Did you know your involvement in open source communities could lead you into an exciting cybersecurity journey? Join us as we chat with our cybersecurity enthusiast guest, Olivia, who made her entry into this intriguing field through Reddit's open source community. We discuss the potential dangers of malicious code uploaded to open source repositories and the importance of staying updated on secure coding practices.
Dive into our conversation about Olivia's experience double majoring in computer science and security, where she faced challenges in understanding vulnerabilities in coding and their fixes. We also emphasize the significance of companies providing their application security teams with access to the source code to ensure better testing and secure coding practices development.
Lastly, we explore the value of traditional education, online learning, boot camps, and certifications in the cybersecurity industry. We discuss the importance of engaging learning experiences, a supportive community, and spreading positivity and motivation to others. Don't miss out on this insightful discussion with Olivia, where we uncover the fascinating world of open source and cybersecurity.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Did you know your involvement in open source communities could lead you into an exciting cybersecurity journey? Join us as we chat with our cybersecurity enthusiast guest, Olivia, who made her entry into this intriguing field through Reddit's open source community. We discuss the potential dangers of malicious code uploaded to open source repositories and the importance of staying updated on secure coding practices.
Dive into our conversation about Olivia's experience double majoring in computer science and security, where she faced challenges in understanding vulnerabilities in coding and their fixes. We also emphasize the significance of companies providing their application security teams with access to the source code to ensure better testing and secure coding practices development.
Lastly, we explore the value of traditional education, online learning, boot camps, and certifications in the cybersecurity industry. We discuss the importance of engaging learning experiences, a supportive community, and spreading positivity and motivation to others. Don't miss out on this insightful discussion with Olivia, where we uncover the fascinating world of open source and cybersecurity.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Welcome everybody, welcome back. It is me, it is the cyber warrior, this is cyber warrior studios, and I know you are all here for security happy hour And I've got an amazing guest and amazing show plan that synco to mount, synco de mayo, revenge of the fifth, and it's fray as day. So it's going to be an amazing episode. So I hope you're all here for it. I hope you're all here to enjoy And I promise you, if you hang with me for just a second, we'll be right back. And we're back and look, hey, real quick, there it is, the sound of security happy hour kicking off. And this evening I have the one and only Olivia, and I'm going to butcher the hell out of that last name. I'm going to try. I'm going to try. So how you doing?
Speaker 2:this evening, olivia, i'm doing wonderful. How about you?
Speaker 1:I'm fantastic. I mean, come on, it's a Friday evening And it's revenge of the fifth And it's synco de mayo. So you know, the chaos is bound to ensue. That's just what we do around here. So how was your day, olivia? How was your day?
Speaker 2:My day was great. I went to the gym for the first time in a very long time and very excited and very proud of myself.
Speaker 1:You know my wife keeps telling me I need to go back to the gym because she started going back to the gym and she's like you really get something out of it, especially because of your back and all these other things, because I'm broken And I'm like, yeah, probably. But you know I don't like going after work, and before work requires me to wake up at like 430 in the morning, so kind of see how that plays out. And hey, for everybody listening, if you hear any background noise is because my son refuses to leave my office. He is currently building a new Lego set for the Slytherin house. So just so you're aware. Anywho, olivia, i got to ask how did you get into cybersecurity? I want to ask that first before we get into the education aspect of the show. How did you get into cybersecurity?
Speaker 2:Sure. So it all actually started with open source, specifically open source on Reddit. When I was in 11th grade, my computer broke And at that time I had just gotten into robotics because I transferred schools and I was like, wow, like I didn't know robotics could be an extra curricular and all that. So I was getting into computing and, since I was a newbie in the space, i had to rely on a lot of, you know, online materials. Try to catch up to my peers so I could, you know, talk about computers and stuff with them, and my robotics teachers like, hey, you might enjoy programming and all this.
Speaker 2:And there wasn't those resources at my school, so I'd watch YouTube tutorials and try to create my own programs. That, when it came to debugging, i had nobody to ask. So I went to open source multiple open source communities on Reddit and people would spend hours helping me And that community aspect was just something I really enjoyed. And so I was like, okay, i love open source, but I don't really have that like, i guess, career goal with it, and so I wanted to figure out what I could do with my career in open source. And so one day I was on an airplane and I downloaded a Netflix documentary about the hacker group anonymous.
Speaker 1:And that one. It's a good one.
Speaker 2:Yeah, it's great. And so at that moment, when they were talking about like the Egyptian internet shut down and like all that stuff, i knew exactly what I wanted to do with my career and it was offensive security in the open source space. And at that moment I it was such a strange moment because I knew exactly what I wanted to do and that purpose and that drive has stuck with me and that same goal. I've maintained it since that, that day in the 11th grade And yeah, so open source was what got me to the tech space And it's kind of what keeps me here. The community and offensive security is just the thing that I enjoy doing And want to make sure that I can spread knowledge and, you know, help people in that space.
Speaker 1:So prior to um, because, because I know you're, you're, you've got your or you're working towards your degree, correct, yes, okay. So prior to getting your degree, with open sport, open source, okay, i'm doing a show, buddy, you got to, you know, cut me a break here tonight. So, with open source and with everything you've been doing. So we all know open source was good and bad, right, depending on if the person reviewing it has the ability to really review the code before they do. Hey, yeah, we'll accept your pull request or your pull, what I think is a pull request push request.
Speaker 2:Yeah, I can't remember.
Speaker 1:Before we accept it we got to review it and make sure that it's all valid. So that is how you can see. sometimes malicious code get uploaded onto, like GitHub and these different repos that are open source. So when you have these issues, have you come across anything like that in your time? you know, going through open source because I do a little bit of open source The last company I worked for was heavily open source on what we kind of went with. Have you come across a lot of malicious stuff?
Speaker 2:Oh, all the time. and it's interesting when you use the word malicious, like I think there has this connotation of like, oh, someone knows they're doing something bad. And yes, those things happen where people you know will accept pull requests from other people, well intentioned or otherwise, and they just don't really know how to review the code and it just breaks everything. Heck that that help that happens at. you know, like that happens all the time.
Speaker 2:I think in almost any time you're collaborating with people like someone might, you know, change the wrong branch or whatever, and it just messes everything up. What I think is really interesting is when it comes to the knowledge of programmers and when people who are just, you know, making personal projects and all that stuff, program something insecurely and then other people use that source code in their code and now their code also has the same source code, also has the same vulnerabilities, and they don't update it And so it just creates this like really insecure cycle that just never gets fixed And yeah, so there's a lot of insecurity in the open source space and it's sad because I think sometimes people like view it as this thing that nobody should use now, when in actuality people just actually have to look at the code, review it more and be more trained on how to properly review code and ask for help when they don't know what they're doing.
