Celebrating Milestones and Navigating the Cybersecurity Industry: Personal Journeys and Practical Advice

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Welcome everybody.
We are back with anotheramazing episode of Security
Happy Hour.
I am the Cyber Warrior.
This is Cyber Warrior Studios,and you know how we do, so I
gotta be honest, this show isfor all of you.
Alright, this is my celebrationparty because of you, my
warriors, my family, so it'sgonna be an amazing episode.

(00:21):
A lot of things are planned asfar as it's Q&A, so I'm hoping
everybody came with questions.
We've also got a lot of gueststhat are gonna be coming in and
out, so enjoy and, withoutfurther ado, give me about 10
seconds and we'll be right back.
And we're back, and now,because we are back, hold on

(00:53):
There.
It is the official sound ofSecurity Happy Hour kicking off,
and we are here, and so thefirst two to jump in this
evening are my buddy, my brother, griffin and Bill Eck, and I
did post the link in YouTube, soanybody on YouTube that wants
to jump into the stream, feelfree to jump on.
You're more than welcome tojoin us.
Otherwise, look, it's greathaving you guys here.

(01:15):
The reason for this episode iswe finally hit 4,000 subscribers
on YouTube.
Woohoo, woo.
First and foremost, though, iwant two things to happen.
I want any questions that youhave.
Post them in the comments, puta cue before them.
I'll save them.
We'll try to get them answeredas we go along.
We do have more people joiningus later on.

(01:36):
I know Misha is supposed to behere, so hopefully more can join
as well.
Now, bill, you and Griffin bothyou were here before me, so I
don't know who was here first,so we're just gonna start with
Bill, because he's too left.
Bill, since you've been on,have there been any major
changes to your situation, likewhat do you got going on

(01:59):
recently, and do you have anyquestions for anybody?

Speaker 2 (02:03):
No, you know, honestly, i've just kept
studying, like I've kept going,and I haven't.
Nothing major has changednecessarily.
I'm like three quarters of theway through, like the TriHack me
, what is it?
the Cyber Defense 101, there'stwo of them.

(02:26):
I'm through the first one, halfor three quarters of the way
through the first one, and Imean it's taking me forever, but
just keep on chugging along,you know, and that's what you
can really do right.

Speaker 1 (02:43):
It's a learning journey and everything is a
journey.
You know you make your ownchoices in life and you figure
out how you want to get.
You know where you want to getto, and not everybody is going
to go about it the same way.
So as long as you keep pushingand keep growing, that's what's
important.
So it's good to see that you'restill at it, though, because I
know a lot of people at acertain point they hit that
brick wall and they're like I'mdone, like I can't do it anymore

(03:06):
.
I'm done, and I hate to seethat.
So that's kind of the purposebehind this show and a lot of
the other content I do is tokeep you driven and keep you
moving forward.
So I'm glad to hear that you'restill going.
Grimfram, what about yourself,man?
what you got going on recently?

Speaker 4 (03:22):
Oh man, you know, just still doing the grind.
You know I still work full timeand then, you know, still study
here and there.
Same thing, you know, whateverit is, I find TriHack me
actually just took a greattraining session this week from
Anti-Siphon, So they had areally good.
John Stran had a great classthis week.

(03:42):
I also took another cloud classthey had back in March.
So, yeah, just keep findingstuff like that And I shared as
much as I can.
So you guys follow me onTwitter, I share it there, or
LinkedIn.

Speaker 1 (03:56):
So order the Discord server cyber warrior studios.
Yeah, I'm working on that too.
I'm a free robots.

Speaker 4 (04:02):
Man, i'm just going to start spamming that stuff.

Speaker 1 (04:05):
Yeah, there is someone that does it for, like
all the stuff they share onLinkedIn, they share a post on
there.
I forget who it is, but there'slike one or two people.
And then we got CyberSecDannythat does the same thing anytime
she puts out a video orwhatever.
I mean, everybody knows myserver is free to people promote
themselves, their content,training, you name it join the

(04:25):
server.
Everybody's putting somethingout.
So I love having anybody shareany of that knowledge, because
that's what it's about is givingpeople the opportunity to learn
and grow, and hopefully it'sfree and or very minimal cost,
just because I know that's astruggle A lot of people are
finding today is they can'tafford to go to college or they

(04:47):
can't afford to take a bootcampor something like that.
So the free training that, likeKevTech IT support puts out TCM
is always doing like a dollarpay, which key and that type of
stuff.
Black Hills InfoSec has a tonof stuff out there.
So any learning you can get,anywhere you can get it is very,
very important.

(05:07):
Before we go any further, though, i do want to say hello to all
of the warriors in chat.
Currently, we have hit 4000subscribers on YouTube, like I
said earlier, which is why we'rehere today Jack, amanda, james,
giles, giles I'm a probablybutcher his name, he's on
LinkedIn.
Carrie, adrienne she's going tokill me.

(05:29):
She's coming on next week.
So who knows Carrie?
James, natalie's here.
Natalie, welcome to the party,as always, and I think I hope I
got everybody.
But we do have a question.
Our initial question comes fromCarrie, and he tends.
He's always trying to findsomething that works and he's
shrugging a little bit.

(05:50):
John Good in the house.
John, we're celebrating 4000subscribers.
You are more than welcome tojoin.
Mary, hold up You know what?
We got more people jumping inhere.
Let's do this one more time.
There we go.
Anybody that wants to join,click the link that I just sent.
So we got Carrie.
I have been throwing stuffagain.
I'm going to see what sticks Ihave the A plus and have tried

(06:13):
to do freelance or computerrepair.
Why can't I find anything forwork?
I have my saying on that.
Bill Griffin, one of you wantto chime in first?

Speaker 2 (06:25):
I mean, you know it sounds like you're trying to
almost run a business andadvertising.
Get your name out there, talkto people, make up some kind of
a brand for yourself and startadvertising, because if people

(06:46):
don't know you're doing it,they're not going to use your
services.

Speaker 4 (06:53):
Yeah, yeah.
Even if you're trying to dosome consulting or trying to
contract stuff like that, ittakes a lot.
I mean, even somebody likemyself has been doing this for
over 10 years.
It still takes a long time Alot of applications, a long time

(07:14):
to find the right position oreven sometimes just to get a
response because they're gettingso overwhelmed with so many
applicants.
So sometimes you just got tokeep at it.
You got to keep applying andkeep trying and eventually
you'll find the right match.

Speaker 1 (07:32):
Yeah, definitely, and that's one of the biggest
things.
Right, a lot of people give upbecause they feel that
heartbreak and they don't knowhow to deal with all of the
rejection because it's going tocontinuously happen.
One of the things about it isyou have to be able to fight
through that And, kerry, i'mgoing to knock you out if you

(07:53):
keep talking like that.
So we're going to talk about ithere in a second.

Speaker 4 (07:58):
But it is.

Speaker 1 (07:59):
It's a fight and you have to continue to fight, and
so your network is very vital,and Kerry is one of the ones
that has a lot of branding thathe's been doing.
He's been promoting his trainingand things he's been doing and
stuff like that.
So it's just going to take time.

(08:20):
And, kerry, i love you man.
You've been doing a lot ofamazing things.
You just got to keep at it.
You cannot quit Now.
If you're just looking for ajob, that way you can get to IT
eventually or cybersecurity and,yeah, go work it.
You know Best Buy or Geek Squador whatever, until you can get
your foot in the door somewhereand you're still collecting a

(08:42):
paycheck.
But if you're literally able tosurvive without a job and can
keep training and keep growingyour network and keep branding,
then that'll carry you further.
And so it really comes down towhere you're at financially and
what you need to do.
I know for myself when Iretired out of the Army even

(09:03):
before I went active duty, iwanted to start a business and I
had been trying.
I realized two things.
One, i suck at cold callsbecause I refuse to do it.

Speaker 4 (09:13):
I hate that.

Speaker 1 (09:14):
And two, i'm not really as much as I can do sales
.
I did it for a good portionuntil I went into the military.
I don't like it, i don't liketrying to sell someone something
.
You know, i like motivatingpeople, i like talking to others
, i like developing a rapportand just communication and that

(09:38):
almost friendship between people.
And so, yeah, me personally asa salesperson I couldn't do it,
not for my own business, becausethen I feel bad.
If, like, i'm hurting a friend,i'm like, oh yeah, it's going
to cost you 10 grand.
And at the same time I'm like,is it really going to cost them
that?
Like, should I really becharging that?
So, yeah, it's just.

(09:58):
I was horrible at it, like evencomputer repair.
Like when I did that it waslike, oh, $25 and I'll replace
your hard drive.
Sure, you just buy the harddrive, i'll replace it for $25.

Speaker 2 (10:11):
Like I used to do that type of thing.

Speaker 1 (10:13):
So it's difficult.
But yeah, kerry, i would getinto a job and then keep working
to get to where you want to be.
And I'm going to hide thiscomment now, or this question,
because I do want to touch onsomething that I think we suffer
from immensely here in the US,and that is when you're out of

(10:33):
work.
You will continuously apply toother places to try to get into
that same field or that sameposition or a higher position,
and then you'll go broke becauseyou refuse to work a job that
you feel is beneath you.
So guess what, if you've got toput food on the table, if
you've got to keep a roof overyour head, work whatever job you

(10:55):
can find, look, i'm all for you, keep pushing, you keep driving
, you keep going.
But if you don't have a job,there are ways to make money
without being in your careerfield.
There are ways to work that'llbring in funding so that you can
keep a roof over your head.
So here in cybersecurity, youwant to do cyber.

