Have you ever wondered how a medical coder could switch careers and become a Cyber Security enthusiast? Well, you're in for a treat as we sit down with Adrienne, an inspiring warrior in the Cyber Security realm. Adrienne's journey is as fascinating as it is inspiring, from tinkering with tech, enduring a failed software development bootcamp, to finally discovering her passion in Cyber Security. She shares her experiences and emphasizes the importance of having a supportive "tribe" to combat the challenges in Cyber Security.
The tech arena might seem complex and intimidating, but in our candid chat with Adrienne, we break it down for you. We explore the significance of translating complex technical information into an understandable language, the role of continuous testing, and the allure of bug bounty programs. We also touch on the exciting evolution of technology, with a nostalgic nod to the rise of home computers in the 90s, and the unique experience millennials had growing up with and without tech. Adrienne also shares a hilarious anecdote about wisdom teeth extraction, giving our conversation a light-hearted touch.
As we navigate the vast world of Cyber Security, we underscore the importance of comprehending both blue and red team methodologies, emphasizing how working at odd hours can sometimes lead to more efficient results. Adrian opens up about her experiences with night shifts and chronic illness, offering an insightful perspective on the intersection between personal habits and professional productivity. Lastly, we emphasize the critical role of networking and building relationships in the world of Cyber Security. So, buckle up for a deep dive into the world of Cyber Security with our warrior guest, Adrienne, and don't forget to change those passwords!
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Welcome everybody.
it is me, it is the CyberWarrior, and I know all of my
amazing warriors here today arein for an amazing show.
I hope you have had an amazingweek.
It is the end of another week,it is Freya's day and I am here
to party and have a grand time,because that's what we do here,
We always have a good time, butI do have an amazing show
planned.
I have another amazing newcomerto Cyber Security on the show
(00:25):
And I promise if you stickaround for all of like 10
seconds, you're gonna meet herhere in a minute.
So hold your horses.
There it is in the officialsound of security happy hour
(00:47):
starting, and I am here with you.
Know, i never got the correctpronunciation of your name
before the show and I'veprobably sure done that, so I'm
gonna take a shot in the darkhere and say Adrian, am I right
or wrong?
Speaker 2 (00:58):
You are right, my friend.
Speaker 1 (01:00):
Yes, So it is good to have you here.
Adrian, cheers skulls,everybody in the audience.
I love you all.
Thank you for joining us thisevening.
We got an amazing show plannedNow.
Saying that, adrian, i knowyour current role, but please
(01:20):
give us a rundown on who you are, what you're about and why.
Cyber Security.
Speaker 2 (01:26):
Well, i'm a Looney Tune and Cyber Security is fun.
I hear Tweety.
I hear Tweety in the background.
Well, okay, i was actuallygonna ask.
I forgot to ask about that.
Yes, i am the whole rundown.
Speaker 1 (01:41):
You can make a brief.
Whatever you wanna tell us.
Speaker 2 (01:45):
Coach and teacher 20 years.
Medical code are four yearscurrently fighting against
insurance companies that I juststarted that job today.
Cyber Security as soon aspossible.
Speaker 1 (01:59):
So what got you interested in Cyber Security
besides being a Looney Tune?
What about it?
Speaker 2 (02:04):
I was a closet nerd and didn't know it.
Oh, i like it.
I didn't know, i had no idea.
How did you not know?
Speaker 1 (02:12):
I don't pay attention , i was busy, you're like the
rest of the people that find itlate in life.
You're just kinda like holyshit.
I really do like tinkering andbreaking things.
I do.
Speaker 2 (02:26):
Well, i used to like to break shit when I was a kid.
I took apart phones and I tookapart just put it in front of me
, screw it ever and I would takeit apart Forgot to have work
And then fast forward to gettingmy medical coding education.
We had to take a course oncomputer.
I don't remember the name, butI was like oh yeah this computer
(02:49):
And looking for a better payingjob.
And oh, the computer's all sofun And hey, maybe I should.
Hey is that a thing.
And research, because I don'tsleep very much and I research
online a lot.
So guess what I found?
I know I had IT jobs.
So I got my first healthcarejob and was looking at IT jobs
(03:12):
for the same company.
It was a university hospital inPortland, in Portland Oregon,
and started applying for the ITjob.
just to see what happened.
The director of the departmenthey, let's talk, let's go have
coffee, Really sweet.
So he's like I like your resume.
You have zero IT skills, but Ireally like your resume.
(03:33):
And now that I've met you, Ireally like you.
I was like, oh, thanks, And thecoffee's good.
And he gave me some tips and Iused those to research and
figure out things more anddecided, maybe on software
development, joined a bootcamp.
It went spectacularly wrong,Poor thing.
Speaker 1 (03:52):
I like how you said.
It went spectacularly wrong.
Speaker 2 (03:55):
Just awful, legally so to the point where lawsuits
were filed and it was just bad.
I can't talk about that.
So after that it was like well,what else?
Cause now it's softwaredevelopment, so what else?
And then the joke on our studygroup for that bootcamp we made
a study group.
The joke was I like hacking.
(04:16):
In any time anyone mentionedthe word hacking I was like what
?
Let's hack, let's break it inshit, let's do it, let's break
it in shit.
So we came to the joke and it'slike Adrian, cybersecurity girl,
and I was like that's the thing, yes, you can hack for work,
what?
So?
that's how I figured it out.
Speaker 1 (04:38):
That's awesome because I got my friend Amanda
here.
So what I'm hearing?
No brain closet nerd quirkypersonalities and late night
research are symptoms of buddingcybersecurity seeds.
Speaker 2 (04:50):
Yes, and I have a lot of hoodies, so I'm all set.
Speaker 1 (04:53):
Yeah, even better, yes, yay.
Speaker 2 (05:00):
Oh, i have a thing for you.
Uh-oh With her name, uh-ohCause I know it trips you up.
You wanna try.
Speaker 1 (05:09):
Wanna what.
Speaker 2 (05:10):
Okay, so say one hour .
Speaker 1 (05:14):
One hour.
Speaker 2 (05:15):
Okay, now pretend you're in New York and you kind
of throw a little New York on it.
Say one hour.
Speaker 1 (05:20):
One hour Now put an M in front and tweak the A's and
say one hour, one hour.
Speaker 2 (05:32):
Darling, let me know in the chat if I got that right.
You're always like no, I don'twanna say her name.
God is terrible, I don't haveany.
It's like one hour.
Speaker 1 (05:42):
Not today.
She knows I love her.
That's my other warriors.
She knows what I want to do.
I know.
Speaker 2 (05:48):
She's actually what turned me on to you.
I saw her interview and I waslike yay, yay, oh, maybe my
tribe.
Speaker 1 (05:56):
Oh look, this is trying to show everybody.
You know that.
Come on now.
Yes, we are all warriors here,we're all fighters, and we are
all here to do big things.
So I gotta ask, though, becauseyour whole premise behind this
show and everything you wantedto talk to was about coaching.
Now, i've been a coach once inmy life, no twice, and I don't
(06:20):
do well at coaching because Iyell at my kids all the time,
but I threw balls at their face,so yeah, I actually I would
swear at my kids and then I'dhave other parents come up to me
and go can you please talk tomy kids like that?
And I'm like, no, they're notmine.
No, it's not gonna happen.
I don't need some parent all ofa sudden getting upset because
(06:42):
I said the wrong thing to yourkid.
Nope, these are mine.
I could do what I want.
Speaker 2 (06:47):
Do what I want.
This one is mine.
This one is mine.
Speaker 1 (06:52):
So what about coaching?
And I think coaching brings alot to the industry that other
people don't realize.
Also because, hey, you'redealing with kids and children
which, let's be honest, thereare certain people we deal with
on a daily basis that act likekids and children.
So you know what about coaching?
that you know sparks yourinterest, that you wanted to
talk about on here.
Speaker 2 (07:12):
Well, it's more.
What transfers from coachinginto cyber, into IT, into a lot
of different places Could youcause?
like you said you're, it's withkids And the biggest thing with
kids, because they haven't beenon the earth as long as we have
as the older adult adult.
Yeah, that's the objective Weare.
(07:34):
Number one job is to teach,correct And to train.
And if you are worth your salt,worth your body weight, anyway,
if you're worth the title coach, you focus on what our friend
KevTech preaches all the damntime Foundation, focus on the
(07:55):
fundamentals, build yourfoundation, a plus foundation
fundamentals.
That's what you do.
And I saw a LinkedIn post acouple of days ago and I think
it's from the unpopular opinionguy I can't think of his name.
Speaker 1 (08:10):
Josh Copeland.
Speaker 2 (08:11):
That's what I said And he was saying about.
he was saying about you know,all these new sparkly tools And
for some of us it's like ohsquirrel, oh toy, ooh shiny.
It's like, and that's fine,it's also me.
But the thing is is, if he was,his focus was if you've got
(08:31):
your fundamentals, if you havethat foundation, if you know
what you're doing and you dohave tools that currently work,
you know, find the new one, tryit out.
If it works, great.
But the bottom line is younever leave your foundation and
your fundamentals for said newshiny tool, toy, whatever.
So that's the whole thing withcoaching is teaching.
(08:51):
but I've heard you talk inother interviews because I've
been watching the recordings andeverything.
They've been interesting, lotsof good information, connected
with a lot of great people.
So all of you who've connected,thank you very much.
And the thing with the teachingis When I hear some of you talk
about you know I have to write areport, But you have to break
(09:15):
it down.
No, and it's fine, you have tobreak it down So the CEO can
understand because broke toomuch tech get out, yep, and
they're not having it.
But when you teach, when youcoach, you can't, you have to
break it down to what they knowand you have to.
the thing is is like I was alsoa teacher teacher, so I taught
more health, but The thing is isstill is you have kids who Just
(09:45):
no clue, kids who are kind of amiddle of the road, and kids
who are like I'm done, can I gonow?
So you've got to meet everyonewhere they are and the thing
with being a good coach is okay.
You guys are a little bit slowgroup.
You guys are right about on parwith this course and you guys
are so far ahead You're almostat my level.
Yeah, so I'm gonna pair y'allwith the middle group and I'm
(10:10):
gonna take some of the advancedmiddle group And I'm gonna put
y'all with a slightly behindgroup and you just you get
people to meet them where theyare and Grow them with whatever
skill, whatever topic, whatevertechnique, whatever Subject, so
that you can help educate thewhole group and the whole don't
leave anyone behind thing It'sand it becomes like a team
(10:31):
effort and it's great.
So that's the whole thing withcoaching shenanigans.
Coaching is a bunch ofshenanigans.
Speaker 1 (10:37):
Let's be honest.
It really is a lot ofshenanigans to go on a coaching.
But it's just because you haveto.
You know, and again to yourpoint when you're This is the
problem we have with a lot oftechnical people, a lot of
technical people and this is whythere's a difference between
Being able to be technical andbeing able to speak to
executives.
A lot of technical people cannotspeak the language of
(11:00):
executives.
They're, and I gotta be honest,i've talked to technical people
that talk way over my head andI've been doing this shit for
like 20 years like Well, and noteven CEO, just layman, just
someone who's not technical.
Speaker 2 (11:14):
It doesn't see you use a certain vocabulary.
You can just talk to Judy onthe streets.
Hey, let me explain thisconcept.
Oh okay, i got it technicalnerd, technical nerd, technical
nerd, talk.
Speaker 1 (11:26):
Well, she doesn't get it, so yeah, And so and this is
why I think we have an issuewith a lot of our cyber
awareness training And this iswhere I think it really would
come into play is being able tobreak things down So they
understand it, and let's behonest, that the CBT training is
complete garbage, and anybodywho thinks that's a great idea
(11:47):
for Learning cyber awareness toa bunch of people that gives
absolutely no fucks about Youknow cyber awareness as it is
Yeah, you're wrong.
It is the worst thing you cando, because they're just gonna
click through and like can Itake this test Retake?
take this test retake, takethis test retake.
Okay, i pass now and go aboutthe merry way.
Speaker 2 (12:08):
I have a question.
Yeah, what is CBT training?
Speaker 1 (12:11):
Computer-based training and it's all this
stupid computer trainings you dowhen you started a company.
Speaker 2 (12:17):
I knew that.
Speaker 1 (12:20):
Yeah, and it's.
It's one of those things thatWe got we had in the military.
The military was the worststupid Jeff.
He was an asshole.
Anybody who's in the militaryor was in the military knows
exactly who I'm talking about.
Speaker 2 (12:39):
Oh.
Speaker 1 (12:41):
No, no, no one like.
But that was like the worst.
So what we did is us being incyber and IT?
well, we found ways around thecourse.
We would be able to find theURL and like true, true, true,
true, true, true, true.
Okay, i could take the test nowand you never went through it.
Because I like, why, like?
I do this for a living.
(13:01):
I know what not to do.
Let me take the damn testguilty, all right, like It's
like.
If this is what I do, why do Ineed to?
I get it?
We all fall victim to this shit, but it does not mean I have to
be Reinformed how this works.
No, like, i know how it works.
I know what to look for.
Just, sometimes I'm in a hurrybecause I'm a jackass and I go
(13:23):
click shit.
Yeah, should not have done that.
Speaker 2 (13:29):
Okay, i'm gonna a saw , he knows.
Oh Nice, because I said I'mstill.
Speaker 1 (13:38):
I'm still on my IPA, but it's not my first drink of
the night, so you know neitheris mine.
Speaker 2 (13:44):
I had the two cheers, my friend.
I had the two Guinness, youremember.
Speaker 1 (13:48):
Yep.
Speaker 2 (13:49):
Yeah.
Speaker 1 (13:51):
If you can bypass the test and you're already cyber
aware.
Speaker 2 (13:58):
So yeah, i have to do CE use for my medical coding
and They bet has.
Speaker 1 (14:06):
We, i gotta do them.
I still got a look.
I got to check my cispy andlike my search and see where my
CE use are at, because I'm kindof like I really care about
these certifications anymore.
I do the job on a daily basisand I'm always researching but I
(14:26):
don't have the brain capacityto sit down at a webinar.
I'm like all right, let melisten to this dude drone on for
an hour.
Speaker 2 (14:32):
He's not even drinking.
Speaker 1 (14:35):
This is gonna be a long one Like this is why when I
go to conferences, i go tonetwork.
I don't go to conferences forthe talks, because I can't
personally.
My brain doesn't work that way.
I can't sit there through thatand just watch somebody talk.
Speaker 2 (14:51):
Well, it'd have to be really fascinating.
Speaker 1 (14:53):
Exactly, and it would have to like include a lot of
fun interaction and stuff likethat.
At least on this show youpeople can talk and I can have
them, you know, time in and askquestions, and it actually makes
sense.
