Security Happy Hour

From Medical Coder to Cybersecurity Enthusiast: Adrienne's Inspiring Journey into the World of Tech

The Cyber Warrior Episode 130

Have you ever wondered how a medical coder could switch careers and become a Cyber Security enthusiast? Well, you're in for a treat as we sit down with Adrienne, an inspiring warrior in the Cyber Security realm. Adrienne's journey is as fascinating as it is inspiring, from tinkering with tech, enduring a failed software development bootcamp, to finally discovering her passion in Cyber Security. She shares her experiences and emphasizes the importance of having a supportive "tribe" to combat the challenges in Cyber Security.

The tech arena might seem complex and intimidating, but in our candid chat with Adrienne, we break it down for you. We explore the significance of translating complex technical information into an understandable language, the role of continuous testing, and the allure of bug bounty programs. We also touch on the exciting evolution of technology, with a nostalgic nod to the rise of home computers in the 90s, and the unique experience millennials had growing up with and without tech. Adrienne also shares a hilarious anecdote about wisdom teeth extraction, giving our conversation a light-hearted touch.

As we navigate the vast world of Cyber Security, we underscore the importance of comprehending both blue and red team methodologies, emphasizing how working at odd hours can sometimes lead to more efficient results. Adrian opens up about her experiences with night shifts and chronic illness, offering an insightful perspective on the intersection between personal habits and professional productivity. Lastly, we emphasize the critical role of networking and building relationships in the world of Cyber Security. So, buckle up for a deep dive into the world of Cyber Security with our warrior guest, Adrienne, and don't forget to change those passwords!

Support the show

Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf

Speaker 1:

Welcome everybody. it is me, it is the Cyber Warrior, and I know all of my amazing warriors here today are in for an amazing show. I hope you have had an amazing week. It is the end of another week, it is Freya's day and I am here to party and have a grand time, because that's what we do here, We always have a good time, but I do have an amazing show planned.

Speaker 1:

I have another amazing newcomer to Cyber Security on the show And I promise if you stick around for all of like 10 seconds, you're gonna meet her here in a minute. So hold your horses. There it is in the official sound of security happy hour starting, and I am here with you. Know, i never got the correct pronunciation of your name before the show and I've probably sure done that, so I'm gonna take a shot in the dark here and say Adrian, am I right or wrong?

Speaker 2:

You are right, my friend.

Speaker 1:

Yes, So it is good to have you here. Adrian, cheers skulls, everybody in the audience. I love you all. Thank you for joining us this evening. We got an amazing show planned Now. Saying that, adrian, i know your current role, but please give us a rundown on who you are, what you're about and why. Cyber Security.

Speaker 2:

Well, i'm a Looney Tune and Cyber Security is fun. I hear Tweety. I hear Tweety in the background. Well, okay, i was actually gonna ask. I forgot to ask about that. Yes, i am the whole rundown.

Speaker 1:

You can make a brief. Whatever you wanna tell us.

Speaker 2:

Coach and teacher 20 years. Medical code are four years currently fighting against insurance companies that I just started that job today. Cyber Security as soon as possible.

Speaker 1:

So what got you interested in Cyber Security besides being a Looney Tune? What about it?

Speaker 2:

I was a closet nerd and didn't know it. Oh, i like it. I didn't know, i had no idea. How did you not know?

Speaker 1:

I don't pay attention, i was busy, you're like the rest of the people that find it late in life. You're just kinda like holy shit. I really do like tinkering and breaking things. I do.

Speaker 2:

Well, i used to like to break shit when I was a kid. I took apart phones and I took apart just put it in front of me, screw it ever and I would take it apart Forgot to have work And then fast forward to getting my medical coding education. We had to take a course on computer. I don't remember the name, but I was like oh yeah this computer And looking for a better paying job.

