April 2, 2025 • 28 mins
Ever wonder how cutting-edge AI is transforming cybersecurity from the inside out? Security analyst Federico "FedEx" Castro pulls back the curtain on how innovative professionals are leveraging artificial intelligence to revolutionize threat detection and response.
FedEx takes us into the fascinating world of custom GPT agents, showing how he's created specialized tools that instantly process vulnerability information and generate tailored reports for different stakeholders. Far from theoretical discussions, this conversation delivers practical insights about implementing AI within security frameworks while navigating organizational data policies. "AI is a tool," FedEx emphasizes. "If you don't type the right input, you get a bad output."
The discussion ventures beyond technology into the human elements of cybersecurity. FedEx candidly shares how his neurodivergent thinking patterns create both unique challenges and remarkable advantages in security work. "It's a struggle, but it's a superpower at the same time," he explains, describing how ADHD traits like hyperfocus and pattern recognition help him excel at threat hunting and anomaly detection. His perspective offers a refreshing reminder that diversity in thinking styles strengthens our collective security posture.
With phishing attacks becoming increasingly sophisticated through AI assistance, security professionals must continuously evolve their skills and knowledge. FedEx shares valuable insights from cybersecurity conferences and technical workshops, emphasizing the importance of community connections for staying ahead of emerging threats.
Ready to enhance your security toolkit with AI capabilities? Want to better understand how diverse thinking styles contribute to stronger security teams? Listen now for practical guidance from someone who's walking the talk at the intersection of AI and cybersecurity.
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
is from a cooperative project for acquiring skills
essential to learning.
Speaker 2 (00:06):
Welcome to the Security Chipmunks podcast,
where we keep chipping away atit.
I'm Edna Johnson.
I'm here with my co-host, neilSmalley, hello.
And today we have our guest,hello, hello, welcome, fedex.
We're so glad to have you.
Speaker 1 (00:25):
Glad to be here.
Speaker 2 (00:27):
Yeah, would you like to say a couple of words about
yourself?
Speaker 1 (00:30):
Sure thing, my name is Federico Castro, but I
actually known and go by FedExeverywhere on socials and you'll
find me anywhere.
That's FedEx, that's kind of mynickname and I made it into my
brand.
So yeah, I'm a security analystfor a company right now, but in
(00:50):
reality I'm just a technologynetworking, cybersecurity
enthusiast that is always,always trying to stay ahead and
like what's new, what can Ilearn?
And always learning.
Speaker 2 (01:04):
It's a non-stop and learning journey I know I always
see any conference I go to,doesn't matter if it's local or
if I'm playing.
You know, out of state I runinto you.
Speaker 1 (01:17):
You're everywhere now so I've been told, I've been
told that I'm everywhere.
And yeah, I, I mean I'm.
I've been told, I've been toldthat I'm everywhere.
And yeah, I mean, I've beenlucky enough to be able to
participate in severalconferences recently.
But yeah, I, just I think thisis a great way to actually learn
it, at the same time networking, you meet individuals from all
(01:40):
kinds of backgrounds and allkinds of history.
So I do enjoy, when possible,going to a conference.
Speaker 2 (01:49):
Yeah, that's great.
So I wanted to ask you about.
You know, there's a lot ofemerging technologies in our
field and lately it's beenparticularly AI field and lately
it's been particularly AI.
So speaking of, like artificialintelligence and maybe machine
(02:09):
learning, how do you think thatlike influences cybersecurity
strategies nowadays?
Speaker 1 (02:16):
Well, so AI is not something new.
I mean, we've been dealing incybersecurity way I back in the
70s and so the what is actuallynew is the agentic AI, the this
AI that is actually reasonable,that the people can actually
type in and and now get aresponse back, and that's what's
(02:36):
actually was changing.
So I it is really changing alot because I mean, think about
it, when I was actually growingup, I think I did math doing
with an abacus and you know, youkind of little fills to one
side and now kids usescalculators, I use a typewriter,
now my kids use computers, andso it is changing.
(02:57):
You know, I think that the AItechnology is going to change
the way we do our day-to-dailytasks.
I've been actually recentlytaking a couple of courses from
Jason Haddix in Arcana Securityand you know if I think that
I've been doing something withAI, the guys that are there
(03:19):
taking those classes and thequality of teaching on those
classes are just way beyond mytime.
There's a lot of technology.
I think it's just going torevolutionize the way we do our
things.
Now it's not going to replacethe human being, but it is
definitely going to make us moreproductive if we know how to
(03:39):
use the tool because, at the endof the day, ai is a tool tool
because, at the end of the day,ai is a tool.
Speaker 2 (03:50):
That's very true.
How is the class with JasonHaddix?
I've heard great things.
Speaker 1 (03:54):
Well, jason has developed a methodology where he
actually goes.
I mean, if you ever had theopportunity to sit down with him
and see his classes or actuallysee his talks, you'll know that
he's probably one of thepersons that, at the last minute
, he's making changes, becausetechnology, for instance AI, is
so revolutionary that it'shappening so quite often that
(04:17):
he's making changes as he goessometimes, and so Jason is
trying to keep up witheverything that is new.
He's bringing new insights,he's bringing in his methodology
.
He actually does share hismethodology with the people in
the class, which is somethingthat you don't see a lot of
people to do.
That, I mean, I've been inclasses where you know you're
(04:37):
going to learn a curriculum, butwith his classes, you're going
to learn the curriculum.
It's going to be an openconversation.
So if you've got a question,please interrupt me.
If you've got something to say,please bring it.
If I don't know the answer,we're going to search it
together, and so it creates areally great environment for you
to learn and actually makedesires.
Out of the last class that Ijust finished last week with him
(05:00):
, I decided to start creating myfirst GPpt agents, which I have
played with chat gpt.