(11:17):
That's great, i'm all for it.
Let's keep up the drive, thedetermination, the passion.
But you might.
If you're not getting your footin the door and you've really
got bills to pay.
You might want to go worksomewhere else, and still you
can get your foot in the doorAnd you're just gonna have to
grind and it's gonna suck andyour mental health is gonna
suffer.
Don't get me wrong to burn outis real, but until you get to

(11:38):
where you want to be, whereit'll make you happy, you're
gonna have to push through.
You really are, yes, especially.

Speaker 4 (11:45):
Yeah, especially when you're starting out, you got,
you really got to take, i hateto say, but you got to take what
you can get.
You know, i, when I, when I wasgoing to school, when I first
got out of the military, i wentback to school and And you know,
i literally took contract jobsthat were like hey, you're gonna
move these computers around andthese deaths around for Yelp,
and I was like what that's?

(12:05):
that's stupid.
Okay, whatever, want me to movecomputers around the same
building?
okay, whatever, it's stupidcrap like that.
Like, just Sometimes you justgot to take whatever you can get
.
I, you know.
Then I took an analyst job.
You know you just got to takewhatever you can get and you
keep applying and then you knoweventually that That opening

(12:27):
will come.
You know you'll get into aknock or whatever you're trying
to get into, and you know Youjust got to keep pushing.
But yeah, i mean, the averageis six months, the average six
months and.
Sometimes it's longer.

Speaker 1 (12:42):
Yeah, definitely.
And on that note, you know,when I retired out of the army
and I'll just be honest Iretired with like four sand
certifications my CCNA, ccna,cyber ops, my CCNA.
I have more letters after myname than a lot of people do and
yet it still took me Six toeight months to find a job in
security.
And you want to know what myoriginal starting salary was?

(13:03):
$60,000 a year, it's like 62$62,000.
So for all these peoplebreaking into cyber security
that are like, oh yeah, i'mgonna make six figures homie,
better humble yourself andrealize you might have to start
out at the bottom.
There's gonna be nothing.
Even my second job only startedme at 90 something.
So I did not break six figuresfor a few years after retiring

(13:29):
and having certifications andTook it.
I even had my sister jobs, yeah,yeah so you have to humble
yourself and And and reallyunderstand that it's gonna take
a while, but before we keepgoing, i do want to welcome hold
on.
It says Misha and Christine.
What's going on, friends?
how you doing?

(13:49):
you're muted, you're muted.

Speaker 5 (13:54):
Sorry, I'm.
The dogs are barking so we'rehiding outside, but they're
trying to get.
We're keeping you to geteveryone's now.

Speaker 1 (14:03):
Yeah, so how are y'all doing today?
Okay, so who's Christine?
We've never met Christine here.

Speaker 5 (14:13):
So Christine, my friend, i've been friends with
her since I was like two yearsold.
Yeah, i used to babysit.

Speaker 3 (14:18):
Michelle.

Speaker 1 (14:20):
Oh jeez, oh, i'm sorry, i'm sorry, we're both
working on the same thing, Sorrygo ahead.

Speaker 3 (14:30):
I was gonna say we're both working on the same.

Speaker 1 (14:34):
Track bachelor's degree Okay.

Speaker 4 (14:38):
Okay.

Speaker 1 (14:38):
Awesome, misha.
By the way, i love your hair.
That is awesome.

Speaker 5 (14:44):
The camera at like 20 pounds.
So I'm just gonna like.

Speaker 1 (14:50):
We need to admire the green hair.
I'm just saying you got to stayin frame.
Yes, that is Misha.
Misha, sacred goddess, becauseI still can't pronounce your
name until you come on in liketwo weeks.
She's gonna rip me a new one.
So Christine is someone of thisone, for the same degree as

(15:11):
Misha.
Yeah, what struggles have youfound, just learning the
industry and learning the field?

Speaker 3 (15:18):
I Kind of feel like I don't know anything.
you know, even Even though I'min my second year, i still feel
like I I'm a total newbie toeverything.

Speaker 1 (15:31):
Yeah.

Speaker 3 (15:33):
Because there's just so much information that they
cover so quickly.
And then I feel like, you know,in IT It's so vast that I feel
like I have to know everything,even though I know I know I
don't, so I'll start to getdistracted.
I'm like, oh, what's that shinything over there and start
learning that you know.
And I feel like, do I need tolearn all of the comp Tia books

(15:57):
and you know?

Speaker 4 (16:05):
Don't worry.

Speaker 3 (16:07):
You know, in my world .

Speaker 1 (16:08):
You can't even finish it.
If I can make it through likethree chapters of a cyber book,
I'm doing good for myself.

Speaker 2 (16:24):
I've got like half a dozen books that I can look and
it's like they're all between 23and 28% done.

Speaker 5 (16:31):
I.

Speaker 4 (16:40):
We're not gonna talk about my collection of digital
and physical books.

Speaker 1 (16:47):
Fiction I can read, like I will read, i get immersed
in it, like literally itconsumes my entire.
When you talk about hyper focus, you look at the Harry Potter
series, lord of the Rings, percyJackson, any Rick Ray Orton
book.
I give you a slew of like magicand fantasy books that have
consumed my entire existence.
But you give me learning books.

(17:10):
They always throw out a newtopic where I'm like oh shiny, i
want to learn this.

Speaker 3 (17:19):
You know, and I'm right now taking a Python class,
but I learned C a while back,so this class I'm just kind of
like, oh, this isn't reallydeveloping.

Speaker 4 (17:34):
So much better learn Python.

Speaker 1 (17:38):
Python is English friendly.
Yeah, it is not programming.
Well, i say it's programming.
It's not programming friendlyif you learn like CC plus, plus
and your other object orientedlanguages earlier, because then
you're confused.
Yeah, it's like writing amillion lines of code and see,
you can write the exact samething in about ten lines in

(18:01):
Python.

Speaker 4 (18:02):
Yeah, It's so much friendlier, yeah.

Speaker 3 (18:07):
Yeah, which which I appreciate, because then a lot
of what I'll be doing is readingother people's code.
So it you know we'll be a loteasier and faster and well,
isn't that what everybody does?

Speaker 1 (18:19):
we just deal code, we don't.
We don't write our own backover.
Flow for the win, or these days, crew go to chat GPT.

Speaker 4 (18:28):
Yes, I'm going away.

Speaker 1 (18:30):
Hey, can we a Python script that will do this?
That all right, cool, yeah, butthen remember you gotta make
put your comments in, because ifyou don't comment your code I
want to flap you.
I have, literally will pick up,no comments going.
What are you doing?
I don't even know what you'retrying to do here.
Yeah, and then you actually gotto clean it up because a lot of

(18:51):
times they don't give you themost efficient, but that's that
overflow.
Also, they don't always Giveyou the same.

Speaker 3 (18:57):
When I learned, see I , and then look at it weeks
later and have no idea what Iwas looking at if I didn't put
comments.

Speaker 4 (19:04):
Yeah, yeah, sometimes the comments are for yourself,
Yeah.

Speaker 1 (19:08):
I've done that hold up.
I have.
I have a GitHub repo out thereto this day.
That it was.
I was building a GUI for KaliLinux, and By that I mean I
wanted everything in one click,point.
What in the IP address?
it would do anything.
You told it to.
You didn't have to know anycommands, you didn't have to

(19:30):
know any switches, just tell you.
Tell it what you wanted to doand it would do it.
And I've started it.
I got the GUI built semi the wayI wanted, and then I like
stepped away from it.
And I did, i commented my code.
But then I went back to it andread my own comments and was
like Still don't understand whatthat?
Like had I finished it it wouldhave been golden, but I didn't

(19:55):
finish it.
So, literally, looking at it,i'm going, hey, it's Python,
like 2.7.
Maybe 2.6 when I started it.
And I'm like none of us willwork now.
What does this do?
There's promise to tell youwhat it's supposed to do, but I

(20:16):
don't know how to fix thecommands to Make it do what I
want.

Speaker 2 (20:21):
I take notes, like when I'm doing my security plus
Udemy class.
Yeah, i'll go back to like acouple days later and I'm like

(20:44):
Got the idea because the notesaren't gonna help.

Speaker 3 (20:48):
I hand write everything like that's how I
women is just writing stuff out.
So Well, well it's a good.

Speaker 1 (20:57):
It is.
You learn by writing, and sofor everybody that types And I'm
guilty of it I will type notes.
I will go open up one note orcherry tree when I was doing
like my OSCP and stuff and typethings out.
But I didn't necessarily learnthat way and, and what I find is
, in school I always learnedbecause I was forced to write.

(21:18):
You see, unlike kids of todayMe and I'm sure everybody here
growing up You didn't have acomputer, a phone, a tablet or
anything.
You literally were writing shitdown, going okay, so X plus Y
equals this, and We're gonnawrite it all down and figure it
all out.
And so it helped reinforce it.

(21:39):
Now with ground books and iPadsand phones and everything else,
it's brutal.
Oh Oh, someone else came tojoin the party.
Brad, brad proctor is in thehouse.
Let's change your background alittle bit.
There we go.

