June 21, 2023 • 64 mins
Ever wondered what it takes to break into the world of cybersecurity? Join us for a fascinating conversation with our guest, Bill Eck, as he shares his personal journey transitioning into this challenging field. We discuss the trials faced by newcomers, the competitive landscape of the market, and how to strike the perfect balance between industry hiring problems and the skills gap.
In this episode, we also unveil essential tips for cybersecurity beginners and emphasize the importance of having a strong "why" to persevere in this tough field. Learn about the unique hurdles women face in cybersecurity and how using precise terminology and tools can make finding answers a breeze. We touch on the significance of taking chances and applying for jobs, even if you don't meet all the requirements – a must-listen for anyone considering a career in cybersecurity.
Finally, we dive into the crucial role of mentors in the cybersecurity industry and share tips on finding one successfully. Discover the power of independent research and understanding the foundations of IT and operating systems before venturing into cybersecurity. Don't miss this insightful discussion with Bill Leck as we tackle the challenges and opportunities that await in the cybersecurity world.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:02):
Oh, welcome back everybody.
That's right, it is me, it isthe cyber warrior, this is cyber
warrior studios.
And of course, i know you'reall here for security happy hour
And I'm I'm sure we're gonnaget into.
We've got an amazingconversation plan because we're
gonna talk about some things Nota lot of people talk about, but
that's what we do here, becauseguess what?
It's my show and I'm gonna talkabout everything going on in
(00:25):
this world, especially withnewcomers coming into cyber.
So I want to thank you all forbeing here And I promise, if you
hang with me for like 10seconds, i'll be back here and
you're gonna just love this show.
And There it is.
(00:51):
Security happy hours officiallyoff and running and we were
ready to go.
Now, without further ado, letme introduce to you my guest
this evening, bill leck.
Bill, how you doing today.
Speaker 2 (01:03):
I'm good Glad to be here.
Speaker 1 (01:06):
Goal good to have you here.
It's gonna be an amazingconversation.
We got planned All right.
We're gonna be talking some bigthings and those big things are
What not to do.
But before we get into that, iNeed to get a little rundown on
how you get them.
got invested in cyber securitybecause we're still trying to
get you to Find your way into it.
We still want you there.
(01:27):
We're working to get you there,but you've been doing a lot of
studying, a lot of other things,so give us the rundown, man,
how'd you find this path for you?
Speaker 2 (01:36):
well, you know, at One point in my life I guess I
own my own truck repair shop andso you know, i was the mechanic
, the accountant, the IT guy, um, and and so like I got closer
and closer with computers and atsome point, like the whole the
(02:00):
sphere of privacy on online likejust really took hold of me,
you know, like very interesting,and I guess you kind of come to
a Point where you realize thatthere really is no such thing as
privacy online.
But then I saw mr Robot right,which I know it's kind of cliche
(02:21):
, but I It just kind of blew mymind that there really was like
a whole Cyberworld andeverything where, you know,
there is a Career that a guy canmake in it.
The more I looked into it andYou know, i guess at some point
(02:42):
I just kind of decided that Iwas you know, i've been a
mechanic for almost 15 years nowand I I just decided that I
wanted to change and slowly butsurely I've been learning and
studying and Eventually.
(03:02):
I'll get there.
Speaker 1 (03:04):
Yeah, definitely, and it's gonna take.
It's gonna take time, as allthings right.
You know, one of the thingsthat people tend to forget and
they get really upset and theyget really aggravated and they
get really hurt and everythingelse like that is That,
especially for those later on inlife They're trying to career
transition.
I think it's gonna be easy nowfor a lot of these people
(03:25):
Because of the way when you'vebeen in a career 15, 20 years,
you get into it And yeah, maybeyour original career was easy to
get into, going back 15, 20years, right, which seems a long
time ago, but it wasn't and butbut things were still easier
then.
Now, especially this field, whenyou're transitioning in, there
(03:46):
are so many people on the market.
For anybody that says there's askills gap, i completely, i can
find ways to debunk it.
I swear I can.
There's not a skills gap isthat there are so many
competitive people on the marketnow doing so many things That
you have to find ways to becompetitive.
So it makes it a lot harder toget in because When we have so
(04:10):
many people there that arewilling to take Less money for a
senior role than others,they're gonna get hired.
Kind of fill that junior rolebut have more, more experience
and more everything, becausethey need to get their foot in
the door somewhere else.
It sucks, but it happens.
So I think we have a hiringproblem, not necessarily a
(04:32):
skills gap problem.
We have to find a way tobalance these things out, yeah,
but yeah, the fact that you'restill in it, you're still
learning, you're still growingand you're still going with it
Look, you're in the right place.
My warriors, this is what we do.
We help people all the time andwe'll continue to do so.
so you're definitely in theright place now Saying that the
(04:55):
topic of the day is what not todo.
First and foremost, what madeyou Come up with that topic?
Speaker 2 (05:09):
I.
Speaker 1 (05:11):
Know it's a new question.
You've been watching for awhile.
I haven't asked that one yet,so we got that one out there
because I'm intrigued and I wantto know what made you kind of
think of that one.
Speaker 2 (05:19):
You know, like I messaged you because of that
scholarship thing from from ECcouncil, yep, and You know, just
I was getting opinions frompeople because it just it seemed
kind of funny, right, likeTheir lowest tier Certificate,
(05:41):
certificate and class, and theystill, you know, they still
wanted a couple hundred bucks todo it.
It just it really seemed like akind of a scam and You know, it
was like what do I do?
Should I not do this?
you know, and you know theother thing is like I've had a
(06:03):
lot of people tell me, you know,don't let the training or the
The sales side of the trainingfor cyber get to you, because
there's a lot of, you know,there's a lot of people trying
to sell you something, and right, so yeah, I think what bothers
(06:25):
me about that is They've alreadytaken a hit to their reputation
based on things they've donepreviously With blog posts,
things like that.
Speaker 1 (06:34):
They have taken a huge, huge hit.
So I took The.
I got a scholarship for theCCNA cyber ops Certification.
That's going back a few years.
Cisco's a big company.
Their certifications are notcheap and they keep revamping
them and redoing them andchanging things, but they're not
cheap.
(06:54):
Yet I got that scholarship andwas able to take the test for
your charge.
There was, there was nothing.
What.
Once I took the test there,like, are you past?
there you go.
I didn't have to pay out ofpocket for anything and so, like
I told you, you know, with whatyou were doing and what you
were going through at the timewith your career transition,
with trying to Stay your courseand stay your path and your
(07:17):
learning, you know I will neverSay education is bad, regardless
of where it comes from, and Ithink had EC council provided
that certification attempt freeof charge, it would have more
weight to it in my eyes, becausethen they're confident in their
(07:37):
ability to deliver and they Andthey don't have to worry about
the money aspect.
They know that they'rerebuilding their reputation in
their brand.
But to charge for it justseemed I Can't, can't put my
finger on it, but I just can't,i don't know.
Speaker 2 (07:55):
Yeah, and then I saw other people posting on LinkedIn
and stuff like how, how theyfelt the same way and I didn't.
I just declined it.
You know it's I've been on apath Quite some time now.
I've been just working my waythrough, try hack me, and then
there's a couple other apps outthere for learning Python and
(08:20):
stuff, and like I've had peopletell me both ways with learning
how to code, like That.
I've had somebody tell me thatit's, it's for kids, and then
I've had other people tell methat it's the way to go.
And The thing is, you know, i Ienjoy it for one, and I've
(08:40):
learned so much about the basicsof how how things work from
learning the Programming side ofit, you know, and, and so I
just I'm like I'm gonna stickwith it.
You know, i think I've beendoing it for Months and months
(09:00):
and months.
Now I've lost track.
Speaker 1 (09:02):
So and that's a thing .
Right?
so coding is not required incybersecurity.
Anybody that tells youprogramming and coding is
required in cybersecurity, tellthem to get bent.
It's not.
Security is too broad of afield.
It's not absolutely required.
However, comma, i will say thisdepending on what area you went,
once you get into, it can benothing but a benefit.
(09:22):
Actually, no matter what areayou want to get into, it can be
nothing but a benefit, becauseyou can Automate a lot of your
menial tasks and a lot of thesesmaller consulting companies and
a lot of these smallerorganizations, if you can
automate workflow and then yougo about your daily work and do
the manual effort that that isrequired.
Yes, that initial investment ofAutomating this and building
(09:47):
out whether it's terraform forcloud deployments or Python
scripts for you know what haveyou then automating it will help
you out.
But The manual effort is whereyou'll sink your teeth in and
you'll be able to learn and keepgrowing, because now You know
enough to get these automationtasks out of the way.
So, for anybody who tells youthat, don't do this right?
(10:10):
so my, my initial thought ofwhat not to do Don't listen to
people that tell you not tolearn something.
That's something what not to doAnd it's a double negative.
I know it sounds really weird,but if anybody tells you not to
learn something, they are nottrying to help you.
Speaker 2 (10:33):
Yeah.
Speaker 1 (10:35):
Because in this industry, any knowledge is good
knowledge, no matter where itcomes from, no matter what it is
.
So saying that you're stilllearning, you're still growing.
You haven't been you know kindof going through your education
process for incredibly long.
What have you seen that youwould tell people what not to do
(11:00):
, or what would what, in youreyes, do you think is something
that it would go against whatanybody else would tell, would
say not to do?
Speaker 2 (11:12):
I would say don't lose your focus.
Don't get discouraged whenyou're using some of those
platforms and you're not gettingthe answers.
Instead, find a way to get theanswers.
Like you know, it's okay tolook up the walkthroughs or find
(11:36):
the YouTube videos.
Like, a lot of the things I'velearned have been because I
found a YouTube video on thatspecific topic I was trying to
learn, or that room I was tryingto walk through or whatever,
and it doesn't matter theplatform you know And the guy's
showing you his tricks to it.
(11:57):
You know, because you may notlike, like you may get all the
way done with try hack me stuff.
Well, they're still hack thebox, they're still blue team
online And you know like you'regoing to get to those next ones
and you're going to know thatstuff and you're just going to
build on it.
You know the time spent on itis still valuable experience
(12:24):
Whether or not you knew theanswer right off the bat.
Speaker 1 (12:27):
Right, And that's the thing, right, you know there
are.
There are so many ways to learn.
As the saying goes, there'smore than one way to skin a cat
and people are going to hatethat saying, but let's be honest
, it's common saying and it'svery true.
And even in my learning journey, even as I have come up,
(12:55):
complete walkthroughs on retiredboxes for hack the box have
helped me out where it's beenthings that I would not have
thought about.
It is things that I've lookedat and been like how did I miss
that?
What I will say is anybody know?
that right, and the caveat tothat is do everything in your
(13:15):
power, research everything youcan.
exhaust all your resourcesfirst Yeah, before you go to a
walkthrough.
because what's going to happenis you're going to get in such a
habit of just going through towalkthroughs and being like, oh
yeah, i know all this.
You're not going to learn howto research, you're not going to
learn how to look up, how touse a tour, how to do this at a
(13:36):
third, so you're going to becomeindoctrinated basically to
walkthroughs and to peoplegiving you answers.
And so for me, what not to do?
don't ask someone for theanswer.
Ask them for guidance.
Is there something that Ishould be looking up?
(13:58):
Is there a toll that I haven'tthought of?
Is there something like that?
And I think that's huge.
Too often, especially in thisday and age, because of the
accessibility of the internet,we want the quick answer, we
want the quick win.
It's that immediategratification kicking in.
I need to know it now.
I need to know what the answeris right now.
(14:19):
And that is a huge problem,because nothing in our industry,
unless you have the tribalknowledge of it, do you get the
answer right now.
Someone's looking it up.
I have started using DuckDuckGo.
It's a little bit moredifficult than Google.
You don't get all the answersright away, but with the right
(14:40):
terminology you can figure itout.
It's just, it is what it is.
You know what I mean.
Like, it's just one of thosethings where don't look for an
answer to a problem.
you're going through like a CTF.
Look for how to use a toll tofind the answer to your problem,
(15:04):
if that makes sense.
