February 13, 2024 • 38 mins
In this episode, I'm talking about my story of getting into cybersecurity - what got me interested, how I became a pentester, what motivated my to create my channel and finally, how I became a bug bounty hunter.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
In this episode of BBRD podcast, I actually have no guest.
(00:04):
Instead, I'm solo and I will tell you about my journey to cybersecurity.
How I started, what sparked my interest, how I then got through the computer science degree,
how I started the YouTube channel, my other YouTube channel, which you probably don't know about,
and then until today, when I do half, let's say YouTube and half bug bounty
(00:27):
with a lot of travel and sports in between.
So enjoy the journey. I think there are a lot of takeaways that you can use in your career.
So I hope you will find it either entertaining or useful.
Enjoy.
As a teenager, I already knew that I want to be a programmer. I want to work in IT.
(00:49):
The reasons were not that strong, to be honest.
One of them was that I used to play a lot of games as a child.
So I had to be proficient with computers, which usually just meant installing something or solving a problem,
but definitely nothing like programming or using the terminal.
And the other reason was, of course, I knew that programmers make a lot of money.
(01:11):
So I wanted to do this, but I wasn't particularly interested in this.
I didn't do a lot by myself to fulfill this interest.
Like a lot of hacker stories that I'm hearing is, you know, someone was hacking PlayStation at the age of 12
or creating cheating to Counter-Strike or to other games.
It's not my story. For me, hacking was not present until I was age 19.
(01:37):
And at high school, I knew I wanted to do my final exam with computer science.
But at school, we pretty much didn't have a teacher.
So we had a small group of students that wanted to learn by themselves.
It was led by one of the past students of my high school.
And as this group with one of the teachers, we went to Warsaw to a conference called Warsaw Computer Science Days
(02:08):
or Warszawskie Dni Informatyki in Polish.
And then there was a presentation by General Coldwind about CTFs.
And this is actually the moment where my cybersecurity interest started.
So it was quite late for standards of a lot of cybersecurity people that we know.
(02:30):
And then I started to be interested in CTFs.
I started playing PicoCTF. It was my first CTF.
The tasks there are very simple.
The first task that I did was learning to use the cat command in Linux, learning to use LS,
learning what's base64 encoding, learning what's hex and simple stuff like this.
(02:51):
But it was definitely what I needed back then because I couldn't do anything else.
And I remember that in the beginning, I wasn't interested in doing the web stuff for some reason.
I don't know why.
And then somehow I did still transition to web.
After starting to be more interested in CTFs, I started to learn web security.
(03:17):
And then between the university and the high school, the final exams are in May in Poland.
So we have like four months, maybe four and a half months of holidays,
pretty much the longest holiday of your life usually.
And then I was selling strawberries.
(03:38):
And it was a season where strawberries were quite expensive.
So not a lot of people were buying them.
So I would just sit for like 10 hours, not doing much for most of the time because there wasn't much traffic.
And I remember I was reading the web application hackers handbook when I was there.
(04:00):
And I intended to do this task practically after my work.
I remember there was a page on bug crowd about how to start bug bounty.
And I remember that on this, I think it was a forum post.
I don't remember when it was, but I remember that I visited this resource very often.
(04:20):
And one of the books recommended was the web application hackers handbook.
And I remember I struggled to do the practical stuff because after 10 hours of doing nothing,
but doing nothing exposed to sun, it was challenging enough that after this time, I was just pumped out.
I didn't want to do anything apart from from playing football.
(04:41):
But I didn't want to do anything in front of my computer.
And I remember I started waking up before I would start work at eight, I think, or seven.
So I would wake up at five for two hours.
I would do the practical tasks using topics that I learned the previous day.
I used the root.me platform.
I don't know if it's still live or not.
(05:04):
And then during my job, I would read an e-book with a web application hackers handbook.
I remember I did it on a bad e-book reader, which couldn't.
It was a PDF format, which couldn't show the images well.
So every time in my e-book, there was an image I had to pull out my phone.
And on my phone, I had to check the image on the same page.
(05:26):
And I did most of the reading via the e-book reader.
And with this, I learned something throughout those those four months.
And I knew I just want to to become a pen tester or bug bounty hunter.
But I felt that first I would have to become a programmer.
And I went to university.
(05:47):
And I think my strategy at the university was quite well.
Because I was at the computer science.
There was no cyber security back then at this university.
And I was doing as little as possible at the university to have as much time as possible to learn web security.
(06:08):
Because I had to learn all web security by myself.
There was no web security at the university.
And I think the strategy of doing as little as possible for the university worked quite well for me.
It was actually a tip I learned from another vlogger, another YouTuber, actually, that I saw at that conference that we went for high school.
(06:33):
It was Maciej Anisarowicz. It's in Polish, so not relevant for most of you, unfortunately.
And he had videos about becoming a programmer, basically.
So I had to sort of modify them to be relevant for cyber security.
But I did this strategy and it worked quite well.
I also did the CTF research group or how extracurricular activities are called at the university.
(07:04):
Because during the holidays, I was researching, is anything happening about CTFs in Krakow or at the university?
And I saw that there is a research group or the extracurricular group about CTFs on my university led by a guy called Disconnected.
(07:25):
And I was quite worried because I saw it did happen the previous year, but I saw nothing posted about the year I was about to attend to.
So I remember I just texted him on whatever communicator.
And I felt he's not going to do this to lead this activity and more.
(07:48):
But eventually he did, and it then became the key to my career because, one, I learned a lot during this time.
So I was learning in my free time and I was attending this group.
And it was key because later, after the first year, he referred me to a company.
(08:09):
And it was also the first time that I started looking at connections a bit differently.
Because before, I looked at connections, at the word connections, as something negative.
If someone would tell me they got a job through connections, I would just understand they have the uncle at the company.
(08:30):
And the uncle hired them despite them not having enough technical skills.
But this part with me attending some extracurricular activity and being active there and showing that I do want to learn, it enabled the connections in a positive way.
Because Dominic referred me to a friend working at the company.
(08:55):
And eventually I got hired there after the first year of university as an apprentice there.
And it was a huge, huge achievement for me because I didn't even hope to start my career as an apprentice there.
I really dreamt of being an apprentice there, but I thought that I will need a few years working as a programmer, maybe one or two years.
(09:20):
And only then I could maybe, maybe get a job as an apprentice there.
And even I remember driving for the, for the interview.
I did really have the attitude of I'm going there to see how the interview looks like because I've never been to an interview, but 100% they will not give me this job.
