Episode 6 - Support VetSec - Security Chipmunks

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
UNKNOWN (00:00):
Thank you.

SPEAKER_01 (00:06):
Welcome to Security Chipmunks podcast, where we talk
about the development ofcybersecurity skills.
To stay up to date in today'sworld, you need to be resilient.
That's why as advancedpersistent chipmunks, we keep
chipping away at it.
My name is Nick Sedna-Johnson.
I'm here with my co-host, NeilSmalley.
And today we are joined by aspecial guest, Tom Marsland with

(00:29):
VetSec.
Welcome, Tom.

SPEAKER_00 (00:33):
Hey, glad to be here.
Thanks for having me.

SPEAKER_01 (00:35):
Yeah, glad to have you.

SPEAKER_02 (00:36):
That's

SPEAKER_00 (00:39):
awesome.

SPEAKER_01 (01:06):
God, that's really amazing.
Sounds like a greatorganization.

SPEAKER_00 (01:09):
It definitely keeps us busy.
There are just so many differentways that we try and help and
try and cover the gaps that theVeterans Administration and the
federal government kind of lacksin, especially with newer
industries in technology likecybersecurity.

SPEAKER_01 (01:26):
Understood.
So I've heard that civilian lifeis the longest deployment.
I've heard that phrase saidbefore.
So can you talk about thetransition from the military to
civilian life?
What is that like?
And what are some considerationsthere?

SPEAKER_00 (01:47):
Absolutely.
As I mentioned, I haven't madethat transition myself, but I do
have the perspective of talkingto a lot of people that have.
Civilian life is drasticallydifferent than military.
Most people that serve in themilitary did so joining right
out of high school, or ifthey're on the officer side,
they went straight to the NavalAcademy or to college.
So they don't have theexperience that our civilian

(02:09):
counterparts do in the realm ofjob interviews, resume writing,
or those kind of, you know, Ialmost think of them as kind of
basic skills for working in thecivilian industry.
And my last job interview was atMcDonald's in high school before
I joined the Navy.
And that was 19 years ago today.
The civilian industry is scaryto a lot of those people in the

(02:31):
military that just aren't sure.
You know, we joke that we're notsure what we're going to do when
we grow up.
A lot of military skills don'ttranslate into their civilian
counterparts.
And it's not just incybersecurity.
I did some research for our Navyhospital corpsman last year.
They're the people that I workon submarines.

(02:51):
So a hospital corpsman, we haveone stationed on every submarine
and they're the only medicalprofessional we have when we
leave on deployments.
So we're gone for six months andwe have this guy that has some
pretty good medical training,but if he separates from the
military, he's not certified onthe outside world at all.
He couldn't even draw blood at ahospital.
But that's the guy that'strained in doing even

(03:12):
rudimentary surgeries if we hadto on our ships.
And we see a lot of those gapsin the cybersecurity side as
well.
The DoD 8570 covers somecertifications that you have to
have to work in DoD cyber, likeSecurity Plus for the
information assurance side.
But even that isn't the defaultfor many of the people that do

(03:34):
work in IT in the military Theydon't get the opportunities to
have those certifications.
It's just kind of on the jobstuff.
And if it doesn't directlytranslate, then there's a huge
barrier for access to that jobmarket.

SPEAKER_02 (03:50):
Yeah, there's some really interesting points there.
I've heard before it can bechallenging trying to match the
military job descriptions towhat you would see in the
civilian life.
It can be really difficult, butif you can kind of translate it

(04:13):
a little bit, it can be kind ofhelpful.

SPEAKER_00 (04:15):
Yeah, absolutely.
There's so many resources thathave come up now.
Google, actually, on their JobFinder you can put in your
military job title or code andthey kind of translate to what
you'd be good at.
But there's still so much on theback of the service member to
write the resume that talksabout that.
There's so much military lingothat you aren't going to be able

(04:37):
to put on a resume because ourcivilian counterparts just won't
understand that.
So that's where companies likeOperation Code, Veterati, Vets
in Tech, and mine, VetSec, tryand bridge that gap.

SPEAKER_01 (04:49):
That's very interesting.
So how did you get involved withWebSec?

SPEAKER_00 (04:54):
Honestly, it was just looking around for my own
resources for transition.
I've always been somebody whowants to know clearly what the
path forward is going to be.
And this is probably one ofthose biggest scary moments that
I'm going to have in my life asfar as I have definitely decided
on retiring from the militaryand making that transition.