Speaker 1:And I think you know, when you're looking at things like some of the vulnerabilities we see in open sources, like buffer overflows, and you know things that really just expose an application which you know, part of me is really happy that I believe it was Twitter. I believe it was Twitter that went open source. One of these closed off applications I don't know. I don't keep track of open source. Not gonna lie, i like. I find applications that I like, for instance, like Lee Bairds Discover Scripts of me and him have talked a lot. There's a few other applications and programs I've used and I pay attention to those, but I want to say it was. I know Microsoft release some things.
Speaker 1:I want to say Twitter went open source. This is where we found some issues within the code, where people were pointing it out with screenshots, like look what they're doing. This is BS type of deal, but I think open source can bring a lot of attention to the nuances and the issues with code. Well, at the same time, i think sometimes we rely too heavily on the community to be like oh yeah, this is good, just download it and go. You're good to go, everything's okay because it's open source and you should trust the community. That's like trusting an exploit developer that their code is not going to hone your own system.
Speaker 2:No, and that's awesome. I love that example too. I just recently I had to restart, like er, like erase my whole computer, and I have like a test computer that I just like run like absolute garbage on, and I've used the same one for four years And so I've learned so much in the past four years. How is it still living, i know. And so so much stuff had broke because I would go on like these random, like blogs and tutorials, blindly, follow them just like executing stuff. I didn't know what was going on And like my like the computer was just nothing worked anymore And I was just like okay, this is what happens when you just like blindly install stuff and just rely on public resources without knowing what you're doing. And in my defense, though, i've been learning over the past four years and all that and I don't do that anymore, but it really shows what can happen.
Speaker 1:Well, so we got it. We got a question here from me, show, one of my warriors and part of the family, so we are going to bring that up here in a second. I got my buddy will here with another comment, but which, by the way, all the warriors in chat, thank you for being here, love having you here. As always, you're all amazing people and part of the family. Now I will say, though, on your note of having a computer for like blowing shit up my personal computer for years, because I custom built all my computers was I've always done that, right until I started working in security full time and had to like segregate kind of what I did and started using more virtual machines. I had a computer this is back into my space days and anybody who knows anything Yes, i'm kind of like leading my age here of how old I am, but my space was all you could do, all HTML code, and so you were allowed to exploit a lot of people and really do a lot of damage to to individual users. But there was always these pages Hey, download this to see this page.
Speaker 1:Now, me being me always knew was malware. I was always like, fuck, you know it's not going to happen. But then I started delving more and more into security And I was like you know what? let me see what this does. At one point Yeah, it was the worst thing I could have done because I was like download and I was running Windows Vista Ultimate 64 bit. I had dumped a ton of money into my computer. I had like eight or 16 gigs of RAM at the time. I forget what it was Like. Literally I could have ran this thing into the ground. It would have been fine.
Speaker 1:And so I got hit with this because I can't. It was a bomb of some sorts Basically just ran pop up after pop up and it was like a logic bomb or something like that. And I ended up I was like I got to kill this. How do I kill this? And I was like hold up And I'm like hitting control, shift, escape and you know, trying to get into my task manager. But even if you killed it, it came back and you know.
Speaker 1:So eventually I got into like MS Config or something like that, killed it from startup, rebooted my computer and just never ran it again. I didn't even get rid of it. I literally was just like you know what I don't want to fuck with it. Just never run again. Never. As long as you never start up, we're okay, because that's how bad it was. I didn't even want to deal with it. So, yes, i have blown up some computers because you look at it and you're like, oh, this is going to be bad, this is really going to be bad. And I had the UAC, i had everything. Are you sure you want this to run? Yeah, sure, go. No, no, i should have said no, i should have.
Speaker 1:But on that note, we do have some questions here. First, from Misha, for those who may be newer explain open source and offensive versus closed and defensive and layman's terms. And I will say this as basic as we can take it, down to kindergarten, crayola, marine style. Yeah, i'm a soldier, don't get at me. As basic as we can take it, because I do have friends and family that are trying to get into security and IT but don't necessarily understand the terms. So, olivia, if you can explain this in the best way possible, Yeah for sure.
Speaker 2:And that's actually in terms of breaking things down. That's actually why I turned to Reddit instead of Stack Overflow. The terms that were used in Stack Overflow were so technical I couldn't understand them, so I'd have to go to Reddit and ask for people to break things down so much because I just couldn't read Stack Overflow. So I totally understand that Open source is when you can view source code, so the stuff that programmers write. People will put that code on the internet and it is now open source.
Speaker 2:Open source is a catch all term, though. So just because someone makes something public, it doesn't mean that you can always use it, redistribute it or modify it. That's where certain things called freedoms come in, and there's something known as free and open source software, where the free stands for freedom, not like free as in free gear And the freedoms is where you can, number one, see the code. It starts with zero, but I forget which order then. So it's like can you see the code, can you modify the code, can you share the modified code, And how do you redistribute it? So that's what open source is, and so just remember that open source is a catch all term and it just means you can see source code. Hold on.
Speaker 1:Let me stop right there. There's open source. I've seen a few licenses come out and I know we're breaking this down kind of basic. But I've seen a few licenses come out for open source. So does GitHub, which is where a lot of your open source code resides. These days. I've seen they provide a few different licenses for the code that you put up there. So does that break down the differences between the type of code that you're releasing, whether it's completely free, free but with a pay type deal, free with hey, you still got a contact. That's a lot of stuff. You're using it like that type of deal.
Speaker 2:So the license itself is very long and, yes, it does break it down. If you're inside GitHub, though, and you're selecting the license, it will put up this little helpful banner up at the top, and it will just show check marks like oh, does it include a warranty? Oh, does this support paid? or whatever. And so those little checks at the top are very helpful, and it will break it down very simply, and if you just want to know what like if that description isn't helpful enough for you you can actually search. I think, like Creative Commons offers like a very simple breakdown of what each of those terms mean. You can see exactly what that license will do, and like very simple terms, because, honestly, reading the licenses themselves is often a pain. So, yes, it will break it down up at the top, or else you just have to read the license or just Google it on.
Speaker 1:Creative Commons. All licenses are a pain. So now let's dig even further. So, before we get into offensive and defensive, let's go into closed. So what would be closed source code? Something that you view as closed source?
Speaker 2:So closed source code is just like when you don't share it. So if you have a proprietary application, you just don't share the code and you just rely on people to use it hopefully not reverse engineer it to discover things, and just keep it up with it, why we never do that, why That never happens.