Here and there I definitely hadused it to correct my spanglish
, but now I actually created achatbot or an actual bot that
will pull um.
(05:21):
It will actually will help meto get informations on CVEs and
compile all in one response.
So it's just going to make mylife more easy when it comes to
the Tuesday patches, because I'mjust going to dump the CVEs
into the chat bot and it justgoing to give me a lineup and
(05:42):
percentile and EPSS score andeven it's actually I can give
you a demo on it but it willactually drop down a summary for
CISOs and a summary for regularusers.
So it's just going to make myreports faster.
Speaker 2 (06:02):
That sounds really interesting.
Faster, that sounds reallyinteresting.
I love that you're thinkingabout also delivering reports to
upper level management andmaking it so that it fits for
their needs as well, and thatreally helps you stand out as a
security person when you're ableto deliver those reports.
Security person when you'reable to deliver those reports to
(06:24):
your C-level suite yeah, that'sbrilliant.
Speaker 1 (06:28):
I actually, specifically today.
I went back to work today and Istarted working on integrating
that bot into an ecosystem,because every company is going
to tell you we can use AI.
Some companies will tell you noAI, some companies will tell
you, yes, but here's what we canuse.
Now we know the chat GPT is anopen model that you know
(06:48):
whatever you put in there isgoing to stay in.
You know open AI is going tosee your stuff.
So you really don't want to putany proprietary information or
company information on opensearch.
You want to make sure that youkeep that as a secure person.
You don't want to reveal thesecret sauce or actually spill
the beans or get fired becauseyou just, you know, put the
(07:10):
improper information on thatopen source.
And so, um, we do have aco-pilot integration, we do have
co-pilot and microsoft thatstated that they're going to
keep all your data secure underthe micropilot environment.
So I actually went and create anagent because that's how they
call it in Copilot, they call itagents, but that's the same
(07:30):
thing and test it out.
And when I presented it to myboss he was like whoa.
He was kind of like, okay, Ilike this, what else can we do
so?
He was already asking for more,and the reason why he asked for
more is because he said okay,so how can we integrate some of
the tasks that we do to domanually, to get these agents to
(07:51):
work, and if you actually havebeen keeping up with the AI
technology, last week somethingnew came out.
It's called MCPs and that isgoing to make AI and the agentic
AI go to the next level.
Speaker 3 (08:07):
Absolutely.
There's already a Gidra pluginfor it.
I believe Somebody made it.
Speaker 1 (08:14):
Well, and I've seen a couple of videos.
I mean, all the influencers andpeople started creating the
videos about NCP, ncp, ncp, andpeople started creating the
videos about NCP, ncp, ncp, butit's not something that I've
seen someone pull it outtogether yet and working, so
we're still testing those waters.
However, daniel Missler, thecreator of Fabric, has been
(08:40):
talking about this concept since2016.
It might not call it NCPPs, buthe called it the I think in his
work when his white paper.
It was the demons and it'sbasically how it's all API
connected, how your agent oryour demon or your MCP server is
(09:00):
going to talk to another MCPserver that's going to do X, y
and Z, and so it's going to cometo the point where you're going
to need a task and let's justsay that I'm going to say, well,
I'm going to need gas tomorrow.
So my NCP already know hey,fedex is going to need gas
tomorrow.
Let's pull out what is theprices on gases and what's the
(09:22):
desirable route, and he's goingto go to work on this route.
So I'm gonna tell him this andand so he's gonna immediately go
and act out and ask to theother mcps and it's gonna be
automatically.
That's gonna make our life moreinteresting.
That's gonna make our life moreuh, we're gonna become a little
bit more, um, efficient.
(09:43):
You know, I just think that thetechnology is amazing.
At the end of the day, it isstill a tool and just like a
tool, we need somebody thatoperates it, somebody that
learns it, and if you don't typethe right input, you get a bad
(10:04):
output.
Same thing as using acalculator.
You can have the most expensivecalculator in the world, but if
you don't know what kind offormula you enter, you will not
get the right results.
And that's the same thing.
I see AI.
You have to be able to use thetools in order to get the
results.
Speaker 2 (10:24):
Exactly.
Well, that's brilliant.
Speaker 3 (10:29):
Certainly.
Speaker 1 (10:37):
Now have you actually worked?
Speaker 2 (10:41):
or experimented with AI.
I haven't done much myself.
I've ran some queries onChatGPT and I've done some work
with the AI honey bots.
But putting together customprompts like that, not really
you know, and that's the thing Ilike.
Speaker 1 (11:02):
I say I thought I actually knew something and I
was doing the same thing, andthen it's when you get to these
classes that you realize, wow,there's, there's so much
potential to tap in that we arebarely barely touching the first
layer of what the systems cando for us.
And yet it's not a newtechnology, it's a really old
(11:23):
technology.
We just started exploring itmore and more, and now the
computational capacity orcomputers are becoming more
powerful so it can run this typeof models and stuff.
So I just I'm fascinated,fascinated by the possibilities
in here.
Speaker 2 (11:42):
Awesome.
Glad to hear it.
Speaker 3 (11:47):
Very cool, so I had originally come across you.
I think you had done aninterview with Carla over at
Greylog.
I think it was like DeathCon orsomething, so that's how I
originally found out about you,that's awesome.
Speaker 1 (12:07):
So you probably saw it in my YouTube channel.
Yes, yes, I have a smallYouTube channel that I post
videos here and there.
As Enda mentioned, I do go tosome conferences and when I go
to the conference I take theadvantage and just talk to the
people.
I guess I'm a little bit I'm anintrovert on an extrovert when
(12:32):
it when it comes to uh, uh,those things, because I mean I
do need my time for myself.
But, um, yes, that that condetection, threat hunting
engineering conference is one ofthe best conference I ever gone
for technical workshop.