(21:59):
Now we have the logo up there,since you know I got enough
people here that it'll actuallysplit the screen wide enough.
Oh Man, but yeah, so it's crazywriting stuff down.
And then what you do is youhave to teach it.
That is the final step in thelearning process is to teach it,

(22:20):
because if all you do is writeit down and take some notes or
whatever.
You kind of miss out.
But if you teach it, then Nowyou're reinforcing the idea and
you're learning more, becausesometimes when you teach it, you
learn more than What youoriginally understood.
And me shine really gettingtired of you hiding yourself,

(22:42):
dammit.
You better put yourself on, can.
Everybody's asking for yourgreen hair and Mohawk and
amazing self to be on.

Speaker 5 (22:50):
It takes a lot for me to be in front of the camera
because, i mean, i've said it inthe chat But like I am in the
process of you know, like losingweight and I know.
We've had conversations TryingSo everybody.

Speaker 1 (23:04):
Keep showing up every so often.
He got you.
You've been on.

Speaker 6 (23:11):
It's almost been a year actually.
Been good, been good 4K.

Speaker 1 (23:19):
Dude, it took me a while.
I'm trying to get the 5,000before October 1st.
So that means I need all of mywarriors to start sharing shit
and letting people know where tofind us, because that's what it
takes.
Honestly, i can only do so much.
I'm not as good looking as somepeople, so I need others to be

(23:39):
like oh yeah, you actually wantto listen to him.
You don't have to look at him,you just want to listen.
Like I really need that love.
But hey, i'm trying to hit5,000 before October 1st, so
hitting 4,000 a day.
I was on my way back from NewJersey because I was at an

(23:59):
Italian conference in New Yorkyesterday.
So I was on my way back fromNew Jersey and I was like,
pulled up YouTube studio and itwas like 4,001 and I was like,
oh, we doing something big today, let's go.

Speaker 2 (24:14):
When do you get a plaque?
Like when does YouTube send youa?

Speaker 1 (24:20):
You know you should send your beard out to do all
the hard work for you.
Look, my wife made me cut itdown.
I mean it's like short for me.
I'm not happy with it.
She got mad at me.
She's like you really need totrim that.
And so I go talk to the stylistand she was like how about an
inch off?
I didn't realize how big aninch was.

(24:40):
It was too big.
Oh, you know, Nope too much onAnd my beard an inch is a lot,
No no, you could have your beardoff.

Speaker 4 (24:51):
That's not cool.

Speaker 1 (24:52):
That's about what it was.
That's about what it was.
Looney Tunes, you better sparesome damn time.
I know who you are Me and yougonna be fighting.
So, brad, what's you been up to, man, what's work got you going
on, and things like that.

Speaker 6 (25:11):
It's been fun doing a lot of maritime work of recent
Oh yeah, and so maritimecybersecurity, it's a completely
different world.

Speaker 1 (25:23):
I believe it Maritime's a little wild.
Oh, here we go, james, put inhere.
I broke down and brought outthe sticky notes pen and started
making notes in the HuntingCyber Criminals book on OSINT.
It does help.
So, brad, we've been talkingabout written notes and writing

(25:46):
things down.
Do you prefer writing thingsdown or do you take the IT cyber
way, like I tend to do, eventhough it doesn't work, and type
up notes and things that aregoing on?

Speaker 6 (25:56):
If I were to write it down, i can't read it, so I
type it because then I can readit.

Speaker 3 (26:01):
Oh man.

Speaker 6 (26:06):
So no, I do not write it down.

Speaker 1 (26:09):
Dude, i can read my own writing, but that's because
I write in all caps, like lowercaps, little caps, but all caps,
like my writing is legitimatelyall capital letters.
And so it's funny when peopleare like, oh, you gotta write
this, or they're like, hey, yougotta use cursive, and I'm like,
mm, i can do cursive, but it'sgonna take me about 30 times

(26:32):
longer than just writing it outin capital letters and just
making it flow for me.

Speaker 2 (26:37):
My job is cursive right now And I'm like hold on,
i gotta Google this and figureout what to.
yeah, it's when she's trying togive me to spell some big word
for her.
it's all bad, it gets Googled.

Speaker 1 (26:54):
It is Dude, i've Googled math.
I love math.
I know numbers very well.
Most people I won't say allpeople, but most people in IT
and cyber are really good atmath.
And it had been years since Itouched algebra and my son came
to me and was like hey, how do Ifind the slope or this at the
third of this?
And I was like to the Google.

Speaker 5 (27:17):
I love math until my nephew was asking me how to do
something And I was like 10 plus10 is 20.
But you just add it.
I was like no, you have to dothis, we have to go this way.
I'm like this isn't mathanymore.
Like right, it's the mostconfusing thing I've seen in a
long time.
The way that you do math.

Speaker 1 (27:36):
But I feel that way about programming languages.
I do.
I feel that way aboutprogramming, about cyber, Like
there are certain things thatpeople will do and companies
will do And I'll be like youknow, it was so much simpler to
just do it this way.
And they're like oh yeah, butyou do this and then you use
this red jacks code and then youdo this and then you do that,

(27:57):
And then it gets to here andyou're like I don't get it,
How'd you get that?

Speaker 5 (28:06):
That's the problem that I think we're both having
is, she knows a little bit moreabout programming, but I don't
know anything about programming.
And just going through mycourses right now like my next
course that I go through isnetworking, i think And they
just sort of throw you in, Yeah,and I don't understand any of
this.
And then you go down the rabbithole and that's where I start

(28:27):
getting overwhelmed, like whatdo I need to do to just not
overwhelm myself and not get toofar off the topic that I'm
learning at the time?
But then what am I gonna needin the future?
So I'm not like steppingbackwards either.

Speaker 3 (28:43):
How much of it is actually relevant to the work
we'll be doing.
You know just this enormousamount of information that
you're like wait, i rememberedprotocol 4443.

Speaker 1 (28:57):
Yeah, got it.
So all right.
Once again, if you havequestions, please put them in
chat, put a cue before them sothat I can actually recognize
questions and not just comments.
But it was funny because Johnput up here as we're talking and
we did mention chat GPT earlier.
Who needs the program anymoreIf you have the correct

(29:18):
information and chat GPT willsolve all the problems, which is
actually pretty hilariousbecause there's a lot of issues
with chat GPT that people don'trealize.
Mainly, it does store yourinformation.
If you give it the rightquestion, it'll actually spit
back everything it has on you,which is interesting.

Speaker 2 (29:43):
If you ask it like are you Skynet?
I mean, it responds amazinglyfast with no, when it's, like
you know, back to the back ofyour banner, it's responding
with that, which is hilarious.

Speaker 1 (30:01):
Oh yeah, brad, what about you?
What's your take?
We haven't had thisconversation on this show yet,
so, brad, as the newest one here, what is your take on chat GPT?

Speaker 6 (30:12):
So in my world so I live in the compliance world the
current data set is about twoyears behind Or it's behind.
So if you ask it any compliancequestions, a lot of times it's
off because it's out of date.
So one thing that I'vediscovered it can do is, if you

(30:32):
have information, you can tellit to summarize something for
you.
If you tell it to summarize, itkind of gets in a little bit of
a shorter format.
You can summarize give mebullet points, give me key
topics, right Dude, mundane workfor you, in other words.

Speaker 1 (30:48):
I think it'll lie.
My extent of using chat GPT wasI got tired of using Google and
went there and said give mesome Norse quotes that I can use
for motivation, and it gave mestanzas from the Hava Mall and a
few other things.
That was my extent of chat GPT.
But my buddy did a lot of otherdigging and that's how I found
out it actually stores yourinformation, even though it says

(31:10):
it doesn't.
Misha Christine, yes, what isyour feeling on chat GPT?
What have you noticed?
Have you played with it at all?
Have you logged in, used itAnything?

Speaker 3 (31:22):
like that I've never, used it No.

Speaker 5 (31:24):
I know of it, but I've never used it.
I've watched people use it, butit's never.
It's not something I need tolook at yet or even think about.
No, i'm actually very.
I am that person who is worriedto try something that I don't

(31:46):
know if it's, if it's like thetry hack me stuff that you sent
me, like I haven't even touchedit yet, because I am like I want
Misha.

Speaker 1 (31:58):
I was wondering why only one person used the code so
far.

Speaker 5 (32:02):
I can do it tonight, i just but it's the but I don't
know what any of it is.
So it's that concept in my headlike am I wasting my time
signing up for something anddoing something right now when I
don't know the information, orwill I learn from it?

Speaker 1 (32:18):
You will learn.
So I will say this, and firstI'll message John Goodch comment
chat.
Gpt is a learning computerenter Terminator.
He's not wrong.
Skynet's coming, don't get ittwisted.
But as far as try hack me, tryhack me.
And this is why I've givenothers that are brand new to the

(32:41):
field the codes as well.
I mean I'm glad a lot of brandnew people want them is because
it is meant for you to start atthe bare minimum of knowing
little to nothing.
Like you want Linux basics, ithas a whole core like courseware
that you can go through forLinux basics and it explains it

(33:02):
to you and you can go through it.
Actually one of the things Imight look at is over the wire
and see if they have any giftcodes or whatever for so that
actually I think it's all free.

Speaker 4 (33:16):
I don't know, i thought it was free Yeah.

