecifically the Villages, which
is where you'll find me ifyou're at DEF con is definitely hanging
(07:19):
out in one of the manyvillages because I feel like those
are the spaces you get tointeract with people more one on
one instead of feeling likeyou're cattle that's just being herded
places.
The DEF CON success is great,but there's just a lot to do there.
Yeah.
So before you got into thehardware hacking, did you start out
the traditional pen testingand hacking route?
(07:40):
Yeah, so I definitely startedin more of a traditional kind of
like IT infrastructure.
I actually, you know, held IT jobs.
I've kind of held all sorts ofjobs around the tech space.
I've, I've done some dev work,I've done some system administration
and, and then also some moreblue team type roles, whether it's
(08:01):
part time while I was incollege or in the workforce.
And so those experiences haveall given me this other perspective
when I am doing pen testingand kind of lets me psychoanalyze
the other side a little bitand be like, if was a developer,
if I was a system admin, howwould I make mistakes?
What, what shortcuts would I make?
(08:21):
And then I try to exploit those.
Obviously being on theoffensive side, I.
Would think with thatbackground too makes sharing the
remediation steps a little bitbetter than just, you know, folks
that don't have that background.
Yeah, I, I, I tell people thisall the time.
If you, if you can communicateclearly and you can, you know, do
the technical work of whetherit's pen testing, you will go, you
(08:43):
will go so far in thisindustry because that is, it's almost
more important than thetechnical findings of a pen test.
Right.
Is being able to communicatethem and being able to give practical
recommendations or giverecommendations on how to completely
remediate the vulnerability.
But if you can't do that, howto defend or detect against that
(09:05):
vulnerability and if you'vehad that experience on the blue team
side or sysadmin side, youhave a lot better handle on.
And I'm sure with having thatsysadmin experience makes things
a little bit easier.
If you get a shell to a system opposed.
If you just purely came injust learning the offensive side.
Yeah, yeah, you, you know,where, yeah, where, where, where,
where they're likely to makeshortcuts and mistakes and, and all
(09:27):
these things that are, yeah,if you, if you just came purely from
the offense side you, youmight, you might try some way more
technically challenging way ofexploiting a system than the easier
routes.
Yeah.
So for someone that wanted toget into offensive security, what
would you recommend education wise?
Ooh, that is such a tricky question.
So obviously I went theacademic route, right.
(09:49):
I got an undergrad degree andthen I got a master's degree and
I personally enjoyed thatexperience and it was a good experience
for me.
But I meet so many people inthis industry that have none of that
and they're very proficient inwhat they do technically and in their
career advancement.
Obviously getting in the doorin an entry level role is going to
(10:11):
be a little bit more of achallenge if you don't have that
academic background.
But I would say not to be likewatch my YouTube channel.
But there's so many goodcontent creators out there that are
giving away top world talentlevel advice and teaching for free.
We were talking earlier, youcan go watch Nahamsek in his videos
(10:34):
and he's a world class bugbounty hunter and he just for free
gives away advice on how hefinds vulnerabilities, his methodology
and things like that.
And of course there's also,you know, training courses by those
same people that are very cheap.
Right.
Compared to that formalacademic degree.
So I would say if you aresuccessful in the academic world,
(10:58):
I still think there's value in that.
And especially having a courseset like computer science.
Right.
If you really understand thefundamentals of how computers work
and you're a good programmer,that is going to make you an excellent
security researcher oroffensive like, like a, in a, in
a pen testing role.
But I don't think it's necessary.
I think you need to be a selfstarter and you need to just go dig
(11:20):
into some labs, find sometargets and get hacking.
And you learn by doing it moreso than learning about hacking.
Yeah, I think sometimes thatthe academic side gets downplayed
too much, although it's notthe only way to go.
But one of the things I wouldsay is if you're, if you're not really
self disciplined and you kindof lack structure, sometimes the
(11:42):
structure of a college oruniversity can help you.
Maybe there's things that youdon't realize that you need to learn
like you know, it baseddegrees or computer science or even
cybersecurity degrees orsoftware development courses.
There's a lot of basics thatpeople gain there that they may not
otherwise know about unlessthey really thoroughly do their research
(12:04):
on what they need to learn tobuild that base knowledge before
they get into the actualsecurity piece or the hacking piece
of offensive security.