Speaker 2:

And oh, the computer's all so fun And hey, maybe I should. Hey is that a thing. And research, because I don't sleep very much and I research online a lot. So guess what I found? I know I had IT jobs. So I got my first healthcare job and was looking at IT jobs for the same company. It was a university hospital in Portland, in Portland Oregon, and started applying for the IT job. just to see what happened. The director of the department hey, let's talk, let's go have coffee, Really sweet. So he's like I like your resume. You have zero IT skills, but I really like your resume. And now that I've met you, I really like you. I was like, oh, thanks, And the coffee's good. And he gave me some tips and I used those to research and figure out things more and decided, maybe on software development, joined a bootcamp. It went spectacularly wrong, Poor thing.

Speaker 1:

I like how you said. It went spectacularly wrong.

Speaker 2:

Just awful, legally so to the point where lawsuits were filed and it was just bad. I can't talk about that. So after that it was like well, what else? Cause now it's software development, so what else? And then the joke on our study group for that bootcamp we made a study group. The joke was I like hacking. In any time anyone mentioned the word hacking I was like what? Let's hack, let's break it in shit, let's do it, let's break it in shit.

Speaker 2:

So we came to the joke and it's like Adrian, cybersecurity girl, and I was like that's the thing, yes, you can hack for work, what? So? that's how I figured it out.

Speaker 1:

That's awesome because I got my friend Amanda here. So what I'm hearing? No brain closet nerd quirky personalities and late night research are symptoms of budding cybersecurity seeds.

Speaker 2:

Yes, and I have a lot of hoodies, so I'm all set.

Speaker 1:

Yeah, even better, yes, yay.

Speaker 2:

Oh, i have a thing for you. Uh-oh With her name, uh-oh Cause I know it trips you up. You wanna try.

Speaker 1:

Wanna what.

Speaker 2:

Okay, so say one hour.

Speaker 1:

One hour.

Speaker 2:

Okay, now pretend you're in New York and you kind of throw a little New York on it. Say one hour.

Speaker 1:

One hour Now put an M in front and tweak the A's and say one hour, one hour.

Speaker 2:

Darling, let me know in the chat if I got that right. You're always like no, I don't wanna say her name. God is terrible, I don't have any. It's like one hour.

Speaker 1:

Not today. She knows I love her. That's my other warriors. She knows what I want to do. I know.

Speaker 2:

She's actually what turned me on to you. I saw her interview and I was like yay, yay, oh, maybe my tribe.

Speaker 1:

Oh look, this is trying to show everybody. You know that. Come on now. Yes, we are all warriors here, we're all fighters, and we are all here to do big things. So I gotta ask, though, because your whole premise behind this show and everything you wanted to talk to was about coaching. Now, i've been a coach once in my life, no twice, and I don't do well at coaching because I yell at my kids all the time, but I threw balls at their face, so yeah, I actually I would swear at my kids and then I'd have other parents come up to me and go can you please talk to my kids like that?

Speaker 1:

And I'm like, no, they're not mine. No, it's not gonna happen. I don't need some parent all of a sudden getting upset because I said the wrong thing to your kid. Nope, these are mine. I could do what I want.

Speaker 2:

Do what I want. This one is mine. This one is mine.

Speaker 1:

So what about coaching? And I think coaching brings a lot to the industry that other people don't realize. Also because, hey, you're dealing with kids and children which, let's be honest, there are certain people we deal with on a daily basis that act like kids and children. So you know what about coaching? that you know sparks your interest, that you wanted to talk about on here.

Speaker 2:

Well, it's more. What transfers from coaching into cyber, into IT, into a lot of different places Could you cause? like you said you're, it's with kids And the biggest thing with kids, because they haven't been on the earth as long as we have as the older adult adult. Yeah, that's the objective We are. Number one job is to teach, correct And to train. And if you are worth your salt, worth your body weight, anyway, if you're worth the title coach, you focus on what our friend KevTech preaches all the damn time Foundation, focus on the fundamentals, build your foundation, a plus foundation fundamentals. That's what you do. And I saw a LinkedIn post a couple of days ago and I think it's from the unpopular opinion guy I can't think of his name.

Speaker 1:

Josh Copeland.

