November 30, 2025 • 66 mins
Meter: Visit https://meter.com/itcareer to book a demoEveryone wants to be a pen tester until they find out what the job actually looks like. This video offers a reality check on the daily grind of a professional pentester, emphasizing that the job differs significantly from Hollywood portrayals and standard certification courses.Tyler, a professional pentester, shares insights into ethical hacking and the challenges of the field, including his journey of launching an offensive cybersecurity company. This content provides essential information for those interested in information security and penetration testing.Tyler Ramsbey:LinkedIn: https://www.linkedin.com/in/tyler-ramsbey-86221643/Youtube: https://www.youtube.com/@UC_82czjFMgsYMjodhG_4mIw 🔗 Don’t wait—click here to start your tech career journey: https://thebeardeditdad.com/itcareeraccelerator/Exclusive Career Resources✅ Weekly Insider Tips: https://thebeardeditdad.ck.page/55f710292b🎧Listen to The I.T. Career Podcast HERE: ➡︎YT: https://itdad.info/ytpodcast➡︎Apple: https://apple.co/4aw0uVM➡︎Spotify: https://spoti.fi/3yBcrfuDisclaimer: Some of these links are affiliate links where I'll earn a small commission if you make a purchase at no additional cost to you.#pentesting #cybersecurity #ad
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Everyone wants to be a pen tester until they find out what
the job actually looks like. I'm not talking about the
Hollywood stuff either. I'm talking about the real
behind the scenes grind that no certification course really ever
truly prepares you for. Today, I'm joined by someone who
lives this every day. Tyler is a professional pen
(00:23):
tester who hacks things for a living and is now launching his
own offensive cybersecurity company.
We're breaking down the truth behind the role, the mistakes
that all beginners make, the skills that actually matter in
2026, and what it really takes to get hired in this dynamic
field. If you are thinking about
becoming a penetration tester, this is going to be the episode
(00:47):
for you. Welcome to the show, Tyler.
Thank you for taking the time tohop on and join us.
Dude, thank you for having me and you like that was a
beautiful intro for those of youwatching after the fact.
He one took that like I don't know if he's going to edit it
all, but that was amazing. Dude, thank you for having me.
Oh absolutely, thank you. You know I I didn't come up with
that until like 5 seconds ago too.
(01:08):
Like I'm like I've realized I didn't have anything prepared.
Yes, I read that off a teleprompter, but I didn't
practice it or nothing. Amazing job.
You know, thank you for joining me.
I I really appreciate I've been meaning to have you on the
channel for a while and like thestuff you've been doing, like in
your personal life. You know how you, you quit your
job to start your own company. It's just like mind blowing.
(01:29):
And I can't wait to dive into this conversation.
But before that, do you mind just taking a few seconds here
and introducing who you are and what you do for a living?
Yeah, we'll love to. So I guess before all the career
stuff, more important than that,I'm a husband, have a beautiful
wife, have two young kids, 9 and6 now.
(01:49):
So that's honestly where I spendmost of my time is hanging out
with them and trying to be a good dad.
But outside of that, I am now a business owner.
I run 2 businesses. The 1st is Kyra SEC, which I
think I, yeah, I do have the Kyra SEC shirt.
I don't know if you can really see it really with my microphone
there. But Kyra SEC is a boutique pen
testing firm. For those who don't know the
terms, it just means we focus very much on high quality
(02:13):
engagements and pen testing, less of a focus on quantity.
So we're not trying to do hundreds of pen tests.
We're trying to find a few select clients.
There really be good security vendors and partners with them
in their own journey. And the second company is Hack
Smarter and I have the hack smarter swag on as well.
And hack Smarter is a training platform.
We have courses and hands on labs that people can actually
(02:34):
afford in the field of ethical hacking.
But before all of that, I actually spent 10 years as a
pastor out of all things, which is one of the unique parts of my
story. My first career was a pastor.
I was a church planner, which means I started a church.
I have a masters of divinity, which means I spent three years
academically studying like theology and philosophy and
(02:55):
Greek and, and all these topics that most people probably don't
care about. But that's what I did for the
first part of my career, always did it stuff on the side because
I made no money as a pastor. So I still had to pay the bills.
And during the Covic pandemic, that's when I was really like,
okay, I cannot work like 4 different jobs at the same time.
And now that I have young kids and decided to do tech full time
(03:19):
and always loved hacking stuff all the way back to when I was a
teenager, we can dig into that. But that was my goal and I got
into it rather quickly. I was already pretty technical
when I got into the field full time and I'd like knocked out
search right away and all of that good stuff.
But yeah, I've been doing pentesfor quite a while now.
I was a lead pen tester at a small firm before I started my
(03:40):
own and now I am here my YouTubechannel.
I guess that's the other thing Ido is I love making content,
love streaming, often just teaching hacking stuff on
stream. That's so awesome.
And you know, I really appreciate what you do with your
YouTube channel, with your hack Smarter.
But everything you do is so great.
You know how you're giving back to the community, helping people
(04:02):
really kind of excel in this career field.
So I appreciate that. Thank you.
I haven't read on it. You know, people think pen
testing is all like the black hood and terminal like that's
that's immediately what comes tomind when someone's like I want
to be a pen tester, but that is not at all the case.
(04:23):
Like the job doesn't look like that.
Do you mind this kind of taking a bit and like walk us through
what day in the life of a pen tester looks like?
Yeah, absolutely. So as a pen tester, and I can
only speak for a consultancy, solet me just define my terms a
little bit for those who might be new to the subject of pen
testing. So when it comes to pen testing,
(04:44):
you have internal pen testing like an internal role to a
company and then you have consultancy.
If you're an internal pen tester, you generally only work
for one company and you're like a full time AW2 employee for
that company. And as they release new
releases, maybe for a web app orfor their network, you then do
pen testing on the same infrastructure or the same web
apps. That's not what I do and that's
(05:06):
not what I've ever done. I'm a consultant, which means I
work for a bunch of different companies around the United
States and sometimes around the world who will hire me or my
company for short term engagements.
That might be a web app or a network, pen test or cloud.
And so just to define terms, when I speak from pen testing,
I'm speaking from the perspective of being a
consultant and running a consultancy.
(05:28):
So with that as an introduction as the day-to-day work as a pen
tester, it changes depending on the day.
So if you work for a good pen testing firm, you're not
actually doing pen testing all of the time.
This is one of the things I encourage people to ask in an
interview is how much bench timedo you have as part of being a
pen tester? High quality firms give you good
(05:50):
bench time. It could be 25% of your time you
have bench time. And what I mean by that is
you're not actively doing pen testing, but instead you have
time set as aside for research and development, self
improvement, doing CTFS, gettingcertifications.
Because a big part of being a pen tester, and I'm sure we'll
drill down into this more, is the field that's constantly
changing and constantly evolving.
(06:11):
There are some IT jobs, I won't name them, but I've had them.
But there are some IT jobs where, let's just be honest, you
get the job and you can sort of coast.
Like you can literally look at Reddit for most of your day.
And then every once in a while, like a fire will happen.
And then you have to work crazy hours.
But then you can go back to likelooking at Reddit.
You don't have to constantly be learning.
But as a pen tester, you are quite literally breaking into
(06:34):
real companies systems and networks and web apps.
There's new technology you encounter on every single
engagement. You're always reading, always
researching, always trying to understand new attack vectors,
how to discover your own 0 days and CV ES.
So that is a big part of the jobas a pen tester, if you work at
a good firm, is doing that research and development and
security research. On the other hand, you do spend
(06:57):
the majority of your time doing that hands on consultancy pen
testing type stuff. And that's a lot of of course,
technical work. It is significant time of hands
on keyboard, but there's a lot of communication as well, which
I think surprises people. But you have to remember as a
consultant, it's a client facingrole.
So I'm regularly communicating with a client, I'm jumping on
(07:18):
calls with them, I'm helping them understand vulnerabilities.
And there's a lot of soft skillsthat go into it, which is
honestly, since I think I was able to sort of accelerate in
this field is I spent 10 years talking to people every single
weekend and communicating with people and honestly, dark
seasons of their life. Like I've talked people through
some of the worst moments of their life.
(07:39):
And talking a client through a vulnerability, even if it's a
bad vulnerability is incredibly easy compared to what I used to
do. So that's sort of a day in the
life. It is a lot of hands on
keyboard, but it's a lot of softskills, a lot of communication,
a lot of writing. We could talk about report
writing and all of that stuff, the final deliverable for the
client. But significantly more than just
hacking all the things, you alsohave to be able to communicate
(08:03):
all the things, write all the things, report all the things.
Those are just as important as your hacking skills one. 100%
Those communication skills, I feel get so undervalued in this
sector. So many people think that
they're going to become a pen tester and they're going to be
like the guy in a dimly lit basement with the hood on, you
(08:23):
know, sitting at the terminal not talking to a soul, having
showered for days. And that is like the furthest
thing from the truth in this field.
Cyber security, especially pen testing, is a customer service
job first and foremost. Like you are dealing with
customers, whether that's internally or externally.
(08:45):
Your job depends on how well youcan communicate with the other
people that are probably nowherenear as tech savvy as you are.
So you got to figure out that happy medium and you know how
you can explain something without making them feel like
you're talking down to them, butmaking it, it sounds simple
enough where they actually understand what I'm saying.
So that is a very delicate danceand a very unique skill that not
(09:11):
a lot of people have naturally, I feel like.
And before we kind of dive into that more, I kind of want to
backtrack a little bit and ask you like, what originally pulled
you into pen testing? Like out of all the different
possibilities in cybersecurity, why did you pick pen testing?
Yes. So my journey goes back to when
I was I think I was 13 when I first discovered hacking.
(09:33):
So back I'm 32 now. So you can do the math.
I don't know how many years ago that was, but when I was 13, me
and my friend Nate who was also a pen tester, we actually used
to work at the same company. But one of my few IRL friends, I
don't have that many of them. I usually just hang out with my
kids. But one of my few IRL friends,
he is also a pen tester. But when we were both like 1314
(09:53):
years old, we discovered a website calledhackthissite.org.
So before try hack me, before hack the box, there was
hackthissite.org and it was actually created by Jeremy
Hammond, no relation to John Hammond.
Anyone who's in like the OG hackerspace, you know who Jeremy
Hammond was, right? He well he still is.
He was one of the leaders of LALSEC back in like 2011, 2012.
(10:17):
He went to prison for that. He got out I think in 2020, but
he spent a 20 years in prison. I think he got kicked out of
Defcon this past year for shouting at the stage at some
some general. So like Jeremy Hammond is like
the OG hacker culture, but he founded Hack this site way back
in the day. I don't even know when, but me
and my friend Nate stumbled across it and you can still go
(10:39):
to it now. It is still alive.
But they have like basic hackingchallenges and then real world
missions. And so that's what we would do.
Some 13 year olds would spend all night like playing Halo.
We would be on Hack this and we would like pull all nighters and
be dead tired at school the nextday.
But then we would go to school and we think, hey, we don't have
a hack the Box pro lab, but you know what we have?
(11:00):
We have a school network. And so then we would try to take
what we are learning, practice it at the school.
Nothing malicious, but just likeyou couldn't, for example, you
couldn't launch a command prompton the computer.
So we thought, hey, well you canopen up notepadyoucansaveasa.bat
file. You can then use that to launch
a command prompt. So just doing things like that
to see what we were able to bypass.
Long story short, we ended up getting three strikes against us
(11:23):
and we got pulled into the office with like the school
police officer and the Superintendent and they were
like, hey guys, you cannot touchcomputers anymore for the next
year. And if you do, then we are going
to come at you with criminal charges.
So that was my entry into the hacking field.
But I grew up in rural Minnesota.
(11:44):
I now live in rural South Dakota.
And especially when I was 13, I didn't even know that ethical
hacking or testing was a thing. Hacking in my mind was breaking
stuff and being malicious, whichas a teenager sounded a lot of
fun because I was under the age of 18 and that was hacking to
me. So I've always had an interest
in it. I kind of changed careers, but
(12:07):
when I was 16, I got arrested. Crazy story.
But anyways, that's when faith became a big part of my life and
decided to pivot from it becauseI didn't see a role for hacking
back then. Did doing pastoral ministry and
then doing it on the side so always working random IT jobs.
And then I realized hey, pen testing and ethical hacking is a
(12:28):
thing. I live in the middle of freaking
nowhere, but maybe it's possiblefor me to get a remote job and
figure out what it means to be apen tester.
So that's how I ended up there. But it does go all the way back.
Thirteen years old, hackthissite.org, learning like
the basics of JavaScript and then web hacking on that
website. That really is like my
foundation of my entire career. So I've never met Jeremy
(12:52):
Hammond, but honestly, shout outto Jeremy Hammond for making
hack this site. I know he has a little bit of a
reputation in the community, buthe's truly one of The Pioneers
in one of the O GS in the entirehackerspace you.
Know that that's such a fun story and I feel I relate to
that so much because it's so I feel so similar to mine.
(13:13):
But I, I felt like I'm a little bit of a late bloomer, you know,
back in high school, my high school offered ACC and a course.
So that's where my love for networking started.
But as you're learning CCNA, youlearn a lot of different things
and vulnerabilities in the network.
And again, like very similar to you, I didn't have like some lab
I could practice on. Packet Tracer wasn't a free
(13:35):
thing. People who had Packet Tracer
that weren't taking the Cisco courses, they had to pirate it
from somewhere, which wasn't actually that hard to do.
Limewire. Yeah.
You know, you know, we had credentials into the full school
network as part of our course. And let's just say I will not
(13:55):
admit to anything, but we did not get in.
We did not. We weren't up to anything good.
How about that? There is a couple things that
happened and yeah, but you know,after high school, I, I kind of
lost my way too. Funny enough, there was a rest
on my side as well and that started me down a journey, but I
(14:18):
didn't come back around till tech until later in my career.
So I really can appreciate that story.
But the things I learned early on like stuck with me to this
day. Like those those skills, those
that joy and the passion is really what keeps me going.
And I think it's something people should reflect on if they
are considering getting into this field.
(14:39):
Like are you passionate about these things?
Because if you're just trying tomake this career change for the
money, like let's be honest, there is some decent money to be
made if you play your cards right.
But will you truly be successfullong term if you're just in it
for the money you pen testing? Cybersecurity is evolving at
such an incredible rate these days.
