July 21, 2025 • 36 mins
Summary
In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Ryan Williams, the publisher of HVCK Magazine. They discuss the importance of networking within the cybersecurity community, the evolution of content creation, and the aesthetic of cybersecurity media. Ryan shares his journey into cybersecurity, the creative process behind HVCK Magazine, and the role of AI in art. They also delve into offensive security practices, advice for aspiring professionals, and the significance of pro bono initiatives in making a positive impact in the community.
Takeaways
- Networking is crucial in the cybersecurity community.
- Content creation can take many forms beyond video.
- Cybersecurity media can be visually appealing and engaging.
- Conferences should focus on networking and real connections.
- Starting a magazine can help build connections in a new industry.
- AI can enhance creative processes, but should be used ethically.
- Foundational knowledge in programming and systems is essential for security professionals.
- Pro bono work can help develop soft skills and give back to the community.
- Small, focused conferences can foster better networking opportunities.
- Passion for the field is key to success in cybersecurity.
Connect with Ryan!
LinkedIn: https://www.linkedin.com/in/ryan-williams-4068351b8/
HVCK eZine: https://heyzine.com/flip-book/cd19181153.html
HVCK eZine back issues: https://hvck-magazine.github.io/
Chapters
00:00 Introduction to the Phillip Wylie Show and Guests
02:50 Networking in the Cybersecurity Community
05:30 Content Creation in Cybersecurity
08:10 The Aesthetic of Cybersecurity Media
11:17 The Evolution of Cybersecurity Conferences
13:46 The Journey to Starting HVCK Magazine
16:22 The Creative Process Behind HVCK Magazine
18:51 The Role of AI in Creative Work
21:36 Offensive Security and Cybersecurity Practices
24:26 Advice for Aspiring Offensive Security Professionals
26:53 Pro Bono Initiatives in Cybersecurity
29:50 Closing Thoughts and Future Endeavors
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
So I'm actually just about tofinish up a guide, actually, because
I'm all about, like, sharingknowledge, sharing information, like
having it.
I think if there's somethingyou want to know about, you should
be able to find those answers.
They shouldn't be gatekeepersto any kind of knowledge.
So.
But I'm doing a guide onbasically how to create a zine and
use it to organically buildyour network to make connections.
(00:25):
Welcome to the Philip Wiley Show.
Take a look behind the curtainof professional hacking and hear
compelling discussions withguests from diverse backgrounds who
share a common curiosity andpassion for challenges and their
job.
And now, here's your host,offensive security professional educator,
(00:45):
mentor and author, Philip Wiley.
Hello, and welcome to anotherepisode of.
Of the Philip Wiley Show.
Today I'm joined by RyanWilliams, the publisher of Hack magazine.
(01:05):
Ryan lives in Australia.
So actually it's not my firstAustralian guest because I had the
founder of Bug Crowd, Casey Ellison.
So I guess that makes younumber two.
That's a good thing that I'vegot someone else from Australia,
but that also tells me thatI've got to get some more Australians
on here as well.
(01:25):
Need some more Australians inthere, mate.
Need some more Australians in there.
It's good to be here, man.
Definitely.
Thank you for inviting me.
Good to have you here.
And one of the things thatjust kind of makes me think too back
to one of my experiencesspeaking in Canada.
I spoke at Atlantic Securityconference back in 2022, and I realized
when I was there, I hardlyknew anyone.
(01:45):
And I realized I've got to find.
I got to make more Canadian friends.
So I guess the same holds truefor Australians.
Although I know severalAustralian folks.
Heidi, her handle isSummerHeidi on X. I know her.
She's easily in town forHacker Summer camp during the.
During defcon and Black Hat.
So usually get to see her andsome other folks.
(02:06):
Yeah.
Hoping to make it to DEFCONthis year.
We'll see what happens withour work commitments.
But yes, you got to get intothe Commonwealth, mate.
We've got some good, good ones here.
Australia, Canada, NewZealand, either.
New Zealand's got someexcellent people you should talk
to.
I got to get out there too,because I want to speak there.
I haven't spoke there yet.
I haven't even submitted atalk yet.
But I think is Ricky Burks,that's the recruiter there.
(02:27):
Yeah, Ricky Burke's a legend.
Yeah.
Spoke to him.
I guess this is a 2022 DEF CONbecause he had those really cool
shirts that he had made upwith the tweet from Casey Ellis about
what risk the risk is and all this.
Punch in the face shirt.
Yeah, yeah, yeah.
(02:48):
That was one of my favorite Tshirt acquisition of the year at
the end of time.
Yeah, thanks for having me on, mate.
I've been, I've been followingyou for a while actually.
Like just, you know, firsttime, you know, first time caller,
long time listener.
But yeah, your.
Some of your tutorials andyour, your podcast and stuff have
(03:10):
been kind of pivotal in myearly pivot into cyber.
So, yeah, it's good to be here.
They say don't meet yourheroes, but I think that's wrong.
Yeah.
Because I've.
You've been on my radar.
I've known of you and known ofyour, your magazine and some of my,
some of my friends from CyberDistortion recently had you on their
podcast and I thought, yeah, Ineed to get him on.
(03:31):
They're so funny, man.
They're the best day.
Yeah, those, those, those guysare a lot of fun to hang out with.
So if you'll have to.
You'll have to get to DEFCONthis year just to get to at least
hang out with those guys.
They.
They know how to have a good time.
They do indeed.
They do indeed.
They caught.
They called me from Mexicotheir little trip recently.
I look like they're havingquite a good time.
Indeed.
Yeah, yeah, those guys knowhow to have a good time.
(03:53):
Usually we got like a textmessage stream going between them
and Chris Glandon and they'llpost up pictures of whatever they're
drinking, wherever they're atand that kind of thing on Friday
nights.
Yeah, yeah, Chris, Chris is a legend.
He's actually number two,official hack legend.
Number two.
Chris Glandon from the Barcode podcast.
(04:14):
Yeah.
Yeah.
So Chris, Chris and I haveknown each other since about 2020.
I was a guest on his podcastand then he's been a guest on mine
as well.
So yeah, Chris is a good guy.
Be seeing him as well as theCyber Circus Network guys next month
in Atlantic City for Boardwalk Bites.
So what's Cyber Circus all about?
(04:35):
I know there's.
It's the Cyber Circus Network.
Yeah, that's yourself.
The Cyber Distortion boys.
And Chris, is it just.
Just you four or is it.
And then recently Lynn.
No.
And Justin Hutch Hutchins joined.
Yeah, yeah.
So they kind of expanded thatlast year during the Lone Star Cyber
Circus, which was the one yearanniversary of the first collaboration.
(04:57):
It'll be like a little thing here.
So is it a conference or is itlike a panel or.
I think I saw photos from it.
What's that all about?
Yes, it was a live podcastevent, which is kind of cool because
Chris does a lot of that andhe always wanted to do something
in Texas because he's gotfamily here and lived in Texas for
(05:17):
a while, so he wanted to dosomething here.
And actually the way the CyberDistortion guys met Chris was through
me because I ran a DEFCONgroup in Denton, Texas.
And when Kevin joined us once,he actually come a couple times.
But when he was there, it wasright before DEF CON and Black Hat.
And I told him about Chris'slive podcast event that he was doing,
(05:39):
and that's how Jason and Kevingot to meet Chris and they kind of
connected and been in touchsince then.
It's a group of heavy hitters, mate.
It's quite good.
I like it.
I like it, like, a lot more ofthat over here.
You need to do an Australian invasion.
Yeah.
Cyber circus network, like,Australian tour.
That'd be wicked.
Yeah, that'd be awesome.
Definitely want to get there.
(05:59):
For sure.
Yeah, it's cool.
Always to connect with someother content creators and you've
got a magazine that's content.
And I think sometimes we haveto kind of remind folks that different.
Some people, when they thinkof the.
The.
The term content creation,they're thinking YouTuber.
And it.
Content creation goes waybeyond that.
You know, your magazineprinted format or digital.
(06:21):
But that's one of the oldesttypes of content out there.
And then podcasts is kind ofan older form of content.
YouTube is a little newer.
But sometimes people forgetabout those areas.
And folks that want to getinto content creation may be scared
to be on a camera, but maybethey can write.
Maybe that's their strong point.
So I'm actually just about tofinish up a guide, actually, because
(06:41):
I'm all about, like, sharingknowledge, sharing information, like
having it.
I think if there's somethingyou want to know about, you should
be able to find those answers.
They shouldn't be gatekeepersto any kind of knowledge.
So.
But I'm gonna be a guide onbasically how to create a zine and
use it to organically buildyour network to make connections.