Speaker 2 (15:09):
Yes, it would be my work.
Speaker 1 (15:11):
They have us run CBT's at a minimum of every
quarter And we have to run themfor the project we are on as
well.
Oh, i'm sorry, that's tragic,yep James.
Hopefully That can go away assoon, because I hate CBT's.
(15:32):
This is the problem I have,though.
I can't do web-based learningat all.
I can't.
I Don't work.
My brain doesn't work in such away that I can like watch
videos of like oh, this is howyou use our product.
Can I just use your product andfigure it out, because that's
all I learned?
If I'm not using it, i'm gonnamy brain goes and Monitor to
(15:54):
here we go, i'm going to forget.
Speaker 2 (15:56):
it's like okay, one hour training, i forgot
everything.
but thanks, i'm gonna go for it.
Speaker 1 (16:01):
Yeah, so it's just one of those things that I don't
.
My brain doesn't work well likethat.
I got to be in a classroom Ihad never reversed engineered
anything and I went to theGraham class for sands.
And because I got to go, hey, igot questions.
Hey, can you, can you help me?
Hey, can you explain thisconcept in a little bit more
detail?
because I think I'm there ButI'm not all the way there.
(16:22):
Like that helped and that's howI got my gram, not because I
knew what the fuck I was doing,but because I was able to ask
questions and understand theconcepts and then take those
concepts with me to the test.
Speaker 2 (16:33):
Right, figure it out.
Speaker 1 (16:35):
But now look, i ain't touch reverse engineering shit
since I got the certification.
So somebody asked me to do itnow, like let me pull out my
books and see if I can figure it, because give me a minute, i'll
go figure it out.
Speaker 2 (16:46):
Let me get back to you.
Speaker 1 (16:47):
Yeah, I had a 17 year old run circles around me when
it came to reverse engineeringstuff.
Oh no like literally, I was likeWe were talking on discord,
doing some stuff on hack the boxand working through some things
, and After a while he was like,yeah, go do this, this and this
.
He's like you're using theright program.
You just got to be able to dothese things and then you'll see
(17:08):
it eventually.
At this point I was likealright.
I was like I gotta ask how longyou've been doing this and how
old are you.
He goes I'm 17.
I don't even do this for aliving.
I was like What homie the west?
so you're gonna put me in aclass and me and you were gonna
sit down and we're gonna figureit out.
Speaker 2 (17:25):
I Know, teach me please.
Yes, but hey, i mean learn fromthe babies.
They know what they're doingsome of right, amanda.
Speaker 1 (17:36):
We are talking about reverse engineering, malware.
Well, that's what we just thesubject We were just talking
about, which basically says takea program and or malicious
program, find out how it worksand how it was coded and what it
does.
That is reverse engineering.
You basically run it through aprogram, let it run on its own,
find it step by step and stop itwhen you can.
Goodbye, guys, see you never.
(18:00):
He, he, he.
Okay, i'm confused.
Moon.
Speaker 2 (18:04):
Okay, bye.
Speaker 1 (18:06):
Anyways, bye, i'm still listening.
Okay, cool, glad you'relistening, but I just, yeah, i
think coaching and I think justeverything in general, people
don't realize how much of othercareer feels Feed into
cybersecurity in the things thatwe do on a day-to-day basis And
(18:28):
And that's the military toothat, like that, is a huge
problem with the military theydon't know how to transcribe
their experiences onto a resumeso that it fits other jobs and
And that is a huge issue withwith people that are retiring
out and even going through Whatdid we call it SFL taps?
(18:50):
so for the army, they call itsoldier for life, transition
assistance something, but it wasbasically a program for
soldiers transitioning out andthey do a resume class, they do
a LinkedIn class, they do otherstuff and And I still don't
think the resume class taughtpeople how to properly
transcribe their experiences andwhat they went through and what
they did as a job and Intocivilian Skills translator.
(19:16):
Yeah, yeah, and I don't think, idon't think they do a good job
of that.
Speaker 2 (19:20):
Well, a lot of a lot of us don't?
Speaker 1 (19:24):
No, that's anywhere.
That's any job Yeah.
Speaker 2 (19:26):
I don't.
I take, you know, i've had, youknow, these different jobs.
It's like, oh, you cancompletely apply for this one,
how You've got these skills.
Where This means that thismeans that I was like, really,
that's what that says.
Okay, sure, how do I say it?
and I, they have to show me howto reword it so it actually
(19:48):
matches What the skill is thatthe job was looking for.
So, yeah, i think I had tolearn.
Yeah, a lot of people do a lotof people do.
Speaker 1 (19:57):
I mean I locked out.
Coming up and growing up in IT,i had my first computer Was a
DOS 3.1 system and it was aPackard Bell, i think, jack, you
know.
Speaker 2 (20:07):
I.
Speaker 1 (20:08):
Right back in the day with like the five meg hard
drives like they were garbage.
But they bring commander Keenand Wolfenstein 3d like a
fucking champ.
That's all I cared about.
Speaker 2 (20:19):
I didn't have fluffy just.
Speaker 1 (20:21):
Yeah, they did the five and a quarter, not the
three and a half, the five and aquarter, but it did have a
three and a half also.
But it had both of them Rightbecause your storage okay went
from like 256 K to 1.44 meg.
Speaker 2 (20:42):
Remember that we were so excited.
Speaker 1 (20:56):
I love it but why you bought it for me?
I got one, two, three, four.
I think I like six of them.
I got six.
Speaker 2 (21:04):
Well see, i'm a lot older than people think I am, so
I mean, i literally rememberwhen those came out and a few
things quite a long before.
Speaker 1 (21:12):
So the best is, millennials grew up before and
after so, but the millennialscame up without the tech and
with the tech, yeah.
so what a lot of people don'trealize is guess what I've been
around since home computersfirst came around, because, even
though they, hit in the 80s.
Though the first computers hitin the 80s, they really didn't
(21:34):
go mass market until early 90s.
That's when they really startedhitting the homes, and so in
the 90s is when I got our firstdesktop.
My dad was a PC person.
My uncle had a Mac 2 or Mac 1.
Speaker 2 (21:48):
I don't know, he had the original Macintosh.
Speaker 1 (21:50):
I Hated Macintosh.
At the time I was like thisgarbage.
Never understood why.
I was a kid, i had no clue.
I just knew my computer couldplay games and his had crappy
games and I could play OregonTrail and Commander.
I remember that I mean I.
We were on tiktok live theother day just talking about the
(22:11):
old tech that we all had likegrowing up, with the NES and You
know Castlevania's in the, andeven though it says do not blow
on cartridge, you're still.
Speaker 2 (22:24):
Down exactly what you did.
Shit Didn't work.
Speaker 1 (22:32):
Cardboard and shove it in there to hold it down.
Speaker 2 (22:36):
All those, all those things?
yes, absolutely so.
Speaker 1 (22:43):
I mean, we all came up in it.
So I truly think that justabout anybody.
If you have used a personalcomputer at all in your life,
you already have more experiencethan some other people that are
actually doing the job ortrying to get into the job.
There are some people trying toget in that had never touched a
computer And you ask them howto turn on a computer and
(23:05):
they're like, and you're like.
Speaker 2 (23:09):
I really want you to be joking right now.
Speaker 1 (23:14):
Yeah, I'm not.
Speaker 2 (23:16):
No, no, no, no, no All right.
Speaker 1 (23:22):
So let's put it this way.
There are people that I havetalked to.
Now they may have been jokingwith me.
I pray they're joking with me.
I prayed to all the gods thatmaybe they were joking, but I'm
talking people seriously.
Maybe maybe use the wordprocessor at one point in time
in their life or took a typingclass in high school And we're
(23:44):
like so I've been doing likethis job for 30 years and I want
to be in cybersecurity now.
Cool.
Do you know what the internetis?
Yes, okay, we've establishedthat.
Do you know what Google is?
Yes, it's in the media all thetime.
(24:05):
Okay, we've established that.
So what do you want to do?
Well, i don't know What iscybersecurity.
I just hear the term all thetime And I'm just like so you
got to go do some research andthen come back.
Speaker 2 (24:16):
No no, no, no, That's probably why I've been watching
a lot of your videos, becauseI've heard you say that before.
It's like I'm happy to help you.
What do you want to do?
Okay, go figure that out firstand then come back and talk to
me.
Speaker 1 (24:31):
So I've been watching a few of your videos and a
bunch of other people's videos,so working on it And me and my
friend Amanda who's in the chatshe's one of those that I love
her to death and me and her areworking on it, trying to figure
out where she'll fit in.
And she understands that likeshe doesn't really understand
the field necessarily, but she'sgood at in the field, without
(24:51):
realizing it.
She's an investigator, osint,like, does a bunch of stuff, and
did not realize she was asecurity person until I
explained to her actuallyeverything you do could be used
for a red team.
Just saying Nice.
So she is good at a lot ofthings, And so me and her have
(25:11):
talked about it.
So it's just a matter offiguring out how to get the
training so that she understandsthe terminology.
So when you're good at it butdon't know the terms, you've
just been doing it.
It poses a challenge So that'swhere me and her are working on
right now, trying to figure outthe best way to get her to learn
that.
But she will be on this showeventually.
Yay, eventually.
(25:32):
Once we get her comfortableenough, i'm going to have her
own walk with me first, beforeshe's on this one.
Okay, that's cool.
Speaker 2 (25:38):
So walk with me is good.
I have seen a couple of videosfor GRC and thought, because I
know during those twoconversations HIPAA was
mentioned and, being a medicalcoder, i'm saturated in HIPAA,
hipaa and high trust So I waslike, oh, i might have a good
idea.
(26:00):
And then I heard a young manthat I cannot remember his name.
This guy with a face did avideo interview and talked about
you know, everyone's wanting toget into cyber.
Everyone wants to get intocyber And pen testing is a hot
new thing and team blue, teamred team, all the things.
And he's like I have anexcellent idea for you to get in
(26:21):
quick and fairly easy and slideright on in their first job and
then laterally transfer towherever you want to go.
Hit me, garbage jobs.
Why would you call it garbage?
He's like find a job no onewants to do, okay, okay.
And he says the first thing outof his mouth was the words.
(26:42):
Were the words it?
auditor.
I was like huh, he's like it'sboring.
And I'm like, is this a salespitch?
It's boring, no one wants to doit.
And I'm like that doesn'treally sound all that awesome.
And it's like, well, since noone wants to do it, guess how
many jobs?
(27:02):
So slide your foot right on inthere, do a good job talking to
the C sweet CEO, cio, cto, cfo,c3po, like my friend Dax says
and you're making all thesefriends And next thing, you know
, you do a good job.
Latter way transfer tosomething you really really want
to do, not to mention, youlearn a ton of information.
(27:24):
the entire time I was like Idon't think I can do that.
Speaker 1 (27:29):
Yeah, it's for it.
That's the big thing is what alot of people don't realize.
You don't see IT auditor,security auditor, all these
things.
You don't necessarily have toknow all of the technology or
how everything necessarily works.
You need to know theregulations Through learning the
regulations, through learningthe HIPAAs, the PCIs, the SOCs
(27:51):
and everything else NIST and CISthen you learn okay, well, how
do we address this?
Oh well, you need a firewall,it needs to log, it needs to go
here.
We need to have centralizedlogging.
Speaker 2 (28:01):
It needs to do all the things, yeah.
Speaker 1 (28:03):
You need to figure out what those are and dig in.
that way I can actually do it.
I don't need to rely on someoneto answer these questions for
me.
I can look at it and just knowIt leads you down that path that
I think GRC is really in anytype of auditor role.
It's really a good startingpoint.
I'm glad you brought that upbecause as much as I talk about
how good GRC is and I really doI never thought about how good
(28:26):
maybe an auditor starting pointis for a lot of people trying to
break into the field.
because you do.
you get to evaluate all ofthese different technologies and
all of these differentstandards and learn the verbiage
and acronyms and everythingelse behind it, because you have
(28:47):
to know it to do the job Right.
But instead of having to havehands on tech, you get to at
least get the verbiage and thenyou can learn the tech.
Speaker 2 (28:57):
You mean all of these acronyms?
Speaker 1 (29:00):
Oh goodness.
Speaker 2 (29:05):
I'm studying for the security plus and this hurts.
Speaker 1 (29:11):
I lucked out.
I ain't gonna lie, i was verylucky growing up in that I knew
I loved computers and IT andthis is what I was going to do.
Now, i did not know I was goingto go into cybersecurity
because it wasn't a thing whenwe were growing up.
I just knew I loved computersand I was going to be a work on
(29:33):
computers the rest of my life.
Then, in 05, 04, whateverwireless came out and I broke
into my first wireless network.
I was like, oh, i'm going to bea hacker, so I'm going to do.
I thought about that Actually.
Speaker 2 (29:47):
I thought you talked me off of that.
Speaker 1 (29:49):
And then I learned after being a pentester how much
paperwork was involved and waslike, yeah, no, i don't want to
do this.
So I'm good, thanks, i'm not inthe scope.
Companies use it as a checkbox.
When you sit here and tell me Ihave a week to do a test, but
you're only allowed to test thissubset of my network, i'm like
then what am I doing?
Yeah, because the attackerdoesn't give a damn.
(30:11):
The attacker does not care whatnetwork you want to have tested
.
They're going to hit whateverthey find.
They have my Yeah, and so Ilook at it and that's where.
So the company I work for nowWe offer a service called attack
surface validation And that'sus basically going through
(30:32):
checking all OSINT, checkingeverything we can find, and you
know, if we find a path, apotential pathway into your
network, whether externally orwhatever OSINT, whatever we find
, we'll let you know.
Hey, do you want us to proceedand actually test this and see
that if this is actuallyvulnerable?
And if they say yeah, then gameon, we go.
(30:54):
They say no, it's too sensitive, all right, cool, just won't
let you know.
This is a potential threat toyour network, going about our
way.
But that's the service we offerand we do it.
It's a continuous thing.
So you're not stuck into thistimeframe of oh, you have a week
to test this and then like aweek or two to write the report.
It's you're paying six weeks orwhatever a year of service and
(31:18):
we're constantly checking in,looking and seeing what's out
there And if we find somethingwe let you know That seems so
much smarter than the other way.
Yeah, so the other way is greatfor assumed breach.
That makes sense Because, froman assumed breach perspective,
you're testing either tools Ifyou do it right, you're testing
(31:40):
all the tools.
So, if they have a SIM, if theyhave EDR, if they are like your
endpoint detection response, ifyou have anything like that, or
even a managed detectionresponse team, like a critical
start or an expel or somethinglike that, then you have the
ability to really test theirfunctionality and their
capability of stopping you.
So, because you're running theloudest tools, if you're doing a
(32:02):
pen test and not a red teamengagement but a pen test you
should get caught.