Speaker 1:Yeah, and that's one of the big things, but I find that as one of the problems, right. So, even in you know, when you're working in cybersecurity, you do things like AppSec, and AppSec is huge for this. Are you going to allow me to see your code, because you've got a lot of vendors, you've got a lot of companies out there that build their own code and their own applications, and some of them are very tight-knit and they're like no, you're not allowed. All right, well then, i'm going to break it, but I don't know what I'm breaking or how, because you're not letting me see the code. So I don't know what variables or what you know equate. I don't know how I'm breaking this. I just know I'm breaking it or how maybe the wrong term But I don't know what part of your code I'm breaking. I just know that I'm breaking it.
Speaker 1:So I think that, in terms of AppSec, these people that want to be closed source but still want someone to, like pen test their application, really need to open up that source code to the companies they're going for, because that will allow someone to look through and actually help you develop more secure coding practices, which is what I think a lot of programmers lack, and it's not because they're not intelligent, it's because they're taught the easy way to program and just make things work versus hey, this is how you securely code things, it's how you prevent buffer overflows, it's how you prevent this and the third. So that is where I think releasing that source code to the companies that you have an NDA with you have all this stuff with you should really probably give your AppSec people the source code so that they can properly test it.
Speaker 2:Yeah for sure, that's actually a huge problem. When I decided to attend college for this, i decided to double major in computer science and security And my main goal was to find a school that actually understood that these were two different subjects that needed to be separated, because it really frustrates me when people are like, oh, css security, no, no, it's not. So a lot of schools had done that. My whole goal with double majoring is so that I could understand code enough to be able to look at it and read it and all that and then understand security and the ways that I could actually check my code and check other people's code, because one of the problems that I had talked to some of my mentors about and people in industry about before going into college was how security people couldn't actually communicate how their code was vulnerable and how to fix it. So they were in a scanner and they'd be like, well, it's vulnerable here, it does this thing.
Speaker 2:The programmers would be like I don't know where to fix it. Where in my code is this issue being caused? And I was just like, wow, this makes a lot of sense And I wanted to make sure that when I told people that something's insecure, that I could actually tell them what exactly it was so I could help fix it. And when it comes to consulting and stuff, i recently started doing freelance consulting. That has been my biggest frustration, where smaller companies will be like we want you to pen test our company before we preach sorry, not preach pitch to investors or whatever. We want you to sign off on it, but we don't want to share any source code And I'm like you just want me to sign off on something saying that you're secure and do nothing. It's very frustrating.
Speaker 1:That's the equivalent of like. So this is my problem with companies today, and so for anybody listening, whether now in the chat or afterwards, this is my issue with companies looking for a pen test or a red team engagement, even though they're not even up the par to get a red team engagement, is they put this very closed scope on it, like, hey, don't test our production systems, we're going to give you these subnets And that's all you get. If you go outside of that, we're coming after you. Type of deal. Like look, an attacker is not going to give a damn what type of scope you have. They have all day, all week, all month, all year to come after you if they truly want to. So when you put this limited scope and you say only go after Dev and test or only go after these, and if you say, all right, well, what about this IP address over here? And they're like, oh no, no, if that gets hit too hard, that'll bring the system down. So you know you have a fucking problem, but you don't want to expose that problem to higher ups to get it fixed. There's a problem. I'm seeing here people come on So and I see that in code too, where there's a problem, i can't tell you how to fix it because I can't see the code. And now you're not giving me the code to tell you how to fix it. Like we can go round and round here. I'll tell you what the vulnerabilities are, but I can't tell you how to fix it if I can't see what you've got written down. And so, yeah, that's very valuable And I think they need to implement more secure coding practices into your CS programs.
Speaker 1:And the problem with that is one of the top CS programs in the at least a nation, if not the world, is Carnegie Mellon. And when I drove Uber, i drove Uber for a while, drove some CSP students and I said, oh, what languages are you learning? As good as Carnegie Mellon is, they don't necessarily teach a particular language. They teach the foundations of how to do certain things and how things should react and interact and da-da-da-da. So how are you gonna teach secure coding if you can't teach someone how to really secure a particular code? So you're teaching proper practices but not secure practices necessarily. And that's my issue When one of the top schools in the world are not teaching a particular language and every language has its own way of securing it.
Speaker 2:That's not just CMU, though. One of the benefits of going to the Rochester Institute of Technology and, i think, similar like tech schools is that the majors become very specific. For example, we have a software development or software it's called software engineering major. We have a computing security major and a CS major. Cs is something that's so broad, and so you end up studying CS theory. It seems like CMU is spending a lot of time on the theory aspect rather than teaching the software development side, and when you look at RIT software development program, there's so many languages, there's so many things to learn in terms of securing things, and so even if you do major it's something like software engineering you're not actually gonna get the experience securing that language. Same thing with computing security. When we do our programming courses, security is huge. There's incident response, there's offensive security. In offensive security there's even further breakdowns of that, and so like yeah, like there's so much to teach people. It's kind of frustrating because CS programs also don't update their curriculum very much. So when they do teach programs-.
Speaker 1:You say very much, I'd say at all, let's be honest. I mean half of the fucking exploits they put out there, like Windows XP, MS-06-017 or some shit like that, like it is the most basic exploit out there And we'll get into that when we talk about offensive and defensive measures. But seriously, now these cybersecurity programs are like oh yeah, run this exploit and it just works. Yeah, fucking just works, Cause you're running Windows XP, maybe Windows 2K, And seriously, if it doesn't work, you got a fucking problem. So you're not wrong, you're not wrong.
Speaker 1:They don't update shit. Okay, Just let it go Ask your college who's running Windows 10. We're not.
Speaker 2:What about Windows 11?
Speaker 1:Fuck you, that's too far ahead. We ain't gonna do that shit. Sorry, i just need to chuck a lot of that, cause the military's even worse. The military in their curriculum is even worse than colleges. So, yes, you're absolutely correct. They don't update shit for shit.
Speaker 2:That is. That's actually one thing I find really interesting. I did a presentation where I mentioned something like that. It was like it was like the state of like Maryland, or it was New Jersey, like some department had their website hacked twice the same way because they didn't fix it. And I was just kind of like, cause the first time, i think like some kid did it, and the kid explained exactly how he did it, exactly how he fixed it, and then they didn't fix it and then they got hacked the same way again And I was just like how did this happen?
Speaker 1:Cause, like explained it, they hit that five. They hit that five. They hit that five. That's how.
Speaker 2:It's all better, we fixed it.
Speaker 1:So so I love that because, yeah, it happens. Companies don't fix they're pointed out these vulnerabilities, how they were broken into, all these issues. They don't fix it. So let's, let's break this down a little further. Right On top of this, she said Misha said open source and offensive versus closed source and defensive. And I want to get into this a little bit, because offensive and defensive are different, but you can even flip those to open source and defensive and closed and offensive. Break down your view of offensive security.