Like, if you're first startingout in cyber, or even if you're already
(07:02):
in cybersecurity or whateverfield you're in, to basically organically
create a community around abody of knowledge.
Like, it's easy, anyone can do it.
Like, it doesn't matter ifyou're a bit socially awkward or,
you know, you don't likepeople much or I'm not sure, but
anyone can do it.
If there's something you, you dig.
Whether it's.
If it's toasters, start a zineabout toasters and people will flock
to it like toaster fans from everywhere.
(07:24):
So yeah, it's kind of like astep by step how to.
And it's easy.
It's like anyone can do it.
You just gotta have a littlebit of, a little bit of passion,
a little bit of drive.
Yeah.
That's awesome that you'regoing to do that.
I think one of the things forpeople to consider when looking at
something like that is what you're.
I'm sure what you're.
The content that you'reproviding through this, this ebook
(07:46):
or this tutorial would behelpful for people that want to do
like newsletters.
Yeah.
News edit newsletters.
It's.
It's the same, it's the samecore concept really.
Like I love cyber security.
I live, breathe.
When I'm not working, I'm likestudying something or so it's something
I'm very passionate about.
So it's easy.
While I'm going along, I takenotes about things I've learned and
(08:07):
use those as subject matterfor the magazine or newsletter, whatever
you're doing.
The key, what I found usefulabout it when I was first starting
out was that you create thisnewsletter or zine and it gives you
an in to talking to people whointerest you or who maybe are doing
something that is.
You want to learn about isthat it gives you that foot in the
door like straight away.
(08:28):
Like I wrote a newsletter, I'dlike to interview for it or I'd like
to know more about this.
But it creates a kind oflegitimacy to a point of contact
which I found lubricatessocial interactions, which is good,
especially when you're firststarting out in the industry.
It's really handy.
Yeah.
One thing that's nice aboutyour magazine is the fact that it's
just the hacker vibe to it isjust pretty hardcore in my opinion.
(08:53):
You've got 2600 magazine, butI just love the, the graphics that
you have in yours and just the whole.
It really seems to capturemore of the modern hacker culture.
Yeah.
Just, just because it'scybersecurity doesn't mean it has
to be ugly.
So that's what I said to theboys, that cyber distortion.
Like the thing is there's thismindset around that for cyber security
(09:16):
and because of the corporate,lot of the corporate nature of stuff
that has to have this certaintone, this certain vibe, you know.
And I completely disagree with that.
Like sure, if you wanted thebig, we've got the big four over
here, you know, kpmg, ey, allthat sort of stuff they have, you
know, I don't know how manyfollowers, whatever it is they say
millions.
If they, they can, they canproduce a piece of shit bit of promotional
(09:40):
material.
They have to hit 1% of thepeople and that's they're going to
make their money.
Like if you're a disruptor, ifyou're coming in, you're a small
company, you can't copy, youcan't emulate this same pattern that
they use because you justcan't afford it.
If you've got 10,000 followersand you hit 1% like that's, that's
not going to make you your money.
(10:00):
It needs to be something thatgrabs people.
And I think as the old guardkind of, I'm not going to say die
out, sort of fall away.
This visual communication,like it's all communication whether
it's the words on the page orthe pictures behind it, it's all
of it tells your story.
And I think just having, youknow, stock standard, corporate looking
kind of jargon, it just, itjust doesn't cut it.
(10:23):
I think as we move forwardwe'll see more stuff kind of like
how hack is just that ratherthan just representing information
represents a vibe or aviewpoint or like some ethical standard.
I don't know.
But yeah, I think there's alot of room to grow especially in
the cybersecurity industry.
Yeah, one of the things isjust going back to your points of
(10:44):
how those other conferencesjust like RSA or Black Hat vs. DEFCON
or B sides conferences, thepractitioners typically in my opinion
experience like DEF Con betterbecause it's more fun.
Just the straight lacedcorporate suit and tie type of conference
is kind of boring.
(11:05):
People really don't want toattend those.
And I kind of feel like that'skind of the same thing with your
magazine.
It's got that, you know, it'sgot more of the hacker vibe, more
of the true culture, not the community.
That's the thing like that.
I think that's what these.
Because I'm putting on a.
My first conference at the endof the year, I'm.
I kind of, I had an attempt atit earlier this year, had some issues
(11:29):
with funding but that's hereor there, but I think they've kind
of lost what the conference is about.
Yeah, it's to shareinformation, stuff like that.
But the most important thingabout conferences is Actually to
network and make real life connections.
I think a conference is toobig and too polished.
It reduces that naturaltendency for people to come together.
(11:50):
It has to be forced.
So a smaller conference,tighter rooms, you know, like a couple
hundred people rather thanthousands actually you'll make more
meaningful connections.
Those, those connections arethings that you take away from the
conference.
The talks you can look up online.
You go to conferences to make,to network.
And so that's what the plan is for.
This for my hack conference isjust to create, to focus more on
(12:15):
the people's experience thereand their opportunities to actually
make meaningful connection andtake that away and turn into business
opportunities, I guess.
Very cool.
Yeah, that.
When, when do you plan to hostyour conference?
6Th of November.
6Th of November.
I have to look around becauseI haven't, I haven't been to Australia
yet.
So I definitely like to get there.
(12:36):
If you are in the country, I will.
You're on.
You're on, brother.
Yeah, I need to make a trip to Australia.
Yeah, that would be great.
You're always welcome, mate.
Yeah.
So what got you interested indoing a magazine?
Doing the magazine.
Okay.
So I've always been into hacking.
(12:56):
I got.
Old man introduced me tocomputers when I was about 6, 5 or
6, a Commodore 64 in hislittle office.
I kind of was always enchantedwith it, was doing music at the same
time.
Did music my whole life.
When I was about 10 or 11, Ican't remember, somewhere around
there I discovered boardingboards and yeah, it's actually the
(13:20):
first time I ever got introuble for something on a computer.
We had a second line at homeand I'm not even sure where I found
out about it.
I think it was.
Might have been watching mydad, but we had a dialer program
so I was war dialing on thesecond line looking for BBSs, not
realizing that that secondline isn't actually free.
It's free for us, but it'sinternally billed.
So had my old man come homeand rip the shit out of me about
(13:41):
why there was thousands ofphone calls on his work line.
But the good part about thatwas I discovered a bulletin board
on the Gold coast and it waslike as you would imagine it, like
a creepy sysop, like, youknow, who's this?
I had to answer some questionsabout death metal to get on the site,
which I luckily knew, which ispretty handy.
But that was like my firstaccess to like a repository of like
(14:04):
text files and it was justlike, it was like Wonderland, man.
Like the first thing I everremember doing it Wasn't actually
even a.
A so much a computer hack, itwas a telephone hack.
Was the.
The public phones telecom.
Public phones had thisvulnerability I guess you would call
it.
You put your money in the topand then you would slide a plastic
straw through the top of themoney return shoot and it would drop
(14:26):
your coin back through, keepthe credit and it's just like this
is gold.
And it was kind of hookedsince then.
Good times.
Oh, sorry.
Getting back to the magazine,I got distracted.
So did music my whole life.
Studied in bands and then wentto electronic music and played big
festivals, toured all aroundthe place.
That was all going great gunsuntil Covid hit.
I had a production companythat was about to launch and we were
(14:47):
out setting up for the Formulaone party at the Melbourne Grand
Prix and we get the phone callto shut it down.
And yeah, my whole world kindof went flipped on its head.
My source of income just was gone.
Spent a few months doing thewhole feeling sorry for myself thing
and then I don't even knowwhat was the trigger but I just thought
(15:08):
I should get into this cybersecurity thing because I've always
done computers.
I kind of would be ahead ofthe 8 4, like ahead of the rest.
Anyway, so I went and enrolledin a course.
It turned out it was waybeneath what I was capable of.
But before the end of thecourse I got not headhunted but I
got a job contracting for a UScompany and yeah, haven't looked
(15:30):
back since 2001.
I swapped the head shell forreverse shells and off we go.
Very cool.
So for anyone who wants.
Yeah, I'm sorry, go ahead.
I started the magazine becausethere was the creative output of
doing the music thing haddried up and I've, you know, there's.
I have like a fire burninginside me.
(15:51):
I have to.
That I need to output like,like creative output.
If I didn't have that, I startgetting a bit.
All work and no play makesRyan a dull boy kind of thing.
I just get, I need to havethat output.
So the magazine started asinitially just a way to do something
creative but also to makeconnections in this new industry
where I knew no one becauselike coming in at 40, I think I was
(16:12):
like, it's weird to be in abrand new industry and with no connections.