(15:01):
I feel like you really have to have the passion to keep you
going. You have to constantly be
learning. I'm I'm not sure if you have you
know what your opinion is on that.
Yeah, I passion is huge and evenlike I, so I gave the talk.
I was actually the keynote for Simply Cybercon a few weeks ago
in South Carolina. But my whole talk was you need
(15:23):
to redefine success. And I think for a lot of people
in the world of tech, they define success as maybe making
over $100,000 a year, having a certification, having a title,
all of those things can be good things.
But what I've noticed is when you define success by what you
are doing, you will never be satisfied.
(15:44):
So I always try to encourage people your career is much more
about the person you're becomingand less about the work that you
are doing. And I've noticed in my own life,
as I focused on being emotionally healthy and an
emotionally healthy leader, thatpays off dividends in my career.
And then passion of course, feeds into that.
Exactly what you were saying. As a pen tester and
(16:06):
cybersecurity in general, It's constant learning, constantly
doing labs, constantly grinding.I mean I work during the day,
then I jump off work, hang out with my kids, and then I'm
usually back on almost every night.
Either live streaming, making videos, making labs, going
through labs, trying to learn. But I genuinely enjoy it.
(16:27):
But that's where it's not for everyone.
Like I would even argue most of the people who go to school,
they want to get like a four year degree in IT.
Their goal is they want to make a lot of money.
Which OK, you might. But honestly what's likely going
to happen is you're either 1. Going to burn yourself out
because you're going to be spending a lot of hours learning
about something you're not interested in or #2 you are
(16:48):
going to become successful in your career.
But honestly, you're going to become a terrible person because
you pursued success via the money and not pursue success via
the person that you are becoming.
So there's a lot that we could unpack there.
I gave like a 45 minute talk allabout that.
But I think that's a big thing to consider.
(17:08):
Passions important. But also just like what success
looks like for Dakota is different than what success
looks like for me. And it's different from what
success looks like for you. You need to define for you what
does success look like in your career?
What are these non negotiables that you need to have or that
you're working towards? Hey really quick, I want to talk
to you about a new test I use for any tool now.
(17:30):
It's the 2:00 AM test. You see, back when I was
breaking into networking, if a link flapped or Wi-Fi got
cranky, I'd end up juggling an ISP portal here, Wi-Fi
controller there, a firewall UI that looks like it was built
back in 2004, and a support contract that I had to go dig up
from someone else's inbox. None of that helps you when you
(17:51):
have a bunch of people standing in front of you asking you, hey,
is it fixed yet? That's why I like Meter.
If you haven't met them yet, think of Meter as the team that
builds the whole network and helps you run it.
Instead of stitching together a switch vendor here, a Wi-Fi
vendor there, and someone else entirely for security, you get 1
(18:12):
integrated stack, wired networking, secure Wi-Fi, and
even indoor cellular. We need coverage or redundancy.
It's designed to work together from day one, so you're not the
glue trying to keep everything going day-to-day.
You live in a nice clean cloud dashboard with full visibility
and control. And because it's delivered as a
(18:34):
service, they don't just ship boxes and wish you luck.
Meter handles the site survey, the installation and cabling,
the monitoring and ongoing operations alongside your team.
That means clearer accountability, fewer moving
parts, and when something needs attention, you already know who
to call and where to look. For me, that passes the 2:00 AM
(18:58):
test. Fewer portals, faster answers,
and a network that feels modern instead of pass together.
Thank you to Meter for sponsoring this episode.
Head to meter.com/it Career to book your demo.
That is METE r.com/it Career to book a demo.
(19:19):
All right, let's dive back into this week's episode.
I want to run with that a littlebit more here.
You know, we're we're not sayingat least I don't think you're
saying is, you know, you don't have to be like the hardcore
workaholic that you know, like Tyler is.
You know, Tyler, I I can completely relate to that.
You know, I I work an 8 to 5 job.
I come home, I have dinner with the kids and most nights I'm
(19:41):
right back out here in the studio till way later than I
should, dead tired the next day and do it again.
And I do it because I enjoy it. You know, I because I have been
on the other side of the screen here trying to break into the
field, and it was another YouTuber who gave me the nudge I
needed to pursue my dreams, to find happiness, to enjoy my job.
(20:06):
And I want to be that for someone else.
That's why I do this. That's why I continue to strive.
But to find success in this field, you don't have to do
that. It is not going to be an easy
path. Don't get me wrong, there is
hard work to be had, but don't don't think you have to live
this constant work, work, work lifestyle to be successful.
(20:28):
You have to figure out what success looks like for you.
I I couldn't have said that any better myself.
You got to figure out what your goals and make sure their goals
that you know you are looking forward to that you are happy to
achieve. So often I see these people that
set goals that are completely unattainium like you know, I
(20:48):
want to make $300,000. I want to be in the top 1% on,
you know, try hack me like thesekind of goals, make sure you can
achieve them and keep on evolving.
And because these your, your career's going to change your
personality, what you like's going to change and you have to
be able to adapt with that, I think is really a key to success
(21:08):
here. Dude, that's good.
And like one thing I would add to this because I know it's true
for you as well, but for those of you who are parents, do not
compare yourself to people who don't have kids.
Like, I'm not trying to be exclusive here, but like, here's
the reality. Having kids, at least if you're
a good parent, all right? If you're a bad parent, this
doesn't apply because you don't spend any time with your kids.
(21:28):
But if you're a good parent, being present to your kids is
literally way more difficult than any certification, way more
difficult than a career, way more difficult than making a
YouTube video, which is why a lot of parents aren't good at it
because it doesn't immediately pay off.
But that's a huge passion of mine.
And when I was first getting in this field, I compared myself to
people like like John Hammond. Like I love John Hammond,
(21:51):
amazing person as far as I know does not have kids, right?
So like if I did not have kids, I could work significantly more
than I already do. I would stay up till 234 in the
morning. But here's the reality.
I got to wake up at 6:00 AM, make my kids breakfast, take
them to school in the summer time I spend on my lunch breaks
with them. I go to their school events.
Like people don't realize that aspect of it.
(22:13):
So I just want to encourage those of you who are parents,
your kids are so much more important than your career.
And if you have to sacrifice your career in this season of
life, not accelerate as fast, not get that certification.
But if the trade off is you get to spend more time with your
kids, maybe make a little less money, but you're more present
to your kids, that's going to pay off so much more than
(22:36):
getting the OSCP 1. 100% you know, I, I have 3 kids, you
know, I have an 8 year old. I have an 11 year old.
I have a 13 year old and you know, initially in my career, I
did sacrifice time with family and time with kids to make it
here. And there's different seasons.
I go through these seasons, likeshort term seasons.
Like right now, I am grinding sohard through the holidays and my
(22:58):
family knows this. They, they understand, they're
here to support me because they know once this season is over,
I'm there for them. But also I make sure like this
year, I make sure like all my kids are super into cross
country. I took time off to be with them,
to go to their meets, to be present.
That is huge. Now moving forward here.
(23:19):
You know, I, I, I already know the answer to this, but I can
guarantee you, people want to hear this.
Is pen testing here in 2026 still a viable entry point into
cybersecurity? And I kind of hear you
snickering a little bit already because I, I, I, I know this
answer, but we have to address this here tonight, you know, on
(23:41):
this video. So that's, that's actually a
really good question because to be honest, it's not a yes or a
no. I'm going to break that down.
So you said viable entry point in the cybersecurity.
I such no matter what I say someones gonna be in the comment
like free Tyler is wrong. So this is for those of you guys
(24:02):
who are gonna sound off in the comments, say it's straight.
Yes. So first of all, pen testing in
and of itself is not an entry level career.
That said, it is possible to have your first job be a pen
tester. So at my previous firm, someone
who was hired like literally their first IT job ever that
they owned a body, a car detailing business before
(24:23):
switching over to pen testing, their first ever IT job was as a
pen tester. But I would argue, not just
argue, statistics would prove that I'm right.
That is very much not the norm. Pen testing.
If you imagine for a moment as aconsultant, you are working with
so many different technologies, so many different clients, that
having a strong background in sys admin, IT support,
(24:46):
networking, whatever your passion is, all of that builds
into pen testing. So pen testing in and of itself
is very much an advanced career.A lot of people go to school,
they're like, hey, I have a fouryear degree in cybersecurity.
I'm definitely hired as a pen tester.
You're probably not going to be able to one IT.
It's super hard to get into, but#2 at least as of right now, the
(25:06):
job market freaking sucks. We've had so many layoffs due to
AI and other cuts. You have incredibly skilled
people trying to get the same job as you.
And so yes, it is a viable entryway into cybersecurity.
But I think in order to get there you need a bunch of stuff.
We can talk about that to unpackat least what my recommendation
(25:28):
would be to get into pen testing, but long answer short,
I don't think it's a viable entryway as your first career,
although it is possible. I don't want to gatekeep, it's
just statistically it's probablynot going to happen as your
first IT job. I, I 100% agree with that and I,
and I knew that was going to be your answer, but I, I had to ask
you because we had to address itbecause I, no matter how many
(25:49):
times I see that in my YouTube videos, like I feel like cyber
security in general should not really be someone's entry point
into this tech industry. It can be, absolutely can be.
I see. I, I personally know plenty of
people who've done it, but I feel like you know, you're,
you're giving yourself a disadvantage almost by trying to
break right into like a pen testing role where coming up and
(26:11):
kind of like it's rite of passage.
I feel like to like maybe start not necessarily starting at the
help desk, but like an entry level like support role or a
network engineering role and then work into that pen testing
role or that sock analyst role. And then pen testing.
Because the skills you learn at those entry level roles are
going to really set yourself up for success in those higher
(26:34):
level roles and going to make itby the time you get to that pen
testing job, you're probably going to be able to demand a lot
higher salary because you're going to have more experience,
you're going to have more skillsunder your belt, and you're just
going to be that much better of a teammate to your team member.
It's not even just about the skills, it's about being a good
teammate and being a good fit within that organization.
(26:56):
It's spot on and like IT supportgets a better rap.
I think I remember watching Dudenetwork Chuck.
This would have been three or four years ago.
He did a really good live streamon, I think he was helpdesk or
IT support or something back when I think I was a manager of
IT support. Like I managed an IT department
for a local college at that time, but I thought it was
(27:18):
incredibly well done. And of course there are some IT
supporter helpdesk jobs where you're just like a phone jockey.
You take a phone call and then you don't have any time to
troubleshoot. You just escalate it to Tier 2.
But honestly, a lot of IT support jobs, you get to do a
mix of support, sys admin, networking, security, it, it not
only is a great entry point, I, I think they're fun.
Like I thoroughly enjoyed my time in IT support and as a pen
(27:41):
tester. The customer service skills you
learn in IT support of working with end users, You don't escape
that. You just take that as a pen
tester and you turn it up because now you're talking about
way more money and way more skilled people sometimes on the
other line. And you need to learn not to
have an ego. That's the other thing that that
drives me crazy. I talk to people who are like,
(28:04):
well I want to get into pen testing, but the only jobs that
are available are help desk and I don't want to do that.
My answer is freaking get over it.
Like take whatever job you can get.
Start building that experience. If you think help desk is below
you, you have an ego. You're not going to do good as a
pen tester anyways. Find a different career.
But a good pen tester is humble.Like we recognize we don't know
(28:25):
everything. And I noticed people trying to
get into the field, they seemingly know more than me and
I do this for a living, but theythink they know more because
they did the OSAP or the CPTS orthe PNPT or the PT1 or the other
alphabet letter soup certifications.
Certs are good, they are not thereal world and they don't teach
you that well. How to communicate with PNPT
(28:46):
makes you do a debrief at the end.
So I have to give a shout out toTCM for doing that.
But man that was a little rant there.
But honestly, take whatever freaking job you can get, and if
you think a job is below you, you need to go look in the
mirror. You're not that important.
You're not that awesome. Do what job you can get and
learn and grow and take the opportunities as they come.
That is 100% the truth. I mean, absolutely.
(29:10):
And that's, that's really the approach I I took when I first
broke in, you know, before I gotinto tech.
And I'll keep the story short because I've told it a bazillion
times. I feel like, but I was a
bulldozer operator. I drove a freaking bulldozer.
I had no experience and I knew Iwanted to be like a networker
system and administrator long term, but I knew I couldn't just
jump into that role with no experience.
(29:31):
You know, I was a college dropout.
I was way too interested in girls when I went to college.
I, I flunked out of college. I had no certifications.
Like I took the CCNA in high school, but the CCNA is only
good for three years. This was like, I don't even
remember how like 10 plus years later.
So that wasn't going for me anymore.
(29:53):
The only thing I had going for me was my drive and willingness
to learn. Like I was so burnt out.
I'm just doing jobs to put food on the table.
I want to do something that mentally challenged me.
And I always had a huge passion for tech, so I knew I was going
to have to start at the entry level jobs.
I knew it was just going to be astepping stone and set me up for
my next job. And it was exactly that.
(30:14):
I got hired at a hotel company as an IT support specialist day
one. All I was doing is like being
that phone jockey guys, resetting passwords, e-mail
passwords, creating ad accounts.I was terrified because I didn't
even know what Active Directory was.
I was so worried. But while I was there, I just
made it my mission to learn everything, to learn how
(30:36):
everything worked and it didn't go on recognized I anytime I
would see like where that they were doing an update or they're
doing something new, I would be like, Hey, can I be the fly on
the wall? Hey, can I, can I watch you
guys? Can I help at all?
And I evolved in that role, likeso did my like my skills with
(30:56):
it. And before I know it, by the
time I was there and I left thatcompany two years later, I was
in charge of designing the complete IT infrastructure for
every single brand new hotel we are building.
We are building like 3 to 4 brand new hotels a year.
And when I say like in charge, like I was sitting down with the
architects, you know, the building architects market at
(31:16):
the blueprints like OK, I need aIDF here.
I need cable ran between this idea and this IDFI was placing
access points to I was also the guy that was hanging the access
points. You know, I wasn't doing the
cabling. We, we, we got a contractor to
do the cabling, but I wired all the switches up.
I hung the access points. I did it all and it was so much
(31:36):
fun because everyday was something different.
And that really set me up for success for my next role, which
was a network engineer. And through that drive and
passion, I was able to go from that entry level job, IT support
specialist to a director of network operations in three
years. So just because you're starting
(31:59):
at the entry level job now doesn't mean you're going to be
there forever. Yes, there are some people that
really enjoy the entry level jobor just want a job that they can
sit back, kind of like you were talking about in the beginning,
where they can just sit back anddo nothing all day and just only
work when things go wrong. If that's what you want, great.