Absolutely.
In my time, so I went to IowaState University for both my undergrad
and my graduate degree One ofthe really cool, there's a lot of,
a lot of things I liked about it.
One of the really cool thingsthey had was a student group that
(12:26):
was, it was like a club, right?
It's a bunch of other likeminded people that are interested
in hacking and security andthings like that.
And they would just meet andgive talks and they would collaborate
on projects.
And then they also hostedthese cyber defense competitions
where they would give you aset of VMs that were chocked full
of vulnerabilities and giveyou like a month to secure those.
(12:47):
And then they brought inprofessional pen testers on the weekend
who just wanted to go, youknow, wreck these kids systems for
eight hours on a Saturday and,and really give them a real world
experience of what it's likehaving, you know, a professional
hacker come at their systemsand try to defend them.
And then there's a debriefwhere they get to learn all of the
(13:08):
hacking tools that were usedagainst their systems.
So I learned so much in thoseexperiences and getting to talk to
these people who are workingin the industry.
So that was one of the coolthings that a lot of these colleges
are doing nowadays.
They're giving a lot of handson experiences.
But like you said too, there'sthe background, right?
There's, there's like everyday where I don't have one of those
(13:30):
critical skills, I'm having tokind of backfill it.
So I always feel this wayabout electrical engineering.
I went more the software routein college and I'm always trying
to backfill some of thisfundamental electrical engineering
knowledge doing hardware hacking.
And I'm like, man, if I wouldhave just taken that one course in
college, like I would, I wouldhave this background.
So you sometimes don't knowthat you need it until way later
(13:52):
on in your career.
Yeah.
So kind of speaking of thehardware hacking and hardware security,
for someone that wants to getinto that, how would you recommend
they train themselves?
I mean, because that's just asnot as obvious as all the web app
pen testing courses you findout there.
All the network pen testingcloud, you name it.
You know, that doesn't seem aseasy to find and maybe you'd really
(14:13):
need to know those resourcesto know what would be a good resource.
Yeah, I, yeah, I agree with that.
And that's what, that'sprobably a, that's a big question.
I get on my YouTube channeland in my Discord server, a lot of
people are wanting to get intohardware hacking and especially,
especially if they watch avideo like mine, they're like, oh,
you have like all thisexpensive top tier equipment back
(14:34):
here behind me.
And if, if you see that as theonly image then you're like, I can't,
I can't aff that I can't getinto it.
And so what I always encouragepeople to do is to find a simple
target to hack on.
Like maybe you just go toGoodwill or another thrift store
and you find some old WI firouter and then you start taking
(14:55):
it apart and you start tryingto learn more about that system,
that device.
And then only when youencounter a problem that you need
a tool to solve, then you andgo and acquire that tool and you
kind of do it bit by bit like that.
And you don't need to buy themost expensive tools at first.
There are lots of cheapoptions for tooling.
But the way I learned is thatthat's, that's kind of how I learned.
(15:17):
And there, then there's someblogs out there where people will
write up, you know, hey, thisis how I took apart this device and
I found this vulnerability orI dumped the firmware and you can
just go try to replicate.
So, so the first thing I wouldsuggest to people is find some, something
cool that you saw, whetherit's in a YouTube video or a blog,
and just try to replicate whatthey did.
(15:38):
And that will give you a lotof hands on experience with the tooling
and hands on soldering that,that you might need to do.
Very cool.
So are there any kind of kitsthat anyone can buy to learn hardware
hacking?
Ooh, there, there are somekits out there.
I, that's, that's generallynot the way I go, but there is are
some from a company calledAddify and they've got a bunch of
(16:03):
supplies and some targetsinvolved in that.
The thing about hardwarehacking, that's hard and I kind of
alluded to this in thedifferent niches that are within
that hardware, like at theconference that were within the hardware
security conference, there'smany different kinds of targets.
So for example, I focus mostlyon Linux based IoT devices and those,
(16:25):
the tooling that you use toattack those is of a certain type
of.
And then what I'm trying toget more into is attacking microcontrollers
which are a completelydifferent architecture, require a
different set of tools to go after.
So yeah, so that's why mysuggestion is usually find the thing
you want to hack on and thenfind a guide that's going to walk
(16:47):
you through that step by stepand try to replicate it before you
and a kit might provide that,but I find the self kind of exploration
approach is usually best.