No, no kind of lay of the land.
So the magazine was exactlywhat I said before I waited network
to make long term organicconnections and just to explore this
new area that I loved.
So yeah, if you wouldn't mindsharing the audience about your magazine.
(16:34):
Oh yes, Hack Hack.
There's actually a magazinebefore Hack, but we're not going
to talk about.
Oh, should we talk about that now?
Let's keep it all.
Sure.
There was a first magazinethat I did with a community and,
and the community was great.
It was absolutely amazing.
Basically it was.
There was a podcast and acommunity around it and it was going
(16:56):
really well and one day I justgot the idea, hey, we should do a
magazine.
And the guy said, yeah, well,let's do that.
So 10 days later we had a magazine.
I just like, I got in andinterviewed a couple of people and
just put out a magazine and itwas really quite successful as I
do.
I got a bit not carried away,but I got a bit excited.
So we ended up doing anAustralian version, a US version
(17:17):
and a UK version that we weretrying to release every month.
I think we did about, I thinkabout six issues all up.
And then some weirdness happened.
Yeah, guy filed like a DCMAclaim or something like this.
Like this.
I know he went a bit weird.
He thought he was trying totake over his organization or something.
(17:38):
But yeah, that's weird hacker stuff.
I don't know about that.
But Hack Hack started whenthat folded and basically it, it's
a celebration of digital counterculture.
So anything to do withtechnology, whether that's music,
whether that's art, whetherthat's science, whether that's, you
know, transhumanism in Leno'scase, like we kind of touch on everything.
(18:02):
There's no kind of, norestrictions in the subject matter
or who writes it.
If it's good and it's, andit's a topic that's, you know, relevant
to the cyber security, noteven cybersecurity.
If it's relevant to technologyand the direction it's heading, then
it's a hack worthy article.
So.
But obviously there's a leantowards knowledge that you might
(18:23):
not be able to get elsewhereor things are a bit, a little bit
the toe of the line.
But yeah, good fun.
So yeah, it's a pretty coolartwork that you have.
So.
So you're doing the artworkwith, with AI or was that something
that started out like moretraditional type of drawings?
And the artwork I do myself,some of it comes from original drawings
(18:44):
or just like jamming, I guess.
Like, you know, people jam on guitar.
It's the same sort of thingbut with visuals.
Like I'll get an image andthen I'll start messing with it.
And from that I might find atheme and then take that theme and,
and you know, Paste it outinto like a number of sheets and
then it just.
I know it's a very iterative process.
Sometimes it flows, sometimesit doesn't.
It's, it's, it's.
(19:06):
It's hard.
It's hard especially when Ilike the artwork for each article
to kind of like.
I like the artwork to kind ofwrap whatever the article is and.
Which makes it hard to get athematic kind of approach to the
whole magazine.
So sometimes it can feel a bitlike a, you know, some kind of acid
nightmare where like one pageis like all nice and smooth and the
(19:27):
next one's like exploding inyour face.
But AI has been.
Definitely been handy.
I shared a technique with KevMilne for creating his things for
his new mainframe course.
It's handy, but it's.
I know some people get someamazing results out of it, but I
don't think I am enough of aprompt master to get a final finalized
(19:48):
piece of work just fromthrowing a prompt at whatever your
generator of choice is.
Yeah, AI has been very handy that.
The artwork, it's, it'straditional stuff.
You know, Photoshop,Illustrator and everything just gets
laid up in InDesign.
So, yeah, that's cool becauseit really didn't look, it didn't
really look like AI.
So many people are using AIthese days, so.
(20:09):
But yeah, you can tell tell bythe looks of it that it was an AI.
Yeah, I think people getespecially creatives, they're getting
a bit.
I understand why, but likethe, with the fear that they're losing.
Going to lose their jobs or whatever.
But AI, like people have saidthis argument before, but AI, like
anything, it's a tool, it's aforce multiplier in everything.
(20:29):
Like with my artwork, with thehacking with like.
It's just about finding waysto use it that benefit what you're
doing, but keep youroriginality in there.
Like, you know, it's.
I don't know, they said it's atough one.
Like the.
I did a project reallyrecently where I created an AI course,
(20:50):
a course builder.
And it.
It's.
The output's really good, buttrying to like attribute the information
that it's pulled to, to createthese courses has been really interesting.
Like, it kind of got theknowledge from nowhere, but it's
struggles to find where that,that piece of knowledge is sourced.
(21:10):
So it's, it's the same withthe artwork.
Stuff like it, it doesn't knowhow to draw because it won't.
It's taken all of humanknowledge to, to get these to make
these amazing pictures.
Like, I think that's one thingthat kind of bugs me.
But it would be good ifthere's some kind of attribution
mechanism.
So, like when I say, hey,create a picture of a hacker, the
hacker comes up and he goes,oh, it was based off this, this,
(21:31):
this, this, you know, becausethose original creators need to be,
if not acknowledged, like compensated.
But that kind of mechanismhasn't been figured out yet.
I know we're still early days, mate.
Yeah.
I would imagine some wouldjust be appreciative to have credit
for the inspiration of itbecause my daughter used to play
(21:52):
roller derby and one of herfriends is an artist.
Spent all this time getting agraphics design degree and then all
the AI art is making thingsdifficult for them.
The problem is it's an ethicalchoice as well by companies, business
owners like.
Like the replacing tightapartments with AI that can apparently
(22:15):
do the job.
That's just an unethical thingto do.
It might be cheaper, you mighthave to compete with.
I understand the business sideof it, but there is going to be a
kickback at some point wherecompanies who want to behave ethically
will choose other companiesthat use AI in an ethical way.
(22:35):
We're not there yet.
Everyone's just going for thebargain at this point.
But there has to be some kindof systemic change to kind of balance
this whole AI thing is going.
But yeah, I use AI for themagazine all the time.
It's super handy.
It's great for making tables.
Love it.
Just throw Jason at it and it just.
(22:55):
I said, make me a table ofthis, please.
It shoots it back me in aformat that I can use it in InDesign.
That's actually.
That's the main thing.
I use it for formatting.
Formatting.
People give me these articlesin Word and it's such a nightmare,
such a nightmare to pull outall the formatting from the Word
document because it doesn't gointo InDesign well.
So, yeah, send me stuff astext documents.
(23:16):
That'd be great.
Yeah, yeah, it works pretty.
Pretty good for writing.
But it's interesting.
One of the things about AI, ifyou don't know the subject you're
using it on, you don't knowwhether the information is correct
or not.
And you see some of the.
There's a big giveaway that iscalled an M Dash.
Is that what it's called, M Dash?
It's like.
It's like an extended.
(23:36):
It's like.
It's like a dashboard.
It's like an extended one chatGPT uses it all the time.
Yeah.
And it's just funny to scrollthrough LinkedIn posts and these
people give me these heartfeltlike, you know, I did all this sort
of stuff and they see M dash,M dash.
And so did you really feelthis or was that chatgpt?
Come on.
Yeah, it's amazing, amazinghow that's affecting things, how
people are using AI ondifferent security products.
(23:58):
And just speaking along cybersecurity, if you wouldn't mind just
kind of sharing what you dofor your day job.
What areas security do youwork in?
At the moment I am workingwith a company which, whose name
I run.
Smart Cyber.
Smart Cyber Solutions.
We do like boutique kind ofrf, offensive kind of stuff, all
sorts of little projects.
But the company that I'm doingsome work with now is, is Cyber Smart
(24:20):
Solutions, which I thought wasquite hilarious when he approached
me.
But yeah, we're doing somestuff around SOC validation.
Basically just repeatabletesting using Atomic Red Team and
Caldera just to basically makesure your SOC or your third party
or society is covering your ass.
A lot of just don't know likethey get a SOC provider on board
(24:40):
and yeah, they might get acouple of alerts a month or whatever
they're, you know, whateverthey're expecting.
But that validation the SOC isactually protecting them from what's
out there is.
Yeah, there's a bit of a gapthere in Australia anyway.
I'm not sure about the States.
Yeah, there's definitely someholes that aren't being covered,
even simple stuff.
(25:00):
So what we do is we organizetests and say you've got a third
party sock.
If that phone doesn't ringfrom your sock provider saying something's
going on, then you know you'vegot a problem.
So that's what we help sort out.
That's very interesting.
That's cool.
It's really interesting to seesome of the things from the offensive
security side, how it's gonebeyond just pen tests, you know,
(25:21):
the purple teaming and doingthe controls, type validation or
just testing the socks likeyou're doing is pretty interesting.
So being someone fromoffensive security background, it
makes me happy to see peopletake that more seriously because
I think a lot of people don'ttake serious enough.