Speaker 2:

That's what I said And he was saying about. he was saying about you know, all these new sparkly tools And for some of us it's like oh squirrel, oh toy, ooh shiny. It's like, and that's fine, it's also me. But the thing is is, if he was, his focus was if you've got your fundamentals, if you have that foundation, if you know what you're doing and you do have tools that currently work, you know, find the new one, try it out. If it works, great. But the bottom line is you never leave your foundation and your fundamentals for said new shiny tool, toy, whatever. So that's the whole thing with coaching is teaching. but I've heard you talk in other interviews because I've been watching the recordings and everything. They've been interesting, lots of good information, connected with a lot of great people. So all of you who've connected, thank you very much.

Speaker 2:

And the thing with the teaching is When I hear some of you talk about you know I have to write a report, But you have to break it down. No, and it's fine, you have to break it down So the CEO can understand because broke too much tech get out, yep, and they're not having it. But when you teach, when you coach, you can't, you have to break it down to what they know and you have to. the thing is is like I was also a teacher teacher, so I taught more health, but The thing is is still is you have kids who Just no clue, kids who are kind of a middle of the road, and kids who are like I'm done, can I go now?

Speaker 2:

So you've got to meet everyone where they are and the thing with being a good coach is okay. You guys are a little bit slow group. You guys are right about on par with this course and you guys are so far ahead You're almost at my level. Yeah, so I'm gonna pair y'all with the middle group and I'm gonna take some of the advanced middle group And I'm gonna put y'all with a slightly behind group and you just you get people to meet them where they are and Grow them with whatever skill, whatever topic, whatever technique, whatever Subject, so that you can help educate the whole group and the whole don't leave anyone behind thing It's and it becomes like a team effort and it's great. So that's the whole thing with coaching shenanigans.

Speaker 2:

Coaching is a bunch of shenanigans.

Speaker 1:

Let's be honest. It really is a lot of shenanigans to go on a coaching. But it's just because you have to. You know, and again to your point when you're This is the problem we have with a lot of technical people, a lot of technical people and this is why there's a difference between Being able to be technical and being able to speak to executives.

Speaker 1:

A lot of technical people cannot speak the language of executives. They're, and I gotta be honest, i've talked to technical people that talk way over my head and I've been doing this shit for like 20 years like Well, and not even CEO, just layman, just someone who's not technical.

Speaker 2:

It doesn't see you use a certain vocabulary. You can just talk to Judy on the streets. Hey, let me explain this concept. Oh okay, i got it technical nerd, technical nerd, technical nerd, talk.

Speaker 1:

Well, she doesn't get it, so yeah, And so and this is why I think we have an issue with a lot of our cyber awareness training And this is where I think it really would come into play is being able to break things down So they understand it, and let's be honest, that the CBT training is complete garbage, and anybody who thinks that's a great idea for Learning cyber awareness to a bunch of people that gives absolutely no fucks about You know cyber awareness as it is Yeah, you're wrong. It is the worst thing you can do, because they're just gonna click through and like can I take this test Retake? take this test retake, take this test retake. Okay, i pass now and go about the merry way.

Speaker 2:

I have a question. Yeah, what is CBT training?

Speaker 1:

Computer-based training and it's all this stupid computer trainings you do when you started a company.

Speaker 2:

I knew that.

Speaker 1:

Yeah, and it's. It's one of those things that We got we had in the military. The military was the worst stupid Jeff. He was an asshole. Anybody who's in the military or was in the military knows exactly who I'm talking about.

Speaker 2:

Oh.

Speaker 1:

No, no, no one like. But that was like the worst. So what we did is us being in cyber and IT? well, we found ways around the course. We would be able to find the URL and like true, true, true, true, true, true, true. Okay, i could take the test now and you never went through it. Because I like, why, like? I do this for a living. I know what not to do. Let me take the damn test guilty, all right, like It's like. If this is what I do, why do I need to? I get it? We all fall victim to this shit, but it does not mean I have to be Reinformed how this works. No, like, i know how it works. I know what to look for. Just, sometimes I'm in a hurry because I'm a jackass and I go click shit. Yeah, should not have done that.

Speaker 2:

Okay, i'm gonna a saw, he knows. Oh Nice, because I said I'm still.

Speaker 1:

I'm still on my IPA, but it's not my first drink of the night, so you know neither is mine.