(05:17):
So about a year and a half agonow, I started research and
putting together a timeline formy own transition.
And VetSec was one of thoseresources that came up.
So I joined.
We have a Slack communitychannel where we have channels
about our military transition,technical channels, and a lot of
social stuff, fitness, health,and outdoors, and all sorts of

(05:41):
stuff for guys to just talk.
So I got involved with them.
About three months after Ijoined, they had earned a
partnership with a companycalled eSports.
E-Learn Security or INE now.
That was before that merger.
E-Learn Security gave VetSec 10vouchers for their junior
penetration tester program.

(06:01):
And being one of the people thatwas kind of active in the
channel at the time, the boardat the time selected me as one
of the 10 to receive thattraining.

SPEAKER_01 (06:12):
How nice.

SPEAKER_00 (06:13):
Yeah, it was a great experience.
I've always had this goal ofgetting my OSCP at some point.
So the EG EJPT was a great kindof starting point for that.
So I went through with the othernine VETSEC members and got my
EJPT.
And then about a year ago now,the board had elections and
there's a lot of members ofVETSEC and kind of I think with

(06:35):
most of those organizationswhere they come, they get the
resources and then they'resuccessful and they move on.
So we have a lot of members, butnot a lot of active in their
everyday kind of members.
So when the board elections cameup, there weren't a lot of
people volunteering.
volunteering to run for a spot.
So I tossed my name in and well,here I am today.
Yeah, it's been a wild ride sofar.

(06:58):
I think having a lot of freetime with the COVID pandemic
helped me a little bit.
About a year and a half ago,even the military for the people
that aren't on ships kind ofsaid, okay, if you can work from
home, go work from home, staysafe and check in over the
phone.
So I had a lot of free time todevote to that and to my studies
at the time.

SPEAKER_01 (07:19):
Well, that's great.
I know that I've seen you veryactive in social media channels
talking about VETSEC andencouraging both military and
veterans to talk to you if theyhave that interest.

SPEAKER_00 (07:33):
Yeah, I've been trying to experiment with
different ways to reach out tothe community.
Social media seems to be one ofthe best.

SPEAKER_01 (07:42):
Do you have any success stories that you have?
You don't have to name anynames, but have there been any
military or veterans that havebeen helped that you can talk
about?

SPEAKER_00 (07:53):
Yeah, absolutely.
Just for the company as a whole,we grew over a thousand members
in the past year.
And then one of the partnershipsthat we were able to come out
with was we partnered with acompany called Virtual Hacking
Labs.
They're similar to Hack the Boxor Try Hack Me in that they
provide lab-based training forpeople working on offensive

(08:14):
security.
We partnered with them with Hackthe Box and with Offensive
Security and And two of ourmembers last year, we kind of
called it our premierscholarship for the year.
Two of our members received thatkind of package deal of training
and are actively working ontheir OSCP certification right
now, free of charge from VetSec.

SPEAKER_02 (08:34):
That's awesome.

SPEAKER_00 (08:35):
Yeah.
And then the other thing is wepartnered with a company that's
basically us, but in the UnitedKingdom called TechVets.
And just the collaborationbetween the two of us, we've,
you know, sharing job postings,sharing just anything for the
people in the differentgeographic locations.
Just in the past year, we'vecontributed to over 30 of our

(08:55):
members finding meaningfulemployment, finishing that
military transition.

SPEAKER_02 (09:00):
Very cool.

SPEAKER_01 (09:01):
Wow.
Yeah, that's great.
Great news.
Great to hear.
It's great that you're gettingthese partnerships too, to be
able to offer education andcertifications to your members.

SPEAKER_00 (09:13):
Yeah, I'm not afraid to hear the word no.
So I've just been kind ofshotgunning every educational
company out there with ourmessage.
And, you know, I don't know,maybe they feel bad if they say
no to me.
I don't know.
But I'm going to keep askinguntil, you know, I can help as
many people as possible.
That's my goal.

SPEAKER_02 (09:31):
That's really cool.
We've covered a bunch of them,but BetSec offers quite a
variety of resources.
Would you like to go over all ofthem or anything that you
haven't touched on yet?

SPEAKER_00 (09:43):
Yeah, absolutely.
So our biggest thing is theSlack community.
So a member, you know, I'll justkind of go from somebody
discovering VetSec to what theycan get access to.
So a member discovers ourwebsite.
It's VeteranSec.com.
They applied to join our Slackcommunity, and that's where all
of our resources live.
We have about 3,000 members nowin the Slack.

(10:05):
I'd say looking at ouranalytics, about 400 active
week-to-week who are in thechannels commenting, posting,
asking questions.
The channels revolve aroundmilitary transition, technical
topics such as red teaming orindustrial control, SCADA,
education, social, and then thechannels for our leadership to

(10:26):
put out announcements.
There's also mental healthresources that we share for
people making the transition.
And that's more of aconfidential discussion channel
for people to share their kindof struggles.
Also help with VA medicaldisability ratings and how
people can go through thatprocess.
So I'd say 90% of the resourcesthat we have is that Slack.