The capabilities that you canget from offensive security to really
help, you know, secure their environments.
(25:44):
Yeah, this is because I'vebeen an attack IQ fanboy since like
day one when I pivoted there.
I really like their education offering.
Like they're, it's kind of thealmost, it's almost vendor agnostic
the education they put acrosslike the everything is through like
the whole mitre, ATT and CKframework, how it works, you know,
threat informed defense.
(26:05):
Like the topics they cover arejust so good.
But that's where I kind ofthat whole threat emulation thing,
a breach attack stimulationthat that's kind of been drilled
into me from the get go.
So I've always thought likenormal pen testing is awesome.
Especially doubly so if youhave good pen testers like guys who
actually know what they'redoing, know what the tools are doing,
(26:27):
know how to manually test andget the actual results.
The problem with that is thateven if you get a good company that's
doing it, the next time youget a test it could be completely
different guys testing so thatthere's that variation in the skill
level or the output like thequality, how fine tooth the comb
is that they go through yourorganization with.
(26:49):
So the idea of somethingthat's repeatable and continuous
like something you can chartmetrics, get improvements over time
like classic normal pentesting still has its place.
That's definitely thing.
But incorporating thecontinual testing and like control
validation I think issomething that as threats like, like
(27:10):
evolve quicker through AI andstuff like that, that continual testing
is something that's like yourtool that protects you today, isn't
guaranteed to protect youtomorrow with the new threads that
come through.
Yeah, it's kind of excitingarea to be in because like you're,
you always have to be on the,you know, on the pulse kind of thing
with what's, what's comingout, what's possible.
Yeah, I like it.
(27:30):
Oh yeah.
So what's your recommendationsfor someone that wants to get into
the offensive security side?
Don't run before you can walk.
Don't run before you can walk.
I am super eager if nothingelse but I think okay, so let's get
into this chestnut.
Certifications, the whole certification.
I have none.
I don't have any offensivesecurity things.
(27:52):
I'm thinking about doing ocpbut it's a, you know, it's a big
investment for or something that.
But anyway I'm thinking aboutdoing that but I'm just.
No, you know your like if youand put it.
You can read all day about,about these techniques.
You can, you know, you can,you can stay online.
But it's, it's about creatingmuscle memory.
(28:15):
Like you know, it's like it'sdoing that one thing.
Sorry about like a hundredtimes so you know it backwards still
till that, that command likecomes out of you like you don't have
to think about it like it's soit's the thing I've.
This is me personally, I don'tknow about anyone else else's journey
because I've kind of taught myself.
But you're always going to belook like there's always going to
(28:37):
be something you have to lookup some, you know, some framework
you don't know, some that'sgoing to require you to look into
to figure out how to take thenext step.
But all that initial stuff,the like stuff, here's the recommendation.
Learn a programming language,Python, whatever, something easy.
Or if you want to be asuperhero, go straight into C C Sharp,
(28:59):
you know.
Cause that's going to bereally handy later on.
Learn language, learnoperating systems, learn Windows,
learn Linux.
Get core knowledge down.
Like don't jump straight in atsecurity because jumping in here
like you'll get a superficialknowledge which at the start it's
okay like you can, you can doa bit of this, bit of that.
(29:20):
You can scan, you can, youknow, you can find no vulnerabilities.
But it's as soon as that likethe publicly accessible tooling fails,
you have no idea where to go next.
So if you've got that coreunderstanding of how, how applications
work or how an operatingsystem work, it could like th.
(29:40):
Those foundational bits ofknowing, knowing the system before
knowing how to secure it isprobably my best, like the best advice
I can give, I guess.
Yeah, I think that's good advice.
Sometimes people get tooanxious to get into the hacking part
and that's the fund is.
Yeah, yeah, yeah.
It makes it a lot moredifficult if you don't get that foundation.
(30:03):
Yeah, I think, I think lovingit as well.
I think that's before anything else.
Why are you, why do you wantto get into it?
Why, why do you want to hack?
Why do you want to do that fora job?
Because there's, there's thesebig like high, high dollar like salaries
and all this stuff.
But at the end of the day doyou, at the end of the day when you
(30:25):
clock off, do you go home andhack more or do you get like.
I know there's something.
There's all the people who aregifted like that, I know they love
it, man, they've just, they're beasts.
They just, you know, they,they probably, they're probably quite,
you know, unwell mentally,like bit obsessive, compulsive, you
(30:47):
know, but you know, they, theylove it.
It's just, you know, if theycan't really operate in Other circles,
because they get home, theytalk about offensive security or
they talk about hacking onetrick pony, but you can see it in
their eyes.
As soon as something comes upabout any kind of security related
topic, eyes widen and you know.
And on the other hand, whenyou're talking to people who aren't
(31:07):
into it, you watch them kindof glaze over and you know, it's
my wife, my wife's kind oflike that.
She gives it.
But she gives me this nicesmile now, which I know is like,
okay, I've had enough.
Next topic.
So we're getting down towardsthe end of the episode.
Is there anything you'd liketo say before we close it out?
Yeah, actually I've got thisthing called pro bono solo Hobo.
(31:30):
It's not, it's like not like agroup or anything.
Basically I, I do, I think tocreate basically a safer world because
that's why I got into cybersecurity, was to basically make things
better, like help think people out.
Pro bono solo hobo is like aguide on how to yourself create like
a little grassroots, be thegrass grassroots subject matter expert.
(31:52):
So basically just giving yourcybersecurity services for free to
community groups, the elderly,whoever needs it.
And if you're just startingout in cybersecurity, it's a really
good way to get, you know,those soft skills like to know, to
talk to people and actuallytranslate what they say into actual
issues that can be fixed.
Like creative scope of work,stuff like that.
(32:13):
Yeah, maybe check that out.
That's pretty cool.
Get involved.
Like by getting involved, it'sjust go out into your community and
see where you can help.
Yeah, that's, that's awesome.
We need to need more stufflike that because it could be so
challenging.
You know, we get used totechnology, we take it for granted,
but a lot of the folks thatdon't work with it day to day need
that help.
And there's so many times thatthese different people, these demographics
(32:36):
are getting taken advantage ofon social media and stuff.
So you really need the help.
It's interesting.
I threw the challenge out atthe last B sides of that.
Like when you're presenting aconference, you look out of that
room and that's defcon.
It must be massive, like huge room.
Some of the smartest people inthe world sitting in this room.
I imagine if everyone in thatroom spent just 10 minutes a day
(32:58):
doing something on a projectthat made the world a better place.
Like, like just.
I know, it's, it's.
We get so focused in on theMoney and the, the personal return
that like just the smallestamount of time, like we could just
achieve so much.
So that's what I'm trying toget together, I guess.
Yeah.
Very cool.
I like that.
So thanks for taking time outof your schedule to join me today.
(33:20):
I know it's kind of early,early there and it's when you start
trying to schedule indifferent countries, it can be kind
of difficult, it can be tricky.
Yeah, it's actually not that early.
It's, it's, it's, it's 10 to 10.
But I've, I've been up latepacking this house, but I made a
nice little corner.
So you recreated this so wehad somebody to do the thing today.
(33:40):
Well, I appreciate it.
And we'll be sharing in theshow notes a list to Hack magazine
and, and other resources inyour socials so that way people can
connect with you.
And because a lot, a lot of folks.
The reason I have people sharethe hacker origin stories is because
it, it helps inspire,motivates other folks.
Because when I used to teachat Dallas College, I'd have the students
(34:01):
would say, yeah, we love your,your stories.
Can you bring in some of yourfriends from the community to share
their stories?
And that's been really prettymuch the center of my podcast is
sharing those stories.
So it can inspire someone else.
Sometimes it's may not be somuch what the person is doing, but
where they came from.
I've got a friend of minethat, that's.
(34:23):
That we met when we wereAutoCAD drafters back in the like
mid-90s.
And there'll be a few peoplecome along, say, hey, I'm a drafter
moving into security.
This was really interesting to me.
That's a lot, a lot of thereason for having people sharing
their backgrounds on the episodes.
But what I did really touch onwas that the hacking, I kind of did
(34:43):
that the whole time in thebackground, but it was usually around
music software, it was around getting.
Cause I had no money,obviously struggling artists.
It was about getting thelatest software and finding, either
finding or creating cracks for it.
And yeah, that's, that was the.
Sorry, that's the missing linkto the two pieces.
Yeah, that was what was alwaysgoing in the background.
(35:06):
Yeah, that's hacking for me.
It was never like a crewdoing, you know, whatever they do,
you know, mischief stuff.