(12:52):
So this was not much of one ofthose conferences that there was
a lot of networking, eventhough there was networking
involved.
This was a technical 100%beautiful.
I mean I can't wait for thetickets to come out to 2025, so
I can immediately pay for it.
Because, talking about stuffthat you learn, I mean I can't
wait for the tickets to come outto 2025 so I can immediately
pay for it.
Because, talking about stuffthat you learn, I mean it was
(13:14):
red, blue, purple People put inthe workshops and Carla was one
of those persons that had aworkshop on Greylock and had to
set up a Greylock store and hadto actually get logs, and so she
did.
She created a whole workshop andshe was there present and I
(13:35):
mean I'm telling you that wasthe first, actually, time that I
experienced with Rayla and Ihad some issues setting up the
box, but she was right there,they were there with you and so
she was like, oh, you know what,let's just fix this, this and
let's try this and make sure yougot this one to a distro, and
(13:58):
it's just nice.
I mean it was a learningexperience for sure.
It was super packed.
I mean I got to tell you twodays it was not enough for all
the type of material that wasthere.
Now there is one of thosethings about that conference.
It was that they actually leftthe workshops open longer than
the two days only so you can, ifyou are a disciplined person
(14:21):
and you had the time, you can goback and, you know, take more
time and follow the instructions.
And even the workshop leaderswere still available on the
Discord to answer any type ofquestions that you might have or
come across.
Speaker 3 (14:34):
Yes, my favorite capture the flags are the ones
that leave the challenges upeven after it's over, so you can
go back and work on the onesyou didn't have time for.
Speaker 1 (14:44):
Yeah, et and I recently participated on a
vision competition CTF and whileI did not get all the flags, it
was something that I wishedthey would have left it open to
go and keep trying, because Ithink it's the first time I've
seen it.
It's a vision competition, soit's AI.
(15:06):
You're attacking the AI, butit's a CTF competition voice
prompted.
So there was no, all hackingwas done through your voice.
All hacking is, you know, youactually doing like human
hacking, but I guess it's an AIright now.
It's a machine, but yeah, it'sjust different.
Speaker 2 (15:31):
Yeah, that was a fun competition.
Yeah, the guys at Red Sea, itwas awesome, they did a great
job with that, yeah, so thatkind of brings me to my next
question.
So what's the next conferencethat you're going to go to?
Speaker 1 (15:49):
To tell you the truth , I just looked at my calendar
and I believe I'm actually goingto be in a conference next week
Next week Already.
Yeah, I just realized thattoday.
I need to verify it and makesure, but I think I'll be next
week on Novi4Con.
Speaker 2 (16:06):
Oh nice.
Speaker 1 (16:07):
Yes, that should be good.
So, as you know, knowbe4 is acompany that is one of the
biggest companies for usertraining, user behavior training
and phishing training.
I think a lot of the companiesuse them.
I mean there's still othercompetitors there too, but it's
(16:28):
either I think it's Proofpointor I think that's the other
company and then Novi4, I thinkthat's the two biggest ones that
does this kind of training.
There's other companies inbetween, but they'll put in
their conference soon and sincewe are a shop that used Novi4,
then we'll be going in there tolearn and see what's new.
Going in there to learn and seewhat's new.
(16:52):
90% I mean all the reportsthat's coming out recently on
cybersecurity.
They all agreed that almost 90%of the attacks and breaches in
cybersecurity are done becauseof phishing.
So it's always good to try tostay ahead of the curve and I
got to tell you with AI you'renot finding that misspelling.
You know Kino, nigeria, sendingyou the emails anymore.
(17:16):
They're really getting crafty.
Speaker 2 (17:21):
Yeah, and those that are doing phishing.
They now have access to chatGPT.
So if they had languagebarriers writing those emails,
they now have the tools to makethem better.
Speaker 1 (17:33):
So all the emails are leveling up.
Yeah, and even creating code.
I mean, if you struggle writingin Python or JavaScript or even
PowerShell, you can use the AIlanguage model and say, hey, I'm
looking for a script that doesthis and this and I wanted to
(17:54):
read it in this language and itwill write it down for you.
Then you can test it out andyou can make corrections.
So I mean it's leveraging thetool to make yourself more
better.
I believe 4.0,.
I think 4.0, what is it?
(18:15):
4.0.
The ChatGPT 4.0 model actuallydoes better for coding and
everything.
It can check your code.
It can tell you where you haveany issues.
There's other companies rightnow that actually in doing code
revision and implementing ai, sonow the ai will tell you where
(18:39):
your script is failing.
As you're writing the code, I'mtelling you it's
revolutionizing the way we work.
It's revolutionizing the way wework.
But if it's not, this is avendor conference, so the next
(19:05):
one, really, I think it's goingto be Hackspace Car.
Oh nice, I'll be there too.
Yes, I submitted forvolunteering this time, so
hopefully you get me acceptedand I'll be there volunteering,
so maybe you see me theretelling you it's this way.
Speaker 2 (19:14):
Yes, that'd be great.
Speaker 3 (19:20):
Definitely seems very popular.
I heard lots of people talkingabout that one.
Speaker 1 (19:26):
I've never been there .
They said it's amazing, andespecially the fact that it's
the only conference that youactually get to go one day at
NASA, like the first day it isactually done in NASA.
It's just amazing.
Speaker 3 (19:41):
So cool.
Speaker 1 (19:43):
Yeah, it is cool.
It does get the geeky out of me.
Speaker 3 (19:50):
So I noticed on your profile you have a neurodiverse.
How's that been a part of yourjourney and where does that fit
in?
Speaker 1 (20:02):
That is the struggle and a superpower all combined at
the same time.
Um, when I was dating, my wifeactually, yeah, dating.