Speaker 2 (15:06):
Yeah, no, and I'm not saying it's like my first
resort, it's oh, i've done it, iget it, don't give up Like find
a way to get it done and orstop and move on to something
else because you might learnlike the trick to that whole
thing or how that works on theback end from another room,
(15:29):
another research topic, whatever, and you can come back to it.
Biolines, don't give up.
Like I firmly believe I'm notemployed in cyber yet, but I'm
going to get there right, andI've seen so many people on
LinkedIn that it seems likeforever they've been trying to
get a job and they finally doLike they didn't give up after
(15:53):
how long.
And then you see other peoplethat have kind of just
disappeared and it sucks becauseyou know that they're probably
valuable, like they wanted to doit.
Maybe not bad enough, butThat's the kicker To me.
Speaker 1 (16:11):
It's all about that passion, right, it's all about
that drive.
And if you're why it's strongenough and I've talked about
that on here, i've talked aboutthat on Walk With Me, i've
talked about that on MotivationMonday.
I've put posts on it onLinkedIn, twitter, everything
Your why has to be strong enough.
If your why is strong enough,you will overcome anything
because you're going toconstantly, you're going to
(16:32):
consistently pursue that goal.
But I do have a question here,bill.
I'm going to let you give yourtwo cents.
You're still trying to break in, so I don't know if you're
going to have anything on this,but it's from one of my other
warriors, Misha, and it's avalid question, but she might
not like my answer.
But I'm going to let you gofirst.
So I have a question Is thereanything you would say to women
(16:58):
breaking into the field that youwouldn't say to men in the what
not to do?
Speaker 2 (17:07):
Is there anything you would say to women?
So I guess I would say why inthe world do you see a
difference between the two?
You're trying just as hard as Iam, so on the other side of the
computer, how are you anydifferent than me?
(17:28):
And I would even argue there'sprobably somewhere that you're,
something you're good at thatI'm not good at, and it has
nothing to do with our genders.
Speaker 1 (17:42):
It's just we're different people.
Speaker 2 (17:46):
Don't ask me to do IP tables, okay.
Speaker 1 (17:50):
And you're a Linux person and you hate IP tables.
Speaker 2 (17:55):
Who's faulted that?
Speaker 1 (18:00):
You got me dying over here, bill.
So on that note, i'm a pissMisha off, actually, no, i'm not
, she loves me.
I will say this There issomething I will tell women not
to do that are breaking in thefield that I don't feel I have a
need to tell men to do.
It's not that I don't thinkthat there's any difference.
(18:23):
Is that there is one difference, maybe more, but the biggest
one I see Women have found it anecessity, based on experience,
to have to a try to match 80 to90% of any job description
(18:44):
before they apply.
Knock that shit off.
If you like the job description, apply for it.
I'm not saying apply to everyjob out there.
I'm saying look at the job,what is required of the job,
what your duties will be, and ifyou feel like you can do that,
apply.
Don't look at the requirements,don't look at the
certifications, the education,the degrees and things like that
(19:04):
.
Don't look at it.
Just look at what is requiredfor the job, but if you feel in
your heart that you are capableof doing it, apply for it.
Number one Second thing isfight for your damn salary.
And I say this because that isthe other part.
So many people talk about thewage gap.
It's big content.
There's a lot of contentionwith it right now whether or not
(19:27):
it exists.
Excuse me, i will say it doesexist, not always for the
reasons people think It exists,because women who are just
coming into the industry, justcoming into the field, or any
field or any workforce for thatmatter, are too afraid to fight
(19:49):
for their salary.
They do not look up what thecommon salary is, what the
average pay is for this state,for my location, because of X, y
and Z, so they get paid less.
So it's not that it doesn'texist, it's that women are not
fighting for the same, they'renot asking for the same salaries
and fighting for the samesalaries that men are.
(20:12):
Because, let's be honest, as aman I'm an asshole sometimes and
if I tell you I want somethingand you don't give it to me, i'm
going to go somewhere else.
I'm not going to fight andargue with you back and forth.
I am literally going to tellyou what I want.
you're either going to give itto me or I'm going to walk women
because they're still trying tobreak in and find their footing
(20:32):
.
we'll be like, oh well, okay,i'll take it.
Now there's more biologicallyand genetically that I could get
into.
that's a whole differentconversation, but that is the.
the crux of the matter isthey're not fighting for what
they're worth, and I thinkthat's a lot of people, that's,
any anybody across the boardthat takes the first offer given
(20:55):
to them without if you don'tknow the person hiring you.
nine times out of ten I knowthe person hiring me.
this is the importance ofnetworking.
I've already got a job before Igot a job, i literally know my
salary before I walk in the door.
so when I got to go through theprocess and I'm like, oh yeah,
okay, i'll take this, i knowwhat I'm getting, i've already
(21:15):
worked it out beforehand.
so if you're not in thatsituation and they're not
offering you a salary range,then just come in high, see what
they give you and then takethem up up a few thousand
dollars, maybe ten, maybe twenty, depending on what the average
market value is.
take them to market value.
if they're undercutting you,fuck them go somewhere else go
(21:40):
somewhere else.
Yeah, that's my take, and I lovethe fact that Misha agreed with
me.
Damn it, i was hoping we wouldargue I love Misha, she's one of
my baking sisters, i love her.
But I'll say that I think thatdepends on the generation as
well, with meeting expectations.
(22:01):
This is true.
Gen Z is coming along a lotfurther and understanding more,
and I will even say the youngermillennials not the zennials or
like I don't know where I fallin in that crowd, but either way
, we're kind of like, especiallyas men screw you, pay me.
The women are kind of like I'lltake what you give me and your
(22:24):
Gen Z and stuff.
And then especially the newones coming up that aren't Gen Z
.
Whatever the new generation is,yeah, they're.
They're gonna run ham oneverybody around the office and
just tell you what to do, justsaying my son's already know a
lot more than I do at times.
Oh, damn it, sacred goddess,why do you got to do this to me?
(22:45):
we're also viewed as getting inbased on looks rather than
smarts and a whole lot of thethings I can't say in polite
company.
Know your worth, know yourbiggest asset is between your
ears.
Yes, that is still a fightingbattle for certain men, and I
say certain men because they'rethe ones that are saying this
(23:07):
nonsense that she is telling him, telling everybody you know I
fell under that trap I did, iwill hands down, admit it until
I got older and wiser andlearned and became more
understanding and actuallytalked to and had intellectual
conversations with people of allages, races, genders and you
(23:29):
name it.
Yes, i fell into that company,i will not deny.
Speaker 2 (23:35):
I was now.
I think that they're.
You know there's always badapples, right like you, you
might go to one company whereyou've got somebody in charge
and you know, i've.
I've been in management a fewtimes in my life now and I have
a lot of theories on it.
But there are a lot of peoplethat get put in management
(23:56):
because they they were therelike they were available or they
knew somebody, but they aren'tleadership right and and and the
companies that have leaders inplace won't.
Speaker 1 (24:12):
We'll see the value of a person based on you know
what they're bringing to thetable, not their looks right but
you still see the flip side toit you know, you still see the
flip side to it, and this is andthis is the problem, because
(24:32):
that flip side still exists andit is not at the fault of the
women.
No, that problem is definitelyat the fault of the men.
Yeah, that have caused that tohappen.
So that is why we still havethis issue and that is why men
who want to, that is why thereare men out there that challenge
(24:53):
women and it sucks.
It shouldn't happen, it reallyreally shouldn't happen, but it
does.
I will say, some of the bestand brightest that I have had on
this show and I talked toonline are women.
Hands down, it doesn't matter.
So I work with one of our.
One of the females that I workwith is finding stuff and
(25:18):
bringing them to us.
As far as an offensive securityteam bring into them stuff like
every night, always findingrandom ass shit, and so some of
the best and brightest I knowhave been women and so, hands
down, it is you.
It's one of those things.
This, this is where I'll standby and I'll kind of like try to
(25:42):
veer off this topic at thispoint.
When you apply for a company,when you interview with a
company, when you talk to acompany.
When you get into a company,should you choose to work there
and think that the culture isright for you.
If you find that it is not afit, you can blame the company,
(26:02):
put them on blast or whateveryou want.
Let's be honest sometimes itworks, sometimes it doesn't.
You kind of take what you canget, but the thing you can do
that will work is if you havethat brain power, if you know
what you say.
You know go somewhere else andmake them wish you wouldn't have
left.
Yeah, that I will say.
(26:24):
The best way to hurt a companyis leave.
Leave.
Speaker 2 (26:28):
Find a company that will appreciate you for you but
yeah, whether or not you're toldthat you're valued or feel that
you're valued like you, youbring some value.
If you are still employed there, you have value, and you may
not realize how much it is.
They may not realize how muchit is, but when you leave they
(26:51):
will know.
And you, you may not know, butyou'll know yeah, and that's the
biggest thing and that'severything.
Speaker 1 (27:00):
That's, that's.
That's, that's race, gender,religion, whatever.
If you feel like you're notbeing valued, for whatever
reason, bounce.
You can say your piece and tryto get it addressed first.
If you enjoy what you're doingand you and you like your pay
and everything else, icompletely understand.
But if that, if that cultureisn't gonna change and let's be
(27:22):
honest, it is very, verydifficult unless you were at the
tippy, tippy, tippy top tochange a culture then bounce and
make them regret that they lostyou, because eventually, when
you have a company that has allthe same mindset surrounding it,
it will not succeed.
It will go wonder.
(27:43):
It may take a few years, don'tget me wrong, it's not gonna be
immediate.
But if you are not valued andthey do not value bringing
people in of all walks of life,then that's their loss, that is
truly their loss yeah oh,alright, so we've got.
(28:05):
Oh man, all my warriors arefamily, but we've got Amanda
here and I'm gonna start callingAmanda, another one of my
warriors.
I've been talking to her anddiscord in on tick talk.
Good people love her.
Good to have you here, amanda,nice to see you checking in.
Funny enough, our friend Billhere is also blue collar working
, but she looks forward to findsomething where I'm not judged
(28:25):
constantly.
I will be point blank honestwith you here, and it's only
because I've been talking thissong.
I'm gonna let Bill take overafter this.
This here on my channel in mynetwork with people that know me
, anyone I call a warrior.
This is a judgment-free zone.
It does not matter.
(28:46):
And if you have a problem withsomeone stepping up to you and
judging you for what you looklike, what you do, what you've
done in your life or anythingelse like that, when you're just
trying to make a living breakin and be the best you can be,
send them my way.
Or to any one of my warriors toinclude one of what talk Tarver
, that's in there and I probablybutchered her name and she's
gonna kill me Andrea Myler,jason Roe Haas, james shit, he's
(29:13):
gonna kill me too, because Ican't remember his last name
right now.
I don't know.
I got a ton of them on LinkedIn, twitter and everywhere else.
Send them to any one of us andthat will stop.
Bill, you got anything for thisone?
because I love having her here.
I just started talking to herrecently and the fact that she's
here another warrior to add tothe family.
People, let's go.
Speaker 2 (29:33):
I mean, do do whatever you can to make things
that you're judged on, like youractions, your, what you bring
to the table at work and all therest of it.
It won't matter.
I, you know, like if you'redamn good at what you do, people
(29:54):
will remember you for that, notwhat you look like, because
that changes.
I mean, we grow older daily,right by the minute, so it's
immaterial, like the things.
The things that you should seekto be judged on are the things
that you do, your actions, whatyou know, the things that are
(30:16):
actually valuable, the thingsthat actually put food on the
table, you know yeah, so it's.
Speaker 1 (30:26):
It's one of those things that we we, yeah, take it
and make it hurt.
Make, make them hurt if theyjudge you for anything quite as
simple like own your weaknesses,own your strengths and welcome
people being diverse and andhaving a difference of opinion
(30:49):
and being different than you.
I think that is where we havegone wrong, and so when we talk
about things not to do, i'mgonna tell you what not to do.
Do not I repeat, do not try tobe the same as somebody else.
If somebody is stronger thanyou in something, do not try to
live up to them, because thatthis is what's gonna happen.
You're gonna take yourstrengths, they're gonna become
(31:10):
your weaknesses now and so nowyou're on the same level, so now
you have the same strengths andthe same weaknesses.
Hello, how you gonna get anybetter, how you gonna function
as a team.
That that, literally in societytoday, makes no sense to me.