It was about, it was about,you know, it was a means to an end.
It was about, okay, there'sthis thing that I need.
I don't have the money to get that.
So how can I do it?
And was figuring out the holesin the tech to basically facilitate
me making music.
(35:26):
So, yeah, very cool.
Yeah.
So thank.
Thanks again.
Thanks again.
And thanks everyone for, for,for joining the episode.
And make sure to check outRyan's magazine hack.
We'll be sharing in the show notes.
And if you like the podcast,make sure you're sharing with other
folks because one of the goalsis to help others.
So if you think this is a goodresource, subscribe and share with
(35:46):
others.
So thanks and we'll see you onthe next episode.
Matt, thank you.
Thank you for listening to thePhilip Wiley Show.
Make sure you subscribe so youdon't miss any future episodes.
In the meantime, to learn moreabout Philip, go to thehackermaker.com
and connect with him onLinkedIn and Twitter.
(36:08):
PhilipWylie.
Until next time.
So I'm actually just about tofinish up a guide, actually, because
I'm all about, like, sharingknowledge, sharing information, like
having it.
I think if there's somethingyou want to know about, you should
be able to find those answers.
They shouldn't be gatekeepersto any kind of knowledge.
So.
But I'm doing a guide onbasically how to create a zine and
use it to organically buildyour network to make connections.
(00:25):
Welcome to the Philip Wiley Show.
Take a look behind the curtainof professional hacking and hear
compelling discussions withguests from diverse backgrounds who
share a common curiosity andpassion for challenges and their
job.
And now, here's your host,offensive security professional educator,
(00:45):
mentor and author, Philip Wiley.
Hello, and welcome to anotherepisode of.
Of the Philip Wiley Show.
Today I'm joined by RyanWilliams, the publisher of Hack magazine.
(01:05):
Ryan lives in Australia.
So actually it's not my firstAustralian guest because I had the
founder of Bug Crowd, Casey Ellison.
So I guess that makes younumber two.
That's a good thing that I'vegot someone else from Australia,
but that also tells me thatI've got to get some more Australians
on here as well.
(01:25):
Need some more Australians inthere, mate.
Need some more Australians in there.
It's good to be here, man.
Definitely.
Thank you for inviting me.
Good to have you here.
And one of the things thatjust kind of makes me think too back
to one of my experiencesspeaking in Canada.
I spoke at Atlantic Securityconference back in 2022, and I realized
when I was there, I hardlyknew anyone.
(01:45):
And I realized I've got to find.
I got to make more Canadian friends.
So I guess the same holds truefor Australians.
Although I know severalAustralian folks.
Heidi, her handle isSummerHeidi on X. I know her.
She's easily in town forHacker Summer camp during the.
During defcon and Black Hat.
So usually get to see her andsome other folks.
(02:06):
Yeah.
Hoping to make it to DEFCONthis year.
We'll see what happens withour work commitments.
But yes, you got to get intothe Commonwealth, mate.
We've got some good, good ones here.
Australia, Canada, NewZealand, either.
New Zealand's got someexcellent people you should talk
to.
I got to get out there too,because I want to speak there.
I haven't spoke there yet.
I haven't even submitted atalk yet.
But I think is Ricky Burks,that's the recruiter there.
(02:27):
Yeah, Ricky Burke's a legend.
Yeah.
Spoke to him.
I guess this is a 2022 DEF CONbecause he had those really cool
shirts that he had made upwith the tweet from Casey Ellis about
what risk the risk is and all this.
Punch in the face shirt.
Yeah, yeah, yeah.
(02:48):
That was one of my favorite Tshirt acquisition of the year at
the end of time.
Yeah, thanks for having me on, mate.
I've been, I've been followingyou for a while actually.
Like just, you know, firsttime, you know, first time caller,
long time listener.
But yeah, your.
Some of your tutorials andyour, your podcast and stuff have
(03:10):
been kind of pivotal in myearly pivot into cyber.
So, yeah, it's good to be here.
They say don't meet yourheroes, but I think that's wrong.
Yeah.
Because I've.
You've been on my radar.
I've known of you and known ofyour, your magazine and some of my,
some of my friends from CyberDistortion recently had you on their
podcast and I thought, yeah, Ineed to get him on.
(03:31):
They're so funny, man.
They're the best day.
Yeah, those, those, those guysare a lot of fun to hang out with.
So if you'll have to.
You'll have to get to DEFCONthis year just to get to at least
hang out with those guys.
They.
They know how to have a good time.
They do indeed.
They do indeed.
They caught.
They called me from Mexicotheir little trip recently.
I look like they're havingquite a good time.
Indeed.
Yeah, yeah, those guys knowhow to have a good time.
(03:53):
Usually we got like a textmessage stream going between them
and Chris Glandon and they'llpost up pictures of whatever they're
drinking, wherever they're atand that kind of thing on Friday
nights.
Yeah, yeah, Chris, Chris is a legend.
He's actually number two,official hack legend.
Number two.
Chris Glandon from the Barcode podcast.
(04:14):
Yeah.
Yeah.
So Chris, Chris and I haveknown each other since about 2020.
I was a guest on his podcastand then he's been a guest on mine
as well.
So yeah, Chris is a good guy.
Be seeing him as well as theCyber Circus Network guys next month
in Atlantic City for Boardwalk Bites.
So what's Cyber Circus all about?
(04:35):
I know there's.
It's the Cyber Circus Network.
Yeah, that's yourself.
The Cyber Distortion boys.
And Chris, is it just.
Just you four or is it.
And then recently Lynn.
No.
And Justin Hutch Hutchins joined.
Yeah, yeah.
So they kind of expanded thatlast year during the Lone Star Cyber
Circus, which was the one yearanniversary of the first collaboration.
(04:57):
It'll be like a little thing here.
So is it a conference or is itlike a panel or.
I think I saw photos from it.
What's that all about?
Yes, it was a live podcastevent, which is kind of cool because
Chris does a lot of that andhe always wanted to do something
in Texas because he's gotfamily here and lived in Texas for
(05:17):
a while, so he wanted to dosomething here.
And actually the way the CyberDistortion guys met Chris was through
me because I ran a DEFCONgroup in Denton, Texas.
And when Kevin joined us once,he actually come a couple times.
But when he was there, it wasright before DEF CON and Black Hat.
And I told him about Chris'slive podcast event that he was doing,
(05:39):
and that's how Jason and Kevingot to meet Chris and they kind of
connected and been in touchsince then.
It's a group of heavy hitters, mate.
It's quite good.
I like it.
I like it, like, a lot more ofthat over here.
You need to do an Australian invasion.
Yeah.
Cyber circus network, like,Australian tour.
That'd be wicked.
Yeah, that'd be awesome.
Definitely want to get there.
(05:59):
For sure.
Yeah, it's cool.
Always to connect with someother content creators and you've
got a magazine that's content.
And I think sometimes we haveto kind of remind folks that different.
Some people, when they thinkof the.
The.
The term content creation,they're thinking YouTuber.
And it.
Content creation goes waybeyond that.
You know, your magazineprinted format or digital.
(06:21):
But that's one of the oldesttypes of content out there.
And then podcasts is kind ofan older form of content.
YouTube is a little newer.
But sometimes people forgetabout those areas.
And folks that want to getinto content creation may be scared
to be on a camera, but maybethey can write.
Maybe that's their strong point.
So I'm actually just about tofinish up a guide, actually, because
(06:41):
I'm all about, like, sharingknowledge, sharing information, like
having it.
I think if there's somethingyou want to know about, you should
be able to find those answers.
They shouldn't be gatekeepersto any kind of knowledge.
So.
But I'm gonna be a guide onbasically how to create a zine and
use it to organically buildyour network to make connections.
Like, if you're first startingout in cyber, or even if you're already
(07:02):
in cybersecurity or whateverfield you're in, to basically organically
create a community around abody of knowledge.
Like, it's easy, anyone can do it.
Like, it doesn't matter ifyou're a bit socially awkward or,
you know, you don't likepeople much or I'm not sure, but
anyone can do it.
If there's something you, you dig.
Whether it's.
If it's toasters, start a zineabout toasters and people will flock
to it like toaster fans from everywhere.
(07:24):
So yeah, it's kind of like astep by step how to.
And it's easy.
It's like anyone can do it.
You just gotta have a littlebit of, a little bit of passion,
a little bit of drive.
Yeah.
That's awesome that you'regoing to do that.
I think one of the things forpeople to consider when looking at
something like that is what you're.
I'm sure what you're.
The content that you'reproviding through this, this ebook
(07:46):
or this tutorial would behelpful for people that want to do
like newsletters.
