December 12, 2025 • 22 mins
The most reliable way to learn cybersecurity is to touch the tools, break things safely, and build them back with intent. That’s the heartbeat of our conversation with John Hammond, where we unpack how hands-on labs, community feedback, and a healthy mindset can speed up your growth and make it last.
We start with the spirit of DEF CON: presenters acting like instructors, guiding real exercises where attendees build muscle memory instead of passive notes. John explains how that approach inspired Just Hacking Training—an accessible, collaborative platform with expert-led curriculum, live ranges, quizzes, and walkthroughs you can actually use on the job. We talk about why practical, application-first learning is the quickest path for newcomers who don’t have enterprise tools at home and need portfolio-ready proof of skill.
From there, we explore the tension between chasing headlines and building evergreen skills. John’s framework is simple: anchor your time in fundamentals that compound—networking, scripting, Linux, detection engineering, exploit analysis—and use the latest vulnerabilities as sparks for practice. You’ll avoid the burnout of the news cycle while keeping your curiosity alive. We dive into “learning in public” as a force multiplier: sharing notes, repos, and writeups creates a feedback loop, accelerates improvement, and leaves visible evidence of progress for hiring managers and mentors.
Imposter syndrome and overwhelm come for everyone. John offers grounded ways to cope: compare yourself only to yesterday’s you, turn doubt into small daily reps, and step off the treadmill when you need recovery. Pair that with community—Discords, conferences, local meetups—and you’ll find both accountability and energy. For anyone starting today, the blueprint is clear: keep it fun, share your work, and show up where people learn together.
If this resonates, follow John on YouTube, LinkedIn, and X, and explore Just Hacking Training for name-your-price labs and courses. Enjoy the episode, then subscribe, leave a review, and tell a friend who’s trying to break into cybersecurity—what’s the one skill you’re doubling down on next?
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Intro (00:00):
From a cooperative project for acquiring skills in
the child to learn.
Edna Jonsson (00:06):
Welcome to the Security Chipmunks Podcast,
where we keep chipping away atit.
I'm here with my co-host, JerryBell, and our guest John
Hammond.
Welcome, John.
We're glad to have you.
John Hammond (00:20):
Hi, everyone.
Thanks so much for letting mejoin you here.
This is awesome.
Welcome.
Edna Jonsson (00:24):
Yeah.
Wonderful to have you.
So we met at DEF CON, thedetection engineering and threat
hunting conference.
Do you remember that?
John Hammond (00:33):
I do.
Edna Jonsson (00:35):
Yeah.
So I was very lucky to have youhelp out and give away one of
our tickets to the Orlando DEFCON site.
So what got you interested inDEF CON and what did you think
about it?
John Hammond (00:51):
Ooh, well, uh DEF CON, I know, at least from what
I've seen, and I it was kind ofa little bit before I finally
get a chance to go make it, uh,go be there and attend.
But I love the fact that it'shey, all hands-on, it's all
workshop-based, it's allsessions that are really
genuinely, hey, just kind of thepresenter, uh, acting really
like an instructor to walkthrough a whole exercise, to go
(01:13):
through a demo and to make iteven something that's
interactive so that other peopleand all the attendees can join
in.
Uh, that's just one of thecoolest things because look,
that that's where the reallearning comes.
That's where the value and theeducation comes in.
Um, and Randy, I know one ofthe organizers, he'd asked, Hey,
Jeron, do you mind helpingspread the word?
So yeah, we did that sweetgiveaway, let some folks join in
(01:34):
with the ticket.
Uh, and I'm super glad that itis getting some folks to be able
to be part of the party.
Edna Jonsson (01:41):
Yeah, that was wonderful.
And absolutely, like youmentioned, the workshops there,
they are actual stuff that we'redoing in the field.
So it's really valuable topeople who are trying to break
into cybersecurity to get thathands-on um practice with tools
that usually you don't seeunless you're working in an
(02:01):
enterprise environment.
So, yeah.
So, speaking of training, um,Jerry had a couple of questions.
Yes.
Jerry Bell (02:10):
So, you created uh this just hacking training.
So, can you tell us a littlebit about that?
What what uh what was theimpetus for creating that?
John Hammond (02:19):
Totally.
And and thank you for asking.
Uh, that is a a labor of love,another sweet new fun passion
project.
Uh, because well, for a longwhile, it's no secret, hey, I've
had this YouTube channel whereit's kind of just been me
talking and walking on thecomputer screen, showcasing
stuff and trying to get morecybersecurity education out the
door.
Um, and you know, over theyears, it's been like a decade
(02:42):
and a half, there have been ahandful of folks that have kind
of raised their hand and asked,like, hey, John, when are you
making a course?
Uh, when are you puttingcourses together?
Are you ever gonna do courses?
Hey, do you have a course thatI could go through?
And, you know, the usual kindof schoolhouse curriculum
training and learning and stuff.
And I gotta be honest, aYouTuber is not the best at
(03:04):
making a full-blown course,right?
Because I'm I'm pretty used toall that formula of okay,
something that's in a tight30-minute video, 20-minute
video, 10 minutes or less kindof thing.
But having a whole uh liketrajectory of one material, one
lesson, one point A to B tolearn something more, uh is
tough.
It's it's it's tough to craftout.
Uh, but I had this realizationwhen I was getting to hang out
(03:28):
with more and more friends, moreand more incredible people in
the industry.
Like, look, there are so manyother genius, incredible people
that are doing fantastic andincredible stuff.
Uh, so I wondered, look, couldwe try to kind of bring all
these bright minds together?