You should have noise out therethat sees what you're doing.
And if nobody stops you oralerts any other team and says,
hey, is this you?
And you say, yeah, i'm whitelisted, i'm going to be doing
this, or whatever, just lettingyou know my IP address is so
you're aware of it.
(32:24):
If nobody challenges you, thenthere's a problem within the
blue team of your organizationAnd that's where the purple team
effect comes in.
That's where all this otherstuff works out.
And so, from an assumed breachperspective, yes, pen tests are
great.
From an external perspective,you got to give people time, i'm
sorry.
As good as security is thesedays from an external
perspective, sometimes it takesa lot of digging to find the
(32:48):
holes that actors have.
Years They want to go after you.
They'll wait, you know that'sright Just so wait for the leak.
Speaker 2 (32:56):
I'm going to be here Wait.
Speaker 1 (33:00):
Don't wait till somebody's credentials get
dumped And then they'll like up.
There's my way in.
Speaker 2 (33:05):
Right there.
Speaker 1 (33:06):
And they won't do it through.
The credentials won't getdumped through you, it'll be
through like a LinkedIn thatsaid, oh, somebody got into
LinkedIn and dump all of thesepasswords and all of these
usernames, which now havecorporate usernames and people
like to reuse passwords.
So now we're going to go in andwe're going to do it that way.
Or you have things like war Youleft a VPN exposed, you don't
(33:27):
have MFA, we're going to try tothe generic log into your VPN.
Hey, it worked.
Or we have someone's usernameand password Hey, it worked.
So now I'm on your network.
So all these things thatcompanies don't have the time to
validate and from a pen testperspective externally, i'm
going to do a scan.
(33:48):
I'm going to get with whateverscope you give me.
If your VPN is not in thatscope, i'm not going to see if
your SharePoint site orsomething isn't within that
scope, because you're like, oh,this shouldn't be available
externally, so we're not goingto give the external IP for it.
And then, guess what, you'renot getting tested, which means
(34:08):
somebody's going to find theweakness And it isn't going to
be up.
And so that's the sad part, andthat's how, that's how people
get caught, because they scopethings down too narrow.
And it's like you know.
oh, only run your test on ourtest and dev network.
Well, what about production?
Oh no, that's too weak, itmight go down.
Which is probably why Ishouldn't work on that And you
(34:34):
want to know if an end map scanis going to bring down your
production network.
I'm just saying Wow.
You want to know these things?
Yeah, but why have you notfixed it?
Speaker 2 (34:47):
Exactly.
Speaker 1 (34:48):
Yeah.
Speaker 2 (34:49):
I actually was put in touch with someone who's in the
cybersecurity world and hegratefully I'm grateful to him
for it but he talked me off thehacking ledge.
No-transcript.
He's just like it takes a longtime to build those skills.
I was like, and I'm an old lady.
Thanks, man, i'll think ofsomething else to do.
Speaker 1 (35:12):
I mean, it's a good life.
If you want to do it on theside and do things like bug
bounties and you know stuff likethat, where you can kind of
work on your skill set and getside money, yeah, yeah, yeah,
perfect, we'll side piece overhere Right, kind of like my
YouTube channel and my TikTokand you know everything else I
do.
I mean, if you want to donateor fund me at all, those links
(35:33):
are down below.
But no, yes, but if you look atit like bug bounties and people
that want to get into thehacking side of things but don't
necessarily want to work in acorporate structure where
they're tied into scopes andpaperwork and regulations and
all this other stuff, a bugbounty is a great way to do it,
right, because you have all thetime for as long as that bounty
(35:54):
program is open.
Right, you have all the time todig in, do your research,
figure things out.
Some of them allow you to useautomated tools.
A lot of them don't, whichmeans guess what?
Now you have to learn.
You have to learn.
Okay, i see a login prompt.
What would I do to attack alogin prompt?
What tools can I use to learnhow to abuse it?
Yep, or I have APIs, i'll justuse those.
Speaker 2 (36:19):
Hi I'll be with you, yes, a crab mom.
So I warned you about my fouryear old tiny pirate, who may or
may not interrupt.
Speaker 1 (36:28):
There she is.
I have five kids upstairs.
Speaker 2 (36:35):
I completely agree, yeah, so she loves to just run
in here and tackle me becauseit's so funny.
Speaker 1 (36:43):
It's good times, it's good times.
Speaker 2 (36:47):
Anyway, i was gonna tell you I finally took a look
at the TriHackie Nice And Idon't wanna get distracted yet.
Right, because of the shiny,yeah, because I knew that all
the time.
Thanks, kid, i appreciate it.
Bye, but I looked and I waslike I didn't know y'all did
(37:10):
that Damn.
So I want to.
I will get in and play, but Iwanna finish my security plus
first, because I get so Oh yeah,so I will.
Speaker 1 (37:27):
Are you going through the same course, andrea is?
Are you doing somethingdifferent?
Speaker 2 (37:31):
What course is Andrea doing?
Speaker 1 (37:34):
Andrea?
is it Ian?
I can't remember.
She's going through hersecurity, plus course.
also, she's actually testing onthe 25th, if I'm not mistaken.
Speaker 2 (37:43):
Yes, good luck, Andrea.
I believe in you.
I am doing just the reviewcourse, the freebie on YouTube
by Professor Messer.
Speaker 1 (37:52):
Oh, that's a good one too, you know that right Man
throughs everything.
Professor Messer is on point.
Speaker 2 (37:58):
He's amazing, But I'm also in his discord, and his
discord aside from there's acouple of trolls, but aside from
those turds, it's phenomenalAnd you find that everywhere.
Yeah, I know it sucks, but it'sjust disturbing.
Speaker 1 (38:15):
That's like when I was going through OSCP.
You'd go in and ask somequestions of like try harder,
bitch, don't go there with me.
I've done everything under thesun.
I need a hint of like where I'mgoing wrong with this specific
tool, or am I looking down thewrong rabbit hole?
It's in bitch and whatever,don't fucking go there.
And they'd be like well, i'mlike no.
(38:36):
And so what I did is I tookabout like this time I met some
really good people I took likesix or seven that we were
talking a lot and I pulled theminto our own little group And so
we had our own little privatechat where, when we went into
issues, we would bouncequestions off of each other.
And this is because what peopledon't understand is this is why
(38:59):
I don't think any.
No pentester knows everything.
No, red teamer knows everything.
Speaker 2 (39:04):
Everybody works best.
Speaker 1 (39:05):
In teams It's impossible to know everything.
So, like even going through mysans training and doing CTFs, me
and my buddy would do thingsAnd I'd be sitting or banging my
head on the keyboard.
They'd be like, which question,have you looked at this?
Not giving me an answer, justgiving me an idea, like, oh,
this port or this whatever, bangoff the races.
(39:28):
And I figured it out.
And then he'd come up to me andbe like, hey, dude, this number
, what do you?
did you do it?
Did you figure it out?
And we were on completelydifferent teams And I'd be like
hold up, and I'd go and I'd goover to him and be like, hey,
you might want to look at thistool.
I wouldn't even tell him whatport, what tech, no, this tool,
look at this tool.
He'd be like shit, should havedone it.
(39:50):
And he'd go and do it.
But that helps, yes, so nice.
Yes, and that's the big thingis like don't tell me, try
harder.
Like dude, i've been banging myhead against it for days Like
that is, you don't understandwhat I've done, and so we work
together of like, hey, you mightwant to like, look at this tool
, or you might want, look,you're going down a rabbit hole.
(40:12):
You got to look at, like, thisport or this application And
that's what we do.
The worst I ever had is I had aguy reach out to me And now, if
you're going for your OSCP andthis is the problem I have with
the OSCP, one of the problems Ihave with the OSCP right now at
the time it was supposed to belike because they had not come
(40:34):
out with their advanced searchjust yet.
So it was supposed to be likeif you do your OSCP, you know
how to break into computers, atleast at a very basic level.
You could crack passwords, youcould do all this other stuff
And you didn't really need helpwith it.
You could use everything.
You could use Metasploit, youknew how to use all the tools.
You know how to do everythingmanually.
It worked.
And so when I was going throughthe course and I had a guy reach
(40:57):
out to me, he was having anissue with like two of his boxes
And it was just in the lab, itwasn't like on the test or
anything.
He was, hey, i'm trying to do,i've hit this box and I don't
know what to do.
I said, look, all I'm going totell you is learn how to crack
Windows passwords, because atthe time you had access, you had
full admin FTP access to all ofthe files that you needed to
(41:20):
crack Windows passwords.
You just had to know whichfiles you needed to use JTR or
John the Ripper And he was likeokay, and then he came back What
files do I need to crackWindows passwords?
Not telling you.
And literally a quick search onany search engine It could be
Google, duckco, you name it andsay how to crack Windows
(41:41):
passwords will give you thefiles you need to combine and do
this.
And so that is where I have anissue.
If I tell you what needs doneand you don't look up how, then
I got nothing for you.
I can't help you.
Speaker 2 (41:58):
But yeah, it's been a great community to learn and
it's a great alternative way forme to really focus, just
because reading through the ohso boring.
Speaker 1 (42:13):
The lip.
Speaker 2 (42:14):
it hurts, it's painful, so how do you go
through?
It is, but having them do thesesteady groups, and the way
Professor Messer teaches us todo the things and explain it,
and all the whatever.
I am so very happy to come here.
(42:37):
do you want to say hi?
Come here, say hi to everybody,come here, kid.
Speaker 1 (42:45):
It's her password, password also.
Speaker 2 (42:48):
Tiny fart Say hello everybody, hello, hello, yolo.
Go, take Ballerina to mommy andtree will help her go.
DP and Coo-Poo in the party.
You can have a cough drop.
that's awesome.
Oh, you don't like those.
put those away.
Speaker 1 (43:08):
It's sherry.
Speaker 2 (43:11):
Here, take this one, Yay, And then you can go.
Can you go?
take that to mommy and I'lltalk to you later.
Close the door please.
Speaker 1 (43:23):
Is it sad that having five kids, is it sad that
having five kids, the firstthing that comes to mind is fuck
them kids.
Speaker 2 (43:34):
Yes, And now I know what I was talking about.
Speaker 1 (43:39):
So anyway, take the test in July So.
Don't pass it.
I hear there's been a lot ofchanges.
I got mine in the 08, mine's alifetime search.
Speaker 2 (43:51):
That's how my teaching license is in Texas
state.
Speaker 1 (43:54):
Oh is it.
Speaker 2 (43:55):
I have a license, and not long after me they changed
it, so I should still be on thebooks there.
I just don't want to ever goback there again.
Speaker 1 (44:05):
That's what's great, And in 08, I was in the
international guard just beforeI went out to do the army And I
need another beer.
But I was.
You should see all the bottlecaps in front of my label on it
right now.
It's probably like two or three, it's probably like three or
(44:29):
four weeks of beer that are likein front of my monitor at this
point of bottle caps.
That's hilarious, That's cool.
I start a beer's away and thenI go look and I'm like, oh,
bottle caps.
Speaker 2 (44:39):
Well, and I just got off.
I hit a biotics yesterday, sotoday's my first day I'm even
allowed to have a beer.
Speaker 1 (44:46):
Oh, so you got to do it right.
Speaker 2 (44:47):
There you go.
Speaker 1 (44:48):
Yes, i'm very happy, so I'm glad you're off
antibiotics, so hopefully thatmeans you're doing well.
Speaker 2 (44:54):
Well, I had a tooth extracted.
Speaker 1 (44:59):
Ah, so you didn't want to do what I did.
Speaker 2 (45:02):
Which is What did you do?
Speaker 1 (45:06):
I know I was telling this story.
But this story is going to begood.
Oh no, i was in my twenties.
I was early twenties And when Imet my wife, i'd never had any
of my wisdom teeth pulled.
Oh no, my wife being in dentalshe was an expanded functions
dental assistant at the time.
Cool, she goes, you're havingyour wisdom teeth pulled.
(45:28):
I said no.
She said oh no, and I don'teven.
We weren't even married yet Andshe just looked at me.
She goes you're coming to my,you're coming to my dentist's
office and he's pulling yourteeth.
Fuck you, fuck you.
You're lucky, i love you.
Okay, and so I Go and I get myteeth pulled, and I think I only
had like one or two at a time.
(45:48):
I think it was two at a time.
They did one side and then theydid the other side, and so So
they do the two and they put meon.
I want to say, was perc is sets,do the perks or bike it in, so
I can't remember what they putme on, but I didn't get me high
like it's six, three, twohundred and like forty pounds,
like They put you on the lowestthose possible and say this
(46:10):
should take away some of yourpain.
You'll be right.
Unfortunately It was also aholiday and so Holiday, like
going into a holiday week, ibelieve.
So my mother-in-law Was makinglike hammer turn, i don't know.
She was making something andwas using course light to put
beer And it was a ham, i believe.
(46:30):
Okay, she's like half a courselight into the end of the pan.
It comes over to her mom.
So my wife's grams and was like,hey, i got half a beer.
Anybody wanted?
I was like, yeah, sure me.
And I had just taken, probablyless than an hour before, my
painkiller And so when I Iliterally down the entire half a
can, i was like it's half a canof course light.
Like seriously, that's nothing,yo.
(46:51):
I was like With in probably 10to 15 minutes if that.
I was like, oh, oh, this is whythey tell you not to mix colors
and alcohol, got it?
Oh.
Speaker 2 (47:09):
Understand.
Speaker 1 (47:11):
And so I did not.
I don't do it no more becauseNo, if I'm on painkillers.
No, no, no, no, no.
I don't like that feeling.
It was hilarious.
But I don't like that feelingwhen you're feeling lightheaded
and, like you're floating, notsomething.
Speaker 2 (47:30):
Touchdown.
Speaker 1 (47:34):
The plate, please, and put my head back on my body.
You know, but you know we justtalk about anything.
Speaker 2 (47:49):
I Anyway On a direction.
Okay, cyber, i'm thinkingdefinitely more team blueish.
Yeah, purple ish, team blue ish.
I'm hitting on that side of theworld, so Just trying to.
Speaker 1 (48:09):
I mean we need more, more good people on the blue
team.
We definitely need more goodpeople in GRC, and it's only
been because the media andeverybody preaches this like
They praised the hacking andthat the red team side of things
.
But I believe in two, twotheories.
One is you need to know one toknow the other.
(48:31):
So, in order to be a good blueteam, or you need to understand
what logs are being generated byred teams So that you know what
to find.
And the other thing is To be agood red team, or you need to be
a good blue team, or becauseyou need to understand What
security tools are out there,what EDR is out there, what
simtals are out there andeverything else like that, so
(48:52):
that you know how to find yourway around it.