Speaker 2:Inventive security to me is just any form of attacking something and yeah, there's no, I think, morals behind it or anything. it's just attacking something And in the career sense it usually means attacking something and trying to see if there's a way to either fix it or if there was a way to prevent it, either at that time or at a later date.
Speaker 1:So what about the defensive side? The?
Speaker 2:defensive side sorry.
Speaker 1:I was gonna say with the defensive side, where do you go with that?
Speaker 2:It really depends, because sometimes and this is kind of what frustrates me There's a social engineering aspect that happens all the time And it's completely unavoidable, and when it comes to incident response and defense, you always have to rely on the user failing, on the person who's using the thing failing. And it frustrates me when people are like, oh, we need to teach people more security, education and all that. It's like no, let's just assume they're not gonna do it, let's just assume they're just gonna fail, because there's always gonna be that edge case. And so, when it comes to securing something, i think it's really important to actually look at what the exploit developer did.
Speaker 2:What did that red team do? What type of thing did they do to actually harm the systems once they got in? And once you protect the ways that they were able to go through a network or whatever, i think those are kind of the best ways to secure something a network or a device Because it's like people are gonna click stuff they shouldn't, people are gonna do things that they shouldn't. And, unfortunately, painting a picture that like, oh, education will fix everything, i think is somewhat flawed, and that's why I really try to focus on the technical aspects of it Because I've seen personally. I've seen more results with just fixing the original problem of what they were able to exploit than just saying how about you stop reading your emails Like.
Speaker 1:I mean, let's be honest, most blue teams give up reading their emails because they get so many alerts that are just bullshit. And when I think about it, this is where purple team comes into effect, because any red teamer worth his salt and this is why I say if you're a red team, you should know blue team, if you're a blue team, you should know red team. Any side worth his salt should be able to explain how to do each other's job. So if you were a red teamer, you should be able to go in there and be like hey, did you see this? Did you see these logs? Did you see this event? Did you see whatever? No, okay, we need to fix your logging system or the events or the alarms, because you should have caught this and stopped us. If you didn't, we got a bigger issue. So that is where I think the education comes down to knowing both sides, which is, by the way, now that we know both.
Speaker 1:I'm gonna get to my buddy's comment here in a little bit, but I'm gonna hide this one. This gets me into more of the education side of things. You are currently going through college, correct? Yes, i can't stand college, even though I have a degree. I absolutely despise it, but I understand the need. So, with that and understanding education, do you feel that YouTube and Google and Reddit have been more valuable towards your education of the field not necessarily just getting a degree, but education of the field have been more valuable?
Speaker 2:No, it's because I don't think that they're actually all that comparable.
Speaker 1:Okay explain. I'd love to hear it, please explain.
Speaker 2:I absolutely love college. I'm not sure if you looked at my LinkedIn, but I hope to graduate within the top 1% of my degree program. I love academics and the reason why I like school so much is that it creates one accountability system So you're able to, i guess, track your progress very easily, and I like the ability to mark my learning with a rank like that I get 100% on a test or whatever. And studying isn't really everything, because half the time when I said, i don't actually remember what I was studying. But I really like that accountability structure.
Speaker 2:Number one, number two, when it comes to education and CS and security and all of that. Everybody has to search somewhere And, yes, it's bad to just be like, oh, run this exploit on Windows Vista or whatever. But if you have never actually ran an exploit before, you need to have a grounding point, a starting point, and when people go to college, most people haven't actually done this stuff before, and that included me. So it was very helpful to actually see what these things actually look like and what they're doing. When it came to also with school, is it you have somebody? you can ask My biggest problem and why I had to rely on Reddit so much when it came to open resources was that I didn't have people to ask. I didn't have people who were willing to always spend time with me to answer questions, and TAs and professors despite how expensive they are overall can really do that, and especially at a university, like a lot of kids don't actually use it live, uh-oh.
Speaker 1:You're just. I had made you big, It's all you.
Speaker 2:You're okay. Okay, i was like hey.
Speaker 1:I have control. I want them to hear and see you. That's all it is.
Speaker 2:I was like oh no, but yeah, a lot of kids don't actually utilize the professors and the TAs and all of that, and so what just kind of happens is that they get this degree. They don't actually understand what they're doing And it's like wow, like great, you didn't really learn anything here. When it comes to Reddit and YouTube and all that, if you have a lot of drive and motivation, you could probably learn everything that I learned in college from YouTube. It's just do you have the people that you can ask? is the help and support that you're getting on Reddit quick enough and fast enough to keep you entertained? And for me, as much as I love Reddit and rely on it heavily to learn and grow and still to this day, i heavily rely on Reddit is that structure of learning always going to work? for you, is it fast-paced enough? And for me it wasn't.
Speaker 2:And yeah, so I really like college. That's the experience I get from it, and it really just takes the type of person. Are you going to benefit from that type of environment? And it's not always a yes for some people. For me it is.
Speaker 1:Yeah, and that's the big thing, right, it's all about what we're going to get from things. It's all about what you're going to get out of it, and I stand behind this right. No matter where you come from, no matter how you grow up, you get out of any college, any institution, any high school, any school in general, what you put into it. If you don't show up for class, if you don't ask questions, if you don't kind of push the limit of the education system that's there for you, then you're not going to get anything. But I also feel like, at the same time, that there is a lot you can get outside of college that you don't necessarily get from college, due to your point, olivia, and my point as well, that some of these systems and these curriculums are too far behind the curve of what is really going on in the world, and so that is where I think college could benefit, and this is where I think college does benefit. It gives you more of the foundations. It gives you more of what is security. What are the foundations of security? What are the foundations of IT?
Speaker 1:And this was my problem when I went for my master's degree, which, by all means, i never finished. I will not lie, i never finished my master's degree, mainly because I hated writing papers and that was how all finer grades were determined. Is you know? it came in as an introduction. This is a firewall, this is a router, this is da-da-da-da. It was like a basic security, basic IT class And I was like homey, i've been in this field for I don't know how many years, i really don't need this class in a master's degree program. And they were like oh well, we're taking it because we have other people from other areas. I'm like huh-huh. Masters for me means you have the prior experience. Not hey, you have experience somewhere else and we just wanna pull you into a master's degree program, like that didn't work out for me, but from a bachelor's program or an associate's program.
Speaker 1:Understanding the foundations of security, IT networking, system administration, help desk, all these things make utter and complete sense to me. Don't even get into all the operating system and intricate details of the current operating systems, Just to understand how all these things communicate. That makes sense, And so that is where I think college could be invaluable, because that never changes. The OSI model will never change. The TCP IP model will never change. These things are gonna remain the same. If you can teach these foundations, then a lot of people can get a lot of benefit from college versus boot camps which teach just a topic Security plus is only gonna be security plus. Ccna is only gonna be networking. In Cisco terminology, Net plus is only gonna be networking. So I find that college has a benefit if you find the right one.