Uh, would they be willing tohelp craft and create and build
out some of the curriculum andmake for that hands-on,
(03:50):
interactive, practical, andapplication-based learning with
oh, yeah, of course, thelessons, the curriculum, videos,
the walkthroughs, theexercises, the quizzes, and a
full-blown like VM range, likevirtual machine and lab to be
able to poke and play.
Um, so we kind of kick-startedthe idea.
We were playing around with it.
I think it got some real windand really launched over in
(04:12):
October of 2024 now.
Um, but it's just been so cool.
It's been, I hope, a reallysweet opportunity and just a
really great mission andadventure for me now is hey,
trying to spread more education,trying to help at this scale in
a whole new way where it's notjust me anymore, it's all the
awesome and incredible people inthe industry.
Uh, so I'm really, I'm reallyhappy to see where it's going.
(04:33):
It's just a lot of fun.
Jerry Bell (04:36):
So, so this is uh obviously a really fast-moving
industry.
How do you decide what you'regoing to focus your content on?
John Hammond (04:44):
Ooh.
Well, I a little bit of backand forth in my mind, truth be
told.
Because like it's one thing,yeah, I'd love to go chase the
latest hot ambulance, you know,chase the new hotness, see
what's happened in the news,current events.
And I do try to sprinkle thosein here and there, but I know
those are really superephemeral.
(05:06):
Like that, that's totallytemporary if it's just the news
of the week or the weekend,right?
Uh, so I still try to keepstockpiling and really bringing
out just more uh not to sayfoundations, but stuff that is
kind of evergreen content andeducation.
Like they're still learninghowever many years you watch it.
It's not living and dying inthe breath of the news cycle.
(05:27):
So I don't know.
I try to balance both, but uhreally it uh to be totally
honest, it just boils down towhat am I interested in?
What do I want to showcase?
What do I want to play?
I have a little strategicadvantage where the channel is
just kind of my name.
It's John Hammond.
So whatever John wants to talkabout, John will talk about.
Edna Jonsson (05:48):
So I just noticed that just hacking training also
could be John Hammond training.
Did you know that?
John Hammond (05:58):
So the JH part of the JHT is a little uh little
play.
Uh because I did want to, youknow, make sure I'm still in the
picture someway, somehow.
Edna Jonsson (06:10):
Yeah, that's neat.
I like that.
It's a little Easter egg.
John Hammond (06:14):
It is especially cutesy if you really think the
same like number of letters inthe words John and just hacking
and Hammond, but whatever.
And you know, hey, you cares.
Yeah.
Jerry Bell (06:24):
You you put a lot of thought into that.
Uh it's clever, right?
Edna Jonsson (06:28):
Yeah.
Jerry Bell (06:29):
So what has been your favorite uh memory or
moment in in your just hackingexperience here?
John Hammond (06:37):
Oh goodness, that's a super good question.
Jerry Bell (06:42):
Uh I all credit to Edna, by the way.
John Hammond (06:46):
I'm trying to think, what's the what sticks
and stands out?
I'm going to events andconferences and kind of being
with people in person, you know,in the real world, not just
kind of sitting behind thecomputer screen, um, getting a
chance to be with folks that arewilling and want to come up and
say hi, shake hands, chat, tellme, like, hey, they've been
(07:06):
learning all a lot of sweetstuff, and they got into this
job or they they got in theindustry because of the stuff
that I've been doing.
Um, it's very surreal.
It's it's extremely fulfilling.
Because, you know, from myperspective, I'm just like
sitting alone in my room yellingat my computer with the camera
on.
Um, but I'm just so gratefulthat that has caught some wind
and uh got a little bit ofmomentum, and it really helps, I
(07:28):
hope, bring some value forpeople.
Uh so I don't know if that'sreally a favorite moment, but
that is certainly like one ofthe favorite feelings of wow,
cool.
I hope I move the needlesomehow somehow.
Edna Jonsson (07:42):
Yeah.
So I was curious, I know thatyou come from a training
background.
Um, has that helped you in yourcareer?
And also, um, does that helpyou with like public speaking
and things like that?
John Hammond (07:57):
Totally.
Yeah.
Um, so super quick crashcourse, if that's okay.
Uh I I feel like I got a lot ofmy beginnings, learnings,
fundamentals to kind of get intoall this stuff.
Um, when I attended the USCoast Guard Academy, that was
for my undergrad, for college,for school, and that's one of
the military institutions overin the United States, right?
So think of Annapolis, likeNaval Academy, uh, West Point,
(08:20):
the Military Academy, blah,blah, blah.
Uh, and that, you know,instills a little bit more of
the militant, you know,regimented kind of oh uh
cambroadery and stubborn gritand determination.
Uh, but it also really tellsyou how to talk, uh, especially
to some of the oh high flyingofficers, gold and brass, and
VIP people that would come andjoin the party to see what we're
(08:41):
up to.
Uh so I had to talk and presentto them what oh, our cyber team
little extracurricular club wasall up to.
Um, and then once and after theCoast Guard Academy, uh I was
training and building out theircyber team and trying to make
sure the rest of us cadets weresmart and learn a lot of this
stuff.
I bounced over to theDepartment of Defense Cyber
(09:02):
Training Academy to teach, liketo literally really be an
instructor, standing up in thepodium, riding a unicycle,
trying to juggle, keep peopleawake for eight hours.
Um and that I gotta admit,yeah, I really feel like feeds
and helps in you know bothdirections, getting better,
improving, and having thecapability to present and to
(09:24):
talk and to yeah, hopefully makesure something is still fun and
exciting for people while I'mrambling and yapping.