But if you want to make that money, if you want to strive for
(32:19):
a job that you just wake up every morning and are excited
for, then be ambitious. Have that drive, want more?
Because I guarantee you it's notgoing to go unnoticed in this
field. And if it is going unnoticed at
your job, you're in a toxic workenvironment and it's time for a
change anyways. So there I got on my my soapbox.
We're going to we're going to step off there.
(32:41):
That's so good. That's and I love what you added
about just like the willingness to shadow.
That's actually I remember Chucktalks about that in the live
stream and I was sharing it withmy students at that time.
They worked in the support center, but they were students.
But that's huge. Just like having that
willingness to learn. Nothing is below you and
everything is an opportunity to learn.
There is few people I think thatgenuinely have that attitude and
(33:05):
when you do have it, it really does pay dividends.
People notice in more than one way and you will just naturally
level up in your career as a result, I feel.
Like we've kind of covered the basics.
Let's start diving into some of the skills, like say someone
that's either already working intech and wants to pivot into pen
testing, or they're going to be really ambitious and try to
(33:26):
break straight in. Like what skills do you
recommend? Like are some must have skills
for anyone looking to break in right now?
Yeah. So we could talk about skills or
certifications. They kind of go together, but
kind of don't. So let me just start with the
fundamental skill that's not even tech specific, but that's
just curiosity. Curiosity is an underrated skill
(33:48):
in all things tech, but especially in pen testing.
As a pen tester, you're constantly having to break
stuff. Like no one gives you a document
saying, hey, like here's how ourapplication can be broken.
So you need to be genuinely curious every time you're
looking at an application. Like when I'm just using an app
in general or my e-mail, I'm always thinking about like, man,
(34:08):
how could this be abused? How could this be attacked?
How could I use this in a malicious way?
And for example, on one engagement, and you see this in
a lot of applications, you're able to send invites to someone.
So let's say the Hack Smarter platform has an invite feature.
You send an invite and it emailsanother person from the Hack
Smarter domain. Well, on this application, it
allows you to put in a custom message.
(34:29):
And when I intercepted the request, I also saw I could
insert HTML. And so I was able to use their
invite feature in order to send phishing emails from their
domain with malicious URLs in it.
All because I was curious about how does this e-mail feature
work? How can I abuse it?
How would an attacker use this? So curiosity is huge.
And that will take you incredibly far in your career.
(34:52):
Now the reality is I shared before the job market is rough
all the round, but the job market has always been really
difficult for people who want tobe pen testers or ethical
hackers because everyone, maybe not everyone, most people have
seen Mr. Robot and they want to do Mr. Robot stuff, right?
And they, you ask you, I don't know for sure.
So, you know, most statistics are made-up, but I'm pretty sure
(35:14):
like 80 to 90% of students, if you ask them right now who are
in school, what do you want to be when you graduate?
So many of them are like, hey, Iwant to be an ethical hacker,
right? Because it looks cool.
They think they'll make a lot ofmoney.
Here's the reality right now, toget a job as a pen tester, you
need a few almost non negotiables #1 you almost need
(35:35):
the OSCP. Now I'm personally not a huge
fan of off SEC but the OSCP is still by far the gold standard.
If you want to get a job as a pen tester.
There are other search like the PNPTI would say is number 2.
Another well known 1 you have the CPTS which is arguably more
practical, more difficult, but doesn't have that HR
recognition. Same with the PT1 that's try
(35:57):
Hackney's new cert really practical like very real world
but just it takes a long time toget that name recognition in the
eyes of HR. So you need the OSCP.
That in and of itself is about $1700 I think for one exam
attempt. 90 days of lab access and there's no questions.
You get a VPN and it's either can you hack or can you not,
(36:20):
right? You get 24 hours to compromise 3
machines and an ad network, another 24 hours to write a
report. But here's the thing, a lot of
people have the OSEP who are still trying to apply for that
job. So you need to stand out even
more. So then I recommend getting a
CVEI have I think 12 CV ES. For those who don't know what
that is, a CVE is a zero day. You discover a vulnerability and
(36:42):
generally open source software nobody has ever seen you report
it to the vendor, they help patch it or you help patch it.
11 fun story is Go CMS, massive CMS used by Mozilla, I think
open AI. I found a CVE, one of my CV ES
is in them. It was cross site scripting that
led to privilege escalation. I found it.
And because it's open source, I patched my own CVE open up hold
(37:05):
request. And so I found the vulnerability
and I patched it. But like you need that as well.
So you need, you need the OSCP, you almost need at least one CVE
in your resume. And then #3 you almost need a
personal brand because whether you like it or not, it is very
much who you know, not just whatyou know.
So YouTube may not be for everyone.
(37:27):
Like for Dakota and me, I'm kindof preaching to the choir.
We have YouTube channels. We make content all the time.
But maybe it's not YouTube. Maybe it's a blog, maybe it's
just being active on LinkedIn. Maybe it's a Discord community
that you're a part of or that you started.
But you almost need all three things in place, honestly, to
get a job as a pen tester. And I'm not saying you have to,
(37:47):
but I am saying in order to stand out, you need the OSCP,
you need a CVE and you need sometype of personal platform.
And most people would hear that and be like, holy crap, I need
all of that just to get a job. And the reality is kind of like
you might get lucky and not, butthe people you are competing
against have many of those. I don't think many of them have
(38:08):
all three. So that's just one way you can
really stand out OSCPCVE personal platform.
And then just maybe you'll finally be able to land a job as
a pen tester. So more difficult, I think than
people initially think. Or they saw some YouTube who
wanted to get a bunch of views and said, hey, take my boot camp
and you'll become a pen tester. The reality is no, you won't.
(38:31):
Like it's so much more than a boot camp, so much more than a
certification. There's there's so much that
goes into it. I.
Really think that's shine some light on why we say while it is
possible to just jump right intoa pen tester job, it's kind of
almost unlikely. You know, you're going to find a
lot more success because if you're while you're working like
(38:51):
in a sock, you can be building these other skills, you can be
building out your portfolio, youcan be learning and doing, you
know, bug bounties and you know,building that personal brand.
And I, I think having a personalbrand is way underrated in
almost all fields of tech nowadays because let's be
honest, when you are applying for jobs, especially in the tech
(39:12):
industry, but I think this is kind of just universal and you
are selling yourself. You are selling you, you are the
commodity now. And you got to convince that
hiring manager why they should pick you out of all the hundreds
of other candidates. So having a strong personal
brand, having those connections,like we haven't even started
talking about in person networking because let's be
(39:34):
honest, very, very much so. And I, I absolutely hate it with
a passion. This field sometimes boils down
to it's not what you know, it's who you know.
And I think it's the most unfairthing, but it's the world we
live in and networking with people plays a huge factor.
(39:56):
I feel like on your success and part of that, you know,
networking with people, it goes back to your personal brand and
all that. So I mean I, I and if you want
to, I think we should talk a second about that too, because.
But it's, it's the truth. Like I, I again, I, I think it's
totally unfair because I just know plenty of super smart
people out there that just don'tlike to network with people and
(40:21):
they struggle because that they,no one knows who they are.
And, you know, really the peoplewho go out and maybe don't know
near as much, but they're, you know, going out and talking to
people and working on those communication skills and
networking, we're finding it a lot easier to land jobs.
Spot on. It's true, it is unfair like it
(40:45):
really is, but it's reality. Like you can complain about it
all day, but it is reality. The way I like to think about it
is when we generally think of networking, we think of using
people, whether or not we say itout loud.
And what I mean by that is people here networking, they
think, OK, I need to go to a conference.
I need to find a hiring manager,and I need to, like, somehow
(41:07):
showcase my skills to them. So they then offer me a job
that's not gonna work. Like people can tell if you're
using them. Good networking means building
genuine friendships and good networking also means just
figuring out what are some ways that you can give back to the
wider community. I mean, that's why I started my
YouTube channel. I know that's why you started
YouTube channel. That's why I started to hack
(41:28):
smarter. That's why I started my Discord
community. But just like my YouTube channel
has opened amazing doors. Like I love it when I go to a
place like Defcon and like constantly people are like, hey,
I watch your videos and they've helped me in this, this part of
my career. I remember this past Defcon.
This is a crazy, crazy moment. So we all know, we all know
Chuck. I know you know Chuck as well.
Incredibly nice, one of the nicest people I know.
(41:51):
I was able to be on his YouTube channel a while back, but I got
to DEFCON that yes, I so I walked into my hotel lobby at
DEFCON, just got off the plane, got off my Uber and then
someone's like, hey, Tyler and I'm like, shoot, someone already
recognizes me. It was freaking Chuck and his
whole team. I was like, dude, what?
You're the first person that recognizes me that I run into.
(42:12):
And I remember we're sitting there chatting and like
constantly people are coming went up to him and talking to
him and I'm like, hi. But there was one time, one time
someone came up and they said, are you Tyler?
And I was like, holy crap, you don't recognize to do with the
beard next to me. And it took them a second.
So there was one person who knewme but somehow didn't know
Chuck. They eventually guessed him once
they stared at him long enough. But it's like, I wouldn't have
(42:34):
those opportunities to meet people like you and like Chuck
and and Heath and these other big names in the industry.
And what I've noticed about all of these so-called big names is
they are just real people who are genuinely committed to
giving back to the community at large.
And the reason someone like Chuck that he has such a massive
platform is behind all of it is he has a passion for helping
(42:56):
other people. And so my encouragement to
people who are a little put off by the word networking, just
change it to helping other people.
The more you help other people, the more you give back,
regardless of where you're at inyour career, that is networking
and that will begin to open up those doors and and begin to
build genuine friendships and relationships with other people
(43:17):
in the industry you. Know that is so true, but I
already can hear the comments saying, well I'm brand new to
the field. How can I possibly help someone
out? Like you don't realize how much
like even if you're just sharingwhat you're learning, how much
that might help someone out. You know, everyone has different
journeys. Everyone also likes learning
(43:39):
different things from different people in different ways.
A lot of things you and I do areprobably not original.
Someone else has probably done something like this on our that
we've done on our YouTube channel.
Doesn't mean that what we're doing isn't good.
It's just we have a different personality.
We have a different way of explaining it and like I create
content because people like to watch my content from me, you
(44:02):
know, and that's what I I focus on.
Some person might watch you likeyou.
Like let's say you create the same video that I do like the
exact same word for word. People are going to watch your
video because they like you the way you deliver it.
People are going to watch my video because they like me, you
know, it just kind of goes back to that.
So you never know if you who you're helping and what
(44:25):
connections you might make. I can I can speak from personnel
that this YouTube channel has opened up so many options and so
many doors that I would never have had.
And again, you don't have to just create a YouTube channel.
You can start small, create a blog, post articles on LinkedIn,
do something like that, but givemore than you take.
(44:46):
Because whenever you can give people more than you ask for in
return, it's always going to come back to you at tenfold and
you, you're just making the world a better place.
I don't. I don't know how else I can say
it. Dude, you're spot on.
I mean very little that I would add to that.
I think like online networking is important and to be honest,
(45:08):
that's where I do most of my networking because I live once
again in rural South Dakota. There's no B size, there's no
meet up groups, but those conferences are huge too.
Defcon is a good one. I go to three conferences every
year. You have Defcon.
I now go to Wild West Hacking Fest over in Deadwood and then
simply Cybercon. All of those conferences are
amazing, but the real, I think the real power happens not
(45:30):
during the conference, but it's the late nights.
Maybe you're sitting around at abar somewhere or at a meet up
somewhere and that's where that real connection happens and you
would just be surprised what comes out of that real genuine
face to face connections. I also know that many people in
this field are introverts, myself included.
I literally just released a YouTube video on this on my
(45:50):
channel. But even when I was a pastor, it
was a huge struggle for me because, you know, part of being
a pastor is meeting people all the time.
And I sucked at small talk. I sucked at making conversation.
I quite literally read books on conversational skills so that
when I meet someone at a meet up, I'm not super awkward,
right? But it's just little things like
(46:11):
that that really do pay off dividends if you put in the time
and, and put in the work for that face to face networking and
also some of those online communities.
Just remember what you post on the Internet is on the Internet,
right? So just keep that in mind.
I also use my real name, like Tyler Ramsby is my name
everywhere and I think that's helpful.
(46:32):
I know a lot of people like to use screen names, but it's
really hard to connect like Master Kangaroo 321 to John,
right? Like that part's hard on the
online. So if you are doing personal
branding, I know people have different levels of OBSOC.
I just took the Jon Hammond route and was just like, OK, I'm
Tyler Ramsby, that's my name, that's also my hacker handle.
(46:54):
For good or for bad. One day I might regret it, but
as of now it is what it is. You know, I, I've thought about
that several times. You know, I went through a
rebrand on the channel and of course I am the bearded IT dad.
And that's just the, the branding I decided to go with.
But I, I, I did it for a while, think like, should I focus on
branding me more, work more on my personal brand.
(47:16):
And I'm at a point in my career and it's not this.
Don't do as I say, you know, type of theory.
Do as I say, not as I do. I really enjoy my day job.
I absolutely love it. I am working my dream job.
I have no ambition of changing anytime soon.
That is not a great advice though, in all honesty, because
(47:36):
my job could go away tomorrow. I'm in a different position.
If my job went away tomorrow, you know, I have my YouTube
channel, I could, I could lose my job tomorrow and my family
would have still food on the table and a roof over their
head. So I think that's why I focus
more on like the channel branding than my personal
branding. But if I was at a spot where I
(47:57):
was eagerly developing my careerand wanted to make sure like if
I ever lost my job, I was ready to go again. 100%.
That personal branding, you can maintaining those connections
even when you are not actively looking for a job, still work on
that personal branding and that networking.
Because you never know in this day and age when you come in
(48:20):
tomorrow and your desk is all packed for you and like you're
they got your final paycheck. So 100%.
So true I. I want to pivot here a little
bit because I really want to hear more about what you're
doing in your own organization. How you know, you left a full
time job in pen testing and started your own, your own
(48:44):
company. And I think that's really crazy
and amazing though. And I, I kind of want to hear
what drove you to do that, if you don't mind talking about it.
Yes, and thank you for that because I when I talk on this, I
always try to level set expectations because I don't
want to be the YouTube that's like, hey, look at what I did.