Speaker 1 (33:19):
I know some of it's free off the look because if you
do over the wire, you literallylearn everything about Linux.
As far as basics go, bandit isthe one you want to do.
It takes some stuff Well, theyhave different ones but Bandit
will get you all the way upthrough, like SSH and a few
other things.
But yeah, try, hack me.
You pick your room, You want todo Linux basics.
There you are.

(33:39):
Literally every flag is aboutthe basics.

Speaker 5 (33:43):
Well, sorry they're trying to run behind us.
We'll see.
That's the thing Every Fridaywhen I'm watching everything,
like you should see thenotebooks that I have sitting in
the house, whether from peoplethat are on or what you guys
have thrown in the chat of likejust things to look at or things
that you guys have used, butagain, it's one of those.

(34:06):
There's so much stuff I it canbe a little But you guys talk
about it, but none of us I don'tthink that are in the beginning
stages would know what we areable to jump into and learn from
, and that's where it's hardly.

Speaker 2 (34:18):
I like it narrow And Googling it makes it feel
overwhelming.

Speaker 1 (34:23):
I don't disagree.
I got a friend right now She'sin the chat I'm not going to say
who she is Who's strugglingfrom the same thing, right, just
breaking in, doesn't understandthe acronyms, doesn't
understand what's being said,because even in some of these
basic courses don't throw outlike TCP IP, right.
Well, what the fuck is thatRight?
What the fuck is TCP IP?

(34:44):
And so that is where andNatalie said it Amanda, i was
not trying to call you out, damnit, but okay, it was a I love
her to death.
It is her, she's my sister, ilove her.
But Natalie said that's wherementors come in to help you.
And, yes, that is where someonelike myself Griffin, brad,

(35:07):
natalie, john Good and so manyothers will come to you.
Come to us and just ask usquestions.
What does this mean?
I have no problem answeringthose questions.
There are two reasons.
First, it means you've alreadydecided you're gonna dig in and
learn and you're asking for anexplanation.
I can give you that.

(35:28):
The second thing is you're notasking me how do I get into
cyber?
Like, if you ask me how to getinto cyber, i'm going to lose my
shit.
Nine, 10, 10, 10.

Speaker 6 (35:41):
Because it is a vast career field.

Speaker 1 (35:44):
you've not done your research yet, which means you're
already behind the eight ball,because research is the primary
focus of cyber security.
So that is why I say, if you'regonna come to me and ask me a
question about a topic or aboutan acronym or about, can you
explain this All day?
But if you ask me something asbroad as how do I get into cyber

(36:08):
, i'm like where?

Speaker 5 (36:13):
have you done your?

Speaker 1 (36:13):
research Any research .

Speaker 5 (36:15):
It's just password stronger than one, two, three,
four.

Speaker 1 (36:18):
Right.
Like just a hand Hey lookpassword one, two, three works
great Never.

Speaker 2 (36:30):
I think a better question would be like where to
start, because there is like youcould search cybersecurity on
Google or on YouTube And I meanyou're just gonna get a ton of
information And that's like So Ithink even that question is

(36:52):
loaded, though.

Speaker 5 (36:54):
Where do I start?
Because, if you like, i came inknowing that not what type of
thing I want to do like lastweek when I was asking about
like open source and offensiveversus defensive, et cetera, et
cetera.
But I know that I've worked inhealthcare for so long, so more
than likely I'm gonna stay inhealthcare, so it goes to that.

(37:16):
Do I wanna stick towards morelike ethical hacking and stay on
this side of things?
Do I wanna stick in more of theanalysis side of it?
So that's why I think it'sstill this where to start is a
little bit, because it's stillso much information.

Speaker 1 (37:35):
So this is where and this is where me and you need to
have a further conversation.
Me and you actually have tohave a talk, because where
Amanda looks out and she put itright here I don't want to
discover where she should begoing into the field because of
where she specializes and whatis she she is really good at.
So I was able to talk to herand be like, yeah, you should
really do this because I knewwhat she was doing.

(37:59):
I knew what she was good at andit just resonated with what we
do in this industry in a certainsect of red teaming.
And so for you, i think me andyou and even Christine or Bill,
need to have furtherconversations on what's gonna
resonate.
What are you doing now thatcould potentially lead to a

(38:21):
future career?
Because I think those that arejust getting started that's
where they struggle is theydon't know.
Because even if you know everyarea out there, you don't really
understand every area out there.
So trying to figure out whereto go is like let's start on

(38:43):
blind forward and just throw it.

Speaker 5 (38:45):
Well, like what you guys mentioned the past few
weeks too, is finding out whereto go.
But also finding out where togo when you are already in a
field, like I've been a pharmacytech for eight years now.
So it's one of those.
I can't afford to step awayfrom my career that I'm at, even
though I'm in a career changemode, and then I go and we are

(39:09):
actually just talking about itearlier, like I've got be proud
because I reached out tosomebody.
I reached out to acybersecurity manager at the
clinic to say, hey, can I justsit with you and get some
information about what it wouldtake to transfer from a pharmacy
technician just a basicposition in the clinic?
And it's one of those likecause, if nobody knows anything

(39:33):
and they don't have a job, maybeIT to help us just to get in
the door?
Well, i've already got thehealthcare experience, so where
can I move into to build ontothat?

Speaker 3 (39:44):
And that's where I'm stuck, yeah, and then also, once
I finished this degree, is thebachelor's degree enough on a
resume for somebody to give me achance?
You know what I mean.
Or should I be trying to getcertifications as well?

Speaker 1 (40:03):
So here in lies the problem, and Griffin can be,
brad can speak to this for sure,both of them.
Bill is still trying to breakin as well, so he's gonna.
I'll allow him to have hisinput as well.
But for me, i'm hiring a seniorperson.
Right now, at stratoscale,where I work currently, i'm a
practice manager.

(40:24):
I'm hiring a senior person AndI had an HR person come to me
and there was like three of themAnd they said okay, so what
should we be looking for?
And they said you know, degreecertifications, dah, dah, dah.
Now I know what I'm looking for.
I'm looking for someone with acertain set of experience And
unfortunately, at this point intime, it's with a certain

(40:46):
product And I was like look, ineed someone with this product
experience that can do this,because this is where we're
closing deals, this is where Igot business, so this is what
they need to have.
They said well, what aboutdegrees and certifications?
I said I don't give a name, idon't.
I'm at a senior level, at asenior level, which is what I'm

(41:07):
currently hiring for.
I don't care about your degreesand certifications, i care
about your experience, becauseyou can be certified in
something and never touch itagain.
Hello, i've got a gram and Ihaven't reversed engineered
malware and probably since I gotthe certification.
So the certification meansnothing to me.
What means something to me iswhat you've done recently, now

(41:28):
as a junior, as someone justbreaking into the field.
What a degree and orcertifications, or your LinkedIn
or your YouTube channel or yourblog show me is you're willing
to learn, you're willing to grow.
That is what matters to me.
So if you don't have a degree,if you don't have certifications
, you better have something elseout there that shows me you're

(41:49):
willing to do the work to getinto the field.
And certifications aren'teverything.
Let's be honest.
Most of them are memorized.
This shit answer some multipleguest questions and you got
certified.

Speaker 3 (42:01):
Right, it doesn't.
You know, like on the job, realworld experience is gonna teach
you a hell of a lot more thanany certification world.
But if you have had zeroexperience, you're trying to get
that job.

Speaker 1 (42:14):
Those, those paper gives you, gives you that
baseline knowledge of being ableto do it.
But I'll let, for starters,I'll let Brad chime in first.
Brad, we're gonna go solo withyou.
Go ahead, give your feedback,man, let people know what you
think about juniors and you knowhow they can kind of break into
the field.

Speaker 6 (42:33):
So one thing is I've hired several juniors on my team
And one of them in particular,very, very young Now.
He had the advantage ofstarting in cybersecurity in
high school and doing cyberpatriot And the one thing that
stuck out is his networking.

(42:55):
I don't mean technicalnetworking, I mean people.
His ability to talk to people,to understand, to empathize with
the individual they're talkingto is a huge skill on the soft
skill side that people ignore.
If you, if you have that and ifyou have every, all the other
parts where you're showing orwilling to learn, you're showing

(43:16):
enthusiasm, you're reaching outand asking for help, That goes
a very, very long way.
Now, certifications, they dohelp.
Again, it shows that you want,persevere to get something and
then you achieve it right.
Any organization you go to ifyou go to one security
operations center and you workthere, they're gonna teach you

(43:39):
their way.
If you go work for another one,they're gonna teach you their
way.
While it's somewhat similar,there's different processes in
each company, So you're going tolearn on the job.
So it's kind of a mix, but Iwould say continue to stick your
neck out there Like justgetting one things like this
getting yourself recognized,talk to people and ask questions

(44:00):
.

Speaker 3 (44:02):
Awesome.

Speaker 1 (44:04):
Yeah, definitely, i completely agree with that, and
I'll give my input as to whatyou said after I let Griffin go
for someone who has been in thefield for a while.
Please, my brother, go aheadand speak your piece.