Edna Jonsson (09:33):
Oh, that is wonderful.
I'm I'm glad that you had thatexperience, and that's such a
cool like sometimes people don'tthink about how you come from
different backgrounds, and thatreally helps you when you get
into cybersecurity.
Um this also ties into anotherquestion that I have.
So you have talked about uhlearning in public.
(09:54):
Um, so why is that a powerfulstrategy for cybersecurity
students and how can they startdoing that?
John Hammond (10:02):
Oh, awesome question.
Uh look, I know I maybe it'ssilly with my YouTube channel
and all, but I don't mean tokeep falling onto that as a
crutch.
But I I know that look, I don'tknow everything, and I'm still
here to learn kind of alongsideeveryone else.
So a lot of that learning inpublic and oh, trying to build,
(10:23):
trying to play, trying to hack,go through some of these
vulnerabilities and exploits andstuff.
Like all of that is so thathey, I can share it with other
people, uh, share what I'mlearning and share, hopefully,
and get to hear what they'relearning.
Because even in the comments,if it's a blog, if it's a
write-up, if it's something thatyou post on Twitter or
LinkedIn, whatever, uh, whenfolks can let you know, hey,
(10:45):
actually, you know, you couldhave done this faster uh with
this technique or with if youuse this trick, or oh, have you
heard of this tool?
You should check out you shouldcheck out this program, this
application.
This could speed you up.
Um, and that was just a reallycool feedback loop.
Um, I was doing YouTube for youknow, way back when, even
before uh that college CoastGuard Academy undergrad
(11:07):
timeline.
And even then it was just, hey,I'm having fun.
I'm enjoying this stuff.
And even stockpiling andcollecting these online videos
or write-ups or blogs or howeveranyone else might tackle it,
uh, that felt like momentum.
Because hey, it now I have aproof, now I have a demonstrated
and uh tangible, so to speak,something to capture that work
(11:30):
that I've done, and other peoplecan learn from it and uh they
can help teach me.
So it was just always awesome,uh, a really, really cool sort
of cycle to just keep improvingwith the community.
And I would totally recommendthat to anyone if they're up for
it.
And it doesn't have to betalking to a camera and making
videos, it can just be yournotes, honestly.
(11:51):
If it could just be anythingthat you're already putting
together, but why not share itand make it public so that we
all can learn?
Jerry Bell (11:58):
Nice, very nice.
So you've you've in the pastmentioned imposter syndrome.
So what what advice would yougive to new learners who are
feeling bad imposter syndrome?
And by the way, you know, I'vebeen in this industry for uh
probably longer than y'all havebeen alive, and I have this
(12:20):
imposter syndrome pretty prettybad.
So uh I'd I'd love to hear yourthoughts on that.
John Hammond (12:26):
Well, I mean, the thing is it it it strikes
everyone.
Uh it hits everyone, no one isimmune.
I have imposter syndrome andburnout and the mental fatigue
and all the things that you knowreally do bog us down, and no
one's an exception.
Um I whenever I can, I've triedto treat that or harness it to
(12:49):
kind of act as a little bit offuel.
Like, hey, can that be themotivation?
Like, oh, I want to get betterbecause uh I need to make this
ideal or I want to reach thisgoal or hit this accomplishment,
achievement, a milestone.
Um, and if I'm comparing myselfto other people, I realize I
know a lot of that honestly justkind of comes from doom
(13:09):
scrolling on social mediabecause I see everyone else
sharing their wins, highlightingall the best stuff that they're
up to, the new certificationthey got, the new job that they
were doing.
Like it's really, really easyto then just compare yourself to
them and beat yourself up forit.
But honestly, I think the bestyou can do is compare yourself
(13:32):
to yourself.
Like, did you learn somethingnew today?
Are you better than you wereyesterday?
If it's 10% better, if it's 1%better.
Look, if you are staying withit.
If you're keeping up with thepulse and the heartbeat, then
that's the best way you can atleast keep fighting up against
imposter syndrome.
But it you're gonna hit thewall.
I have, we all do.
(13:52):
Uh, it's just something else wewrestle with.
Thank you for that.
Edna Jonsson (13:58):
Yeah, I've felt imposter syndrome a lot.
John Hammond (14:01):
Yeah, no, me too.
Edna Jonsson (14:03):
Yeah, earlier this year when I uh competed and won
that black badge at Wild WestHacking Fests.
Oh, yeah.
I was competing against somereally talented people.
And it made me feel so wildthat like I had won this and I
felt like I had to return thebadge or something for a bit.
Like it's like, oh no, I don'tdeserve this.
(14:24):
But yeah, it's uh those are thebest things, though.
John Hammond (14:28):
Those are when you do celebrate some sweet
success, an actual awesomeaccomplishment.
Uh, and so being there withteammates, being in there in
person, like that is somethingto be super proud of.
Edna Jonsson (14:38):
Yeah.
It it was wonderful, and I'mglad I did it.
Yeah.
Imposter syndrome is just likeit will creep up on you when you
when you don't want it.
You don't choose to have it forsure.
Um, but when you're doing a lotof things, you can sometimes
feel overwhelmed.
And I attended a talk that youdid uh as the keynote at B Sides
(15:04):
Tampa, where you talked aboutall of the pressures that people
feel when they're gettingstarted in cybersecurity and
people are telling them you needto do this and that.
Can you talk about that a bitand share your thoughts on all
of the pressures that we feel aswe're trying to break into this
field?
And it feels overwhelming?
John Hammond (15:25):
I can try, because uh yeah, I know that's still a
struggle point uh for me too.