Why are we trying to be equaland be like, oh, they can do
(31:32):
this, so I can do this.
Okay, so if you can do that andyou're doing that consistently,
what's gonna happen to letstuff you used to be able to do,
especially in this industry, ifyou don't use it, you lose it.
Plain and simple.
Am I wrong?
Speaker 2 (31:55):
No Spot on.
Speaker 1 (31:57):
Right, that is the biggest thing.
If you don't use it, you loseit.
In this industry and in so manyother industries, we strive so
hard to be like somebody else.
Why Be you?
Love your strengths.
Teach someone your strengthswhile they're teaching them
yours, or while they're teachingyou theirs Yeah, that's how I
(32:21):
said it right, and you bothbecome stronger.
But don't ever stop doing whatyou're good at.
Don't ever stop doing whatgives you that competitive edge.
You can learn more, but don'tever give up what you already
know.
There's another thing what notto do.
(32:43):
Don't give up what you alreadyknow.
Yeah, don't ever stop learning.
Keep growing, but don't give upon it.
Man, chat is on fire tonight,so real quick.
And then, bill, i want you totake over and say some stuff,
just because I don't really.
Oh wait, we got anotherquestion here, so cool, i'm
going to bring that in in asecond.
(33:04):
Let me tag this.
It's the same thing.
Speaker 2 (33:07):
You get talking and I'm used to listening.
Speaker 1 (33:12):
I got yelled at in one of my comments for talking
too much.
I was like all right, i'll tryto tone it down, but I do want
to say and give a shout out toall my warriors in chat this
evening.
We've got Jason Rojas.
Misha Kari Wanawa I'm justgoing to call her, sacred
goddess.
Amanda is here.
Steven Myler actually that'sAndrea.
(33:34):
Her phone died so she's on herhusband's phone.
Let's see Who else.
We got a few others Jack Idon't know what Jack this is,
but hey, he's here.
Adrienne Harris she's here.
My boy's Sergeant AR.
So Infinite Improbability AI.
Oh yeah, william Bailey's inthe house, so he's here.
(33:58):
Caleb Kerkish thanks fordropping in.
Good to have you here.
One of these days I'm going tobe able to I don't know be able
to use YouTube freakingmonetization and get super chats
.
Then I won't even have to worryabout it.
People will just pay to havetheir comments show up.
James Giles I don't know how topronounce your last name, homie
, but he's in the house.
So yeah, seriously, i'm justscrolling through chat and
(34:21):
finding people that are here.
This thing is crazy right now.
Speaker 2 (34:26):
How many people are in there?
Speaker 1 (34:29):
What?
Oh my God?
He's just going to say look, iwant to call her Moana, and she
said she would kill me.
Misha, i asked.
So I was on the show.
I asked if I could call herMoana and she said no, i will
kill you.
Speaker 2 (34:42):
I totally thought that's what it was when I first
read it.
Okay.
And like like your, your brainjust goes there.
It's not on purpose.
Speaker 1 (34:51):
Dude, i did when she so.
She was on the show a few weeksback and I legitimately wanted
to call her Moana and she goes.
No, i was like dang it, allright, i'm just going to get it
right at some point.
I'm going to call her Moana, ifI said that right.
Probably not.
Either way, she's going to beback on May.
(35:12):
In May I got to send her to thelink.
She's coming back, she's goingto be back on the show and then
she can yell at me when Ibutcher her name.
Then, well, no, not a Disneyprincess, please.
All right, hold on, don't yellabout Disney princesses, because
, oh, who was the dang it?
I can't think of it now.
The red headed Scottish one?
(35:34):
or Irish Scottish?
Speaker 2 (35:36):
I should know that I have two little girls.
I should know this.
Speaker 1 (35:39):
I should know this, because I just said it's on a no
, that's frozen.
Um, as we're talking.
Speaker 2 (35:46):
You're the curly one, right.
Speaker 1 (35:49):
Curly red hair shoots a bow and arrow.
Um, she's the daughter of thevillage chief.
No, she marita, marita, yeah,yeah, and hey, look, that is
brave, that is marita, and sheis considered a Disney princess,
even though she is the daughterof the village chief.
So just going to say that she'smy favorite as of right now.
(36:10):
She is definitely my favorite.
Look at the chat for the answer.
You're weird.
I did call me Misha, dammit,don't do that to me, oh man, but
yeah.
So you know, when I look atthese things and I look at our
family and I do, i say it's ourfamily.
(36:31):
everybody who follows,subscribes everything.
And if you're not atcyberwarriorsstudioscom, if
you're not on, Buy Me a Coffeeor Buy March and Dice, that's
okay, i still love you becauseyou're in the chat and you're
sharing the videos.
You're here every week, sothat's what's important.
Um, i was talking about Moanawith the village chief, part.
(36:51):
Um, i, oh wait, i got two starthings.
Uh, what was the other question?
So we did this one.
Oh, here we go.
Misha does ask this a lot, doyou, or do you not tell people
seek out mentors in this field?
I ask this as a generalizedquestion, as I know someone like
me thrives with a teacher, butsome do not Bill.
(37:15):
What would you say?
Speaker 2 (37:17):
You know, this is kind of a tricky one for me,
because I've had people tell meto reach out to somebody and
find a mentor.
But, like for me it's, i have ahard time not self answering
the questions that I have, youknow.
So I guess, uh, if someonevolunteers, however that works,
(37:42):
um, you know, whatever I'm, i'mfor it, but, uh, but I, and it
might just be how I am, but I'vealways, you know, if I have a
question about something, i gofind the answer, you know.
And so, um, if, if and I wouldthink that anybody that is going
(38:07):
to mentor somebody also expectsthe, the mentee, to be able to
seek their answers.
You know, i, like I said, i'vebeen mechanical in a long time
and so I, you know the new guysthat come into the shop.
I spent a lot of time with themjust because of my knowledge
base and everything, and, um,the guys that succeed are the
(38:31):
ones that can find answers totheir questions, and you know
they, they go, they go get whatthey need right.
The guys that don't are, uh,it's because they want it done
for them and they don't reallytry or put the effort in, And so
for me, i, i would say, um, doall the work you can, and a
(38:57):
mentor will come when, when thetime is there, when you meet
that person, right, i don'tthink you should go out seeking,
uh, unless you know you'rereally stuck on something like
start asking questions, but thatin itself is seeking the answer
right.
(39:18):
Ask some people that you knoware involved in that and then
maybe from that you'll developthat mentor relationship.
Speaker 1 (39:27):
So I look at this in a few ways and I do have a
clarification of the question umthat she that she put up.
She did send something, um, butI want to answer this as it
stands before I put theclarification up.
Do you or do you not tellpeople seek out mentors in this
(39:50):
field?
I always tell people to seekout a mentor, with that the
caveat being you must do yourresearch first, because anytime
someone has ever come to me andasked me how can I break into
cybersecurity?
I want to be in cybersecurity,how do I get there?
how do I do this?
(40:11):
at the third, i always ask whatpart?
what do you want to do?
what intrigue?
I always have questions and ifyou cannot answer them, go find
the answer.
I will give you resources tofind the answer, but you need to
find the answer.
I can't mentor you until youknow what you want to do.
(40:32):
Cybersecurity is so broad, itis so vast that I can't give you
an answer.
I cannot.
Do you want to be TRC?
do you want to be a pen tester?
do you want to reverse engineermalware?
do you want to get an exploitdevelopment?
do you want to be in a sock?
do you want to be a simengineer?
do you want to be?
you know all these differentthings, and it goes on.
(40:54):
You want to be in threat intel,threat analysts, like what do
you want to do?
and so that is where the issuelies.
So, yes, as someone that peoplehave come to on many of
occasions of how do I get tothis, i always say do your
research first, let me know whatpart, then I can help you and
(41:16):
guide you.
Then it gives me a little bitmore background.
And the other question withthat is what is your current
background?
you have any IT experience atall?
because if not, i'm gonna tellyou to go get, go research IT
and learn IT first.
Learn the foundations oftechnology and of operating
systems before you try to getinto cybersecurity, because I
(41:40):
want, i want you to have thosefoundations.
I don't need you to work thejob, i don't need you to work
help desk her in it be great,but I don't need you to.
You can get into this fieldwithout that experience, but if
you do not understand operatingsystems, if you do not
understand networking, if you donot understand system
administration and activedirectory in some way shape or
(42:01):
form, it's gonna be a detrimentto your education going forward.
That's the biggest thing.
So I always refer people tolike KevTech IT support, because
that man puts out videos uponvideos about building labs,
building active directory, doingall these different things that
will help you gain that initialknowledge to then take into
(42:24):
cybersecurity.
You don't have to work in thefield of IT, you just have to
have the knowledge of somebodythat has, and not even all of it
, just enough to understand thebasics.
So for me that's the biggestthing and I want you have that.
We could talk.
But I do have a clarifyingquestion from Misha, because you
(42:45):
know she's full of questionstonight I love her more of.
Do you think mentors lead someon the right way or just into
the path they're already on?
Speaker 2 (42:58):
I think it depends on the mentor.
And is the the mentor eligibleor knowledgeable enough to be a
mentor?
and and give you the the nudgethat you need not so much tell
you what path to take.
(43:18):
I get you know.
Does that make sense?
Speaker 1 (43:20):
some of your mentors, some of the people you reach
out to that are proclaimedexperts.
I I hate that term, but peoplereach out to them and then what
happens is one of two thingsthey will allow you to continue
down your path and just guideyou, whatever.
They won't ever ask clarifyingquestions, they won't really try
(43:42):
to figure out what your passionis, what your drive is or
anything else like that.
There's gonna allow you to keepgoing and they're gonna tell
you how to pass thecertification, how to pass the
test, how to pass the interview,without ever understanding what
you're truly trying to do.
And Misha knows this about meand so many others know this
(44:03):
about me I don't care whatyou're trying to do.
I want to know what you'repassionate about.
I want to know where you'regonna find value, because if
you're not passionate about it,especially in this industry,
then it's gonna be very, veryhard to continue to succeed.
You may get that initial job,but eventually you're not gonna
(44:27):
be willing to continue theresearch, which is gonna make it
very hard.
So me, i look at mentors withone of two ways either they're
not gonna help and they're goingonly gonna help people that
already know what the hellthey're doing and they're just
trying to get advice on oneproject or another.
So it's three ways.
They're gonna help, but not inthe way you would like.
(44:48):
They're just gonna allow you tocontinue down your path and
kind of go that way, or they'llbe like myself.
Jj Davies, so many others outthere Phillip Wiley, carolina
Teresa, alyssa Miller I canthere's a slew of people connect
with me I'll hook you up withthem, jacks that there's too
(45:10):
many, i can't even name them allthat will actually look at what
you want to learn, what youwant to know, and guide you the
right way.
A lot of people have beenreaching out to Moana while
recently and she is extremelyhappy about that and ecstatic
ever since she went on the show,people have been reaching out
to her, but that's because we'regonna get her big and popular.
(45:31):
She can get hired in a betterjob.
She needs a better job.
But you know, it's all aboutfinding out what people really
want to do and where theirpassion lies.
That is what a true mentor does, and for me, i'm all about
passion.
I'm all about finding what youlove.
That's where the importance is,because if you don't love it,
(45:53):
it's gonna be so much harder tolearn it.
Adriana, you're right, she isdope.
Let's see so much stuff.
Oh, my goodness, chad is onfire.
I love you all, all my words.
Speaker 2 (46:08):
I love you all.
Speaker 1 (46:10):
So let me take that one off.
Ooh, bill, i know you're notnecessarily in the real world
yet of cyber security, but Iwill let you answer your current
feeling on this.
How true do you feel CTF wouldcompare to the real world?
Speaker 2 (46:29):
real world, i hate you know what, any time that you
have a sample of something likea CTF is a sample of a company,
(46:50):
of a box.
The emotions, the, the pressure,all that stuff is different
than the real world.
You know, it's good practice,but when, when you're actually
doing things in the real world,i mean, you know, i guess I try
(47:10):
to apply to some degree whatI've learned to the things that
I do on a daily basis in mycurrent job and I can't tell you
how many times that I'm likestumped, or, you know, like,
like I said, i've been learningPython and then you know you do
these things.