Speaker 4 (44:17):
Yeah, i agree with that.
Sometimes there are a lot ofpeople that are doing that,
unfortunately, that are gettingthe degrees and don't have the
experience, and so sometimesit's a combination of the degree
plus experience.
Like we said, certificationscan help.
It's definitely not arequirement, especially for

(44:38):
junior roles.
Doing the extra mile we'll saythat We've talked about that
before right, doing the trihache's writing a blog post about
it proving that you're willingto get some experience outside
of just what your degree gaveyou, because, again, even a
degree is mostly theory in a lotof cases.

(45:00):
So can you show a little bit ofextra hands-on knowledge, some
more experience and whatnot thatyou can show is gonna give you
that advantage against otherapplicants.

Speaker 1 (45:12):
Yeah, most definitely .
I completely agree, and so thisis what I tell a lot of people
is networking is key And Amandais funny because she said
there's another dad to mysmallest social networking.
Amanda, you got a lot going foryou that you don't realize.
I mean, you have talked aboutit, so we're gonna continue to
build on your skill set andwe're gonna get you to where you
need to be.

(45:33):
But for me, networking hasalways been clutched.
It's how I've gotten a lot ofjobs.
That's what people don'trealize.
Everybody's like oh, i appliedto a million jobs.
Look, the first job I got outof the Army.
I got because I kept applyingand I had the certifications to
kind of get in the door and Iwas able to do the job.

(45:53):
I didn't like the job.
I didn't like what it had to dowith.
I had a bunch of issues Fromthe time I got to the job until
I got a new job.
I had been applying otherplaces Because of my networking
is why I got the second job,because whenever I got a call
from a recruiter was like hey,we got a company.

(46:16):
It wants to interview you forthis.
The director already says heknows you.
What's that name?
Or her?
name Like who's the director.
And they're like, oh, it'sso-and-so.
And I was like, all right, letme figure out how I know him.
And I looked him up and I waslike, oh yeah, i talked to him
for like six months, from six,like from the time I knew I was

(46:38):
retiring from the Army until Iretired me and him had been
talking.
And so I was like, all right,so I passed the interview first
interview, got the job And then,as I was there for a year and a
half think it was maybe yearand a half, two years he had hit
me up and was like, hey, i gota job for you, same director, i

(46:59):
got a job for you.
You wanna do it?
It's gonna pay you X amount ofdollars.
You're gonna be able to dooffensive security and
pentesting.
Is this what you want?
Bet, let's go.
Got that job.
Where I work now he is my bossonce again.
So networking is key becauseyou find these people and if you

(47:20):
put yourself out there and youwork for them, they will take
you everywhere they go, and ninetimes out of 10, because
they're higher than you, thatmeans they're getting paid more,
which means when they get intoa place, you're getting paid
more, because they're gonnabring you up to get paid with
your work.
They're not gonna bring you inat base level, they're not gonna
bring you in at the bottom, andso that's how you have to go

(47:41):
about it.
Networking, social networking,linkedin all this is key in your
career, and that's why that'swhy your brand is so important,
because had I not been doing ashow, had I not been doing so
much, i don't think I'd be whereI'm at today.
But people know me now becauseI put my name out there.

(48:03):
I don't hide like some peopleme show.

Speaker 2 (48:10):
Yeah, LinkedIn is a great resource.

Speaker 4 (48:12):
Utilize it.
It's free, i mean, utilize it.
There's people like David Meesethat I think at least weekly.
You know, say hey, comment onthis and, you know, connect to
all these other people.

Speaker 1 (48:23):
David Meese, chris Cochran, kevtech.
IT support all these peoplecomment on this and connect.
I do it every so often.
I'm really bad about theLinkedIn follow Friday type of
deal.
Normally I still stick to mymotivation, but yes, that is.

Speaker 2 (48:39):
I wake up on social Saturday and I'm like no, I'm
going to my bed.
Yeah.

Speaker 1 (48:46):
Dude, my Saturdays are my Saturdays.
I'm like, nah, you're lucky ifI post on a weekend.
On a weekend, i'm like eh, igot family.

Speaker 3 (48:55):
No, i'm good, you gotta have your time.

Speaker 1 (48:57):
Right.
So we do have a question hereand I want everybody to answer
it.
So we're going to start withBill and then we're going to go
around the horn.
Would you all recommend thingslike try hack me over Home Labs
or the other way around.
Bill, I'll let you start.

Speaker 2 (49:14):
D.
all of the above?
Yeah, i'd like try hack me likeit makes it easy because it's
already all set up, but then youknow Home Labs.
you learn a lot when you gottafigure out all the mistakes you
made set and dup, so they'reboth equally as good.

(49:35):
I mean, the more you do thebetter.

Speaker 1 (49:39):
Definitely.
What about you, me, SharonChristine?

Speaker 5 (49:43):
Well, I just learned what try hack me actually is
today.

Speaker 3 (49:46):
Yeah, I didn't realize that.
Try hack me started at such abasic level until today.

Speaker 1 (49:50):
They used to not Yeah really exciting Right.
Yep, they used to not do So.
they have expanded.
I love what hack the box does,but try hack me was first set of
game to be like we're going todo basics, we're going to do the
bare minimum and build our wayup.

Speaker 5 (50:07):
It definitely is something I see all over, like
the people that I follow andlike do everything a lot of try,
hack me, they push and theycomment about it a lot.

Speaker 1 (50:17):
So Yep, definitely worth it.
But I agree with home labs too.
That's why I pushed KevTech somuch, because he teaches people
how to build their home labs,how to build active directory
infrastructure, how to do allthese things, how to be in
support.
Because, let's be honest, toget into cybersecurity, it's not
a necessity to start and helpdesk or system administration,

(50:40):
but it is extremely beneficialNot necessary, but it's
beneficial.
So take that for what it'sworth.
Brad, we're going to go to you.
What about you?
What's your take?

Speaker 6 (50:51):
on this.
Being the IT guy originally,i'd have to lean on HomeLab.
But try, hack me definitely isa good resource And HomeLab it's
made on me.
But having that physical touchof a actual infrastructure it
makes a difference Because it'ssomewhere.
If we say serverless, guesswhat It's running on a server

(51:14):
Right serverless is stillrunning on a server.

Speaker 1 (51:17):
It's still on.
what are you?

Speaker 4 (51:18):
pushing on Somebody else's computer.

Speaker 2 (51:20):
Right.

Speaker 6 (51:21):
I'm just wondering.

Speaker 2 (51:22):
Probably had to Google that the first time you
heard it, because you're like,wait a minute, i don't know, i'm
just wondering.

Speaker 6 (51:27):
I'm just wondering It's floating somewhere.

Speaker 4 (51:31):
What It's floating somewhere It's just floating out
there somewhere.

Speaker 1 (51:36):
Pull it out of the cloud.

Speaker 6 (51:39):
And I think Bill had a great point is breaking things
and then figuring out what youdid.
I mean, that's troubleshootingone-on-one, right?
Yeah, if you're doing whereyou're doing, red teaming, it's
kind of like the same concept,right, you tried something.
It didn't work, or you triedsomething else, yup, yep.

Speaker 1 (51:58):
Griffin?
what about you, man?
What's your answer to thisquestion?

Speaker 4 (52:01):
Yeah, it's again, it's D, it's all of the above.
I think, like we said,TriHackMe has come a long ways.
They've got a lot more basicintro stuff now.
So you can start out withTriHackMe, You can learn some of
the basics operating system,networking, all that stuff And
then you go build it And I thinkthat's the best of both worlds.

Speaker 1 (52:21):
Definitely, definitely Nothing beats hands
on And on that note.
So I did a demo qualificationwith Tany yesterday And I can
sell it.
I know the technology, i knowwhat it can do, but I had never
touched the software before inthe extent at which you need to
get qualified.
Now, whether or not I getqualified, it's neither here nor
there.
I don't know if I'm gonna passit.

(52:42):
So, yes, failure is possible,even when you're experiencing
the industry.
Just so y'all are aware, youcan still fail.
But I told him and the guy waslike, look, i'm gonna try to get
you to pass, but I don't knowif it's gonna happen.
I was like, yeah, that's fine,like I get it, but hands on
keyboard Hands on keyboard isclutch because I can learn

(53:06):
anything by touching it.
Let me deploy it, let me playwith it, let me figure things
out.
But if you tell me I gotta getcertified from reading a
computer screen and looking atimages or videos, it's not gonna
happen.
I'm gonna look at it and I'mlike squirrel, it's just not

(53:26):
gonna register with me.
So hands on keyboard is huge.
So yeah, so we'll see whathappens.
I don't have them.
Get them unqualified.
I'm hoping I do So, then myteam can have a lab to play with
, but we'll find out.
Next question or comment ratherwell, it's a question too.
If someone is hacking on yourbug bounty program and brings it

(53:48):
up in an interview would, inyour mind, be a bonus or a minus
?
Anyone who wants to answer?
So, brad, you're part of ahiring team.
What do you think?

Speaker 6 (54:00):
I think it's a bonus.
I mean, I don't see anynegative with that at all.

Speaker 4 (54:08):
Yeah, agreed.

Speaker 1 (54:10):
Yeah, i mean, i think , for all of us that are hiring
managers or are in a position tolike even interview people, if
you're coming at us and you'retrying to figure out our flaws,
i take it as a bonus, i take itas you're trying to learn,
you're trying to go and you'retrying to break in, and we have
an active program out there thatsays, hey, give it a shot, tell
me what you can find.