You can do it too you, you mightbe able to, but there's a lot of
(49:06):
very unique things that work in my favor.
So I shared before I was a pastor for 10 years, I made
almost no money. Like my salary was like 30 to
$40,000 a year. Like my kids qualified for like
government funded health insurance in South Dakota.
Anyone who knows South Dakota, you had to be really broke to
qualify for that. So I made very little money for
(49:27):
most of my adult life, but I wasfine.
Like we didn't ever really struggle financially, we had
savings. We always lived below our means.
Once I got into tech full time Imade so much more than I ever
made as a pastor. But a big decision that me and
my family made is like hey, we were already happy and fine
before so we never increased ourstandard of living.
(49:47):
I live in the same house. I used to be able to say I drive
the same car but my car literally stopped working so I
had to upgrade to the 2012 HondaPilot now.
But like very much live way below my means and always has
always have. And as a result I've been able
to put a lot of money in savings, a little bit of
investments. So before going full time on my
(50:09):
own. I had about one 1 1/2 to two
years expenses saved for my family.
So if I made zero money for the next two years, my family would
be covered, I'd be able to pay for health insurance and all of
those things. So I just want to level set
expectations that way I'm not going into this blind and having
to like live paycheck to paycheck based on how my
(50:30):
personal business is doing. So that's, that's a big part of
it. But #2 I've always had a passion
for doing entrepreneurial stuff.So of course a church is not a
business, but for 10 years of mycareer, I was a church planter.
So we went to a community. Actually, where I live now, we
started a church from scratch. I had a staff that I oversaw,
(50:51):
but I really didn't have a boss,so to speak.
I LED things, I casted vision and that LED staff in that way.
When I switched over to ITI had a boss.
And honestly, it was a crazy adjustment to like when I wanted
to do something for my kids, I'dhave to ask for permission.
I was like, what? This is silly.
I don't want to ask for permission.
Like when I was a pastor. One of the things I really miss
(51:11):
a lot. Is.
One of my many side jobs is I was a substitute teacher in the
school. So like I used to be my kids as
teacher. It was amazing.
I used to go to the school and teach and was able to do things
like that where all of a sudden I have like an employer that's
like, no, you have to like be here from here.
Until then, it doesn't matter ifyou get your work done, you are
stuck here. And so I knew from the
(51:33):
beginning, and I told this to mywife five years ago or whatever
that I'm going to IT full time. But like my, I'm, I'm not going
to work for other people for very long.
Like I will launch my own thing,a pen testing company
specifically told my wife, I want to do pen testing and
YouTube and I'm going to make ithappen.
I just don't know when. Well, I just came to a spot in
(51:54):
my career as my YouTube set of things are growing.
Hack smarter was growing. I was at a spot where I just
couldn't do it all. I was quite literally burning
myself out working, you know, my8:00 to 5:00 and then building
hacks smarter in the evening anddoing labs and courses.
It was just too much. And I was like, OK, I need to
choose one of these. I have enough in savings.
(52:15):
Let me just try to bet on myselfand see what happens.
And had a really good conversation with Rhino
Security. That's where I worked previously
with the founder there. And it was just like, dude, I'm
not quitting here to work for somebody else.
So I have a lot of flexibility here.
So I gave a three month of notice, which I don't recommend.
It can get awkward depending on where you work.
It worked for me, but I literally gave from the three
(52:36):
month notice. I was one of the lead pen
testers there so there was some complex projects that only I
could do. So I stayed to finish out those
projects. And then October 1st was my
first solo day working on my own.
But we're only about two months into it now.
I will say I before October 1st I was already building my
platform and honestly making more money from my side gigs
(52:58):
than I was from my full time job.
So I wasn't going into it fully blind.
And even now, like it's gone so much better than I ever could
have expected revenue wise. The stress is tough.
We could talk about this, but I said yes to too many other
businesses like contracts on theside trying to pay my bills.
So that was one big mistake I made.
(53:18):
But outside of that, it's gottensignificantly better than I was
expecting. But I also recognize I'm two
months in, a year from now, I'd be able to give a lot more
wisdom, I think. But the other big thing I'm
doing, because I'm building thisin the public, and that's been
my commitment to those in my community from the beginning
that I would share with him the good and the bad.
(53:39):
So almost once a week, I'm just share very openly and honestly
about how revenue is doing, about whether or not I'm able to
pay my salary, about clients, about successes, about failures,
and being quite literally as transparent as possible.
Some would maybe say too transparent but I don't know,
like I really feel like I'm in this with the entire hack
(54:02):
smarter community and the wider community as well.
There's some people who may wantme to fail, which is fine, they
can follow along as well. But really I want people to
learn from it. Like maybe you can't start your
own business right now, but you can watch me stumble around and
maybe, maybe y'all fail. Maybe 2 years from now I'll be
like hey this, this wasn't rightfor me and I'll go back to being
AW2 employee. But maybe I'll inspire somebody
(54:24):
else who builds an amazing company.
And if that's the case, that's still a win win to me either
way. That, that is, that is so cool.
And I, I'm curious, you know, I know you're only about two
months into this, but so far, what have you found to be the
hardest part of this, this change for you?
The hardest part is managing theanxiety and I knew this going
(54:48):
into it. I actually made videos about
this before, but dude, I came soclose multiple times before
October 1st of just throwing in the towel before it even
started. Just the anxiety was so
overwhelming to me. And a big part of that is I have
a wife and two kids. I'm the sole income provider.
So like I don't have health insurance through my wife's job,
(55:09):
nothing like that. So it is all on my shoulders.
And so I'm always going back andforth between like, dude, I'm
leaving high paying 6 figure comfortable job as a pen tester
to freaking Yolo this and try something on my own.
Like on paper it doesn't make sense.
But like I have this drive and Ihave this build that I want to
build something on my own, not for somebody else.
(55:30):
But there was multiple times going before October 1st that I
came this close to calling my current employer and just being,
hey, I made a mistake, I don't want to leave.
Would you let me stay on? So that was hard at 1st and
after launching that is still really difficult.
I mean revenue and stuff has been good, but the difference is
(55:52):
depending to being self-employedand being AW2 employee is as a
self-employed person. You, I mean you eat what you
kill as they say, right? You make money when you're able
to do sales and work with clients.
You don't make money when that'snot happening.
There is not a steady paycheck. There is so much risk and
there's a lot of upside of things pay off, but there's so
much risk going into this that you don't fully appreciate until
(56:16):
you have no other safety net. You have no other paycheck.
It's you paying yourself throughyour own company.
That's incredibly stressful. But that led me to what I talked
about before. I had a bunch of other contracts
I agreed to for really teaching.Most of it was teaching because
I was so anxious about paying mybills.
(56:36):
I said yes to all these other companies and then already
stretched myself way too thin tothe point that I couldn't even
focus on Hacks, Murder and Kairosak.
I was once again building other people's freaking companies
because my anxiety caused me to say yes to them and no to me.
So the other big lesson I'm learning is you really do have
to say no to good things so you can say yes to the best thing.
(56:59):
So where I'm at now is Hacks, Murder and Kairosak.
They are my only focus. I am now saying no to every
other company. That's like, hey Tyler, can you
work for us? Can we do this contract?
I could say yes. I couldn't make more money that
way, but that's not why I quit my job.
If I just wanted to make more money, I would have kept working
on my other job. I took a freaking $60,000 pay
(57:20):
cut to do this. Cut my salary by that much.
So like, I'm not here trying to make money.
I'm here trying to build legacy.I'm here trying to help people.
I'm here trying to make an impact.
And so that just keeping focusedon my mission and my definition
of success is probably the hardest thing so far.
That that is, is so encouraging to me as a an entrepreneur, you
(57:42):
know, someone who also runs a business, runs a YouTube
channel, and I'm also working full time.
I definitely understand the struggle there too.
You know, I have fought burnout so many times just by trying to
take on too much, trying to say yes too much.
I always come back to why am I doing this?
(58:03):
You know, why am I working in tech?
Why am I creating content? You know, it's because I want to
help others. I want to help others succeed.
I want to demystify some of these, you know, misconceptions
in the tech industry to try to help people achieve their
dreams. That's why I I still do this.
And I got a really quick add on question to this conversation,
(58:26):
though, is, you know, if someoneelse is like they're, they're
working like AW2, they're they're working for someone else
and they just, they want more. They want that freedom.
And I don't know it's necessarily know if freedom's
the right word because there's alot of other strings that come
attached when you work for yourself.
But how does someone know when it's time to take on these risks
(58:47):
themselves? Yeah, 1 is, I think they really
need to understand their motivation.
So I think a lot of people think, hey, I will start my own
business for freedom. Then I can determine when I get
to work. And you know that there's a,
there's a joke, but it's so true.
You can determine like which 16 hours a day you get to work.
Congratulations. But the freedom that I think is
(59:08):
amazing is the freedom to build what you want to build and then
make the decisions you want to make.
And now you also face the consequences if you make a bad
decision. But that's the freedom.
I love the freedom to build whatI want to build.
And it is really nice. Like when my kids have an event
at school, I don't have to ask my freaking supervisor if I can
take, you know, an extra 2 hoursoff as part of my lunch break.
(59:28):
I just do it. So there is freedom in that way.
But as far as whether or not a person is ready, I think it
comes down to do you have the financial safety net for good or
for worse. You do not want to launch a
business, I would argue, withoutat least 12 months worth of your
full income in savings or at least in investments that you
(59:49):
can pull from quickly. If you launch a business without
a really strong personal safety net, it's going to force you to
make bad decisions about your business.
You're going to prioritize shortterm wins.
Over a long term sustainable success.
And so even for me personally, I've said no to multiple clients
already for Chirosec because they didn't fit what I am trying
(01:00:11):
to build or I didn't fit the type of work that we're trying
to perform. But the only reason I have the
freedom to do that is because inthe front end, I was able to
load myself with a bunch of savings so that regardless I can
provide for my family. So that's a big part.
Do you have the financial safetynet?
But the other part is how comfortable are you with risk
and how comfortable to argue with being a self starter.
(01:00:33):
There's a lot of people that if they don't have a supervisor
telling them you have to clock in at this time, they don't
clock in, they oversleep, they maybe don't start their day till
11. They're only work a few hours.
The best thing that you can do is have a regular schedule.
So I still work 8:00 AM to 5:00 PMI have a set schedule.
I have to work in the evenings as well.
I even purchase office space. So for a long time I work from
(01:00:56):
home, which is amazing. But I noticed that for me, I
needed a separation from my homeand my work to be more
productive, but just to have that separation.
So in rural South Dakota is super cheap.
Like I was able to get an officefor like $200 a month and it's a
full building, fully private just for me.
But I commute to my office. It's literally a 5 minute bike
ride from my house. But I commute to my office every
(01:01:18):
single day to have that schedule.
I clock in at 8 AMI take an hourlunch break to decompress.
I usually walk home, hang out with my wife for a little bit,
come back to work. So I treat it like a traditional
job, which would be my encouragement for other people
as well. You need to treat it like a
regular job. Work your 8:00 to 5:00 and then
you will have to work evenings. You will have to work outside
(01:01:39):
hours, but that's the other big thing.
If you're not a self starter andif you need someone to poke and
prod you or answer all your questions, entrepreneurship is
definitely not for you. Absolutely.
Now I I got to ask, what is one thing you wish?
Let me rephrase that. Through the power of editing,
(01:02:00):
mess up won't be in there. What is one thing you wish
someone dreaming of becoming a pen tester will walk away from
this conversation we had today. But before you answer that,
you've mentioned you have a YouTube channel.
You have tons of resources. You get back to the community.
If people want to connect with you more, where can they find
(01:02:20):
you? Yeah, the.
Best spot is probably YouTube. You can also connect over at
hacksmarter.org. That's our training platform.
But on hacksmarter.org you get alink to our Discord.
Our discord is completely free. We do a weekly goal meetings
where a bunch of people gather together, talk about career
goals, We do career coaching at a donate what you can, we do
(01:02:41):
free workshops, we do resume reviews.
Everything in the Hack Smarter community itself has no paywall.
It's completely free and I'm super active there so YouTube
and discord is probably the the best place to get a hold of me.
To answer your question, what would I want someone to know
about pen testing? I would want you to know if you
want to start a career as a pen tester #1 it really is an
(01:03:04):
amazing career and for the rightperson, it's the best career
that you can possibly have. But I also want to let you know
that it's going to be difficult to get into the field as a pen
tester. I do not want to sell you a pipe
dream. I'm not saying buy this course
and you'll become a pen tester. I do have courses.
I do think they're amazing. You can find them at
hexmurder.org. But my courses aren't going to
(01:03:25):
be enough to get you in the field as a pen tester.
Well, we'll get you into the field.
This curiosity, consistency and persistence, consistency in and
of itself is one of the most difficult things to do.
A lot of people can be passionate for a month.
Can you be passionate for three years, six years, 12 years, 20
years? It's that consistency that's
going to pay off long term in your career.
(01:03:46):
And so it may seem impossible for you to become a pen tester.
I just wanted to let you know it's possible.
I live in rural South Dakota. There are more cows than people.
I got a job as a pen tester. I have now launched essentially
2 tech businesses from the middle of freaking nowhere in a
cornfield. If I can do it, you can do it as
well. No, absolutely this.
(01:04:08):
This field is completely achievable.
You know, if, if you have the motivation, the willingness to
learn, the willingness to, to follow your dreams and passions
no matter what obstacles you runinto, you can absolutely achieve
this career field 100%. And you, you just need to start
(01:04:29):
today. Like just start working towards
your goals. Create a plan.
I so see so many people, you know, procrastination is kind of
huge sometimes where people like, I want to become a pen
tester, but I'll start tomorrow.Tonight I'm going to watch my
Netflix or whatever. You know your your thing is a
(01:04:50):
bit making up excuses. Start today, start messy.
Start. Just just do something to work
towards your goal every day and follow your passion.
Because that passion for this field is what's going to keep
you going when you are sick and tired of studying, when you are
getting rejected on every job you apply for.
(01:05:12):
That passion you have like the willingness to learn, the the
drive, the want of this dream, this career.
That's what's going to keep you going in your worst time when
you feel like you can't make it in this field.
So good spot on. I have nothing to add to that.
That's so good. Well, Tyler, you know, thank you
(01:05:35):
so much for taking this time. I, I want to be respectful of
your time. I know it's late.
