How about we celebrate together? We've recently hit 4,000 subscribers on YouTube and we've got an enlightening discussion lined up for you! Join us in a vibrant exchange with Griffin, Bill Eck, and Misha where they share their personal journeys into the world of cybersecurity. Hear the inspiring stories of Bill's progress with the Cyber Defense 101 course and Griffin juggling a full-time job while delving into cybersecurity studies. Plus, we answer your burning questions, starting with Carrie's query on finding free and effective resources to kick-off a cybersecurity career.
But there's more! Ever felt overwhelmed by the job search process? Even with experience and certifications in hand, finding the right fit can seem daunting. That's where Misha and Christine come in. They share their insights on the job hunt process, providing advice on how to remain persistent and accept that sometimes, any job is a good job. From the power of Python to the benefits of writing down your notes, we cover the techniques that'll help enhance your learning process.
In the final part of our celebratory episode, we discuss how to navigate the unpredictable waters of the cybersecurity industry. We talk about the significance of hands-on experience, networking, and consistency in molding your personal brand. All while exploring roles beyond pen testing and the pivotal role communication plays in our field. So, join us as we navigate the complexities of cybersecurity together, learning from each other, and utilizing the resources at our disposal. This episode is a treasure trove of advice, insights, and personal tales that will inspire and motivate anyone with an interest in cybersecurity.
Support the show
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
How about we celebrate together? We've recently hit 4,000 subscribers on YouTube and we've got an enlightening discussion lined up for you! Join us in a vibrant exchange with Griffin, Bill Eck, and Misha where they share their personal journeys into the world of cybersecurity. Hear the inspiring stories of Bill's progress with the Cyber Defense 101 course and Griffin juggling a full-time job while delving into cybersecurity studies. Plus, we answer your burning questions, starting with Carrie's query on finding free and effective resources to kick-off a cybersecurity career.
But there's more! Ever felt overwhelmed by the job search process? Even with experience and certifications in hand, finding the right fit can seem daunting. That's where Misha and Christine come in. They share their insights on the job hunt process, providing advice on how to remain persistent and accept that sometimes, any job is a good job. From the power of Python to the benefits of writing down your notes, we cover the techniques that'll help enhance your learning process.
In the final part of our celebratory episode, we discuss how to navigate the unpredictable waters of the cybersecurity industry. We talk about the significance of hands-on experience, networking, and consistency in molding your personal brand. All while exploring roles beyond pen testing and the pivotal role communication plays in our field. So, join us as we navigate the complexities of cybersecurity together, learning from each other, and utilizing the resources at our disposal. This episode is a treasure trove of advice, insights, and personal tales that will inspire and motivate anyone with an interest in cybersecurity.
Support the show
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Welcome everybody. We are back with another amazing episode of Security Happy Hour. I am the Cyber Warrior. This is Cyber Warrior Studios, and you know how we do, so I gotta be honest, this show is for all of you. Alright, this is my celebration party because of you, my warriors, my family, so it's gonna be an amazing episode. A lot of things are planned as far as it's Q&A, so I'm hoping everybody came with questions. We've also got a lot of guests that are gonna be coming in and out, so enjoy and, without further ado, give me about 10 seconds and we'll be right back. And we're back, and now, because we are back, hold on There.
Speaker 1:It is the official sound of Security Happy Hour kicking off, and we are here, and so the first two to jump in this evening are my buddy, my brother, griffin and Bill Eck, and I did post the link in YouTube, so anybody on YouTube that wants to jump into the stream, feel free to jump on. You're more than welcome to join us. Otherwise, look, it's great having you guys here. The reason for this episode is we finally hit 4,000 subscribers on YouTube. Woohoo, woo.
Speaker 1:First and foremost, though, i want two things to happen. I want any questions that you have. Post them in the comments, put a cue before them. I'll save them. We'll try to get them answered as we go along. We do have more people joining us later on. I know Misha is supposed to be here, so hopefully more can join as well. Now, bill, you and Griffin both you were here before me, so I don't know who was here first, so we're just gonna start with Bill, because he's too left. Bill, since you've been on, have there been any major changes to your situation, like what do you got going on recently, and do you have any questions for anybody?
Speaker 2:No, you know, honestly, i've just kept studying, like I've kept going, and I haven't. Nothing major has changed necessarily. I'm like three quarters of the way through, like the TriHack me, what is it? the Cyber Defense 101, there's two of them. I'm through the first one, half or three quarters of the way through the first one, and I mean it's taking me forever, but just keep on chugging along, you know, and that's what you can really do right.
Speaker 1:It's a learning journey and everything is a journey. You know you make your own choices in life and you figure out how you want to get. You know where you want to get to, and not everybody is going to go about it the same way. So as long as you keep pushing and keep growing, that's what's important. So it's good to see that you're still at it, though, because I know a lot of people at a certain point they hit that brick wall and they're like I'm done, like I can't do it anymore. I'm done, and I hate to see that. So that's kind of the purpose behind this show and a lot of the other content I do is to keep you driven and keep you moving forward. So I'm glad to hear that you're still going. Grimfram, what about yourself, man? what you got going on recently?
Speaker 4:Oh man, you know, just still doing the grind. You know I still work full time and then, you know, still study here and there. Same thing, you know, whatever it is, I find TriHack me actually just took a great training session this week from Anti-Siphon, So they had a really good. John Stran had a great class this week. I also took another cloud class they had back in March. So, yeah, just keep finding stuff like that And I shared as much as I can. So you guys follow me on Twitter, I share it there, or LinkedIn.
Speaker 1:So order the Discord server cyber warrior studios. Yeah, I'm working on that too. I'm a free robots.
Speaker 4:Man, i'm just going to start spamming that stuff.
Speaker 1:Yeah, there is someone that does it for, like all the stuff they share on LinkedIn, they share a post on there.
Speaker 1:I forget who it is, but there's like one or two people. And then we got CyberSecDanny that does the same thing anytime she puts out a video or whatever. I mean, everybody knows my server is free to people promote themselves, their content, training, you name it join the server. Everybody's putting something out. So I love having anybody share any of that knowledge, because that's what it's about is giving people the opportunity to learn and grow, and hopefully it's free and or very minimal cost, just because I know that's a struggle A lot of people are finding today is they can't afford to go to college or they can't afford to take a bootcamp or something like that. So the free training that, like KevTech IT support puts out TCM is always doing like a dollar pay, which key and that type of stuff. Black Hills InfoSec has a ton of stuff out there. So any learning you can get, anywhere you can get it is very, very important.
Speaker 1:Before we go any further, though, i do want to say hello to all of the warriors in chat. Currently, we have hit 4000 subscribers on YouTube, like I said earlier, which is why we're here today Jack, amanda, james, giles, giles I'm a probably butcher his name, he's on LinkedIn. Carrie, adrienne she's going to kill me. She's coming on next week. So who knows Carrie? James, natalie's here. Natalie, welcome to the party, as always, and I think I hope I got everybody.
Speaker 1:But we do have a question. Our initial question comes from Carrie, and he tends. He's always trying to find something that works and he's shrugging a little bit. John Good in the house. John, we're celebrating 4000 subscribers. You are more than welcome to join. Mary, hold up You know what? We got more people jumping in here. Let's do this one more time. There we go. Anybody that wants to join, click the link that I just sent. So we got Carrie. I have been throwing stuff again. I'm going to see what sticks I have the A plus and have tried to do freelance or computer repair. Why can't I find anything for work? I have my saying on that. Bill Griffin, one of you want to chime in first?
Speaker 2:I mean, you know it sounds like you're trying to almost run a business and advertising. Get your name out there, talk to people, make up some kind of a brand for yourself and start advertising, because if people don't know you're doing it, they're not going to use your services.
Speaker 4:Yeah, yeah. Even if you're trying to do some consulting or trying to contract stuff like that, it takes a lot. I mean, even somebody like myself has been doing this for over 10 years. It still takes a long time A lot of applications, a long time to find the right position or even sometimes just to get a response because they're getting so overwhelmed with so many applicants. So sometimes you just got to keep at it. You got to keep applying and keep trying and eventually you'll find the right match.