You cannot break through asystem if you don't understand
the security mechanisms in place.
Right, you cannot secure asystem if you don't understand
what policies and procedures toput in place to stop people from
exploiting all your shit.
Right, you got to know one ofthe other exactly and GRC just
(49:15):
helps you check the box ofsaying do you have an EDR?
Yes, yes, do you collect logsYes.
Can you access them?
No, maybe.
Sure yeah yeah, we got that.
Speaker 2 (49:33):
I've been working on trying to, because it's I was.
I watched your originalinterview with Misha and Then I
watched the one that you guys,the last week thing where she
was on with her friend,christine, i think, um Them
talking about.
(49:54):
Well, she and I Misha and Ishare a background of medical
She's also in healthcare, doingthe pharmacy thing and just It's
such a large amount ofinformation When you decide,
yeah, this is where I want to go, i want to head towards cyber
security, okay, welcome.
Here is now a tsunami ofinformation for you to siphon
(50:16):
through and try to find a pathand figure out what you want to
do and all the Things, and it'sjust there's so much to find.
Not just like you know, i'msetting for a test and there's a
lot for the security plus test,because, oh my god, but just
Team blue team, red team, purpleteam, oh, grc team, oh, what's
(50:38):
that over there, maybe I canknow what's that.
Oh, no, what's that?
There's just, there's so muchWhich is.
I spent many nights up untilthe we, which is I like being up
to the wee hours becauseBrainworks awesome at 3 am.
But oh, you too, oh yeah.
Ever since I was little tiny,but I got in trouble all the
(51:00):
time.
God I bet.
But I'm wide awake.
Speaker 1 (51:04):
I got another story for you on that one, but we're
gonna let you finish no, i justI was trying to, okay, cyber,
now what?
Speaker 2 (51:13):
okay, there's like all of these things and then all
this, it's just, it was anenormous, enormous, enormous,
overwhelming amount ofinformation to try and Find a
path.
Well, what do I like?
What do you got?
so it's just, it's a lot.
It's just get in and figure outWhich path that that right
(51:38):
there by itself, there's just alot.
No, which now are you know?
that's right, so that's myfavorite.
Oh, I think, It's just likefrom 11 pm To almost five or six
in the morning.
I'm so happy.
Speaker 1 (51:58):
Well, what sucks for me is so I Prefer to work during
the day.
Let me and this is what's gonnaget weird.
I prefer to work during the day.
That way I'm with, i can talkto team members, i could do what
clients, i can do what I needto do.
However, my brain works bestand functions best if I stay up
(52:18):
way too late And then, at about12, midnight, one o'clock in the
morning, i sit down on mycomputer and decide I'm gonna
get some work done.
Then, all of a sudden,something that would take me a
week to do, i get done in 10minutes 10, 30 minutes.
Speaker 2 (52:30):
Yeah, last through it .
Speaker 1 (52:34):
Why does it work this way?
guilty?
Speaker 2 (52:40):
Best time I ever had was when I worked night jobs
Because I was wide awake, thebest one.
Does I hit that wall?
Yeah, loaded what loaded boxesat UPS when I was in high school
best job, just because you knowhigh school and we were crazy.
It was a crazy crew and I wasthe only girl Throwing boxes on
(53:00):
trucks great until you werebetter than all the dudes that
were there.
Speaker 1 (53:03):
You're just like fuck you, homie.
Let me show you how it's done.
I.
Speaker 2 (53:08):
Didn't either confirm or deny that.
Speaker 1 (53:13):
When you're showing all the guys up, when you're in
high school as a girl you'relike you know what hold up.
I got two for you.
Let's go.
Speaker 2 (53:21):
We had so much fun.
I worked from 11 to 3 in themorning.
It was perfect.
But then it's like certaincertain hours of the day I can
blaze through, but a lot of thedays just I don't know the
witching hour.
Speaker 1 (53:39):
I love it, i completely get it because it is.
It's one of those things whereI have to.
I have learned to adapt my bodyto work during the day because
that's when, again, all myclients are awake, that's when
business is done, that's howthings are handled, mm-hmm,
especially now being inmanagement.
I have to be available And myteam is.
(54:01):
But, yeah, you put me on anight shift like you.
You, if I stay up way too lateAnd I'm up at like, if I'm up at
midnight, one o'clock and Ihave not slept yet, i'm not
going to sleep.
I'm probably gonna end up backon my computer editing videos,
doing things that I've beensaying I was gonna do for the
past two weeks and Yes, Justgonna happen.
Speaker 2 (54:24):
It's beautiful.
I love it and then, on top ofall of that, i have a chronic
illness.
Well, i have rheumatoidarthritis.
Yeah, that in our, in mydifferent support groups.
A lot of times we're on theFacebook because that's where we
all are.
Uh hey, if you're a am check,check in who's awake.
New Jersey, texas, california,let me see at it.
(54:47):
We're just, we're all awakebecause it messes with our sleep
.
So, on top of me being anatural night owl and my brain
working beautifully in thewitching hour, on top of that
now I get the bonus of I justdon't sleep because of the the
illness.
So But I tell you what I did alot of research done, so that's
tsunami of information I talkedabout.
I made a lot quicker progressthan I expected.
(55:10):
I'm still working on a fewthings, but, but I'm awake.
I got nothing to do.
I'm not gonna sleep anytimesoon.
Speaker 1 (55:16):
I ain't no one gonna bother you.
Speaker 2 (55:18):
It's quiet, i can focus, i don't have the tiny
pirate attacking.
Speaker 1 (55:23):
And that's the biggest thing, and see what my
problem comes down to is justhow me and my wife are.
Uh, and it's not actually a badthing, but it's if I'm in bed.
So like I have an issue.
Like I don't mind travel And atall, except for the fact that I
can't be gone too long.
It's my time in the military.
I just can't be gone too long.
But When I go to sleep, if Iknow, if I see her on her
(55:47):
computer and I know she's gonnafall asleep on the couch, i end
up putting on tv and fallingasleep on the couch.
I cannot sleep in the same, icannot sleep in a different room
than her.
Speaker 2 (55:58):
Oh, that's sweet.
Speaker 1 (55:59):
So if I wake up at like one or two o'clock in the
morning And because of my backor whatever else I don't get out
of, i'll go to the bathroom andI'm like I'm just gonna go curl
back up in bed next, sir,because I don't know the next
time I'm gonna be able to layback down in bed, um, and so
it's one of those things that,for me, is just.
(56:22):
I look at it, i'm like, yeah, itechnically could get up and
actually be really active andget a lot of shit done, but How
often do I actually get to layin bed next to my wife?
That's not that often.
So We're gonna go do that So.
And then I get warm and I don'twant to get out of bed anyway.
(56:42):
So I just curl up.
I'm just wide awake, so I couldbe like, literally from the time
I step my, by the time my twofeet hit that, hit that carpet.
I'm like I should be up andmoving.
But there's a lot of nights I'mup and moving.
I'm like, let me lay back downRight and I'm a heavy sleeper.
(57:14):
And it's funny because I'm oneof those that a tornado could
literally tear through my houseand it wouldn't even wake me
guilty.
Oh, but Oh yeah, i've alwaysbeen that way.
like it was funny growing up inschool, because like I'd be on
the bus to school And you knowhow some people rest their head
on their hands or something likethat me might have a girl like
(57:34):
this Right on the window.
Oh yeah, i'll be out and theywake me up when I go.
How do you do that?
Do what?
Speaker 2 (57:42):
Literally, the bus is going like this and your head's
banging on the window and youare out and I'm like I don't
know, i'm just I Did ask thatall the time on a plane, oh, all
the time On a road trip, if I'mnot driving, i need you to stay
(58:04):
awake now.
Yeah, okay.
Speaker 1 (58:07):
So my wife used to get mad at me because When we
would drive to and fromdifferent places in the army I
have to be the driver.
But there were occasions whereshe saw me getting tired Yeah
and she'd like, uh, i'm takingover, no, you're not.
No, and so I'd have to, like,stop to go to the bathroom or
get gas and get out of the car.
(58:28):
So what would her ass do?
she'd get in the driver's seat,driving no more.
We start going and literallywithin like five, ten minutes,
if she wasn't talking to me, i'mout, i'm out, i'm just done.
(58:49):
That's hilarious, but yeah,that's how it is.
But this is again why incybersecurity There's so many
different personalities.
There's so many.
Some people are night owls,some people get the most work
done at night, some people getit done during the day.
Not, i'm gonna be honest, iwould probably venture against.
(59:10):
60 to 70 percent ofcybersecurity does not want to
touch foot in an office.
That's and that's.
That's on the low end.
I'm saying 60 to 70 percent onthe low end does not want to
step foot in an office.
Why?
because you have two types ofpeople the introvert that
doesn't want to be around peopleanyways, or the extrovert that
(59:32):
knows if they go to an officeThey're not going to get any
work done because they're goingto be talking to people all the
time.
So Me, i know, on the type thatif I get, if I get put back
into an office setting, ain'tshit getting done, because I'm
literally going to be there.
They're going to be like hey, ineed you to go talk to Sobe,
and so We need to figure thisout.
Three hours later, i'll becoming back to my desk.
Speaker 2 (59:56):
I'm the extroverted introvert.
You guys talked about this acouple weeks, either last week
or couple weeks ago.
The extroverted introvert, it'slike teaching.
You can't really be anintroverted teacher, that's just
.
I mean, if you are, then youmight mean you might not do very
well, depending on the kind ofteacher you are.
But the extroverted Teach, havefun on the stage, teach all the
(01:00:21):
things and then come home Don'ttalk to me.
I quiet, i go into my cave andhide, i go by myself.
Speaker 1 (01:00:34):
Yeah.
Speaker 2 (01:00:42):
Yes, all of that, Yes , yes, just come and hide in my
little hidey-o I do, i just it'sto me I too much people like I,
but not a lot of people.
Speaker 1 (01:00:58):
I can't go out to bars anymore.
I never did So.
Growing up I was a bouncer, ilived at bars and I've done a
lot of different things.
I don't like bars anymore.
I think it's more because Ihave grown up and realized the
stupidity of people when theyget drunk.
Especially being a bouncer andalso seeing my family and some
other people Like I've seen howpeople get stupid when they
(01:01:19):
drink, do the things Yeah, and Idon't want to be around that.
Um and it's really expensiveAlso.
So for me I'm like I don't wantto do that, but you send me to
a conference all day I can go to.
I can go to cyber conferencesand network and bullshit with
people All day I think it's alot.
Yeah, i could work from home,but you put me in an office.
(01:01:40):
I'm gonna get spent, burnoutand don't want to be there.
Speaker 2 (01:01:43):
No.
Speaker 1 (01:01:45):
Like because, because someone's gonna find a reason
to bitch, it's either.
The last time I worked in anoffice, it was oh, you're
smoking too much.
Oh, you're never at your desk,oh, you're doing this bitch.
My work is done.
I don't know what the hell youwant.
I deal with it.
It's like you're you're goingoutside every hour, yeah, to
fuck.
So what?
At least I'm getting work done.
(01:02:06):
Well, people are seeing you.
Yeah, because the smoke pit isright behind the building and
there's a ton of windows rightthere.
Speaker 2 (01:02:13):
There, so I have to go there to smoke.
Speaker 1 (01:02:15):
I can smoke at my desk.
Speaker 2 (01:02:16):
But a lot of people will be pissed, so right.
Speaker 1 (01:02:22):
And so it was just one of those things I prefer to
like be at home because I canget up for my desk.
Go have a drink, right, like I.
There's days actually the bestpart about where I work now
Thursdays I've shown up to workin a sleeveless shirt and been
on video wearing a damn thing,not even cared, and they're like
.
Actually, i went to one meetingwith my sunglasses on Nice.
(01:02:46):
Anna was like What's up?
What's going on?
They were like our nose.
The sunglasses you were talkingabout.
You were ordered.
You were waiting for damnstraight.
Speaker 2 (01:02:58):
And thank you for noticing.
Speaker 1 (01:03:01):
Which, by the way, two of my monitors that are hp.
I can't see the screens at allbecause the light that it missed
from them My glasses block out,but my big gaming monitor is
like 27 inches or 30 inches orwhatever.
Yeah, if I'm looking at that oneperfect sight, it's like, oh
yeah, you can see all this.
But if I turn left or right,they're like, yeah, no, you
(01:03:23):
can't see shit.
I was like this is weird.
I'm like trying to hit refreshon twitter and I'm like where's
the refresh?
I'm like where to go?
I can't see my cursor.
Speaker 2 (01:03:34):
It was here.
I need to get some blue light,some more blue light glasses.
Speaker 1 (01:03:40):
So I got stokes blue light glasses.
Stoke, stoke st Oh with thedouble dots above k.
He came out with his own andtheir transition lenses also, so
Their blue light lenses that ifyou go outside they turn into
sunglasses.
It's pretty cool.
Speaker 2 (01:03:57):
I'm writing this down .
Speaker 1 (01:03:59):
So I hope he still sells them Um.
If not, I'll send you mine.
I don't use them, I do.
Speaker 2 (01:04:04):
I mean if.
If not, then I'll just call youa liar and go find my repair.
Speaker 1 (01:04:08):
Okay, either way works Okay, But anyways.
Hey, we are well over the topof the hour.
And major and please staybehind so we could chat a little
bit.
But otherwise, before we go, aswe end every show, i want you
to give some advice to all thosethat are trying to join cyber
security.
You're in the same position asthem, so what?
(01:04:28):
that's the advice you can giveAdvice.
Speaker 2 (01:04:34):
Find your path and learn as much as you can about
what makes you happy in thisfield.
Wait through the tsunami ofinformation And ask for guidance
.
Speaker 1 (01:04:47):
I love it because that's really what it comes down
to.
That's the gist of it.
That's what everybody needs todo and again, finding the right
role is going to take time.
Finding the right place youwant to be is going to take time
.
Have patience, even after youget certified.
Let me put this out.
There is my final bit of advice.
(01:05:07):
I retired out of the army as a25 delta cyber network defender.
I had four sand certifications.
I had a degree in computerinformation systems and I had
years of experience in it andcyber.
It still took me, from the timeI retired, another six to eight
months to find a job, and thatis fully loaded with
certifications and experience.
So for those just trying tobreak in as a junior, that has a
(01:05:32):
security plus, maybe one more.
Yes, the rules are going tocome, junior rules.
When they show up, hr is a bunchof pain in the ass and and they
put the bullshit regs out there.
Don't go by that network withpeople.
There are people like myselfout there that I don't give a
damn What HR says if I see yourresume and I'm hiring
(01:05:53):
specifically for a junior roleI'm not looking for a degree,
i'm not looking forcertifications, i'm looking for
passion, the ability to learn.