Um so yeah, way back when uhfor Besides Tampa this year,
2025, uh it was a real honor, anincredible opportunity to be
their closing keynote.
Uh, and I brought this talktitled Another Round on the
(15:46):
treadmill, uh, which was the youknow fluffy, oh ha ha thought
leadership kind of waxing poetickind of idea, just to because
that that's a keynote, that'sjust what it has to be.
Um but it was playing with thatnotion that hey, uh there's so
much for us to do incybersecurity and so much for us
to learn, and so much that it'stoo much for us to do and keep
(16:11):
up with.
Um, and it is really feelinglike it's some cycle, it's some
cyclic thing that we just gottachase the next new
vulnerability, the next do andalert, the next through threat
act, or the next audit, the nextwhatever, and go after that
next cert, blah, blah, blah,blah, blah.
All the studying that we do.
It is super duper overwhelming.
And I feel it all the time.
(16:32):
And I I hope that look, if weat least even talk about that,
like if we acknowledge that, ifwe if we shine a spotlight on
that, uh, we don't ignore itbecause I think we all just know
we we all understand that.
But I was trying to get thismessage across.
We're like, okay, you don'tneed to boil the ocean, you
(16:55):
don't need to consume absolutelyeverything.
I know people tell you to be asponge, but like, look, you can
only hold so much, uh, all thatwater, all that information,
everything you're trying to do.
Um so the whole another roundof the treadmill premise was
like, look, you're doing awesomestuff.
You're on it, you're working,you're running on the treadmill.
And if you need a break, that'stotally okay.
(17:18):
Uh, because if anything, you'regonna feel better.
You're gonna you're gonna havesome time for your your your
muscles to build up, for you toget that cardio back in action,
whatever analogy we'd like here.
But literally, genuinely take abreak.
Like let yourself catch up,catch your breath, relax, and
enjoy.
Because you are doing thisbecause you love it.
(17:38):
There is a passion there,that's why we're all in this.
Um, but then get back on thetreadmill.
Just another round on thetreadmill.
Edna Jonsson (17:51):
Yeah.
Jerry Bell (17:53):
Good advice.
Good advice.
Um, so if if you were if youwere to start over again, and I
I I find myself uh asking thisquestion of myself quite quite a
lot because I'm uh entering mythird career, I think.
John Hammond (18:09):
Excellent.
Congrats.
Jerry Bell (18:10):
How how would you approach getting into
cybersecurity now?
And and in in particular, Ithink the the listeners of this
show are are you know often kindof coming in coming freshly
into the industry.
So what advice would you giveyour younger self if if you were
coming into the industryindustry right now?
John Hammond (18:29):
Oh uh I guess uh maybe this sounds uh boring or
bland or stupid or trite, Idon't know, but I I think the
best advice, uh I don't want tosound like a broken record or
anything, is really just havefun.
Uh keep doing the stuff thatyou find fun and enjoyable and
(18:52):
that you want to keep doing.
Um for me in the early, earlydays and the beginnings, it was
like capture the flag.
It was oh, the gamifiedlearning experience to be able
to play in cybersecurity andlearn all these new things.
Um, but that was something thatI was just having a ton of fun
with, and I wanted to play thenext CTF, and I wanted to read
the write-ups, and I wanted tobuild these tools, and I wanted
(19:14):
to figure this stuff out.
Uh but I think eventually, andI think it was something we all
kind of keep in the back of ourminds, is that life is gonna
catch up with you.
Uh, you're gonna be doing work,you're gonna be, I don't know,
kind of working in the job,you're gonna have some time with
family, you're gonna need tohave some home life here and
there.
Um, and eventually you're gonnaget to a point where maybe
(19:38):
sometimes you can't quite alwaysget to the cybersecurity stuff
that it was a passion or you hadfun with, or it's just less fun
because sometimes it feels likework.
Uh and I know that's that thatsucks.
Like that that's a tough pillto swallow.
So I think the best you can do,especially in the early days,
stockpile and grow and run asfast as you can and enjoy
(19:59):
everything that you're up to.
But do it because you're havingso much fun.
You want to keep doing it.
So you can fend off whateverdays might come way, way down
the line where you don't want todo it.
But you've put so much time in,you've you've been able to be a
part of this, and you've beenloving it for so long that the
(20:19):
longer you can keep doing itbecause you love it, because you
enjoy it, that is the bestsaving grace that you can.
Uh, and I hope, I think that'sthe best way to go about it.
Keep it fun.
Edna Jonsson (20:33):
Wonderful.
Um, so what is one message thatyou would want newcomers to
hear from you directly?
John Hammond (20:42):
Ooh.
Look, um, I guess it kind ofboils down to yeah, you know,
the same sort of trio in allreality.
Uh, keep it fun.
Maybe the next one is reallyshare, document, show your work.
Um, and then I think the thirdbullet here is look be present,
be a part of this thing, be inthe community, be interacting in
(21:05):
Discord, be online with thesocial media, LinkedIn, just
being with the community andattending events.
Like go be with the communityat conferences.
Uh, you make so many coolreferences, you make so many
cool networking opportunities,you meet so many incredible
people, and that will open a lotof sweet doors for you.
Uh, and it's fun.
It that adds to all the otherthings of yeah, make sure you're
(21:28):
enjoying yourself and make surethat you try to share and
document what you're up to.
Um, but do that with others.
Uh, be that and present in thecommunity.
So cool, so much fun.
Edna Jonsson (21:40):
Wonderful.
And how can people connect withyou and find your training?
John Hammond (21:46):
Thank you so much.