And when we got married, mywife actually has a master's in
mental health, counseling andpsychology and all this other
stuff.
So, you know, it's just likeman, you need to actually get
(20:24):
diagnosed, you need to get helpbecause you're all over the
place.
And so, yeah, I got diagnosedand they're like, oh yeah, you
have ADHD man.
And so, yeah, I got diagnosedand they're like, oh yeah, you
have ADHD, man, you needmedication, you need to be able
to do this thing.
And I was like you know what Alot of the things make sense now
, why I struggle so much, but atthe same time, how other things
came so easy for me.
You know how can I learn thingsfaster or how can I actually
(20:52):
pay attention to two or threethings at the same time?
And one thing that I havelearned in here in cybersecurity
is that a lot of people that Iknow are either neurodivergent
or there's some sort of aspectrum, and the reason why we
excel in cybersecurity isbecause we have that brain that
takes a little bit different.
(21:14):
We have that ability toactually being able to pay
attention to a dashboard whiledoing something else at the same
time and something caught mythe corner of my eye and I'm
like, okay, let me look at thisthing, or we have that
investigative eye or that desireto go and dig, dig deeper in
that rabbit hole and then we gointo those maze and look for
(21:35):
those needles on the haystack,and that's what makes us really
good at bluthing, at defendingor at learning a new skill.
At the same time, it can be acurse.
Why?
Because I can spend hours onthe computer and then realize
that I haven't sit and stand upfor just to give my body a break
(21:57):
or to drink water or to even goto the bathroom, and that's
kind of one of those things.
It can be addictive, it can be.
We can get super hyper focused,but it is definitely one of
those things that I think itcomes hand to hand, and I've
seen a lot of people incybersecurity mention things
(22:17):
like that.
I mean, for me, like I said,it's a struggle, but it's a
superpower at the same time.
Speaker 3 (22:25):
Very true.
Speaker 2 (22:28):
I can relate with that a lot.
So yeah, thank you for sharing.
Speaker 1 (22:34):
Oh no, of course.
One of the things is I've beenopen In my company.
I'm super open with my boss andthey know, especially I think
it was a couple of years backthere was a shortage of
medication and while I did notstruggle to do my job, I
struggled to stay focused ontasks because I didn't have my
(22:57):
medication.
You know, and they knew.
They're like have you had yourmedication?
I was like, no, I'm like, oh,okay, you just be open and tell
your struggles because, at theend of the day, people know you
need to be real and tell themhey, this is what I'm struggling
with.
(23:18):
If you see me doing this, pleasecorrect me, and that's you know
.
That's one thing I told my boss.
If you see me doinginterrupting you, for example,
please correct me.
I'm not gonna get offendedbecause you're correcting me.
If I'm interrupting you becauseI'm too passionate, too excited
, I'm actually guiding theconversation to, you know, to
what it doesn't need to be atthis moment.
I'm not staying focused ontrack, and so I think it's just
(23:39):
it's come with the whole FedExpackage, you know, and that's
what I tell everybody, that'sthe whole package.
Speaker 2 (23:47):
Yeah, I like that.
I like how you put it.
It's the whole FedEx package, Iknow.
Speaker 1 (23:55):
Sometimes it can be.
I do know for a fact thatsometimes I can get on my wife's
nerves.
For that it's just like oh God,go drink your medication, yeah.
But yeah, it's just one ofthose things I don't know.
It's a struggle, but at thesame time you start learning how
(24:19):
to live with the struggle andyou keep pushing through.
Speaker 2 (24:23):
Yeah, so do you have your number one tip for
something that you think ourlisteners should know, something
they should keep in mind?
Speaker 1 (24:36):
Never give up.
Yeah, you know, when I was akid and I was learning how to
walk, I think I fell many times.
Now I might not remember, butI'm sure that I fell and I stand
out many times.
Same thing when I was learninghow to drive a bicycle.
And same thing when I was doingsomething for the first time.
(24:58):
So I take that mentality toeverything I do.
You might not be the best atfirst and you might struggle and
you might actually fall, butjust don't give up, keep going,
because at the end of the day itis you, and only you, that can
get you up and continue, andit's you that you desire.
(25:18):
That's gonna make thedifference.
If you just give up, thenthat's it.
But if you keep going, youmight realize it's not something
that is for you, but at leastyou didn't give up.
And so I applied that toeverything in life.
And you might realize it's notsomething that is for you, but
at least you didn't give up.
And so I applied that toeverything in life.
(25:40):
I am a horrible, horrible tester.
I have testing anxiety, Istruggle doing that and right
now I'm making myself take thestudies, guys, guys, and doing
testing because I want to go geta certification and I'm pushing
(26:01):
myself through.
So will I fail?
I don't know.
We'll see.
I'll let you know if I pass mytest or no.
Speaker 2 (26:09):
But I know I'm not going to give up.
Yeah, I think you're gonna dogreat I don't know.
Speaker 1 (26:16):
It's a scary, I'm telling you, I I can know the
topic.
That's one thing with with.
Now I don't know if it's anADHD thing or no, but I, that's
one thing that I know.
I struggle all my life is I canknow a topic and yet when you
sit me down on an actual placewhere I had to do the testing
(26:38):
and there's timing involved, Iblanked out.
Speaker 2 (26:47):
Okay, that's very inspirational.
I'm glad you're going throughand doing the hard thing and
going to work on getting thosecertifications.
Speaker 1 (27:01):
All right.
That's one thing that I thinkanybody.
When people ask me, how do Iget in cybersecurity?
And I say, well, everybody hasa different path.
I get in cybersecurity and Isay, well, everybody has a
different path.
You know, I, I, I started.
I started in cybersecuritybefore I had a degree.
There's people that had adegree and then they started in
cybersecurity.
So everybody's different.