Yeah, sometimes degree andcertifications show that.
If I don't know you personally,but if we've talked, if I know
you, if we've communicated andI've seen you learn in public, i
know you have the ability tolearn and we're going to keep
going with that.
(01:06:13):
So network, network, network,network, network, network, damn
it.
That is my advice.
Network, damn it, but otherwiselook.
I love you all you are all mywarriors, you're all my family.
Thank you for joining us foranother amazing episode of
security happy hour.
(01:06:34):
And don't forget, i drinkbecause your password is
password And I really hope it'sgonna get changed really soon
because, man, y'all make medrink a lot.
Cheers, cheers, love you, takecare and have a great rest of
your weekend weekend.
Welcome everybody.
it is me, it is the CyberWarrior, and I know all of my
amazing warriors here today arein for an amazing show.
I hope you have had an amazingweek.
It is the end of another week,it is Freya's day and I am here
to party and have a grand time,because that's what we do here,
We always have a good time, butI do have an amazing show
planned.
I have another amazing newcomerto Cyber Security on the show
(00:25):
And I promise if you stickaround for all of like 10
seconds, you're gonna meet herhere in a minute.
So hold your horses.
There it is in the officialsound of security happy hour
(00:47):
starting, and I am here with you.
Know, i never got the correctpronunciation of your name
before the show and I'veprobably sure done that, so I'm
gonna take a shot in the darkhere and say Adrian, am I right
or wrong?
Speaker 2 (00:58):
You are right, my friend.
Speaker 1 (01:00):
Yes, So it is good to have you here.
Adrian, cheers skulls,everybody in the audience.
I love you all.
Thank you for joining us thisevening.
We got an amazing show plannedNow.
Saying that, adrian, i knowyour current role, but please
(01:20):
give us a rundown on who you are, what you're about and why.
Cyber Security.
Speaker 2 (01:26):
Well, i'm a Looney Tune and Cyber Security is fun.
I hear Tweety.
I hear Tweety in the background.
Well, okay, i was actuallygonna ask.
I forgot to ask about that.
Yes, i am the whole rundown.
Speaker 1 (01:41):
You can make a brief.
Whatever you wanna tell us.
Speaker 2 (01:45):
Coach and teacher 20 years.
Medical code are four yearscurrently fighting against
insurance companies that I juststarted that job today.
Cyber Security as soon aspossible.
Speaker 1 (01:59):
So what got you interested in Cyber Security
besides being a Looney Tune?
What about it?
Speaker 2 (02:04):
I was a closet nerd and didn't know it.
Oh, i like it.
I didn't know, i had no idea.
How did you not know?
Speaker 1 (02:12):
I don't pay attention , i was busy, you're like the
rest of the people that find itlate in life.
You're just kinda like holyshit.
I really do like tinkering andbreaking things.
I do.
Speaker 2 (02:26):
Well, i used to like to break shit when I was a kid.
I took apart phones and I tookapart just put it in front of me
, screw it ever and I would takeit apart Forgot to have work
And then fast forward to gettingmy medical coding education.
We had to take a course oncomputer.
I don't remember the name, butI was like oh yeah this computer
(02:49):
And looking for a better payingjob.
And oh, the computer's all sofun And hey, maybe I should.
Hey is that a thing.
And research, because I don'tsleep very much and I research
online a lot.
So guess what I found?
I know I had IT jobs.
So I got my first healthcarejob and was looking at IT jobs
(03:12):
for the same company.
It was a university hospital inPortland, in Portland Oregon,
and started applying for the ITjob.
just to see what happened.
The director of the departmenthey, let's talk, let's go have
coffee, Really sweet.
So he's like I like your resume.
You have zero IT skills, but Ireally like your resume.
(03:33):
And now that I've met you, Ireally like you.
I was like, oh, thanks, And thecoffee's good.
And he gave me some tips and Iused those to research and
figure out things more anddecided, maybe on software
development, joined a bootcamp.
It went spectacularly wrong,Poor thing.
Speaker 1 (03:52):
I like how you said.
It went spectacularly wrong.
Speaker 2 (03:55):
Just awful, legally so to the point where lawsuits
were filed and it was just bad.
I can't talk about that.
So after that it was like well,what else?
Cause now it's softwaredevelopment, so what else?
And then the joke on our studygroup for that bootcamp we made
a study group.
The joke was I like hacking.
(04:16):
In any time anyone mentionedthe word hacking I was like what
?
Let's hack, let's break it inshit, let's do it, let's break
it in shit.
So we came to the joke and it'slike Adrian, cybersecurity girl,
and I was like that's the thing, yes, you can hack for work,
what?
So?
that's how I figured it out.
Speaker 1 (04:38):
That's awesome because I got my friend Amanda
here.
So what I'm hearing?
No brain closet nerd quirkypersonalities and late night
research are symptoms of buddingcybersecurity seeds.
Speaker 2 (04:50):
Yes, and I have a lot of hoodies, so I'm all set.
Speaker 1 (04:53):
Yeah, even better, yes, yay.
Speaker 2 (05:00):
Oh, i have a thing for you.
Uh-oh With her name, uh-ohCause I know it trips you up.
You wanna try.
Speaker 1 (05:09):
Wanna what.
Speaker 2 (05:10):
Okay, so say one hour .
Speaker 1 (05:14):
One hour.
Speaker 2 (05:15):
Okay, now pretend you're in New York and you kind
of throw a little New York on it.
Say one hour.
Speaker 1 (05:20):
One hour Now put an M in front and tweak the A's and
say one hour, one hour.
Speaker 2 (05:32):
Darling, let me know in the chat if I got that right.
You're always like no, I don'twanna say her name.
God is terrible, I don't haveany.
It's like one hour.
Speaker 1 (05:42):
Not today.
She knows I love her.
That's my other warriors.
She knows what I want to do.
I know.
Speaker 2 (05:48):
She's actually what turned me on to you.
I saw her interview and I waslike yay, yay, oh, maybe my
tribe.
Speaker 1 (05:56):
Oh look, this is trying to show everybody.
You know that.
Come on now.
Yes, we are all warriors here,we're all fighters, and we are
all here to do big things.
So I gotta ask, though, becauseyour whole premise behind this
show and everything you wantedto talk to was about coaching.
Now, i've been a coach once inmy life, no twice, and I don't
(06:20):
do well at coaching because Iyell at my kids all the time,
but I threw balls at their face,so yeah, I actually I would
swear at my kids and then I'dhave other parents come up to me
and go can you please talk tomy kids like that?
And I'm like, no, they're notmine.
No, it's not gonna happen.
I don't need some parent all ofa sudden getting upset because
(06:42):
I said the wrong thing to yourkid.
Nope, these are mine.
I could do what I want.
Speaker 2 (06:47):
Do what I want.
This one is mine.
This one is mine.
Speaker 1 (06:52):
So what about coaching?
And I think coaching brings alot to the industry that other
people don't realize.
Also because, hey, you'redealing with kids and children
which, let's be honest, thereare certain people we deal with
on a daily basis that act likekids and children.
So you know what about coaching?
that you know sparks yourinterest, that you wanted to
talk about on here.
Speaker 2 (07:12):
Well, it's more.
What transfers from coachinginto cyber, into IT, into a lot
of different places Could youcause?
like you said you're, it's withkids And the biggest thing with
kids, because they haven't beenon the earth as long as we have
as the older adult adult.
Yeah, that's the objective Weare.
(07:34):
Number one job is to teach,correct And to train.
And if you are worth your salt,worth your body weight, anyway,
if you're worth the title coach, you focus on what our friend
KevTech preaches all the damntime Foundation, focus on the
(07:55):
fundamentals, build yourfoundation, a plus foundation
fundamentals.
That's what you do.
And I saw a LinkedIn post acouple of days ago and I think
it's from the unpopular opinionguy I can't think of his name.
Speaker 1 (08:10):
Josh Copeland.
Speaker 2 (08:11):
That's what I said And he was saying about.
he was saying about you know,all these new sparkly tools And
for some of us it's like ohsquirrel, oh toy, ooh shiny.
It's like, and that's fine,it's also me.
But the thing is is, if he was,his focus was if you've got
(08:31):
your fundamentals, if you havethat foundation, if you know
what you're doing and you dohave tools that currently work,
you know, find the new one, tryit out.
If it works, great.
But the bottom line is younever leave your foundation and
your fundamentals for said newshiny tool, toy, whatever.
So that's the whole thing withcoaching is teaching.
(08:51):
but I've heard you talk inother interviews because I've
been watching the recordings andeverything.
They've been interesting, lotsof good information, connected
with a lot of great people.
So all of you who've connected,thank you very much.
And the thing with the teachingis When I hear some of you talk
about you know I have to write areport, But you have to break
(09:15):
it down.
No, and it's fine, you have tobreak it down So the CEO can
understand because broke toomuch tech get out, yep, and
they're not having it.
But when you teach, when youcoach, you can't, you have to
break it down to what they knowand you have to.
the thing is is like I was alsoa teacher teacher, so I taught
more health, but The thing is isstill is you have kids who Just
(09:45):
no clue, kids who are kind of amiddle of the road, and kids
who are like I'm done, can I gonow?
So you've got to meet everyonewhere they are and the thing
with being a good coach is okay.
You guys are a little bit slowgroup.
You guys are right about on parwith this course and you guys
are so far ahead You're almostat my level.
Yeah, so I'm gonna pair y'allwith the middle group and I'm
(10:10):
gonna take some of the advancedmiddle group And I'm gonna put
y'all with a slightly behindgroup and you just you get
people to meet them where theyare and Grow them with whatever
skill, whatever topic, whatevertechnique, whatever Subject, so
that you can help educate thewhole group and the whole don't
leave anyone behind thing It'sand it becomes like a team
(10:31):
effort and it's great.
So that's the whole thing withcoaching shenanigans.
Coaching is a bunch ofshenanigans.
Speaker 1 (10:37):
Let's be honest.
It really is a lot ofshenanigans to go on a coaching.
But it's just because you haveto.
You know, and again to yourpoint when you're This is the
problem we have with a lot oftechnical people, a lot of
technical people and this is whythere's a difference between
Being able to be technical andbeing able to speak to
executives.
A lot of technical people cannotspeak the language of
(11:00):
executives.
They're, and I gotta be honest,i've talked to technical people
that talk way over my head andI've been doing this shit for
like 20 years like Well, and noteven CEO, just layman, just
someone who's not technical.
Speaker 2 (11:14):
It doesn't see you use a certain vocabulary.
You can just talk to Judy onthe streets.
Hey, let me explain thisconcept.
Oh okay, i got it technicalnerd, technical nerd, technical
nerd, talk.
Speaker 1 (11:26):
Well, she doesn't get it, so yeah, And so and this is
why I think we have an issuewith a lot of our cyber
awareness training And this iswhere I think it really would
come into play is being able tobreak things down So they
understand it, and let's behonest, that the CBT training is
complete garbage, and anybodywho thinks that's a great idea
(11:47):
for Learning cyber awareness toa bunch of people that gives
absolutely no fucks about Youknow cyber awareness as it is
Yeah, you're wrong.
It is the worst thing you cando, because they're just gonna
click through and like can Itake this test Retake?
take this test retake, takethis test retake.
Okay, i pass now and go aboutthe merry way.
Speaker 2 (12:08):
I have a question.
Yeah, what is CBT training?
Speaker 1 (12:11):
Computer-based training and it's all this
stupid computer trainings you dowhen you started a company.
Speaker 2 (12:17):
I knew that.
Speaker 1 (12:20):
Yeah, and it's.
It's one of those things thatWe got we had in the military.
The military was the worststupid Jeff.
He was an asshole.
Anybody who's in the militaryor was in the military knows
exactly who I'm talking about.
Speaker 2 (12:39):
Oh.
Speaker 1 (12:41):
No, no, no one like.
But that was like the worst.
So what we did is us being incyber and IT?
well, we found ways around thecourse.
We would be able to find theURL and like true, true, true,
true, true, true, true.
Okay, i could take the test nowand you never went through it.
Because I like, why, like?
I do this for a living.
(13:01):
I know what not to do.
Let me take the damn testguilty, all right, like It's
like.
If this is what I do, why do Ineed to?
I get it?
We all fall victim to this shit, but it does not mean I have to
be Reinformed how this works.
No, like, i know how it works.
I know what to look for.
Just, sometimes I'm in a hurrybecause I'm a jackass and I go
(13:23):
click shit.
Yeah, should not have done that.
Speaker 2 (13:29):
Okay, i'm gonna a saw , he knows.
Oh Nice, because I said I'mstill.
Speaker 1 (13:38):
I'm still on my IPA, but it's not my first drink of
the night, so you know neitheris mine.
Speaker 2 (13:44):
I had the two cheers, my friend.
I had the two Guinness, youremember.
Speaker 1 (13:48):
Yep.
Speaker 2 (13:49):
Yeah.
Speaker 1 (13:51):
If you can bypass the test and you're already cyber
aware.
Speaker 2 (13:58):
So yeah, i have to do CE use for my medical coding
and They bet has.
Speaker 1 (14:06):
We, i gotta do them.
I still got a look.
I got to check my cispy andlike my search and see where my
CE use are at, because I'm kindof like I really care about
these certifications anymore.
I do the job on a daily basisand I'm always researching but I
(14:26):
don't have the brain capacityto sit down at a webinar.
I'm like all right, let melisten to this dude drone on for
an hour.
Speaker 2 (14:32):
He's not even drinking.
Speaker 1 (14:35):
This is gonna be a long one Like this is why when I
go to conferences, i go tonetwork.
I don't go to conferences forthe talks, because I can't
personally.
My brain doesn't work that way.
I can't sit there through thatand just watch somebody talk.
Speaker 2 (14:51):
Well, it'd have to be really fascinating.
Speaker 1 (14:53):
Exactly, and it would have to like include a lot of
fun interaction and stuff likethat.
At least on this show youpeople can talk and I can have
them, you know, time in and askquestions, and it actually makes
sense.
Speaker 2 (15:09):
Yes, it would be my work.
Speaker 1 (15:11):
They have us run CBT's at a minimum of every
quarter And we have to run themfor the project we are on as
well.
Oh, i'm sorry, that's tragic,yep James.
Hopefully That can go away assoon, because I hate CBT's.
(15:32):
This is the problem I have,though.
I can't do web-based learningat all.
I can't.
I Don't work.
My brain doesn't work in such away that I can like watch
videos of like oh, this is howyou use our product.
Can I just use your product andfigure it out, because that's
all I learned?
If I'm not using it, i'm gonnamy brain goes and Monitor to
(15:54):
here we go, i'm going to forget.
