Security Happy Hour

Breaking into Cybersecurity: Challenges, Opportunities, and Essential Tips for Beginners

The Cyber Warrior Episode 126

Ever wondered what it takes to break into the world of cybersecurity? Join us for a fascinating conversation with our guest, Bill Eck, as he shares his personal journey transitioning into this challenging field. We discuss the trials faced by newcomers, the competitive landscape of the market, and how to strike the perfect balance between industry hiring problems and the skills gap.

In this episode, we also unveil essential tips for cybersecurity beginners and emphasize the importance of having a strong "why" to persevere in this tough field. Learn about the unique hurdles women face in cybersecurity and how using precise terminology and tools can make finding answers a breeze. We touch on the significance of taking chances and applying for jobs, even if you don't meet all the requirements – a must-listen for anyone considering a career in cybersecurity.

Finally, we dive into the crucial role of mentors in the cybersecurity industry and share tips on finding one successfully. Discover the power of independent research and understanding the foundations of IT and operating systems before venturing into cybersecurity. Don't miss this insightful discussion with Bill Leck as we tackle the challenges and opportunities that await in the cybersecurity world.

Support the show

Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf

Speaker 1:

Oh, welcome back everybody. That's right, it is me, it is the cyber warrior, this is cyber warrior studios. And of course, i know you're all here for security happy hour And I'm I'm sure we're gonna get into. We've got an amazing conversation plan because we're gonna talk about some things Not a lot of people talk about, but that's what we do here, because guess what? It's my show and I'm gonna talk about everything going on in this world, especially with newcomers coming into cyber. So I want to thank you all for being here And I promise, if you hang with me for like 10 seconds, i'll be back here and you're gonna just love this show. And There it is. Security happy hours officially off and running and we were ready to go. Now, without further ado, let me introduce to you my guest this evening, bill leck. Bill, how you doing today.

Speaker 2:

I'm good Glad to be here.

Speaker 1:

Goal good to have you here. It's gonna be an amazing conversation. We got planned All right. We're gonna be talking some big things and those big things are What not to do. But before we get into that, i Need to get a little rundown on how you get them. got invested in cyber security because we're still trying to get you to Find your way into it. We still want you there. We're working to get you there, but you've been doing a lot of studying, a lot of other things, so give us the rundown, man, how'd you find this path for you?

Speaker 2:

well, you know, at One point in my life I guess I own my own truck repair shop and so you know, i was the mechanic, the accountant, the IT guy, um, and and so like I got closer and closer with computers and at some point, like the whole the sphere of privacy on online like just really took hold of me, you know, like very interesting, and I guess you kind of come to a Point where you realize that there really is no such thing as privacy online. But then I saw mr Robot right, which I know it's kind of cliche, but I It just kind of blew my mind that there really was like a whole Cyberworld and everything where, you know, there is a Career that a guy can make in it. The more I looked into it and You know, i guess at some point I just kind of decided that I was you know, i've been a mechanic for almost 15 years now and I I just decided that I wanted to change and slowly but surely I've been learning and studying and Eventually.

Speaker 2:

I'll get there.

Speaker 1:

Yeah, definitely, and it's gonna take. It's gonna take time, as all things right. You know, one of the things that people tend to forget and they get really upset and they get really aggravated and they get really hurt and everything else like that is That, especially for those later on in life They're trying to career transition. I think it's gonna be easy now for a lot of these people Because of the way when you've been in a career 15, 20 years, you get into it And yeah, maybe your original career was easy to get into, going back 15, 20 years, right, which seems a long time ago, but it wasn't and but but things were still easier then.

Speaker 1:

Now, especially this field, when you're transitioning in, there are so many people on the market. For anybody that says there's a skills gap, i completely, i can find ways to debunk it. I swear I can. There's not a skills gap is that there are so many competitive people on the market now doing so many things That you have to find ways to be competitive. So it makes it a lot harder to get in because When we have so many people there that are willing to take Less money for a senior role than others, they're gonna get hired. Kind of fill that junior role but have more, more experience and more everything, because they need to get their foot in the door somewhere else.

Speaker 1:

It sucks, but it happens. So I think we have a hiring problem, not necessarily a skills gap problem. We have to find a way to balance these things out, yeah, but yeah, the fact that you're still in it, you're still learning, you're still growing and you're still going with it Look, you're in the right place. My warriors, this is what we do. We help people all the time and we'll continue to do so. so you're definitely in the right place now Saying that the topic of the day is what not to do. First and foremost, what made you Come up with that topic?

Speaker 2:

I.

Speaker 1:

Know it's a new question. You've been watching for a while. I haven't asked that one yet, so we got that one out there because I'm intrigued and I want to know what made you kind of think of that one.

Speaker 2:

You know, like I messaged you because of that scholarship thing from from EC council, yep, and You know, just I was getting opinions from people because it just it seemed kind of funny, right, like Their lowest tier Certificate, certificate and class, and they still, you know, they still wanted a couple hundred bucks to do it. It just it really seemed like a kind of a scam and You know, it was like what do I do? Should I not do this? you know, and you know the other thing is like I've had a lot of people tell me, you know, don't let the training or the The sales side of the training for cyber get to you, because there's a lot of, you know, there's a lot of people trying to sell you something, and right, so yeah, I think what bothers me about that is They've already taken a hit to their reputation based on things they've done previously With blog posts, things like that.