(09:42):
But they did.
And I was hugely, hugely relieved and very happy.
Working as an apprentice there in some sense surprised me at how easy it was to find vulnerabilities.
Of course, I did learn a lot because it was my first job.
So I obviously did.
But it surprised me in the sense that during my, my first year before I started working, I did, you know, try some bug bounty websites because bug bounty was always very appealing to me.
(10:10):
First, it's the, the independence part was always something that, that I felt attracted to.
And also the economic factors because, you know, I live in Poland.
It's not a country with high living costs.
So if you earn in the, in dollars, basically in, in something that's not scaled to, to your country, then you can live on a really good level.
(10:34):
For these reasons, bug bounty was very appealing to me.
So I did, you know, open some public bug bounty programs.
I, I did even try some vulnerabilities on websites without bug bounty programs and obviously nothing worked.
I only remember one XSS that popped on the web, on the shopping website without the bug bounty program.
But I imagined that, you know, these, the bugs you are finding in real life are not bugs that I was learning in the web application hackers handbook.
(11:04):
But when you're doing pentesting, you are very often the first person to test, to test the website.
So it was quite natural that I was finding many vulnerabilities there.
Of course, I did have to learn a lot.
I had to learn writing reports.
I had to learn working with developers and I had to learn a lot.
But the part of finding vulnerabilities surprised me that a lot of vulnerabilities in the reports were the, the simple versions, like the, literally the copy paste from OS top 10 or, or from any other book.
(11:39):
So in this sense, it did surprise me, but I was, I was very happy.
It was very, very satisfying to find all those vulnerabilities, but I was still, you know, thinking and always reading about, about bug bounties.
I remember at this time I had a very tight schedule with everything.
(12:01):
And I remember I like to go to a gym before the university, before work or something like this crazy days like that.
And I also had the ritual that maybe one, once a week, once, once every two weeks, maybe once a month, sometimes before the gym, I would go to a cafe.
I would sit there, I would watch bug bounty presentations.
(12:25):
Then I would go to a gym and then I would continue with my day.
And maybe for, for some of you, that's strange, but for me as a child, you know, drinking cafe in a, in a restaurant or in the cafeteria, it was kind of a luxury.
It's not something, definitely not something I was doing often.
And I don't think I did it once during my first year of university.
(12:48):
So when I started working and I had the possibility to do it, I remember literally feeling luxury sitting always the same place in the same cafeteria before the gym.
I also love working out in the morning.
So it was also very satisfying to me to, you know, work out with the caffeine cake.
(13:09):
And it was, it was, I love this time and we'll come back to this cafeteria later.
But, but for now, I was being a Pentester.
I was learning a lot as a Pentester.
I was still continuing the university with the lowest effort possible.
And I was learning about bug bounty.
I tried a lot of websites.
(13:31):
Sometimes at work we would, I hope my ex boss is not watching this, but sometimes we would finish the project much earlier than, than we had the time assigned.
So I would just do bug bounty during my, my work hours and I was obviously not finding much.
And then I remember that one day I was looking at Gitter.
(13:53):
Gitter was an acquisition of GitLab and I was looking at the, at the source code mostly to just, you know, see the real world application, to see the bug bounty target.
I was not hoping to find the vulnerability.
And I was particularly interested in the OAuth authentication flow.
And I remember that just after one request that, that I sent, the application stopped responding and it wasn't anything extraordinary.
(14:21):
You know, when you are setting up your own environment, things break all the time.
So I didn't think much of it at the time.
And then I sent a few more requests like this after restarting the environment.
And it was a repeatable, consistent behavior of the application.
So after some time I debugged what's the cause.
And I saw that there was a particular line of code that didn't foresee this, this input in this place.
(14:48):
And that's what caused the error.
But I was still like, okay, that's denial of service, but that's not the bug that you can get paid for.
And then I looked at GitLab actually does pay for this vulnerability class.
So I remember, you know, submitting this report, still not believing I will get anything because it was just sounding very, very surreal.
But they did pay me out.
(15:10):
The video about this, this bug in detail is on my channel.
They did pay me out $1,000.
And I felt incredible at this time, especially that, you know, I was checking the notifications all the time, reading all the emails.
You know, even you probably also remember this.
If you've ever submitted your first bug, even when your bug is triaged, you are still thinking about scenarios.
(15:34):
How can they still not pay you for this bug?
Because it just feels surreal that you can get paid.
But they did get paid and it felt incredible.
I remember I spent half of this bounty on this watch that I still have today.
And so it's still with me, still reminding me of that time.
(15:55):
And I was really, really happy.
And that's probably a feeling I will never remember again.
And I wanted to somehow, you know, share with the world my findings.
So I thought about creating the blog.
I also knew that creating the personal brand is something good.
It can help you get a better job.
For example, it creates the personal brand.
(16:18):
Then you have infinite possibilities.
But I knew that a lot of people that write blog posts, you know, they only write those blog posts a few times a year because they usually, you know, even for me, bugs I was finding was during pen test.
So I could not talk about them.
I couldn't feel enough blog posts to be interesting enough.
(16:41):
So I was procrastinating creating the blog for a long time.
And then I thought of maybe doing something different.
And the idea of my channel was in my head for some time.
It's actually not the first YouTube channel that I created.
The previous one I was creating when I was about 14 and 15 and 16 years old or maybe 13 to 15.
(17:08):
It was in Polish and it was about tutorials for the game Battlefield, mostly Battlefield 3, Battlefield 4, and then some other FPS as well.
And it was quite big.
It's not that I created the YouTube channel with two videos.
I was creating it with a friend.
And it has, it's still public.
It has like 5,000 subscribers.
(17:29):
So it was in Polish and it was quite big for the size of YouTube back then.
It was like 2013, 2012.
So it was very early YouTube years.
So 5,000 subscribers then was a lot.
And we did it for like two years.
Then we stopped.
(17:51):
And I don't really remember lessons that I learned there, but definitely I did pick up some lessons then that I am using in my YouTube channel now.
But I just don't remember those things clearly.
I only have a few memories from that time.
So the idea of YouTube channel was appealing to me, but I had no idea if I would still create videos about my bugs.
(18:19):
It would still be the same problem of not having enough bugs to be enough.
And I thought about, you know, maybe explaining reports of other people.
The reason was that I was reading a lot of write-ups back then, and a lot of them were not written really good.
Sometimes, you know, the submitter of the report, the reporter, assumes that the other person knows something about the system.