(54:32):
What I will say to this, though,is, if you point that out, i'm
probably going to ask you whatyou have tried.
I am probably going to ask youwhat tools you've used, how
you've tried to go about it,solely because I want to know
kind of your knowledge base andwhere you're coming from at that

(54:53):
.
If you don't have, if you'rejust like, oh, i use this tool,
okay, well, why?
If you can't give me the why,that's when I'm going to be like
I need that, why, why SQL map,why this out of the third, then
we can have a conversation.
But if you're just like, ohwell, because I Googled it and

(55:15):
it said use this on this type ofprompt, why, what does?

Speaker 4 (55:20):
that mean I want to know you understand it, yeah,
and not just throw a tool at it.
I want to know you understand,yeah.

Speaker 1 (55:26):
Yep, definitely So.
yeah, it's a bonus, as long asyou can explain it Now.
I will say this though Misha,christine, bill, myself, griffin
and Brad you have three seniorsof the industry here.
What questions do you have?

Speaker 2 (55:47):
I'm looking for more in chat.

Speaker 1 (55:49):
I'm sure they're going to come up, but I've got
you three here.
I have to like when I when Iset up a call, or like a talk
with somebody for mentoring typestuff.

Speaker 2 (56:03):
I don't feel like sit down and write out questions
before.
I don't feel like I'm going tobe able to answer that.
I don't feel like sit down andwrite out questions beforehand,
like I don't.
I can't just come up with themoff the cuff, you know, and if
it is something I come up withoff the cuff, i can usually

(56:24):
Google it or whatever you know,find it.
So that's a loaded question.
I have no idea.
What do you want me to ask you?

Speaker 1 (56:33):
So here's the reason I asked First, i want Misha and
Christine to comment on this,and there's going to be a reason
I did this.
I promise you there's a reasonI did it.
but, misha and Christine,what's your response first?

Speaker 5 (56:45):
To him or to you?

Speaker 1 (56:47):
To the fact that I said ask us anything.

Speaker 3 (56:50):
Oh, is Linux used a lot?
Is it good to know a lot ofLinux?

Speaker 6 (56:56):
Yes, Linux is really fine.

Speaker 3 (56:58):
Yes absolutely.

Speaker 1 (56:59):
Yes.
I like Linux.
All of us will give you thesame answer yes.

Speaker 2 (57:03):
But I'm going to give it to you, isn't it?

Speaker 1 (57:05):
But while here's the kicker, right From a
cybersecurity perspective, yes,because you're going to utilize
Linux for a lot of yourpentesting a lot of tools and
things that run on Linux.
However, from an offensiveperspective, you've got to be
able to break into Windows.

(57:25):
Yeah, windows still holds thekeys to the kingdom for most
companies, for just companies,so you have to understand
Windows.
Also.
Linux helps you from aprogramming and breaking into
perspective of being able to usethe tools.
Understanding Windows will helpyou utilize Linux to break into

(57:49):
Windows.

Speaker 3 (57:50):
Okay.

Speaker 1 (57:51):
It's kind of weird, but if you understand both,
you're golden Yeah you also gotto understand Mac is kind of an
outlier.

Speaker 4 (57:59):
Yeah, okay, i was going to say you also got to
understand.
Some companies rely heavily onone or the other.
Some companies are heavy Linuxback-end servers, some companies
are heavy Windows servers, soit really just depends.
So it is important tounderstand both and use both,
because you may run into bothand you can pick your favorite.

(58:20):
But sometimes you may just endup at one or the other.
You're like, oh, i love Linux,and then you get hired by a
company that's Windows.

Speaker 5 (58:25):
You're like oh, okay, well.

Speaker 4 (58:28):
I guess I'm going to get good at Windows now.

Speaker 3 (58:30):
Like you know, it's just the way it is, Yeah.

Speaker 4 (58:34):
You're paying my bills now, so all right, i guess
.
So Yeah, what about?

Speaker 1 (58:38):
you man.

Speaker 6 (58:38):
And if you're going, if you're trying to attack where
the user is, it's going to morethan likely be Windows.
Yeah, infrastructure is goingto be a mix depending on the
organization, but you would seea lot of, especially cloud
infrastructure is going to beLinux, whereas, depending on the
size of the organization,you're going to see Windows at

(59:00):
some point And you'll probablybe mixed in most cases nowadays.

Speaker 1 (59:05):
Yeah definitely.

Speaker 3 (59:06):
So it'd be a good move to really understand the
ins and outs of the Windowsoperating system, and how to
secure it.

Speaker 1 (59:15):
Yeah, because.
So here's my thing.
And again, bill Griffin, bradMisha anybody who knows anything
about operating systems canreally chime in on this, even in
the comments, if you want toput something in the comments,
you know for me understandingboth ends of the spectrum.
So Linux does a lot And a lotof industries, a lot of

(59:37):
companies, especially in cloudand AWS, are using Linux AMIs,
whether it's Ubuntu, red Hat,centos even though CentOS is
kind of going away, but not Idon't know.
I'm kind of confused on thatwhole concept right now.
You know they're using Linux,they're using a Linux kernel.
So being able to understandthat and utilize it and break

(01:00:01):
into it and exploit it and doall these things is vital.
But Windows and Microsoft Azureis still very prevalent.
So if you understand Microsoft,windows and Azure and all these
other things, it can onlybenefit you.
Mac OS is the one outlier that,as security professionals, i

(01:00:25):
find a lot more security.
People use Mac OS because thecompany provides it And then
loads Linux VMs.
The host OS is Mac, the used OSis Linux.
So unfortunately I'm on an M1chip right now, so I got to
figure out that whole nonsenseand how I can go over with my

(01:00:46):
own machines.
This is why I love Windows,because I don't have to worry
about that.
But the M1 chip is kind of awhole different piece.
But yeah, yeah, so we got one.
Oh shit, all right, so we gotthree.

(01:01:07):
So first we're going to putsacred goddess's comment up
there What would you suggest forsomeone trying to get their
name and face out there in theindustry?
And we'll start with Bill,because you're to my left.

Speaker 2 (01:01:21):
I mean, that's like the answer everybody gives you
And it's true, like you movepeople, find somebody that you
like what they're saying andmessage them, talk to them about
it.
And message Derek, get onYouTube.
And yeah, what me?

(01:01:43):
Live, live, live, live, live,live, live, live, live Live.

Speaker 1 (01:01:50):
Live Live Live Live Live Live Live Live Live Live
Live Live Live Live Live LiveLive Live Live.

Speaker 5 (01:02:13):
Live, live, live, live, live, live, live, live,
unlike then.
But just just being there andjust commenting or even sharing
posts has been enough just toget people to recognize my name,
even in the chat, you know,here in the stream, but connect

(01:02:37):
with everybody here, you'd besurprised.
Just, i don't, and I don'tthink I follow Griffin or Brad
or anywhere you know, but I waslike when I leave.

Speaker 1 (01:02:47):
You might, because Griffin is actually.
He's been on the show.
His actual LinkedIn is on aprevious episode, So you may
follow him and not realize it,but I Griffin is on his name on
LinkedIn.

Speaker 4 (01:03:02):
Obviously.

Speaker 5 (01:03:03):
Like just following people and reading through past
posts or just past, like in thevideos.
I've rewatched quite a few ofour you know, even my own
episode and went back for thechat here just to see you know
things, and it sounds reallydumb.
But the only reason I met Derekis because you know we were in

(01:03:24):
a Norse Pagan group together andit just happened to be me going
does anybody here know anythingabout computers?
You know, and then it turnedinto this.
So now and now I've got acouple of people and like I can
see any of your guys' names,probably I'll be in the chat and
know where you guys come fromand what you're doing.

(01:03:45):
Um, and it sounds really dumb,but I've been hunting, like at
my own job, but Like I did today, it's reaching out, email
somebody that you have aquestion about a job description
and Tell them just be honest,like look, i don't know what I'm
doing yet, but tell me what youwould tell me from your

(01:04:06):
perspective in your field.
Yeah, and he got right back toyou.
Got right, yeah, Yeah, that wasawesome.

Speaker 1 (01:04:12):
How do you think?
how do you think Amanda's here?
Misha, amanda is here Becauseshe's awesome and I met her
through one of our discordservers and I'm a third out
there the pagan projectcommunity.
That's actually how I met her.
So that's out there.
If you want to go follow him,pagan project on tiktok and we

(01:04:34):
have a website, the paganproject that work.
But that's how I met her.
So that's why she's here,because we talked and she does
ocent and red teaming.
Though She doesn't know, shedoes it.
That's what she does ocent andinvestigations and Finding
things out that I can never findout.
That's her bread and butter.

(01:04:54):
Like that is golden, great forsocial engineering, great for
everything She does.
I could probably I'm trying tolink her up a corgi to Get more
into that side of things,because that's what they do.
Red, what would you say to thisquestion?

Speaker 6 (01:05:11):
I Think and I fell at this sometimes but consistency,
and so what I mean by that isBrand consistency.
Come up with a brand, whetherit's your name yourself, and be
consistent across the board.
And When the other side of thatis, if you're going to say that
I'm going to post X amount oftimes, do it right, don't, don't

(01:05:33):
stop.
And I'm preaching to myselfhere.