Yeah.
News edit newsletters.
It's.
It's the same, it's the samecore concept really.
Like I love cyber security.
I live, breathe.
When I'm not working, I'm likestudying something or so it's something
I'm very passionate about.
So it's easy.
While I'm going along, I takenotes about things I've learned and
(08:07):
use those as subject matterfor the magazine or newsletter, whatever
you're doing.
The key, what I found usefulabout it when I was first starting
out was that you create thisnewsletter or zine and it gives you
an in to talking to people whointerest you or who maybe are doing
something that is.
You want to learn about isthat it gives you that foot in the
door like straight away.
(08:28):
Like I wrote a newsletter, I'dlike to interview for it or I'd like
to know more about this.
But it creates a kind oflegitimacy to a point of contact
which I found lubricatessocial interactions, which is good,
especially when you're firststarting out in the industry.
It's really handy.
Yeah.
One thing that's nice aboutyour magazine is the fact that it's
just the hacker vibe to it isjust pretty hardcore in my opinion.
(08:53):
You've got 2600 magazine, butI just love the, the graphics that
you have in yours and just the whole.
It really seems to capturemore of the modern hacker culture.
Yeah.
Just, just because it'scybersecurity doesn't mean it has
to be ugly.
So that's what I said to theboys, that cyber distortion.
Like the thing is there's thismindset around that for cyber security
(09:16):
and because of the corporate,lot of the corporate nature of stuff
that has to have this certaintone, this certain vibe, you know.
And I completely disagree with that.
Like sure, if you wanted thebig, we've got the big four over
here, you know, kpmg, ey, allthat sort of stuff they have, you
know, I don't know how manyfollowers, whatever it is they say
millions.
If they, they can, they canproduce a piece of shit bit of promotional
(09:40):
material.
They have to hit 1% of thepeople and that's they're going to
make their money.
Like if you're a disruptor, ifyou're coming in, you're a small
company, you can't copy, youcan't emulate this same pattern that
they use because you justcan't afford it.
If you've got 10,000 followersand you hit 1% like that's, that's
not going to make you your money.
(10:00):
It needs to be something thatgrabs people.
And I think as the old guardkind of, I'm not going to say die
out, sort of fall away.
This visual communication,like it's all communication whether
it's the words on the page orthe pictures behind it, it's all
of it tells your story.
And I think just having, youknow, stock standard, corporate looking
kind of jargon, it just, itjust doesn't cut it.
(10:23):
I think as we move forwardwe'll see more stuff kind of like
how hack is just that ratherthan just representing information
represents a vibe or aviewpoint or like some ethical standard.
I don't know.
But yeah, I think there's alot of room to grow especially in
the cybersecurity industry.
Yeah, one of the things isjust going back to your points of
(10:44):
how those other conferencesjust like RSA or Black Hat vs. DEFCON
or B sides conferences, thepractitioners typically in my opinion
experience like DEF Con betterbecause it's more fun.
Just the straight lacedcorporate suit and tie type of conference
is kind of boring.
(11:05):
People really don't want toattend those.
And I kind of feel like that'skind of the same thing with your
magazine.
It's got that, you know, it'sgot more of the hacker vibe, more
of the true culture, not the community.
That's the thing like that.
I think that's what these.
Because I'm putting on a.
My first conference at the endof the year, I'm.
I kind of, I had an attempt atit earlier this year, had some issues
(11:29):
with funding but that's hereor there, but I think they've kind
of lost what the conference is about.
Yeah, it's to shareinformation, stuff like that.
But the most important thingabout conferences is Actually to
network and make real life connections.
I think a conference is toobig and too polished.
It reduces that naturaltendency for people to come together.
(11:50):
It has to be forced.
So a smaller conference,tighter rooms, you know, like a couple
hundred people rather thanthousands actually you'll make more
meaningful connections.
Those, those connections arethings that you take away from the
conference.
The talks you can look up online.
You go to conferences to make,to network.
And so that's what the plan is for.
This for my hack conference isjust to create, to focus more on
(12:15):
the people's experience thereand their opportunities to actually
make meaningful connection andtake that away and turn into business
opportunities, I guess.
Very cool.
Yeah, that.
When, when do you plan to hostyour conference?
6Th of November.
6Th of November.
I have to look around becauseI haven't, I haven't been to Australia
yet.
So I definitely like to get there.
(12:36):
If you are in the country, I will.
You're on.
You're on, brother.
Yeah, I need to make a trip to Australia.
Yeah, that would be great.
You're always welcome, mate.
Yeah.
So what got you interested indoing a magazine?
Doing the magazine.
Okay.
So I've always been into hacking.
(12:56):
I got.
Old man introduced me tocomputers when I was about 6, 5 or
6, a Commodore 64 in hislittle office.
I kind of was always enchantedwith it, was doing music at the same
time.
Did music my whole life.
When I was about 10 or 11, Ican't remember, somewhere around
there I discovered boardingboards and yeah, it's actually the
(13:20):
first time I ever got introuble for something on a computer.
We had a second line at homeand I'm not even sure where I found
out about it.
I think it was.
Might have been watching mydad, but we had a dialer program
so I was war dialing on thesecond line looking for BBSs, not
realizing that that secondline isn't actually free.
It's free for us, but it'sinternally billed.
So had my old man come homeand rip the shit out of me about
(13:41):
why there was thousands ofphone calls on his work line.
But the good part about thatwas I discovered a bulletin board
on the Gold coast and it waslike as you would imagine it, like
a creepy sysop, like, youknow, who's this?
I had to answer some questionsabout death metal to get on the site,
which I luckily knew, which ispretty handy.
But that was like my firstaccess to like a repository of like
(14:04):
text files and it was justlike, it was like Wonderland, man.
Like the first thing I everremember doing it Wasn't actually
even a.
A so much a computer hack, itwas a telephone hack.
Was the.
The public phones telecom.
Public phones had thisvulnerability I guess you would call
it.
You put your money in the topand then you would slide a plastic
straw through the top of themoney return shoot and it would drop
(14:26):
your coin back through, keepthe credit and it's just like this
is gold.
And it was kind of hookedsince then.
Good times.
Oh, sorry.
Getting back to the magazine,I got distracted.
So did music my whole life.
Studied in bands and then wentto electronic music and played big
festivals, toured all aroundthe place.
That was all going great gunsuntil Covid hit.
I had a production companythat was about to launch and we were
(14:47):
out setting up for the Formulaone party at the Melbourne Grand
Prix and we get the phone callto shut it down.
And yeah, my whole world kindof went flipped on its head.
My source of income just was gone.
Spent a few months doing thewhole feeling sorry for myself thing
and then I don't even knowwhat was the trigger but I just thought
(15:08):
I should get into this cybersecurity thing because I've always
done computers.
I kind of would be ahead ofthe 8 4, like ahead of the rest.
Anyway, so I went and enrolledin a course.
It turned out it was waybeneath what I was capable of.
But before the end of thecourse I got not headhunted but I
got a job contracting for a UScompany and yeah, haven't looked
(15:30):
back since 2001.
I swapped the head shell forreverse shells and off we go.
Very cool.
So for anyone who wants.
Yeah, I'm sorry, go ahead.
I started the magazine becausethere was the creative output of
doing the music thing haddried up and I've, you know, there's.
I have like a fire burninginside me.
(15:51):
I have to.
That I need to output like,like creative output.
If I didn't have that, I startgetting a bit.
All work and no play makesRyan a dull boy kind of thing.
I just get, I need to havethat output.
So the magazine started asinitially just a way to do something
creative but also to makeconnections in this new industry
where I knew no one becauselike coming in at 40, I think I was
(16:12):
like, it's weird to be in abrand new industry and with no connections.
No, no kind of lay of the land.
So the magazine was exactlywhat I said before I waited network
to make long term organicconnections and just to explore this
new area that I loved.
So yeah, if you wouldn't mindsharing the audience about your magazine.
(16:34):
Oh yes, Hack Hack.
There's actually a magazinebefore Hack, but we're not going
to talk about.
Oh, should we talk about that now?
Let's keep it all.
Sure.
There was a first magazinethat I did with a community and,
and the community was great.
It was absolutely amazing.
Basically it was.
There was a podcast and acommunity around it and it was going
(16:56):
really well and one day I justgot the idea, hey, we should do a
magazine.
And the guy said, yeah, well,let's do that.
So 10 days later we had a magazine.
I just like, I got in andinterviewed a couple of people and
just put out a magazine and itwas really quite successful as I
do.
I got a bit not carried away,but I got a bit excited.
So we ended up doing anAustralian version, a US version
(17:17):
and a UK version that we weretrying to release every month.