Speaker 1:Yeah, definitely, and that's one of the biggest things. Right, a lot of people give up because they feel that heartbreak and they don't know how to deal with all of the rejection because it's going to continuously happen. One of the things about it is you have to be able to fight through that And, kerry, i'm going to knock you out if you keep talking like that. So we're going to talk about it here in a second.
Speaker 4:But it is.
Speaker 1:It's a fight and you have to continue to fight, and so your network is very vital, and Kerry is one of the ones that has a lot of branding that he's been doing.
Speaker 1:He's been promoting his training and things he's been doing and stuff like that. So it's just going to take time. And, kerry, i love you man. You've been doing a lot of amazing things. You just got to keep at it. You cannot quit Now. If you're just looking for a job, that way you can get to IT eventually or cybersecurity and, yeah, go work it. You know Best Buy or Geek Squad or whatever, until you can get your foot in the door somewhere and you're still collecting a paycheck. But if you're literally able to survive without a job and can keep training and keep growing your network and keep branding, then that'll carry you further. And so it really comes down to where you're at financially and what you need to do. I know for myself when I retired out of the Army even before I went active duty, i wanted to start a business and I had been trying. I realized two things. One, i suck at cold calls because I refuse to do it.
Speaker 4:I hate that.
Speaker 1:And two, i'm not really as much as I can do sales. I did it for a good portion until I went into the military. I don't like it, i don't like trying to sell someone something. You know, i like motivating people, i like talking to others, i like developing a rapport and just communication and that almost friendship between people. And so, yeah, me personally as a salesperson I couldn't do it, not for my own business, because then I feel bad. If, like, i'm hurting a friend, i'm like, oh yeah, it's going to cost you 10 grand. And at the same time I'm like, is it really going to cost them that? Like, should I really be charging that? So, yeah, it's just. I was horrible at it, like even computer repair. Like when I did that it was like, oh, $25 and I'll replace your hard drive. Sure, you just buy the hard drive, i'll replace it for $25.
Speaker 2:Like I used to do that type of thing.
Speaker 1:So it's difficult. But yeah, kerry, i would get into a job and then keep working to get to where you want to be. And I'm going to hide this comment now, or this question, because I do want to touch on something that I think we suffer from immensely here in the US, and that is when you're out of work. You will continuously apply to other places to try to get into that same field or that same position or a higher position, and then you'll go broke because you refuse to work a job that you feel is beneath you. So guess what, if you've got to put food on the table, if you've got to keep a roof over your head, work whatever job you can find, look, i'm all for you, keep pushing, you keep driving, you keep going.
Speaker 1:But if you don't have a job, there are ways to make money without being in your career field. There are ways to work that'll bring in funding so that you can keep a roof over your head. So here in cybersecurity, you want to do cyber. That's great, i'm all for it. Let's keep up the drive, the determination, the passion. But you might. If you're not getting your foot in the door and you've really got bills to pay. You might want to go work somewhere else, and still you can get your foot in the door And you're just gonna have to grind and it's gonna suck and your mental health is gonna suffer. Don't get me wrong to burn out is real, but until you get to where you want to be, where it'll make you happy, you're gonna have to push through. You really are, yes, especially.
Speaker 4:Yeah, especially when you're starting out, you got, you really got to take, i hate to say, but you got to take what you can get. You know, i, when I, when I was going to school, when I first got out of the military, i went back to school and And you know, i literally took contract jobs that were like hey, you're gonna move these computers around and these deaths around for Yelp, and I was like what that's? that's stupid. Okay, whatever, want me to move computers around the same building? okay, whatever, it's stupid crap like that. Like, just Sometimes you just got to take whatever you can get. I, you know. Then I took an analyst job. You know you just got to take whatever you can get and you keep applying and then you know eventually that That opening will come. You know you'll get into a knock or whatever you're trying to get into, and you know You just got to keep pushing. But yeah, i mean, the average is six months, the average six months and.
Speaker 4:Sometimes it's longer.
Speaker 1:Yeah, definitely. And on that note, you know, when I retired out of the army and I'll just be honest I retired with like four sand certifications my CCNA, ccna, cyber ops, my CCNA. I have more letters after my name than a lot of people do and yet it still took me Six to eight months to find a job in security. And you want to know what my original starting salary was? $60,000 a year, it's like 62 $62,000. So for all these people breaking into cyber security that are like, oh yeah, i'm gonna make six figures homie, better humble yourself and realize you might have to start out at the bottom. There's gonna be nothing. Even my second job only started me at 90 something. So I did not break six figures for a few years after retiring and having certifications and Took it.
Speaker 1:I even had my sister jobs, yeah, yeah so you have to humble yourself and And and really understand that it's gonna take a while, but before we keep going, i do want to welcome hold on. It says Misha and Christine. What's going on, friends? how you doing? you're muted, you're muted.
Speaker 5:Sorry, I'm. The dogs are barking so we're hiding outside, but they're trying to get. We're keeping you to get everyone's now.
Speaker 1:Yeah, so how are y'all doing today? Okay, so who's Christine? We've never met Christine here.
Speaker 5:So Christine, my friend, i've been friends with her since I was like two years old. Yeah, i used to babysit.
Speaker 3:Michelle.
Speaker 1:Oh jeez, oh, i'm sorry, i'm sorry, we're both working on the same thing, Sorry go ahead.
Speaker 3:I was gonna say we're both working on the same.
Speaker 1:Track bachelor's degree Okay.
Speaker 4:Okay.
Speaker 1:Awesome, misha. By the way, i love your hair. That is awesome.
Speaker 5:The camera at like 20 pounds. So I'm just gonna like.
Speaker 1:We need to admire the green hair. I'm just saying you got to stay in frame. Yes, that is Misha. Misha, sacred goddess, because I still can't pronounce your name until you come on in like two weeks. She's gonna rip me a new one. So Christine is someone of this one, for the same degree as Misha. Yeah, what struggles have you found, just learning the industry and learning the field?
Speaker 3:I Kind of feel like I don't know anything. you know, even Even though I'm in my second year, i still feel like I I'm a total newbie to everything.
Speaker 1:Yeah.
Speaker 3:Because there's just so much information that they cover so quickly. And then I feel like, you know, in IT It's so vast that I feel like I have to know everything, even though I know I know I don't, so I'll start to get distracted. I'm like, oh, what's that shiny thing over there and start learning that you know. And I feel like, do I need to learn all of the comp Tia books and you know?
Speaker 4:Don't worry.
Speaker 3:You know, in my world.
Speaker 1:You can't even finish it. If I can make it through like three chapters of a cyber book, I'm doing good for myself.
Speaker 2:I've got like half a dozen books that I can look and it's like they're all between 23 and 28% done.
Speaker 5:I.
Speaker 4:We're not gonna talk about my collection of digital and physical books.
Speaker 1:Fiction I can read, like I will read, i get immersed in it, like literally it consumes my entire. When you talk about hyper focus, you look at the Harry Potter series, lord of the Rings, percy Jackson, any Rick Ray Orton book. I give you a slew of like magic and fantasy books that have consumed my entire existence. But you give me learning books. They always throw out a new topic where I'm like oh shiny, i want to learn this.
Speaker 3:You know, and I'm right now taking a Python class, but I learned C a while back, so this class I'm just kind of like, oh, this isn't really developing.
Speaker 4:So much better learn Python.
Speaker 1:Python is English friendly. Yeah, it is not programming. Well, i say it's programming. It's not programming friendly if you learn like CC plus, plus and your other object oriented languages earlier, because then you're confused. Yeah, it's like writing a million lines of code and see, you can write the exact same thing in about ten lines in Python.
Speaker 4:Yeah, It's so much friendlier, yeah.
Speaker 3:Yeah, which which I appreciate, because then a lot of what I'll be doing is reading other people's code. So it you know we'll be a lot easier and faster and well, isn't that what everybody does?
Speaker 1:we just deal code, we don't. We don't write our own back over. Flow for the win, or these days, crew go to chat GPT.
Speaker 4:Yes, I'm going away.