Speaker 2:No for sure. And also that's actually. I have a really, i guess, like angry point, i guess, about one of the things you mentioned when it came to you going into a master's program with prior experience. I've noticed that some kids, when they go in undergrad or masters or whatever, they already know what they're doing. They know a lot about what they're doing and they won't be. also this couldn't be me. I have had no idea what I'm doing, so I've needed all those foundational classes for the record. but some kids know what they're doing already and it's frustrating to both them and me that they can't get out of that class Because one that kid's born to death, because they don't wanna be there. They already know everything that's gonna be taught in that class And in many ways the academic program is really holding them back.
Speaker 2:And I had a wonderful manager last summer and his whole philosophy is that if people enjoy what they're doing, they're gonna learn more, they're gonna be a better employee and all this stuff, and he really just changed my thinking about how employment should work, how education should work and all of that. And if you can make things fun for people, you can make things entertaining and allow them to utilize their self drive and motivation to actually go through with something and get something. the results in the alumni that you will get are so much better than just putting them through this really weird structured system that doesn't actually serve the original goal of what it intended. And yes, so I really do get frustrated with academic programs that just kind of force kids that have already put in that effort to just sit there and be bored.
Speaker 1:Yeah for sure. And that's one of the biggest things to me because I went in so I never finished my masters. Prior to that I had a 3.8 or nine, and it was because of one class. I got an A minus And it was because I taught the class and then pissed the teacher off because she knew I was the one to talk shit When I said she doesn't know a damn thing. So of course they're anonymous, but when you're the smartest person in the class, including the instructor, she knows who said what. So I do wholeheartedly agree that she knew it was me and was like your final paper is a D, fuck you, like you failed, i don't know, but I just. I look at it and it was one of those things. I taught the class at the smoke pit during breaks. And one of the biggest things for me was I went up to the instructor because I was still kind of in the middle.
Speaker 1:I knew the offensive side of things. I didn't know the defensive side of things, because all of my career, all of my instruction, had all been offensive. I can break into anything, i can do anything, da, da, da. And so she had brought up IDSs and IPSs. So for those that don't know, that's an intrusion detection system and an intrusion prevention system. One detects, one prevents. And I said all right, let me ask you a question.
Speaker 1:And now I knew the answer to an extent, but I wanted to hear her answer as the instructor to tell the class, because it was something that was never brought up. And I said if you have an attacker breaking into your network and they get stopped by something, will they not know that there is something in their way? And her response and I would love for anybody in the comments to correct me if I am wrong in this thinking but her response was it depends on how much money they spent. What does that have to do with them being stopped and being able to see that they're stopped? So I ask you again if somebody breaks in or is attempting to break into your network and they get stopped, what are you telling me here? Well, it depends on how much money they would spend. And I was like lady, you done told me you worked at the NSA, the CIA and every three digit agency out there. And you're telling me money dictates whether or not they will know they're being blocked by something.
Speaker 1:And it went round and round. And so, finally, i was like you know what? fuck you, i'm done and I'm out. And so I taught the students firewalls outside of the smoke pit. I taught them IDSs, ipss, all these differences. I sat there and told them all this And so, when it came to the final paper, i got like an A minus or a B plus or something like that. I don't know. All I know is it ruined my 4.0 for my master's degree.
Speaker 2:Ooh, it's down. That's so upsetting.
Speaker 1:Right. and so when I moved and I couldn't take the course again, like I couldn't finish my degree because it wasn't quite online yet, i was kind of like I ain't even mad at it, like I don't even care When you hire a teacher like this. no, i'm done.
Speaker 2:No, that's-.
Speaker 1:When that is your response. Is money, not technology. We got an issue. I'm out.
Speaker 2:No for sure, And I think problems like that are probably seen everywhere, like where there's like a power imbalance and stuff. I had one terrible experience with a professor and this is what ruined my 4.0. And this professor would literally call me miss below average in class. Like it was absolutely wild, and he refused to hold office hours. So I started sending him like emails every two days, like copy and paste the same email every two days, over and over and over again. And cause I was just getting so annoyed, cause there was a few times he would schedule an office hours with me and then cancel or just not show up, and so I was just getting so furious that I was like I'm just gonna be annoying. So I just I started doing that And I got a grade that I was like, how on earth did I get this grade? I got like a hundred percent, like all of the assignments and all this crazy stuff, and so I reported it And the great thing was that in this instance it was actually all written, like everything was written, so like the insults and all of that, and so I was like, wonderful, i have evidence.
Speaker 2:And then the people who I had to go through wouldn't actually allow me to submit that evidence. So it became a he said, she said, and I was like, how did this happen? I like this is like the one time I actually have, like you know, written, like I have the receipts, and so it really frustrated me. And you know, i hear stories like this all the time from tons of universities and like even like people at work not at my work, but like just like in general, like it's a pretty common experience And it's sad when you're smarter than the instructors, it really is, but I want to.
Speaker 1:I want to tag on here because, sacred goddess and she knows I'm not going to say her real name because I can't pronounce it, especially now She knows who I'm talking to. And we got a lot of people saying I'm intimidated about all of these 4.0s. Let me let you in on a little secret. I graduated from computer information systems with a GPA of 2.67. Yes, i graduated, i had my degree. I still have my degree with a 2.67. So don't get it twisted. I did not graduate with a bachelor's with a 4.0. I drank, i played video games and I still made my way through. So, yes, do not worry about your GPA, because it doesn't mean a damn thing about what you know. I just wanted it for my master's because I wanted to show something off and I never finished. So fuck it. You're damn right. I didn't even try, mrs Tarver, i'm not even gonna try, but yeah, it's crazy. So let's take it a little bit to this education thing because I think it has value.
Speaker 1:I have mixed feelings on college. I really do. I think it gives a lot to the social construct. I think it gives a lot to allow people to build themselves as a person. My problem comes into more. It's more financially right. That's where my issue lies is the financial aspect and the lack of curriculum, because they don't keep up the date. But I think if we make it standard that you're gonna learn the foundations here, you have to build on your own, then it has more of a standing. What say you to that?
Speaker 2:I think that's totally valid. And when it comes to college and I think we've already made this point it's like you get what you put in. And for me personally, it's like conferences, like independent learning, reddit and I just putting Reddit in its own category because like answering and responding to questions, creating my own questions, just trying to learn more about a subject, and also like pursuing internships and other opportunities, these are things that kind of have to go with your college experience in order to even get the most out of college, which is kind of weird. And yeah, i really just think that people have to have a very holistic education And if people are not investing, i guess, in everything, it's pretty easy to fall short.