Speaker 1:

They have taken a huge, huge hit. So I took The. I got a scholarship for the CCNA cyber ops Certification. That's going back a few years. Cisco's a big company. Their certifications are not cheap and they keep revamping them and redoing them and changing things, but they're not cheap.

Speaker 1:

Yet I got that scholarship and was able to take the test for your charge. There was, there was nothing. What. Once I took the test there, like, are you past? there you go. I didn't have to pay out of pocket for anything and so, like I told you, you know, with what you were doing and what you were going through at the time with your career transition, with trying to Stay your course and stay your path and your learning, you know I will never Say education is bad, regardless of where it comes from, and I think had EC council provided that certification attempt free of charge, it would have more weight to it in my eyes, because then they're confident in their ability to deliver and they And they don't have to worry about the money aspect. They know that they're rebuilding their reputation in their brand. But to charge for it just seemed I Can't, can't put my finger on it, but I just can't, i don't know.

Speaker 2:

Yeah, and then I saw other people posting on LinkedIn and stuff like how, how they felt the same way and I didn't. I just declined it. You know it's I've been on a path Quite some time now. I've been just working my way through, try hack me, and then there's a couple other apps out there for learning Python and stuff, and like I've had people tell me both ways with learning how to code, like That. I've had somebody tell me that it's, it's for kids, and then I've had other people tell me that it's the way to go. And The thing is, you know, i I enjoy it for one, and I've learned so much about the basics of how how things work from learning the Programming side of it, you know, and, and so I just I'm like I'm gonna stick with it. You know, i think I've been doing it for Months and months and months. Now I've lost track.

Speaker 1:

So and that's a thing. Right? so coding is not required in cybersecurity. Anybody that tells you programming and coding is required in cybersecurity, tell them to get bent. It's not. Security is too broad of a field. It's not absolutely required.

Speaker 1:

However, comma, i will say this depending on what area you went, once you get into, it can be nothing but a benefit. Actually, no matter what area you want to get into, it can be nothing but a benefit, because you can Automate a lot of your menial tasks and a lot of these smaller consulting companies and a lot of these smaller organizations, if you can automate workflow and then you go about your daily work and do the manual effort that that is required. Yes, that initial investment of Automating this and building out whether it's terraform for cloud deployments or Python scripts for you know what have you then automating it will help you out. But The manual effort is where you'll sink your teeth in and you'll be able to learn and keep growing, because now You know enough to get these automation tasks out of the way.

Speaker 1:

So, for anybody who tells you that, don't do this right? so my, my initial thought of what not to do Don't listen to people that tell you not to learn something. That's something what not to do And it's a double negative. I know it sounds really weird, but if anybody tells you not to learn something, they are not trying to help you.

Speaker 2:

Yeah.

Speaker 1:

Because in this industry, any knowledge is good knowledge, no matter where it comes from, no matter what it is. So saying that you're still learning, you're still growing. You haven't been you know kind of going through your education process for incredibly long. What have you seen that you would tell people what not to do, or what would what, in your eyes, do you think is something that it would go against what anybody else would tell, would say not to do?

Speaker 2:

I would say don't lose your focus. Don't get discouraged when you're using some of those platforms and you're not getting the answers. Instead, find a way to get the answers. Like you know, it's okay to look up the walkthroughs or find the YouTube videos. Like, a lot of the things I've learned have been because I found a YouTube video on that specific topic I was trying to learn, or that room I was trying to walk through or whatever, and it doesn't matter the platform you know And the guy's showing you his tricks to it. You know, because you may not like, like you may get all the way done with try hack me stuff. Well, they're still hack the box, they're still blue team online And you know like you're going to get to those next ones and you're going to know that stuff and you're just going to build on it. You know the time spent on it is still valuable experience Whether or not you knew the answer right off the bat.

Speaker 1:

Right, And that's the thing, right, you know there are. There are so many ways to learn. As the saying goes, there's more than one way to skin a cat and people are going to hate that saying, but let's be honest, it's common saying and it's very true. And even in my learning journey, even as I have come up, complete walkthroughs on retired boxes for hack the box have helped me out where it's been things that I would not have thought about. It is things that I've looked at and been like how did I miss that? What I will say is anybody know?

Speaker 1:

that right, and the caveat to that is do everything in your power, research everything you can. exhaust all your resources first Yeah, before you go to a walkthrough. because what's going to happen is you're going to get in such a habit of just going through to walkthroughs and being like, oh yeah, i know all this. You're not going to learn how to research, you're not going to learn how to look up, how to use a tour, how to do this at a third, so you're going to become indoctrinated basically to walkthroughs and to people giving you answers. And so for me, what not to do? don't ask someone for the answer. Ask them for guidance. Is there something that I should be looking up? Is there a toll that I haven't thought of? Is there something like that? And I think that's huge.

Speaker 1:

Too often, especially in this day and age, because of the accessibility of the internet, we want the quick answer, we want the quick win. It's that immediate gratification kicking in. I need to know it now. I need to know what the answer is right now. And that is a huge problem, because nothing in our industry, unless you have the tribal knowledge of it, do you get the answer right now. Someone's looking it up. I have started using DuckDuckGo. It's a little bit more difficult than Google. You don't get all the answers right away, but with the right terminology you can figure it out. It's just, it is what it is. You know what I mean. Like, it's just one of those things where don't look for an answer to a problem. you're going through like a CTF. Look for how to use a toll to find the answer to your problem, if that makes sense.