But one thing that I do noticefor a fact is that a lot of
(27:28):
companies do like to see thosecertifications.
You know companies do like tosee those certifications.
You know I was blessed to havethe opportunity that someone
gave me the opportunity to getin the field without an actual
degree, without a certification.
I got into the field, I got mydegree, I got my associates, I
(27:53):
got my bachelors.
Now I'm actually going for my,for my certifications.
But everybody's a little bitdifferent and every path is
different.
You just never give up.
Keep going, keep pushingthrough thank you, that's
wonderful.
Speaker 2 (28:11):
all right, this has been an episode of security
chipmunks.
Please make sure to like,comment and subscribe, and also
subscribe to the FedEx channel.
Thank you everybody forlistening today.
Thank you, sir.
is from a cooperative project for acquiring skills
essential to learning.
Speaker 2 (00:06):
Welcome to the Security Chipmunks podcast,
where we keep chipping away atit.
I'm Edna Johnson.
I'm here with my co-host, neilSmalley, hello.
And today we have our guest,hello, hello, welcome, fedex.
We're so glad to have you.
Speaker 1 (00:25):
Glad to be here.
Speaker 2 (00:27):
Yeah, would you like to say a couple of words about
yourself?
Speaker 1 (00:30):
Sure thing, my name is Federico Castro, but I
actually known and go by FedExeverywhere on socials and you'll
find me anywhere.
That's FedEx, that's kind of mynickname and I made it into my
brand.
So yeah, I'm a security analystfor a company right now, but in
(00:50):
reality I'm just a technologynetworking, cybersecurity
enthusiast that is always,always trying to stay ahead and
like what's new, what can Ilearn?
And always learning.
Speaker 2 (01:04):
It's a non-stop and learning journey I know I always
see any conference I go to,doesn't matter if it's local or
if I'm playing.
You know, out of state I runinto you.
Speaker 1 (01:17):
You're everywhere now so I've been told, I've been
told that I'm everywhere.
And yeah, I, I mean I'm.
I've been told, I've been toldthat I'm everywhere.
And yeah, I mean, I've beenlucky enough to be able to
participate in severalconferences recently.
But yeah, I, just I think thisis a great way to actually learn
it, at the same time networking, you meet individuals from all
(01:40):
kinds of backgrounds and allkinds of history.
So I do enjoy, when possible,going to a conference.
Speaker 2 (01:49):
Yeah, that's great.
So I wanted to ask you about.
You know, there's a lot ofemerging technologies in our
field and lately it's beenparticularly AI field and lately
it's been particularly AI.
So speaking of, like artificialintelligence and maybe machine
(02:09):
learning, how do you think thatlike influences cybersecurity
strategies nowadays?
Speaker 1 (02:16):
Well, so AI is not something new.
I mean, we've been dealing incybersecurity way I back in the
70s and so the what is actuallynew is the agentic AI, the this
AI that is actually reasonable,that the people can actually
type in and and now get aresponse back, and that's what's
(02:36):
actually was changing.
So I it is really changing alot because I mean, think about
it, when I was actually growingup, I think I did math doing
with an abacus and you know, youkind of little fills to one
side and now kids usescalculators, I use a typewriter,
now my kids use computers, andso it is changing.
(02:57):
You know, I think that the AItechnology is going to change
the way we do our day-to-dailytasks.
I've been actually recentlytaking a couple of courses from
Jason Haddix in Arcana Securityand you know if I think that
I've been doing something withAI, the guys that are there
(03:19):
taking those classes and thequality of teaching on those
classes are just way beyond mytime.
There's a lot of technology.
I think it's just going torevolutionize the way we do our
things.
Now it's not going to replacethe human being, but it is
definitely going to make us moreproductive if we know how to
(03:39):
use the tool because, at the endof the day, ai is a tool tool
because, at the end of the day,ai is a tool.
Speaker 2 (03:50):
That's very true.
How is the class with JasonHaddix?
I've heard great things.
Speaker 1 (03:54):
Well, jason has developed a methodology where he
actually goes.
I mean, if you ever had theopportunity to sit down with him
and see his classes or actuallysee his talks, you'll know that
he's probably one of thepersons that, at the last minute
, he's making changes, becausetechnology, for instance AI, is
so revolutionary that it'shappening so quite often that
(04:17):
he's making changes as he goessometimes, and so Jason is
trying to keep up witheverything that is new.
He's bringing new insights,he's bringing in his methodology
.
He actually does share hismethodology with the people in
the class, which is somethingthat you don't see a lot of
people to do.
That, I mean, I've been inclasses where you know you're
(04:37):
going to learn a curriculum, butwith his classes, you're going
to learn the curriculum.
It's going to be an openconversation.
So if you've got a question,please interrupt me.
If you've got something to say,please bring it.
If I don't know the answer,we're going to search it
together, and so it creates areally great environment for you
to learn and actually makedesires.
Out of the last class that Ijust finished last week with him
(05:00):
, I decided to start creating myfirst GPpt agents, which I have
played with chat gpt.
Here and there I definitely hadused it to correct my spanglish
, but now I actually created achatbot or an actual bot that
will pull um.
(05:21):
It will actually will help meto get informations on CVEs and
compile all in one response.
So it's just going to make mylife more easy when it comes to
the Tuesday patches, because I'mjust going to dump the CVEs
into the chat bot and it justgoing to give me a lineup and
(05:42):
percentile and EPSS score andeven it's actually I can give
you a demo on it but it willactually drop down a summary for
CISOs and a summary for regularusers.
So it's just going to make myreports faster.
Speaker 2 (06:02):
That sounds really interesting.
Faster, that sounds reallyinteresting.
I love that you're thinkingabout also delivering reports to
upper level management andmaking it so that it fits for
their needs as well, and thatreally helps you stand out as a
security person when you're ableto deliver those reports.