(18:45):
Often, the triager or the company that processes the bug, they do.
But then when the report is disclosed, for us, for readers, some things are unclear.
So my idea was to explain those reports in a clear manner.
But one problem with this idea was that I would be creating videos about bugs of other people.
(19:07):
And I felt it's sort of uncool to, you know, use other people's intellectual property, in a sense, to create my videos.
And I think I would not do the channel if not this guy or the author of these books, Pete Jaworski.
He has two books. One of them is the blue one. I don't remember the name.
(19:32):
This is the second edition.
And basically, the concept of the book is that he grouped some disclosed public bug bounty reports.
And he made a book about these.
And this book is actually... I think you can get the first edition for free when you sign up at HackerOne.
Or it's somewhere they send it to you after registration or something like this.
(19:55):
At least, it used to be that.
So it's definitely a respected position.
And also Pete Jaworski has a great respect.
I don't know if he still creates some bugs.
But I remember that he was a respected person in the community.
And basically, just seeing his bugs, it was the argument for me that, OK, if these books, they use the same concept.
(20:21):
And nobody is telling that, oh no, Pete is bad because he created a book and makes money out of bugs of other people.
Then definitely, me making free YouTube videos about them will also be OK.
So thank you, Pete, for creating this book.
Without you, I wouldn't be where I'm currently at.
(20:43):
And my idea was also to add the visual layer to those videos because I felt it can really help people understand the bug better.
And I think I did this quite well.
The channel, sometimes people have to upload tens of hundreds or maybe thousands of videos before they catch traction.
I caught traction quite quickly.
(21:05):
And I think also the reason was that authors of the bug would sort of push my video forward.
And these were good videos.
So they did catch traction quite quickly.
I was really happy that I finally got to it.
Of course, I had to wait and procrastinate a lot to do it.
And I finally started when the virus started, like literally first two weeks of the virus.
(21:31):
I was really happy because at that time I would have studies.
I would do like the full time studies or daily studies or whatever they are called.
I would do part time job.
I would be in a long distance relationship.
So all weekends where I was not not working during the weekends.
So for me, having two weeks off in this time, it was fantastic.
(21:55):
I was really happy about it.
And I did start the channel literally like two weeks after the COVID started or something like this.
And then, of course, I wasn't happy about it.
But it did push me to to create the channel.
And then it was it was sort of growing like this for for some time.
And the problem was that I was not finding bugs myself.
(22:18):
I had the channel.
The channel was bigger and bigger.
I was working as a pen tester.
I also changed job in this period.
Also, the reason I changed jobs was because of my YouTube channel.
I think my manager of my second job, he approached me on Twitter.
And I want to believe it was based on the videos that I created.
(22:40):
So it also played a big role in this.
And it was also quite a big pay rise for me.
So it was quite a nice change.
But in terms of bug bounty, I didn't do a lot.
I didn't have much time.
When I had the time, when I did actually hack, I wasn't finding anything.
And at some point, like more or less a year after joining my second job, I was already
(23:08):
after the university.
So I had a little bit more free time.
And then I decided that it might be the time to quit my job.
Very cold and calculated decision because it definitely did not feel like a right time
because I knew nothing about business.
(23:29):
I wasn't a successful bug bounty hunter.
So why would I quit my job, you know, to leave out of these two things?
I know nothing about.
And the origin of this story actually begins when the people from my first company there
we used to also during work hours to conduct some trainings for developers.
(23:53):
And after I quit, people from the training department of that company approached me.
If I still want to continue these during these trainings or create a new training actually
to create a new training for them.
But this time as a freelancer and not during my work hours.
And I was quite happy to accept this proposition.
(24:14):
I could make more money than I would in the during my regular full time job.
So I was happy to accept the offer.
And for this, I had to create the sole entrepreneurship sort of company in Poland.
I had to, of course, pay taxes from it.
I had to pay the insurance and everything.
And I didn't plan on doing anything more about it.
(24:39):
At that time, I was on.
I only created it for the purpose of conducting these trainings and maybe some YouTube collaborations.
But I wasn't thinking much about it.
But actually, this creating the sole entrepreneurship did spark the business interest in me.
(25:01):
And I started learning more about business.
I was more interested about marketing.
I was more interested about different products.
And I didn't foresee this coming at all.
But then I had the idea to, you know, maybe also create something to monetize the channel.
Because then I also created the way to support the channel voluntarily.
(25:25):
It was buying me a coffee website.
And it was literally like two or three people sending me a coffee after a few months.
So I shut this down.
And I knew that if I want to make money off of YouTube, I just need to create my own product.
So I started thinking about it.
And then also other friend approached me about creating a course about Python and security.
(25:54):
It's also in Polish.
The way it works is I create the course and he does the marketing and he has the target audience and everything.
And at this time, you know, I had thoughts about my own product.
I had the potential of creating the course and I had the trainings I would conduct.
But still, it didn't feel at all like the time to quit my job.
(26:18):
But the thing was that I had about one year worth of savings in my account.
And my analytical, the analytical part of my brain would nudge me to, you know, just quit your job.
And if it doesn't work after one year, you can just come back and you probably can get a better job after one year of trying something else.
(26:43):
So it definitely did not feel like the right time for me.
Nobody of my friends would expect it.
Nobody actually was trying to convince me that it's a good move.
People would either be surprised, maybe even sending me indirect signals that it's not a good time or it's not a good decision.
But I would still do my own thing because just the risk was not that big.
(27:08):
You know, the worst thing that could happen was that after a year, I would just have to come back to employment.
And it didn't seem like too much of consequences to me.
So I decided to just go for it.
And I'm happy I did.
And now I also whenever making a decision, I'm thinking about the consequences.
Because if consequences are like this, if they are not that scary, actually, because, you know, then at that time, you know,
(27:37):
feeling like failure, yes, it would be bad.
But, you know, the one thing that helps me think about it from a better perspective was what will I think about it in five years time?
And from the perspective of, you know, at this time, I was I would be scared.
I would be afraid.
(27:58):
I would be unsure.
I would feel like failure.
But then, like, what will 30 year old Greg think about this?
Oh, he would think, oh, yeah, when I was 25 years old, I decided to, you know, quit my job.
And I spent a year trying to do bug bounty and to create content.
You know, it didn't work.
So after one year, I came back to employment.
(28:20):
But still, throughout this one year, I learned a lot.
It was probably what I was going to think about it, about the worst case scenario after five years.