Speaker 2:

Yeah, no, and I'm not saying it's like my first resort, it's oh, i've done it, i get it, don't give up Like find a way to get it done and or stop and move on to something else because you might learn like the trick to that whole thing or how that works on the back end from another room, another research topic, whatever, and you can come back to it. Biolines, don't give up. Like I firmly believe I'm not employed in cyber yet, but I'm going to get there right, and I've seen so many people on LinkedIn that it seems like forever they've been trying to get a job and they finally do Like they didn't give up after how long. And then you see other people that have kind of just disappeared and it sucks because you know that they're probably valuable, like they wanted to do it. Maybe not bad enough, but That's the kicker To me.

Speaker 1:

It's all about that passion, right, it's all about that drive. And if you're why it's strong enough and I've talked about that on here, i've talked about that on Walk With Me, i've talked about that on Motivation Monday. I've put posts on it on LinkedIn, twitter, everything Your why has to be strong enough. If your why is strong enough, you will overcome anything because you're going to constantly, you're going to consistently pursue that goal. But I do have a question here, bill. I'm going to let you give your two cents. You're still trying to break in, so I don't know if you're going to have anything on this, but it's from one of my other warriors, Misha, and it's a valid question, but she might not like my answer. But I'm going to let you go first. So I have a question Is there anything you would say to women breaking into the field that you wouldn't say to men in the what not to do?

Speaker 2:

Is there anything you would say to women? So I guess I would say why in the world do you see a difference between the two? You're trying just as hard as I am, so on the other side of the computer, how are you any different than me? And I would even argue there's probably somewhere that you're, something you're good at that I'm not good at, and it has nothing to do with our genders.

Speaker 1:

It's just we're different people.

Speaker 2:

Don't ask me to do IP tables, okay.

Speaker 1:

And you're a Linux person and you hate IP tables.

Speaker 2:

Who's faulted that?

Speaker 1:

You got me dying over here, bill. So on that note, i'm a piss Misha off, actually, no, i'm not, she loves me. I will say this There is something I will tell women not to do that are breaking in the field that I don't feel I have a need to tell men to do. It's not that I don't think that there's any difference. Is that there is one difference, maybe more, but the biggest one I see Women have found it a necessity, based on experience, to have to a try to match 80 to 90% of any job description before they apply. Knock that shit off. If you like the job description, apply for it.

Speaker 1:

I'm not saying apply to every job out there. I'm saying look at the job, what is required of the job, what your duties will be, and if you feel like you can do that, apply. Don't look at the requirements, don't look at the certifications, the education, the degrees and things like that. Don't look at it. Just look at what is required for the job, but if you feel in your heart that you are capable of doing it, apply for it. Number one Second thing is fight for your damn salary. And I say this because that is the other part.

Speaker 1:

So many people talk about the wage gap. It's big content. There's a lot of contention with it right now whether or not it exists. Excuse me, i will say it does exist, not always for the reasons people think It exists, because women who are just coming into the industry, just coming into the field, or any field or any workforce for that matter, are too afraid to fight for their salary. They do not look up what the common salary is, what the average pay is for this state, for my location, because of X, y and Z, so they get paid less. So it's not that it doesn't exist, it's that women are not fighting for the same, they're not asking for the same salaries and fighting for the same salaries that men are.

Speaker 1:

Because, let's be honest, as a man I'm an asshole sometimes and if I tell you I want something and you don't give it to me, i'm going to go somewhere else. I'm not going to fight and argue with you back and forth. I am literally going to tell you what I want. you're either going to give it to me or I'm going to walk women because they're still trying to break in and find their footing. we'll be like, oh well, okay, i'll take it. Now there's more biologically and genetically that I could get into. that's a whole different conversation, but that is the.

Speaker 1:

the crux of the matter is they're not fighting for what they're worth, and I think that's a lot of people, that's, any anybody across the board that takes the first offer given to them without if you don't know the person hiring you. nine times out of ten I know the person hiring me. this is the importance of networking. I've already got a job before I got a job, i literally know my salary before I walk in the door. so when I got to go through the process and I'm like, oh yeah, okay, i'll take this, i know what I'm getting, i've already worked it out beforehand. so if you're not in that situation and they're not offering you a salary range, then just come in high, see what they give you and then take them up up a few thousand dollars, maybe ten, maybe twenty, depending on what the average market value is. take them to market value. if they're undercutting you, fuck them go somewhere else go somewhere else.

Speaker 1:

Yeah, that's my take, and I love the fact that Misha agreed with me. Damn it, i was hoping we would argue I love Misha, she's one of my baking sisters, i love her. But I'll say that I think that depends on the generation as well, with meeting expectations. This is true. Gen Z is coming along a lot further and understanding more, and I will even say the younger millennials not the zennials or like I don't know where I fall in in that crowd, but either way, we're kind of like, especially as men screw you, pay me. The women are kind of like I'll take what you give me and your Gen Z and stuff. And then especially the new ones coming up that aren't Gen Z.

Speaker 1:

Whatever the new generation is, yeah, they're. They're gonna run ham on everybody around the office and just tell you what to do, just saying my son's already know a lot more than I do at times. Oh, damn it, sacred goddess, why do you got to do this to me? we're also viewed as getting in based on looks rather than smarts and a whole lot of the things I can't say in polite company. Know your worth, know your biggest asset is between your ears.