Security person when you'reable to deliver those reports to
(06:24):
your C-level suite yeah, that'sbrilliant.
Speaker 1 (06:28):
I actually, specifically today.
I went back to work today and Istarted working on integrating
that bot into an ecosystem,because every company is going
to tell you we can use AI.
Some companies will tell you noAI, some companies will tell
you, yes, but here's what we canuse.
Now we know the chat GPT is anopen model that you know
(06:48):
whatever you put in there isgoing to stay in.
You know open AI is going tosee your stuff.
So you really don't want to putany proprietary information or
company information on opensearch.
You want to make sure that youkeep that as a secure person.
You don't want to reveal thesecret sauce or actually spill
the beans or get fired becauseyou just, you know, put the
(07:10):
improper information on thatopen source.
And so, um, we do have aco-pilot integration, we do have
co-pilot and microsoft thatstated that they're going to
keep all your data secure underthe micropilot environment.
So I actually went and create anagent because that's how they
call it in Copilot, they call itagents, but that's the same
(07:30):
thing and test it out.
And when I presented it to myboss he was like whoa.
He was kind of like, okay, Ilike this, what else can we do
so?
He was already asking for more,and the reason why he asked for
more is because he said okay,so how can we integrate some of
the tasks that we do to domanually, to get these agents to
(07:51):
work, and if you actually havebeen keeping up with the AI
technology, last week somethingnew came out.
It's called MCPs and that isgoing to make AI and the agentic
AI go to the next level.
Speaker 3 (08:07):
Absolutely.
There's already a Gidra pluginfor it.
I believe Somebody made it.
Speaker 1 (08:14):
Well, and I've seen a couple of videos.
I mean, all the influencers andpeople started creating the
videos about NCP, ncp, ncp, andpeople started creating the
videos about NCP, ncp, ncp, butit's not something that I've
seen someone pull it outtogether yet and working, so
we're still testing those waters.
However, daniel Missler, thecreator of Fabric, has been
(08:40):
talking about this concept since2016.
It might not call it NCPPs, buthe called it the I think in his
work when his white paper.
It was the demons and it'sbasically how it's all API
connected, how your agent oryour demon or your MCP server is
(09:00):
going to talk to another MCPserver that's going to do X, y
and Z, and so it's going to cometo the point where you're going
to need a task and let's justsay that I'm going to say, well,
I'm going to need gas tomorrow.
So my NCP already know hey,fedex is going to need gas
tomorrow.
Let's pull out what is theprices on gases and what's the
(09:22):
desirable route, and he's goingto go to work on this route.
So I'm gonna tell him this andand so he's gonna immediately go
and act out and ask to theother mcps and it's gonna be
automatically.
That's gonna make our life moreinteresting.
That's gonna make our life moreuh, we're gonna become a little
bit more, um, efficient.
(09:43):
You know, I just think that thetechnology is amazing.
At the end of the day, it isstill a tool and just like a
tool, we need somebody thatoperates it, somebody that
learns it, and if you don't typethe right input, you get a bad
(10:04):
output.
Same thing as using acalculator.
You can have the most expensivecalculator in the world, but if
you don't know what kind offormula you enter, you will not
get the right results.
And that's the same thing.
I see AI.
You have to be able to use thetools in order to get the
results.
Speaker 2 (10:24):
Exactly.
Well, that's brilliant.
Speaker 3 (10:29):
Certainly.
Speaker 1 (10:37):
Now have you actually worked?
Speaker 2 (10:41):
or experimented with AI.
I haven't done much myself.
I've ran some queries onChatGPT and I've done some work
with the AI honey bots.
But putting together customprompts like that, not really
you know, and that's the thing Ilike.
Speaker 1 (11:02):
I say I thought I actually knew something and I
was doing the same thing, andthen it's when you get to these
classes that you realize, wow,there's, there's so much
potential to tap in that we arebarely barely touching the first
layer of what the systems cando for us.
And yet it's not a newtechnology, it's a really old
(11:23):
technology.
We just started exploring itmore and more, and now the
computational capacity orcomputers are becoming more
powerful so it can run this typeof models and stuff.
So I just I'm fascinated,fascinated by the possibilities
in here.
Speaker 2 (11:42):
Awesome.
Glad to hear it.
Speaker 3 (11:47):
Very cool, so I had originally come across you.
I think you had done aninterview with Carla over at
Greylog.
I think it was like DeathCon orsomething, so that's how I
originally found out about you,that's awesome.
Speaker 1 (12:07):
So you probably saw it in my YouTube channel.
Yes, yes, I have a smallYouTube channel that I post
videos here and there.
As Enda mentioned, I do go tosome conferences and when I go
to the conference I take theadvantage and just talk to the
people.
I guess I'm a little bit I'm anintrovert on an extrovert when
(12:32):
it when it comes to uh, uh,those things, because I mean I
do need my time for myself.
But, um, yes, that that condetection, threat hunting
engineering conference is one ofthe best conference I ever gone
for technical workshop.
(12:52):
So this was not much of one ofthose conferences that there was
a lot of networking, eventhough there was networking
involved.
This was a technical 100%beautiful.
I mean I can't wait for thetickets to come out to 2025, so
I can immediately pay for it.
Because, talking about stuffthat you learn, I mean I can't
wait for the tickets to come outto 2025 so I can immediately
pay for it.
Because, talking about stuffthat you learn, I mean it was
(13:14):
red, blue, purple People put inthe workshops and Carla was one
of those persons that had aworkshop on Greylock and had to
set up a Greylock store and hadto actually get logs, and so she
did.