Speaker 1 (01:05:39):
I Podcast episode on Wednesday solely because I was
wondering.
Look, it's recorded.
I recorded it Tuesday.
My laptop couldn't handle theworkload so I could not edit it.
Posted on Wednesday It'll dogin your homework.
It's coming next week.
I'm gonna do it.
I already got it recording,it's already fine.

(01:05:59):
But yes, i get it completely,if you say you're gonna do
something?
fucking do it.

Speaker 6 (01:06:05):
And the other part is is you know, a lot of people
say I have to get this type ofcamera, i have to get this type
of microphone.
Just start, like you'll getthere, just start.

Speaker 1 (01:06:17):
Yeah, i got a lot of tech Rio in a microphone.
That is definitely not a.
I mean, i literally paid.
I don't even know what I paidfor this, i just know it wasn't
a lot.
It's not a broadcast mic and Iknow that because I get the cat
anytime I pull it in.

Speaker 5 (01:06:36):
I mean I've got the chat pulled up on my phone.
You know it's like it's Do whatyou got to do.

Speaker 1 (01:06:41):
Everybody loves it.
Guess what the people that arehere.
They're here for the long haul,so Fuck it.
You're all my family.
I don't care, griff.
what about you, homie?
What's your take on it?

Speaker 4 (01:06:52):
Yeah, so all shifts since everybody else has
mentioned discord and what or uh, linkedin and whatnot is uh,
you know, go to go to in personstuff.
I mean, there's so many Localconferences besides.
You know we have a localconference here, um, you know,
you don't have to just go to defcon, there's, there's plenty of
conferences in different areasThat are local or or relatively

(01:07:14):
local, uh, to wherever you're at, i promise, if you look, so you
know find those, you know checkthose out.
There's um I think I mentionedthis before is um, like meetups
There.
There's so many, so many groups, so many places, so many ways
to meet up with people andconnect and create those
connections.
And I mean, i I've recommendedthat to to a friend of mine to

(01:07:37):
go to the Local conference andgo to the after hours, and it
wasn't, it was just a dinnerthing, but still it was after,
after the local conference.
They met some of their friendsthere.
Sure enough, they got a joboffer and they got a job.
Like it just happens, like justdo it, go meet people, go talk
to people, go to theseconferences, go to these meetups
There.
Are there a guarantee?

(01:07:58):
there's some sort of securityor it, or whatever Meetup group
in your area, you know, check itout.
So sorry you got to get outsideyour comfort zone.
You know that, that's just.
You know, that's just how it is.

Speaker 1 (01:08:12):
Yeah, definitely, and , and so I will say one thing,
and I got two more questions.
We're well over the top of thehour.
Just just so, y'all know it'smy show.
I don't give a fuck.
So I do have one here though.
I got a.
I got a gentleman, uh, fullyraw, 1991, there is nothing in

(01:08:34):
his area of malborn, australia.
I will say this, i put it inchat, i'll say it again started,
start a b-sides, started meetup, start a group, start something
.
Make it part of your community,make it part of your area.
If you don't start it, it'snever going to get started.
So start one.
It doesn't have to be anything,it doesn't have to be anything

(01:08:57):
major, but b-sides and b-sidesevents, dude, if go global.
There's actually, i thinkthey're, they are global
actually at this point, i thinkthere's some in different
countries across the world.
Bring one to your area, talk tothem, make it happen.
B-sides is is vital to ourcommunity, it really is.

(01:09:20):
Have you?

Speaker 6 (01:09:22):
ever?
have you ever talked about howb-side started?
No, I haven't.

Speaker 1 (01:09:27):
I actually don't even know how b-side started.

Speaker 6 (01:09:29):
To be honest, um, so it's uh Company I work for has a
fairly close relationship withit.
Um Is one of the founders ofour company, was one of the
visionaries, originally forb-sides.
So b-side started as deaf conand black hat started to turn
into sales and marketing events,yes, and so you would only get

(01:09:52):
the top talent right or peoplethat were not doing it anymore.
They were just there becausethey were a face or a name, and
so they had the idea to createan alternate conference b-sides,
like the b-sides of a record um.
That was for the peopleactually doing the work, for the
practitioners, and so b-sidesis very clear on when you submit

(01:10:12):
a talk that it cannot be asales presentation.
Right, it has to be somethingthat is, that you are doing the
work, it's research.
You've done a topic of interest, um, and even some b-sides Uh,
b-sides natural nationaltennessee.
They did a, a blind cfp, so yousubmitted the topic without

(01:10:33):
them knowing who you were, andso it's about the idea, not
about the person.

Speaker 1 (01:10:37):
I like that.

Speaker 6 (01:10:38):
So b-sides is is really, really cool.

Speaker 1 (01:10:42):
I like that.
I like that idea too, becauseYou will see a lot of bias in
names and who you are andeverything else.
But if you can see a topic,then you have.
You either accept it or declineit.
There's no In between, sothey're not basing it on
anything.
I like that idea.

Speaker 6 (01:11:03):
Yeah not all of them do that not all do that, but
that was no one.

Speaker 1 (01:11:08):
No, but this is a fan .
I think that's a fantastic ideaon how they do things.
So, so, yeah, um, for fully rawdude, that's a.
I ain't even getting that name.
Look, it's my show.
I'll say Yeah, anyways, startyour own b-sides event and

(01:11:28):
malborn malburn, our australia,and it'll.
It'll go a long way.
I got two more questions andI'm gonna get last words.
Um, first one, jack.
What do you think is the bestway to explain to people that
pen testing and sock analystsAren't the only thing?
that is the cyber security Bigquestion, because I've gone

(01:11:54):
around the room before.
We're gonna go the opposite way.
Uh, griffin, you're up first,tell me.

Speaker 4 (01:12:01):
Oh he's the best, the best way to explain it.
Um, i mean those, those are.
In a way, they're polaropposites, right, your pen
testing is your, your red side,your sock analysts your blue
side, and You'll.
You've got to realize thatthere are so many other
positions.
There's your g rc.
There's your, you know you'reauditing your Purple teaming now

(01:12:24):
.
You know there's just so manyother roles that, uh, that's
just barely scratching thesurface and you really got to
expand your horizons.
We're stuck on me, all right.

Speaker 5 (01:12:45):
You got a pretty face , it's okay.

Speaker 4 (01:12:47):
Oh, thanks, all right , who else wants to go?

Speaker 1 (01:12:52):
You're paying attention.
You all get the bottom.
You got to see who's muted andwho's not And who's actually in
the chat.
Brad, let's go to you.
Homie, what do you?
what about you?
What do you say to this?

Speaker 6 (01:13:06):
So, speaking of b-sides, they actually gave a
b-sides talk Last weekend.
Um, and b-sides hunt school.
That's around this topic.
Where I'm going to turn intothis topic really quick.
Um Is and I thought the thetalk was about the intersection
of it and security.
Um, and What I did is to tokind of prove that there was an

(01:13:28):
intersection, that that it hadmore of a role than what people
think they do.
As they took the cis top 18, um,which is just a Framework,
that's not a regulatoryframework.
I mean it's just hey, youshould do these best security
practices.
Um, and what you can do withthat and this is kind of an idea
I'm coming up with right now asI'm talking, so It may not be

(01:13:51):
fully fleshed out Is readthrough it, right, read through
that framework about how youshould secure things, and you're
going to find things thatinterest you.
All right, you're going to findthings that there's different
things in security that you haveto do to secure an organization
.
Um, and we always talk about.
I mean, everyone looks atPintesting because it's the sexy
part of cyber security, but ifyou look at it from a risk

(01:14:13):
perspective of how cis lays itout, it's the last thing you do.
There's way more work to dobefore you even get to that
point.

Speaker 1 (01:14:22):
And so I'm bringing it back down to this solely
because micha finally broughtthe doggie.
So That's the only reason why.

Speaker 5 (01:14:33):
You know, I saw a dog in image.
I had to bring the dog Oh thebig ones on the ground next to
me.

Speaker 6 (01:14:39):
So So I would just say read you yeah, read through
something, a framework like that, where it's kind of an agnostic
framework, um, where you lookat it and you say, okay, this is
what they say and what we mustdo to secure an organization.
Where do the jobs line up withthis?
Find an area that soundsinteresting.
There's the whole area foridentity and access management.

(01:15:02):
You like to tell the people andtheir access that might be for
you.
That's one way to find it andsee, because that's going to
tell you what the job may looklike, what you're actually going
to be doing to a certain extentto secure an environment and
would you actually like it.

Speaker 1 (01:15:21):
Yeah, this is.
The thing is everybody looks atthe active jobs and they look
at oh, and I'm not going to lie,soc analysts actually comes
after pen testing.
A lot of people look at hackingand cybersecurity as I'm going
to break into things is big,sexy, i can do this and I can

(01:15:43):
know all the things, but thereality of it is people don't
understand.
There's GRC, there's SOC orsome engineering.
There's a ton of differentroles out there.
There's consulting.
There's so many differentthings cloud security and a ton
of different cybersecurityfields.

Speaker 5 (01:16:04):
The thing with that is, though, is how often is it
that people don't realize thatthat's part of cybersecurity?
And that's the thing that I waslike oh okay, so that's the I
mean.

Speaker 3 (01:16:19):
Well, i found Stacey for Packers and Heels from
watching your show.
Yes, she's an organization,because she's amazing, and I
just listened to an interviewwith her recently where her role
at the company is insiderthreats, which is a whole thing
in and of itself, and that's thething you can make your own

(01:16:42):
role.