Speaker 1:

Yes, that is still a fighting battle for certain men, and I say certain men because they're the ones that are saying this nonsense that she is telling him, telling everybody you know I fell under that trap I did, i will hands down, admit it until I got older and wiser and learned and became more understanding and actually talked to and had intellectual conversations with people of all ages, races, genders and you name it. Yes, i fell into that company, i will not deny.

Speaker 2:

I was now. I think that they're. You know there's always bad apples, right like you, you might go to one company where you've got somebody in charge and you know, i've. I've been in management a few times in my life now and I have a lot of theories on it. But there are a lot of people that get put in management because they they were there like they were available or they knew somebody, but they aren't leadership right and and and the companies that have leaders in place won't.

Speaker 1:

We'll see the value of a person based on you know what they're bringing to the table, not their looks right but you still see the flip side to it you know, you still see the flip side to it, and this is and this is the problem, because that flip side still exists and it is not at the fault of the women. No, that problem is definitely at the fault of the men. Yeah, that have caused that to happen. So that is why we still have this issue and that is why men who want to, that is why there are men out there that challenge women and it sucks. It shouldn't happen, it really really shouldn't happen, but it does. I will say, some of the best and brightest that I have had on this show and I talked to online are women. Hands down, it doesn't matter. So I work with one of our. One of the females that I work with is finding stuff and bringing them to us. As far as an offensive security team bring into them stuff like every night, always finding random ass shit, and so some of the best and brightest I know have been women and so, hands down, it is you. It's one of those things. This, this is where I'll stand by and I'll kind of like try to veer off this topic at this point.

Speaker 1:

When you apply for a company, when you interview with a company, when you talk to a company. When you get into a company, should you choose to work there and think that the culture is right for you. If you find that it is not a fit, you can blame the company, put them on blast or whatever you want. Let's be honest sometimes it works, sometimes it doesn't. You kind of take what you can get, but the thing you can do that will work is if you have that brain power, if you know what you say. You know go somewhere else and make them wish you wouldn't have left. Yeah, that I will say. The best way to hurt a company is leave. Leave.

Speaker 2:

Find a company that will appreciate you for you but yeah, whether or not you're told that you're valued or feel that you're valued like you, you bring some value. If you are still employed there, you have value, and you may not realize how much it is. They may not realize how much it is, but when you leave they will know. And you, you may not know, but you'll know yeah, and that's the biggest thing and that's everything.

Speaker 1:

That's, that's. That's, that's race, gender, religion, whatever. If you feel like you're not being valued, for whatever reason, bounce. You can say your piece and try to get it addressed first. If you enjoy what you're doing and you and you like your pay and everything else, i completely understand. But if that, if that culture isn't gonna change and let's be honest, it is very, very difficult unless you were at the tippy, tippy, tippy top to change a culture then bounce and make them regret that they lost you, because eventually, when you have a company that has all the same mindset surrounding it, it will not succeed. It will go wonder. It may take a few years, don't get me wrong, it's not gonna be immediate. But if you are not valued and they do not value bringing people in of all walks of life, then that's their loss, that is truly their loss yeah oh, alright, so we've got.

Speaker 1:

Oh man, all my warriors are family, but we've got Amanda here and I'm gonna start calling Amanda, another one of my warriors. I've been talking to her and discord in on tick talk. Good people love her. Good to have you here, amanda, nice to see you checking in. Funny enough, our friend Bill here is also blue collar working, but she looks forward to find something where I'm not judged constantly. I will be point blank honest with you here, and it's only because I've been talking this song. I'm gonna let Bill take over after this.

Speaker 1:

This here on my channel in my network with people that know me, anyone I call a warrior. This is a judgment-free zone. It does not matter. And if you have a problem with someone stepping up to you and judging you for what you look like, what you do, what you've done in your life or anything else like that, when you're just trying to make a living break in and be the best you can be, send them my way. Or to any one of my warriors to include one of what talk Tarver, that's in there and I probably butchered her name and she's gonna kill me Andrea Myler, jason Roe Haas, james shit, he's gonna kill me too, because I can't remember his last name right now. I don't know. I got a ton of them on LinkedIn, twitter and everywhere else. Send them to any one of us and that will stop. Bill, you got anything for this one? because I love having her here. I just started talking to her recently and the fact that she's here another warrior to add to the family. People, let's go.

Speaker 2:

I mean, do do whatever you can to make things that you're judged on, like your actions, your, what you bring to the table at work and all the rest of it. It won't matter. I, you know, like if you're damn good at what you do, people will remember you for that, not what you look like, because that changes. I mean, we grow older daily, right by the minute, so it's immaterial, like the things. The things that you should seek to be judged on are the things that you do, your actions, what you know, the things that are actually valuable, the things that actually put food on the table, you know yeah, so it's.

Speaker 1:

It's one of those things that we we, yeah, take it and make it hurt. Make, make them hurt if they judge you for anything quite as simple like own your weaknesses, own your strengths and welcome people being diverse and and having a difference of opinion and being different than you. I think that is where we have gone wrong, and so when we talk about things not to do, i'm gonna tell you what not to do. Do not I repeat, do not try to be the same as somebody else. If somebody is stronger than you in something, do not try to live up to them, because that this is what's gonna happen. You're gonna take your strengths, they're gonna become your weaknesses now and so now you're on the same level, so now you have the same strengths and the same weaknesses. Hello, how you gonna get any better, how you gonna function as a team.