She created a whole workshop andshe was there present and I
(13:35):
mean I'm telling you that wasthe first, actually, time that I
experienced with Rayla and Ihad some issues setting up the
box, but she was right there,they were there with you and so
she was like, oh, you know what,let's just fix this, this and
let's try this and make sure yougot this one to a distro, and
(13:58):
it's just nice.
I mean it was a learningexperience for sure.
It was super packed.
I mean I got to tell you twodays it was not enough for all
the type of material that wasthere.
Now there is one of thosethings about that conference.
It was that they actually leftthe workshops open longer than
the two days only so you can, ifyou are a disciplined person
(14:21):
and you had the time, you can goback and, you know, take more
time and follow the instructions.
And even the workshop leaderswere still available on the
Discord to answer any type ofquestions that you might have or
come across.
Speaker 3 (14:34):
Yes, my favorite capture the flags are the ones
that leave the challenges upeven after it's over, so you can
go back and work on the onesyou didn't have time for.
Speaker 1 (14:44):
Yeah, et and I recently participated on a
vision competition CTF and whileI did not get all the flags, it
was something that I wishedthey would have left it open to
go and keep trying, because Ithink it's the first time I've
seen it.
It's a vision competition, soit's AI.
(15:06):
You're attacking the AI, butit's a CTF competition voice
prompted.
So there was no, all hackingwas done through your voice.
All hacking is, you know, youactually doing like human
hacking, but I guess it's an AIright now.
It's a machine, but yeah, it'sjust different.
Speaker 2 (15:31):
Yeah, that was a fun competition.
Yeah, the guys at Red Sea, itwas awesome, they did a great
job with that, yeah, so thatkind of brings me to my next
question.
So what's the next conferencethat you're going to go to?
Speaker 1 (15:49):
To tell you the truth , I just looked at my calendar
and I believe I'm actually goingto be in a conference next week
Next week Already.
Yeah, I just realized thattoday.
I need to verify it and makesure, but I think I'll be next
week on Novi4Con.
Speaker 2 (16:06):
Oh nice.
Speaker 1 (16:07):
Yes, that should be good.
So, as you know, knowbe4 is acompany that is one of the
biggest companies for usertraining, user behavior training
and phishing training.
I think a lot of the companiesuse them.
I mean there's still othercompetitors there too, but it's
(16:28):
either I think it's Proofpointor I think that's the other
company and then Novi4, I thinkthat's the two biggest ones that
does this kind of training.
There's other companies inbetween, but they'll put in
their conference soon and sincewe are a shop that used Novi4,
then we'll be going in there tolearn and see what's new.
Going in there to learn and seewhat's new.
(16:52):
90% I mean all the reportsthat's coming out recently on
cybersecurity.
They all agreed that almost 90%of the attacks and breaches in
cybersecurity are done becauseof phishing.
So it's always good to try tostay ahead of the curve and I
got to tell you with AI you'renot finding that misspelling.
You know Kino, nigeria, sendingyou the emails anymore.
(17:16):
They're really getting crafty.
Speaker 2 (17:21):
Yeah, and those that are doing phishing.
They now have access to chatGPT.
So if they had languagebarriers writing those emails,
they now have the tools to makethem better.
Speaker 1 (17:33):
So all the emails are leveling up.
Yeah, and even creating code.
I mean, if you struggle writingin Python or JavaScript or even
PowerShell, you can use the AIlanguage model and say, hey, I'm
looking for a script that doesthis and this and I wanted to
(17:54):
read it in this language and itwill write it down for you.
Then you can test it out andyou can make corrections.
So I mean it's leveraging thetool to make yourself more
better.
I believe 4.0,.
I think 4.0, what is it?
(18:15):
4.0.
The ChatGPT 4.0 model actuallydoes better for coding and
everything.
It can check your code.
It can tell you where you haveany issues.
There's other companies rightnow that actually in doing code
revision and implementing ai, sonow the ai will tell you where
(18:39):
your script is failing.
As you're writing the code, I'mtelling you it's
revolutionizing the way we work.
It's revolutionizing the way wework.
But if it's not, this is avendor conference, so the next
(19:05):
one, really, I think it's goingto be Hackspace Car.
Oh nice, I'll be there too.
Yes, I submitted forvolunteering this time, so
hopefully you get me acceptedand I'll be there volunteering,
so maybe you see me theretelling you it's this way.
Speaker 2 (19:14):
Yes, that'd be great.
Speaker 3 (19:20):
Definitely seems very popular.
I heard lots of people talkingabout that one.
Speaker 1 (19:26):
I've never been there .
They said it's amazing, andespecially the fact that it's
the only conference that youactually get to go one day at
NASA, like the first day it isactually done in NASA.
It's just amazing.
Speaker 3 (19:41):
So cool.
Speaker 1 (19:43):
Yeah, it is cool.
It does get the geeky out of me.
Speaker 3 (19:50):
So I noticed on your profile you have a neurodiverse.
How's that been a part of yourjourney and where does that fit
in?
Speaker 1 (20:02):
That is the struggle and a superpower all combined at
the same time.
Um, when I was dating, my wifeactually, yeah, dating.
And when we got married, mywife actually has a master's in
mental health, counseling andpsychology and all this other
stuff.
So, you know, it's just likeman, you need to actually get
(20:24):
diagnosed, you need to get helpbecause you're all over the
place.
And so, yeah, I got diagnosedand they're like, oh yeah, you
have ADHD man.
And so, yeah, I got diagnosedand they're like, oh yeah, you
have ADHD, man, you needmedication, you need to be able
to do this thing.
And I was like you know what Alot of the things make sense now
, why I struggle so much, but atthe same time, how other things
came so easy for me.
You know how can I learn thingsfaster or how can I actually
(20:52):
pay attention to two or threethings at the same time?