Speaker 2:

I had the two cheers, my friend. I had the two Guinness, you remember.

Speaker 1:

Yep.

Speaker 2:

Yeah.

Speaker 1:

If you can bypass the test and you're already cyber aware.

Speaker 2:

So yeah, i have to do CE use for my medical coding and They bet has.

Speaker 1:

We, i gotta do them. I still got a look. I got to check my cispy and like my search and see where my CE use are at, because I'm kind of like I really care about these certifications anymore. I do the job on a daily basis and I'm always researching but I don't have the brain capacity to sit down at a webinar. I'm like all right, let me listen to this dude drone on for an hour.

Speaker 2:

He's not even drinking.

Speaker 1:

This is gonna be a long one Like this is why when I go to conferences, i go to network. I don't go to conferences for the talks, because I can't personally. My brain doesn't work that way. I can't sit there through that and just watch somebody talk.

Speaker 2:

Well, it'd have to be really fascinating.

Speaker 1:

Exactly, and it would have to like include a lot of fun interaction and stuff like that. At least on this show you people can talk and I can have them, you know, time in and ask questions, and it actually makes sense.

Speaker 2:

Yes, it would be my work.

Speaker 1:

They have us run CBT's at a minimum of every quarter And we have to run them for the project we are on as well. Oh, i'm sorry, that's tragic, yep James. Hopefully That can go away as soon, because I hate CBT's.

Speaker 1:

This is the problem I have, though. I can't do web-based learning at all. I can't. I Don't work. My brain doesn't work in such a way that I can like watch videos of like oh, this is how you use our product. Can I just use your product and figure it out, because that's all I learned? If I'm not using it, i'm gonna my brain goes and Monitor to here we go, i'm going to forget.

Speaker 2:

it's like okay, one hour training, i forgot everything. but thanks, i'm gonna go for it.

Speaker 1:

Yeah, so it's just one of those things that I don't. My brain doesn't work well like that. I got to be in a classroom I had never reversed engineered anything and I went to the Graham class for sands. And because I got to go, hey, i got questions. Hey, can you, can you help me? Hey, can you explain this concept in a little bit more detail? because I think I'm there But I'm not all the way there. Like that helped and that's how I got my gram, not because I knew what the fuck I was doing, but because I was able to ask questions and understand the concepts and then take those concepts with me to the test.

Speaker 2:

Right, figure it out.

Speaker 1:

But now look, i ain't touch reverse engineering shit since I got the certification. So somebody asked me to do it now, like let me pull out my books and see if I can figure it, because give me a minute, i'll go figure it out.

Speaker 2:

Let me get back to you.

Speaker 1:

Yeah, I had a 17 year old run circles around me when it came to reverse engineering stuff.

Speaker 1:

Oh no like literally, I was like We were talking on discord, doing some stuff on hack the box and working through some things, and After a while he was like, yeah, go do this, this and this. He's like you're using the right program. You just got to be able to do these things and then you'll see it eventually. At this point I was like alright. I was like I gotta ask how long you've been doing this and how old are you. He goes I'm 17. I don't even do this for a living. I was like What homie the west? so you're gonna put me in a class and me and you were gonna sit down and we're gonna figure it out.

Speaker 2:

I Know, teach me please. Yes, but hey, i mean learn from the babies. They know what they're doing some of right, amanda.

Speaker 1:

We are talking about reverse engineering, malware. Well, that's what we just the subject We were just talking about, which basically says take a program and or malicious program, find out how it works and how it was coded and what it does. That is reverse engineering. You basically run it through a program, let it run on its own, find it step by step and stop it when you can. Goodbye, guys, see you never. He, he, he. Okay, i'm confused. Moon.

Speaker 2:

Okay, bye.