Yeah.
Now, if anyone is up for it,uh, would be grateful.
Please do take a look at someof the stuff I'm up to.
Don't hesitate to reach out.
Um, I'm out online.
You can find my name, JohnHammond, uh, on YouTube, on
Twitter, on LinkedIn, on all ofthe internet places.
And it's me.
It's just a picture of me withmy stupid dumb face and red
hair.
So you can probably track medown A-oka.
(22:07):
Um, but yeah, a lot of thetraining venture and extra,
extra efforts on that side areat just hacking.com.
So I hope some folks do get totake a look.
A lot of free, accessible nameyour price, pay what you want,
pay what you can, material, andgood learning and education
there for you.
So thank you.
Edna Jonsson (22:26):
Yeah, thank you.
Thank you for being on theshow.
We're so glad to have you.
John Hammond (22:32):
Well, thank you all for the opportunity.
Edna Jonsson (22:35):
Absolutely.
From a cooperative project for acquiring skills in
the child to learn.
Edna Jonsson (00:06):
Welcome to the Security Chipmunks Podcast,
where we keep chipping away atit.
I'm here with my co-host, JerryBell, and our guest John
Hammond.
Welcome, John.
We're glad to have you.
John Hammond (00:20):
Hi, everyone.
Thanks so much for letting mejoin you here.
This is awesome.
Welcome.
Edna Jonsson (00:24):
Yeah.
Wonderful to have you.
So we met at DEF CON, thedetection engineering and threat
hunting conference.
Do you remember that?
John Hammond (00:33):
I do.
Edna Jonsson (00:35):
Yeah.
So I was very lucky to have youhelp out and give away one of
our tickets to the Orlando DEFCON site.
So what got you interested inDEF CON and what did you think
about it?
John Hammond (00:51):
Ooh, well, uh DEF CON, I know, at least from what
I've seen, and I it was kind ofa little bit before I finally
get a chance to go make it, uh,go be there and attend.
But I love the fact that it'shey, all hands-on, it's all
workshop-based, it's allsessions that are really
genuinely, hey, just kind of thepresenter, uh, acting really
like an instructor to walkthrough a whole exercise, to go
(01:13):
through a demo and to make iteven something that's
interactive so that other peopleand all the attendees can join
in.
Uh, that's just one of thecoolest things because look,
that that's where the reallearning comes.
That's where the value and theeducation comes in.
Um, and Randy, I know one ofthe organizers, he'd asked, Hey,
Jeron, do you mind helpingspread the word?
So yeah, we did that sweetgiveaway, let some folks join in
(01:34):
with the ticket.
Uh, and I'm super glad that itis getting some folks to be able
to be part of the party.
Edna Jonsson (01:41):
Yeah, that was wonderful.
And absolutely, like youmentioned, the workshops there,
they are actual stuff that we'redoing in the field.
So it's really valuable topeople who are trying to break
into cybersecurity to get thathands-on um practice with tools
that usually you don't seeunless you're working in an
(02:01):
enterprise environment.
So, yeah.
So, speaking of training, um,Jerry had a couple of questions.
Yes.
Jerry Bell (02:10):
So, you created uh this just hacking training.
So, can you tell us a littlebit about that?
What what uh what was theimpetus for creating that?
John Hammond (02:19):
Totally.
And and thank you for asking.
Uh, that is a a labor of love,another sweet new fun passion
project.
Uh, because well, for a longwhile, it's no secret, hey, I've
had this YouTube channel whereit's kind of just been me
talking and walking on thecomputer screen, showcasing
stuff and trying to get morecybersecurity education out the
door.
Um, and you know, over theyears, it's been like a decade
(02:42):
and a half, there have been ahandful of folks that have kind
of raised their hand and asked,like, hey, John, when are you
making a course?
Uh, when are you puttingcourses together?
Are you ever gonna do courses?
Hey, do you have a course thatI could go through?
And, you know, the usual kindof schoolhouse curriculum
training and learning and stuff.
And I gotta be honest, aYouTuber is not the best at
(03:04):
making a full-blown course,right?
Because I'm I'm pretty used toall that formula of okay,
something that's in a tight30-minute video, 20-minute
video, 10 minutes or less kindof thing.
But having a whole uh liketrajectory of one material, one
lesson, one point A to B tolearn something more, uh is
tough.
It's it's it's tough to craftout.
Uh, but I had this realizationwhen I was getting to hang out
(03:28):
with more and more friends, moreand more incredible people in
the industry.
Like, look, there are so manyother genius, incredible people
that are doing fantastic andincredible stuff.
Uh, so I wondered, look, couldwe try to kind of bring all
these bright minds together?
Uh, would they be willing tohelp craft and create and build
out some of the curriculum andmake for that hands-on,
(03:50):
interactive, practical, andapplication-based learning with
oh, yeah, of course, thelessons, the curriculum, videos,
the walkthroughs, theexercises, the quizzes, and a
full-blown like VM range, likevirtual machine and lab to be
able to poke and play.
Um, so we kind of kick-startedthe idea.
We were playing around with it.
I think it got some real windand really launched over in
(04:12):
October of 2024 now.
Um, but it's just been so cool.
It's been, I hope, a reallysweet opportunity and just a
really great mission andadventure for me now is hey,
trying to spread more education,trying to help at this scale in
a whole new way where it's notjust me anymore, it's all the
awesome and incredible people inthe industry.
Uh, so I'm really, I'm reallyhappy to see where it's going.
(04:33):
It's just a lot of fun.
Jerry Bell (04:36):
So, so this is uh obviously a really fast-moving
industry.