And so one of the things Idefinitely wanted to discuss too,
since you've, you know, you'rea content creator, you have a YouTube
channel, and I just wanted toget into that a little bit with you
and kind of discuss thatexperience with you.
(17:08):
Yeah.
So I started the YouTubechannel a couple years ago, and my
goal for it, I was like, thisYouTube channel will be successful
if over my lifetime I hit like10,000 subscribers.
That it very quickly, youknow, showed me that, wow, there's
more potential than I wasthought in this space.
And so.
But my, My philosophy for theYouTube channel, which is very different
(17:32):
from other people's style ofcontent, is for the most part, it
is unedited.
I'm not.
Not carefully editing togethermy video.
I. I hit record over here onmy computer, and I have, you know,
a couple cameras that I canswitch between.
Right.
So I have, I have this camera here.
I can, I can screen share mycompute, my computer screen if we're,
if we're doing something with software.
(17:53):
But then I also have the deskcam and the microscope camera.
I think people want, like, alot of the feedback, the positive
feedback that I got was that Iwould show people my mistakes.
Right.
I would, I would encounter amistake, I would make a mistake,
and then I would correct it.
And that was something thatwas a little bit more real life for
people, and that resonatedwith folks.
(18:14):
Yeah.
So.
So how many subscribers areyou up to?
Cause you tried.
You talk about wanting to hitthe 10,000 mark.
Yeah, I, I recently, you know,I, I like, I got my plaque.
So I've gone over the 100,000mark, and I think I'm sitting at
166 or 167k right now.
(18:34):
Yeah.
Wild ride.
It's been.
Congratulations.
That's pretty awesome.
Two years, right?
Yeah, yeah.
I was setting my goals for2025 back in November, December,
and I was like, at the end of2025, I want to hit 100,000.
And then one video just tookoff and it like, knocked that goal
(18:55):
out really fast.
I'm like, oh, I need to setnew goals.
So where we.
Where did you get yourinspiration for your content creation?
Did you have any resourcesthat you look to.
To kind of help you along your way?
Yeah, actually.
So there's a couple of reallygood youtubers out there.
Live Overflow, which he is actually.
Sorry.
So Live Overflow and Stack Smashing.
(19:16):
So Stack Smashing is ThomasRoth, who is actually the trainer
that I trainedunder@hardwareio this year.
So that was a cool experienceto get to go to his training.
And so both of their videosare really well done in the cybersecurity
space.
And then Thomas Ross, or StackSmashing, he specifically does hardware
hacking YouTube content.
So topically, those are acouple of my big inspirations.
(19:40):
There's a bunch of others thatI couldn't possibly name all of them.
But then the method though,because my method is very different.
So there's a YouTuber calledLouis Rossman who does MacBook board
repair.
And so he does some differentcontent now, but that's how he got
started.
And he would do, you know, 30minute, 45 minute, an hour long video
(20:02):
uncut of him under amicroscope or on the overhead camera
doing soldering, doing repairof these laptops.
And I was seeing the number ofviews he was getting in the sub count
and I'm like, oh, there's,there is still a market out there
for long form, unedited,almost livestream style content that
even in the day and age of,you know, short attention spans and
(20:24):
things like that, there is amarket for that kind of content,
which I was inspired bybecause that fits more my style of
just talking about my processand making mistakes and fixing things.
So that's the approach I wentwith and kind of combined that approach
that I saw from him in the, inthe repair space and the cyber security
influence.
Yeah, I think it's great thatyou're doing that because, you know,
(20:47):
we live in an Instagram worldwhere people are only showing the
polished, perfect, you know,end results and you know, you going
through and you mess up, youfigure it out.
People kind of learn sometroubleshooting along the way.
So I think that's great theway you're doing that.
Yeah, I certainly wouldn'thave it any other way.
And yeah, it seems to resonate.
So I'm glad, I'm glad mymistakes can help somebody.
(21:08):
So as far as the contentcreation's gone, how's that kind
of helped you out career wise?
Yeah, so that's been kind of incredible.
So the YouTube channel, veryearly on I got hit up by someone
who was participating in alive hacking event in the bug bounty
space.
And I had never done bugbounty before, so I got invited to
(21:29):
an event that was being put onby Amazon to hack on some of their
devices and to find vulnerabilities.