Speaker 1:

That that, literally in society today, makes no sense to me. Why are we trying to be equal and be like, oh, they can do this, so I can do this. Okay, so if you can do that and you're doing that consistently, what's gonna happen to let stuff you used to be able to do, especially in this industry, if you don't use it, you lose it. Plain and simple. Am I wrong?

Speaker 2:

No Spot on.

Speaker 1:

Right, that is the biggest thing. If you don't use it, you lose it. In this industry and in so many other industries, we strive so hard to be like somebody else. Why Be you? Love your strengths. Teach someone your strengths while they're teaching them yours, or while they're teaching you theirs Yeah, that's how I said it right, and you both become stronger. But don't ever stop doing what you're good at. Don't ever stop doing what gives you that competitive edge. You can learn more, but don't ever give up what you already know. There's another thing what not to do. Don't give up what you already know. Yeah, don't ever stop learning. Keep growing, but don't give up on it. Man, chat is on fire tonight, so real quick. And then, bill, i want you to take over and say some stuff, just because I don't really. Oh wait, we got another question here, so cool, i'm going to bring that in in a second. Let me tag this. It's the same thing.

Speaker 2:

You get talking and I'm used to listening.

Speaker 1:

I got yelled at in one of my comments for talking too much.

Speaker 1:

I was like all right, i'll try to tone it down, but I do want to say and give a shout out to all my warriors in chat this evening. We've got Jason Rojas. Misha Kari Wanawa I'm just going to call her, sacred goddess. Amanda is here. Steven Myler actually that's Andrea. Her phone died so she's on her husband's phone. Let's see Who else. We got a few others Jack I don't know what Jack this is, but hey, he's here. Adrienne Harris she's here. My boy's Sergeant AR. So Infinite Improbability AI. Oh yeah, william Bailey's in the house, so he's here. Caleb Kerkish thanks for dropping in. Good to have you here. One of these days I'm going to be able to I don't know be able to use YouTube freaking monetization and get super chats. Then I won't even have to worry about it. People will just pay to have their comments show up. James Giles I don't know how to pronounce your last name, homie, but he's in the house. So yeah, seriously, i'm just scrolling through chat and finding people that are here.

Speaker 1:

This thing is crazy right now.

Speaker 2:

How many people are in there?

Speaker 1:

What? Oh my God? He's just going to say look, i want to call her Moana, and she said she would kill me. Misha, i asked. So I was on the show. I asked if I could call her Moana and she said no, i will kill you.

Speaker 2:

I totally thought that's what it was when I first read it. Okay. And like like your, your brain just goes there. It's not on purpose.

Speaker 1:

Dude, i did when she so. She was on the show a few weeks back and I legitimately wanted to call her Moana and she goes. No, i was like dang it, all right, i'm just going to get it right at some point. I'm going to call her Moana, if I said that right. Probably not. Either way, she's going to be back on May. In May I got to send her to the link. She's coming back, she's going to be back on the show and then she can yell at me when I butcher her name. Then, well, no, not a Disney princess, please. All right, hold on, don't yell about Disney princesses, because, oh, who was the dang it? I can't think of it now. The red headed Scottish one? or Irish Scottish?

Speaker 2:

I should know that I have two little girls. I should know this.

Speaker 1:

I should know this, because I just said it's on a no, that's frozen. Um, as we're talking.

Speaker 2:

You're the curly one, right.

Speaker 1:

Curly red hair shoots a bow and arrow. Um, she's the daughter of the village chief. No, she marita, marita, yeah, yeah, and hey, look, that is brave, that is marita, and she is considered a Disney princess, even though she is the daughter of the village chief. So just going to say that she's my favorite as of right now. She is definitely my favorite. Look at the chat for the answer. You're weird.

Speaker 1:

I did call me Misha, dammit, don't do that to me, oh man, but yeah. So you know, when I look at these things and I look at our family and I do, i say it's our family. everybody who follows, subscribes everything. And if you're not at cyberwarriorsstudioscom, if you're not on, Buy Me a Coffee or Buy March and Dice, that's okay, i still love you because you're in the chat and you're sharing the videos. You're here every week, so that's what's important. Um, i was talking about Moana with the village chief, part. Um, i, oh wait, i got two star things. Uh, what was the other question? So we did this one. Oh, here we go. Misha does ask this a lot, do you, or do you not tell people seek out mentors in this field? I ask this as a generalized question, as I know someone like me thrives with a teacher, but some do not Bill. What would you say?

Speaker 2:

You know, this is kind of a tricky one for me, because I've had people tell me to reach out to somebody and find a mentor. But, like for me it's, i have a hard time not self answering the questions that I have, you know. So I guess, uh, if someone volunteers, however that works, um, you know, whatever I'm, i'm for it, but, uh, but I, and it might just be how I am, but I've always, you know, if I have a question about something, i go find the answer, you know. And so, um, if, if and I would think that anybody that is going to mentor somebody also expects the, the mentee, to be able to seek their answers. You know, i, like I said, i've been mechanical in a long time and so I, you know the new guys that come into the shop.

Speaker 2:

I spent a lot of time with them just because of my knowledge base and everything, and, um, the guys that succeed are the ones that can find answers to their questions, and you know they, they go, they go get what they need right. The guys that don't are, uh, it's because they want it done for them and they don't really try or put the effort in, And so for me, i, i would say, um, do all the work you can, and a mentor will come when, when the time is there, when you meet that person, right, i don't think you should go out seeking, uh, unless you know you're really stuck on something like start asking questions, but that in itself is seeking the answer right. Ask some people that you know are involved in that and then maybe from that you'll develop that mentor relationship.