Speaker 1:Hey, can we a Python script that will do this? That all right, cool, yeah, but then remember you gotta make put your comments in, because if you don't comment your code I want to flap you. I have, literally will pick up, no comments going. What are you doing? I don't even know what you're trying to do here. Yeah, and then you actually got to clean it up because a lot of times they don't give you the most efficient, but that's that overflow. Also, they don't always Give you the same.
Speaker 3:When I learned, see I, and then look at it weeks later and have no idea what I was looking at if I didn't put comments.
Speaker 4:Yeah, yeah, sometimes the comments are for yourself, Yeah.
Speaker 1:I've done that hold up. I have. I have a GitHub repo out there to this day. That it was. I was building a GUI for Kali Linux, and By that I mean I wanted everything in one click, point. What in the IP address? it would do anything. You told it to. You didn't have to know any commands, you didn't have to know any switches, just tell you. Tell it what you wanted to do and it would do it. And I've started it.
Speaker 1:I got the GUI built semi the way I wanted, and then I like stepped away from it. And I did, i commented my code. But then I went back to it and read my own comments and was like Still don't understand what that? Like had I finished it it would have been golden, but I didn't finish it. So, literally, looking at it, i'm going, hey, it's Python, like 2.7. Maybe 2.6 when I started it. And I'm like none of us will work now. What does this do? There's promise to tell you what it's supposed to do, but I don't know how to fix the commands to Make it do what I want.
Speaker 2:I take notes, like when I'm doing my security plus Udemy class. Yeah, i'll go back to like a couple days later and I'm like Got the idea because the notes aren't gonna help.
Speaker 3:I hand write everything like that's how I women is just writing stuff out. So Well, well it's a good.
Speaker 1:It is. You learn by writing, and so for everybody that types And I'm guilty of it I will type notes. I will go open up one note or cherry tree when I was doing like my OSCP and stuff and type things out. But I didn't necessarily learn that way and, and what I find is, in school I always learned because I was forced to write. You see, unlike kids of today Me and I'm sure everybody here growing up You didn't have a computer, a phone, a tablet or anything. You literally were writing shit down, going okay, so X plus Y equals this, and We're gonna write it all down and figure it all out. And so it helped reinforce it.
Speaker 1:Now with ground books and iPads and phones and everything else, it's brutal. Oh Oh, someone else came to join the party. Brad, brad proctor is in the house. Let's change your background a little bit. There we go. Now we have the logo up there, since you know I got enough people here that it'll actually split the screen wide enough. Oh Man, but yeah, so it's crazy writing stuff down. And then what you do is you have to teach it. That is the final step in the learning process is to teach it, because if all you do is write it down and take some notes or whatever. You kind of miss out. But if you teach it, then Now you're reinforcing the idea and you're learning more, because sometimes when you teach it, you learn more than What you originally understood. And me shine really getting tired of you hiding yourself, dammit. You better put yourself on, can. Everybody's asking for your green hair and Mohawk and amazing self to be on.
Speaker 5:It takes a lot for me to be in front of the camera because, i mean, i've said it in the chat But like I am in the process of you know, like losing weight and I know. We've had conversations Trying So everybody.
Speaker 1:Keep showing up every so often. He got you. You've been on.
Speaker 6:It's almost been a year actually. Been good, been good 4K.
Speaker 1:Dude, it took me a while. I'm trying to get the 5,000 before October 1st. So that means I need all of my warriors to start sharing shit and letting people know where to find us, because that's what it takes. Honestly, i can only do so much. I'm not as good looking as some people, so I need others to be like oh yeah, you actually want to listen to him. You don't have to look at him, you just want to listen. Like I really need that love. But hey, i'm trying to hit 5,000 before October 1st, so hitting 4,000 a day. I was on my way back from New Jersey because I was at an Italian conference in New York yesterday. So I was on my way back from New Jersey and I was like, pulled up YouTube studio and it was like 4,001 and I was like, oh, we doing something big today, let's go.
Speaker 2:When do you get a plaque? Like when does YouTube send you a?
Speaker 1:You know you should send your beard out to do all the hard work for you. Look, my wife made me cut it down. I mean it's like short for me. I'm not happy with it. She got mad at me. She's like you really need to trim that. And so I go talk to the stylist and she was like how about an inch off? I didn't realize how big an inch was. It was too big.
Speaker 1:Oh, you know, Nope too much on And my beard an inch is a lot, No no, you could have your beard off.
Speaker 4:That's not cool.
Speaker 1:That's about what it was. That's about what it was. Looney Tunes, you better spare some damn time. I know who you are Me and you gonna be fighting. So, brad, what's you been up to, man, what's work got you going on, and things like that.
Speaker 6:It's been fun doing a lot of maritime work of recent Oh yeah, and so maritime cybersecurity, it's a completely different world.
Speaker 1:I believe it Maritime's a little wild. Oh, here we go, james, put in here. I broke down and brought out the sticky notes pen and started making notes in the Hunting Cyber Criminals book on OSINT. It does help. So, brad, we've been talking about written notes and writing things down. Do you prefer writing things down or do you take the IT cyber way, like I tend to do, even though it doesn't work, and type up notes and things that are going on?
Speaker 6:If I were to write it down, i can't read it, so I type it because then I can read it.
Speaker 3:Oh man.
Speaker 6:So no, I do not write it down.
Speaker 1:Dude, i can read my own writing, but that's because I write in all caps, like lower caps, little caps, but all caps, like my writing is legitimately all capital letters. And so it's funny when people are like, oh, you gotta write this, or they're like, hey, you gotta use cursive, and I'm like, mm, i can do cursive, but it's gonna take me about 30 times longer than just writing it out in capital letters and just making it flow for me.
Speaker 2:My job is cursive right now And I'm like hold on, i gotta Google this and figure out what to. yeah, it's when she's trying to give me to spell some big word for her. it's all bad, it gets Googled.
Speaker 1:It is Dude, i've Googled math. I love math. I know numbers very well. Most people I won't say all people, but most people in IT and cyber are really good at math. And it had been years since I touched algebra and my son came to me and was like hey, how do I find the slope or this at the third of this? And I was like to the Google.
Speaker 5:I love math until my nephew was asking me how to do something And I was like 10 plus 10 is 20. But you just add it. I was like no, you have to do this, we have to go this way. I'm like this isn't math anymore. Like right, it's the most confusing thing I've seen in a long time. The way that you do math.
Speaker 1:But I feel that way about programming languages. I do. I feel that way about programming, about cyber, Like there are certain things that people will do and companies will do And I'll be like you know, it was so much simpler to just do it this way. And they're like oh yeah, but you do this and then you use this red jacks code and then you do this and then you do that, And then it gets to here and you're like I don't get it, How'd you get that?
Speaker 5:That's the problem that I think we're both having is, she knows a little bit more about programming, but I don't know anything about programming. And just going through my courses right now like my next course that I go through is networking, i think And they just sort of throw you in, Yeah, and I don't understand any of this. And then you go down the rabbit hole and that's where I start getting overwhelmed, like what do I need to do to just not overwhelm myself and not get too far off the topic that I'm learning at the time? But then what am I gonna need in the future? So I'm not like stepping backwards either.
Speaker 3:How much of it is actually relevant to the work we'll be doing. You know just this enormous amount of information that you're like wait, i remembered protocol 4443.
Speaker 1:Yeah, got it. So all right. Once again, if you have questions, please put them in chat, put a cue before them so that I can actually recognize questions and not just comments. But it was funny because John put up here as we're talking and we did mention chat GPT earlier. Who needs the program anymore If you have the correct information and chat GPT will solve all the problems, which is actually pretty hilarious because there's a lot of issues with chat GPT that people don't realize. Mainly, it does store your information. If you give it the right question, it'll actually spit back everything it has on you, which is interesting.
Speaker 2:If you ask it like are you Skynet? I mean, it responds amazingly fast with no, when it's, like you know, back to the back of your banner, it's responding with that, which is hilarious.
Speaker 1:Oh yeah, brad, what about you? What's your take? We haven't had this conversation on this show yet, so, brad, as the newest one here, what is your take on chat GPT?
Speaker 6:So in my world so I live in the compliance world the current data set is about two years behind Or it's behind. So if you ask it any compliance questions, a lot of times it's off because it's out of date. So one thing that I've discovered it can do is, if you have information, you can tell it to summarize something for you. If you tell it to summarize, it kind of gets in a little bit of a shorter format. You can summarize give me bullet points, give me key topics, right Dude, mundane work for you, in other words.