I really appreciate you coming on.
This has been such an amazing episode.
Guys, go check out Tyler's YouTube channel.
He offers such great advice. I've I've watched his live
streams many times. I've watched his videos.
You know, I got to participate in ACTF with him and I won.
(01:05:56):
I'm not going to rub that in anymore.
That's right. Yes.
Yeah, that was that was a crazy experience.
Tyler, you're such a great guy and I can't thank you enough for
what you do for this community and helping other people out.
Thank you, Dakota, and thank youagain just for the opportunity
to be on the show. It truly is an honor.
Absolutely everyone, I really hope you enjoyed this episode
(01:06:17):
and until next time, keep learning.
Everyone wants to be a pen tester until they find out what
the job actually looks like. I'm not talking about the
Hollywood stuff either. I'm talking about the real
behind the scenes grind that no certification course really ever
truly prepares you for. Today, I'm joined by someone who
lives this every day. Tyler is a professional pen
(00:23):
tester who hacks things for a living and is now launching his
own offensive cybersecurity company.
We're breaking down the truth behind the role, the mistakes
that all beginners make, the skills that actually matter in
2026, and what it really takes to get hired in this dynamic
field. If you are thinking about
becoming a penetration tester, this is going to be the episode
(00:47):
for you. Welcome to the show, Tyler.
Thank you for taking the time tohop on and join us.
Dude, thank you for having me and you like that was a
beautiful intro for those of youwatching after the fact.
He one took that like I don't know if he's going to edit it
all, but that was amazing. Dude, thank you for having me.
Oh absolutely, thank you. You know I I didn't come up with
that until like 5 seconds ago too.
(01:08):
Like I'm like I've realized I didn't have anything prepared.
Yes, I read that off a teleprompter, but I didn't
practice it or nothing. Amazing job.
You know, thank you for joining me.
I I really appreciate I've been meaning to have you on the
channel for a while and like thestuff you've been doing, like in
your personal life. You know how you, you quit your
job to start your own company. It's just like mind blowing.
(01:29):
And I can't wait to dive into this conversation.
But before that, do you mind just taking a few seconds here
and introducing who you are and what you do for a living?
Yeah, we'll love to. So I guess before all the career
stuff, more important than that,I'm a husband, have a beautiful
wife, have two young kids, 9 and6 now.
(01:49):
So that's honestly where I spendmost of my time is hanging out
with them and trying to be a good dad.
But outside of that, I am now a business owner.
I run 2 businesses. The 1st is Kyra SEC, which I
think I, yeah, I do have the Kyra SEC shirt.
I don't know if you can really see it really with my microphone
there. But Kyra SEC is a boutique pen
testing firm. For those who don't know the
terms, it just means we focus very much on high quality
(02:13):
engagements and pen testing, less of a focus on quantity.
So we're not trying to do hundreds of pen tests.
We're trying to find a few select clients.
There really be good security vendors and partners with them
in their own journey. And the second company is Hack
Smarter and I have the hack smarter swag on as well.
And hack Smarter is a training platform.
We have courses and hands on labs that people can actually
(02:34):
afford in the field of ethical hacking.
But before all of that, I actually spent 10 years as a
pastor out of all things, which is one of the unique parts of my
story. My first career was a pastor.
I was a church planner, which means I started a church.
I have a masters of divinity, which means I spent three years
academically studying like theology and philosophy and
(02:55):
Greek and, and all these topics that most people probably don't
care about. But that's what I did for the
first part of my career, always did it stuff on the side because
I made no money as a pastor. So I still had to pay the bills.
And during the Covic pandemic, that's when I was really like,
okay, I cannot work like 4 different jobs at the same time.
And now that I have young kids and decided to do tech full time
(03:19):
and always loved hacking stuff all the way back to when I was a
teenager, we can dig into that. But that was my goal and I got
into it rather quickly. I was already pretty technical
when I got into the field full time and I'd like knocked out
search right away and all of that good stuff.
But yeah, I've been doing pentesfor quite a while now.
I was a lead pen tester at a small firm before I started my
(03:40):
own and now I am here my YouTubechannel.
I guess that's the other thing Ido is I love making content,
love streaming, often just teaching hacking stuff on
stream. That's so awesome.
And you know, I really appreciate what you do with your
YouTube channel, with your hack Smarter.
But everything you do is so great.
You know how you're giving back to the community, helping people
(04:02):
really kind of excel in this career field.
So I appreciate that. Thank you.
I haven't read on it. You know, people think pen
testing is all like the black hood and terminal like that's
that's immediately what comes tomind when someone's like I want
to be a pen tester, but that is not at all the case.
(04:23):
Like the job doesn't look like that.
Do you mind this kind of taking a bit and like walk us through
what day in the life of a pen tester looks like?
Yeah, absolutely. So as a pen tester, and I can
only speak for a consultancy, solet me just define my terms a
little bit for those who might be new to the subject of pen
testing. So when it comes to pen testing,
(04:44):
you have internal pen testing like an internal role to a
company and then you have consultancy.
If you're an internal pen tester, you generally only work
for one company and you're like a full time AW2 employee for
that company. And as they release new
releases, maybe for a web app orfor their network, you then do
pen testing on the same infrastructure or the same web
apps. That's not what I do and that's
(05:06):
not what I've ever done. I'm a consultant, which means I
work for a bunch of different companies around the United
States and sometimes around the world who will hire me or my
company for short term engagements.
That might be a web app or a network, pen test or cloud.
And so just to define terms, when I speak from pen testing,
I'm speaking from the perspective of being a
consultant and running a consultancy.
(05:28):
So with that as an introduction as the day-to-day work as a pen
tester, it changes depending on the day.
So if you work for a good pen testing firm, you're not
actually doing pen testing all of the time.
This is one of the things I encourage people to ask in an
interview is how much bench timedo you have as part of being a
pen tester? High quality firms give you good
(05:50):
bench time. It could be 25% of your time you
have bench time. And what I mean by that is
you're not actively doing pen testing, but instead you have
time set as aside for research and development, self
improvement, doing CTFS, gettingcertifications.
Because a big part of being a pen tester, and I'm sure we'll
drill down into this more, is the field that's constantly
changing and constantly evolving.
(06:11):
There are some IT jobs, I won't name them, but I've had them.
But there are some IT jobs where, let's just be honest, you
get the job and you can sort of coast.
Like you can literally look at Reddit for most of your day.
And then every once in a while, like a fire will happen.
And then you have to work crazy hours.
But then you can go back to likelooking at Reddit.
You don't have to constantly be learning.
But as a pen tester, you are quite literally breaking into
(06:34):
real companies systems and networks and web apps.
There's new technology you encounter on every single
engagement. You're always reading, always
researching, always trying to understand new attack vectors,
how to discover your own 0 days and CV ES.
So that is a big part of the jobas a pen tester, if you work at
a good firm, is doing that research and development and
security research. On the other hand, you do spend
(06:57):
the majority of your time doing that hands on consultancy pen
testing type stuff. And that's a lot of of course,
technical work. It is significant time of hands
on keyboard, but there's a lot of communication as well, which
I think surprises people. But you have to remember as a
consultant, it's a client facingrole.
So I'm regularly communicating with a client, I'm jumping on
(07:18):
calls with them, I'm helping them understand vulnerabilities.
And there's a lot of soft skillsthat go into it, which is
honestly, since I think I was able to sort of accelerate in
this field is I spent 10 years talking to people every single
weekend and communicating with people and honestly, dark
seasons of their life. Like I've talked people through
some of the worst moments of their life.
(07:39):
And talking a client through a vulnerability, even if it's a
bad vulnerability is incredibly easy compared to what I used to
do. So that's sort of a day in the
life. It is a lot of hands on
keyboard, but it's a lot of softskills, a lot of communication,
a lot of writing. We could talk about report
writing and all of that stuff, the final deliverable for the
client. But significantly more than just
hacking all the things, you alsohave to be able to communicate
(08:03):
all the things, write all the things, report all the things.
Those are just as important as your hacking skills one. 100%
Those communication skills, I feel get so undervalued in this
sector. So many people think that
they're going to become a pen tester and they're going to be
like the guy in a dimly lit basement with the hood on, you
(08:23):
know, sitting at the terminal not talking to a soul, having
showered for days. And that is like the furthest
thing from the truth in this field.
Cyber security, especially pen testing, is a customer service
job first and foremost. Like you are dealing with
customers, whether that's internally or externally.
(08:45):
Your job depends on how well youcan communicate with the other
people that are probably nowherenear as tech savvy as you are.
So you got to figure out that happy medium and you know how
you can explain something without making them feel like
you're talking down to them, butmaking it, it sounds simple
enough where they actually understand what I'm saying.
So that is a very delicate danceand a very unique skill that not
(09:11):
a lot of people have naturally, I feel like.
And before we kind of dive into that more, I kind of want to
backtrack a little bit and ask you like, what originally pulled
you into pen testing? Like out of all the different
possibilities in cybersecurity, why did you pick pen testing?
Yes. So my journey goes back to when
I was I think I was 13 when I first discovered hacking.
(09:33):
So back I'm 32 now. So you can do the math.
I don't know how many years ago that was, but when I was 13, me
and my friend Nate who was also a pen tester, we actually used
to work at the same company. But one of my few IRL friends, I
don't have that many of them. I usually just hang out with my
kids. But one of my few IRL friends,
he is also a pen tester. But when we were both like 1314
(09:53):
years old, we discovered a website calledhackthissite.org.
So before try hack me, before hack the box, there was
hackthissite.org and it was actually created by Jeremy
Hammond, no relation to John Hammond.
Anyone who's in like the OG hackerspace, you know who Jeremy
Hammond was, right? He well he still is.
He was one of the leaders of LALSEC back in like 2011, 2012.
(10:17):
He went to prison for that. He got out I think in 2020, but
he spent a 20 years in prison. I think he got kicked out of
Defcon this past year for shouting at the stage at some
some general. So like Jeremy Hammond is like
the OG hacker culture, but he founded Hack this site way back
in the day. I don't even know when, but me
and my friend Nate stumbled across it and you can still go
(10:39):
to it now. It is still alive.
But they have like basic hackingchallenges and then real world
missions. And so that's what we would do.
Some 13 year olds would spend all night like playing Halo.
We would be on Hack this and we would like pull all nighters and
be dead tired at school the nextday.
But then we would go to school and we think, hey, we don't have
a hack the Box pro lab, but you know what we have?
(11:00):
We have a school network. And so then we would try to take
what we are learning, practice it at the school.
Nothing malicious, but just likeyou couldn't, for example, you
couldn't launch a command prompton the computer.
So we thought, hey, well you canopen up notepadyoucansaveasa.bat
file. You can then use that to launch
a command prompt. So just doing things like that
to see what we were able to bypass.
Long story short, we ended up getting three strikes against us
(11:23):
and we got pulled into the office with like the school
police officer and the Superintendent and they were
like, hey guys, you cannot touchcomputers anymore for the next
year. And if you do, then we are going
to come at you with criminal charges.
So that was my entry into the hacking field.
But I grew up in rural Minnesota.
(11:44):
I now live in rural South Dakota.
And especially when I was 13, I didn't even know that ethical
hacking or testing was a thing. Hacking in my mind was breaking
stuff and being malicious, whichas a teenager sounded a lot of
fun because I was under the age of 18 and that was hacking to
me. So I've always had an interest
in it. I kind of changed careers, but
(12:07):
when I was 16, I got arrested. Crazy story.
But anyways, that's when faith became a big part of my life and
decided to pivot from it becauseI didn't see a role for hacking
back then. Did doing pastoral ministry and
then doing it on the side so always working random IT jobs.
And then I realized hey, pen testing and ethical hacking is a
(12:28):
thing. I live in the middle of freaking
nowhere, but maybe it's possiblefor me to get a remote job and
figure out what it means to be apen tester.
So that's how I ended up there. But it does go all the way back.
Thirteen years old, hackthissite.org, learning like
the basics of JavaScript and then web hacking on that
website. That really is like my
foundation of my entire career. So I've never met Jeremy
(12:52):
Hammond, but honestly, shout outto Jeremy Hammond for making
hack this site. I know he has a little bit of a
reputation in the community, buthe's truly one of The Pioneers
in one of the O GS in the entirehackerspace you.
Know that that's such a fun story and I feel I relate to
that so much because it's so I feel so similar to mine.
(13:13):
But I, I felt like I'm a little bit of a late bloomer, you know,
back in high school, my high school offered ACC and a course.
So that's where my love for networking started.
But as you're learning CCNA, youlearn a lot of different things
and vulnerabilities in the network.
And again, like very similar to you, I didn't have like some lab
I could practice on. Packet Tracer wasn't a free
(13:35):
thing. People who had Packet Tracer
that weren't taking the Cisco courses, they had to pirate it
from somewhere, which wasn't actually that hard to do.
Limewire. Yeah.
You know, you know, we had credentials into the full school
network as part of our course. And let's just say I will not
(13:55):
admit to anything, but we did not get in.
We did not. We weren't up to anything good.
How about that? There is a couple things that
happened and yeah, but you know,after high school, I, I kind of
lost my way too. Funny enough, there was a rest
on my side as well and that started me down a journey, but I
(14:18):
didn't come back around till tech until later in my career.
So I really can appreciate that story.
But the things I learned early on like stuck with me to this
day. Like those those skills, those
that joy and the passion is really what keeps me going.
And I think it's something people should reflect on if they
are considering getting into this field.
(14:39):
Like are you passionate about these things?
Because if you're just trying tomake this career change for the
money, like let's be honest, there is some decent money to be
made if you play your cards right.
But will you truly be successfullong term if you're just in it
for the money you pen testing? Cybersecurity is evolving at
such an incredible rate these days.
(15:01):
I feel like you really have to have the passion to keep you
going. You have to constantly be
learning. I'm I'm not sure if you have you
know what your opinion is on that.
Yeah, I passion is huge and evenlike I, so I gave the talk.
I was actually the keynote for Simply Cybercon a few weeks ago
in South Carolina. But my whole talk was you need
(15:23):
to redefine success. And I think for a lot of people
in the world of tech, they define success as maybe making
over $100,000 a year, having a certification, having a title,
all of those things can be good things.
But what I've noticed is when you define success by what you
are doing, you will never be satisfied.
(15:44):
So I always try to encourage people your career is much more
about the person you're becomingand less about the work that you
are doing. And I've noticed in my own life,
as I focused on being emotionally healthy and an
emotionally healthy leader, thatpays off dividends in my career.