How do you decide what you'regoing to focus your content on?
John Hammond (04:44):
Ooh.
Well, I a little bit of backand forth in my mind, truth be
told.
Because like it's one thing,yeah, I'd love to go chase the
latest hot ambulance, you know,chase the new hotness, see
what's happened in the news,current events.
And I do try to sprinkle thosein here and there, but I know
those are really superephemeral.
(05:06):
Like that, that's totallytemporary if it's just the news
of the week or the weekend,right?
Uh, so I still try to keepstockpiling and really bringing
out just more uh not to sayfoundations, but stuff that is
kind of evergreen content andeducation.
Like they're still learninghowever many years you watch it.
It's not living and dying inthe breath of the news cycle.
(05:27):
So I don't know.
I try to balance both, but uhreally it uh to be totally
honest, it just boils down towhat am I interested in?
What do I want to showcase?
What do I want to play?
I have a little strategicadvantage where the channel is
just kind of my name.
It's John Hammond.
So whatever John wants to talkabout, John will talk about.
Edna Jonsson (05:48):
So I just noticed that just hacking training also
could be John Hammond training.
Did you know that?
John Hammond (05:58):
So the JH part of the JHT is a little uh little
play.
Uh because I did want to, youknow, make sure I'm still in the
picture someway, somehow.
Edna Jonsson (06:10):
Yeah, that's neat.
I like that.
It's a little Easter egg.
John Hammond (06:14):
It is especially cutesy if you really think the
same like number of letters inthe words John and just hacking
and Hammond, but whatever.
And you know, hey, you cares.
Yeah.
Jerry Bell (06:24):
You you put a lot of thought into that.
Uh it's clever, right?
Edna Jonsson (06:28):
Yeah.
Jerry Bell (06:29):
So what has been your favorite uh memory or
moment in in your just hackingexperience here?
John Hammond (06:37):
Oh goodness, that's a super good question.
Jerry Bell (06:42):
Uh I all credit to Edna, by the way.
John Hammond (06:46):
I'm trying to think, what's the what sticks
and stands out?
I'm going to events andconferences and kind of being
with people in person, you know,in the real world, not just
kind of sitting behind thecomputer screen, um, getting a
chance to be with folks that arewilling and want to come up and
say hi, shake hands, chat, tellme, like, hey, they've been
(07:06):
learning all a lot of sweetstuff, and they got into this
job or they they got in theindustry because of the stuff
that I've been doing.
Um, it's very surreal.
It's it's extremely fulfilling.
Because, you know, from myperspective, I'm just like
sitting alone in my room yellingat my computer with the camera
on.
Um, but I'm just so gratefulthat that has caught some wind
and uh got a little bit ofmomentum, and it really helps, I
(07:28):
hope, bring some value forpeople.
Uh so I don't know if that'sreally a favorite moment, but
that is certainly like one ofthe favorite feelings of wow,
cool.
I hope I move the needlesomehow somehow.
Edna Jonsson (07:42):
Yeah.
So I was curious, I know thatyou come from a training
background.
Um, has that helped you in yourcareer?
And also, um, does that helpyou with like public speaking
and things like that?
John Hammond (07:57):
Totally.
Yeah.
Um, so super quick crashcourse, if that's okay.
Uh I I feel like I got a lot ofmy beginnings, learnings,
fundamentals to kind of get intoall this stuff.
Um, when I attended the USCoast Guard Academy, that was
for my undergrad, for college,for school, and that's one of
the military institutions overin the United States, right?
So think of Annapolis, likeNaval Academy, uh, West Point,
(08:20):
the Military Academy, blah,blah, blah.
Uh, and that, you know,instills a little bit more of
the militant, you know,regimented kind of oh uh
cambroadery and stubborn gritand determination.
Uh, but it also really tellsyou how to talk, uh, especially
to some of the oh high flyingofficers, gold and brass, and
VIP people that would come andjoin the party to see what we're
(08:41):
up to.
Uh so I had to talk and presentto them what oh, our cyber team
little extracurricular club wasall up to.
Um, and then once and after theCoast Guard Academy, uh I was
training and building out theircyber team and trying to make
sure the rest of us cadets weresmart and learn a lot of this
stuff.
I bounced over to theDepartment of Defense Cyber
(09:02):
Training Academy to teach, liketo literally really be an
instructor, standing up in thepodium, riding a unicycle,
trying to juggle, keep peopleawake for eight hours.
Um and that I gotta admit,yeah, I really feel like feeds
and helps in you know bothdirections, getting better,
improving, and having thecapability to present and to
(09:24):
talk and to yeah, hopefully makesure something is still fun and
exciting for people while I'mrambling and yapping.
Edna Jonsson (09:33):
Oh, that is wonderful.
I'm I'm glad that you had thatexperience, and that's such a
cool like sometimes people don'tthink about how you come from
different backgrounds, and thatreally helps you when you get
into cybersecurity.
Um this also ties into anotherquestion that I have.
So you have talked about uhlearning in public.
(09:54):
Um, so why is that a powerfulstrategy for cybersecurity
students and how can they startdoing that?
John Hammond (10:02):
Oh, awesome question.
Uh look, I know I maybe it'ssilly with my YouTube channel
and all, but I don't mean tokeep falling onto that as a
crutch.
But I I know that look, I don'tknow everything, and I'm still
here to learn kind of alongsideeveryone else.
So a lot of that learning inpublic and oh, trying to build,
(10:23):
trying to play, trying to hack,go through some of these
vulnerabilities and exploits andstuff.