And having a perspective like this really shifts my mindset.
And it's also something that I use today.
Whenever I'm scared, whenever something feels risky, I'm thinking, OK, what will I think about the worst case scenario in five, in 10 years time?
(28:48):
And very, very often is actually nothing that's scary.
So it's definitely something that you can take away from this video to just not be afraid of failing.
But actually, you know, think about what are the consequences?
What will you think about them in a few years?
And then very likely this decision will not be that scary.
(29:12):
And as it often happens with these decisions, the worst case scenario doesn't actually happen.
And so it didn't.
And as you see, I'm still here.
To be honest, I don't know how.
Because now when I think about this decision, it seems extremely naive that I quit my job for bug bounty and for creating a business.
(29:33):
Both things I knew nothing about.
It shouldn't work.
I think it shouldn't work.
But I made it work, and I'm so happy to be here.
Of course, for me, the growth, it was quite slow.
Because usually when people start a business, they are already capable in doing something.
Like someone becomes a good backhunter, and then they decide to create a channel.
(29:56):
And extremely rarely, you know, someone just comes.
Okay, I will be a backhunter.
I'm not now.
And even worse or even better, I also had a paid product at this time.
So I created a paid product about learning web security when I had literally one bug behind my belt.
(30:17):
And I was open about it.
I'm actually so proud of this that I never had to, you know, lie about my past or be unclear about my past.
I always told people, you know, I'm just learning.
Come learn with me if you want.
If you don't want, don't buy my product.
And I'm very happy that it worked this way.
Of course, the first year, year and a half were quite slow in terms of the business.
(30:42):
Then the business skyrocketed in terms of my bug bounty journey.
Of course, details are in bug bounty vlogs.
But my growth here, my development as a bug bounty hunter is quite slow.
And it's something that is sometimes annoying to me.
Because I know that if I would dedicate just to bug bounty hunting, it would be much better.
(31:05):
But I'm not spending that much time on it.
I do spend more time on the business side.
I do spend more time not working, basically.
And it's a very, very tough balance to find.
Because, you know, on one hand, I would love...
Of course, I do these bounty vlogs every year.
I'm sharing my results.
(31:26):
And of course, it would be nice for me to, for example, have the next year's bounty vlog where I would be in the six-figure range or something like this.
Or basically to be happy with my performance as a bug bounty hunter.
But then the reality is when I have the choice of working more and finding more bugs and enjoying more time,
(31:50):
I just see that I do in these cases make the decision to just have fun.
So it seems that the quick growth is not the priority for me.
And I see this based on my actions and not on my thoughts, which is quite a difficult thing to do.
So my growth as a bug bounty hunter is quite slow.
(32:11):
I'm planning to change this a little bit.
I'm planning to focus more on bug bounty in 2024.
But we'll see how it goes.
Also, in my content, my content did evolve a lot throughout this time.
In the beginning, it was just explanations of bug bounty reports, as the name suggests, bug bounty reports explained.
(32:36):
These days, this is not my most common format.
Usually, my videos are either podcasts or case study videos and occasional videos of other formats.
But the original one is no longer the main thing.
Also, the reason is that creating videos like this with visualizations, with animations, with everything, they took a lot of time.
(33:01):
And I saw that even when I was putting more effort into them, they weren't really performing that well.
And I see that, for example, with the case study, I'm spending more time before I even start recording the video or writing the article,
because I just do the case study.
And then the video itself is not that edited.
(33:23):
It has no animations.
It's not that pretty, but it's more useful.
And that's why I also prefer this type of content, because, you know, it's more useful and it requires less work from me.
And the same goes with podcasts.
Podcasts are great because I don't only see the report of somebody else, but I actually can ask them about things that I do want to ask them.
(33:48):
And I think this content is great.
So this is the direction I'm going at.
Also, one thing that I would like to have in my channel, but I really struggle to somehow make it work.
I even talked about this with one of you who recognized me at the CCC conference that I came back literally two days ago.
(34:12):
I'm recording this just after just after coming back that in my videos, I would prefer to sort of show you more or maybe make you think more about your life.
Also, in terms of of some time off and in terms of some sports and some holidays, because at the end of the day, videos about bugs are videos about making money.
(34:39):
And I do believe that for many of you, making more money is not actually something that will make you happy.
And it can definitely harm your health in the long run if you spend too much hours in front of the computer.
And I do leave, I think, a well balanced life with a lot of sports and a lot of travel.
And I always have some urge to somehow, you know, not really share it.
(35:04):
I don't care about sharing it, but I would care to make you think about your life.
That maybe, you know, instead of spending more time in front of the computer with bug bounty, maybe you should go to the gym.
Maybe you will be healthier for for for your old elderly life.
So even now you will be healthier, you will be happier, you will have great relationships.
(35:26):
You can also travel.
You know, I see also all my all my choices in my life.
They they did lead me to this place where I can work from anywhere on the world.
And also my earnings do not depend on the country I'm working from and the times I'm in and everything.
So I did in 2023, I did start sort of a digital nomad thing.
(35:51):
I spent two and a half months in Spain, in Canary Islands, and I absolutely loved it.
And now when you are watching this, it's probably like January or February because I'm recording this up front.
I'm in Argentina and I'm also living sort of a digital nomad life because I absolutely love the digital nomad community.
(36:14):
I don't like the winter in Poland.
And that's why I travel.
And I also urge you, if you are a bug bounty hunter, if you have a remote work, you can you can do this.
So so you should think about doing this.
It's also easier for some people, harder for others.
For me, I want to do these things now when I'm when I'm single, when I have no kids, when I have no not many responsibilities.
(36:37):
This is this is the time to do it.
And one last thing.
I told you that I will come back to the to the cafeteria.
I talked about before when I did go to the cafeteria, watch bug bounty presentations and and be really hyped and dream about the bug hunter lifestyle.
And, you know, I kind of forgot forgot about it for some time.
(37:00):
But then I think like one year ago when I was already living from YouTube and bug bounty, I came back to this cafeteria.
I took the same thing I always take the large black Americano and the muffin, which is absolutely delicious and very, very calorie rich as well.
(37:21):
But absolutely delicious.
I sat in my favorite couch in the same place I always did.
And I realized that I'm now living the lifestyle that I used to dream about all the times that I would go to this cafe.
And on this positive note, I want to thank you for for watching this video or for listening to this podcast.
(37:43):
And I want to encourage you to to make risky decisions, to not be afraid to always have the long term perspective and the worst case scenario, which is usually not that bad.