Speaker 2:And yeah, and when it comes to the expenses of it too, the whole thing with a 4.0, right, the main reason why I cared about 4.0 so much is that when it comes to applying to scholarships, so many people apply to scholarships because all you're doing is writing an essay.
Speaker 2:Writing essay, you get what a thousand to $10,000? Like sure, i'll write you a couple paragraphs to get some money, like sure And the amount of money that it takes to pay for a degree these scholarships get extremely competitive. But when you have a 4.0, because a lot of them will filter by GPA when they review scholarships, they just will cut out all the applicants that don't have above a certain GPA. And I kind of realized that my 4.0, it was a numerical thing and I could help get that money to help pay for my degree, and so that was a really big motivator because, even though it doesn't, and it's actually so funny how people put so much weight into it, people. So I have a 4.0 and one of my very close friends like there was times where he would forget to submit his homework and he had spent like hours helping me with mine. I'd get 100, he'd get a zero And I just I think it's so funny.
Speaker 1:Well, i was like I laugh at that, because that was like when I was going for my master's right Again, i was friends with everybody. I taught them at the smoke pit I'm a smoker, when I get done with this show, i'm gonna go have a cigarette. That's kind of how things go. But I laugh because at the smoke pit I taught them all this. And so when I got my grade and I was talking to all these people that were like, wait, you got what They're like. I got an A, i got a 4.0. And I'm like, yeah, she didn't like me. They're like, yeah, i can see that. I can see. That is why. And Mike, so that is why I look at this and I'm like, yeah, i get it. I get it Cause it's like you help everybody else and she's just like you know what, i know you're smart, but fuck, you Like we don't care. I get a chuckle out of that Cause you were able to get the grade and he was like shit, i forgot to turn it in.
Speaker 2:Yeah, it is so funny. I absolutely. I have an amazing friend group here and I do think it's very funny how like so many people will like help me with things and all of that, and then like their grades just like won't match up because like they won't make like the worksheets in time or whatever, and like they're so much smarter than me And it's just. It's very interesting, cause it shows how much like prestige and numbers and stuff factor into the way that we judge people and how like we don't always look at people as people and said we're like, oh, you have a 4.0 or oh, you went to Harvard or something, and we just like marked that person as smart And then the person who actually helped them get there is just kind of like there.
Speaker 1:Which, by the way, you mentioned Harvard and I know it's just kind of like a wordy throughout there and ecology throughout there. But still, let's be honest no matter where you go to school, it's just a fucking name The curriculums are the goddamn same. No matter where you go law, doctor, whatever you can't learn something fucking different, because you're gonna learn the same shit. To be a lawyer or a doctor or in cybersecurity, It's all the same. So why the hell does the name matter? I'm just gonna throw it out there. Why spend $100, $200, $300,000 to go to a school When you can go to a state school, get the same exact damn education and learn the same thing?
Speaker 2:I've okay, i actually take issue with that one. The reason why I think a lot of kids don't go to state school is because it's actually more expensive than private schools are.
Speaker 1:How so? Please explain how so.
Speaker 2:So if you're a kid who did well in high school and you apply to a private college, that is like slightly below what your stats are.
Speaker 2:your stats would be something like your GPA and your SAT score. the chances you will get a presidential scholarship to a full ride are quite high. A lot of schools really care about their rankings, and the way that they improve those rankings is by having kids with high SAT scores and incoming GPAs and all that, and so one of the reasons why I went to RIT despite the curriculum and they also have an open source program and all that was the fact they gave me so much money And a lot of kids that I know did the same thing. because it's like if you have a really high SAT score and GPA and all that, you can go to college for essentially free. When you go to a state school, though, there's so many kids who go to state schools and all that, and the chances that you are going to be picked to get special finances or whatever over a kid who has extreme financial circumstances or whatever are quite low.
Speaker 1:So And I see your point on that, because that makes a lot of sense And that your private schools, your Harvard, your Yale, your whatever your tier one, d1, d2, d3 schools however you want to think about it they have the opportunity to give more scholarships, more money for your capabilities in what you bring to the table. However, for any of those out there still funding it themselves, state schools are still cheaper. They still get the same education and you're still going to get the exact same thing. So, in terms of money, yeah, sure, if they're going to give you scholarships, that covers basically 90, 99% of your tuition go for it. Room and board, yeah, go for it.
Speaker 1:But in terms of education, i don't think, in my eyes, the education differs. I think the money given differs, not the education, because really, when we think about it, how can you give a different education for something like a lawyer, a doctor, cybersecurity, it, whatever? it's all the same foundations, it's all the same information. And if you're giving different information, we got a bigger problem. That is legitimately a bigger problem if you're giving different information.
Speaker 1:Couple of lawsuits, like if you say, the OSI model has nine layers, not seven. We got a problem we got to talk about here. Ha ha, ha, ha ha. So that's the way I look at it, but I get your point on why the money matters. I didn't have scholarships. I still got $56,000 in student loans I got to pay for, which, by the way, if anybody wants to drop down in the description of the YouTube video that you're watching right now and donate to the Cash App or PayPal or whatever the fuck, i'll sign up there. I'd greatly appreciate it, cause I got a lot of student loans. Just saying, but I do have some other stuff here and I want to get back to it earlier. One so that we can drop down in the more Programmers, by nature, don't think about security. Does it get the requirement done? If so, it gets deployed. Very true, and you, as someone who loves open source, understands this that this is the way a lot of programmers have been taught.
Speaker 2:So I want to say And it's also the environment that is enforced at a lot of companies that can't hire security teams or where the security teams don't have a lot of power, because, you know, ideally, once you program that code right, that would be sent to someone to actually test, to actually review that code, and all of that, and hopefully, you know, companies will factor those decisions into their deadlines, and I think a lot of times they don't, though, and that's where that problem comes in.
Speaker 1:Yeah, and I think when you're looking at a lot of that, like even looking at, so I look at a lot of like web app security. I hate web apps, i hate trying to pen test web apps, because it's not like a network thing where I can just scan it and go through the steps. It is like, okay, does it have SQLI? Does that have something in the source code? Like there's no steps you can really follow. So when I look at things like that, i look at programmers and applications. Again, there's really no steps you can follow. It's let me look at the source code. Let me see if there's buffer overflow. Let me see if there's this. Let me see if there's that. I'm not an application person, so look, that's why I'm not throwing a bunch of terms out there. I don't fucking know applications, don't judge me, but you look at all these things And I think again.