Speaker 2 (15:56):
it's like okay, one hour training, i forgot
everything.
but thanks, i'm gonna go for it.
Speaker 1 (16:01):
Yeah, so it's just one of those things that I don't
.
My brain doesn't work well likethat.
I got to be in a classroom Ihad never reversed engineered
anything and I went to theGraham class for sands.
And because I got to go, hey, igot questions.
Hey, can you, can you help me?
Hey, can you explain thisconcept in a little bit more
detail?
because I think I'm there ButI'm not all the way there.
(16:22):
Like that helped and that's howI got my gram, not because I
knew what the fuck I was doing,but because I was able to ask
questions and understand theconcepts and then take those
concepts with me to the test.
Speaker 2 (16:33):
Right, figure it out.
Speaker 1 (16:35):
But now look, i ain't touch reverse engineering shit
since I got the certification.
So somebody asked me to do itnow, like let me pull out my
books and see if I can figure it, because give me a minute, i'll
go figure it out.
Speaker 2 (16:46):
Let me get back to you.
Speaker 1 (16:47):
Yeah, I had a 17 year old run circles around me when
it came to reverse engineeringstuff.
Oh no like literally, I was likeWe were talking on discord,
doing some stuff on hack the boxand working through some things
, and After a while he was like,yeah, go do this, this and this
.
He's like you're using theright program.
You just got to be able to dothese things and then you'll see
(17:08):
it eventually.
At this point I was likealright.
I was like I gotta ask how longyou've been doing this and how
old are you.
He goes I'm 17.
I don't even do this for aliving.
I was like What homie the west?
so you're gonna put me in aclass and me and you were gonna
sit down and we're gonna figureit out.
Speaker 2 (17:25):
I Know, teach me please.
Yes, but hey, i mean learn fromthe babies.
They know what they're doingsome of right, amanda.
Speaker 1 (17:36):
We are talking about reverse engineering, malware.
Well, that's what we just thesubject We were just talking
about, which basically says takea program and or malicious
program, find out how it worksand how it was coded and what it
does.
That is reverse engineering.
You basically run it through aprogram, let it run on its own,
find it step by step and stop itwhen you can.
Goodbye, guys, see you never.
(18:00):
He, he, he.
Okay, i'm confused.
Moon.
Speaker 2 (18:04):
Okay, bye.
Speaker 1 (18:06):
Anyways, bye, i'm still listening.
Okay, cool, glad you'relistening, but I just, yeah, i
think coaching and I think justeverything in general, people
don't realize how much of othercareer feels Feed into
cybersecurity in the things thatwe do on a day-to-day basis And
(18:28):
And that's the military toothat, like that, is a huge
problem with the military theydon't know how to transcribe
their experiences onto a resumeso that it fits other jobs and
And that is a huge issue withwith people that are retiring
out and even going through Whatdid we call it SFL taps?
(18:50):
so for the army, they call itsoldier for life, transition
assistance something, but it wasbasically a program for
soldiers transitioning out andthey do a resume class, they do
a LinkedIn class, they do otherstuff and And I still don't
think the resume class taughtpeople how to properly
transcribe their experiences andwhat they went through and what
they did as a job and Intocivilian Skills translator.
(19:16):
Yeah, yeah, and I don't think, idon't think they do a good job
of that.
Speaker 2 (19:20):
Well, a lot of a lot of us don't?
Speaker 1 (19:24):
No, that's anywhere.
That's any job Yeah.
Speaker 2 (19:26):
I don't.
I take, you know, i've had, youknow, these different jobs.
It's like, oh, you cancompletely apply for this one,
how You've got these skills.
Where This means that thismeans that I was like, really,
that's what that says.
Okay, sure, how do I say it?
and I, they have to show me howto reword it so it actually
(19:48):
matches What the skill is thatthe job was looking for.
So, yeah, i think I had tolearn.
Yeah, a lot of people do a lotof people do.
Speaker 1 (19:57):
I mean I locked out.
Coming up and growing up in IT,i had my first computer Was a
DOS 3.1 system and it was aPackard Bell, i think, jack, you
know.
Speaker 2 (20:07):
I.
Speaker 1 (20:08):
Right back in the day with like the five meg hard
drives like they were garbage.
But they bring commander Keenand Wolfenstein 3d like a
fucking champ.
That's all I cared about.
Speaker 2 (20:19):
I didn't have fluffy just.
Speaker 1 (20:21):
Yeah, they did the five and a quarter, not the
three and a half, the five and aquarter, but it did have a
three and a half also.
But it had both of them Rightbecause your storage okay went
from like 256 K to 1.44 meg.
Speaker 2 (20:42):
Remember that we were so excited.
Speaker 1 (20:56):
I love it but why you bought it for me?
I got one, two, three, four.
I think I like six of them.
I got six.
Speaker 2 (21:04):
Well see, i'm a lot older than people think I am, so
I mean, i literally rememberwhen those came out and a few
things quite a long before.
Speaker 1 (21:12):
So the best is, millennials grew up before and
after so, but the millennialscame up without the tech and
with the tech, yeah.
so what a lot of people don'trealize is guess what I've been
around since home computersfirst came around, because, even
though they, hit in the 80s.
Though the first computers hitin the 80s, they really didn't
(21:34):
go mass market until early 90s.
That's when they really startedhitting the homes, and so in
the 90s is when I got our firstdesktop.
My dad was a PC person.
My uncle had a Mac 2 or Mac 1.
Speaker 2 (21:48):
I don't know, he had the original Macintosh.
Speaker 1 (21:50):
I Hated Macintosh.
At the time I was like thisgarbage.
Never understood why.
I was a kid, i had no clue.
I just knew my computer couldplay games and his had crappy
games and I could play OregonTrail and Commander.
I remember that I mean I.
We were on tiktok live theother day just talking about the
(22:11):
old tech that we all had likegrowing up, with the NES and You
know Castlevania's in the, andeven though it says do not blow
on cartridge, you're still.
Speaker 2 (22:24):
Down exactly what you did.
Shit Didn't work.
Speaker 1 (22:32):
Cardboard and shove it in there to hold it down.
Speaker 2 (22:36):
All those, all those things?
yes, absolutely so.
Speaker 1 (22:43):
I mean, we all came up in it.
So I truly think that justabout anybody.
If you have used a personalcomputer at all in your life,
you already have more experiencethan some other people that are
actually doing the job ortrying to get into the job.
There are some people trying toget in that had never touched a
computer And you ask them howto turn on a computer and
(23:05):
they're like, and you're like.
Speaker 2 (23:09):
I really want you to be joking right now.
Speaker 1 (23:14):
Yeah, I'm not.
Speaker 2 (23:16):
No, no, no, no, no All right.
Speaker 1 (23:22):
So let's put it this way.
There are people that I havetalked to.
Now they may have been jokingwith me.
I pray they're joking with me.
I prayed to all the gods thatmaybe they were joking, but I'm
talking people seriously.
Maybe maybe use the wordprocessor at one point in time
in their life or took a typingclass in high school And we're
(23:44):
like so I've been doing likethis job for 30 years and I want
to be in cybersecurity now.
Cool.
Do you know what the internetis?
Yes, okay, we've establishedthat.
Do you know what Google is?
Yes, it's in the media all thetime.
(24:05):
Okay, we've established that.
So what do you want to do?
Well, i don't know What iscybersecurity.
I just hear the term all thetime And I'm just like so you
got to go do some research andthen come back.
Speaker 2 (24:16):
No no, no, no, That's probably why I've been watching
a lot of your videos, becauseI've heard you say that before.
It's like I'm happy to help you.
What do you want to do?
Okay, go figure that out firstand then come back and talk to
me.
Speaker 1 (24:31):
So I've been watching a few of your videos and a
bunch of other people's videos,so working on it And me and my
friend Amanda who's in the chatshe's one of those that I love
her to death and me and her areworking on it, trying to figure
out where she'll fit in.
And she understands that likeshe doesn't really understand
the field necessarily, but she'sgood at in the field, without
(24:51):
realizing it.
She's an investigator, osint,like, does a bunch of stuff, and
did not realize she was asecurity person until I
explained to her actuallyeverything you do could be used
for a red team.
Just saying Nice.
So she is good at a lot ofthings, And so me and her have
(25:11):
talked about it.
So it's just a matter offiguring out how to get the
training so that she understandsthe terminology.
So when you're good at it butdon't know the terms, you've
just been doing it.
It poses a challenge So that'swhere me and her are working on
right now, trying to figure outthe best way to get her to learn
that.
But she will be on this showeventually.
Yay, eventually.
(25:32):
Once we get her comfortableenough, i'm going to have her
own walk with me first, beforeshe's on this one.
Okay, that's cool.
Speaker 2 (25:38):
So walk with me is good.
I have seen a couple of videosfor GRC and thought, because I
know during those twoconversations HIPAA was
mentioned and, being a medicalcoder, i'm saturated in HIPAA,
hipaa and high trust So I waslike, oh, i might have a good
idea.
(26:00):
And then I heard a young manthat I cannot remember his name.
This guy with a face did avideo interview and talked about
you know, everyone's wanting toget into cyber.
Everyone wants to get intocyber And pen testing is a hot
new thing and team blue, teamred team, all the things.
And he's like I have anexcellent idea for you to get in
(26:21):
quick and fairly easy and slideright on in their first job and
then laterally transfer towherever you want to go.
Hit me, garbage jobs.
Why would you call it garbage?
He's like find a job no onewants to do, okay, okay.
And he says the first thing outof his mouth was the words.
(26:42):
Were the words it?
auditor.
I was like huh, he's like it'sboring.
And I'm like, is this a salespitch?
It's boring, no one wants to doit.
And I'm like that doesn'treally sound all that awesome.
And it's like, well, since noone wants to do it, guess how
many jobs?
(27:02):
So slide your foot right on inthere, do a good job talking to
the C sweet CEO, cio, cto, cfo,c3po, like my friend Dax says
and you're making all thesefriends And next thing, you know
, you do a good job.
Latter way transfer tosomething you really really want
to do, not to mention, youlearn a ton of information.
(27:24):
the entire time I was like Idon't think I can do that.
Speaker 1 (27:29):
Yeah, it's for it.
That's the big thing is what alot of people don't realize.
You don't see IT auditor,security auditor, all these
things.
You don't necessarily have toknow all of the technology or
how everything necessarily works.
You need to know theregulations Through learning the
regulations, through learningthe HIPAAs, the PCIs, the SOCs
(27:51):
and everything else NIST and CISthen you learn okay, well, how
do we address this?
Oh well, you need a firewall,it needs to log, it needs to go
here.
We need to have centralizedlogging.
Speaker 2 (28:01):
It needs to do all the things, yeah.
Speaker 1 (28:03):
You need to figure out what those are and dig in.
that way I can actually do it.
I don't need to rely on someoneto answer these questions for
me.
I can look at it and just knowIt leads you down that path that
I think GRC is really in anytype of auditor role.
It's really a good startingpoint.
I'm glad you brought that upbecause as much as I talk about
how good GRC is and I really doI never thought about how good
(28:26):
maybe an auditor starting pointis for a lot of people trying to
break into the field.
because you do.
you get to evaluate all ofthese different technologies and
all of these differentstandards and learn the verbiage
and acronyms and everythingelse behind it, because you have
(28:47):
to know it to do the job Right.
But instead of having to havehands on tech, you get to at
least get the verbiage and thenyou can learn the tech.
Speaker 2 (28:57):
You mean all of these acronyms?
Speaker 1 (29:00):
Oh goodness.
Speaker 2 (29:05):
I'm studying for the security plus and this hurts.
Speaker 1 (29:11):
I lucked out.
I ain't gonna lie, i was verylucky growing up in that I knew
I loved computers and IT andthis is what I was going to do.
Now, i did not know I was goingto go into cybersecurity
because it wasn't a thing whenwe were growing up.
I just knew I loved computersand I was going to be a work on
(29:33):
computers the rest of my life.
Then, in 05, 04, whateverwireless came out and I broke
into my first wireless network.
I was like, oh, i'm going to bea hacker, so I'm going to do.
I thought about that Actually.
Speaker 2 (29:47):
I thought you talked me off of that.
Speaker 1 (29:49):
And then I learned after being a pentester how much
paperwork was involved and waslike, yeah, no, i don't want to
do this.
So I'm good, thanks, i'm not inthe scope.
Companies use it as a checkbox.
When you sit here and tell me Ihave a week to do a test, but
you're only allowed to test thissubset of my network, i'm like
then what am I doing?
Yeah, because the attackerdoesn't give a damn.
(30:11):
The attacker does not care whatnetwork you want to have tested
.
They're going to hit whateverthey find.
They have my Yeah, and so Ilook at it and that's where.
So the company I work for nowWe offer a service called attack
surface validation And that'sus basically going through
(30:32):
checking all OSINT, checkingeverything we can find, and you
know, if we find a path, apotential pathway into your
network, whether externally orwhatever OSINT, whatever we find
, we'll let you know.
Hey, do you want us to proceedand actually test this and see
that if this is actuallyvulnerable?
And if they say yeah, then gameon, we go.
(30:54):
They say no, it's too sensitive, all right, cool, just won't
let you know.
This is a potential threat toyour network, going about our
way.
But that's the service we offerand we do it.
It's a continuous thing.
So you're not stuck into thistimeframe of oh, you have a week
to test this and then like aweek or two to write the report.
It's you're paying six weeks orwhatever a year of service and
(31:18):
we're constantly checking in,looking and seeing what's out
there And if we find somethingwe let you know That seems so
much smarter than the other way.
Yeah, so the other way is greatfor assumed breach.
That makes sense Because, froman assumed breach perspective,
you're testing either tools Ifyou do it right, you're testing
(31:40):
all the tools.
So, if they have a SIM, if theyhave EDR, if they are like your
endpoint detection response, ifyou have anything like that, or
even a managed detectionresponse team, like a critical
start or an expel or somethinglike that, then you have the
ability to really test theirfunctionality and their
capability of stopping you.
So, because you're running theloudest tools, if you're doing a
(32:02):
pen test and not a red teamengagement but a pen test you
should get caught.
You should have noise out therethat sees what you're doing.
And if nobody stops you oralerts any other team and says,
hey, is this you?
And you say, yeah, i'm whitelisted, i'm going to be doing
this, or whatever, just lettingyou know my IP address is so
you're aware of it.
(32:24):
If nobody challenges you, thenthere's a problem within the
blue team of your organizationAnd that's where the purple team
effect comes in.
That's where all this otherstuff works out.
And so, from an assumed breachperspective, yes, pen tests are
great.
From an external perspective,you got to give people time, i'm
sorry.
As good as security is thesedays from an external
perspective, sometimes it takesa lot of digging to find the
(32:48):
holes that actors have.