(47:31):
That on on, the differenttutorials and pages of some of
them are really good, but thenyou've got to go out and find an
actual challenge to do and andit's different when you do it,
when you actually have to codesomething, or when you go from
doing a CTF to being on the joblike it's, it's gonna be
(47:53):
different.
It's practice.
You get the concepts, but I'mnothing beats real-world
experience, right so I'm gonnasay it like this CTFs are
fantastic.
Speaker 1 (48:13):
Ctfs teach you what to find, not necessarily how to
find it.
And the reason I say that isthis when you go to a CTF,
you're given a question or yousee an initial problem and your
scope is very limited, limitedto one machine, and through
scans and this at the other, youcan kind of get a gist of what
(48:37):
to do.
You know what you're lookingfor.
In the real world.
You don't have that.
In the real world you'relooking at things and you have a
vast scope.
You have a vast things to lookat.
You have a variety of softwareprograms and you don't know
where to start, whether tosearch for this or search for
that or search for this.
However, here's the differencebetween the two Depending on the
(49:02):
CTF, you have time.
You can always find a way tospread that out and do the
research and figure it out In areal-world pen test, red team
exercise, just about anything.
You have a week to find whatyou can and a week or two to
(49:26):
write the report.
Generally Sometimes they golonger, but generally It's a
week and then a week or two towrite the report, whereas with a
CTF especially something thatis not like a sans net wars or
something where you're at aconference and you have 20, you
know however many hours you have.
(49:47):
As long as you want.
If you're doing hack the box,try hack me, whatever.
Actually, angie just said itand I'm gonna put this up here.
This is what I will say.
Ctfs give you the ability tolearn the tools that you will
use in the pen test, and notalways, nor necessarily in a red
team engagement.
They come in handy during pentesting Your meta-sploits, your
(50:10):
sequel maps, your end maps, yourlet's just send every noisy
freaking tool we have at the boxto see what we find.
That is where CTFs come inhandy.
That truly is.
It is the best way to practiceyour skills on any tool is go
into hack the box.
Go in to try hack me.
Go into your conferences andjoin their CTF challenges.
(50:34):
Do sans holiday hack challengeat the end of the year.
All these different ways youcan practice tools, learn
different things, do reverseengineering so many different
things you can learn.
Ctfs are great for that.
Real world will always takeprecedence.
So, because now you have noisemore noise than you will ever
have on a CTF, yeah, and youhave to be able to sift through
(50:58):
it all.
So nothing really beats thereal world example.
Let's see.
So we got a few questions.
Speaker 2 (51:07):
Yeah, they're coming in.
Speaker 1 (51:09):
I know right, so follow question read CTFing.
Would you say the same thingabout building home labs using
VMs?
No, all right, i'm gonna putthat out there.
I said no, but, bill, you cango ahead.
Speaker 2 (51:23):
The nice thing about a home lab VMs is you get the
experience putting that together, troubleshooting that, whereas
you know, like the online stuff,that's kind of already done for
you.
you know, sometimes you runinto an issue that has nothing
to do with the actual CTF andyou might get to troubleshoot
(51:47):
that, or it might be somethingon hack the box try hack me,
whatever their end of things.
But when you're building a homelab and you know setting up VMs
to attack and stuff you'rethere's a lot of, a lot more
learning that goes on there forthe basics that you need.
(52:08):
you know Troubleshooting is askill that, like that's
irreplaceable.
I don't care where you are,what industry you're in.
So, yeah, i would say there's alot more value in the home labs
, at least as far as I've found.
Speaker 1 (52:25):
So I will say this If you have the capability and the
capacity and the hardware toset up a home lab, those basics
come in handy because you'regonna learn how to network.
You're gonna learn how to dodifferent things to get your
virtual machines to talk, to geteverything to work together.
Now there are scripts out therethat will do it automatically
(52:46):
for you through Virtual Walks.
There's things called likedetection lab and a few others
that'll do it and set it all upfor you and build the subnets
and all that other fun stuff.
Yeah, that's great.
If you just want to set it upand go for it, however, again,
then you lack the experience ofsetting it up yourself, creating
the accounts, generatingtraffic and doing all this on
(53:08):
your own.
If you were going for, like ablue team type exercise,
anything, anything you can getthat will generate fake traffic
is perfect, because you want tosee those events, you want to
see those logs, you want to seeall that information.
But if you're kind of doingpurple team or red team, you
(53:28):
need to set it up yourselfbecause you need to see what's
there.
I will say do not use somethinglike a Metasploitable 2 unless
you're a beginner.
If you're a beginner, it'sgreat because you're going to
have a lot of noise, you'regoing to have a lot of things
that you can like, takeadvantage of and a lot of
different avenues to attack sameas Juicebox and all these other
(53:51):
things that give you testingenvironments.
If you are more, if you're, ifyou're past that beginner phase
of attacking something, set upyour own VMs, install software,
open up random ports, see whatyou can do, install things that
like SSH servers, intelnetservers and FTP servers and just
(54:14):
see if it's exploitable.
Just see if you can findsomething.
Because if you set up multiplepoints of software and if you
install something with anunquoted service path, if you
put in a weak password, if youset up a web server, start doing
all these different things at abasic level.
I'm not telling you, do it andlike build a whole company out
(54:35):
of it, literally one by one,basic level stuff of all.
Right, i'm gonna take thissoftware that is about a year
old, don't do any research on ityet, don't look for the
exploits.
Again, we're talking about whatnot to do.
Don't look for anything yet.
Literally, find software thatis six months to a year old and
install it on your servers inyour endpoints.
Then take web servers, installthat, create accounts, put stuff
(54:59):
in the description likepasswords.
I've seen passwords in thedescription of Active Directory,
legitimate passwords of oh,initial password is getBent123.
And so those are there andit'll say needs changed.
Do these things and then takethat and use it to your
(55:21):
advantage.
You learn how to connectthrough LDAP and download all
the descriptions, like all theusers, and you're like oh, this
username has this description.
Let me log in and do this.
All of a sudden, now you'relogged in through Evil WinRM,
because somebody left WinRM openon this server or on this
computer.
And now I can do all thisthrough a user account, a valid
(55:45):
account.
And now with that, now you'relearning to attack your,
generating logs on your own,install security on you, tie it
to your network and now you'regonna see blue team traffic.
Now you're gonna see events,alerts and everything else.
All this is free.
(56:05):
It doesn't cost you a dime,because you can download just
about any instance of server anduse it for free for 30 days.
You can download Ubuntu server.
Use it for free forever.
You can download CentOS or RedHat Linux.
Use it for free for a while.
So many different serverplatforms out there.
Give you a trial.
Speaker 2 (56:26):
Yeah, i've got it.
I've got an old Windowscomputer that I will go find
whatever malware I can find andrun it on it and the poor thing,
it's tired of it.
Speaker 1 (56:45):
So this is what we're gonna do.
Let me whoa, i got rid ofsomething.
I did something here.
What did I do?
All right, there we go.
I am gonna let you give, i'mgonna let you talk for as long
as you want and I'm gonna letyou give final words what not to
do, what you've learned in yourjourney so far, give any advice
you can, and we're gonna runwith it because, let's be
(57:08):
completely honest, this show isall about you.
This is your journey, your path, what you have found not to do
in your journey, and I feel likeI've been talking too much.
So I'm gonna let you talk alittle bit and you know I'll
join you here back wheneverwe're about to sign off.
Speaker 2 (57:27):
Yeah, you know, there was a point where I, we were
moving, but I kind of I stoppedwith cyber for a little while,
several months, and you know Iregret it, like that was so much
time that I could have, couldhave been learning and doing
(57:48):
things, and for me it's likeit's don't give up, find a way
to make it work, even even if,like, you're just reading a book
for a little while.
I mean, there's so much freestuff out there.
It's, you know, it's.
It's definitely one of the onlyindustries that that I've seen,
(58:15):
where just about every piece oftechnology, every skill that
you need, you can find a way tolearn it for free and and like I
was telling Derek before thestream, you know a lot of other
(58:35):
industries.
There isn't a supportiveLinkedIn community.
There isn't Cyber WarriorStudios and the family here, and
so you know, don't give up,keep going.
Speaker 1 (58:52):
Man, i thought you'd have more than that, but we'll
go.
No, it's all good, man, becauseyou are.
you're still breaking into thefield and that's very important.
right, when you're looking atthis industry, when you're
looking at the networks in thecommunities you connect to, so
many people I have seen isolatethemselves and kind of be like,
oh, i can only be part of thissubset of the community or this
(59:14):
subset or this subset or whathave you, when the reality of it
is, yeah, and unless you'refinding an elitist prick which
don't get me wrong, they're outthere.
I talk about them all the timethat is throwing you.
oh, you don't belong becauseyou don't.
you don't have thiscertification, or you don't know
programming, or you don't knowthis, that.
and the third Fuck them, getrid of them.
You don't need to deal withthose people Here.
(59:35):
It's all about the effort youput in and that is very valid,
and Andy even says it here.
don't be so hard on yourself.
for one number one, take careof yourself first.
I yell at my team now that ifthey take a PTO day, or if
they're taking PTO at all, idon't wanna see them log in to
(59:55):
work at all.
You're gone.
I don't wanna see you.
I don't wanna hear from you.
you're on PTO, so unless it'san emergency, telling me you
gotta take another few daysbecause you're at the ER or
whatever's going on, i don'twanna hear from you.
Be with your family, be withyourself.
whatever you have deuces,you're out, you come first
mentally, physically andeverything else.
(01:00:17):
So with that, i always look atthings in such a way that we
have to really come together asa community And you can bring
communities together, and forthat you need voices of reason,
(01:00:39):
you need people that can breakit down and be like look, we all
belong here.
I've got my warriors And Iallow my warriors to do the
talking for me on a lot ofoccasions because, guess what,
we all belong here.
So what not to do?
don't ever discount yourselfbased on any physical attribute,
because what truly matters andif you are following me on
(01:01:04):
YouTube and TikTok andeverything else, you would have
seen this video What matters iswhat's inside your heart, your
passion, your drive, your soul,everything That's what matters.
Nothing in society, nothing incybersecurity, nothing, ever,
ever matters except for what isinside here.
That is what is vital If we aregoing to sit here and look at
(01:01:26):
the exterior features and belike, oh, because I look like
this or act like this, orda-da-da-da-da, and count
ourselves out.
Look first me and you are gonnahave a talk, and then I'm gonna
send you to some other peoplethat are gonna have a talk with
you and eventually you're gonnaget around to fuck it.
I belong here, this is me, thisis who I am and I'm proud of it
.
That's all you need to do.
(01:01:48):
But when you start discountingyourself based on the physical
homie, a year from now my beardmay not look this good.
I may have a hell of a lot moregray in it.
My hair may start turning gray.
I don't know.
the physical will fade, butinside, here, never will never.
The passion is there, the driveis there, the love of my
(01:02:08):
warriors is there and thisfamily is consistently growing.
plain and simple.
Oh, bill, hang around backstage.
I'm gonna sign this off realquick.
All right, any more final words.
Anything else you wanna say?
Speaker 2 (01:02:22):
Uh, thank you for having me on.
I was definitely a littlestressed about being on YouTube
like live in front of the wholeworld, but it's actually been
really nice, so, so I'm here,for him here, to make it fun.
Yeah, yep.
Speaker 1 (01:02:41):
So here's the thing.
This is Cyber Warrior Studios.
I am the cyber warrior.
This is security happy hour,and before I sign off for the
night, i do wanna say this Ihave been running banners down
below all eveningCyberWarriorsStudioscom, all the
ways you can follow me onsocial media and all the ways
you can support the channel.
It is also in the descriptiondown below of YouTube, linkedin
(01:03:02):
also.
Actually, if you're watchingthis from LinkedIn, go ahead and
check it out.
You're watching this fromFacebook?
go ahead and check it out.
Bill's LinkedIn page is downbelow in the description.
Please make sure you connectwith Bill, get ahold of him,
because we all need to cometogether as one.
We all need to guide each other.
The more we can see, the moreinformation we can put out there
, the better off we are.
(01:03:22):
If you are not connecting witheverybody, if you are not
connecting with the people inchat, if you're not connecting
with me or Bill or Andrea orAdrian or Misha or Jason or
anybody else, or James, any ofmy warriors, you're seriously
missing out, because this iswhat community is all about.