And I encourage you to do sports and I encourage you to travel.
(38:06):
Thank you.
In this episode of BBRD podcast, I actually have no guest.
(00:04):
Instead, I'm solo and I will tell you about my journey to cybersecurity.
How I started, what sparked my interest, how I then got through the computer science degree,
how I started the YouTube channel, my other YouTube channel, which you probably don't know about,
and then until today, when I do half, let's say YouTube and half bug bounty
(00:27):
with a lot of travel and sports in between.
So enjoy the journey. I think there are a lot of takeaways that you can use in your career.
So I hope you will find it either entertaining or useful.
Enjoy.
As a teenager, I already knew that I want to be a programmer. I want to work in IT.
(00:49):
The reasons were not that strong, to be honest.
One of them was that I used to play a lot of games as a child.
So I had to be proficient with computers, which usually just meant installing something or solving a problem,
but definitely nothing like programming or using the terminal.
And the other reason was, of course, I knew that programmers make a lot of money.
(01:11):
So I wanted to do this, but I wasn't particularly interested in this.
I didn't do a lot by myself to fulfill this interest.
Like a lot of hacker stories that I'm hearing is, you know, someone was hacking PlayStation at the age of 12
or creating cheating to Counter-Strike or to other games.
It's not my story. For me, hacking was not present until I was age 19.
(01:37):
And at high school, I knew I wanted to do my final exam with computer science.
But at school, we pretty much didn't have a teacher.
So we had a small group of students that wanted to learn by themselves.
It was led by one of the past students of my high school.
And as this group with one of the teachers, we went to Warsaw to a conference called Warsaw Computer Science Days
(02:08):
or Warszawskie Dni Informatyki in Polish.
And then there was a presentation by General Coldwind about CTFs.
And this is actually the moment where my cybersecurity interest started.
So it was quite late for standards of a lot of cybersecurity people that we know.
(02:30):
And then I started to be interested in CTFs.
I started playing PicoCTF. It was my first CTF.
The tasks there are very simple.
The first task that I did was learning to use the cat command in Linux, learning to use LS,
learning what's base64 encoding, learning what's hex and simple stuff like this.
(02:51):
But it was definitely what I needed back then because I couldn't do anything else.
And I remember that in the beginning, I wasn't interested in doing the web stuff for some reason.
I don't know why.
And then somehow I did still transition to web.
After starting to be more interested in CTFs, I started to learn web security.
(03:17):
And then between the university and the high school, the final exams are in May in Poland.
So we have like four months, maybe four and a half months of holidays,
pretty much the longest holiday of your life usually.
And then I was selling strawberries.
(03:38):
And it was a season where strawberries were quite expensive.
So not a lot of people were buying them.
So I would just sit for like 10 hours, not doing much for most of the time because there wasn't much traffic.
And I remember I was reading the web application hackers handbook when I was there.
(04:00):
And I intended to do this task practically after my work.
I remember there was a page on bug crowd about how to start bug bounty.
And I remember that on this, I think it was a forum post.
I don't remember when it was, but I remember that I visited this resource very often.
(04:20):
And one of the books recommended was the web application hackers handbook.
And I remember I struggled to do the practical stuff because after 10 hours of doing nothing,
but doing nothing exposed to sun, it was challenging enough that after this time, I was just pumped out.
I didn't want to do anything apart from from playing football.
(04:41):
But I didn't want to do anything in front of my computer.
And I remember I started waking up before I would start work at eight, I think, or seven.
So I would wake up at five for two hours.
I would do the practical tasks using topics that I learned the previous day.
I used the root.me platform.
I don't know if it's still live or not.
(05:04):
And then during my job, I would read an e-book with a web application hackers handbook.
I remember I did it on a bad e-book reader, which couldn't.
It was a PDF format, which couldn't show the images well.
So every time in my e-book, there was an image I had to pull out my phone.
And on my phone, I had to check the image on the same page.
(05:26):
And I did most of the reading via the e-book reader.
And with this, I learned something throughout those those four months.
And I knew I just want to to become a pen tester or bug bounty hunter.
But I felt that first I would have to become a programmer.
And I went to university.
(05:47):
And I think my strategy at the university was quite well.
Because I was at the computer science.
There was no cyber security back then at this university.
And I was doing as little as possible at the university to have as much time as possible to learn web security.
(06:08):
Because I had to learn all web security by myself.
There was no web security at the university.
And I think the strategy of doing as little as possible for the university worked quite well for me.
It was actually a tip I learned from another vlogger, another YouTuber, actually, that I saw at that conference that we went for high school.
(06:33):
It was Maciej Anisarowicz. It's in Polish, so not relevant for most of you, unfortunately.
And he had videos about becoming a programmer, basically.
So I had to sort of modify them to be relevant for cyber security.
But I did this strategy and it worked quite well.
I also did the CTF research group or how extracurricular activities are called at the university.
(07:04):
Because during the holidays, I was researching, is anything happening about CTFs in Krakow or at the university?
And I saw that there is a research group or the extracurricular group about CTFs on my university led by a guy called Disconnected.
(07:25):
And I was quite worried because I saw it did happen the previous year, but I saw nothing posted about the year I was about to attend to.
So I remember I just texted him on whatever communicator.
And I felt he's not going to do this to lead this activity and more.
(07:48):
But eventually he did, and it then became the key to my career because, one, I learned a lot during this time.
So I was learning in my free time and I was attending this group.
And it was key because later, after the first year, he referred me to a company.
(08:09):
And it was also the first time that I started looking at connections a bit differently.
Because before, I looked at connections, at the word connections, as something negative.
If someone would tell me they got a job through connections, I would just understand they have the uncle at the company.
(08:30):
And the uncle hired them despite them not having enough technical skills.
But this part with me attending some extracurricular activity and being active there and showing that I do want to learn, it enabled the connections in a positive way.
Because Dominic referred me to a friend working at the company.
(08:55):
And eventually I got hired there after the first year of university as an apprentice there.
And it was a huge, huge achievement for me because I didn't even hope to start my career as an apprentice there.
I really dreamt of being an apprentice there, but I thought that I will need a few years working as a programmer, maybe one or two years.
(09:20):
And only then I could maybe, maybe get a job as an apprentice there.
And even I remember driving for the, for the interview.
I did really have the attitude of I'm going there to see how the interview looks like because I've never been to an interview, but 100% they will not give me this job.
(09:42):
But they did.
And I was hugely, hugely relieved and very happy.