And one thing that I havelearned in here in cybersecurity
is that a lot of people that Iknow are either neurodivergent
or there's some sort of aspectrum, and the reason why we
excel in cybersecurity isbecause we have that brain that
takes a little bit different.
(21:14):
We have that ability toactually being able to pay
attention to a dashboard whiledoing something else at the same
time and something caught mythe corner of my eye and I'm
like, okay, let me look at thisthing, or we have that
investigative eye or that desireto go and dig, dig deeper in
that rabbit hole and then we gointo those maze and look for
(21:35):
those needles on the haystack,and that's what makes us really
good at bluthing, at defendingor at learning a new skill.
At the same time, it can be acurse.
Why?
Because I can spend hours onthe computer and then realize
that I haven't sit and stand upfor just to give my body a break
(21:57):
or to drink water or to even goto the bathroom, and that's
kind of one of those things.
It can be addictive, it can be.
We can get super hyper focused,but it is definitely one of
those things that I think itcomes hand to hand, and I've
seen a lot of people incybersecurity mention things
(22:17):
like that.
I mean, for me, like I said,it's a struggle, but it's a
superpower at the same time.
Speaker 3 (22:25):
Very true.
Speaker 2 (22:28):
I can relate with that a lot.
So yeah, thank you for sharing.
Speaker 1 (22:34):
Oh no, of course.
One of the things is I've beenopen In my company.
I'm super open with my boss andthey know, especially I think
it was a couple of years backthere was a shortage of
medication and while I did notstruggle to do my job, I
struggled to stay focused ontasks because I didn't have my
(22:57):
medication.
You know, and they knew.
They're like have you had yourmedication?
I was like, no, I'm like, oh,okay, you just be open and tell
your struggles because, at theend of the day, people know you
need to be real and tell themhey, this is what I'm struggling
with.
(23:18):
If you see me doing this, pleasecorrect me, and that's you know
.
That's one thing I told my boss.
If you see me doinginterrupting you, for example,
please correct me.
I'm not gonna get offendedbecause you're correcting me.
If I'm interrupting you becauseI'm too passionate, too excited
, I'm actually guiding theconversation to, you know, to
what it doesn't need to be atthis moment.
I'm not staying focused ontrack, and so I think it's just
(23:39):
it's come with the whole FedExpackage, you know, and that's
what I tell everybody, that'sthe whole package.
Speaker 2 (23:47):
Yeah, I like that.
I like how you put it.
It's the whole FedEx package, Iknow.
Speaker 1 (23:55):
Sometimes it can be.
I do know for a fact thatsometimes I can get on my wife's
nerves.
For that it's just like oh God,go drink your medication, yeah.
But yeah, it's just one ofthose things I don't know.
It's a struggle, but at thesame time you start learning how
(24:19):
to live with the struggle andyou keep pushing through.
Speaker 2 (24:23):
Yeah, so do you have your number one tip for
something that you think ourlisteners should know, something
they should keep in mind?
Speaker 1 (24:36):
Never give up.
Yeah, you know, when I was akid and I was learning how to
walk, I think I fell many times.
Now I might not remember, butI'm sure that I fell and I stand
out many times.
Same thing when I was learninghow to drive a bicycle.
And same thing when I was doingsomething for the first time.
(24:58):
So I take that mentality toeverything I do.
You might not be the best atfirst and you might struggle and
you might actually fall, butjust don't give up, keep going,
because at the end of the day itis you, and only you, that can
get you up and continue, andit's you that you desire.
(25:18):
That's gonna make thedifference.
If you just give up, thenthat's it.
But if you keep going, youmight realize it's not something
that is for you, but at leastyou didn't give up.
And so I applied that toeverything in life.
And you might realize it's notsomething that is for you, but
at least you didn't give up.
And so I applied that toeverything in life.
(25:40):
I am a horrible, horrible tester.
I have testing anxiety, Istruggle doing that and right
now I'm making myself take thestudies, guys, guys, and doing
testing because I want to go geta certification and I'm pushing
(26:01):
myself through.
So will I fail?
I don't know.
We'll see.
I'll let you know if I pass mytest or no.
Speaker 2 (26:09):
But I know I'm not going to give up.
Yeah, I think you're gonna dogreat I don't know.
Speaker 1 (26:16):
It's a scary, I'm telling you, I I can know the
topic.
That's one thing with with.
Now I don't know if it's anADHD thing or no, but I, that's
one thing that I know.
I struggle all my life is I canknow a topic and yet when you
sit me down on an actual placewhere I had to do the testing
(26:38):
and there's timing involved, Iblanked out.
Speaker 2 (26:47):
Okay, that's very inspirational.
I'm glad you're going throughand doing the hard thing and
going to work on getting thosecertifications.
Speaker 1 (27:01):
All right.
That's one thing that I thinkanybody.
When people ask me, how do Iget in cybersecurity?
And I say, well, everybody hasa different path.
I get in cybersecurity and Isay, well, everybody has a
different path.
You know, I, I, I started.
I started in cybersecuritybefore I had a degree.
There's people that had adegree and then they started in
cybersecurity.
So everybody's different.
But one thing that I do noticefor a fact is that a lot of
(27:28):
companies do like to see thosecertifications.
You know companies do like tosee those certifications.
You know I was blessed to havethe opportunity that someone
gave me the opportunity to getin the field without an actual
degree, without a certification.
I got into the field, I got mydegree, I got my associates, I
(27:53):
got my bachelors.
Now I'm actually going for my,for my certifications.
But everybody's a little bitdifferent and every path is
different.
You just never give up.
Keep going, keep pushingthrough thank you, that's
wonderful.
Speaker 2 (28:11):
all right, this has been an episode of security
chipmunks.
Please make sure to like,comment and subscribe, and also
subscribe to the FedEx channel.
Thank you everybody forlistening today.
Thank you, sir.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com