Speaker 1:I think it'll lie. My extent of using chat GPT was I got tired of using Google and went there and said give me some Norse quotes that I can use for motivation, and it gave me stanzas from the Hava Mall and a few other things. That was my extent of chat GPT. But my buddy did a lot of other digging and that's how I found out it actually stores your information, even though it says it doesn't. Misha Christine, yes, what is your feeling on chat GPT? What have you noticed? Have you played with it at all? Have you logged in, used it Anything?
Speaker 3:like that I've never, used it No.
Speaker 5:I know of it, but I've never used it. I've watched people use it, but it's never. It's not something I need to look at yet or even think about. No, i'm actually very. I am that person who is worried to try something that I don't know if it's, if it's like the try hack me stuff that you sent me, like I haven't even touched it yet, because I am like I want Misha.
Speaker 1:I was wondering why only one person used the code so far.
Speaker 5:I can do it tonight, i just but it's the but I don't know what any of it is. So it's that concept in my head like am I wasting my time signing up for something and doing something right now when I don't know the information, or will I learn from it?
Speaker 1:You will learn. So I will say this, and first I'll message John Goodch comment chat. Gpt is a learning computer enter Terminator. He's not wrong. Skynet's coming, don't get it twisted. But as far as try hack me, try hack me. And this is why I've given others that are brand new to the field the codes as well. I mean I'm glad a lot of brand new people want them is because it is meant for you to start at the bare minimum of knowing little to nothing. Like you want Linux basics, it has a whole core like courseware that you can go through for Linux basics and it explains it to you and you can go through it. Actually one of the things I might look at is over the wire and see if they have any gift codes or whatever for so that actually I think it's all free.
Speaker 4:I don't know, i thought it was free Yeah.
Speaker 1:I know some of it's free off the look because if you do over the wire, you literally learn everything about Linux. As far as basics go, bandit is the one you want to do. It takes some stuff Well, they have different ones but Bandit will get you all the way up through, like SSH and a few other things. But yeah, try, hack me. You pick your room, You want to do Linux basics. There you are. Literally every flag is about the basics.
Speaker 5:Well, sorry they're trying to run behind us. We'll see. That's the thing Every Friday when I'm watching everything, like you should see the notebooks that I have sitting in the house, whether from people that are on or what you guys have thrown in the chat of like just things to look at or things that you guys have used, but again, it's one of those.
Speaker 5:There's so much stuff I it can be a little But you guys talk about it, but none of us I don't think that are in the beginning stages would know what we are able to jump into and learn from, and that's where it's hardly.
Speaker 2:I like it narrow And Googling it makes it feel overwhelming.
Speaker 1:I don't disagree. I got a friend right now She's in the chat I'm not going to say who she is Who's struggling from the same thing, right, just breaking in, doesn't understand the acronyms, doesn't understand what's being said, because even in some of these basic courses don't throw out like TCP IP, right. Well, what the fuck is that Right? What the fuck is TCP IP? And so that is where and Natalie said it Amanda, i was not trying to call you out, damn it, but okay, it was a I love her to death. It is her, she's my sister, i love her. But Natalie said that's where mentors come in to help you. And, yes, that is where someone like myself Griffin, brad, natalie, john Good and so many others will come to you.
Speaker 1:Come to us and just ask us questions. What does this mean? What does this mean? What does this mean? I have no problem answering those questions. There are two reasons. First, it means you've already decided you're gonna dig in and learn and you're asking for an explanation. I can give you that. The second thing is you're not asking me how do I get into cyber? Like, if you ask me how to get into cyber, i'm going to lose my shit. Nine, 10, 10, 10.
Speaker 6:Because it is a vast career field.
Speaker 1:you've not done your research yet, which means you're already behind the eight ball, because research is the primary focus of cyber security. So that is why I say, if you're gonna come to me and ask me a question about a topic or about an acronym or about, can you explain this All day? But if you ask me something as broad as how do I get into cyber, i'm like where?
Speaker 5:have you done your?
Speaker 1:research Any research.
Speaker 5:It's just password stronger than one, two, three, four.
Speaker 1:Right. Like just a hand Hey look password one, two, three works great Never.
Speaker 2:I think a better question would be like where to start, because there is like you could search cybersecurity on Google or on YouTube And I mean you're just gonna get a ton of information And that's like So I think even that question is loaded, though.
Speaker 5:Where do I start? Because, if you like, i came in knowing that not what type of thing I want to do like last week when I was asking about like open source and offensive versus defensive, et cetera, et cetera. But I know that I've worked in healthcare for so long, so more than likely I'm gonna stay in healthcare, so it goes to that. Do I wanna stick towards more like ethical hacking and stay on this side of things? Do I wanna stick in more of the analysis side of it? So that's why I think it's still this where to start is a little bit, because it's still so much information.
Speaker 1:So this is where and this is where me and you need to have a further conversation. Me and you actually have to have a talk, because where Amanda looks out and she put it right here I don't want to discover where she should be going into the field because of where she specializes and what is she she is really good at. So I was able to talk to her and be like, yeah, you should really do this because I knew what she was doing. I knew what she was good at and it just resonated with what we do in this industry in a certain sect of red teaming. And so for you, i think me and you and even Christine or Bill, need to have further conversations on what's gonna resonate.
Speaker 1:What are you doing now that could potentially lead to a future career? Because I think those that are just getting started that's where they struggle is they don't know. Because even if you know every area out there, you don't really understand every area out there. So trying to figure out where to go is like let's start on blind forward and just throw it.
Speaker 5:Well, like what you guys mentioned the past few weeks too, is finding out where to go. But also finding out where to go when you are already in a field, like I've been a pharmacy tech for eight years now. So it's one of those. I can't afford to step away from my career that I'm at, even though I'm in a career change mode, and then I go and we are actually just talking about it earlier, like I've got be proud because I reached out to somebody. I reached out to a cybersecurity manager at the clinic to say, hey, can I just sit with you and get some information about what it would take to transfer from a pharmacy technician just a basic position in the clinic? And it's one of those like cause, if nobody knows anything and they don't have a job, maybe IT to help us just to get in the door? Well, i've already got the healthcare experience, so where can I move into to build onto that?
Speaker 3:And that's where I'm stuck, yeah, and then also, once I finished this degree, is the bachelor's degree enough on a resume for somebody to give me a chance? You know what I mean. Or should I be trying to get certifications as well?
Speaker 1:So here in lies the problem, and Griffin can be, brad can speak to this for sure, both of them. Bill is still trying to break in as well, so he's gonna. I'll allow him to have his input as well. But for me, i'm hiring a senior person. Right now, at stratoscale, where I work currently, i'm a practice manager. I'm hiring a senior person And I had an HR person come to me and there was like three of them And they said okay, so what should we be looking for?
Speaker 1:And they said you know, degree certifications, dah, dah, dah. Now I know what I'm looking for. I'm looking for someone with a certain set of experience And unfortunately, at this point in time, it's with a certain product And I was like look, i need someone with this product experience that can do this, because this is where we're closing deals, this is where I got business, so this is what they need to have. They said well, what about degrees and certifications? I said I don't give a name, i don't. I'm at a senior level, at a senior level, which is what I'm currently hiring for. I don't care about your degrees and certifications, i care about your experience, because you can be certified in something and never touch it again.
Speaker 1:Hello, i've got a gram and I haven't reversed engineered malware and probably since I got the certification. So the certification means nothing to me. What means something to me is what you've done recently, now as a junior, as someone just breaking into the field. What a degree and or certifications, or your LinkedIn or your YouTube channel or your blog show me is you're willing to learn, you're willing to grow. That is what matters to me. So if you don't have a degree, if you don't have certifications, you better have something else out there that shows me you're willing to do the work to get into the field. And certifications aren't everything. Let's be honest. Most of them are memorized. This shit answer some multiple guest questions and you got certified.
Speaker 3:Right, it doesn't. You know, like on the job, real world experience is gonna teach you a hell of a lot more than any certification world. But if you have had zero experience, you're trying to get that job.