Working as an apprentice there in some sense surprised me at how easy it was to find vulnerabilities.
Of course, I did learn a lot because it was my first job.
So I obviously did.
But it surprised me in the sense that during my, my first year before I started working, I did, you know, try some bug bounty websites because bug bounty was always very appealing to me.
(10:10):
First, it's the, the independence part was always something that, that I felt attracted to.
And also the economic factors because, you know, I live in Poland.
It's not a country with high living costs.
So if you earn in the, in dollars, basically in, in something that's not scaled to, to your country, then you can live on a really good level.
(10:34):
For these reasons, bug bounty was very appealing to me.
So I did, you know, open some public bug bounty programs.
I, I did even try some vulnerabilities on websites without bug bounty programs and obviously nothing worked.
I only remember one XSS that popped on the web, on the shopping website without the bug bounty program.
But I imagined that, you know, these, the bugs you are finding in real life are not bugs that I was learning in the web application hackers handbook.
(11:04):
But when you're doing pentesting, you are very often the first person to test, to test the website.
So it was quite natural that I was finding many vulnerabilities there.
Of course, I did have to learn a lot.
I had to learn writing reports.
I had to learn working with developers and I had to learn a lot.
But the part of finding vulnerabilities surprised me that a lot of vulnerabilities in the reports were the, the simple versions, like the, literally the copy paste from OS top 10 or, or from any other book.
(11:39):
So in this sense, it did surprise me, but I was, I was very happy.
It was very, very satisfying to find all those vulnerabilities, but I was still, you know, thinking and always reading about, about bug bounties.
I remember at this time I had a very tight schedule with everything.
(12:01):
And I remember I like to go to a gym before the university, before work or something like this crazy days like that.
And I also had the ritual that maybe one, once a week, once, once every two weeks, maybe once a month, sometimes before the gym, I would go to a cafe.
I would sit there, I would watch bug bounty presentations.
(12:25):
Then I would go to a gym and then I would continue with my day.
And maybe for, for some of you, that's strange, but for me as a child, you know, drinking cafe in a, in a restaurant or in the cafeteria, it was kind of a luxury.
It's not something, definitely not something I was doing often.
And I don't think I did it once during my first year of university.
(12:48):
So when I started working and I had the possibility to do it, I remember literally feeling luxury sitting always the same place in the same cafeteria before the gym.
I also love working out in the morning.
So it was also very satisfying to me to, you know, work out with the caffeine cake.
(13:09):
And it was, it was, I love this time and we'll come back to this cafeteria later.
But, but for now, I was being a Pentester.
I was learning a lot as a Pentester.
I was still continuing the university with the lowest effort possible.
And I was learning about bug bounty.
I tried a lot of websites.
(13:31):
Sometimes at work we would, I hope my ex boss is not watching this, but sometimes we would finish the project much earlier than, than we had the time assigned.
So I would just do bug bounty during my, my work hours and I was obviously not finding much.
And then I remember that one day I was looking at Gitter.
(13:53):
Gitter was an acquisition of GitLab and I was looking at the, at the source code mostly to just, you know, see the real world application, to see the bug bounty target.
I was not hoping to find the vulnerability.
And I was particularly interested in the OAuth authentication flow.
And I remember that just after one request that, that I sent, the application stopped responding and it wasn't anything extraordinary.
(14:21):
You know, when you are setting up your own environment, things break all the time.
So I didn't think much of it at the time.
And then I sent a few more requests like this after restarting the environment.
And it was a repeatable, consistent behavior of the application.
So after some time I debugged what's the cause.
And I saw that there was a particular line of code that didn't foresee this, this input in this place.
(14:48):
And that's what caused the error.
But I was still like, okay, that's denial of service, but that's not the bug that you can get paid for.
And then I looked at GitLab actually does pay for this vulnerability class.
So I remember, you know, submitting this report, still not believing I will get anything because it was just sounding very, very surreal.
But they did pay me out.
(15:10):
The video about this, this bug in detail is on my channel.
They did pay me out $1,000.
And I felt incredible at this time, especially that, you know, I was checking the notifications all the time, reading all the emails.
You know, even you probably also remember this.
If you've ever submitted your first bug, even when your bug is triaged, you are still thinking about scenarios.
(15:34):
How can they still not pay you for this bug?
Because it just feels surreal that you can get paid.
But they did get paid and it felt incredible.
I remember I spent half of this bounty on this watch that I still have today.
And so it's still with me, still reminding me of that time.
(15:55):
And I was really, really happy.
And that's probably a feeling I will never remember again.
And I wanted to somehow, you know, share with the world my findings.
So I thought about creating the blog.
I also knew that creating the personal brand is something good.
It can help you get a better job.
For example, it creates the personal brand.
(16:18):
Then you have infinite possibilities.
But I knew that a lot of people that write blog posts, you know, they only write those blog posts a few times a year because they usually, you know, even for me, bugs I was finding was during pen test.
So I could not talk about them.
I couldn't feel enough blog posts to be interesting enough.
(16:41):
So I was procrastinating creating the blog for a long time.
And then I thought of maybe doing something different.
And the idea of my channel was in my head for some time.
It's actually not the first YouTube channel that I created.
The previous one I was creating when I was about 14 and 15 and 16 years old or maybe 13 to 15.
(17:08):
It was in Polish and it was about tutorials for the game Battlefield, mostly Battlefield 3, Battlefield 4, and then some other FPS as well.
And it was quite big.
It's not that I created the YouTube channel with two videos.
I was creating it with a friend.
And it has, it's still public.
It has like 5,000 subscribers.
(17:29):
So it was in Polish and it was quite big for the size of YouTube back then.
It was like 2013, 2012.
So it was very early YouTube years.
So 5,000 subscribers then was a lot.
And we did it for like two years.
Then we stopped.
(17:51):
And I don't really remember lessons that I learned there, but definitely I did pick up some lessons then that I am using in my YouTube channel now.
But I just don't remember those things clearly.
I only have a few memories from that time.
So the idea of YouTube channel was appealing to me, but I had no idea if I would still create videos about my bugs.
(18:19):
It would still be the same problem of not having enough bugs to be enough.
And I thought about, you know, maybe explaining reports of other people.
The reason was that I was reading a lot of write-ups back then, and a lot of them were not written really good.
Sometimes, you know, the submitter of the report, the reporter, assumes that the other person knows something about the system.
(18:45):
Often, the triager or the company that processes the bug, they do.