I will bring on every newcomerthat is just trying to break in,
(01:03:45):
because it is your voice thatis more important to mine
because, guess what, i'vealready been in the field for
many, many of the years.
I don't need to be doing this.
I do this for you.
Otherwise, look, i love you all.
This has been Security, happyHour, cyber Warrior Studios, and
I hope you all have a fantasticFriday's day and a fantastic
evening, and I will see you allnext time.
(01:04:06):
{\an2.
Oh, welcome back everybody.
That's right, it is me, it isthe cyber warrior, this is cyber
warrior studios.
And of course, i know you'reall here for security happy hour
And I'm I'm sure we're gonnaget into.
We've got an amazingconversation plan because we're
gonna talk about some things Nota lot of people talk about, but
that's what we do here, becauseguess what?
It's my show and I'm gonna talkabout everything going on in
(00:25):
this world, especially withnewcomers coming into cyber.
So I want to thank you all forbeing here And I promise, if you
hang with me for like 10seconds, i'll be back here and
you're gonna just love this show.
And There it is.
(00:51):
Security happy hours officiallyoff and running and we were
ready to go.
Now, without further ado, letme introduce to you my guest
this evening, bill leck.
Bill, how you doing today.
Speaker 2 (01:03):
I'm good Glad to be here.
Speaker 1 (01:06):
Goal good to have you here.
It's gonna be an amazingconversation.
We got planned All right.
We're gonna be talking some bigthings and those big things are
What not to do.
But before we get into that, iNeed to get a little rundown on
how you get them.
got invested in cyber securitybecause we're still trying to
get you to Find your way into it.
We still want you there.
(01:27):
We're working to get you there,but you've been doing a lot of
studying, a lot of other things,so give us the rundown, man,
how'd you find this path for you?
Speaker 2 (01:36):
well, you know, at One point in my life I guess I
own my own truck repair shop andso you know, i was the mechanic
, the accountant, the IT guy, um, and and so like I got closer
and closer with computers and atsome point, like the whole the
(02:00):
sphere of privacy on online likejust really took hold of me,
you know, like very interesting,and I guess you kind of come to
a Point where you realize thatthere really is no such thing as
privacy online.
But then I saw mr Robot right,which I know it's kind of cliche
(02:21):
, but I It just kind of blew mymind that there really was like
a whole Cyberworld andeverything where, you know,
there is a Career that a guy canmake in it.
The more I looked into it andYou know, i guess at some point
(02:42):
I just kind of decided that Iwas you know, i've been a
mechanic for almost 15 years nowand I I just decided that I
wanted to change and slowly butsurely I've been learning and
studying and Eventually.
(03:02):
I'll get there.
Speaker 1 (03:04):
Yeah, definitely, and it's gonna take.
It's gonna take time, as allthings right.
You know, one of the thingsthat people tend to forget and
they get really upset and theyget really aggravated and they
get really hurt and everythingelse like that is That,
especially for those later on inlife They're trying to career
transition.
I think it's gonna be easy nowfor a lot of these people
(03:25):
Because of the way when you'vebeen in a career 15, 20 years,
you get into it And yeah, maybeyour original career was easy to
get into, going back 15, 20years, right, which seems a long
time ago, but it wasn't and butbut things were still easier
then.
Now, especially this field, whenyou're transitioning in, there
(03:46):
are so many people on the market.
For anybody that says there's askills gap, i completely, i can
find ways to debunk it.
I swear I can.
There's not a skills gap isthat there are so many
competitive people on the marketnow doing so many things That
you have to find ways to becompetitive.
So it makes it a lot harder toget in because When we have so
(04:10):
many people there that arewilling to take Less money for a
senior role than others,they're gonna get hired.
Kind of fill that junior rolebut have more, more experience
and more everything, becausethey need to get their foot in
the door somewhere else.
It sucks, but it happens.
So I think we have a hiringproblem, not necessarily a
(04:32):
skills gap problem.
We have to find a way tobalance these things out, yeah,
but yeah, the fact that you'restill in it, you're still
learning, you're still growingand you're still going with it
Look, you're in the right place.
My warriors, this is what we do.
We help people all the time andwe'll continue to do so.
so you're definitely in theright place now Saying that the
(04:55):
topic of the day is what not todo.
First and foremost, what madeyou Come up with that topic?
Speaker 2 (05:09):
I.
Speaker 1 (05:11):
Know it's a new question.
You've been watching for awhile.
I haven't asked that one yet,so we got that one out there
because I'm intrigued and I wantto know what made you kind of
think of that one.
Speaker 2 (05:19):
You know, like I messaged you because of that
scholarship thing from from ECcouncil, yep, and You know, just
I was getting opinions frompeople because it just it seemed
kind of funny, right, likeTheir lowest tier Certificate,
(05:41):
certificate and class, and theystill, you know, they still
wanted a couple hundred bucks todo it.
It just it really seemed like akind of a scam and You know, it
was like what do I do?
Should I not do this?
you know, and you know theother thing is like I've had a
(06:03):
lot of people tell me, you know,don't let the training or the
The sales side of the trainingfor cyber get to you, because
there's a lot of, you know,there's a lot of people trying
to sell you something, and right, so yeah, I think what bothers
(06:25):
me about that is They've alreadytaken a hit to their reputation
based on things they've donepreviously With blog posts,
things like that.
Speaker 1 (06:34):
They have taken a huge, huge hit.
So I took The.
I got a scholarship for theCCNA cyber ops Certification.
That's going back a few years.
Cisco's a big company.
Their certifications are notcheap and they keep revamping
them and redoing them andchanging things, but they're not
cheap.
(06:54):
Yet I got that scholarship andwas able to take the test for
your charge.
There was, there was nothing.
What.
Once I took the test there,like, are you past?
there you go.
I didn't have to pay out ofpocket for anything and so, like
I told you, you know, with whatyou were doing and what you
were going through at the timewith your career transition,
with trying to Stay your courseand stay your path and your
(07:17):
learning, you know I will neverSay education is bad, regardless
of where it comes from, and Ithink had EC council provided
that certification attempt freeof charge, it would have more
weight to it in my eyes, becausethen they're confident in their
(07:37):
ability to deliver and they Andthey don't have to worry about
the money aspect.
They know that they'rerebuilding their reputation in
their brand.
But to charge for it justseemed I Can't, can't put my
finger on it, but I just can't,i don't know.
Speaker 2 (07:55):
Yeah, and then I saw other people posting on LinkedIn
and stuff like how, how theyfelt the same way and I didn't.
I just declined it.
You know it's I've been on apath Quite some time now.
I've been just working my waythrough, try hack me, and then
there's a couple other apps outthere for learning Python and
(08:20):
stuff, and like I've had peopletell me both ways with learning
how to code, like That.
I've had somebody tell me thatit's, it's for kids, and then
I've had other people tell methat it's the way to go.
And The thing is, you know, i Ienjoy it for one, and I've
(08:40):
learned so much about the basicsof how how things work from
learning the Programming side ofit, you know, and, and so I
just I'm like I'm gonna stickwith it.
You know, i think I've beendoing it for Months and months
(09:00):
and months.
Now I've lost track.
Speaker 1 (09:02):
So and that's a thing .
Right?
so coding is not required incybersecurity.
Anybody that tells youprogramming and coding is
required in cybersecurity, tellthem to get bent.
It's not.
Security is too broad of afield.
It's not absolutely required.
However, comma, i will say thisdepending on what area you went,
once you get into, it can benothing but a benefit.
(09:22):
Actually, no matter what areayou want to get into, it can be
nothing but a benefit, becauseyou can Automate a lot of your
menial tasks and a lot of thesesmaller consulting companies and
a lot of these smallerorganizations, if you can
automate workflow and then yougo about your daily work and do
the manual effort that that isrequired.
Yes, that initial investment ofAutomating this and building
(09:47):
out whether it's terraform forcloud deployments or Python
scripts for you know what haveyou then automating it will help
you out.
But The manual effort is whereyou'll sink your teeth in and
you'll be able to learn and keepgrowing, because now You know
enough to get these automationtasks out of the way.
So, for anybody who tells youthat, don't do this right?
(10:10):
so my, my initial thought ofwhat not to do Don't listen to
people that tell you not tolearn something.
That's something what not to doAnd it's a double negative.
I know it sounds really weird,but if anybody tells you not to
learn something, they are nottrying to help you.
Speaker 2 (10:33):
Yeah.
Speaker 1 (10:35):
Because in this industry, any knowledge is good
knowledge, no matter where itcomes from, no matter what it is
.
So saying that you're stilllearning, you're still growing.
You haven't been you know kindof going through your education
process for incredibly long.
What have you seen that youwould tell people what not to do
(11:00):
, or what would what, in youreyes, do you think is something
that it would go against whatanybody else would tell, would
say not to do?
Speaker 2 (11:12):
I would say don't lose your focus.
Don't get discouraged whenyou're using some of those
platforms and you're not gettingthe answers.
Instead, find a way to get theanswers.
Like you know, it's okay tolook up the walkthroughs or find
(11:36):
the YouTube videos.
Like, a lot of the things I'velearned have been because I
found a YouTube video on thatspecific topic I was trying to
learn, or that room I was tryingto walk through or whatever,
and it doesn't matter theplatform you know And the guy's
showing you his tricks to it.
(11:57):
You know, because you may notlike, like you may get all the
way done with try hack me stuff.
Well, they're still hack thebox, they're still blue team
online And you know like you'regoing to get to those next ones
and you're going to know thatstuff and you're just going to
build on it.
You know the time spent on itis still valuable experience
(12:24):
Whether or not you knew theanswer right off the bat.
Speaker 1 (12:27):
Right, And that's the thing, right, you know there
are.
There are so many ways to learn.
As the saying goes, there'smore than one way to skin a cat
and people are going to hatethat saying, but let's be honest
, it's common saying and it'svery true.
And even in my learning journey, even as I have come up,
(12:55):
complete walkthroughs on retiredboxes for hack the box have
helped me out where it's beenthings that I would not have
thought about.
It is things that I've lookedat and been like how did I miss
that?
What I will say is anybody know?
that right, and the caveat tothat is do everything in your
(13:15):
power, research everything youcan.
exhaust all your resourcesfirst Yeah, before you go to a
walkthrough.
because what's going to happenis you're going to get in such a
habit of just going through towalkthroughs and being like, oh
yeah, i know all this.
You're not going to learn howto research, you're not going to
learn how to look up, how touse a tour, how to do this at a
(13:36):
third, so you're going to becomeindoctrinated basically to
walkthroughs and to peoplegiving you answers.
And so for me, what not to do?
don't ask someone for theanswer.
Ask them for guidance.
Is there something that Ishould be looking up?
(13:58):
Is there a toll that I haven'tthought of?
Is there something like that?
And I think that's huge.
Too often, especially in thisday and age, because of the
accessibility of the internet,we want the quick answer, we
want the quick win.
It's that immediategratification kicking in.
I need to know it now.
I need to know what the answeris right now.
(14:19):
And that is a huge problem,because nothing in our industry,
unless you have the tribalknowledge of it, do you get the
answer right now.
Someone's looking it up.
I have started using DuckDuckGo.
It's a little bit moredifficult than Google.
You don't get all the answersright away, but with the right
(14:40):
terminology you can figure itout.
It's just, it is what it is.
You know what I mean.
Like, it's just one of thosethings where don't look for an
answer to a problem.
you're going through like a CTF.
Look for how to use a toll tofind the answer to your problem,
(15:04):
if that makes sense.
Speaker 2 (15:06):
Yeah, no, and I'm not saying it's like my first
resort, it's oh, i've done it, iget it, don't give up Like find
a way to get it done and orstop and move on to something
else because you might learnlike the trick to that whole
thing or how that works on theback end from another room,
(15:29):
another research topic, whatever, and you can come back to it.
Biolines, don't give up.
Like I firmly believe I'm notemployed in cyber yet, but I'm
going to get there right, andI've seen so many people on
LinkedIn that it seems likeforever they've been trying to
get a job and they finally doLike they didn't give up after
(15:53):
how long.
And then you see other peoplethat have kind of just
disappeared and it sucks becauseyou know that they're probably
valuable, like they wanted to doit.