Speaker 1:Those, those paper gives you, gives you that baseline knowledge of being able to do it. But I'll let, for starters, I'll let Brad chime in first. Brad, we're gonna go solo with you. Go ahead, give your feedback, man, let people know what you think about juniors and you know how they can kind of break into the field.
Speaker 6:So one thing is I've hired several juniors on my team And one of them in particular, very, very young Now. He had the advantage of starting in cybersecurity in high school and doing cyber patriot And the one thing that stuck out is his networking. I don't mean technical networking, I mean people. His ability to talk to people, to understand, to empathize with the individual they're talking to is a huge skill on the soft skill side that people ignore. If you, if you have that and if you have every, all the other parts where you're showing or willing to learn, you're showing enthusiasm, you're reaching out and asking for help, That goes a very, very long way.
Speaker 6:Now, certifications, they do help. Again, it shows that you want, persevere to get something and then you achieve it right. Any organization you go to if you go to one security operations center and you work there, they're gonna teach you their way. If you go work for another one, they're gonna teach you their way. While it's somewhat similar, there's different processes in each company, So you're going to learn on the job. So it's kind of a mix, but I would say continue to stick your neck out there Like just getting one things like this getting yourself recognized, talk to people and ask questions.
Speaker 3:Awesome.
Speaker 1:Yeah, definitely, i completely agree with that, and I'll give my input as to what you said after I let Griffin go for someone who has been in the field for a while. Please, my brother, go ahead and speak your piece.
Speaker 4:Yeah, i agree with that. Sometimes there are a lot of people that are doing that, unfortunately, that are getting the degrees and don't have the experience, and so sometimes it's a combination of the degree plus experience. Like we said, certifications can help. It's definitely not a requirement, especially for junior roles. Doing the extra mile we'll say that We've talked about that before right, doing the trihac he's writing a blog post about it proving that you're willing to get some experience outside of just what your degree gave you, because, again, even a degree is mostly theory in a lot of cases. So can you show a little bit of extra hands-on knowledge, some more experience and whatnot that you can show is gonna give you that advantage against other applicants.
Speaker 1:Yeah, most definitely. I completely agree, and so this is what I tell a lot of people is networking is key And Amanda is funny because she said there's another dad to my smallest social networking. Amanda, you got a lot going for you that you don't realize. I mean, you have talked about it, so we're gonna continue to build on your skill set and we're gonna get you to where you need to be.
Speaker 1:But for me, networking has always been clutched. It's how I've gotten a lot of jobs. That's what people don't realize. Everybody's like oh, i applied to a million jobs. Look, the first job I got out of the Army. I got because I kept applying and I had the certifications to kind of get in the door and I was able to do the job. I didn't like the job. I didn't like what it had to do with. I had a bunch of issues From the time I got to the job until I got a new job. I had been applying other places Because of my networking is why I got the second job, because whenever I got a call from a recruiter was like hey, we got a company. It wants to interview you for this. The director already says he knows you. What's that name? Or her?
Speaker 1:name Like who's the director. And they're like, oh, it's so-and-so. And I was like, all right, let me figure out how I know him. And I looked him up and I was like, oh yeah, i talked to him for like six months, from six, like from the time I knew I was retiring from the Army until I retired me and him had been talking. And so I was like, all right, so I passed the interview first interview, got the job And then, as I was there for a year and a half think it was maybe year and a half, two years he had hit me up and was like, hey, i got a job for you, same director, i got a job for you.
Speaker 1:You wanna do it? It's gonna pay you X amount of dollars. You're gonna be able to do offensive security and pentesting. Is this what you want? Bet, let's go. Got that job.
Speaker 1:Where I work now he is my boss once again. So networking is key because you find these people and if you put yourself out there and you work for them, they will take you everywhere they go, and nine times out of 10, because they're higher than you, that means they're getting paid more, which means when they get into a place, you're getting paid more, because they're gonna bring you up to get paid with your work. They're not gonna bring you in at base level, they're not gonna bring you in at the bottom, and so that's how you have to go about it. Networking, social networking, linkedin all this is key in your career, and that's why that's why your brand is so important, because had I not been doing a show, had I not been doing so much, i don't think I'd be where I'm at today. But people know me now because I put my name out there. I don't hide like some people me show.
Speaker 2:Yeah, LinkedIn is a great resource.
Speaker 4:Utilize it. It's free, i mean, utilize it. There's people like David Meese that I think at least weekly. You know, say hey, comment on this and, you know, connect to all these other people.
Speaker 1:David Meese, chris Cochran, kevtech. IT support all these people comment on this and connect. I do it every so often. I'm really bad about the LinkedIn follow Friday type of deal. Normally I still stick to my motivation, but yes, that is.
Speaker 2:I wake up on social Saturday and I'm like no, I'm going to my bed. Yeah.
Speaker 1:Dude, my Saturdays are my Saturdays. I'm like, nah, you're lucky if I post on a weekend. On a weekend, i'm like eh, i got family.
Speaker 3:No, i'm good, you gotta have your time.
Speaker 1:Right. So we do have a question here and I want everybody to answer it. So we're going to start with Bill and then we're going to go around the horn. Would you all recommend things like try hack me over Home Labs or the other way around. Bill, I'll let you start.
Speaker 2:D. all of the above? Yeah, i'd like try hack me like it makes it easy because it's already all set up, but then you know Home Labs. you learn a lot when you gotta figure out all the mistakes you made set and dup, so they're both equally as good. I mean, the more you do the better.
Speaker 1:Definitely. What about you, me, Sharon Christine?
Speaker 5:Well, I just learned what try hack me actually is today.
Speaker 3:Yeah, I didn't realize that. Try hack me started at such a basic level until today.
Speaker 1:They used to not Yeah really exciting Right. Yep, they used to not do So. they have expanded. I love what hack the box does, but try hack me was first set of game to be like we're going to do basics, we're going to do the bare minimum and build our way up.
Speaker 5:It definitely is something I see all over, like the people that I follow and like do everything a lot of try, hack me, they push and they comment about it a lot.
Speaker 1:So Yep, definitely worth it. But I agree with home labs too. That's why I pushed KevTech so much, because he teaches people how to build their home labs, how to build active directory infrastructure, how to do all these things, how to be in support. Because, let's be honest, to get into cybersecurity, it's not a necessity to start and help desk or system administration, but it is extremely beneficial Not necessary, but it's beneficial. So take that for what it's worth. Brad, we're going to go to you. What about you? What's your take?
Speaker 6:on this. Being the IT guy originally, i'd have to lean on HomeLab. But try, hack me definitely is a good resource And HomeLab it's made on me. But having that physical touch of a actual infrastructure it makes a difference Because it's somewhere. If we say serverless, guess what It's running on a server Right serverless is still running on a server.
Speaker 1:It's still on. what are you?
Speaker 4:pushing on Somebody else's computer.
Speaker 2:Right.
Speaker 6:I'm just wondering.
Speaker 2:Probably had to Google that the first time you heard it, because you're like, wait a minute, i don't know, i'm just wondering.
Speaker 6:I'm just wondering It's floating somewhere.
Speaker 4:What It's floating somewhere It's just floating out there somewhere.
Speaker 1:Pull it out of the cloud.
Speaker 6:And I think Bill had a great point is breaking things and then figuring out what you did. I mean, that's troubleshooting one-on-one, right? Yeah, if you're doing where you're doing, red teaming, it's kind of like the same concept, right, you tried something. It didn't work, or you tried something else, yup, yep.
Speaker 1:Griffin? what about you, man? What's your answer to this question?
Speaker 4:Yeah, it's again, it's D, it's all of the above. I think, like we said, TriHackMe has come a long ways. They've got a lot more basic intro stuff now. So you can start out with TriHackMe, You can learn some of the basics operating system, networking, all that stuff And then you go build it And I think that's the best of both worlds.