Years They want to go after you.
They'll wait, you know that'sright Just so wait for the leak.
Speaker 2 (32:56):
I'm going to be here Wait.
Speaker 1 (33:00):
Don't wait till somebody's credentials get
dumped And then they'll like up.
There's my way in.
Speaker 2 (33:05):
Right there.
Speaker 1 (33:06):
And they won't do it through.
The credentials won't getdumped through you, it'll be
through like a LinkedIn thatsaid, oh, somebody got into
LinkedIn and dump all of thesepasswords and all of these
usernames, which now havecorporate usernames and people
like to reuse passwords.
So now we're going to go in andwe're going to do it that way.
Or you have things like war Youleft a VPN exposed, you don't
(33:27):
have MFA, we're going to try tothe generic log into your VPN.
Hey, it worked.
Or we have someone's usernameand password Hey, it worked.
So now I'm on your network.
So all these things thatcompanies don't have the time to
validate and from a pen testperspective externally, i'm
going to do a scan.
(33:48):
I'm going to get with whateverscope you give me.
If your VPN is not in thatscope, i'm not going to see if
your SharePoint site orsomething isn't within that
scope, because you're like, oh,this shouldn't be available
externally, so we're not goingto give the external IP for it.
And then, guess what, you'renot getting tested, which means
(34:08):
somebody's going to find theweakness And it isn't going to
be up.
And so that's the sad part, andthat's how, that's how people
get caught, because they scopethings down too narrow.
And it's like you know.
oh, only run your test on ourtest and dev network.
Well, what about production?
Oh no, that's too weak, itmight go down.
Which is probably why Ishouldn't work on that And you
(34:34):
want to know if an end map scanis going to bring down your
production network.
I'm just saying Wow.
You want to know these things?
Yeah, but why have you notfixed it?
Speaker 2 (34:47):
Exactly.
Speaker 1 (34:48):
Yeah.
Speaker 2 (34:49):
I actually was put in touch with someone who's in the
cybersecurity world and hegratefully I'm grateful to him
for it but he talked me off thehacking ledge.
No-transcript.
He's just like it takes a longtime to build those skills.
I was like, and I'm an old lady.
Thanks, man, i'll think ofsomething else to do.
Speaker 1 (35:12):
I mean, it's a good life.
If you want to do it on theside and do things like bug
bounties and you know stuff likethat, where you can kind of
work on your skill set and getside money, yeah, yeah, yeah,
perfect, we'll side piece overhere Right, kind of like my
YouTube channel and my TikTokand you know everything else I
do.
I mean, if you want to donateor fund me at all, those links
(35:33):
are down below.
But no, yes, but if you look atit like bug bounties and people
that want to get into thehacking side of things but don't
necessarily want to work in acorporate structure where
they're tied into scopes andpaperwork and regulations and
all this other stuff, a bugbounty is a great way to do it,
right, because you have all thetime for as long as that bounty
(35:54):
program is open.
Right, you have all the time todig in, do your research,
figure things out.
Some of them allow you to useautomated tools.
A lot of them don't, whichmeans guess what?
Now you have to learn.
You have to learn.
Okay, i see a login prompt.
What would I do to attack alogin prompt?
What tools can I use to learnhow to abuse it?
Yep, or I have APIs, i'll justuse those.
Speaker 2 (36:19):
Hi I'll be with you, yes, a crab mom.
So I warned you about my fouryear old tiny pirate, who may or
may not interrupt.
Speaker 1 (36:28):
There she is.
I have five kids upstairs.
Speaker 2 (36:35):
I completely agree, yeah, so she loves to just run
in here and tackle me becauseit's so funny.
Speaker 1 (36:43):
It's good times, it's good times.
Speaker 2 (36:47):
Anyway, i was gonna tell you I finally took a look
at the TriHackie Nice And Idon't wanna get distracted yet.
Right, because of the shiny,yeah, because I knew that all
the time.
Thanks, kid, i appreciate it.
Bye, but I looked and I waslike I didn't know y'all did
(37:10):
that Damn.
So I want to.
I will get in and play, but Iwanna finish my security plus
first, because I get so Oh yeah,so I will.
Speaker 1 (37:27):
Are you going through the same course, andrea is?
Are you doing somethingdifferent?
Speaker 2 (37:31):
What course is Andrea doing?
Speaker 1 (37:34):
Andrea?
is it Ian?
I can't remember.
She's going through hersecurity, plus course.
also, she's actually testing onthe 25th, if I'm not mistaken.
Speaker 2 (37:43):
Yes, good luck, Andrea.
I believe in you.
I am doing just the reviewcourse, the freebie on YouTube
by Professor Messer.
Speaker 1 (37:52):
Oh, that's a good one too, you know that right Man
throughs everything.
Professor Messer is on point.
Speaker 2 (37:58):
He's amazing, But I'm also in his discord, and his
discord aside from there's acouple of trolls, but aside from
those turds, it's phenomenalAnd you find that everywhere.
Yeah, I know it sucks, but it'sjust disturbing.
Speaker 1 (38:15):
That's like when I was going through OSCP.
You'd go in and ask somequestions of like try harder,
bitch, don't go there with me.
I've done everything under thesun.
I need a hint of like where I'mgoing wrong with this specific
tool, or am I looking down thewrong rabbit hole?
It's in bitch and whatever,don't fucking go there.
And they'd be like well, i'mlike no.
(38:36):
And so what I did is I tookabout like this time I met some
really good people I took likesix or seven that we were
talking a lot and I pulled theminto our own little group And so
we had our own little privatechat where, when we went into
issues, we would bouncequestions off of each other.
And this is because what peopledon't understand is this is why
(38:59):
I don't think any.
No pentester knows everything.
No, red teamer knows everything.
Speaker 2 (39:04):
Everybody works best.
Speaker 1 (39:05):
In teams It's impossible to know everything.
So, like even going through mysans training and doing CTFs, me
and my buddy would do thingsAnd I'd be sitting or banging my
head on the keyboard.
They'd be like, which question,have you looked at this?
Not giving me an answer, justgiving me an idea, like, oh,
this port or this whatever, bangoff the races.
(39:28):
And I figured it out.
And then he'd come up to me andbe like, hey, dude, this number
, what do you?
did you do it?
Did you figure it out?
And we were on completelydifferent teams And I'd be like
hold up, and I'd go and I'd goover to him and be like, hey,
you might want to look at thistool.
I wouldn't even tell him whatport, what tech, no, this tool,
look at this tool.
He'd be like shit, should havedone it.
(39:50):
And he'd go and do it.
But that helps, yes, so nice.
Yes, and that's the big thingis like don't tell me, try
harder.
Like dude, i've been banging myhead against it for days Like
that is, you don't understandwhat I've done, and so we work
together of like, hey, you mightwant to like, look at this tool
, or you might want, look,you're going down a rabbit hole.
(40:12):
You got to look at, like, thisport or this application And
that's what we do.
The worst I ever had is I had aguy reach out to me And now, if
you're going for your OSCP andthis is the problem I have with
the OSCP, one of the problems Ihave with the OSCP right now at
the time it was supposed to belike because they had not come
(40:34):
out with their advanced searchjust yet.
So it was supposed to be likeif you do your OSCP, you know
how to break into computers, atleast at a very basic level.
You could crack passwords, youcould do all this other stuff
And you didn't really need helpwith it.
You could use everything.
You could use Metasploit, youknew how to use all the tools.
You know how to do everythingmanually.
It worked.
And so when I was going throughthe course and I had a guy reach
(40:57):
out to me, he was having anissue with like two of his boxes
And it was just in the lab, itwasn't like on the test or
anything.
He was, hey, i'm trying to do,i've hit this box and I don't
know what to do.
I said, look, all I'm going totell you is learn how to crack
Windows passwords, because atthe time you had access, you had
full admin FTP access to all ofthe files that you needed to
(41:20):
crack Windows passwords.
You just had to know whichfiles you needed to use JTR or
John the Ripper And he was likeokay, and then he came back What
files do I need to crackWindows passwords?
Not telling you.
And literally a quick search onany search engine It could be
Google, duckco, you name it andsay how to crack Windows
(41:41):
passwords will give you thefiles you need to combine and do
this.
And so that is where I have anissue.
If I tell you what needs doneand you don't look up how, then
I got nothing for you.
I can't help you.
Speaker 2 (41:58):
But yeah, it's been a great community to learn and
it's a great alternative way forme to really focus, just
because reading through the ohso boring.
Speaker 1 (42:13):
The lip.
Speaker 2 (42:14):
it hurts, it's painful, so how do you go
through?
It is, but having them do thesesteady groups, and the way
Professor Messer teaches us todo the things and explain it,
and all the whatever.
I am so very happy to come here.
(42:37):
do you want to say hi?
Come here, say hi to everybody,come here, kid.
Speaker 1 (42:45):
It's her password, password also.
Speaker 2 (42:48):
Tiny fart Say hello everybody, hello, hello, yolo.
Go, take Ballerina to mommy andtree will help her go.
DP and Coo-Poo in the party.
You can have a cough drop.
that's awesome.
Oh, you don't like those.
put those away.
Speaker 1 (43:08):
It's sherry.
Speaker 2 (43:11):
Here, take this one, Yay, And then you can go.
Can you go?
take that to mommy and I'lltalk to you later.
Close the door please.
Speaker 1 (43:23):
Is it sad that having five kids, is it sad that
having five kids, the firstthing that comes to mind is fuck
them kids.
Speaker 2 (43:34):
Yes, And now I know what I was talking about.
Speaker 1 (43:39):
So anyway, take the test in July So.
Don't pass it.
I hear there's been a lot ofchanges.
I got mine in the 08, mine's alifetime search.
Speaker 2 (43:51):
That's how my teaching license is in Texas
state.
Speaker 1 (43:54):
Oh is it.
Speaker 2 (43:55):
I have a license, and not long after me they changed
it, so I should still be on thebooks there.
I just don't want to ever goback there again.
Speaker 1 (44:05):
That's what's great, And in 08, I was in the
international guard just beforeI went out to do the army And I
need another beer.
But I was.
You should see all the bottlecaps in front of my label on it
right now.
It's probably like two or three, it's probably like three or
(44:29):
four weeks of beer that are likein front of my monitor at this
point of bottle caps.
That's hilarious, That's cool.
I start a beer's away and thenI go look and I'm like, oh,
bottle caps.
Speaker 2 (44:39):
Well, and I just got off.
I hit a biotics yesterday, sotoday's my first day I'm even
allowed to have a beer.
Speaker 1 (44:46):
Oh, so you got to do it right.
Speaker 2 (44:47):
There you go.
Speaker 1 (44:48):
Yes, i'm very happy, so I'm glad you're off
antibiotics, so hopefully thatmeans you're doing well.
Speaker 2 (44:54):
Well, I had a tooth extracted.
Speaker 1 (44:59):
Ah, so you didn't want to do what I did.
Speaker 2 (45:02):
Which is What did you do?
Speaker 1 (45:06):
I know I was telling this story.
But this story is going to begood.
Oh no, i was in my twenties.
I was early twenties And when Imet my wife, i'd never had any
of my wisdom teeth pulled.
Oh no, my wife being in dentalshe was an expanded functions
dental assistant at the time.
Cool, she goes, you're havingyour wisdom teeth pulled.
(45:28):
I said no.
She said oh no, and I don'teven.
We weren't even married yet Andshe just looked at me.
She goes you're coming to my,you're coming to my dentist's
office and he's pulling yourteeth.
Fuck you, fuck you.
You're lucky, i love you.
Okay, and so I Go and I get myteeth pulled, and I think I only
had like one or two at a time.
(45:48):
I think it was two at a time.
They did one side and then theydid the other side, and so So
they do the two and they put meon.
I want to say, was perc is sets,do the perks or bike it in, so
I can't remember what they putme on, but I didn't get me high
like it's six, three, twohundred and like forty pounds,
like They put you on the lowestthose possible and say this
(46:10):
should take away some of yourpain.
You'll be right.
Unfortunately It was also aholiday and so Holiday, like
going into a holiday week, ibelieve.
So my mother-in-law Was makinglike hammer turn, i don't know.
She was making something andwas using course light to put
beer And it was a ham, i believe.
(46:30):
Okay, she's like half a courselight into the end of the pan.
It comes over to her mom.
So my wife's grams and was like,hey, i got half a beer.
Anybody wanted?
I was like, yeah, sure me.
And I had just taken, probablyless than an hour before, my
painkiller And so when I Iliterally down the entire half a
can, i was like it's half a canof course light.
Like seriously, that's nothing,yo.
(46:51):
I was like With in probably 10to 15 minutes if that.
I was like, oh, oh, this is whythey tell you not to mix colors
and alcohol, got it?
Oh.
Speaker 2 (47:09):
Understand.
Speaker 1 (47:11):
And so I did not.
I don't do it no more becauseNo, if I'm on painkillers.
No, no, no, no, no.
I don't like that feeling.
It was hilarious.
But I don't like that feelingwhen you're feeling lightheaded
and, like you're floating, notsomething.
Speaker 2 (47:30):
Touchdown.
Speaker 1 (47:34):
The plate, please, and put my head back on my body.
You know, but you know we justtalk about anything.
Speaker 2 (47:49):
I Anyway On a direction.
Okay, cyber, i'm thinkingdefinitely more team blueish.
Yeah, purple ish, team blue ish.
I'm hitting on that side of theworld, so Just trying to.
Speaker 1 (48:09):
I mean we need more, more good people on the blue
team.
We definitely need more goodpeople in GRC, and it's only
been because the media andeverybody preaches this like
They praised the hacking andthat the red team side of things
.
But I believe in two, twotheories.
One is you need to know one toknow the other.
(48:31):
So, in order to be a good blueteam, or you need to understand
what logs are being generated byred teams So that you know what
to find.
And the other thing is To be agood red team, or you need to be
a good blue team, or becauseyou need to understand What
security tools are out there,what EDR is out there, what
simtals are out there andeverything else like that, so
(48:52):
that you know how to find yourway around it.
You cannot break through asystem if you don't understand
the security mechanisms in place.
Right, you cannot secure asystem if you don't understand
what policies and procedures toput in place to stop people from
exploiting all your shit.
Right, you got to know one ofthe other exactly and GRC just
(49:15):
helps you check the box ofsaying do you have an EDR?
Yes, yes, do you collect logsYes.
Can you access them?
No, maybe.
Sure yeah yeah, we got that.
Speaker 2 (49:33):
I've been working on trying to, because it's I was.
I watched your originalinterview with Misha and Then I
watched the one that you guys,the last week thing where she
was on with her friend,christine, i think, um Them
talking about.