Maybe not bad enough, butThat's the kicker To me.
Speaker 1 (16:11):
It's all about that passion, right, it's all about
that drive.
And if you're why it's strongenough and I've talked about
that on here, i've talked aboutthat on Walk With Me, i've
talked about that on MotivationMonday.
I've put posts on it onLinkedIn, twitter, everything
Your why has to be strong enough.
If your why is strong enough,you will overcome anything
because you're going toconstantly, you're going to
(16:32):
consistently pursue that goal.
But I do have a question here,bill.
I'm going to let you give yourtwo cents.
You're still trying to break in, so I don't know if you're
going to have anything on this,but it's from one of my other
warriors, Misha, and it's avalid question, but she might
not like my answer.
But I'm going to let you gofirst.
So I have a question Is thereanything you would say to women
(16:58):
breaking into the field that youwouldn't say to men in the what
not to do?
Speaker 2 (17:07):
Is there anything you would say to women?
So I guess I would say why inthe world do you see a
difference between the two?
You're trying just as hard as Iam, so on the other side of the
computer, how are you anydifferent than me?
(17:28):
And I would even argue there'sprobably somewhere that you're,
something you're good at thatI'm not good at, and it has
nothing to do with our genders.
Speaker 1 (17:42):
It's just we're different people.
Speaker 2 (17:46):
Don't ask me to do IP tables, okay.
Speaker 1 (17:50):
And you're a Linux person and you hate IP tables.
Speaker 2 (17:55):
Who's faulted that?
Speaker 1 (18:00):
You got me dying over here, bill.
So on that note, i'm a pissMisha off, actually, no, i'm not
, she loves me.
I will say this There issomething I will tell women not
to do that are breaking in thefield that I don't feel I have a
need to tell men to do.
It's not that I don't thinkthat there's any difference.
(18:23):
Is that there is one difference, maybe more, but the biggest
one I see Women have found it anecessity, based on experience,
to have to a try to match 80 to90% of any job description
(18:44):
before they apply.
Knock that shit off.
If you like the job description, apply for it.
I'm not saying apply to everyjob out there.
I'm saying look at the job,what is required of the job,
what your duties will be, and ifyou feel like you can do that,
apply.
Don't look at the requirements,don't look at the
certifications, the education,the degrees and things like that
(19:04):
.
Don't look at it.
Just look at what is requiredfor the job, but if you feel in
your heart that you are capableof doing it, apply for it.
Number one Second thing isfight for your damn salary.
And I say this because that isthe other part.
So many people talk about thewage gap.
It's big content.
There's a lot of contentionwith it right now whether or not
(19:27):
it exists.
Excuse me, i will say it doesexist, not always for the
reasons people think It exists,because women who are just
coming into the industry, justcoming into the field, or any
field or any workforce for thatmatter, are too afraid to fight
(19:49):
for their salary.
They do not look up what thecommon salary is, what the
average pay is for this state,for my location, because of X, y
and Z, so they get paid less.
So it's not that it doesn'texist, it's that women are not
fighting for the same, they'renot asking for the same salaries
and fighting for the samesalaries that men are.
(20:12):
Because, let's be honest, as aman I'm an asshole sometimes and
if I tell you I want somethingand you don't give it to me, i'm
going to go somewhere else.
I'm not going to fight andargue with you back and forth.
I am literally going to tellyou what I want.
you're either going to give itto me or I'm going to walk women
because they're still trying tobreak in and find their footing
(20:32):
.
we'll be like, oh well, okay,i'll take it.
Now there's more biologicallyand genetically that I could get
into.
that's a whole differentconversation, but that is the.
the crux of the matter isthey're not fighting for what
they're worth, and I thinkthat's a lot of people, that's,
any anybody across the boardthat takes the first offer given
(20:55):
to them without if you don'tknow the person hiring you.
nine times out of ten I knowthe person hiring me.
this is the importance ofnetworking.
I've already got a job before Igot a job, i literally know my
salary before I walk in the door.
so when I got to go through theprocess and I'm like, oh yeah,
okay, i'll take this, i knowwhat I'm getting, i've already
(21:15):
worked it out beforehand.
so if you're not in thatsituation and they're not
offering you a salary range,then just come in high, see what
they give you and then takethem up up a few thousand
dollars, maybe ten, maybe twenty, depending on what the average
market value is.
take them to market value.
if they're undercutting you,fuck them go somewhere else go
(21:40):
somewhere else.
Yeah, that's my take, and I lovethe fact that Misha agreed with
me.
Damn it, i was hoping we wouldargue I love Misha, she's one of
my baking sisters, i love her.
But I'll say that I think thatdepends on the generation as
well, with meeting expectations.
(22:01):
This is true.
Gen Z is coming along a lotfurther and understanding more,
and I will even say the youngermillennials not the zennials or
like I don't know where I fallin in that crowd, but either way
, we're kind of like, especiallyas men screw you, pay me.
The women are kind of like I'lltake what you give me and your
(22:24):
Gen Z and stuff.
And then especially the newones coming up that aren't Gen Z
.
Whatever the new generation is,yeah, they're.
They're gonna run ham oneverybody around the office and
just tell you what to do, justsaying my son's already know a
lot more than I do at times.
Oh, damn it, sacred goddess,why do you got to do this to me?
(22:45):
we're also viewed as getting inbased on looks rather than
smarts and a whole lot of thethings I can't say in polite
company.
Know your worth, know yourbiggest asset is between your
ears.
Yes, that is still a fightingbattle for certain men, and I
say certain men because they'rethe ones that are saying this
(23:07):
nonsense that she is telling him, telling everybody you know I
fell under that trap I did, iwill hands down, admit it until
I got older and wiser andlearned and became more
understanding and actuallytalked to and had intellectual
conversations with people of allages, races, genders and you
(23:29):
name it.
Yes, i fell into that company,i will not deny.
Speaker 2 (23:35):
I was now.
I think that they're.
You know there's always badapples, right like you, you
might go to one company whereyou've got somebody in charge
and you know, i've.
I've been in management a fewtimes in my life now and I have
a lot of theories on it.
But there are a lot of peoplethat get put in management
(23:56):
because they they were therelike they were available or they
knew somebody, but they aren'tleadership right and and and the
companies that have leaders inplace won't.
Speaker 1 (24:12):
We'll see the value of a person based on you know
what they're bringing to thetable, not their looks right but
you still see the flip side toit you know, you still see the
flip side to it, and this is andthis is the problem, because
(24:32):
that flip side still exists andit is not at the fault of the
women.
No, that problem is definitelyat the fault of the men.
Yeah, that have caused that tohappen.
So that is why we still havethis issue and that is why men
who want to, that is why thereare men out there that challenge
(24:53):
women and it sucks.
It shouldn't happen, it reallyreally shouldn't happen, but it
does.
I will say, some of the bestand brightest that I have had on
this show and I talked toonline are women.
Hands down, it doesn't matter.
So I work with one of our.
One of the females that I workwith is finding stuff and
(25:18):
bringing them to us.
As far as an offensive securityteam bring into them stuff like
every night, always findingrandom ass shit, and so some of
the best and brightest I knowhave been women and so, hands
down, it is you.
It's one of those things.
This, this is where I'll standby and I'll kind of like try to
(25:42):
veer off this topic at thispoint.
When you apply for a company,when you interview with a
company, when you talk to acompany.
When you get into a company,should you choose to work there
and think that the culture isright for you.
If you find that it is not afit, you can blame the company,
(26:02):
put them on blast or whateveryou want.
Let's be honest sometimes itworks, sometimes it doesn't.
You kind of take what you canget, but the thing you can do
that will work is if you havethat brain power, if you know
what you say.
You know go somewhere else andmake them wish you wouldn't have
left.
Yeah, that I will say.
(26:24):
The best way to hurt a companyis leave.
Leave.
Speaker 2 (26:28):
Find a company that will appreciate you for you but
yeah, whether or not you're toldthat you're valued or feel that
you're valued like you, youbring some value.
If you are still employed there, you have value, and you may
not realize how much it is.
They may not realize how muchit is, but when you leave they
(26:51):
will know.
And you, you may not know, butyou'll know yeah, and that's the
biggest thing and that'severything.
Speaker 1 (27:00):
That's, that's.
That's, that's race, gender,religion, whatever.
If you feel like you're notbeing valued, for whatever
reason, bounce.
You can say your piece and tryto get it addressed first.
If you enjoy what you're doingand you and you like your pay
and everything else, icompletely understand.
But if that, if that cultureisn't gonna change and let's be
(27:22):
honest, it is very, verydifficult unless you were at the
tippy, tippy, tippy top tochange a culture then bounce and
make them regret that they lostyou, because eventually, when
you have a company that has allthe same mindset surrounding it,
it will not succeed.
It will go wonder.
(27:43):
It may take a few years, don'tget me wrong, it's not gonna be
immediate.
But if you are not valued andthey do not value bringing
people in of all walks of life,then that's their loss, that is
truly their loss yeah oh,alright, so we've got.
(28:05):
Oh man, all my warriors arefamily, but we've got Amanda
here and I'm gonna start callingAmanda, another one of my
warriors.
I've been talking to her anddiscord in on tick talk.
Good people love her.
Good to have you here, amanda,nice to see you checking in.
Funny enough, our friend Billhere is also blue collar working
, but she looks forward to findsomething where I'm not judged
(28:25):
constantly.
I will be point blank honestwith you here, and it's only
because I've been talking thissong.
I'm gonna let Bill take overafter this.
This here on my channel in mynetwork with people that know me
, anyone I call a warrior.
This is a judgment-free zone.
It does not matter.
(28:46):
And if you have a problem withsomeone stepping up to you and
judging you for what you looklike, what you do, what you've
done in your life or anythingelse like that, when you're just
trying to make a living breakin and be the best you can be,
send them my way.
Or to any one of my warriors toinclude one of what talk Tarver
, that's in there and I probablybutchered her name and she's
gonna kill me Andrea Myler,jason Roe Haas, james shit, he's
(29:13):
gonna kill me too, because Ican't remember his last name
right now.
I don't know.
I got a ton of them on LinkedIn, twitter and everywhere else.
Send them to any one of us andthat will stop.
Bill, you got anything for thisone?
because I love having her here.
I just started talking to herrecently and the fact that she's
here another warrior to add tothe family.
People, let's go.
Speaker 2 (29:33):
I mean, do do whatever you can to make things
that you're judged on, like youractions, your, what you bring
to the table at work and all therest of it.
It won't matter.
I, you know, like if you'redamn good at what you do, people
(29:54):
will remember you for that, notwhat you look like, because
that changes.
I mean, we grow older daily,right by the minute, so it's
immaterial, like the things.
The things that you should seekto be judged on are the things
that you do, your actions, whatyou know, the things that are
(30:16):
actually valuable, the thingsthat actually put food on the
table, you know yeah, so it's.
Speaker 1 (30:26):
It's one of those things that we we, yeah, take it
and make it hurt.
Make, make them hurt if theyjudge you for anything quite as
simple like own your weaknesses,own your strengths and welcome
people being diverse and andhaving a difference of opinion
(30:49):
and being different than you.
I think that is where we havegone wrong, and so when we talk
about things not to do, i'mgonna tell you what not to do.
Do not I repeat, do not try tobe the same as somebody else.
If somebody is stronger thanyou in something, do not try to
live up to them, because thatthis is what's gonna happen.
You're gonna take yourstrengths, they're gonna become
(31:10):
your weaknesses now and so nowyou're on the same level, so now
you have the same strengths andthe same weaknesses.
Hello, how you gonna get anybetter, how you gonna function
as a team.
That that, literally in societytoday, makes no sense to me.
Why are we trying to be equaland be like, oh, they can do
(31:32):
this, so I can do this.
Okay, so if you can do that andyou're doing that consistently,
what's gonna happen to letstuff you used to be able to do,
especially in this industry, ifyou don't use it, you lose it.
Plain and simple.
Am I wrong?
Speaker 2 (31:55):
No Spot on.
Speaker 1 (31:57):
Right, that is the biggest thing.
If you don't use it, you loseit.
In this industry and in so manyother industries, we strive so
hard to be like somebody else.
Why Be you?
Love your strengths.