That's the basic concept inbug bounty.
And then you get paid moneybased on how critical those vulnerabilities
are.
And what category the devicesor the asset falls into.
And so I ended up partneringup and me and me and me and my teammate,
(21:53):
we won the event.
And so that kind of launchedme into, into the bug bounty space
to the point where I've gotteninvited back to a number of these
events.
I'm actually wearing the shirtI got from Scotland.
So I got to go, got to go toScotland and hack on Amazon and AWS
targets and yeah, just meetsome of the smartest people in the
world in the bug bounty scene.
Yeah, that's very cool.
(22:13):
And then congrats on yoursuccess on YouTube.
That's pretty amazing becauseI've seen some people that have been
doing it for years to reachthat or some people have been doing
a long time.
It hadn't for me.
For instance, my YouTubechannel turned 18 years old this
month.
Wow.
But my YouTube channel startedout as a place for me to post videos
for my powerlifting meets.
(22:34):
So I do powerliftingcompetitions and I'd upload the videos.
That was the first thing Ireused it for.
And then I got into teachingand I uploaded some of my lectures
from the college, my pentesting lectures up there as well
as, you know, then the podcastand then did some streaming before.
So that's pretty cool to seethat you're able to reach that level
of success in such a short time.
(22:56):
Yeah, it's definitely beensurprising and, and a fun, fun ride
to be on.
No, but, but those channelsare cool too because I always appreciate
following people on YouTubeand it's so interesting to see when
their content style or thething that they're interested has
changed because you really,you really do get to feel like you're
connected to like a real person.
Right.
When you, when you see that intheir content.
(23:17):
So like a very micro niche ofthat is like, like I said, I kind
of started on these Linuxbased devices and in a few of the
most recent videos and in somethat will be released soon, I've
been targeting moremicrocontroller based devices.
So like it's fun to seepeople's progression through their
YouTube, their, through their content.
So you being on the hardwarehacking side, do you think that's
(23:39):
a really promising area forfolks to get into?
Because I would, from my pointof view, I just don't see as many
people having the experiencewith that.
Like some of the other areasare kind of flooded with, with people
doing that particular thing.
Yeah, there's.
Wow.
Yeah.
Yeah.
I actually got, I actually gotasked this recently and I feel like
we're all having theseconversations of is AI going to steal
(24:00):
our job?
I'm, I'm just, I'm an optimistgenerally in life, so I don't, I
don't think that's going to happen.
But there's, there's thisfunny billboard and I feel like I've
seen this all over socialmedia where like this construction
company put up anadvertisement and it was like, hey,
chat GPT finish this buildingwas the, was the ad, right?
And so I always think aboutthat when I think of hardware hacking
(24:23):
and you know, job security, right?
It's like, yeah, sure, maybethey'll make a robot someday that
can like desolder to the flashchip over here and automatically
analyze the firmware.
Who knows, maybe I'll work onthat next.
But I do feel like this is agood area to get into now.
The opportunities are fewer,the amount of people in the space
is fewer, but theopportunities are fewer.
(24:43):
So I'll just give you anexample of bug bounty.
I would estimate of the bugbounty assets that are out there,
which are prettyrepresentative of tech in general
and cybersecurity demand, Iwould say probably about 95% of those
targets are web or mobile, andmaybe 5%, that might even be a generous
percentage to say 5% of bugbounty targets are hardware based.
(25:06):
And so you extrapolate that tothe industry.
It is a niche, right?
So being at the Hardware IOconference, it was a conference of,
you know, 200, 300 people andthese are the best hardware hackers
in the world, right?
And so there is a smaller,there is, there is a smaller niche
there.
But I do think it's going to grow.
I think, I think stuff isgoing to continue to grow.
(25:27):
More of this AI stuff is goingto go on the edge, meaning out to
devices where that processingused to be done back in a, back in
a data center.
And so more people want AI onthe edge of, of their smart device
networks and stuff like that.
So I think that is going toalso drive just a ton of demand for
(25:47):
hardware security.
Yeah.
So from, since you bring up AIfrom a career perspective, do you
think it's important forcybersecurity professionals to learn
something about AI?
Yeah, just like, you know, Idon't know, like a carpenter who
has like a hammer and thenlike somebody comes along like, here's
a nail gun, right?