And then passion of course, feeds into that.
Exactly what you were saying. As a pen tester and
(16:06):
cybersecurity in general, It's constant learning, constantly
doing labs, constantly grinding.I mean I work during the day,
then I jump off work, hang out with my kids, and then I'm
usually back on almost every night.
Either live streaming, making videos, making labs, going
through labs, trying to learn. But I genuinely enjoy it.
(16:27):
But that's where it's not for everyone.
Like I would even argue most of the people who go to school,
they want to get like a four year degree in IT.
Their goal is they want to make a lot of money.
Which OK, you might. But honestly what's likely going
to happen is you're either 1. Going to burn yourself out
because you're going to be spending a lot of hours learning
about something you're not interested in or #2 you are
(16:48):
going to become successful in your career.
But honestly, you're going to become a terrible person because
you pursued success via the money and not pursue success via
the person that you are becoming.
So there's a lot that we could unpack there.
I gave like a 45 minute talk allabout that.
But I think that's a big thing to consider.
(17:08):
Passions important. But also just like what success
looks like for Dakota is different than what success
looks like for me. And it's different from what
success looks like for you. You need to define for you what
does success look like in your career?
What are these non negotiables that you need to have or that
you're working towards? Hey really quick, I want to talk
to you about a new test I use for any tool now.
(17:30):
It's the 2:00 AM test. You see, back when I was
breaking into networking, if a link flapped or Wi-Fi got
cranky, I'd end up juggling an ISP portal here, Wi-Fi
controller there, a firewall UI that looks like it was built
back in 2004, and a support contract that I had to go dig up
from someone else's inbox. None of that helps you when you
(17:51):
have a bunch of people standing in front of you asking you, hey,
is it fixed yet? That's why I like Meter.
If you haven't met them yet, think of Meter as the team that
builds the whole network and helps you run it.
Instead of stitching together a switch vendor here, a Wi-Fi
vendor there, and someone else entirely for security, you get 1
(18:12):
integrated stack, wired networking, secure Wi-Fi, and
even indoor cellular. We need coverage or redundancy.
It's designed to work together from day one, so you're not the
glue trying to keep everything going day-to-day.
You live in a nice clean cloud dashboard with full visibility
and control. And because it's delivered as a
(18:34):
service, they don't just ship boxes and wish you luck.
Meter handles the site survey, the installation and cabling,
the monitoring and ongoing operations alongside your team.
That means clearer accountability, fewer moving
parts, and when something needs attention, you already know who
to call and where to look. For me, that passes the 2:00 AM
(18:58):
test. Fewer portals, faster answers,
and a network that feels modern instead of pass together.
Thank you to Meter for sponsoring this episode.
Head to meter.com/it Career to book your demo.
That is METE r.com/it Career to book a demo.
(19:19):
All right, let's dive back into this week's episode.
I want to run with that a littlebit more here.
You know, we're we're not sayingat least I don't think you're
saying is, you know, you don't have to be like the hardcore
workaholic that you know, like Tyler is.
You know, Tyler, I I can completely relate to that.
You know, I I work an 8 to 5 job.
I come home, I have dinner with the kids and most nights I'm
(19:41):
right back out here in the studio till way later than I
should, dead tired the next day and do it again.
And I do it because I enjoy it. You know, I because I have been
on the other side of the screen here trying to break into the
field, and it was another YouTuber who gave me the nudge I
needed to pursue my dreams, to find happiness, to enjoy my job.
(20:06):
And I want to be that for someone else.
That's why I do this. That's why I continue to strive.
But to find success in this field, you don't have to do
that. It is not going to be an easy
path. Don't get me wrong, there is
hard work to be had, but don't don't think you have to live
this constant work, work, work lifestyle to be successful.
(20:28):
You have to figure out what success looks like for you.
I I couldn't have said that any better myself.
You got to figure out what your goals and make sure their goals
that you know you are looking forward to that you are happy to
achieve. So often I see these people that
set goals that are completely unattainium like you know, I
(20:48):
want to make $300,000. I want to be in the top 1% on,
you know, try hack me like thesekind of goals, make sure you can
achieve them and keep on evolving.
And because these your, your career's going to change your
personality, what you like's going to change and you have to
be able to adapt with that, I think is really a key to success
(21:08):
here. Dude, that's good.
And like one thing I would add to this because I know it's true
for you as well, but for those of you who are parents, do not
compare yourself to people who don't have kids.
Like, I'm not trying to be exclusive here, but like, here's
the reality. Having kids, at least if you're
a good parent, all right? If you're a bad parent, this
doesn't apply because you don't spend any time with your kids.
(21:28):
But if you're a good parent, being present to your kids is
literally way more difficult than any certification, way more
difficult than a career, way more difficult than making a
YouTube video, which is why a lot of parents aren't good at it
because it doesn't immediately pay off.
But that's a huge passion of mine.
And when I was first getting in this field, I compared myself to
people like like John Hammond. Like I love John Hammond,
(21:51):
amazing person as far as I know does not have kids, right?
So like if I did not have kids, I could work significantly more
than I already do. I would stay up till 234 in the
morning. But here's the reality.
I got to wake up at 6:00 AM, make my kids breakfast, take
them to school in the summer time I spend on my lunch breaks
with them. I go to their school events.
Like people don't realize that aspect of it.
(22:13):
So I just want to encourage those of you who are parents,
your kids are so much more important than your career.
And if you have to sacrifice your career in this season of
life, not accelerate as fast, not get that certification.
But if the trade off is you get to spend more time with your
kids, maybe make a little less money, but you're more present
to your kids, that's going to pay off so much more than
(22:36):
getting the OSCP 1. 100% you know, I, I have 3 kids, you
know, I have an 8 year old. I have an 11 year old.
I have a 13 year old and you know, initially in my career, I
did sacrifice time with family and time with kids to make it
here. And there's different seasons.
I go through these seasons, likeshort term seasons.
Like right now, I am grinding sohard through the holidays and my
(22:58):
family knows this. They, they understand, they're
here to support me because they know once this season is over,
I'm there for them. But also I make sure like this
year, I make sure like all my kids are super into cross
country. I took time off to be with them,
to go to their meets, to be present.
That is huge. Now moving forward here.
(23:19):
You know, I, I, I already know the answer to this, but I can
guarantee you, people want to hear this.
Is pen testing here in 2026 still a viable entry point into
cybersecurity? And I kind of hear you
snickering a little bit already because I, I, I, I know this
answer, but we have to address this here tonight, you know, on
(23:41):
this video. So that's, that's actually a
really good question because to be honest, it's not a yes or a
no. I'm going to break that down.
So you said viable entry point in the cybersecurity.
I such no matter what I say someones gonna be in the comment
like free Tyler is wrong. So this is for those of you guys
(24:02):
who are gonna sound off in the comments, say it's straight.
Yes. So first of all, pen testing in
and of itself is not an entry level career.
That said, it is possible to have your first job be a pen
tester. So at my previous firm, someone
who was hired like literally their first IT job ever that
they owned a body, a car detailing business before
(24:23):
switching over to pen testing, their first ever IT job was as a
pen tester. But I would argue, not just
argue, statistics would prove that I'm right.
That is very much not the norm. Pen testing.
If you imagine for a moment as aconsultant, you are working with
so many different technologies, so many different clients, that
having a strong background in sys admin, IT support,
(24:46):
networking, whatever your passion is, all of that builds
into pen testing. So pen testing in and of itself
is very much an advanced career.A lot of people go to school,
they're like, hey, I have a fouryear degree in cybersecurity.
I'm definitely hired as a pen tester.
You're probably not going to be able to one IT.
It's super hard to get into, but#2 at least as of right now, the
(25:06):
job market freaking sucks. We've had so many layoffs due to
AI and other cuts. You have incredibly skilled
people trying to get the same job as you.
And so yes, it is a viable entryway into cybersecurity.
But I think in order to get there you need a bunch of stuff.
We can talk about that to unpackat least what my recommendation
(25:28):
would be to get into pen testing, but long answer short,
I don't think it's a viable entryway as your first career,
although it is possible. I don't want to gatekeep, it's
just statistically it's probablynot going to happen as your
first IT job. I, I 100% agree with that and I,
and I knew that was going to be your answer, but I, I had to ask
you because we had to address itbecause I, no matter how many
(25:49):
times I see that in my YouTube videos, like I feel like cyber
security in general should not really be someone's entry point
into this tech industry. It can be, absolutely can be.
I see. I, I personally know plenty of
people who've done it, but I feel like you know, you're,
you're giving yourself a disadvantage almost by trying to
break right into like a pen testing role where coming up and
(26:11):
kind of like it's rite of passage.
I feel like to like maybe start not necessarily starting at the
help desk, but like an entry level like support role or a
network engineering role and then work into that pen testing
role or that sock analyst role. And then pen testing.
Because the skills you learn at those entry level roles are
going to really set yourself up for success in those higher
(26:34):
level roles and going to make itby the time you get to that pen
testing job, you're probably going to be able to demand a lot
higher salary because you're going to have more experience,
you're going to have more skillsunder your belt, and you're just
going to be that much better of a teammate to your team member.
It's not even just about the skills, it's about being a good
teammate and being a good fit within that organization.
(26:56):
It's spot on and like IT supportgets a better rap.
I think I remember watching Dudenetwork Chuck.
This would have been three or four years ago.
He did a really good live streamon, I think he was helpdesk or
IT support or something back when I think I was a manager of
IT support. Like I managed an IT department
for a local college at that time, but I thought it was
(27:18):
incredibly well done. And of course there are some IT
supporter helpdesk jobs where you're just like a phone jockey.
You take a phone call and then you don't have any time to
troubleshoot. You just escalate it to Tier 2.
But honestly, a lot of IT support jobs, you get to do a
mix of support, sys admin, networking, security, it, it not
only is a great entry point, I, I think they're fun.
Like I thoroughly enjoyed my time in IT support and as a pen
(27:41):
tester. The customer service skills you
learn in IT support of working with end users, You don't escape
that. You just take that as a pen
tester and you turn it up because now you're talking about
way more money and way more skilled people sometimes on the
other line. And you need to learn not to
have an ego. That's the other thing that that
drives me crazy. I talk to people who are like,
(28:04):
well I want to get into pen testing, but the only jobs that
are available are help desk and I don't want to do that.
My answer is freaking get over it.
Like take whatever job you can get.
Start building that experience. If you think help desk is below
you, you have an ego. You're not going to do good as a
pen tester anyways. Find a different career.
But a good pen tester is humble.Like we recognize we don't know
(28:25):
everything. And I noticed people trying to
get into the field, they seemingly know more than me and
I do this for a living, but theythink they know more because
they did the OSAP or the CPTS orthe PNPT or the PT1 or the other
alphabet letter soup certifications.
Certs are good, they are not thereal world and they don't teach
you that well. How to communicate with PNPT
(28:46):
makes you do a debrief at the end.
So I have to give a shout out toTCM for doing that.
But man that was a little rant there.
But honestly, take whatever freaking job you can get, and if
you think a job is below you, you need to go look in the
mirror. You're not that important.
You're not that awesome. Do what job you can get and
learn and grow and take the opportunities as they come.
That is 100% the truth. I mean, absolutely.
(29:10):
And that's, that's really the approach I I took when I first
broke in, you know, before I gotinto tech.
And I'll keep the story short because I've told it a bazillion
times. I feel like, but I was a
bulldozer operator. I drove a freaking bulldozer.
I had no experience and I knew Iwanted to be like a networker
system and administrator long term, but I knew I couldn't just
jump into that role with no experience.
(29:31):
You know, I was a college dropout.
I was way too interested in girls when I went to college.
I, I flunked out of college. I had no certifications.
Like I took the CCNA in high school, but the CCNA is only
good for three years. This was like, I don't even
remember how like 10 plus years later.
So that wasn't going for me anymore.
(29:53):
The only thing I had going for me was my drive and willingness
to learn. Like I was so burnt out.
I'm just doing jobs to put food on the table.
I want to do something that mentally challenged me.
And I always had a huge passion for tech, so I knew I was going
to have to start at the entry level jobs.
I knew it was just going to be astepping stone and set me up for
my next job. And it was exactly that.
(30:14):
I got hired at a hotel company as an IT support specialist day
one. All I was doing is like being
that phone jockey guys, resetting passwords, e-mail
passwords, creating ad accounts.I was terrified because I didn't
even know what Active Directory was.
I was so worried. But while I was there, I just
made it my mission to learn everything, to learn how
(30:36):
everything worked and it didn't go on recognized I anytime I
would see like where that they were doing an update or they're
doing something new, I would be like, Hey, can I be the fly on
the wall? Hey, can I, can I watch you
guys? Can I help at all?
And I evolved in that role, likeso did my like my skills with
(30:56):
it. And before I know it, by the
time I was there and I left thatcompany two years later, I was
in charge of designing the complete IT infrastructure for
every single brand new hotel we are building.
We are building like 3 to 4 brand new hotels a year.
And when I say like in charge, like I was sitting down with the
architects, you know, the building architects market at
(31:16):
the blueprints like OK, I need aIDF here.
I need cable ran between this idea and this IDFI was placing
access points to I was also the guy that was hanging the access
points. You know, I wasn't doing the
cabling. We, we, we got a contractor to
do the cabling, but I wired all the switches up.
I hung the access points. I did it all and it was so much
(31:36):
fun because everyday was something different.
And that really set me up for success for my next role, which
was a network engineer. And through that drive and
passion, I was able to go from that entry level job, IT support
specialist to a director of network operations in three
years. So just because you're starting
(31:59):
at the entry level job now doesn't mean you're going to be
there forever. Yes, there are some people that
really enjoy the entry level jobor just want a job that they can
sit back, kind of like you were talking about in the beginning,
where they can just sit back anddo nothing all day and just only
work when things go wrong. If that's what you want, great.
But if you want to make that money, if you want to strive for
(32:19):
a job that you just wake up every morning and are excited
for, then be ambitious. Have that drive, want more?
Because I guarantee you it's notgoing to go unnoticed in this
field. And if it is going unnoticed at
your job, you're in a toxic workenvironment and it's time for a
change anyways. So there I got on my my soapbox.
We're going to we're going to step off there.
(32:41):
That's so good. That's and I love what you added
about just like the willingness to shadow.