Speaker 1:Definitely, definitely Nothing beats hands on And on that note. So I did a demo qualification with Tany yesterday And I can sell it. I know the technology, i know what it can do, but I had never touched the software before in the extent at which you need to get qualified. Now, whether or not I get qualified, it's neither here nor there. I don't know if I'm gonna pass it. So, yes, failure is possible, even when you're experiencing the industry. Just so y'all are aware, you can still fail. But I told him and the guy was like, look, i'm gonna try to get you to pass, but I don't know if it's gonna happen. I was like, yeah, that's fine, like I get it, but hands on keyboard Hands on keyboard is clutch because I can learn anything by touching it.
Speaker 1:Let me deploy it, let me play with it, let me figure things out. But if you tell me I gotta get certified from reading a computer screen and looking at images or videos, it's not gonna happen. I'm gonna look at it and I'm like squirrel, it's just not gonna register with me. So hands on keyboard is huge. So yeah, so we'll see what happens. I don't have them. Get them unqualified. I'm hoping I do So, then my team can have a lab to play with, but we'll find out. Next question or comment rather well, it's a question too. If someone is hacking on your bug bounty program and brings it up in an interview would, in your mind, be a bonus or a minus? Anyone who wants to answer? So, brad, you're part of a hiring team. What do you think?
Speaker 6:I think it's a bonus. I mean, I don't see any negative with that at all.
Speaker 4:Yeah, agreed.
Speaker 1:Yeah, i mean, i think, for all of us that are hiring managers or are in a position to like even interview people, if you're coming at us and you're trying to figure out our flaws, i take it as a bonus, i take it as you're trying to learn, you're trying to go and you're trying to break in, and we have an active program out there that says, hey, give it a shot, tell me what you can find.
Speaker 1:What I will say to this, though, is, if you point that out, i'm probably going to ask you what you have tried. I am probably going to ask you what tools you've used, how you've tried to go about it, solely because I want to know kind of your knowledge base and where you're coming from at that. If you don't have, if you're just like, oh, i use this tool, okay, well, why? If you can't give me the why, that's when I'm going to be like I need that, why, why SQL map, why this out of the third, then we can have a conversation. But if you're just like, oh well, because I Googled it and it said use this on this type of prompt, why, what does?
Speaker 4:that mean I want to know you understand it, yeah, and not just throw a tool at it. I want to know you understand, yeah.
Speaker 1:Yep, definitely So. yeah, it's a bonus, as long as you can explain it Now. I will say this though Misha, christine, bill, myself, griffin and Brad you have three seniors of the industry here. What questions do you have?
Speaker 2:I'm looking for more in chat.
Speaker 1:I'm sure they're going to come up, but I've got you three here. I have to like when I when I set up a call, or like a talk with somebody for mentoring type stuff.
Speaker 2:I don't feel like sit down and write out questions before. I don't feel like I'm going to be able to answer that. I don't feel like I'm going to be able to answer that. I don't feel like I'm going to be able to answer that. I don't feel like sit down and write out questions beforehand, like I don't. I can't just come up with them off the cuff, you know, and if it is something I come up with off the cuff, i can usually Google it or whatever you know, find it. So that's a loaded question. I have no idea. What do you want me to ask you?
Speaker 1:So here's the reason I asked First, i want Misha and Christine to comment on this, and there's going to be a reason I did this. I promise you there's a reason I did it. but, misha and Christine, what's your response first?
Speaker 5:To him or to you?
Speaker 1:To the fact that I said ask us anything.
Speaker 3:Oh, is Linux used a lot? Is it good to know a lot of Linux?
Speaker 6:Yes, Linux is really fine.
Speaker 3:Yes absolutely.
Speaker 1:Yes. I like Linux. All of us will give you the same answer yes.
Speaker 2:But I'm going to give it to you, isn't it?
Speaker 1:But while here's the kicker, right From a cybersecurity perspective, yes, because you're going to utilize Linux for a lot of your pentesting a lot of tools and things that run on Linux. However, from an offensive perspective, you've got to be able to break into Windows. Yeah, windows still holds the keys to the kingdom for most companies, for just companies, so you have to understand Windows. Also. Linux helps you from a programming and breaking into perspective of being able to use the tools. Understanding Windows will help you utilize Linux to break into Windows.
Speaker 3:Okay.
Speaker 1:It's kind of weird, but if you understand both, you're golden Yeah you also got to understand Mac is kind of an outlier.
Speaker 4:Yeah, okay, i was going to say you also got to understand. Some companies rely heavily on one or the other. Some companies are heavy Linux back-end servers, some companies are heavy Windows servers, so it really just depends. So it is important to understand both and use both, because you may run into both and you can pick your favorite. But sometimes you may just end up at one or the other. You're like, oh, i love Linux, and then you get hired by a company that's Windows.
Speaker 5:You're like oh, okay, well.
Speaker 4:I guess I'm going to get good at Windows now.
Speaker 3:Like you know, it's just the way it is, Yeah.
Speaker 4:You're paying my bills now, so all right, i guess. So Yeah, what about?
Speaker 1:you man.
Speaker 6:And if you're going, if you're trying to attack where the user is, it's going to more than likely be Windows. Yeah, infrastructure is going to be a mix depending on the organization, but you would see a lot of, especially cloud infrastructure is going to be Linux, whereas, depending on the size of the organization, you're going to see Windows at some point And you'll probably be mixed in most cases nowadays.
Speaker 1:Yeah definitely.
Speaker 3:So it'd be a good move to really understand the ins and outs of the Windows operating system, and how to secure it.
Speaker 1:Yeah, because. So here's my thing. And again, bill Griffin, brad Misha anybody who knows anything about operating systems can really chime in on this, even in the comments, if you want to put something in the comments, you know for me understanding both ends of the spectrum. So Linux does a lot And a lot of industries, a lot of companies, especially in cloud and AWS, are using Linux AMIs, whether it's Ubuntu, red Hat, centos even though CentOS is kind of going away, but not I don't know.
Speaker 1:I'm kind of confused on that whole concept right now. You know they're using Linux, they're using a Linux kernel. So being able to understand that and utilize it and break into it and exploit it and do all these things is vital. But Windows and Microsoft Azure is still very prevalent. So if you understand Microsoft, windows and Azure and all these other things, it can only benefit you. Mac OS is the one outlier that, as security professionals, i find a lot more security. People use Mac OS because the company provides it And then loads Linux VMs. The host OS is Mac, the used OS is Linux.
Speaker 1:So unfortunately I'm on an M1 chip right now, so I got to figure out that whole nonsense and how I can go over with my own machines. This is why I love Windows, because I don't have to worry about that. But the M1 chip is kind of a whole different piece. But yeah, yeah, so we got one. Oh shit, all right, so we got three. So first we're going to put sacred goddess's comment up there What would you suggest for someone trying to get their name and face out there in the industry? And we'll start with Bill, because you're to my left.
Speaker 2:I mean, that's like the answer everybody gives you And it's true, like you move people, find somebody that you like what they're saying and message them, talk to them about it. And message Derek, get on YouTube. And yeah, what me? Live, live, live, live, live, live, live, live, live Live.
Speaker 1:Live Live Live Live Live Live Live Live Live Live Live Live Live Live Live Live Live Live Live.
Speaker 5:Live, live, live, live, live, live, live, live, unlike then. But just just being there and just commenting or even sharing posts has been enough just to get people to recognize my name, even in the chat, you know, here in the stream, but connect with everybody here, you'd be surprised. Just, i don't, and I don't think I follow Griffin or Brad or anywhere you know, but I was like when I leave.
Speaker 1:You might, because Griffin is actually. He's been on the show. His actual LinkedIn is on a previous episode, So you may follow him and not realize it, but I Griffin is on his name on LinkedIn.
Speaker 4:Obviously.
Speaker 5:Like just following people and reading through past posts or just past, like in the videos. I've rewatched quite a few of our you know, even my own episode and went back for the chat here just to see you know things, and it sounds really dumb. But the only reason I met Derek is because you know we were in a Norse Pagan group together and it just happened to be me going does anybody here know anything about computers? You know, and then it turned into this. So now and now I've got a couple of people and like I can see any of your guys' names, probably I'll be in the chat and know where you guys come from and what you're doing.
Speaker 5:Um, and it sounds really dumb, but I've been hunting, like at my own job, but Like I did today, it's reaching out, email somebody that you have a question about a job description and Tell them just be honest, like look, i don't know what I'm doing yet, but tell me what you would tell me from your perspective in your field. Yeah, and he got right back to you. Got right, yeah, Yeah, that was awesome.