Teach someone your strengthswhile they're teaching them
yours, or while they're teachingyou theirs Yeah, that's how I
(32:21):
said it right, and you bothbecome stronger.
But don't ever stop doing whatyou're good at.
Don't ever stop doing whatgives you that competitive edge.
You can learn more, but don'tever give up what you already
know.
There's another thing what notto do.
(32:43):
Don't give up what you alreadyknow.
Yeah, don't ever stop learning.
Keep growing, but don't give upon it.
Man, chat is on fire tonight,so real quick.
And then, bill, i want you totake over and say some stuff,
just because I don't really.
Oh wait, we got anotherquestion here, so cool, i'm
going to bring that in in asecond.
(33:04):
Let me tag this.
It's the same thing.
Speaker 2 (33:07):
You get talking and I'm used to listening.
Speaker 1 (33:12):
I got yelled at in one of my comments for talking
too much.
I was like all right, i'll tryto tone it down, but I do want
to say and give a shout out toall my warriors in chat this
evening.
We've got Jason Rojas.
Misha Kari Wanawa I'm justgoing to call her, sacred
goddess.
Amanda is here.
Steven Myler actually that'sAndrea.
(33:34):
Her phone died so she's on herhusband's phone.
Let's see Who else.
We got a few others Jack Idon't know what Jack this is,
but hey, he's here.
Adrienne Harris she's here.
My boy's Sergeant AR.
So Infinite Improbability AI.
Oh yeah, william Bailey's inthe house, so he's here.
(33:58):
Caleb Kerkish thanks fordropping in.
Good to have you here.
One of these days I'm going tobe able to I don't know be able
to use YouTube freakingmonetization and get super chats
.
Then I won't even have to worryabout it.
People will just pay to havetheir comments show up.
James Giles I don't know how topronounce your last name, homie
, but he's in the house.
So yeah, seriously, i'm justscrolling through chat and
(34:21):
finding people that are here.
This thing is crazy right now.
Speaker 2 (34:26):
How many people are in there?
Speaker 1 (34:29):
What?
Oh my God?
He's just going to say look, iwant to call her Moana, and she
said she would kill me.
Misha, i asked.
So I was on the show.
I asked if I could call herMoana and she said no, i will
kill you.
Speaker 2 (34:42):
I totally thought that's what it was when I first
read it.
Okay.
And like like your, your brainjust goes there.
It's not on purpose.
Speaker 1 (34:51):
Dude, i did when she so.
She was on the show a few weeksback and I legitimately wanted
to call her Moana and she goes.
No, i was like dang it, allright, i'm just going to get it
right at some point.
I'm going to call her Moana, ifI said that right.
Probably not.
Either way, she's going to beback on May.
(35:12):
In May I got to send her to thelink.
She's coming back, she's goingto be back on the show and then
she can yell at me when Ibutcher her name.
Then, well, no, not a Disneyprincess, please.
All right, hold on, don't yellabout Disney princesses, because
, oh, who was the dang it?
I can't think of it now.
The red headed Scottish one?
(35:34):
or Irish Scottish?
Speaker 2 (35:36):
I should know that I have two little girls.
I should know this.
Speaker 1 (35:39):
I should know this, because I just said it's on a no
, that's frozen.
Um, as we're talking.
Speaker 2 (35:46):
You're the curly one, right.
Speaker 1 (35:49):
Curly red hair shoots a bow and arrow.
Um, she's the daughter of thevillage chief.
No, she marita, marita, yeah,yeah, and hey, look, that is
brave, that is marita, and sheis considered a Disney princess,
even though she is the daughterof the village chief.
So just going to say that she'smy favorite as of right now.
(36:10):
She is definitely my favorite.
Look at the chat for the answer.
You're weird.
I did call me Misha, dammit,don't do that to me, oh man, but
yeah.
So you know, when I look atthese things and I look at our
family and I do, i say it's ourfamily.
(36:31):
everybody who follows,subscribes everything.
And if you're not atcyberwarriorsstudioscom, if
you're not on, Buy Me a Coffeeor Buy March and Dice, that's
okay, i still love you becauseyou're in the chat and you're
sharing the videos.
You're here every week, sothat's what's important.
Um, i was talking about Moanawith the village chief, part.
(36:51):
Um, i, oh wait, i got two starthings.
Uh, what was the other question?
So we did this one.
Oh, here we go.
Misha does ask this a lot, doyou, or do you not tell people
seek out mentors in this field?
I ask this as a generalizedquestion, as I know someone like
me thrives with a teacher, butsome do not Bill.
(37:15):
What would you say?
Speaker 2 (37:17):
You know, this is kind of a tricky one for me,
because I've had people tell meto reach out to somebody and
find a mentor.
But, like for me it's, i have ahard time not self answering
the questions that I have, youknow.
So I guess, uh, if someonevolunteers, however that works,
(37:42):
um, you know, whatever I'm, i'mfor it, but, uh, but I, and it
might just be how I am, but I'vealways, you know, if I have a
question about something, i gofind the answer, you know.
And so, um, if, if and I wouldthink that anybody that is going
(38:07):
to mentor somebody also expectsthe, the mentee, to be able to
seek their answers.
You know, i, like I said, i'vebeen mechanical in a long time
and so I, you know the new guysthat come into the shop.
I spent a lot of time with themjust because of my knowledge
base and everything, and, um,the guys that succeed are the
(38:31):
ones that can find answers totheir questions, and you know
they, they go, they go get whatthey need right.
The guys that don't are, uh,it's because they want it done
for them and they don't reallytry or put the effort in, And so
for me, i, i would say, um, doall the work you can, and a
(38:57):
mentor will come when, when thetime is there, when you meet
that person, right, i don'tthink you should go out seeking,
uh, unless you know you'rereally stuck on something like
start asking questions, but thatin itself is seeking the answer
right.
(39:18):
Ask some people that you knoware involved in that and then
maybe from that you'll developthat mentor relationship.
Speaker 1 (39:27):
So I look at this in a few ways and I do have a
clarification of the question umthat she that she put up.
She did send something, um, butI want to answer this as it
stands before I put theclarification up.
Do you or do you not tellpeople seek out mentors in this
(39:50):
field?
I always tell people to seekout a mentor, with that the
caveat being you must do yourresearch first, because anytime
someone has ever come to me andasked me how can I break into
cybersecurity?
I want to be in cybersecurity,how do I get there?
how do I do this?
(40:11):
at the third, i always ask whatpart?
what do you want to do?
what intrigue?
I always have questions and ifyou cannot answer them, go find
the answer.
I will give you resources tofind the answer, but you need to
find the answer.
I can't mentor you until youknow what you want to do.
(40:32):
Cybersecurity is so broad, itis so vast that I can't give you
an answer.
I cannot.
Do you want to be TRC?
do you want to be a pen tester?
do you want to reverse engineermalware?
do you want to get an exploitdevelopment?
do you want to be in a sock?
do you want to be a simengineer?
do you want to be?
you know all these differentthings, and it goes on.
(40:54):
You want to be in threat intel,threat analysts, like what do
you want to do?
and so that is where the issuelies.
So, yes, as someone that peoplehave come to on many of
occasions of how do I get tothis, i always say do your
research first, let me know whatpart, then I can help you and
(41:16):
guide you.
Then it gives me a little bitmore background.
And the other question withthat is what is your current
background?
you have any IT experience atall?
because if not, i'm gonna tellyou to go get, go research IT
and learn IT first.
Learn the foundations oftechnology and of operating
systems before you try to getinto cybersecurity, because I
(41:40):
want, i want you to have thosefoundations.
I don't need you to work thejob, i don't need you to work
help desk her in it be great,but I don't need you to.
You can get into this fieldwithout that experience, but if
you do not understand operatingsystems, if you do not
understand networking, if you donot understand system
administration and activedirectory in some way shape or
(42:01):
form, it's gonna be a detrimentto your education going forward.
That's the biggest thing.
So I always refer people tolike KevTech IT support, because
that man puts out videos uponvideos about building labs,
building active directory, doingall these different things that
will help you gain that initialknowledge to then take into
(42:24):
cybersecurity.
You don't have to work in thefield of IT, you just have to
have the knowledge of somebodythat has, and not even all of it
, just enough to understand thebasics.
So for me that's the biggestthing and I want you have that.
We could talk.
But I do have a clarifyingquestion from Misha, because you
(42:45):
know she's full of questionstonight I love her more of.
Do you think mentors lead someon the right way or just into
the path they're already on?
Speaker 2 (42:58):
I think it depends on the mentor.
And is the the mentor eligibleor knowledgeable enough to be a
mentor?
and and give you the the nudgethat you need not so much tell
you what path to take.
(43:18):
I get you know.
Does that make sense?
Speaker 1 (43:20):
some of your mentors, some of the people you reach
out to that are proclaimedexperts.
I I hate that term, but peoplereach out to them and then what
happens is one of two thingsthey will allow you to continue
down your path and just guideyou, whatever.
They won't ever ask clarifyingquestions, they won't really try
(43:42):
to figure out what your passionis, what your drive is or
anything else like that.
There's gonna allow you to keepgoing and they're gonna tell
you how to pass thecertification, how to pass the
test, how to pass the interview,without ever understanding what
you're truly trying to do.
And Misha knows this about meand so many others know this
(44:03):
about me I don't care whatyou're trying to do.
I want to know what you'repassionate about.
I want to know where you'regonna find value, because if
you're not passionate about it,especially in this industry,
then it's gonna be very, veryhard to continue to succeed.
You may get that initial job,but eventually you're not gonna
(44:27):
be willing to continue theresearch, which is gonna make it
very hard.
So me, i look at mentors withone of two ways either they're
not gonna help and they're goingonly gonna help people that
already know what the hellthey're doing and they're just
trying to get advice on oneproject or another.
So it's three ways.
They're gonna help, but not inthe way you would like.
(44:48):
They're just gonna allow you tocontinue down your path and
kind of go that way, or they'llbe like myself.
Jj Davies, so many others outthere Phillip Wiley, carolina
Teresa, alyssa Miller I canthere's a slew of people connect
with me I'll hook you up withthem, jacks that there's too
(45:10):
many, i can't even name them allthat will actually look at what
you want to learn, what youwant to know, and guide you the
right way.
A lot of people have beenreaching out to Moana while
recently and she is extremelyhappy about that and ecstatic
ever since she went on the show,people have been reaching out
to her, but that's because we'regonna get her big and popular.
(45:31):
She can get hired in a betterjob.
She needs a better job.
But you know, it's all aboutfinding out what people really
want to do and where theirpassion lies.
That is what a true mentor does, and for me, i'm all about
passion.
I'm all about finding what youlove.
That's where the importance is,because if you don't love it,
(45:53):
it's gonna be so much harder tolearn it.
Adriana, you're right, she isdope.
Let's see so much stuff.
Oh, my goodness, chad is onfire.
I love you all, all my words.
Speaker 2 (46:08):
I love you all.
Speaker 1 (46:10):
So let me take that one off.
Ooh, bill, i know you're notnecessarily in the real world
yet of cyber security, but Iwill let you answer your current
feeling on this.
How true do you feel CTF wouldcompare to the real world?
Speaker 2 (46:29):
real world, i hate you know what, any time that you
have a sample of something likea CTF is a sample of a company,
(46:50):
of a box.
The emotions, the, the pressure,all that stuff is different
than the real world.
You know, it's good practice,but when, when you're actually
doing things in the real world,i mean, you know, i guess I try
(47:10):
to apply to some degree whatI've learned to the things that
I do on a daily basis in mycurrent job and I can't tell you
how many times that I'm likestumped, or, you know, like,
like I said, i've been learningPython and then you know you do
these things.
(47:31):
That on on, the differenttutorials and pages of some of
them are really good, but thenyou've got to go out and find an
actual challenge to do and andit's different when you do it,
when you actually have to codesomething, or when you go from
doing a CTF to being on the joblike it's, it's gonna be
(47:53):
different.
It's practice.
You get the concepts, but I'mnothing beats real-world
experience, right so I'm gonnasay it like this CTFs are
fantastic.
Speaker 1 (48:13):
Ctfs teach you what to find, not necessarily how to
find it.