(10:49):
It's the members giving backIt's the people who have made
those transitions kind of takingup their own little mentorship
and giving back to those peoplethat are coming in behind them.
On the tangible benefit side,over the last year, we had 10
members go through YARA trainingthat was given to us by
Kaspersky.
And then we give numerousdiscount codes.

(11:09):
So we are a CompTIA authorizedpartner academy.
So our members can buy vouchersfor us at about half the cost
that they would buy them ontheir own.
We also do giveaway vouchers forfor six months of Hack the Box.
I'm working a partnership withOffensive Security this year,
hopefully again.
I'm going to have to try andmake them say yes to me.

(11:31):
I'd like to get some more OSCPcertifications.
And then we have access toImmersive Labs platform.
That's another learning tool forfree of charge for our members.
And then Fortinet.
We're a Fortinet NSC Academy.
So anybody that's familiar withFortinet's certification can

(11:51):
gain access to all those throughus, the training and the certs
free of charge.
Those are kind of the big ones.
We have some goals over the nextyear that haven't come to
fruition yet.
We're working on somefinancials, but really my goal
is, you know, there's so manyresources out there.
There's YouTube videos, there'sProfessor Messer for the CompTIA

(12:12):
certifications, Hack the Box,Try Hack Me, you name it.
There's hundreds of differentlearning resources.
My goal is to have a programwhere a member joins.
We talk to them, kind of findout what their interest in cyber
is.
Because so many people say, Iwant to go into cybersecurity.
Well, what do you want to do incybersecurity?

(12:33):
So say they want to go intooffensive security.
Then we pair them with a mentorin that field.
And we have, my goal is to havelike five or six different
learning paths.
So a member wants to go into redteaming.
They work on this learning pathand it's comprised of resources
that we've procured for them.
Or that we've just kind ofcompiled across the web.
They go through it.

(12:55):
And if they complete the path,my hope is that I can get some
industry leaders to guaranteethose members that complete our
kind of educational path, atleast an entry-level job
interview.
Bypass the HR filters, youcomplete a program with VETSEC,
you get an interview.
That's the vision.
That's the goal.

SPEAKER_01 (13:15):
Oh, wow.

SPEAKER_02 (13:15):
That's really cool.
One quick note.
I've met some SOC analysts whodon't even know what you are.
Yara is a kind of a framework tohelp you write signatures or
rules for detecting certainmalware or whatnot.
So it can be a really cool anduseful tool for researchers to

(13:36):
share different detections forvarious malwares that you could
go and then plug into yourmonitoring and that way you
could find stuff on yournetwork.
So that's my understanding of

SPEAKER_00 (13:46):
it.
Yeah, that's the basics of whatI understand for, I didn't go
through the training that weprovided to our members on that.
I'm definitely more of a KaliLinux capture the flag
penetration testing.
That's kind of where myinterests lie.

SPEAKER_01 (14:04):
Yeah.
I know I've done some immersivelabs.
You mentioned that.
And I think I remember seeingthe Vetsak rank kind of high on
there.
So I guess your members arebeing really busy getting their
labs in and working on thatresource

SPEAKER_00 (14:23):
yeah it's a relatively new offering for us
but uh definitely as soon as weannounced it uh it was kind of
the bright and shiny thing forpeople to go after so we've got
about 30 or 40 guys uh and galskind of working through all that
stuff i like how it's modeledafter the mitre attack framework
and so people that areinterested in certain areas they

(14:45):
they know what labs to kind ofgo after in there

SPEAKER_01 (14:48):
yeah so i heard you did the sans cyber fast track
ctf

SPEAKER_00 (14:53):
i did so

SPEAKER_01 (14:54):
how was that

SPEAKER_00 (14:56):
oh i think my first time trying it was probably my
best attempt

SPEAKER_01 (15:00):
I

SPEAKER_00 (15:01):
went through it last spring, 48 hours going through
the CTF.
It was rough.
As somebody who was very new atthat point, it was a lot of,
hey, I'm going to sit down for48 hours and use Google a lot.
But it taught me a ton.
It definitely kind of showed mewhere some of my passions lie.

(15:21):
There's so many differentproblems in that CTF from
steganography, from some of theblue team defender side of the
house, malware analysis.
You know, it gave me a lot ofexposure to different tools.
My first attempt was definitelymy best.
I think there were about 3000people that went through at that
time.
And I was number like 65,somewhere in there.