Speaker 1:How do you think? how do you think Amanda's here? Misha, amanda is here Because she's awesome and I met her through one of our discord servers and I'm a third out there the pagan project community. That's actually how I met her. So that's out there. If you want to go follow him, pagan project on tiktok and we have a website, the pagan project that work. But that's how I met her. So that's why she's here, because we talked and she does ocent and red teaming. Though She doesn't know, she does it. That's what she does ocent and investigations and Finding things out that I can never find out. That's her bread and butter. Like that is golden, great for social engineering, great for everything She does. I could probably I'm trying to link her up a corgi to Get more into that side of things, because that's what they do. Red, what would you say to this question?
Speaker 6:I Think and I fell at this sometimes but consistency, and so what I mean by that is Brand consistency. Come up with a brand, whether it's your name yourself, and be consistent across the board. And When the other side of that is, if you're going to say that I'm going to post X amount of times, do it right, don't, don't stop. And I'm preaching to myself here.
Speaker 1:I Podcast episode on Wednesday solely because I was wondering. Look, it's recorded. I recorded it Tuesday. My laptop couldn't handle the workload so I could not edit it. Posted on Wednesday It'll dog in your homework. It's coming next week. I'm gonna do it. I already got it recording, it's already fine. But yes, i get it completely, if you say you're gonna do something? fucking do it.
Speaker 6:And the other part is is you know, a lot of people say I have to get this type of camera, i have to get this type of microphone. Just start, like you'll get there, just start.
Speaker 1:Yeah, i got a lot of tech Rio in a microphone. That is definitely not a. I mean, i literally paid. I don't even know what I paid for this, i just know it wasn't a lot. It's not a broadcast mic and I know that because I get the cat anytime I pull it in.
Speaker 5:I mean I've got the chat pulled up on my phone. You know it's like it's Do what you got to do.
Speaker 1:Everybody loves it. Guess what the people that are here. They're here for the long haul, so Fuck it. You're all my family. I don't care, griff. what about you, homie? What's your take on it?
Speaker 4:Yeah, so all shifts since everybody else has mentioned discord and what or uh, linkedin and whatnot is uh, you know, go to go to in person stuff. I mean, there's so many Local conferences besides. You know we have a local conference here, um, you know, you don't have to just go to def con, there's, there's plenty of conferences in different areas That are local or or relatively local, uh, to wherever you're at, i promise, if you look, so you know find those, you know check those out. There's um I think I mentioned this before is um, like meetups There. There's so many, so many groups, so many places, so many ways to meet up with people and connect and create those connections. And I mean, i I've recommended that to to a friend of mine to go to the Local conference and go to the after hours, and it wasn't, it was just a dinner thing, but still it was after, after the local conference.
Speaker 4:They met some of their friends there. Sure enough, they got a job offer and they got a job. Like it just happens, like just do it, go meet people, go talk to people, go to these conferences, go to these meetups There. Are there a guarantee? there's some sort of security or it, or whatever Meetup group in your area, you know, check it out. So sorry you got to get outside your comfort zone. You know that, that's just. You know, that's just how it is.
Speaker 1:Yeah, definitely, and, and so I will say one thing, and I got two more questions. We're well over the top of the hour. Just just so, y'all know it's my show.
Speaker 1:I don't give a fuck. So I do have one here though. I got a. I got a gentleman, uh, fully raw, 1991, there is nothing in his area of malborn, australia. I will say this, i put it in chat, i'll say it again started, start a b-sides, started meetup, start a group, start something. Make it part of your community, make it part of your area. If you don't start it, it's never going to get started. So start one. It doesn't have to be anything, it doesn't have to be anything major, but b-sides and b-sides events, dude, if go global. There's actually, i think they're, they are global actually at this point, i think there's some in different countries across the world. Bring one to your area, talk to them, make it happen. B-sides is is vital to our community, it really is. Have you?
Speaker 6:ever? have you ever talked about how b-side started? No, I haven't.
Speaker 1:I actually don't even know how b-side started.
Speaker 6:To be honest, um, so it's uh Company I work for has a fairly close relationship with it. Um Is one of the founders of our company, was one of the visionaries, originally for b-sides. So b-side started as deaf con and black hat started to turn into sales and marketing events, yes, and so you would only get the top talent right or people that were not doing it anymore. They were just there because they were a face or a name, and so they had the idea to create an alternate conference b-sides, like the b-sides of a record um. That was for the people actually doing the work, for the practitioners, and so b-sides is very clear on when you submit a talk that it cannot be a sales presentation. Right, it has to be something that is, that you are doing the work, it's research. You've done a topic of interest, um, and even some b-sides Uh, b-sides natural national tennessee. They did a, a blind cfp, so you submitted the topic without them knowing who you were, and so it's about the idea, not about the person.
Speaker 1:I like that.
Speaker 6:So b-sides is is really, really cool.
Speaker 1:I like that. I like that idea too, because You will see a lot of bias in names and who you are and everything else. But if you can see a topic, then you have. You either accept it or decline it. There's no In between, so they're not basing it on anything. I like that idea.
Speaker 6:Yeah not all of them do that not all do that, but that was no one.
Speaker 1:No, but this is a fan. I think that's a fantastic idea on how they do things. So, so, yeah, um, for fully raw dude, that's a. I ain't even getting that name. Look, it's my show. I'll say Yeah, anyways, start your own b-sides event and malborn malburn, our australia, and it'll. It'll go a long way. I got two more questions and I'm gonna get last words. Um, first one, jack. What do you think is the best way to explain to people that pen testing and sock analysts Aren't the only thing? that is the cyber security Big question, because I've gone around the room before. We're gonna go the opposite way. Uh, griffin, you're up first, tell me.
Speaker 4:Oh he's the best, the best way to explain it. Um, i mean those, those are. In a way, they're polar opposites, right, your pen testing is your, your red side, your sock analysts your blue side, and You'll. You've got to realize that there are so many other positions. There's your g rc. There's your, you know you're auditing your Purple teaming now. You know there's just so many other roles that, uh, that's just barely scratching the surface and you really got to expand your horizons. We're stuck on me, all right.
Speaker 5:You got a pretty face, it's okay.
Speaker 4:Oh, thanks, all right, who else wants to go?
Speaker 1:You're paying attention. You all get the bottom. You got to see who's muted and who's not And who's actually in the chat. Brad, let's go to you. Homie, what do you? what about you? What do you say to this?
Speaker 6:So, speaking of b-sides, they actually gave a b-sides talk Last weekend. Um, and b-sides hunt school. That's around this topic. Where I'm going to turn into this topic really quick. Um Is and I thought the the talk was about the intersection of it and security. Um, and What I did is to to kind of prove that there was an intersection, that that it had more of a role than what people think they do.
Speaker 6:As they took the cis top 18, um, which is just a Framework, that's not a regulatory framework. I mean it's just hey, you should do these best security practices. Um, and what you can do with that and this is kind of an idea I'm coming up with right now as I'm talking, so It may not be fully fleshed out Is read through it, right, read through that framework about how you should secure things, and you're going to find things that interest you. All right, you're going to find things that there's different things in security that you have to do to secure an organization. Um, and we always talk about. I mean, everyone looks at Pintesting because it's the sexy part of cyber security, but if you look at it from a risk perspective of how cis lays it out, it's the last thing you do. There's way more work to do before you even get to that point.
Speaker 1:And so I'm bringing it back down to this solely because micha finally brought the doggie. So That's the only reason why.
Speaker 5:You know, I saw a dog in image. I had to bring the dog Oh the big ones on the ground next to me.
Speaker 6:So So I would just say read you yeah, read through something, a framework like that, where it's kind of an agnostic framework, um, where you look at it and you say, okay, this is what they say and what we must do to secure an organization. Where do the jobs line up with this? Find an area that sounds interesting. There's the whole area for identity and access management. You like to tell the people and their access that might be for you. That's one way to find it and see, because that's going to tell you what the job may look like, what you're actually going to be doing to a certain extent to secure an environment and would you actually like it.