I think we did about, I thinkabout six issues all up.
And then some weirdness happened.
Yeah, guy filed like a DCMAclaim or something like this.
Like this.
I know he went a bit weird.
He thought he was trying totake over his organization or something.
(17:38):
But yeah, that's weird hacker stuff.
I don't know about that.
But Hack Hack started whenthat folded and basically it, it's
a celebration of digital counterculture.
So anything to do withtechnology, whether that's music,
whether that's art, whetherthat's science, whether that's, you
know, transhumanism in Leno'scase, like we kind of touch on everything.
(18:02):
There's no kind of, norestrictions in the subject matter
or who writes it.
If it's good and it's, andit's a topic that's, you know, relevant
to the cyber security, noteven cybersecurity.
If it's relevant to technologyand the direction it's heading, then
it's a hack worthy article.
So.
But obviously there's a leantowards knowledge that you might
(18:23):
not be able to get elsewhereor things are a bit, a little bit
the toe of the line.
But yeah, good fun.
So yeah, it's a pretty coolartwork that you have.
So.
So you're doing the artworkwith, with AI or was that something
that started out like moretraditional type of drawings?
And the artwork I do myself,some of it comes from original drawings
(18:44):
or just like jamming, I guess.
Like, you know, people jam on guitar.
It's the same sort of thingbut with visuals.
Like I'll get an image andthen I'll start messing with it.
And from that I might find atheme and then take that theme and,
and you know, Paste it outinto like a number of sheets and
then it just.
I know it's a very iterative process.
Sometimes it flows, sometimesit doesn't.
It's, it's, it's.
(19:06):
It's hard.
It's hard especially when Ilike the artwork for each article
to kind of like.
I like the artwork to kind ofwrap whatever the article is and.
Which makes it hard to get athematic kind of approach to the
whole magazine.
So sometimes it can feel a bitlike a, you know, some kind of acid
nightmare where like one pageis like all nice and smooth and the
(19:27):
next one's like exploding inyour face.
But AI has been.
Definitely been handy.
I shared a technique with KevMilne for creating his things for
his new mainframe course.
It's handy, but it's.
I know some people get someamazing results out of it, but I
don't think I am enough of aprompt master to get a final finalized
(19:48):
piece of work just fromthrowing a prompt at whatever your
generator of choice is.
Yeah, AI has been very handy that.
The artwork, it's, it'straditional stuff.
You know, Photoshop,Illustrator and everything just gets
laid up in InDesign.
So, yeah, that's cool becauseit really didn't look, it didn't
really look like AI.
So many people are using AIthese days, so.
(20:09):
But yeah, you can tell tell bythe looks of it that it was an AI.
Yeah, I think people getespecially creatives, they're getting
a bit.
I understand why, but likethe, with the fear that they're losing.
Going to lose their jobs or whatever.
But AI, like people have saidthis argument before, but AI, like
anything, it's a tool, it's aforce multiplier in everything.
(20:29):
Like with my artwork, with thehacking with like.
It's just about finding waysto use it that benefit what you're
doing, but keep youroriginality in there.
Like, you know, it's.
I don't know, they said it's atough one.
Like the.
I did a project reallyrecently where I created an AI course,
(20:50):
a course builder.
And it.
It's.
The output's really good, buttrying to like attribute the information
that it's pulled to, to createthese courses has been really interesting.
Like, it kind of got theknowledge from nowhere, but it's
struggles to find where that,that piece of knowledge is sourced.
(21:10):
So it's, it's the same withthe artwork.
Stuff like it, it doesn't knowhow to draw because it won't.
It's taken all of humanknowledge to, to get these to make
these amazing pictures.
Like, I think that's one thingthat kind of bugs me.
But it would be good ifthere's some kind of attribution
mechanism.
So, like when I say, hey,create a picture of a hacker, the
hacker comes up and he goes,oh, it was based off this, this,
(21:31):
this, this, you know, becausethose original creators need to be,
if not acknowledged, like compensated.
But that kind of mechanismhasn't been figured out yet.
I know we're still early days, mate.
Yeah.
I would imagine some wouldjust be appreciative to have credit
for the inspiration of itbecause my daughter used to play
(21:52):
roller derby and one of herfriends is an artist.
Spent all this time getting agraphics design degree and then all
the AI art is making thingsdifficult for them.
The problem is it's an ethicalchoice as well by companies, business
owners like.
Like the replacing tightapartments with AI that can apparently
(22:15):
do the job.
That's just an unethical thingto do.
It might be cheaper, you mighthave to compete with.
I understand the business sideof it, but there is going to be a
kickback at some point wherecompanies who want to behave ethically
will choose other companiesthat use AI in an ethical way.
(22:35):
We're not there yet.
Everyone's just going for thebargain at this point.
But there has to be some kindof systemic change to kind of balance
this whole AI thing is going.
But yeah, I use AI for themagazine all the time.
It's super handy.
It's great for making tables.
Love it.
Just throw Jason at it and it just.
(22:55):
I said, make me a table ofthis, please.
It shoots it back me in aformat that I can use it in InDesign.
That's actually.
That's the main thing.
I use it for formatting.
Formatting.
People give me these articlesin Word and it's such a nightmare,
such a nightmare to pull outall the formatting from the Word
document because it doesn't gointo InDesign well.
So, yeah, send me stuff astext documents.
(23:16):
That'd be great.
Yeah, yeah, it works pretty.
Pretty good for writing.
But it's interesting.
One of the things about AI, ifyou don't know the subject you're
using it on, you don't knowwhether the information is correct
or not.
And you see some of the.
There's a big giveaway that iscalled an M Dash.
Is that what it's called, M Dash?
It's like.
It's like an extended.
(23:36):
It's like.
It's like a dashboard.
It's like an extended one chatGPT uses it all the time.
Yeah.
And it's just funny to scrollthrough LinkedIn posts and these
people give me these heartfeltlike, you know, I did all this sort
of stuff and they see M dash,M dash.
And so did you really feelthis or was that chatgpt?
Come on.
Yeah, it's amazing, amazinghow that's affecting things, how
people are using AI ondifferent security products.
(23:58):
And just speaking along cybersecurity, if you wouldn't mind just
kind of sharing what you dofor your day job.
What areas security do youwork in?
At the moment I am workingwith a company which, whose name
I run.
Smart Cyber.
Smart Cyber Solutions.
We do like boutique kind ofrf, offensive kind of stuff, all
sorts of little projects.
But the company that I'm doingsome work with now is, is Cyber Smart
(24:20):
Solutions, which I thought wasquite hilarious when he approached
me.
But yeah, we're doing somestuff around SOC validation.
Basically just repeatabletesting using Atomic Red Team and
Caldera just to basically makesure your SOC or your third party
or society is covering your ass.
A lot of just don't know likethey get a SOC provider on board
(24:40):
and yeah, they might get acouple of alerts a month or whatever
they're, you know, whateverthey're expecting.
But that validation the SOC isactually protecting them from what's
out there is.
Yeah, there's a bit of a gapthere in Australia anyway.
I'm not sure about the States.
Yeah, there's definitely someholes that aren't being covered,
even simple stuff.
(25:00):
So what we do is we organizetests and say you've got a third
party sock.
If that phone doesn't ringfrom your sock provider saying something's
going on, then you know you'vegot a problem.
So that's what we help sort out.
That's very interesting.
That's cool.
It's really interesting to seesome of the things from the offensive
security side, how it's gonebeyond just pen tests, you know,
(25:21):
the purple teaming and doingthe controls, type validation or
just testing the socks likeyou're doing is pretty interesting.
So being someone fromoffensive security background, it
makes me happy to see peopletake that more seriously because
I think a lot of people don'ttake serious enough.
The capabilities that you canget from offensive security to really
help, you know, secure their environments.
(25:44):
Yeah, this is because I'vebeen an attack IQ fanboy since like
day one when I pivoted there.
I really like their education offering.
Like they're, it's kind of thealmost, it's almost vendor agnostic
the education they put acrosslike the everything is through like
the whole mitre, ATT and CKframework, how it works, you know,
threat informed defense.
(26:05):
Like the topics they cover arejust so good.
But that's where I kind ofthat whole threat emulation thing,
a breach attack stimulationthat that's kind of been drilled
into me from the get go.
So I've always thought likenormal pen testing is awesome.
Especially doubly so if youhave good pen testers like guys who
actually know what they'redoing, know what the tools are doing,
(26:27):
know how to manually test andget the actual results.
The problem with that is thateven if you get a good company that's
doing it, the next time youget a test it could be completely
different guys testing so thatthere's that variation in the skill
level or the output like thequality, how fine tooth the comb
is that they go through yourorganization with.