You're going to, you probablywant to learn how to use that tool,
(26:08):
but you also don't want to so,you know, lend yourself to the tool
that you wouldn't know yourCraft without it is what I would
encourage people.
There's an individual, DanielPriestley, I've been reading his
book and I have been listeningto some of his work and he's got
a saying where he says that AIwill create two different groups
(26:29):
of people.
They'll create, it'll helppeople create more than they ever
could or consume more thanthey ever could.
So in this industry, youdefinitely want to, you know, keep
thinking with your brain andthinking outside the box.
And I think that's how, inusing AI to do that or to speed up
the, or to automate away theannoying stuff that you, the repetitive
(26:52):
stuff you do all the time,that will be a big help.
But yeah, I don't have any.
Again, I'm very optimisticthat my job's not going to get taken
away.
It might change.
It might change.
It's always interesting tohear the point, point of views on
how quickly, you know, jobswill be replaced because of, of AI.
But then again, I didn'treally look into it, but the paper
(27:13):
that Apple came out with thatsays the artificial general intelligence
is further out than whatpeople think it is.
Yeah, I read that paper andthat it's like when, when presented
with, yeah, I, I assume we'retalking about the same paper when
presented that the, that thealgorithms, the LLMs, when presented
with a new reasoning, new typeof reasoning challenge that they'd
(27:34):
never seen before, that atleast the current LLMs are kind of
falling on their, on theirface when they try to, when they
try to attempt those problems.
Right?
And that's, and that'ssomething that I experience all the
time, right?
So the thing I use AI for alot of time is reconnaissance and
information gathering, right.
I might read a serial numberof a chip off of a board and then
(27:57):
I might throw it into, youknow, a deep search or something
like that and say, okay, giveme all of the information back.
Is there any vulnerability information?
You know, are there any knownvulnerabilities about this?
Go out and kind of scatter outand do a search.
And the other day I was doingthis, I was, I was doing some reconnaissance
on a certain company andtrying to be like, are they releasing
(28:19):
any new IoT devices?
And basically the search toolcame back and said, nope, nothing,
nothing from this year.
And I was like, wait a minute,I don't think that's true.
And I was able to go throughto the FCC website and do a little
bit dig and dig a littledeeper and find out that they have
reported to the FCC thatthere's some new devices under development.
And so there's little thingslike that where again, you can be
(28:41):
a creator, you can use it tocreate, or you can consume it and
just assume that it knows all.
And once you do that, you'rekind of handicapping yourself to
its abilities.
Yeah, that's some good points there.
It's pretty interesting to seehow it's taken off in the popularity
of AI and you just always kindof wonder, you know, you see a lot
of stuff out there, you reallywonder if it's hype or accurate.
(29:02):
And then you have the thingslike this Apple paper coming out
that's saying that thingsaren't as far along as people are
saying.
So it's always interesting tosee the two opinions.
Yeah.
Oh, yeah.
So we're getting down towardsthe end of the episode.
Is there anything that you'dlike to share before we end?
Yeah, just if anyone isinterested in Iot security, Iot hacking.
Yeah, just I, I, I do have adiscord community where people come,
(29:24):
they ask questions, they doresearch projects together so that
that link can be found in thedescription of pretty much any one
of my YouTube videos.
So if anybody wants to findout more or ask questions, there's
a ton of people, really smartpeople, people smarter than me, that
are actively participating inthat community.
So I just encourage them to gocheck that out.
Yeah, thanks.
And we'll include that in theshow notes.
(29:45):
So make it easier for peopleto find your YouTube channel and
your discord.
Cool.
So, yeah, thanks for joining.
It was great chatting with youand good to learn more about the
hardware side of things andthen also to get to discuss content
creation, which I don't alwaysget to, but which is always fun.
Try to learn from, from peoplelike yourself.
Yeah.
Thank you so much for havingme on.
It was a blast.
Oh, thank you.
(30:06):
Thanks everyone.
And we'll see you in the next episode.
Thank you for listening to thePhilip Wiley Show.
Make sure you subscribe so youdon't miss any future episodes.
In the meantime, to learn moreabout Philip, go to thehackermaker.com
and connect with him onLinkedIn and Twitter @ Philip Wiley.
(30:27):
Until next time.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.