Speaker 1:

So I look at this in a few ways and I do have a clarification of the question um that she that she put up. She did send something, um, but I want to answer this as it stands before I put the clarification up. Do you or do you not tell people seek out mentors in this field? I always tell people to seek out a mentor, with that the caveat being you must do your research first, because anytime someone has ever come to me and asked me how can I break into cybersecurity? I want to be in cybersecurity, how do I get there? how do I do this? at the third, i always ask what part? what do you want to do? what intrigue? I always have questions and if you cannot answer them, go find the answer. I will give you resources to find the answer, but you need to find the answer. I can't mentor you until you know what you want to do. Cybersecurity is so broad, it is so vast that I can't give you an answer. I cannot. Do you want to be TRC? do you want to be a pen tester? do you want to reverse engineer malware? do you want to get an exploit development? do you want to be in a sock? do you want to be a sim engineer? do you want to be? you know all these different things, and it goes on. You want to be in threat intel, threat analysts, like what do you want to do? and so that is where the issue lies.

Speaker 1:

So, yes, as someone that people have come to on many of occasions of how do I get to this, i always say do your research first, let me know what part, then I can help you and guide you. Then it gives me a little bit more background. And the other question with that is what is your current background? you have any IT experience at all? because if not, i'm gonna tell you to go get, go research IT and learn IT first. Learn the foundations of technology and of operating systems before you try to get into cybersecurity, because I want, i want you to have those foundations. I don't need you to work the job, i don't need you to work help desk her in it be great, but I don't need you to.

Speaker 1:

You can get into this field without that experience, but if you do not understand operating systems, if you do not understand networking, if you do not understand system administration and active directory in some way shape or form, it's gonna be a detriment to your education going forward. That's the biggest thing. So I always refer people to like KevTech IT support, because that man puts out videos upon videos about building labs, building active directory, doing all these different things that will help you gain that initial knowledge to then take into cybersecurity. You don't have to work in the field of IT, you just have to have the knowledge of somebody that has, and not even all of it, just enough to understand the basics. So for me that's the biggest thing and I want you have that. We could talk. But I do have a clarifying question from Misha, because you know she's full of questions tonight I love her more of. Do you think mentors lead some on the right way or just into the path they're already on?

Speaker 2:

I think it depends on the mentor. And is the the mentor eligible or knowledgeable enough to be a mentor? and and give you the the nudge that you need not so much tell you what path to take. I get you know. Does that make sense?

Speaker 1:

some of your mentors, some of the people you reach out to that are proclaimed experts. I I hate that term, but people reach out to them and then what happens is one of two things they will allow you to continue down your path and just guide you, whatever. They won't ever ask clarifying questions, they won't really try to figure out what your passion is, what your drive is or anything else like that. There's gonna allow you to keep going and they're gonna tell you how to pass the certification, how to pass the test, how to pass the interview, without ever understanding what you're truly trying to do. And Misha knows this about me and so many others know this about me I don't care what you're trying to do. I want to know what you're passionate about. I want to know where you're gonna find value, because if you're not passionate about it, especially in this industry, then it's gonna be very, very hard to continue to succeed. You may get that initial job, but eventually you're not gonna be willing to continue the research, which is gonna make it very hard. So me, i look at mentors with one of two ways either they're not gonna help and they're going only gonna help people that already know what the hell they're doing and they're just trying to get advice on one project or another. So it's three ways. They're gonna help, but not in the way you would like. They're just gonna allow you to continue down your path and kind of go that way, or they'll be like myself.

Speaker 1:

Jj Davies, so many others out there Phillip Wiley, carolina Teresa, alyssa Miller I can there's a slew of people connect with me I'll hook you up with them, jacks that there's too many, i can't even name them all that will actually look at what you want to learn, what you want to know, and guide you the right way. A lot of people have been reaching out to Moana while recently and she is extremely happy about that and ecstatic ever since she went on the show, people have been reaching out to her, but that's because we're gonna get her big and popular. She can get hired in a better job. She needs a better job.

Speaker 1:

But you know, it's all about finding out what people really want to do and where their passion lies. That is what a true mentor does, and for me, i'm all about passion. I'm all about finding what you love. That's where the importance is, because if you don't love it, it's gonna be so much harder to learn it. Adriana, you're right, she is dope. Let's see so much stuff. Oh, my goodness, chad is on fire. I love you all, all my words.

Speaker 2:

I love you all.

Speaker 1:

So let me take that one off. Ooh, bill, i know you're not necessarily in the real world yet of cyber security, but I will let you answer your current feeling on this. How true do you feel CTF would compare to the real world?

Speaker 2:

real world, i hate you know what, any time that you have a sample of something like a CTF is a sample of a company, of a box.

Speaker 2:

The emotions, the, the pressure, all that stuff is different than the real world. You know, it's good practice, but when, when you're actually doing things in the real world, i mean, you know, i guess I try to apply to some degree what I've learned to the things that I do on a daily basis in my current job and I can't tell you how many times that I'm like stumped, or, you know, like, like I said, i've been learning Python and then you know you do these things. That on on, the different tutorials and pages of some of them are really good, but then you've got to go out and find an actual challenge to do and and it's different when you do it, when you actually have to code something, or when you go from doing a CTF to being on the job like it's, it's gonna be different. It's practice. You get the concepts, but I'm nothing beats real-world experience, right so I'm gonna say it like this CTFs are fantastic.