(15:44):
And then, you know, based on howyou place in the sand cyber fast
track, they are, you submit a,like a video interview and a
resume, and then they choosepeople for their follow on.
I didn't get picked for that,but I keep plugging at it.
One of these days, maybe.
What

SPEAKER_02 (16:01):
are some of the challenges facing Vetset?

SPEAKER_00 (16:04):
So with any nonprofit, I think financials is
always going to be a challenge.
Our operating footprint's prettysmall.
It's really our website.
Slack was gracious enough todonate the space to us, even at
their higher Slack standardoffering.
So really it's website,corporate renewal fees, stuff

(16:26):
like that.
So that's pretty small.
I think the biggest challenge isgetting the word out there.
Like I said, we have 3,000members and we gained 1,000 over
the last year, which is awesome.
And I'm super happy about that.
But when I look at the biggerpicture, there's 200,000 people
separating from the militaryacross the United States every
year.
Now, I know all 200,000 peoplearen't interested in
cybersecurity, but I think it'sgot to be more than 1,000 out of

(16:50):
that 200,000 in a year.
And really, there are resourcesthat benefit people who wouldn't
just be going cyber, but intoIT.
in general.
And there's a lot of resourcesjust from the VA transition, the
mental health side that wouldhelp more people.
Probably the biggest challengethat I see is getting the word

(17:12):
to active duty members still.
The DOD has this workshop thatthey require everyone getting
out of the military to gothrough.
It's five days long and it's howto write a resume.
This is what an interview lookslike.
But if I wanted to get my nameon a list of resources that they
provide at that workshop, Ican't just contact like the big

(17:34):
DOD and they put it outeverywhere.
I have to contact basicallyevery individual military base
across the country and ask theirprogram coordinator to add it to
their slide deck.
There's no centralization ofthat process.
So finding volunteers that arewilling to, in their area, reach

(17:55):
out to those bases and kind ofget that word out.
And that's why the big push onsocial media is, I do have a lot
of military connections thatway.
So if I can amplify our voicethrough that method, I do.
And then just, yeah, there areso many people that just don't
know what those resources are.
And unfortunately, the longeryou're in the military, I think

(18:19):
the job gets a little harder.
You get more responsibilities.
So that last six months of amilitary member's transition
when they should be focusing onjob interviews and finding
resources and all that.
They're probably being taskedmore with their job than at any
other time.
So trying to lobby for themilitary to give those members

(18:43):
time to make that transitionbecause it's not as simple as
working a normal civilian joband looking for something else.
It's, hey, at this day, you'redone.
And once you put in yourpaperwork to be done on that
day, you don't take it back inmost cases.
So it's definitely more of awall.

(19:04):
And I think that's one of thechallenges that our members face
is, you know, it's kind of ascary world for them out there,
especially with unemploymentdoing what it's doing.
And I had several people thateven I work with personally
that, you know, the pandemic hitand now, oh, well, I don't want

(19:25):
to get out of the military inthe middle of pandemic, I'm
really not gonna be able to finda job now.
And they just don't, they don'tknow all the resources out
there.
So I think the biggest challengeis getting that word to as many
people as possible.

SPEAKER_02 (19:38):
If our listeners want to help out or get
involved, what do they have todo?
They just step on the Slack or?

SPEAKER_00 (19:44):
Yeah, the best place would be to go to
VeteranSec.com.
There's a link to join theSlack.
We do a little bit of OSINT tomake sure that people are in the
military because the Slack isjust for people that are in or
have been veterans of themilitary.
There's also donation links onthe page.
So people that are hearing aboutus that aren't in the military,

(20:05):
if they want to help, we doaccept donations that our major
funding sources and mostly frominsider membership.
And then, yeah, just, you know,if you see posts about hire a
vet, please help amplify thatvoice out there.
That's a, that's a big way tohelp.

SPEAKER_01 (20:23):
Where can our listeners connect with you?

SPEAKER_00 (20:26):
LinkedIn is probably the best place.
You know, Thomas Marsland onLinkedIn or T Marsland on
Twitter.
Those are, those are the biggestplaces and I'll never turn down
a connection request.
So even though even the annoyingsales pitches.
I just try and copy paste a vetsex sales pitch back to them.

SPEAKER_01 (20:44):
Nice.
All right.
Very good.
Well, thank you so much.
It was a pleasure having youhere

SPEAKER_00 (20:52):
today.
Oh, thank you so much for havingme.
I really appreciate theopportunity.
Thanks again.

SPEAKER_01 (21:00):
So thanks for listening to the Security
Chipmunks.
And remember, if it seemsoverwhelming, just keep chipping
away at it.

All Episodes

Episode 6 - Support VetSec

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

Stuff You Should Know

The Joe Rogan Experience

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Episode 6 - Support VetSec