(49:54):
Well, she and I Misha and Ishare a background of medical
She's also in healthcare, doingthe pharmacy thing and just It's
such a large amount ofinformation When you decide,
yeah, this is where I want to go, i want to head towards cyber
security, okay, welcome.
Here is now a tsunami ofinformation for you to siphon
(50:16):
through and try to find a pathand figure out what you want to
do and all the Things, and it'sjust there's so much to find.
Not just like you know, i'msetting for a test and there's a
lot for the security plus test,because, oh my god, but just
Team blue team, red team, purpleteam, oh, grc team, oh, what's
(50:38):
that over there, maybe I canknow what's that.
Oh, no, what's that?
There's just, there's so muchWhich is.
I spent many nights up untilthe we, which is I like being up
to the wee hours becauseBrainworks awesome at 3 am.
But oh, you too, oh yeah.
Ever since I was little tiny,but I got in trouble all the
(51:00):
time.
God I bet.
But I'm wide awake.
Speaker 1 (51:04):
I got another story for you on that one, but we're
gonna let you finish no, i justI was trying to, okay, cyber,
now what?
Speaker 2 (51:13):
okay, there's like all of these things and then all
this, it's just, it was anenormous, enormous, enormous,
overwhelming amount ofinformation to try and Find a
path.
Well, what do I like?
What do you got?
so it's just, it's a lot.
It's just get in and figure outWhich path that that right
(51:38):
there by itself, there's just alot.
No, which now are you know?
that's right, so that's myfavorite.
Oh, I think, It's just likefrom 11 pm To almost five or six
in the morning.
I'm so happy.
Speaker 1 (51:58):
Well, what sucks for me is so I Prefer to work during
the day.
Let me and this is what's gonnaget weird.
I prefer to work during the day.
That way I'm with, i can talkto team members, i could do what
clients, i can do what I needto do.
However, my brain works bestand functions best if I stay up
(52:18):
way too late And then, at about12, midnight, one o'clock in the
morning, i sit down on mycomputer and decide I'm gonna
get some work done.
Then, all of a sudden,something that would take me a
week to do, i get done in 10minutes 10, 30 minutes.
Speaker 2 (52:30):
Yeah, last through it .
Speaker 1 (52:34):
Why does it work this way?
guilty?
Speaker 2 (52:40):
Best time I ever had was when I worked night jobs
Because I was wide awake, thebest one.
Does I hit that wall?
Yeah, loaded what loaded boxesat UPS when I was in high school
best job, just because you knowhigh school and we were crazy.
It was a crazy crew and I wasthe only girl Throwing boxes on
(53:00):
trucks great until you werebetter than all the dudes that
were there.
Speaker 1 (53:03):
You're just like fuck you, homie.
Let me show you how it's done.
I.
Speaker 2 (53:08):
Didn't either confirm or deny that.
Speaker 1 (53:13):
When you're showing all the guys up, when you're in
high school as a girl you'relike you know what hold up.
I got two for you.
Let's go.
Speaker 2 (53:21):
We had so much fun.
I worked from 11 to 3 in themorning.
It was perfect.
But then it's like certaincertain hours of the day I can
blaze through, but a lot of thedays just I don't know the
witching hour.
Speaker 1 (53:39):
I love it, i completely get it because it is.
It's one of those things whereI have to.
I have learned to adapt my bodyto work during the day because
that's when, again, all myclients are awake, that's when
business is done, that's howthings are handled, mm-hmm,
especially now being inmanagement.
I have to be available And myteam is.
(54:01):
But, yeah, you put me on anight shift like you.
You, if I stay up way too lateAnd I'm up at like, if I'm up at
midnight, one o'clock and Ihave not slept yet, i'm not
going to sleep.
I'm probably gonna end up backon my computer editing videos,
doing things that I've beensaying I was gonna do for the
past two weeks and Yes, Justgonna happen.
Speaker 2 (54:24):
It's beautiful.
I love it and then, on top ofall of that, i have a chronic
illness.
Well, i have rheumatoidarthritis.
Yeah, that in our, in mydifferent support groups.
A lot of times we're on theFacebook because that's where we
all are.
Uh hey, if you're a am check,check in who's awake.
New Jersey, texas, california,let me see at it.
(54:47):
We're just, we're all awakebecause it messes with our sleep
.
So, on top of me being anatural night owl and my brain
working beautifully in thewitching hour, on top of that
now I get the bonus of I justdon't sleep because of the the
illness.
So But I tell you what I did alot of research done, so that's
tsunami of information I talkedabout.
I made a lot quicker progressthan I expected.
(55:10):
I'm still working on a fewthings, but, but I'm awake.
I got nothing to do.
I'm not gonna sleep anytimesoon.
Speaker 1 (55:16):
I ain't no one gonna bother you.
Speaker 2 (55:18):
It's quiet, i can focus, i don't have the tiny
pirate attacking.
Speaker 1 (55:23):
And that's the biggest thing, and see what my
problem comes down to is justhow me and my wife are.
Uh, and it's not actually a badthing, but it's if I'm in bed.
So like I have an issue.
Like I don't mind travel And atall, except for the fact that I
can't be gone too long.
It's my time in the military.
I just can't be gone too long.
But When I go to sleep, if Iknow, if I see her on her
(55:47):
computer and I know she's gonnafall asleep on the couch, i end
up putting on tv and fallingasleep on the couch.
I cannot sleep in the same, icannot sleep in a different room
than her.
Speaker 2 (55:58):
Oh, that's sweet.
Speaker 1 (55:59):
So if I wake up at like one or two o'clock in the
morning And because of my backor whatever else I don't get out
of, i'll go to the bathroom andI'm like I'm just gonna go curl
back up in bed next, sir,because I don't know the next
time I'm gonna be able to layback down in bed, um, and so
it's one of those things that,for me, is just.
(56:22):
I look at it, i'm like, yeah, itechnically could get up and
actually be really active andget a lot of shit done, but How
often do I actually get to layin bed next to my wife?
That's not that often.
So We're gonna go do that So.
And then I get warm and I don'twant to get out of bed anyway.
(56:42):
So I just curl up.
I'm just wide awake, so I couldbe like, literally from the time
I step my, by the time my twofeet hit that, hit that carpet.
I'm like I should be up andmoving.
But there's a lot of nights I'mup and moving.
I'm like, let me lay back downRight and I'm a heavy sleeper.
(57:14):
And it's funny because I'm oneof those that a tornado could
literally tear through my houseand it wouldn't even wake me
guilty.
Oh, but Oh yeah, i've alwaysbeen that way.
like it was funny growing up inschool, because like I'd be on
the bus to school And you knowhow some people rest their head
on their hands or something likethat me might have a girl like
(57:34):
this Right on the window.
Oh yeah, i'll be out and theywake me up when I go.
How do you do that?
Do what?
Speaker 2 (57:42):
Literally, the bus is going like this and your head's
banging on the window and youare out and I'm like I don't
know, i'm just I Did ask thatall the time on a plane, oh, all
the time On a road trip, if I'mnot driving, i need you to stay
(58:04):
awake now.
Yeah, okay.
Speaker 1 (58:07):
So my wife used to get mad at me because When we
would drive to and fromdifferent places in the army I
have to be the driver.
But there were occasions whereshe saw me getting tired Yeah
and she'd like, uh, i'm takingover, no, you're not.
No, and so I'd have to, like,stop to go to the bathroom or
get gas and get out of the car.
(58:28):
So what would her ass do?
she'd get in the driver's seat,driving no more.
We start going and literallywithin like five, ten minutes,
if she wasn't talking to me, i'mout, i'm out, i'm just done.
(58:49):
That's hilarious, but yeah,that's how it is.
But this is again why incybersecurity There's so many
different personalities.
There's so many.
Some people are night owls,some people get the most work
done at night, some people getit done during the day.
Not, i'm gonna be honest, iwould probably venture against.
(59:10):
60 to 70 percent ofcybersecurity does not want to
touch foot in an office.
That's and that's.
That's on the low end.
I'm saying 60 to 70 percent onthe low end does not want to
step foot in an office.
Why?
because you have two types ofpeople the introvert that
doesn't want to be around peopleanyways, or the extrovert that
(59:32):
knows if they go to an officeThey're not going to get any
work done because they're goingto be talking to people all the
time.
So Me, i know, on the type thatif I get, if I get put back
into an office setting, ain'tshit getting done, because I'm
literally going to be there.
They're going to be like hey, ineed you to go talk to Sobe,
and so We need to figure thisout.
Three hours later, i'll becoming back to my desk.
Speaker 2 (59:56):
I'm the extroverted introvert.
You guys talked about this acouple weeks, either last week
or couple weeks ago.
The extroverted introvert, it'slike teaching.
You can't really be anintroverted teacher, that's just
.
I mean, if you are, then youmight mean you might not do very
well, depending on the kind ofteacher you are.
But the extroverted Teach, havefun on the stage, teach all the
(01:00:21):
things and then come home Don'ttalk to me.
I quiet, i go into my cave andhide, i go by myself.
Speaker 1 (01:00:34):
Yeah.
Speaker 2 (01:00:42):
Yes, all of that, Yes , yes, just come and hide in my
little hidey-o I do, i just it'sto me I too much people like I,
but not a lot of people.
Speaker 1 (01:00:58):
I can't go out to bars anymore.
I never did So.
Growing up I was a bouncer, ilived at bars and I've done a
lot of different things.
I don't like bars anymore.
I think it's more because Ihave grown up and realized the
stupidity of people when theyget drunk.
Especially being a bouncer andalso seeing my family and some
other people Like I've seen howpeople get stupid when they
(01:01:19):
drink, do the things Yeah, and Idon't want to be around that.
Um and it's really expensiveAlso.
So for me I'm like I don't wantto do that, but you send me to
a conference all day I can go to.
I can go to cyber conferencesand network and bullshit with
people All day I think it's alot.
Yeah, i could work from home,but you put me in an office.
(01:01:40):
I'm gonna get spent, burnoutand don't want to be there.
Speaker 2 (01:01:43):
No.
Speaker 1 (01:01:45):
Like because, because someone's gonna find a reason
to bitch, it's either.
The last time I worked in anoffice, it was oh, you're
smoking too much.
Oh, you're never at your desk,oh, you're doing this bitch.
My work is done.
I don't know what the hell youwant.
I deal with it.
It's like you're you're goingoutside every hour, yeah, to
fuck.
So what?
At least I'm getting work done.
(01:02:06):
Well, people are seeing you.
Yeah, because the smoke pit isright behind the building and
there's a ton of windows rightthere.
Speaker 2 (01:02:13):
There, so I have to go there to smoke.
Speaker 1 (01:02:15):
I can smoke at my desk.
Speaker 2 (01:02:16):
But a lot of people will be pissed, so right.
Speaker 1 (01:02:22):
And so it was just one of those things I prefer to
like be at home because I canget up for my desk.
Go have a drink, right, like I.
There's days actually the bestpart about where I work now
Thursdays I've shown up to workin a sleeveless shirt and been
on video wearing a damn thing,not even cared, and they're like
.
Actually, i went to one meetingwith my sunglasses on Nice.
(01:02:46):
Anna was like What's up?
What's going on?
They were like our nose.
The sunglasses you were talkingabout.
You were ordered.
You were waiting for damnstraight.
Speaker 2 (01:02:58):
And thank you for noticing.
Speaker 1 (01:03:01):
Which, by the way, two of my monitors that are hp.
I can't see the screens at allbecause the light that it missed
from them My glasses block out,but my big gaming monitor is
like 27 inches or 30 inches orwhatever.
Yeah, if I'm looking at that oneperfect sight, it's like, oh
yeah, you can see all this.
But if I turn left or right,they're like, yeah, no, you
(01:03:23):
can't see shit.
I was like this is weird.
I'm like trying to hit refreshon twitter and I'm like where's
the refresh?
I'm like where to go?
I can't see my cursor.
Speaker 2 (01:03:34):
It was here.
I need to get some blue light,some more blue light glasses.
Speaker 1 (01:03:40):
So I got stokes blue light glasses.
Stoke, stoke st Oh with thedouble dots above k.
He came out with his own andtheir transition lenses also, so
Their blue light lenses that ifyou go outside they turn into
sunglasses.
It's pretty cool.
Speaker 2 (01:03:57):
I'm writing this down .
Speaker 1 (01:03:59):
So I hope he still sells them Um.
If not, I'll send you mine.
I don't use them, I do.
Speaker 2 (01:04:04):
I mean if.
If not, then I'll just call youa liar and go find my repair.
Speaker 1 (01:04:08):
Okay, either way works Okay, But anyways.
Hey, we are well over the topof the hour.
And major and please staybehind so we could chat a little
bit.
But otherwise, before we go, aswe end every show, i want you
to give some advice to all thosethat are trying to join cyber
security.
You're in the same position asthem, so what?
(01:04:28):
that's the advice you can giveAdvice.
Speaker 2 (01:04:34):
Find your path and learn as much as you can about
what makes you happy in thisfield.
Wait through the tsunami ofinformation And ask for guidance
.
Speaker 1 (01:04:47):
I love it because that's really what it comes down
to.
That's the gist of it.
That's what everybody needs todo and again, finding the right
role is going to take time.
Finding the right place youwant to be is going to take time
.
Have patience, even after youget certified.
Let me put this out.
There is my final bit of advice.
(01:05:07):
I retired out of the army as a25 delta cyber network defender.
I had four sand certifications.
I had a degree in computerinformation systems and I had
years of experience in it andcyber.
It still took me, from the timeI retired, another six to eight
months to find a job, and thatis fully loaded with
certifications and experience.
So for those just trying tobreak in as a junior, that has a
(01:05:32):
security plus, maybe one more.
Yes, the rules are going tocome, junior rules.
When they show up, hr is a bunchof pain in the ass and and they
put the bullshit regs out there.
Don't go by that network withpeople.
There are people like myselfout there that I don't give a
damn What HR says if I see yourresume and I'm hiring
(01:05:53):
specifically for a junior roleI'm not looking for a degree,
i'm not looking forcertifications, i'm looking for
passion, the ability to learn.
Yeah, sometimes degree andcertifications show that.
If I don't know you personally,but if we've talked, if I know
you, if we've communicated andI've seen you learn in public, i
know you have the ability tolearn and we're going to keep
going with that.
(01:06:13):
So network, network, network,network, network, network, damn
it.
That is my advice.
Network, damn it, but otherwiselook.
I love you all you are all mywarriors, you're all my family.
Thank you for joining us foranother amazing episode of
security happy hour.
(01:06:34):
And don't forget, i drinkbecause your password is
password And I really hope it'sgonna get changed really soon
because, man, y'all make medrink a lot.
Cheers, cheers, love you, takecare and have a great rest of
your weekend weekend.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.