Speaker 1:

Anyways, bye, i'm still listening. Okay, cool, glad you're listening, but I just, yeah, i think coaching and I think just everything in general, people don't realize how much of other career feels Feed into cybersecurity in the things that we do on a day-to-day basis And And that's the military too that, like that, is a huge problem with the military they don't know how to transcribe their experiences onto a resume so that it fits other jobs and And that is a huge issue with with people that are retiring out and even going through What did we call it SFL taps? so for the army, they call it soldier for life, transition assistance something, but it was basically a program for soldiers transitioning out and they do a resume class, they do a LinkedIn class, they do other stuff and And I still don't think the resume class taught people how to properly transcribe their experiences and what they went through and what they did as a job and Into civilian Skills translator.

Speaker 1:

Yeah, yeah, and I don't think, i don't think they do a good job of that.

Speaker 2:

Well, a lot of a lot of us don't?

Speaker 1:

No, that's anywhere. That's any job Yeah.

Speaker 2:

I don't. I take, you know, i've had, you know, these different jobs. It's like, oh, you can completely apply for this one, how You've got these skills. Where This means that this means that I was like, really, that's what that says. Okay, sure, how do I say it? and I, they have to show me how to reword it so it actually matches What the skill is that the job was looking for. So, yeah, i think I had to learn. Yeah, a lot of people do a lot of people do.

Speaker 1:

I mean I locked out. Coming up and growing up in IT, i had my first computer Was a DOS 3.1 system and it was a Packard Bell, i think, jack, you know.

Speaker 2:

I.

Speaker 1:

Right back in the day with like the five meg hard drives like they were garbage. But they bring commander Keen and Wolfenstein 3d like a fucking champ. That's all I cared about.

Speaker 2:

I didn't have fluffy just.

Speaker 1:

Yeah, they did the five and a quarter, not the three and a half, the five and a quarter, but it did have a three and a half also. But it had both of them Right because your storage okay went from like 256 K to 1.44 meg.

Speaker 2:

Remember that we were so excited.

Speaker 1:

I love it but why you bought it for me? I got one, two, three, four. I think I like six of them. I got six.

Speaker 2:

Well see, i'm a lot older than people think I am, so I mean, i literally remember when those came out and a few things quite a long before.

Speaker 1:

So the best is, millennials grew up before and after so, but the millennials came up without the tech and with the tech, yeah. so what a lot of people don't realize is guess what I've been around since home computers first came around, because, even though they, hit in the 80s.

Speaker 1:

Though the first computers hit in the 80s, they really didn't go mass market until early 90s. That's when they really started hitting the homes, and so in the 90s is when I got our first desktop. My dad was a PC person. My uncle had a Mac 2 or Mac 1.

Speaker 2:

I don't know, he had the original Macintosh.

Speaker 1:

I Hated Macintosh. At the time I was like this garbage. Never understood why. I was a kid, i had no clue. I just knew my computer could play games and his had crappy games and I could play Oregon Trail and Commander. I remember that I mean I. We were on tiktok live the other day just talking about the old tech that we all had like growing up, with the NES and You know Castlevania's in the, and even though it says do not blow on cartridge, you're still.

Speaker 2:

Down exactly what you did. Shit Didn't work.

Speaker 1:

Cardboard and shove it in there to hold it down.

Speaker 2:

All those, all those things? yes, absolutely so.

Speaker 1:

I mean, we all came up in it. So I truly think that just about anybody. If you have used a personal computer at all in your life, you already have more experience than some other people that are actually doing the job or trying to get into the job. There are some people trying to get in that had never touched a computer And you ask them how to turn on a computer and they're like, and you're like.

Speaker 2:

I really want you to be joking right now.

Speaker 1:

Yeah, I'm not.

Speaker 2:

No, no, no, no, no All right.

Speaker 1:

So let's put it this way. There are people that I have talked to. Now they may have been joking with me. I pray they're joking with me. I prayed to all the gods that maybe they were joking, but I'm talking people seriously. Maybe maybe use the word processor at one point in time in their life or took a typing class in high school And we're like so I've been doing like this job for 30 years and I want to be in cybersecurity now. Cool. Do you know what the internet is? Yes, okay, we've established that. Do you know what Google is? Yes, it's in the media all the time. Okay, we've established that. So what do you want to do? Well, i don't know What is cybersecurity. I just hear the term all the time And I'm just like so you got to go do some research and then come back.