That's actually I remember Chucktalks about that in the live
stream and I was sharing it withmy students at that time.
They worked in the support center, but they were students.
But that's huge. Just like having that
willingness to learn. Nothing is below you and
everything is an opportunity to learn.
There is few people I think thatgenuinely have that attitude and
(33:05):
when you do have it, it really does pay dividends.
People notice in more than one way and you will just naturally
level up in your career as a result, I feel.
Like we've kind of covered the basics.
Let's start diving into some of the skills, like say someone
that's either already working intech and wants to pivot into pen
testing, or they're going to be really ambitious and try to
(33:26):
break straight in. Like what skills do you
recommend? Like are some must have skills
for anyone looking to break in right now?
Yeah. So we could talk about skills or
certifications. They kind of go together, but
kind of don't. So let me just start with the
fundamental skill that's not even tech specific, but that's
just curiosity. Curiosity is an underrated skill
(33:48):
in all things tech, but especially in pen testing.
As a pen tester, you're constantly having to break
stuff. Like no one gives you a document
saying, hey, like here's how ourapplication can be broken.
So you need to be genuinely curious every time you're
looking at an application. Like when I'm just using an app
in general or my e-mail, I'm always thinking about like, man,
(34:08):
how could this be abused? How could this be attacked?
How could I use this in a malicious way?
And for example, on one engagement, and you see this in
a lot of applications, you're able to send invites to someone.
So let's say the Hack Smarter platform has an invite feature.
You send an invite and it emailsanother person from the Hack
Smarter domain. Well, on this application, it
allows you to put in a custom message.
(34:29):
And when I intercepted the request, I also saw I could
insert HTML. And so I was able to use their
invite feature in order to send phishing emails from their
domain with malicious URLs in it.
All because I was curious about how does this e-mail feature
work? How can I abuse it?
How would an attacker use this? So curiosity is huge.
And that will take you incredibly far in your career.
(34:52):
Now the reality is I shared before the job market is rough
all the round, but the job market has always been really
difficult for people who want tobe pen testers or ethical
hackers because everyone, maybe not everyone, most people have
seen Mr. Robot and they want to do Mr. Robot stuff, right?
And they, you ask you, I don't know for sure.
So, you know, most statistics are made-up, but I'm pretty sure
(35:14):
like 80 to 90% of students, if you ask them right now who are
in school, what do you want to be when you graduate?
So many of them are like, hey, Iwant to be an ethical hacker,
right? Because it looks cool.
They think they'll make a lot ofmoney.
Here's the reality right now, toget a job as a pen tester, you
need a few almost non negotiables #1 you almost need
(35:35):
the OSCP. Now I'm personally not a huge
fan of off SEC but the OSCP is still by far the gold standard.
If you want to get a job as a pen tester.
There are other search like the PNPTI would say is number 2.
Another well known 1 you have the CPTS which is arguably more
practical, more difficult, but doesn't have that HR
recognition. Same with the PT1 that's try
(35:57):
Hackney's new cert really practical like very real world
but just it takes a long time toget that name recognition in the
eyes of HR. So you need the OSCP.
That in and of itself is about $1700 I think for one exam
attempt. 90 days of lab access and there's no questions.
You get a VPN and it's either can you hack or can you not,
(36:20):
right? You get 24 hours to compromise 3
machines and an ad network, another 24 hours to write a
report. But here's the thing, a lot of
people have the OSEP who are still trying to apply for that
job. So you need to stand out even
more. So then I recommend getting a
CVEI have I think 12 CV ES. For those who don't know what
that is, a CVE is a zero day. You discover a vulnerability and
(36:42):
generally open source software nobody has ever seen you report
it to the vendor, they help patch it or you help patch it.
11 fun story is Go CMS, massive CMS used by Mozilla, I think
open AI. I found a CVE, one of my CV ES
is in them. It was cross site scripting that
led to privilege escalation. I found it.
And because it's open source, I patched my own CVE open up hold
(37:05):
request. And so I found the vulnerability
and I patched it. But like you need that as well.
So you need, you need the OSCP, you almost need at least one CVE
in your resume. And then #3 you almost need a
personal brand because whether you like it or not, it is very
much who you know, not just whatyou know.
So YouTube may not be for everyone.
(37:27):
Like for Dakota and me, I'm kindof preaching to the choir.
We have YouTube channels. We make content all the time.
But maybe it's not YouTube. Maybe it's a blog, maybe it's
just being active on LinkedIn. Maybe it's a Discord community
that you're a part of or that you started.
But you almost need all three things in place, honestly, to
get a job as a pen tester. And I'm not saying you have to,
(37:47):
but I am saying in order to stand out, you need the OSCP,
you need a CVE and you need sometype of personal platform.
And most people would hear that and be like, holy crap, I need
all of that just to get a job. And the reality is kind of like
you might get lucky and not, butthe people you are competing
against have many of those. I don't think many of them have
(38:08):
all three. So that's just one way you can
really stand out OSCPCVE personal platform.
And then just maybe you'll finally be able to land a job as
a pen tester. So more difficult, I think than
people initially think. Or they saw some YouTube who
wanted to get a bunch of views and said, hey, take my boot camp
and you'll become a pen tester. The reality is no, you won't.
(38:31):
Like it's so much more than a boot camp, so much more than a
certification. There's there's so much that
goes into it. I.
Really think that's shine some light on why we say while it is
possible to just jump right intoa pen tester job, it's kind of
almost unlikely. You know, you're going to find a
lot more success because if you're while you're working like
(38:51):
in a sock, you can be building these other skills, you can be
building out your portfolio, youcan be learning and doing, you
know, bug bounties and you know,building that personal brand.
And I, I think having a personalbrand is way underrated in
almost all fields of tech nowadays because let's be
honest, when you are applying for jobs, especially in the tech
(39:12):
industry, but I think this is kind of just universal and you
are selling yourself. You are selling you, you are the
commodity now. And you got to convince that
hiring manager why they should pick you out of all the hundreds
of other candidates. So having a strong personal
brand, having those connections,like we haven't even started
talking about in person networking because let's be
(39:34):
honest, very, very much so. And I, I absolutely hate it with
a passion. This field sometimes boils down
to it's not what you know, it's who you know.
And I think it's the most unfairthing, but it's the world we
live in and networking with people plays a huge factor.
(39:56):
I feel like on your success and part of that, you know,
networking with people, it goes back to your personal brand and
all that. So I mean I, I and if you want
to, I think we should talk a second about that too, because.
But it's, it's the truth. Like I, I again, I, I think it's
totally unfair because I just know plenty of super smart
people out there that just don'tlike to network with people and
(40:21):
they struggle because that they,no one knows who they are.
And, you know, really the peoplewho go out and maybe don't know
near as much, but they're, you know, going out and talking to
people and working on those communication skills and
networking, we're finding it a lot easier to land jobs.
Spot on. It's true, it is unfair like it
(40:45):
really is, but it's reality. Like you can complain about it
all day, but it is reality. The way I like to think about it
is when we generally think of networking, we think of using
people, whether or not we say itout loud.
And what I mean by that is people here networking, they
think, OK, I need to go to a conference.
I need to find a hiring manager,and I need to, like, somehow
(41:07):
showcase my skills to them. So they then offer me a job
that's not gonna work. Like people can tell if you're
using them. Good networking means building
genuine friendships and good networking also means just
figuring out what are some ways that you can give back to the
wider community. I mean, that's why I started my
YouTube channel. I know that's why you started
YouTube channel. That's why I started to hack
(41:28):
smarter. That's why I started my Discord
community. But just like my YouTube channel
has opened amazing doors. Like I love it when I go to a
place like Defcon and like constantly people are like, hey,
I watch your videos and they've helped me in this, this part of
my career. I remember this past Defcon.
This is a crazy, crazy moment. So we all know, we all know
Chuck. I know you know Chuck as well.
Incredibly nice, one of the nicest people I know.
(41:51):
I was able to be on his YouTube channel a while back, but I got
to DEFCON that yes, I so I walked into my hotel lobby at
DEFCON, just got off the plane, got off my Uber and then
someone's like, hey, Tyler and I'm like, shoot, someone already
recognizes me. It was freaking Chuck and his
whole team. I was like, dude, what?
You're the first person that recognizes me that I run into.
(42:12):
And I remember we're sitting there chatting and like
constantly people are coming went up to him and talking to
him and I'm like, hi. But there was one time, one time
someone came up and they said, are you Tyler?
And I was like, holy crap, you don't recognize to do with the
beard next to me. And it took them a second.
So there was one person who knewme but somehow didn't know
Chuck. They eventually guessed him once
they stared at him long enough. But it's like, I wouldn't have
(42:34):
those opportunities to meet people like you and like Chuck
and and Heath and these other big names in the industry.
And what I've noticed about all of these so-called big names is
they are just real people who are genuinely committed to
giving back to the community at large.
And the reason someone like Chuck that he has such a massive
platform is behind all of it is he has a passion for helping
(42:56):
other people. And so my encouragement to
people who are a little put off by the word networking, just
change it to helping other people.
The more you help other people, the more you give back,
regardless of where you're at inyour career, that is networking
and that will begin to open up those doors and and begin to
build genuine friendships and relationships with other people
(43:17):
in the industry you. Know that is so true, but I
already can hear the comments saying, well I'm brand new to
the field. How can I possibly help someone
out? Like you don't realize how much
like even if you're just sharingwhat you're learning, how much
that might help someone out. You know, everyone has different
journeys. Everyone also likes learning
(43:39):
different things from different people in different ways.
A lot of things you and I do areprobably not original.
Someone else has probably done something like this on our that
we've done on our YouTube channel.
Doesn't mean that what we're doing isn't good.
It's just we have a different personality.
We have a different way of explaining it and like I create
content because people like to watch my content from me, you
(44:02):
know, and that's what I I focus on.
Some person might watch you likeyou.
Like let's say you create the same video that I do like the
exact same word for word. People are going to watch your
video because they like you the way you deliver it.
People are going to watch my video because they like me, you
know, it just kind of goes back to that.
So you never know if you who you're helping and what
(44:25):
connections you might make. I can I can speak from personnel
that this YouTube channel has opened up so many options and so
many doors that I would never have had.
And again, you don't have to just create a YouTube channel.
You can start small, create a blog, post articles on LinkedIn,
do something like that, but givemore than you take.
(44:46):
Because whenever you can give people more than you ask for in
return, it's always going to come back to you at tenfold and
you, you're just making the world a better place.
I don't. I don't know how else I can say
it. Dude, you're spot on.
I mean very little that I would add to that.
I think like online networking is important and to be honest,
(45:08):
that's where I do most of my networking because I live once
again in rural South Dakota. There's no B size, there's no
meet up groups, but those conferences are huge too.
Defcon is a good one. I go to three conferences every
year. You have Defcon.
I now go to Wild West Hacking Fest over in Deadwood and then
simply Cybercon. All of those conferences are
amazing, but the real, I think the real power happens not
(45:30):
during the conference, but it's the late nights.
Maybe you're sitting around at abar somewhere or at a meet up
somewhere and that's where that real connection happens and you
would just be surprised what comes out of that real genuine
face to face connections. I also know that many people in
this field are introverts, myself included.
I literally just released a YouTube video on this on my
(45:50):
channel. But even when I was a pastor, it
was a huge struggle for me because, you know, part of being
a pastor is meeting people all the time.
And I sucked at small talk. I sucked at making conversation.
I quite literally read books on conversational skills so that
when I meet someone at a meet up, I'm not super awkward,
right? But it's just little things like
(46:11):
that that really do pay off dividends if you put in the time
and, and put in the work for that face to face networking and
also some of those online communities.
Just remember what you post on the Internet is on the Internet,
right? So just keep that in mind.
I also use my real name, like Tyler Ramsby is my name
everywhere and I think that's helpful.
(46:32):
I know a lot of people like to use screen names, but it's
really hard to connect like Master Kangaroo 321 to John,
right? Like that part's hard on the
online. So if you are doing personal
branding, I know people have different levels of OBSOC.
I just took the Jon Hammond route and was just like, OK, I'm
Tyler Ramsby, that's my name, that's also my hacker handle.
(46:54):
For good or for bad. One day I might regret it, but
as of now it is what it is. You know, I, I've thought about
that several times. You know, I went through a
rebrand on the channel and of course I am the bearded IT dad.
And that's just the, the branding I decided to go with.
But I, I, I did it for a while, think like, should I focus on
branding me more, work more on my personal brand.
(47:16):
And I'm at a point in my career and it's not this.
Don't do as I say, you know, type of theory.
Do as I say, not as I do. I really enjoy my day job.
I absolutely love it. I am working my dream job.
I have no ambition of changing anytime soon.
That is not a great advice though, in all honesty, because
(47:36):
my job could go away tomorrow. I'm in a different position.
If my job went away tomorrow, you know, I have my YouTube
channel, I could, I could lose my job tomorrow and my family
would have still food on the table and a roof over their
head. So I think that's why I focus
more on like the channel branding than my personal
branding. But if I was at a spot where I
(47:57):
was eagerly developing my careerand wanted to make sure like if
I ever lost my job, I was ready to go again. 100%.
That personal branding, you can maintaining those connections
even when you are not actively looking for a job, still work on
that personal branding and that networking.
Because you never know in this day and age when you come in
(48:20):
tomorrow and your desk is all packed for you and like you're
they got your final paycheck. So 100%.
So true I. I want to pivot here a little
bit because I really want to hear more about what you're
doing in your own organization. How you know, you left a full
time job in pen testing and started your own, your own
(48:44):
company. And I think that's really crazy
and amazing though. And I, I kind of want to hear
what drove you to do that, if you don't mind talking about it.
Yes, and thank you for that because I when I talk on this, I
always try to level set expectations because I don't
want to be the YouTube that's like, hey, look at what I did.
You can do it too you, you mightbe able to, but there's a lot of
(49:06):
very unique things that work in my favor.
So I shared before I was a pastor for 10 years, I made
almost no money. Like my salary was like 30 to
$40,000 a year. Like my kids qualified for like
government funded health insurance in South Dakota.
Anyone who knows South Dakota, you had to be really broke to
qualify for that. So I made very little money for
(49:27):
most of my adult life, but I wasfine.
Like we didn't ever really struggle financially, we had
savings. We always lived below our means.
Once I got into tech full time Imade so much more than I ever
made as a pastor. But a big decision that me and
my family made is like hey, we were already happy and fine
before so we never increased ourstandard of living.