Speaker 1:Yeah, this is. The thing is everybody looks at the active jobs and they look at oh, and I'm not going to lie, soc analysts actually comes after pen testing. A lot of people look at hacking and cybersecurity as I'm going to break into things is big, sexy, i can do this and I can know all the things, but the reality of it is people don't understand. There's GRC, there's SOC or some engineering. There's a ton of different roles out there. There's consulting. There's so many different things cloud security and a ton of different cybersecurity fields.
Speaker 5:The thing with that is, though, is how often is it that people don't realize that that's part of cybersecurity? And that's the thing that I was like oh okay, so that's the I mean.
Speaker 3:Well, i found Stacey for Packers and Heels from watching your show. Yes, she's an organization, because she's amazing, and I just listened to an interview with her recently where her role at the company is insider threats, which is a whole thing in and of itself, and that's the thing you can make your own role.
Speaker 1:Here's what people don't understand. This is what I wish people would understand. And cybersecurity it is one of the few fields that, if you network correctly and people know what you know, you can make your own role. The roles do not exist for everything. You can make your own. People will bring you in managers, directors, SISOs will bring you in based on your knowledge, based on what you know, and be like holy shit, you can do this. All right, you're coming to work for me. You're going to secure this side of my shit And we're just going to come up with a term for it.
Speaker 1:We're just going to make some shit out of thin air. We're going to pull it out and you're going to get paid X amount of dollars. Like, they will do that for you, because our industry does not have rules for everything. It doesn't. A SIM engineer can't engineer anything but a SIM. But you bring in a SOC engineer, You bring in an automation specialist, You bring in an OSIN specialist. They will create fucking rules for you. They will literally pay you Fuku Bucks and just make shit up out of thin air. Like you know what. We're going to give them this title, This one right here. We're just going to There it is. That's your job now.
Speaker 6:Yeah, I would say also don't assume the position is going to fall under a cybersecurity department.
Speaker 1:It might fall under IT.
Speaker 6:It might fall under IT, Especially early on in a program. it's all IT.
Speaker 1:Yeah, it, grc. A lot of people bring in GRC even before they bring in cyber, because they have to be compliant with certain industries and certain standards. So GRC is another huge one. So, understand, these things are big, they're huge, they're all different. And then we got one more and I do want to get this up. And then I want to get everybody's last words. Let's say someone passes the interview process and gets hired. How do you measure their performance? How long do you measure their performance? I don't mean the company's probation period. I didn't know we had a probation period. Let's go with Griffin first Go ahead.
Speaker 4:I mean, yeah, obviously some places have a 90-day probation period, but anyways, besides that, yeah, pass the interview and get hired. How long? How do you measure their performance? So one good way is, before they even get hired, you need to be prepared for that. You need to have a. Why are you hiring this for this position? What are the goals that you have for this position? What do you expect them to do? What are the jobs, what are the tasks, projects, etc.
Speaker 4:So you need to have those kind of laid out and say, okay, first 30 days. Okay, you get used to the company and you start meeting people and you can start working on this. Then say, the next 30 days, same thing. Okay, you're going to work on these things Next 30 days. Okay, we're going to put it all together. That's a nice way to do it. Some places it's just here go to work, start, yeah, go. All right, here's 10 things we need you to do that we needed done yesterday. I've been in both situations, so it really depends on the company. But yeah, definitely what I mentioned first is more ideal of like okay, we're going to get you acclimated And we're going to get you your tools and let you get set up and figure things out, and here's what we need you to do for this role. That's the nice way to do it.
Speaker 1:I've got a different take, but we're going to go to Brad first.
Speaker 6:So it depends on the size of the organization, depends on the organization as far as how you go about this.
Speaker 6:The way asking work best and happens to be what organization now does is you'll see, companies have values, right? Well, most of the time they put them on the website and then they never talk about them. They're just there, they're just words. It's that if it's an organization that truly believes those values, you have the values. You have a bar of what they must meet, right? So, whatever those values are, the individual must meet those, right? And then you measure them on those values. right, because if your company says those are the values, the people should be meeting those values, and if they're not, then they shouldn't be at the company. And so you set the bar, you get them to meet the bar and then, if they're not meeting the bar, figure out a way to correct that. whatever, it is right, and the best way to do that is to not wait for a yearly review, right? It's horrible, right, because that means they've been messing up and you've been not trying to fix it within the year, right?
Speaker 6:So as a manager, talk to them every 90 days, have a conversation. Where are they at right, where do they need to get, where are they struggling with? So that at the year mark it should be a good conversation, because you've talked about it every 90 days And so some of that goes back to just good management. Obviously there's if an organization may have some kind of performance indicator of some kind right, depending on what you're doing, your writing reports right, how fast are you getting the reports out, things of that nature, some things that you can't measure, but I think overall it's about communication.
Speaker 1:So I have two things to this. Well, maybe more, i don't know. I'm going to rant and then we're going to do final work. So, mark, goals there you go.
Speaker 1:Yes, you said it, So I'm going to say this Once you get hired now me, i came into a team that was already established, hiring my first person. But either way, the hiring of the person doesn't matter. I measure performance based on two things. One, are you doing the job that you were hired to do? So if you're a junior, I expect you to be learning. I expect you to be a backup, a shadow. You may take lead on things here or there, but you're still a junior.
Speaker 1:You should not be the sole person client Right. There should be someone else in there in between you, because you're still learning that role. But that's because of where I lie. I lie and implement implementation team. So my team should be able to deploy things, should be able to do certain things, but you, if you're going to be client facing, you need to be able to have those intelligent discussions.
Speaker 1:If I cannot rely on you to be able to talk to the client at their level, we're going to have a problem. And by at their level, i mean you have a project manager, you have maybe SSO, you have a security director, potentially, and a security team. Talk to the lowest level. If you cannot talk to the lowest level mean you are going to have a conversation, we're going to work on your soft skills to develop that skill set, But after so long, if you can't develop that skill set, i cannot put you client facing. I can't put you in front of clients because you cannot talk to the client, because you're going to talk over their head And I know people that will talk over even my head, been doing this shit for 20 years and will still talk over my head And I'm like look, homie, break it down for me. Please Give me Marine style. I need the crayons brought out.
Speaker 4:Oh man, that's real low.
Speaker 1:I need a drawing. I do work, staying some shit that I don't even understand, like I've been in this so long that I can't keep up with everything. So if you're bringing up a new topic that I've not researched and you're talking to the most advanced level of it, please break out the crayola. Like, give me Marine style, give me Marine style, give me something so we can actually understand. But I say that, saying this I measure performance based on two things A are you asking questions? So if you don't understand something, if you don't know what you're doing, are you reaching out to your peers that work within the organization Whether that be me, whether that be somebody else on your team that happens to know what they're doing and saying, hey, how do we get this done?
Speaker 1:If you're not doing that? that means you're not communicating, and communication is key within the industry. So much that goes into it. And then, on top of that, look, just go for it. Like, put your all into it. If I know you're giving your best effort, that's what matters to me. I don't care about the company, i care about you and what you're giving to your organization, and if I think you have value, that's what matters. But anyways. Misha's internet went to crap. A lot of people. We are well over time.
Speaker 1:So I wish I would have caught them beforehand. We're going to go around the horn and we're going to go the opposite way, Griffin. give me some final words. man, What do you got for everybody trying to get into the industry?
Speaker 4:Yeah, like I said, take advantage of all the free resources out there. Take advantage of all the networking you can, whether it's online or there's plenty of online virtual stuff that's free, sans whatever. Take advantage of all that. That stuff didn't exist 10 years ago. Take advantage of it.
Speaker 1:Brad, what about you, brother?
Speaker 6:I'd echo the same thing. I'd also say we're at a point where we all know this is important, we all know cybersecurity is important And this is a particular time, i feel like in history, where we can. You can ride the wave and you can have a career change. You just got to put in the work, so just keep going.
Speaker 1:Bill, what about you?
Speaker 2:Keep going, Just keep swimming. I don't know how to say it.
Speaker 1:Congrats you're more than welcome. Just keep swimming Just keep swimming Yeah.
Speaker 2:Make the time and do it.
Speaker 4:Cheers.