But then when the report is disclosed, for us, for readers, some things are unclear.
So my idea was to explain those reports in a clear manner.
But one problem with this idea was that I would be creating videos about bugs of other people.
(19:07):
And I felt it's sort of uncool to, you know, use other people's intellectual property, in a sense, to create my videos.
And I think I would not do the channel if not this guy or the author of these books, Pete Jaworski.
He has two books. One of them is the blue one. I don't remember the name.
(19:32):
This is the second edition.
And basically, the concept of the book is that he grouped some disclosed public bug bounty reports.
And he made a book about these.
And this book is actually... I think you can get the first edition for free when you sign up at HackerOne.
Or it's somewhere they send it to you after registration or something like this.
(19:55):
At least, it used to be that.
So it's definitely a respected position.
And also Pete Jaworski has a great respect.
I don't know if he still creates some bugs.
But I remember that he was a respected person in the community.
And basically, just seeing his bugs, it was the argument for me that, OK, if these books, they use the same concept.
(20:21):
And nobody is telling that, oh no, Pete is bad because he created a book and makes money out of bugs of other people.
Then definitely, me making free YouTube videos about them will also be OK.
So thank you, Pete, for creating this book.
Without you, I wouldn't be where I'm currently at.
(20:43):
And my idea was also to add the visual layer to those videos because I felt it can really help people understand the bug better.
And I think I did this quite well.
The channel, sometimes people have to upload tens of hundreds or maybe thousands of videos before they catch traction.
I caught traction quite quickly.
(21:05):
And I think also the reason was that authors of the bug would sort of push my video forward.
And these were good videos.
So they did catch traction quite quickly.
I was really happy that I finally got to it.
Of course, I had to wait and procrastinate a lot to do it.
And I finally started when the virus started, like literally first two weeks of the virus.
(21:31):
I was really happy because at that time I would have studies.
I would do like the full time studies or daily studies or whatever they are called.
I would do part time job.
I would be in a long distance relationship.
So all weekends where I was not not working during the weekends.
So for me, having two weeks off in this time, it was fantastic.
(21:55):
I was really happy about it.
And I did start the channel literally like two weeks after the COVID started or something like this.
And then, of course, I wasn't happy about it.
But it did push me to to create the channel.
And then it was it was sort of growing like this for for some time.
And the problem was that I was not finding bugs myself.
(22:18):
I had the channel.
The channel was bigger and bigger.
I was working as a pen tester.
I also changed job in this period.
Also, the reason I changed jobs was because of my YouTube channel.
I think my manager of my second job, he approached me on Twitter.
And I want to believe it was based on the videos that I created.
(22:40):
So it also played a big role in this.
And it was also quite a big pay rise for me.
So it was quite a nice change.
But in terms of bug bounty, I didn't do a lot.
I didn't have much time.
When I had the time, when I did actually hack, I wasn't finding anything.
And at some point, like more or less a year after joining my second job, I was already
(23:08):
after the university.
So I had a little bit more free time.
And then I decided that it might be the time to quit my job.
Very cold and calculated decision because it definitely did not feel like a right time
because I knew nothing about business.
(23:29):
I wasn't a successful bug bounty hunter.
So why would I quit my job, you know, to leave out of these two things?
I know nothing about.
And the origin of this story actually begins when the people from my first company there
we used to also during work hours to conduct some trainings for developers.
(23:53):
And after I quit, people from the training department of that company approached me.
If I still want to continue these during these trainings or create a new training actually
to create a new training for them.
But this time as a freelancer and not during my work hours.
And I was quite happy to accept this proposition.
(24:14):
I could make more money than I would in the during my regular full time job.
So I was happy to accept the offer.
And for this, I had to create the sole entrepreneurship sort of company in Poland.
I had to, of course, pay taxes from it.
I had to pay the insurance and everything.
And I didn't plan on doing anything more about it.
(24:39):
At that time, I was on.
I only created it for the purpose of conducting these trainings and maybe some YouTube collaborations.
But I wasn't thinking much about it.
But actually, this creating the sole entrepreneurship did spark the business interest in me.
(25:01):
And I started learning more about business.
I was more interested about marketing.
I was more interested about different products.
And I didn't foresee this coming at all.
But then I had the idea to, you know, maybe also create something to monetize the channel.
Because then I also created the way to support the channel voluntarily.
(25:25):
It was buying me a coffee website.
And it was literally like two or three people sending me a coffee after a few months.
So I shut this down.
And I knew that if I want to make money off of YouTube, I just need to create my own product.
So I started thinking about it.
And then also other friend approached me about creating a course about Python and security.
(25:54):
It's also in Polish.
The way it works is I create the course and he does the marketing and he has the target audience and everything.
And at this time, you know, I had thoughts about my own product.
I had the potential of creating the course and I had the trainings I would conduct.
But still, it didn't feel at all like the time to quit my job.
(26:18):
But the thing was that I had about one year worth of savings in my account.
And my analytical, the analytical part of my brain would nudge me to, you know, just quit your job.
And if it doesn't work after one year, you can just come back and you probably can get a better job after one year of trying something else.
(26:43):
So it definitely did not feel like the right time for me.
Nobody of my friends would expect it.
Nobody actually was trying to convince me that it's a good move.
People would either be surprised, maybe even sending me indirect signals that it's not a good time or it's not a good decision.
But I would still do my own thing because just the risk was not that big.
(27:08):
You know, the worst thing that could happen was that after a year, I would just have to come back to employment.
And it didn't seem like too much of consequences to me.
So I decided to just go for it.
And I'm happy I did.
And now I also whenever making a decision, I'm thinking about the consequences.
Because if consequences are like this, if they are not that scary, actually, because, you know, then at that time, you know,
(27:37):
feeling like failure, yes, it would be bad.
But, you know, the one thing that helps me think about it from a better perspective was what will I think about it in five years time?
And from the perspective of, you know, at this time, I was I would be scared.
I would be afraid.
(27:58):
I would be unsure.
I would feel like failure.
But then, like, what will 30 year old Greg think about this?
Oh, he would think, oh, yeah, when I was 25 years old, I decided to, you know, quit my job.
And I spent a year trying to do bug bounty and to create content.
You know, it didn't work.
So after one year, I came back to employment.
(28:20):
But still, throughout this one year, I learned a lot.
It was probably what I was going to think about it, about the worst case scenario after five years.
And having a perspective like this really shifts my mindset.
And it's also something that I use today.