(26:49):
So the idea of somethingthat's repeatable and continuous
like something you can chartmetrics, get improvements over time
like classic normal pentesting still has its place.
That's definitely thing.
But incorporating thecontinual testing and like control
validation I think issomething that as threats like, like
(27:10):
evolve quicker through AI andstuff like that, that continual testing
is something that's like yourtool that protects you today, isn't
guaranteed to protect youtomorrow with the new threads that
come through.
Yeah, it's kind of excitingarea to be in because like you're,
you always have to be on the,you know, on the pulse kind of thing
with what's, what's comingout, what's possible.
Yeah, I like it.
(27:30):
Oh yeah.
So what's your recommendationsfor someone that wants to get into
the offensive security side?
Don't run before you can walk.
Don't run before you can walk.
I am super eager if nothingelse but I think okay, so let's get
into this chestnut.
Certifications, the whole certification.
I have none.
I don't have any offensivesecurity things.
(27:52):
I'm thinking about doing ocpbut it's a, you know, it's a big
investment for or something that.
But anyway I'm thinking aboutdoing that but I'm just.
No, you know your like if youand put it.
You can read all day about,about these techniques.
You can, you know, you can,you can stay online.
But it's, it's about creatingmuscle memory.
(28:15):
Like you know, it's like it'sdoing that one thing.
Sorry about like a hundredtimes so you know it backwards still
till that, that command likecomes out of you like you don't have
to think about it like it's soit's the thing I've.
This is me personally, I don'tknow about anyone else else's journey
because I've kind of taught myself.
But you're always going to belook like there's always going to
(28:37):
be something you have to lookup some, you know, some framework
you don't know, some that'sgoing to require you to look into
to figure out how to take thenext step.
But all that initial stuff,the like stuff, here's the recommendation.
Learn a programming language,Python, whatever, something easy.
Or if you want to be asuperhero, go straight into C C Sharp,
(28:59):
you know.
Cause that's going to bereally handy later on.
Learn language, learnoperating systems, learn Windows,
learn Linux.
Get core knowledge down.
Like don't jump straight in atsecurity because jumping in here
like you'll get a superficialknowledge which at the start it's
okay like you can, you can doa bit of this, bit of that.
(29:20):
You can scan, you can, youknow, you can find no vulnerabilities.
But it's as soon as that likethe publicly accessible tooling fails,
you have no idea where to go next.
So if you've got that coreunderstanding of how, how applications
work or how an operatingsystem work, it could like th.
(29:40):
Those foundational bits ofknowing, knowing the system before
knowing how to secure it isprobably my best, like the best advice
I can give, I guess.
Yeah, I think that's good advice.
Sometimes people get tooanxious to get into the hacking part
and that's the fund is.
Yeah, yeah, yeah.
It makes it a lot moredifficult if you don't get that foundation.
(30:03):
Yeah, I think, I think lovingit as well.
I think that's before anything else.
Why are you, why do you wantto get into it?
Why, why do you want to hack?
Why do you want to do that fora job?
Because there's, there's thesebig like high, high dollar like salaries
and all this stuff.
But at the end of the day doyou, at the end of the day when you
(30:25):
clock off, do you go home andhack more or do you get like.
I know there's something.
There's all the people who aregifted like that, I know they love
it, man, they've just, they're beasts.
They just, you know, they,they probably, they're probably quite,
you know, unwell mentally,like bit obsessive, compulsive, you
(30:47):
know, but you know, they, theylove it.
It's just, you know, if theycan't really operate in Other circles,
because they get home, theytalk about offensive security or
they talk about hacking onetrick pony, but you can see it in
their eyes.
As soon as something comes upabout any kind of security related
topic, eyes widen and you know.
And on the other hand, whenyou're talking to people who aren't
(31:07):
into it, you watch them kindof glaze over and you know, it's
my wife, my wife's kind oflike that.
She gives it.
But she gives me this nicesmile now, which I know is like,
okay, I've had enough.
Next topic.
So we're getting down towardsthe end of the episode.
Is there anything you'd liketo say before we close it out?
Yeah, actually I've got thisthing called pro bono solo Hobo.
(31:30):
It's not, it's like not like agroup or anything.
Basically I, I do, I think tocreate basically a safer world because
that's why I got into cybersecurity, was to basically make things
better, like help think people out.
Pro bono solo hobo is like aguide on how to yourself create like
a little grassroots, be thegrass grassroots subject matter expert.
(31:52):
So basically just giving yourcybersecurity services for free to
community groups, the elderly,whoever needs it.
And if you're just startingout in cybersecurity, it's a really
good way to get, you know,those soft skills like to know, to
talk to people and actuallytranslate what they say into actual
issues that can be fixed.
Like creative scope of work,stuff like that.
(32:13):
Yeah, maybe check that out.
That's pretty cool.
Get involved.
Like by getting involved, it'sjust go out into your community and
see where you can help.
Yeah, that's, that's awesome.
We need to need more stufflike that because it could be so
challenging.
You know, we get used totechnology, we take it for granted,
but a lot of the folks thatdon't work with it day to day need
that help.
And there's so many times thatthese different people, these demographics
(32:36):
are getting taken advantage ofon social media and stuff.
So you really need the help.
It's interesting.
I threw the challenge out atthe last B sides of that.
Like when you're presenting aconference, you look out of that
room and that's defcon.
It must be massive, like huge room.
Some of the smartest people inthe world sitting in this room.
I imagine if everyone in thatroom spent just 10 minutes a day
(32:58):
doing something on a projectthat made the world a better place.
Like, like just.
I know, it's, it's.
We get so focused in on theMoney and the, the personal return
that like just the smallestamount of time, like we could just
achieve so much.
So that's what I'm trying toget together, I guess.
Yeah.
Very cool.
I like that.
So thanks for taking time outof your schedule to join me today.
(33:20):
I know it's kind of early,early there and it's when you start
trying to schedule indifferent countries, it can be kind
of difficult, it can be tricky.
Yeah, it's actually not that early.
It's, it's, it's, it's 10 to 10.
But I've, I've been up latepacking this house, but I made a
nice little corner.
So you recreated this so wehad somebody to do the thing today.
(33:40):
Well, I appreciate it.
And we'll be sharing in theshow notes a list to Hack magazine
and, and other resources inyour socials so that way people can
connect with you.
And because a lot, a lot of folks.
The reason I have people sharethe hacker origin stories is because
it, it helps inspire,motivates other folks.
Because when I used to teachat Dallas College, I'd have the students
(34:01):
would say, yeah, we love your,your stories.
Can you bring in some of yourfriends from the community to share
their stories?
And that's been really prettymuch the center of my podcast is
sharing those stories.
So it can inspire someone else.
Sometimes it's may not be somuch what the person is doing, but
where they came from.
I've got a friend of minethat, that's.
(34:23):
That we met when we wereAutoCAD drafters back in the like
mid-90s.
And there'll be a few peoplecome along, say, hey, I'm a drafter
moving into security.
This was really interesting to me.
That's a lot, a lot of thereason for having people sharing
their backgrounds on the episodes.
But what I did really touch onwas that the hacking, I kind of did
(34:43):
that the whole time in thebackground, but it was usually around
music software, it was around getting.
Cause I had no money,obviously struggling artists.
It was about getting thelatest software and finding, either
finding or creating cracks for it.
And yeah, that's, that was the.
Sorry, that's the missing linkto the two pieces.
Yeah, that was what was alwaysgoing in the background.
(35:06):
Yeah, that's hacking for me.
It was never like a crewdoing, you know, whatever they do,
you know, mischief stuff.
It was about, it was about,you know, it was a means to an end.
It was about, okay, there'sthis thing that I need.
I don't have the money to get that.
So how can I do it?
And was figuring out the holesin the tech to basically facilitate
me making music.
(35:26):
So, yeah, very cool.
Yeah.
So thank.
Thanks again.
Thanks again.
And thanks everyone for, for,for joining the episode.
And make sure to check outRyan's magazine hack.
We'll be sharing in the show notes.
And if you like the podcast,make sure you're sharing with other
folks because one of the goalsis to help others.
So if you think this is a goodresource, subscribe and share with
(35:46):
others.
So thanks and we'll see you onthe next episode.
Matt, thank you.
Thank you for listening to thePhilip Wiley Show.
Make sure you subscribe so youdon't miss any future episodes.
In the meantime, to learn moreabout Philip, go to thehackermaker.com
and connect with him onLinkedIn and Twitter.
(36:08):
PhilipWylie.
Until next time.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.