And the reason I say that isthis when you go to a CTF,
you're given a question or yousee an initial problem and your
scope is very limited, limitedto one machine, and through
scans and this at the other, youcan kind of get a gist of what
(48:37):
to do.
You know what you're lookingfor.
In the real world.
You don't have that.
In the real world you'relooking at things and you have a
vast scope.
You have a vast things to lookat.
You have a variety of softwareprograms and you don't know
where to start, whether tosearch for this or search for
that or search for this.
However, here's the differencebetween the two Depending on the
(49:02):
CTF, you have time.
You can always find a way tospread that out and do the
research and figure it out In areal-world pen test, red team
exercise, just about anything.
You have a week to find whatyou can and a week or two to
(49:26):
write the report.
Generally Sometimes they golonger, but generally It's a
week and then a week or two towrite the report, whereas with a
CTF especially something thatis not like a sans net wars or
something where you're at aconference and you have 20, you
know however many hours you have.
(49:47):
As long as you want.
If you're doing hack the box,try hack me, whatever.
Actually, angie just said itand I'm gonna put this up here.
This is what I will say.
Ctfs give you the ability tolearn the tools that you will
use in the pen test, and notalways, nor necessarily in a red
team engagement.
They come in handy during pentesting Your meta-sploits, your
(50:10):
sequel maps, your end maps, yourlet's just send every noisy
freaking tool we have at the boxto see what we find.
That is where CTFs come inhandy.
That truly is.
It is the best way to practiceyour skills on any tool is go
into hack the box.
Go in to try hack me.
Go into your conferences andjoin their CTF challenges.
(50:34):
Do sans holiday hack challengeat the end of the year.
All these different ways youcan practice tools, learn
different things, do reverseengineering so many different
things you can learn.
Ctfs are great for that.
Real world will always takeprecedence.
So, because now you have noisemore noise than you will ever
have on a CTF, yeah, and youhave to be able to sift through
(50:58):
it all.
So nothing really beats thereal world example.
Let's see.
So we got a few questions.
Speaker 2 (51:07):
Yeah, they're coming in.
Speaker 1 (51:09):
I know right, so follow question read CTFing.
Would you say the same thingabout building home labs using
VMs?
No, all right, i'm gonna putthat out there.
I said no, but, bill, you cango ahead.
Speaker 2 (51:23):
The nice thing about a home lab VMs is you get the
experience putting that together, troubleshooting that, whereas
you know, like the online stuff,that's kind of already done for
you.
you know, sometimes you runinto an issue that has nothing
to do with the actual CTF andyou might get to troubleshoot
(51:47):
that, or it might be somethingon hack the box try hack me,
whatever their end of things.
But when you're building a homelab and you know setting up VMs
to attack and stuff you'rethere's a lot of, a lot more
learning that goes on there forthe basics that you need.
(52:08):
you know Troubleshooting is askill that, like that's
irreplaceable.
I don't care where you are,what industry you're in.
So, yeah, i would say there's alot more value in the home labs
, at least as far as I've found.
Speaker 1 (52:25):
So I will say this If you have the capability and the
capacity and the hardware toset up a home lab, those basics
come in handy because you'regonna learn how to network.
You're gonna learn how to dodifferent things to get your
virtual machines to talk, to geteverything to work together.
Now there are scripts out therethat will do it automatically
(52:46):
for you through Virtual Walks.
There's things called likedetection lab and a few others
that'll do it and set it all upfor you and build the subnets
and all that other fun stuff.
Yeah, that's great.
If you just want to set it upand go for it, however, again,
then you lack the experience ofsetting it up yourself, creating
the accounts, generatingtraffic and doing all this on
(53:08):
your own.
If you were going for, like ablue team type exercise,
anything, anything you can getthat will generate fake traffic
is perfect, because you want tosee those events, you want to
see those logs, you want to seeall that information.
But if you're kind of doingpurple team or red team, you
(53:28):
need to set it up yourselfbecause you need to see what's
there.
I will say do not use somethinglike a Metasploitable 2 unless
you're a beginner.
If you're a beginner, it'sgreat because you're going to
have a lot of noise, you'regoing to have a lot of things
that you can like, takeadvantage of and a lot of
different avenues to attack sameas Juicebox and all these other
(53:51):
things that give you testingenvironments.
If you are more, if you're, ifyou're past that beginner phase
of attacking something, set upyour own VMs, install software,
open up random ports, see whatyou can do, install things that
like SSH servers, intelnetservers and FTP servers and just
(54:14):
see if it's exploitable.
Just see if you can findsomething.
Because if you set up multiplepoints of software and if you
install something with anunquoted service path, if you
put in a weak password, if youset up a web server, start doing
all these different things at abasic level.
I'm not telling you, do it andlike build a whole company out
(54:35):
of it, literally one by one,basic level stuff of all.
Right, i'm gonna take thissoftware that is about a year
old, don't do any research on ityet, don't look for the
exploits.
Again, we're talking about whatnot to do.
Don't look for anything yet.
Literally, find software thatis six months to a year old and
install it on your servers inyour endpoints.
Then take web servers, installthat, create accounts, put stuff
(54:59):
in the description likepasswords.
I've seen passwords in thedescription of Active Directory,
legitimate passwords of oh,initial password is getBent123.
And so those are there andit'll say needs changed.
Do these things and then takethat and use it to your
(55:21):
advantage.
You learn how to connectthrough LDAP and download all
the descriptions, like all theusers, and you're like oh, this
username has this description.
Let me log in and do this.
All of a sudden, now you'relogged in through Evil WinRM,
because somebody left WinRM openon this server or on this
computer.
And now I can do all thisthrough a user account, a valid
(55:45):
account.
And now with that, now you'relearning to attack your,
generating logs on your own,install security on you, tie it
to your network and now you'regonna see blue team traffic.
Now you're gonna see events,alerts and everything else.
All this is free.
(56:05):
It doesn't cost you a dime,because you can download just
about any instance of server anduse it for free for 30 days.
You can download Ubuntu server.
Use it for free forever.
You can download CentOS or RedHat Linux.
Use it for free for a while.
So many different serverplatforms out there.
Give you a trial.
Speaker 2 (56:26):
Yeah, i've got it.
I've got an old Windowscomputer that I will go find
whatever malware I can find andrun it on it and the poor thing,
it's tired of it.
Speaker 1 (56:45):
So this is what we're gonna do.
Let me whoa, i got rid ofsomething.
I did something here.
What did I do?
All right, there we go.
I am gonna let you give, i'mgonna let you talk for as long
as you want and I'm gonna letyou give final words what not to
do, what you've learned in yourjourney so far, give any advice
you can, and we're gonna runwith it because, let's be
(57:08):
completely honest, this show isall about you.
This is your journey, your path, what you have found not to do
in your journey, and I feel likeI've been talking too much.
So I'm gonna let you talk alittle bit and you know I'll
join you here back wheneverwe're about to sign off.
Speaker 2 (57:27):
Yeah, you know, there was a point where I, we were
moving, but I kind of I stoppedwith cyber for a little while,
several months, and you know Iregret it, like that was so much
time that I could have, couldhave been learning and doing
(57:48):
things, and for me it's likeit's don't give up, find a way
to make it work, even even if,like, you're just reading a book
for a little while.
I mean, there's so much freestuff out there.
It's, you know, it's.
It's definitely one of the onlyindustries that that I've seen,
(58:15):
where just about every piece oftechnology, every skill that
you need, you can find a way tolearn it for free and and like I
was telling Derek before thestream, you know a lot of other
(58:35):
industries.
There isn't a supportiveLinkedIn community.
There isn't Cyber WarriorStudios and the family here, and
so you know, don't give up,keep going.
Speaker 1 (58:52):
Man, i thought you'd have more than that, but we'll
go.
No, it's all good, man, becauseyou are.
you're still breaking into thefield and that's very important.
right, when you're looking atthis industry, when you're
looking at the networks in thecommunities you connect to, so
many people I have seen isolatethemselves and kind of be like,
oh, i can only be part of thissubset of the community or this
(59:14):
subset or this subset or whathave you, when the reality of it
is, yeah, and unless you'refinding an elitist prick which
don't get me wrong, they're outthere.
I talk about them all the timethat is throwing you.
oh, you don't belong becauseyou don't.
you don't have thiscertification, or you don't know
programming, or you don't knowthis, that.
and the third Fuck them, getrid of them.
You don't need to deal withthose people Here.
(59:35):
It's all about the effort youput in and that is very valid,
and Andy even says it here.
don't be so hard on yourself.
for one number one, take careof yourself first.
I yell at my team now that ifthey take a PTO day, or if
they're taking PTO at all, idon't wanna see them log in to
(59:55):
work at all.
You're gone.
I don't wanna see you.
I don't wanna hear from you.
you're on PTO, so unless it'san emergency, telling me you
gotta take another few daysbecause you're at the ER or
whatever's going on, i don'twanna hear from you.
Be with your family, be withyourself.
whatever you have deuces,you're out, you come first
mentally, physically andeverything else.
(01:00:17):
So with that, i always look atthings in such a way that we
have to really come together asa community And you can bring
communities together, and forthat you need voices of reason,
(01:00:39):
you need people that can breakit down and be like look, we all
belong here.
I've got my warriors And Iallow my warriors to do the
talking for me on a lot ofoccasions because, guess what,
we all belong here.
So what not to do?
don't ever discount yourselfbased on any physical attribute,
because what truly matters andif you are following me on
(01:01:04):
YouTube and TikTok andeverything else, you would have
seen this video What matters iswhat's inside your heart, your
passion, your drive, your soul,everything That's what matters.
Nothing in society, nothing incybersecurity, nothing, ever,
ever matters except for what isinside here.
That is what is vital If we aregoing to sit here and look at
(01:01:26):
the exterior features and belike, oh, because I look like
this or act like this, orda-da-da-da-da, and count
ourselves out.
Look first me and you are gonnahave a talk, and then I'm gonna
send you to some other peoplethat are gonna have a talk with
you and eventually you're gonnaget around to fuck it.
I belong here, this is me, thisis who I am and I'm proud of it
.
That's all you need to do.
(01:01:48):
But when you start discountingyourself based on the physical
homie, a year from now my beardmay not look this good.
I may have a hell of a lot moregray in it.
My hair may start turning gray.
I don't know.
the physical will fade, butinside, here, never will never.
The passion is there, the driveis there, the love of my
(01:02:08):
warriors is there and thisfamily is consistently growing.
plain and simple.
Oh, bill, hang around backstage.
I'm gonna sign this off realquick.
All right, any more final words.
Anything else you wanna say?
Speaker 2 (01:02:22):
Uh, thank you for having me on.
I was definitely a littlestressed about being on YouTube
like live in front of the wholeworld, but it's actually been
really nice, so, so I'm here,for him here, to make it fun.
Yeah, yep.
Speaker 1 (01:02:41):
So here's the thing.
This is Cyber Warrior Studios.
I am the cyber warrior.
This is security happy hour,and before I sign off for the
night, i do wanna say this Ihave been running banners down
below all eveningCyberWarriorsStudioscom, all the
ways you can follow me onsocial media and all the ways
you can support the channel.
It is also in the descriptiondown below of YouTube, linkedin
(01:03:02):
also.
Actually, if you're watchingthis from LinkedIn, go ahead and
check it out.
You're watching this fromFacebook?
go ahead and check it out.
Bill's LinkedIn page is downbelow in the description.
Please make sure you connectwith Bill, get ahold of him,
because we all need to cometogether as one.
We all need to guide each other.
The more we can see, the moreinformation we can put out there
, the better off we are.
(01:03:22):
If you are not connecting witheverybody, if you are not
connecting with the people inchat, if you're not connecting
with me or Bill or Andrea orAdrian or Misha or Jason or
anybody else, or James, any ofmy warriors, you're seriously
missing out, because this iswhat community is all about.
I will bring on every newcomerthat is just trying to break in,
(01:03:45):
because it is your voice thatis more important to mine
because, guess what, i'vealready been in the field for
many, many of the years.
I don't need to be doing this.
I do this for you.
Otherwise, look, i love you all.
This has been Security, happyHour, cyber Warrior Studios, and
I hope you all have a fantasticFriday's day and a fantastic
evening, and I will see you allnext time.
(01:04:06):
{\an2.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.