Speaker 1:

Ctfs teach you what to find, not necessarily how to find it.

Speaker 1:

And the reason I say that is this when you go to a CTF, you're given a question or you see an initial problem and your scope is very limited, limited to one machine, and through scans and this at the other, you can kind of get a gist of what to do. You know what you're looking for. In the real world. You don't have that. In the real world you're looking at things and you have a vast scope. You have a vast things to look at. You have a variety of software programs and you don't know where to start, whether to search for this or search for that or search for this. However, here's the difference between the two Depending on the CTF, you have time. You can always find a way to spread that out and do the research and figure it out In a real-world pen test, red team exercise, just about anything. You have a week to find what you can and a week or two to write the report. Generally Sometimes they go longer, but generally It's a week and then a week or two to write the report, whereas with a CTF especially something that is not like a sans net wars or something where you're at a conference and you have 20, you know however many hours you have. As long as you want. If you're doing hack the box, try hack me, whatever. Actually, angie just said it and I'm gonna put this up here. This is what I will say.

Speaker 1:

Ctfs give you the ability to learn the tools that you will use in the pen test, and not always, nor necessarily in a red team engagement. They come in handy during pen testing Your meta-sploits, your sequel maps, your end maps, your let's just send every noisy freaking tool we have at the box to see what we find. That is where CTFs come in handy. That truly is. It is the best way to practice your skills on any tool is go into hack the box. Go in to try hack me. Go into your conferences and join their CTF challenges. Do sans holiday hack challenge at the end of the year. All these different ways you can practice tools, learn different things, do reverse engineering so many different things you can learn. Ctfs are great for that. Real world will always take precedence. So, because now you have noise more noise than you will ever have on a CTF, yeah, and you have to be able to sift through it all. So nothing really beats the real world example. Let's see. So we got a few questions.

Speaker 2:

Yeah, they're coming in.

Speaker 1:

I know right, so follow question read CTFing. Would you say the same thing about building home labs using VMs? No, all right, i'm gonna put that out there. I said no, but, bill, you can go ahead.

Speaker 2:

The nice thing about a home lab VMs is you get the experience putting that together, troubleshooting that, whereas you know, like the online stuff, that's kind of already done for you. you know, sometimes you run into an issue that has nothing to do with the actual CTF and you might get to troubleshoot that, or it might be something on hack the box try hack me, whatever their end of things. But when you're building a home lab and you know setting up VMs to attack and stuff you're there's a lot of, a lot more learning that goes on there for the basics that you need. you know Troubleshooting is a skill that, like that's irreplaceable. I don't care where you are, what industry you're in. So, yeah, i would say there's a lot more value in the home labs, at least as far as I've found.

Speaker 1:

So I will say this If you have the capability and the capacity and the hardware to set up a home lab, those basics come in handy because you're gonna learn how to network. You're gonna learn how to do different things to get your virtual machines to talk, to get everything to work together. Now there are scripts out there that will do it automatically for you through Virtual Walks. There's things called like detection lab and a few others that'll do it and set it all up for you and build the subnets and all that other fun stuff. Yeah, that's great. If you just want to set it up and go for it, however, again, then you lack the experience of setting it up yourself, creating the accounts, generating traffic and doing all this on your own. If you were going for, like a blue team type exercise, anything, anything you can get that will generate fake traffic is perfect, because you want to see those events, you want to see those logs, you want to see all that information. But if you're kind of doing purple team or red team, you need to set it up yourself because you need to see what's there. I will say do not use something like a Metasploitable 2 unless you're a beginner. If you're a beginner, it's great because you're going to have a lot of noise, you're going to have a lot of things that you can like, take advantage of and a lot of different avenues to attack same as Juicebox and all these other things that give you testing environments. If you are more, if you're, if you're past that beginner phase of attacking something, set up your own VMs, install software, open up random ports, see what you can do, install things that like SSH servers, intelnet servers and FTP servers and just see if it's exploitable. Just see if you can find something.

Speaker 1:

Because if you set up multiple points of software and if you install something with an unquoted service path, if you put in a weak password, if you set up a web server, start doing all these different things at a basic level. I'm not telling you, do it and like build a whole company out of it, literally one by one, basic level stuff of all. Right, i'm gonna take this software that is about a year old, don't do any research on it yet, don't look for the exploits. Again, we're talking about what not to do. Don't look for anything yet. Literally, find software that is six months to a year old and install it on your servers in your endpoints.

Speaker 1:

Then take web servers, install that, create accounts, put stuff in the description like passwords. I've seen passwords in the description of Active Directory, legitimate passwords of oh, initial password is getBent123. And so those are there and it'll say needs changed. Do these things and then take that and use it to your advantage. You learn how to connect through LDAP and download all the descriptions, like all the users, and you're like oh, this username has this description. Let me log in and do this. All of a sudden, now you're logged in through Evil WinRM, because somebody left WinRM open on this server or on this computer. And now I can do all this through a user account, a valid account. And now with that, now you're learning to attack your, generating logs on your own, install security on you, tie it to your network and now you're gonna see blue team traffic. Now you're gonna see events, alerts and everything else.

Speaker 1:

All this is free. It doesn't cost you a dime, because you can download just about any instance of server and use it for free for 30 days. You can download Ubuntu server. Use it for free forever. You can download CentOS or Red Hat Linux. Use it for free for a while. So many different server platforms out there. Give you a trial.