Like all of that is so thathey, I can share it with other
people, uh, share what I'mlearning and share, hopefully,
and get to hear what they'relearning.
Because even in the comments,if it's a blog, if it's a
write-up, if it's something thatyou post on Twitter or
LinkedIn, whatever, uh, whenfolks can let you know, hey,
(10:45):
actually, you know, you couldhave done this faster uh with
this technique or with if youuse this trick, or oh, have you
heard of this tool?
You should check out you shouldcheck out this program, this
application.
This could speed you up.
Um, and that was just a reallycool feedback loop.
Um, I was doing YouTube for youknow, way back when, even
before uh that college CoastGuard Academy undergrad
(11:07):
timeline.
And even then it was just, hey,I'm having fun.
I'm enjoying this stuff.
And even stockpiling andcollecting these online videos
or write-ups or blogs or howeveranyone else might tackle it,
uh, that felt like momentum.
Because hey, it now I have aproof, now I have a demonstrated
and uh tangible, so to speak,something to capture that work
(11:30):
that I've done, and other peoplecan learn from it and uh they
can help teach me.
So it was just always awesome,uh, a really, really cool sort
of cycle to just keep improvingwith the community.
And I would totally recommendthat to anyone if they're up for
it.
And it doesn't have to betalking to a camera and making
videos, it can just be yournotes, honestly.
(11:51):
If it could just be anythingthat you're already putting
together, but why not share itand make it public so that we
all can learn?
Jerry Bell (11:58):
Nice, very nice.
So you've you've in the pastmentioned imposter syndrome.
So what what advice would yougive to new learners who are
feeling bad imposter syndrome?
And by the way, you know, I'vebeen in this industry for uh
probably longer than y'all havebeen alive, and I have this
(12:20):
imposter syndrome pretty prettybad.
So uh I'd I'd love to hear yourthoughts on that.
John Hammond (12:26):
Well, I mean, the thing is it it it strikes
everyone.
Uh it hits everyone, no one isimmune.
I have imposter syndrome andburnout and the mental fatigue
and all the things that you knowreally do bog us down, and no
one's an exception.
Um I whenever I can, I've triedto treat that or harness it to
(12:49):
kind of act as a little bit offuel.
Like, hey, can that be themotivation?
Like, oh, I want to get betterbecause uh I need to make this
ideal or I want to reach thisgoal or hit this accomplishment,
achievement, a milestone.
Um, and if I'm comparing myselfto other people, I realize I
know a lot of that honestly justkind of comes from doom
(13:09):
scrolling on social mediabecause I see everyone else
sharing their wins, highlightingall the best stuff that they're
up to, the new certificationthey got, the new job that they
were doing.
Like it's really, really easyto then just compare yourself to
them and beat yourself up forit.
But honestly, I think the bestyou can do is compare yourself
(13:32):
to yourself.
Like, did you learn somethingnew today?
Are you better than you wereyesterday?
If it's 10% better, if it's 1%better.
Look, if you are staying withit.
If you're keeping up with thepulse and the heartbeat, then
that's the best way you can atleast keep fighting up against
imposter syndrome.
But it you're gonna hit thewall.
I have, we all do.
(13:52):
Uh, it's just something else wewrestle with.
Thank you for that.
Edna Jonsson (13:58):
Yeah, I've felt imposter syndrome a lot.
John Hammond (14:01):
Yeah, no, me too.
Edna Jonsson (14:03):
Yeah, earlier this year when I uh competed and won
that black badge at Wild WestHacking Fests.
Oh, yeah.
I was competing against somereally talented people.
And it made me feel so wildthat like I had won this and I
felt like I had to return thebadge or something for a bit.
Like it's like, oh no, I don'tdeserve this.
(14:24):
But yeah, it's uh those are thebest things, though.
John Hammond (14:28):
Those are when you do celebrate some sweet
success, an actual awesomeaccomplishment.
Uh, and so being there withteammates, being in there in
person, like that is somethingto be super proud of.
Edna Jonsson (14:38):
Yeah.
It it was wonderful, and I'mglad I did it.
Yeah.
Imposter syndrome is just likeit will creep up on you when you
when you don't want it.
You don't choose to have it forsure.
Um, but when you're doing a lotof things, you can sometimes
feel overwhelmed.
And I attended a talk that youdid uh as the keynote at B Sides
(15:04):
Tampa, where you talked aboutall of the pressures that people
feel when they're gettingstarted in cybersecurity and
people are telling them you needto do this and that.
Can you talk about that a bitand share your thoughts on all
of the pressures that we feel aswe're trying to break into this
field?
And it feels overwhelming?
John Hammond (15:25):
I can try, because uh yeah, I know that's still a
struggle point uh for me too.
Um so yeah, way back when uhfor Besides Tampa this year,
2025, uh it was a real honor, anincredible opportunity to be
their closing keynote.
Uh, and I brought this talktitled Another Round on the
(15:46):
treadmill, uh, which was the youknow fluffy, oh ha ha thought
leadership kind of waxing poetickind of idea, just to because
that that's a keynote, that'sjust what it has to be.
Um but it was playing with thatnotion that hey, uh there's so
much for us to do incybersecurity and so much for us
to learn, and so much that it'stoo much for us to do and keep
(16:11):
up with.
Um, and it is really feelinglike it's some cycle, it's some
cyclic thing that we just gottachase the next new
vulnerability, the next do andalert, the next through threat
act, or the next audit, the nextwhatever, and go after that
next cert, blah, blah, blah,blah, blah.
All the studying that we do.
It is super duper overwhelming.
And I feel it all the time.