Speaker 1:I think it is programmers who are taught to make the blanky lights blink. If it don't blink, you're at fault. If it blinks, then if it gets pounded, then it's not your fault, it's somebody else's. We're gonna blame it on DNS. That's the staple way they think, and so I do. I look at this and I'm just kinda like that's how programmers are taught. Just make it work. It could be the ugliest fucking code. No comments, no, nothing, make it work. All right, best I got you. We're gonna open up Telnet to the world and we're gonna open up FTP to the world, because that will allow people to talk to us and we'll be okay.
Speaker 1:Oh my gosh. But you see that shit. You see that shit to this day.
Speaker 2:No, and it is.
Speaker 2:And it's weird because I really like to stress that security and programming are usually two different things And so if you're someone who's just interested in software development, you wanna make your specialty like I think that's fair.
Speaker 2:It's just people need to at least think about security and know that they don't have that knowledge to be able to test something. And one of the things that I've gotten really frustrated with developers with is when I say something's insecure and I can prove it, and they just say, oh, don't worry about it, like it's gonna be fine, like nobody's gonna care, and I'm like but if I can find it, and if I'm at sophomore college and I've only been doing this for two years, like there's people who are way smarter than me, like with malicious intent. So I just wish people there was a little bit more humility there, because I don't necessarily think they do need to care And like in terms of like knowing how to find it, it's just listen to the people who do know how to find it, because then bad things happen And if you don't listen to them and then you point fingers, it's like no, that was just your fault And so I.
Speaker 1:And then you look like an.
Speaker 2:A-hole.
Speaker 1:I'm not gonna lie, because I came back. So I got my grant, i got my reverse engineering malware certification from Sans And when I came back from the training, before I got the certification, i was going through like hack the box and a bunch of other shit just to kind of like keep up the date on reverse engineering stuff. I had a 17 year old schoolmate. 17 years old This motherfucker scolded me And I was like I didn't even know how old he was or her, i don't know. I don't know. It was some random name on Discord. We were just bullshitting And I was like look, homie, i just gotta ask how old are you? He was like 17. I had to tie him up as 34. I was like I'm 34 years old, you're scolding me in assembly and C and Python and everything.
Speaker 1:As 17 years old, you're scolding me in all things that are even older than me. This is ridiculous And I'm proud of you. Can you please teach me? But I think that is what we're lacking, right. And when we look at education, when we look at whether it's boot camps, whether it's colleges, whether it's school of YouTube, whatever the case may be we're lacking the inability to realize that people younger than us, people that have been alive 15 years old My 15 year old knows more shit than me on a lot of things. I ain't gonna lie, he fucking does. So when you look at these things, we are so elite that we're like, oh, we can't learn from them. Not this guy, this guy's like. My son was like, oh yeah, you can do all this on Discord And I was like teach me please. I'm an idiot. Please teach me. I got a 17 year old schooling me on reverse engineering shit. Go ahead, please teach me, cause I'm an idiot.
Speaker 1:I can't figure this shit out And you got these elitists out there that literally talk down to people, just breaking into the field, where it's like, look, homie, they might know more than you. Actually, they probably know more than you, cause, guess what, they grew up with this shit, not you, just saying they grew up with it. So, setting that, and I'm gonna get on a rant if I keep going I want your opinion on something else Your opinion on boot camps versus colleges.
Speaker 2:I haven't done a boot camp.
Speaker 1:Okay, let me try to restructure this question to fix that If you had a boot camp that was given more towards the test or more towards the knowledge, which would you pick?
Speaker 2:A boot camp. What is it? The college because of the social stuff, or what?
Speaker 1:No, no, no, no, maybe I said that wrong The knowledge, not the college. So a boot camp geared more towards the knowledge of the certification that it's going for, or just the test. So either pass the test we'll give you a 98, 99, 100% guarantee you're gonna pass or we're gonna teach you your shit and if you understand the concepts and what goes in and all this other stuff you still have to understand these things and then you'll pass. So we're not gonna give a percentage on passing passing percentage, we're just gonna tell you if you understand these concepts, you'll pass. Kind of get more understanding about that.
Speaker 2:No, I definitely do, And I think a few things are at play. It's I think some people will always view people without college degrees as being inferior, And I think, when it comes to boot camps and stuff, if like boot camps or certifications or whatever like, if you take something like the OFCP right, people actually have genuine respect for that. People look at it and they're like okay, that's cool. There's a lot of other certifications, though, that people just don't like like. they look at it and they're like great, like it's so great. you did that And-.
Speaker 1:Cool. have fun. That's amazing.
Speaker 2:Two thumbs up, yeah and it's like, when it comes to the boot camp, it's like, even if you can get your skills and all the things that you need in that boot camp, can you get people to take you seriously? And for me it's like that needed to be taken seriously. Like, will people view me as a valuable person to hire? Like I think that's the question I would have to ask myself Is it a reputable program? Even if I do get the skills, will people still look at me? Will people look at me any better?
Speaker 2:Because that all those things go into employment, all those things go into the way to how we treat other people. And I'm not always sure, just because I don't actually know enough about boot camps, so I don't know how to like rank them. Like is this a good boot camp? Or like, if I was an employer, like the boot camp would have to be reputable? because I think a lot of times I think employers kind of rule out people without degrees, wrongfully assuming that people with degrees are like smart because they went to college for four years for some reason.
Speaker 1:I want to call it four years. I ain't gonna say I'm smart.
Speaker 1:I mean I am smart, but it's not cause I got a degree, it's because I've been doing the job for 15 plus years. It has nothing to do with degree, cause I gotta get degree in computer information systems to taught me ethics and a little bit of computer science and a little bit of everything I self taught myself, everything I know in terms of security. So this is why, when I hire, i am now a practice manager. So when I get to the point where I can hire people, i don't give a damn about your degree. I don't give a damn about your boot camps, i don't give a damn about your certifications. I care about how you put yourself out there and are you learning.
Speaker 1:If you're learning in public and have no certifications, then that matters to me, because now you're putting yourself out there. Now, if you're not learning in public but you have certifications, great, i'm going to interview you and test you on those certifications and that knowledge that you have. You taught me how to circuit security plus. Cool, what's port 443? What does that do for you? What does HTTPS do for you? What does DNSSEC do for you? What do these things do for you? If you can't answer those questions with a security plus, then I have no need for you because you can't answer the basic questions that are implemented in the certification you say you have.
Speaker 1:I can teach technical anything, but if you have a basic knowledge, you should have a basic knowledge.