Whenever I'm scared, whenever something feels risky, I'm thinking, OK, what will I think about the worst case scenario in five, in 10 years time?
(28:48):
And very, very often is actually nothing that's scary.
So it's definitely something that you can take away from this video to just not be afraid of failing.
But actually, you know, think about what are the consequences?
What will you think about them in a few years?
And then very likely this decision will not be that scary.
(29:12):
And as it often happens with these decisions, the worst case scenario doesn't actually happen.
And so it didn't.
And as you see, I'm still here.
To be honest, I don't know how.
Because now when I think about this decision, it seems extremely naive that I quit my job for bug bounty and for creating a business.
(29:33):
Both things I knew nothing about.
It shouldn't work.
I think it shouldn't work.
But I made it work, and I'm so happy to be here.
Of course, for me, the growth, it was quite slow.
Because usually when people start a business, they are already capable in doing something.
Like someone becomes a good backhunter, and then they decide to create a channel.
(29:56):
And extremely rarely, you know, someone just comes.
Okay, I will be a backhunter.
I'm not now.
And even worse or even better, I also had a paid product at this time.
So I created a paid product about learning web security when I had literally one bug behind my belt.
(30:17):
And I was open about it.
I'm actually so proud of this that I never had to, you know, lie about my past or be unclear about my past.
I always told people, you know, I'm just learning.
Come learn with me if you want.
If you don't want, don't buy my product.
And I'm very happy that it worked this way.
Of course, the first year, year and a half were quite slow in terms of the business.
(30:42):
Then the business skyrocketed in terms of my bug bounty journey.
Of course, details are in bug bounty vlogs.
But my growth here, my development as a bug bounty hunter is quite slow.
And it's something that is sometimes annoying to me.
Because I know that if I would dedicate just to bug bounty hunting, it would be much better.
(31:05):
But I'm not spending that much time on it.
I do spend more time on the business side.
I do spend more time not working, basically.
And it's a very, very tough balance to find.
Because, you know, on one hand, I would love...
Of course, I do these bounty vlogs every year.
I'm sharing my results.
(31:26):
And of course, it would be nice for me to, for example, have the next year's bounty vlog where I would be in the six-figure range or something like this.
Or basically to be happy with my performance as a bug bounty hunter.
But then the reality is when I have the choice of working more and finding more bugs and enjoying more time,
(31:50):
I just see that I do in these cases make the decision to just have fun.
So it seems that the quick growth is not the priority for me.
And I see this based on my actions and not on my thoughts, which is quite a difficult thing to do.
So my growth as a bug bounty hunter is quite slow.
(32:11):
I'm planning to change this a little bit.
I'm planning to focus more on bug bounty in 2024.
But we'll see how it goes.
Also, in my content, my content did evolve a lot throughout this time.
In the beginning, it was just explanations of bug bounty reports, as the name suggests, bug bounty reports explained.
(32:36):
These days, this is not my most common format.
Usually, my videos are either podcasts or case study videos and occasional videos of other formats.
But the original one is no longer the main thing.
Also, the reason is that creating videos like this with visualizations, with animations, with everything, they took a lot of time.
(33:01):
And I saw that even when I was putting more effort into them, they weren't really performing that well.
And I see that, for example, with the case study, I'm spending more time before I even start recording the video or writing the article,
because I just do the case study.
And then the video itself is not that edited.
(33:23):
It has no animations.
It's not that pretty, but it's more useful.
And that's why I also prefer this type of content, because, you know, it's more useful and it requires less work from me.
And the same goes with podcasts.
Podcasts are great because I don't only see the report of somebody else, but I actually can ask them about things that I do want to ask them.
(33:48):
And I think this content is great.
So this is the direction I'm going at.
Also, one thing that I would like to have in my channel, but I really struggle to somehow make it work.
I even talked about this with one of you who recognized me at the CCC conference that I came back literally two days ago.
(34:12):
I'm recording this just after just after coming back that in my videos, I would prefer to sort of show you more or maybe make you think more about your life.
Also, in terms of of some time off and in terms of some sports and some holidays, because at the end of the day, videos about bugs are videos about making money.
(34:39):
And I do believe that for many of you, making more money is not actually something that will make you happy.
And it can definitely harm your health in the long run if you spend too much hours in front of the computer.
And I do leave, I think, a well balanced life with a lot of sports and a lot of travel.
And I always have some urge to somehow, you know, not really share it.
(35:04):
I don't care about sharing it, but I would care to make you think about your life.
That maybe, you know, instead of spending more time in front of the computer with bug bounty, maybe you should go to the gym.
Maybe you will be healthier for for for your old elderly life.
So even now you will be healthier, you will be happier, you will have great relationships.
(35:26):
You can also travel.
You know, I see also all my all my choices in my life.
They they did lead me to this place where I can work from anywhere on the world.
And also my earnings do not depend on the country I'm working from and the times I'm in and everything.
So I did in 2023, I did start sort of a digital nomad thing.
(35:51):
I spent two and a half months in Spain, in Canary Islands, and I absolutely loved it.
And now when you are watching this, it's probably like January or February because I'm recording this up front.
I'm in Argentina and I'm also living sort of a digital nomad life because I absolutely love the digital nomad community.
(36:14):
I don't like the winter in Poland.
And that's why I travel.
And I also urge you, if you are a bug bounty hunter, if you have a remote work, you can you can do this.
So so you should think about doing this.
It's also easier for some people, harder for others.
For me, I want to do these things now when I'm when I'm single, when I have no kids, when I have no not many responsibilities.
(36:37):
This is this is the time to do it.
And one last thing.
I told you that I will come back to the to the cafeteria.
I talked about before when I did go to the cafeteria, watch bug bounty presentations and and be really hyped and dream about the bug hunter lifestyle.
And, you know, I kind of forgot forgot about it for some time.
(37:00):
But then I think like one year ago when I was already living from YouTube and bug bounty, I came back to this cafeteria.
I took the same thing I always take the large black Americano and the muffin, which is absolutely delicious and very, very calorie rich as well.
(37:21):
But absolutely delicious.
I sat in my favorite couch in the same place I always did.
And I realized that I'm now living the lifestyle that I used to dream about all the times that I would go to this cafe.
And on this positive note, I want to thank you for for watching this video or for listening to this podcast.
(37:43):
And I want to encourage you to to make risky decisions, to not be afraid to always have the long term perspective and the worst case scenario, which is usually not that bad.
And I encourage you to do sports and I encourage you to travel.
(38:06):
Thank you.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.