(16:32):
And I I hope that look, if weat least even talk about that,
like if we acknowledge that, ifwe if we shine a spotlight on
that, uh, we don't ignore itbecause I think we all just know
we we all understand that.
But I was trying to get thismessage across.
We're like, okay, you don'tneed to boil the ocean, you
(16:55):
don't need to consume absolutelyeverything.
I know people tell you to be asponge, but like, look, you can
only hold so much, uh, all thatwater, all that information,
everything you're trying to do.
Um so the whole another roundof the treadmill premise was
like, look, you're doing awesomestuff.
You're on it, you're working,you're running on the treadmill.
And if you need a break, that'stotally okay.
(17:18):
Uh, because if anything, you'regonna feel better.
You're gonna you're gonna havesome time for your your your
muscles to build up, for you toget that cardio back in action,
whatever analogy we'd like here.
But literally, genuinely take abreak.
Like let yourself catch up,catch your breath, relax, and
enjoy.
Because you are doing thisbecause you love it.
(17:38):
There is a passion there,that's why we're all in this.
Um, but then get back on thetreadmill.
Just another round on thetreadmill.
Edna Jonsson (17:51):
Yeah.
Jerry Bell (17:53):
Good advice.
Good advice.
Um, so if if you were if youwere to start over again, and I
I I find myself uh asking thisquestion of myself quite quite a
lot because I'm uh entering mythird career, I think.
John Hammond (18:09):
Excellent.
Congrats.
Jerry Bell (18:10):
How how would you approach getting into
cybersecurity now?
And and in in particular, Ithink the the listeners of this
show are are you know often kindof coming in coming freshly
into the industry.
So what advice would you giveyour younger self if if you were
coming into the industryindustry right now?
John Hammond (18:29):
Oh uh I guess uh maybe this sounds uh boring or
bland or stupid or trite, Idon't know, but I I think the
best advice, uh I don't want tosound like a broken record or
anything, is really just havefun.
Uh keep doing the stuff thatyou find fun and enjoyable and
(18:52):
that you want to keep doing.
Um for me in the early, earlydays and the beginnings, it was
like capture the flag.
It was oh, the gamifiedlearning experience to be able
to play in cybersecurity andlearn all these new things.
Um, but that was something thatI was just having a ton of fun
with, and I wanted to play thenext CTF, and I wanted to read
the write-ups, and I wanted tobuild these tools, and I wanted
(19:14):
to figure this stuff out.
Uh but I think eventually, andI think it was something we all
kind of keep in the back of ourminds, is that life is gonna
catch up with you.
Uh, you're gonna be doing work,you're gonna be, I don't know,
kind of working in the job,you're gonna have some time with
family, you're gonna need tohave some home life here and
there.
Um, and eventually you're gonnaget to a point where maybe
(19:38):
sometimes you can't quite alwaysget to the cybersecurity stuff
that it was a passion or you hadfun with, or it's just less fun
because sometimes it feels likework.
Uh and I know that's that thatsucks.
Like that that's a tough pillto swallow.
So I think the best you can do,especially in the early days,
stockpile and grow and run asfast as you can and enjoy
(19:59):
everything that you're up to.
But do it because you're havingso much fun.
You want to keep doing it.
So you can fend off whateverdays might come way, way down
the line where you don't want todo it.
But you've put so much time in,you've you've been able to be a
part of this, and you've beenloving it for so long that the
(20:19):
longer you can keep doing itbecause you love it, because you
enjoy it, that is the bestsaving grace that you can.
Uh, and I hope, I think that'sthe best way to go about it.
Keep it fun.
Edna Jonsson (20:33):
Wonderful.
Um, so what is one message thatyou would want newcomers to
hear from you directly?
John Hammond (20:42):
Ooh.
Look, um, I guess it kind ofboils down to yeah, you know,
the same sort of trio in allreality.
Uh, keep it fun.
Maybe the next one is reallyshare, document, show your work.
Um, and then I think the thirdbullet here is look be present,
be a part of this thing, be inthe community, be interacting in
(21:05):
Discord, be online with thesocial media, LinkedIn, just
being with the community andattending events.
Like go be with the communityat conferences.
Uh, you make so many coolreferences, you make so many
cool networking opportunities,you meet so many incredible
people, and that will open a lotof sweet doors for you.
Uh, and it's fun.
It that adds to all the otherthings of yeah, make sure you're
(21:28):
enjoying yourself and make surethat you try to share and
document what you're up to.
Um, but do that with others.
Uh, be that and present in thecommunity.
So cool, so much fun.
Edna Jonsson (21:40):
Wonderful.
And how can people connect withyou and find your training?
John Hammond (21:46):
Thank you so much.
Yeah.
Now, if anyone is up for it,uh, would be grateful.
Please do take a look at someof the stuff I'm up to.
Don't hesitate to reach out.
Um, I'm out online.
You can find my name, JohnHammond, uh, on YouTube, on
Twitter, on LinkedIn, on all ofthe internet places.
And it's me.
It's just a picture of me withmy stupid dumb face and red
hair.
So you can probably track medown A-oka.
(22:07):
Um, but yeah, a lot of thetraining venture and extra,
extra efforts on that side areat just hacking.com.
So I hope some folks do get totake a look.
A lot of free, accessible nameyour price, pay what you want,
pay what you can, material, andgood learning and education
there for you.
So thank you.
Edna Jonsson (22:26):
Yeah, thank you.
Thank you for being on theshow.
We're so glad to have you.
John Hammond (22:32):
Well, thank you all for the opportunity.
Edna Jonsson (22:35):
Absolutely.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.