Speaker 2:

Yeah, i've got it. I've got an old Windows computer that I will go find whatever malware I can find and run it on it and the poor thing, it's tired of it.

Speaker 1:

So this is what we're gonna do. Let me whoa, i got rid of something. I did something here. What did I do? All right, there we go. I am gonna let you give, i'm gonna let you talk for as long as you want and I'm gonna let you give final words what not to do, what you've learned in your journey so far, give any advice you can, and we're gonna run with it because, let's be completely honest, this show is all about you. This is your journey, your path, what you have found not to do in your journey, and I feel like I've been talking too much. So I'm gonna let you talk a little bit and you know I'll join you here back whenever we're about to sign off.

Speaker 2:

Yeah, you know, there was a point where I, we were moving, but I kind of I stopped with cyber for a little while, several months, and you know I regret it, like that was so much time that I could have, could have been learning and doing things, and for me it's like it's don't give up, find a way to make it work, even even if, like, you're just reading a book for a little while. I mean, there's so much free stuff out there. It's, you know, it's. It's definitely one of the only industries that that I've seen, where just about every piece of technology, every skill that you need, you can find a way to learn it for free and and like I was telling Derek before the stream, you know a lot of other industries. There isn't a supportive LinkedIn community. There isn't Cyber Warrior Studios and the family here, and so you know, don't give up, keep going.

Speaker 1:

Man, i thought you'd have more than that, but we'll go. No, it's all good, man, because you are. you're still breaking into the field and that's very important. right, when you're looking at this industry, when you're looking at the networks in the communities you connect to, so many people I have seen isolate themselves and kind of be like, oh, i can only be part of this subset of the community or this subset or this subset or what have you, when the reality of it is, yeah, and unless you're finding an elitist prick which don't get me wrong, they're out there.

Speaker 1:

I talk about them all the time that is throwing you. oh, you don't belong because you don't. you don't have this certification, or you don't know programming, or you don't know this, that. and the third Fuck them, get rid of them. You don't need to deal with those people Here. It's all about the effort you put in and that is very valid, and Andy even says it here.

Speaker 1:

don't be so hard on yourself. for one number one, take care of yourself first. I yell at my team now that if they take a PTO day, or if they're taking PTO at all, i don't wanna see them log in to work at all. You're gone. I don't wanna see you. I don't wanna hear from you. you're on PTO, so unless it's an emergency, telling me you gotta take another few days because you're at the ER or whatever's going on, i don't wanna hear from you. Be with your family, be with yourself. whatever you have deuces, you're out, you come first mentally, physically and everything else. So with that, i always look at things in such a way that we have to really come together as a community And you can bring communities together, and for that you need voices of reason, you need people that can break it down and be like look, we all belong here. I've got my warriors And I allow my warriors to do the talking for me on a lot of occasions because, guess what, we all belong here.

Speaker 1:

So what not to do? don't ever discount yourself based on any physical attribute, because what truly matters and if you are following me on YouTube and TikTok and everything else, you would have seen this video What matters is what's inside your heart, your passion, your drive, your soul, everything That's what matters. Nothing in society, nothing in cybersecurity, nothing, ever, ever matters except for what is inside here. That is what is vital If we are going to sit here and look at the exterior features and be like, oh, because I look like this or act like this, or da-da-da-da-da, and count ourselves out. Look first me and you are gonna have a talk, and then I'm gonna send you to some other people that are gonna have a talk with you and eventually you're gonna get around to fuck it. I belong here, this is me, this is who I am and I'm proud of it. That's all you need to do.

Speaker 1:

But when you start discounting yourself based on the physical homie, a year from now my beard may not look this good. I may have a hell of a lot more gray in it. My hair may start turning gray. I don't know. the physical will fade, but inside, here, never will never. The passion is there, the drive is there, the love of my warriors is there and this family is consistently growing. plain and simple. Oh, bill, hang around backstage. I'm gonna sign this off real quick.

Speaker 1:

All right, any more final words. Anything else you wanna say?

Speaker 2:

Uh, thank you for having me on. I was definitely a little stressed about being on YouTube like live in front of the whole world, but it's actually been really nice, so, so I'm here, for him here, to make it fun. Yeah, yep.

Speaker 1:

So here's the thing. This is Cyber Warrior Studios. I am the cyber warrior. This is security happy hour, and before I sign off for the night, i do wanna say this I have been running banners down below all evening CyberWarriorsStudioscom, all the ways you can follow me on social media and all the ways you can support the channel. It is also in the description down below of YouTube, linkedin also. Actually, if you're watching this from LinkedIn, go ahead and check it out. You're watching this from Facebook? go ahead and check it out. Bill's LinkedIn page is down below in the description.

Speaker 1:

Please make sure you connect with Bill, get ahold of him, because we all need to come together as one. We all need to guide each other. The more we can see, the more information we can put out there, the better off we are. If you are not connecting with everybody, if you are not connecting with the people in chat, if you're not connecting with me or Bill or Andrea or Adrian or Misha or Jason or anybody else, or James, any of my warriors, you're seriously missing out, because this is what community is all about. I will bring on every newcomer that is just trying to break in, because it is your voice that is more important to mine because, guess what, i've already been in the field for many, many of the years. I don't need to be doing this. I do this for you. Otherwise, look, i love you all. This has been Security, happy Hour, cyber Warrior Studios, and I hope you all have a fantastic Friday's day and a fantastic evening, and I will see you all next time. {\an2.