(49:47):
I live in the same house. I used to be able to say I drive
the same car but my car literally stopped working so I
had to upgrade to the 2012 HondaPilot now.
But like very much live way below my means and always has
always have. And as a result I've been able
to put a lot of money in savings, a little bit of
investments. So before going full time on my
(50:09):
own. I had about one 1 1/2 to two
years expenses saved for my family.
So if I made zero money for the next two years, my family would
be covered, I'd be able to pay for health insurance and all of
those things. So I just want to level set
expectations that way I'm not going into this blind and having
to like live paycheck to paycheck based on how my
(50:30):
personal business is doing. So that's, that's a big part of
it. But #2 I've always had a passion
for doing entrepreneurial stuff.So of course a church is not a
business, but for 10 years of mycareer, I was a church planter.
So we went to a community. Actually, where I live now, we
started a church from scratch. I had a staff that I oversaw,
(50:51):
but I really didn't have a boss,so to speak.
I LED things, I casted vision and that LED staff in that way.
When I switched over to ITI had a boss.
And honestly, it was a crazy adjustment to like when I wanted
to do something for my kids, I'dhave to ask for permission.
I was like, what? This is silly.
I don't want to ask for permission.
Like when I was a pastor. One of the things I really miss
(51:11):
a lot. Is.
One of my many side jobs is I was a substitute teacher in the
school. So like I used to be my kids as
teacher. It was amazing.
I used to go to the school and teach and was able to do things
like that where all of a sudden I have like an employer that's
like, no, you have to like be here from here.
Until then, it doesn't matter ifyou get your work done, you are
stuck here. And so I knew from the
(51:33):
beginning, and I told this to mywife five years ago or whatever
that I'm going to IT full time. But like my, I'm, I'm not going
to work for other people for very long.
Like I will launch my own thing,a pen testing company
specifically told my wife, I want to do pen testing and
YouTube and I'm going to make ithappen.
I just don't know when. Well, I just came to a spot in
(51:54):
my career as my YouTube set of things are growing.
Hack smarter was growing. I was at a spot where I just
couldn't do it all. I was quite literally burning
myself out working, you know, my8:00 to 5:00 and then building
hacks smarter in the evening anddoing labs and courses.
It was just too much. And I was like, OK, I need to
choose one of these. I have enough in savings.
(52:15):
Let me just try to bet on myselfand see what happens.
And had a really good conversation with Rhino
Security. That's where I worked previously
with the founder there. And it was just like, dude, I'm
not quitting here to work for somebody else.
So I have a lot of flexibility here.
So I gave a three month of notice, which I don't recommend.
It can get awkward depending on where you work.
It worked for me, but I literally gave from the three
(52:36):
month notice. I was one of the lead pen
testers there so there was some complex projects that only I
could do. So I stayed to finish out those
projects. And then October 1st was my
first solo day working on my own.
But we're only about two months into it now.
I will say I before October 1st I was already building my
platform and honestly making more money from my side gigs
(52:58):
than I was from my full time job.
So I wasn't going into it fully blind.
And even now, like it's gone so much better than I ever could
have expected revenue wise. The stress is tough.
We could talk about this, but I said yes to too many other
businesses like contracts on theside trying to pay my bills.
So that was one big mistake I made.
(53:18):
But outside of that, it's gottensignificantly better than I was
expecting. But I also recognize I'm two
months in, a year from now, I'd be able to give a lot more
wisdom, I think. But the other big thing I'm
doing, because I'm building thisin the public, and that's been
my commitment to those in my community from the beginning
that I would share with him the good and the bad.
(53:39):
So almost once a week, I'm just share very openly and honestly
about how revenue is doing, about whether or not I'm able to
pay my salary, about clients, about successes, about failures,
and being quite literally as transparent as possible.
Some would maybe say too transparent but I don't know,
like I really feel like I'm in this with the entire hack
(54:02):
smarter community and the wider community as well.
There's some people who may wantme to fail, which is fine, they
can follow along as well. But really I want people to
learn from it. Like maybe you can't start your
own business right now, but you can watch me stumble around and
maybe, maybe y'all fail. Maybe 2 years from now I'll be
like hey this, this wasn't rightfor me and I'll go back to being
AW2 employee. But maybe I'll inspire somebody
(54:24):
else who builds an amazing company.
And if that's the case, that's still a win win to me either
way. That, that is, that is so cool.
And I, I'm curious, you know, I know you're only about two
months into this, but so far, what have you found to be the
hardest part of this, this change for you?
The hardest part is managing theanxiety and I knew this going
(54:48):
into it. I actually made videos about
this before, but dude, I came soclose multiple times before
October 1st of just throwing in the towel before it even
started. Just the anxiety was so
overwhelming to me. And a big part of that is I have
a wife and two kids. I'm the sole income provider.
So like I don't have health insurance through my wife's job,
(55:09):
nothing like that. So it is all on my shoulders.
And so I'm always going back andforth between like, dude, I'm
leaving high paying 6 figure comfortable job as a pen tester
to freaking Yolo this and try something on my own.
Like on paper it doesn't make sense.
But like I have this drive and Ihave this build that I want to
build something on my own, not for somebody else.
(55:30):
But there was multiple times going before October 1st that I
came this close to calling my current employer and just being,
hey, I made a mistake, I don't want to leave.
Would you let me stay on? So that was hard at 1st and
after launching that is still really difficult.
I mean revenue and stuff has been good, but the difference is
(55:52):
depending to being self-employedand being AW2 employee is as a
self-employed person. You, I mean you eat what you
kill as they say, right? You make money when you're able
to do sales and work with clients.
You don't make money when that'snot happening.
There is not a steady paycheck. There is so much risk and
there's a lot of upside of things pay off, but there's so
much risk going into this that you don't fully appreciate until
(56:16):
you have no other safety net. You have no other paycheck.
It's you paying yourself throughyour own company.
That's incredibly stressful. But that led me to what I talked
about before. I had a bunch of other contracts
I agreed to for really teaching.Most of it was teaching because
I was so anxious about paying mybills.
(56:36):
I said yes to all these other companies and then already
stretched myself way too thin tothe point that I couldn't even
focus on Hacks, Murder and Kairosak.
I was once again building other people's freaking companies
because my anxiety caused me to say yes to them and no to me.
So the other big lesson I'm learning is you really do have
to say no to good things so you can say yes to the best thing.
(56:59):
So where I'm at now is Hacks, Murder and Kairosak.
They are my only focus. I am now saying no to every
other company. That's like, hey Tyler, can you
work for us? Can we do this contract?
I could say yes. I couldn't make more money that
way, but that's not why I quit my job.
If I just wanted to make more money, I would have kept working
on my other job. I took a freaking $60,000 pay
(57:20):
cut to do this. Cut my salary by that much.
So like, I'm not here trying to make money.
I'm here trying to build legacy.I'm here trying to help people.
I'm here trying to make an impact.
And so that just keeping focusedon my mission and my definition
of success is probably the hardest thing so far.
That that is, is so encouraging to me as a an entrepreneur, you
(57:42):
know, someone who also runs a business, runs a YouTube
channel, and I'm also working full time.
I definitely understand the struggle there too.
You know, I have fought burnout so many times just by trying to
take on too much, trying to say yes too much.
I always come back to why am I doing this?
(58:03):
You know, why am I working in tech?
Why am I creating content? You know, it's because I want to
help others. I want to help others succeed.
I want to demystify some of these, you know, misconceptions
in the tech industry to try to help people achieve their
dreams. That's why I I still do this.
And I got a really quick add on question to this conversation,
(58:26):
though, is, you know, if someoneelse is like they're, they're
working like AW2, they're they're working for someone else
and they just, they want more. They want that freedom.
And I don't know it's necessarily know if freedom's
the right word because there's alot of other strings that come
attached when you work for yourself.
But how does someone know when it's time to take on these risks
(58:47):
themselves? Yeah, 1 is, I think they really
need to understand their motivation.
So I think a lot of people think, hey, I will start my own
business for freedom. Then I can determine when I get
to work. And you know that there's a,
there's a joke, but it's so true.
You can determine like which 16 hours a day you get to work.
Congratulations. But the freedom that I think is
(59:08):
amazing is the freedom to build what you want to build and then
make the decisions you want to make.
And now you also face the consequences if you make a bad
decision. But that's the freedom.
I love the freedom to build whatI want to build.
And it is really nice. Like when my kids have an event
at school, I don't have to ask my freaking supervisor if I can
take, you know, an extra 2 hoursoff as part of my lunch break.
(59:28):
I just do it. So there is freedom in that way.
But as far as whether or not a person is ready, I think it
comes down to do you have the financial safety net for good or
for worse. You do not want to launch a
business, I would argue, withoutat least 12 months worth of your
full income in savings or at least in investments that you
(59:49):
can pull from quickly. If you launch a business without
a really strong personal safety net, it's going to force you to
make bad decisions about your business.
You're going to prioritize shortterm wins.
Over a long term sustainable success.
And so even for me personally, I've said no to multiple clients
already for Chirosec because they didn't fit what I am trying
(01:00:11):
to build or I didn't fit the type of work that we're trying
to perform. But the only reason I have the
freedom to do that is because inthe front end, I was able to
load myself with a bunch of savings so that regardless I can
provide for my family. So that's a big part.
Do you have the financial safetynet?
But the other part is how comfortable are you with risk
and how comfortable to argue with being a self starter.
(01:00:33):
There's a lot of people that if they don't have a supervisor
telling them you have to clock in at this time, they don't
clock in, they oversleep, they maybe don't start their day till
11. They're only work a few hours.
The best thing that you can do is have a regular schedule.
So I still work 8:00 AM to 5:00 PMI have a set schedule.
I have to work in the evenings as well.
I even purchase office space. So for a long time I work from
(01:00:56):
home, which is amazing. But I noticed that for me, I
needed a separation from my homeand my work to be more
productive, but just to have that separation.
So in rural South Dakota is super cheap.
Like I was able to get an officefor like $200 a month and it's a
full building, fully private just for me.
But I commute to my office. It's literally a 5 minute bike
ride from my house. But I commute to my office every
(01:01:18):
single day to have that schedule.
I clock in at 8 AMI take an hourlunch break to decompress.
I usually walk home, hang out with my wife for a little bit,
come back to work. So I treat it like a traditional
job, which would be my encouragement for other people
as well. You need to treat it like a
regular job. Work your 8:00 to 5:00 and then
you will have to work evenings. You will have to work outside
(01:01:39):
hours, but that's the other big thing.
If you're not a self starter andif you need someone to poke and
prod you or answer all your questions, entrepreneurship is
definitely not for you. Absolutely.
Now I I got to ask, what is one thing you wish?
Let me rephrase that. Through the power of editing,
(01:02:00):
mess up won't be in there. What is one thing you wish
someone dreaming of becoming a pen tester will walk away from
this conversation we had today. But before you answer that,
you've mentioned you have a YouTube channel.
You have tons of resources. You get back to the community.
If people want to connect with you more, where can they find
(01:02:20):
you? Yeah, the.
Best spot is probably YouTube. You can also connect over at
hacksmarter.org. That's our training platform.
But on hacksmarter.org you get alink to our Discord.
Our discord is completely free. We do a weekly goal meetings
where a bunch of people gather together, talk about career
goals, We do career coaching at a donate what you can, we do
(01:02:41):
free workshops, we do resume reviews.
Everything in the Hack Smarter community itself has no paywall.
It's completely free and I'm super active there so YouTube
and discord is probably the the best place to get a hold of me.
To answer your question, what would I want someone to know
about pen testing? I would want you to know if you
want to start a career as a pen tester #1 it really is an
(01:03:04):
amazing career and for the rightperson, it's the best career
that you can possibly have. But I also want to let you know
that it's going to be difficult to get into the field as a pen
tester. I do not want to sell you a pipe
dream. I'm not saying buy this course
and you'll become a pen tester. I do have courses.
I do think they're amazing. You can find them at
hexmurder.org. But my courses aren't going to
(01:03:25):
be enough to get you in the field as a pen tester.
Well, we'll get you into the field.
This curiosity, consistency and persistence, consistency in and
of itself is one of the most difficult things to do.
A lot of people can be passionate for a month.
Can you be passionate for three years, six years, 12 years, 20
years? It's that consistency that's
going to pay off long term in your career.
(01:03:46):
And so it may seem impossible for you to become a pen tester.
I just wanted to let you know it's possible.
I live in rural South Dakota. There are more cows than people.
I got a job as a pen tester. I have now launched essentially
2 tech businesses from the middle of freaking nowhere in a
cornfield. If I can do it, you can do it as
well. No, absolutely this.
(01:04:08):
This field is completely achievable.
You know, if, if you have the motivation, the willingness to
learn, the willingness to, to follow your dreams and passions
no matter what obstacles you runinto, you can absolutely achieve
this career field 100%. And you, you just need to start
(01:04:29):
today. Like just start working towards
your goals. Create a plan.
I so see so many people, you know, procrastination is kind of
huge sometimes where people like, I want to become a pen
tester, but I'll start tomorrow.Tonight I'm going to watch my
Netflix or whatever. You know your your thing is a
(01:04:50):
bit making up excuses. Start today, start messy.
Start. Just just do something to work
towards your goal every day and follow your passion.
Because that passion for this field is what's going to keep
you going when you are sick and tired of studying, when you are
getting rejected on every job you apply for.
(01:05:12):
That passion you have like the willingness to learn, the the
drive, the want of this dream, this career.
That's what's going to keep you going in your worst time when
you feel like you can't make it in this field.
So good spot on. I have nothing to add to that.
That's so good. Well, Tyler, you know, thank you
(01:05:35):
so much for taking this time. I, I want to be respectful of
your time. I know it's late.
I really appreciate you coming on.
This has been such an amazing episode.
Guys, go check out Tyler's YouTube channel.
He offers such great advice. I've I've watched his live
streams many times. I've watched his videos.
You know, I got to participate in ACTF with him and I won.
(01:05:56):
I'm not going to rub that in anymore.
That's right. Yes.
Yeah, that was that was a crazy experience.
Tyler, you're such a great guy and I can't thank you enough for
what you do for this community and helping other people out.
Thank you, Dakota, and thank youagain just for the opportunity
to be on the show. It truly is an honor.
Absolutely everyone, I really hope you enjoyed this episode
(01:06:17):
and until next time, keep learning.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.