Speaker 1 (01:16:43):
Here's what people don't understand.
This is what I wish peoplewould understand.
And cybersecurity it is one ofthe few fields that, if you
network correctly and peopleknow what you know, you can make
your own role.
The roles do not exist foreverything.
You can make your own.
People will bring you inmanagers, directors, SISOs will

(01:17:07):
bring you in based on yourknowledge, based on what you
know, and be like holy shit, youcan do this.
All right, you're coming towork for me.
You're going to secure thisside of my shit And we're just
going to come up with a term forit.
We're just going to make someshit out of thin air.
We're going to pull it out andyou're going to get paid X
amount of dollars.

(01:17:28):
Like, they will do that for you, because our industry does not
have rules for everything.
It doesn't.
A SIM engineer can't engineeranything but a SIM.
But you bring in a SOC engineer, You bring in an automation
specialist, You bring in an OSINspecialist.

(01:17:48):
They will create fucking rulesfor you.
They will literally pay youFuku Bucks and just make shit up
out of thin air.
Like you know what.
We're going to give them thistitle, This one right here.
We're just going to There it is.
That's your job now.

Speaker 6 (01:18:07):
Yeah, I would say also don't assume the position
is going to fall under acybersecurity department.

Speaker 1 (01:18:14):
It might fall under IT.

Speaker 6 (01:18:15):
It might fall under IT, Especially early on in a
program.
it's all IT.

Speaker 1 (01:18:23):
Yeah, it, grc.
A lot of people bring in GRCeven before they bring in cyber,
because they have to becompliant with certain
industries and certain standards.
So GRC is another huge one.
So, understand, these thingsare big, they're huge, they're
all different.
And then we got one more and Ido want to get this up.

(01:18:44):
And then I want to geteverybody's last words.
Let's say someone passes theinterview process and gets hired
.
How do you measure theirperformance?
How long do you measure theirperformance?
I don't mean the company'sprobation period.
I didn't know we had aprobation period.
Let's go with Griffin first Goahead.

Speaker 4 (01:19:07):
I mean, yeah, obviously some places have a
90-day probation period, butanyways, besides that, yeah,
pass the interview and get hired.
How long?
How do you measure theirperformance?
So one good way is, before theyeven get hired, you need to be
prepared for that.
You need to have a.
Why are you hiring this forthis position?

(01:19:29):
What are the goals that youhave for this position?
What do you expect them to do?
What are the jobs, what are thetasks, projects, etc.
So you need to have those kindof laid out and say, okay, first
30 days.
Okay, you get used to thecompany and you start meeting
people and you can start workingon this.
Then say, the next 30 days,same thing.

(01:19:52):
Okay, you're going to work onthese things Next 30 days.
Okay, we're going to put it alltogether.
That's a nice way to do it.
Some places it's just here goto work, start, yeah, go.
All right, here's 10 things weneed you to do that we needed
done yesterday.

(01:20:13):
I've been in both situations,so it really depends on the
company.
But yeah, definitely what Imentioned first is more ideal of
like okay, we're going to getyou acclimated And we're going
to get you your tools and letyou get set up and figure things
out, and here's what we needyou to do for this role.
That's the nice way to do it.

Speaker 1 (01:20:37):
I've got a different take, but we're going to go to
Brad first.

Speaker 6 (01:20:40):
So it depends on the size of the organization,
depends on the organization asfar as how you go about this.
The way asking work best andhappens to be what organization
now does is you'll see,companies have values, right?
Well, most of the time they putthem on the website and then
they never talk about them.

(01:21:01):
They're just there, they'rejust words.
It's that if it's anorganization that truly believes
those values, you have thevalues.
You have a bar of what theymust meet, right?
So, whatever those values are,the individual must meet those,
right?
And then you measure them onthose values.
right, because if your companysays those are the values, the

(01:21:22):
people should be meeting thosevalues, and if they're not, then
they shouldn't be at thecompany.
And so you set the bar, you getthem to meet the bar and then,
if they're not meeting the bar,figure out a way to correct that
.
whatever, it is right, and thebest way to do that is to not
wait for a yearly review, right?
It's horrible, right, becausethat means they've been messing

(01:21:46):
up and you've been not trying tofix it within the year, right?
So as a manager, talk to themevery 90 days, have a
conversation.
Where are they at right, wheredo they need to get, where are
they struggling with?
So that at the year mark itshould be a good conversation,
because you've talked about itevery 90 days And so some of
that goes back to just goodmanagement.

(01:22:07):
Obviously there's if anorganization may have some kind
of performance indicator of somekind right, depending on what
you're doing, your writingreports right, how fast are you
getting the reports out, thingsof that nature, some things that
you can't measure, but I thinkoverall it's about communication
.

Speaker 1 (01:22:27):
So I have two things to this.
Well, maybe more, i don't know.
I'm going to rant and thenwe're going to do final work.
So, mark, goals there you go.
Yes, you said it, So I'm goingto say this Once you get hired
now me, i came into a team thatwas already established, hiring

(01:22:50):
my first person.
But either way, the hiring ofthe person doesn't matter.
I measure performance based ontwo things.
One, are you doing the job thatyou were hired to do?
So if you're a junior, I expectyou to be learning.
I expect you to be a backup, ashadow.
You may take lead on thingshere or there, but you're still

(01:23:13):
a junior.
You should not be the soleperson client Right.
There should be someone else inthere in between you, because
you're still learning that role.
But that's because of where Ilie.
I lie and implementimplementation team.
So my team should be able todeploy things, should be able to

(01:23:36):
do certain things, but you, ifyou're going to be client facing
, you need to be able to havethose intelligent discussions.
If I cannot rely on you to beable to talk to the client at
their level, we're going to havea problem.
And by at their level, i meanyou have a project manager, you

(01:23:59):
have maybe SSO, you have asecurity director, potentially,
and a security team.
Talk to the lowest level.
If you cannot talk to thelowest level mean you are going
to have a conversation, we'regoing to work on your soft
skills to develop that skill set, But after so long, if you
can't develop that skill set, icannot put you client facing.

(01:24:22):
I can't put you in front ofclients because you cannot talk
to the client, because you'regoing to talk over their head
And I know people that will talkover even my head, been doing
this shit for 20 years and willstill talk over my head And I'm
like look, homie, break it downfor me.
Please Give me Marine style.

(01:24:43):
I need the crayons brought out.

Speaker 4 (01:24:46):
Oh man, that's real low.

Speaker 1 (01:24:47):
I need a drawing.
I do work, staying some shitthat I don't even understand,
like I've been in this so longthat I can't keep up with
everything.
So if you're bringing up a newtopic that I've not researched
and you're talking to the mostadvanced level of it, please
break out the crayola.
Like, give me Marine style,give me Marine style, give me

(01:25:11):
something so we can actuallyunderstand.
But I say that, saying this Imeasure performance based on two
things A are you askingquestions?
So if you don't understandsomething, if you don't know
what you're doing, are youreaching out to your peers that
work within the organizationWhether that be me, whether that

(01:25:34):
be somebody else on your teamthat happens to know what
they're doing and saying, hey,how do we get this done?
If you're not doing that?
that means you're notcommunicating, and communication
is key within the industry.
So much that goes into it.
And then, on top of that, look,just go for it.

(01:25:56):
Like, put your all into it.
If I know you're giving yourbest effort, that's what matters
to me.
I don't care about the company,i care about you and what
you're giving to yourorganization, and if I think you
have value, that's what matters.
But anyways.
Misha's internet went to crap.

(01:26:17):
A lot of people.
We are well over time.
So I wish I would have caughtthem beforehand.
We're going to go around thehorn and we're going to go the
opposite way, Griffin.
give me some final words.
man, What do you got foreverybody trying to get into the
industry?

Speaker 4 (01:26:35):
Yeah, like I said, take advantage of all the free
resources out there.
Take advantage of all thenetworking you can, whether it's
online or there's plenty ofonline virtual stuff that's free
, sans whatever.
Take advantage of all that.
That stuff didn't exist 10years ago.
Take advantage of it.

Speaker 1 (01:26:54):
Brad, what about you, brother?

Speaker 6 (01:26:57):
I'd echo the same thing.
I'd also say we're at a pointwhere we all know this is
important, we all knowcybersecurity is important And
this is a particular time, ifeel like in history, where we
can.
You can ride the wave and youcan have a career change.
You just got to put in the work, so just keep going.

Speaker 1 (01:27:21):
Bill, what about you?

Speaker 2 (01:27:24):
Keep going, Just keep swimming.
I don't know how to say it.

Speaker 1 (01:27:29):
Congrats you're more than welcome.
Just keep swimming Just keepswimming Yeah.

Speaker 2 (01:27:39):
Make the time and do it.

Speaker 4 (01:29:21):
Cheers.

All Episodes

Episode Transcript

Popular Podcasts

Crime Junkie

24/7 News: The Latest

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Celebrating Milestones and Navigating the Cybersecurity Industry: Personal Journeys and Practical Advice

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Crime Junkie

24/7 News: The Latest

Stuff You Should Know

All Episodes

Celebrating Milestones and Navigating the Cybersecurity Industry: Personal Journeys and Practical Advice

Crime Junkie