Speaker 2:No for sure. And you made a point about learning in public, and I think that's probably the most important thing anybody can do, Because when I made that point about boot camps in college or when I said my opinion on boot camps in college, I was assuming that I had a piece of paper that said one or the other. But when you can actually show that you know something through a blog or through research or whatever, you're actually able to prove that you know something. And so when people hire others because there's times where I'll see posts on Reddit and CS majors how are these people doing it? They don't even go to college or whatever It's like. No, they have a really well-developed blog with a lot of research, So people actually know that they know what they're talking about. And if you don't have those things, like sure you have a degree from MIT, but it's like you've done nothing to prove yourself. And when you're just relying on resumes to get through an ATS scanner and, hopefully, someone at some company.
Speaker 1:Well, where'd you go? We lost her all of a sudden. There you are, you're back.
Speaker 2:Sorry, but yeah, when you're just relying on an ATS machine to fill to your resume, it's like no crap, people aren't going to trust you, aren't going to trust your knowledge. And so, yeah, i think learning in public is probably the biggest thing, because it actually shows that you know something, rather than a piece of paper that just says you did something.
Speaker 1:And on that note, I will add in the importance of networking, right. So this is all about education. Let's not lie. This show is supposed to be all about education and the importance thereof, And I do As much as I hate the cost of college and I think it literally is destroying people's opportunity to get an education.
Speaker 1:I do think of that as value. I do, Don't get me wrong, I have a degree. I think colleges, boot camps, whatever training you can get, you get what you put into it. It has value. However, the cost of college and even boot camps and sands and all these other trainings these days even look at off-sec and the OSCP the prices are outrageous. Like shit is just getting unreal to where the general population can't afford it. So, yes, I do think it has value, but I think it has a limit.
Speaker 1:But if you're learning in public, you're looking at your tri-hack me's, your hack-the-box, your hey, I found this vulnerability. Or hey, I'm building security on you For others that don't know, I have a playlist out there about security on you. Go ahead and start running it on your network. You can fucking do it, homie. You know you look at these things. You can do Blue Team, you can do Red Team, you can do GRC. All this stuff is out there for you to learn free of charge. But if you're not putting out there what you're doing in public, it damages everything you're giving.
Speaker 1:I have gotten many of my jobs based on the fact that, well, guess what? I've talked to people that know what I can do, And I've been doing this show and doing technical content and doing everything else that I do for years now. So, guess what? Put your face out there, Put your name out there. I don't give a damn if you give yourself a handle like well, you can't take mine, The cyber warrior is taken, but take one for yourself. But then attach it to yourself, Make it who you are And you will get somewhere. People will recognize you know, you see you and understand that you know your shit. If you don't want to go to college, that's fine. I don't have a master's degree. I got a bachelor's in computer information systems. My education comes from self-taught YouTube, trained, homie, YouTube, trained. That is where I got all my information, Not from anything else. And then we got man.
Speaker 2:I got so many.
Speaker 1:I can't even read all the YouTube chat right now because me and you are having such great conversations, but this is the way I see it. So, when you're looking at education, so we're well over the top of the hour, well, almost 10 minutes. So I want to end this. Before I end it, i want to get your final thoughts. For those that don't understand the foundations of IT and cybersecurity I'm talking acronyms, technologies, things like that right, so me, i grew up building computers. It is very hard for me to give this advice, because I grew up understanding hard drives, memory, tcp, ip, all this stuff. As someone who came around a little bit later in the game, what advice would you give to newcomers breaking into IT and cybersecurity to learn the tech, the knowledge, the acronyms, things like that?
Speaker 2:For sure. The first thing is to pick a subject that you want to know and watch a ton of YouTube and, like you know, udemy and stuff on it, and the reason being is that you have to build a foundation that you can actually ask competent questions and do things with. There will come a point in your knowledge where something or in your process of learning whatever subject you pick say Python or Java or whatever that you're going to need to debug something. You're going to need help and you're not going to have people to ask. And you need to make sure that you get through those points. One before deciding to actually pursue something before, like signing up for a course or a certification or enrolling in college, and just to make sure that you're actually want to do that thing that you did.
Speaker 2:Because when you're motivated and you start you know reading books and doing certain activities that only that specific niche does, you will then be able to start slowly understanding that vocabulary and all that. But that takes time and you have to have motivation to essentially suffer through it, like your own ignorance, to be able to learn and pick up on all those things, because just Googling you know a certain word and all that won't always give you the context that you need to know for how something interacts with other things and all of that. And so that that context and that understanding only comes with time and experience and, honestly, pure frustration and problem solving. And if you can't make it through those periods, you know, maybe you should take, you know, try, different subject within the security field or you know, adjacent career or something, because I think a lot of people would benefit from just trying out like severe problem solving before jumping into something.
Speaker 1:Yeah, that's, that's fantastic, because it is. I've got some family members, i've got some warriors that are trying to break into the field, or at least trying to understand the field, and don't really understand how they're not able to grasp them on the terminology and how to learn the terminology because it is very difficult. And so when I came up, i understood hard drives and RAM and all these things. I learned it as I went, did my research And again I'll date myself 56 K modems, going to a store, talking with somebody and me and talking my dad or somebody else about figuring out what the hell this shit is. And I did it.
Speaker 1:Now, to this day, can I tell you what a graphics card and all these fucking numbers and shit mean? Probably not. I'm not a gamer. I don't understand the gaming aspect of things, but I understand. Hey, if I have this much memory and a piece of software uses this much memory, then I know how it's going to interact. I know how these things are going to work. So, valid point It is very frustrating.
Speaker 1:You got to do your research If you, if you see something like RAM. Okay, what does RAM mean? Well, it means random access memory. Okay, what the fuck does that mean? Well, it means that this is temporary storage. This is da, da, da, da. So it's gonna.
Speaker 1:You know it takes a lot of research, so completely understand. Thank you, olivia. That is very valid and everything you said And you're not wrong. It is very frustrating for anybody new breaking into the field. It is very frustrating especially if you don't understand hardware, it networking, operating systems. It can be very be very difficult to understand the security aspect of things, because how can you do a buffer overflow if you don't understand how RAM works? Just saying, how can you SQLI if you don't understand how SQL works and SQL statements, all these different things? So it all goes hand in hand. You have to understand your target and what you're trying to do.
Speaker 1:No saying that It is Freya's day, it is revenge of the fifth, it is Cinco de Mayo. I truly hope you all are spreading chaos and love throughout the world, because that is what we do here Motivate each other, love each other, show each other some support. Olivia has been amazing, absolutely amazing, and without her it would have just been me, and I know y'all love this beard. I do, i do I need a straightener, but I know y'all love this beard, but otherwise, look, i love you all. Please be sure to tune in next week to another amazing episode, the security happy hour right here on Cyber Warrior Studios. I am the Cyber Warrior, i have with me my guests, olivia Galucci, and I will see you all next week for another amazing episode.