Speaker 2:

No no, no, no, That's probably why I've been watching a lot of your videos, because I've heard you say that before. It's like I'm happy to help you. What do you want to do? Okay, go figure that out first and then come back and talk to me.

Speaker 1:

So I've been watching a few of your videos and a bunch of other people's videos, so working on it And me and my friend Amanda who's in the chat she's one of those that I love her to death and me and her are working on it, trying to figure out where she'll fit in. And she understands that like she doesn't really understand the field necessarily, but she's good at in the field, without realizing it. She's an investigator, osint, like, does a bunch of stuff, and did not realize she was a security person until I explained to her actually everything you do could be used for a red team. Just saying Nice.

Speaker 1:

So she is good at a lot of things, And so me and her have talked about it. So it's just a matter of figuring out how to get the training so that she understands the terminology. So when you're good at it but don't know the terms, you've just been doing it.

Speaker 1:

It poses a challenge So that's where me and her are working on right now, trying to figure out the best way to get her to learn that. But she will be on this show eventually. Yay, eventually. Once we get her comfortable enough, i'm going to have her own walk with me first, before she's on this one. Okay, that's cool.

Speaker 2:

So walk with me is good. I have seen a couple of videos for GRC and thought, because I know during those two conversations HIPAA was mentioned and, being a medical coder, i'm saturated in HIPAA, hipaa and high trust So I was like, oh, i might have a good idea.

Speaker 2:

And then I heard a young man that I cannot remember his name. This guy with a face did a video interview and talked about you know, everyone's wanting to get into cyber. Everyone wants to get into cyber And pen testing is a hot new thing and team blue, team red team, all the things. And he's like I have an excellent idea for you to get in quick and fairly easy and slide right on in their first job and then laterally transfer to wherever you want to go. Hit me, garbage jobs. Why would you call it garbage? He's like find a job no one wants to do, okay, okay. And he says the first thing out of his mouth was the words. Were the words it? auditor.

Speaker 2:

I was like huh, he's like it's boring. And I'm like, is this a sales pitch? It's boring, no one wants to do it. And I'm like that doesn't really sound all that awesome. And it's like, well, since no one wants to do it, guess how many jobs? So slide your foot right on in there, do a good job talking to the C sweet CEO, cio, cto, cfo, c3po, like my friend Dax says and you're making all these friends And next thing, you know, you do a good job. Latter way transfer to something you really really want to do, not to mention, you learn a ton of information. the entire time I was like I don't think I can do that.

Speaker 1:

Yeah, it's for it. That's the big thing is what a lot of people don't realize. You don't see IT auditor, security auditor, all these things. You don't necessarily have to know all of the technology or how everything necessarily works. You need to know the regulations Through learning the regulations, through learning the HIPAAs, the PCIs, the SOCs and everything else NIST and CIS then you learn okay, well, how do we address this? Oh well, you need a firewall, it needs to log, it needs to go here. We need to have centralized logging.

Speaker 2:

It needs to do all the things, yeah.

Speaker 1:

You need to figure out what those are and dig in. that way I can actually do it. I don't need to rely on someone to answer these questions for me. I can look at it and just know It leads you down that path that I think GRC is really in any type of auditor role. It's really a good starting point. I'm glad you brought that up because as much as I talk about how good GRC is and I really do I never thought about how good maybe an auditor starting point is for a lot of people trying to break into the field. because you do. you get to evaluate all of these different technologies and all of these different standards and learn the verbiage and acronyms and everything else behind it, because you have to know it to do the job Right. But instead of having to have hands on tech, you get to at least get the verbiage and then you can learn the tech.

Speaker 2:

You mean all of these acronyms?

Speaker 1:

Oh goodness.

Speaker 2:

I'm studying for the security plus and this hurts.

Speaker 1:

I lucked out. I ain't gonna lie, i was very lucky growing up in that I knew I loved computers and IT and this is what I was going to do. Now, i did not know I was going to go into cybersecurity because it wasn't a thing when we were growing up. I just knew I loved computers and I was going to be a work on computers the rest of my life. Then, in 05, 04, whatever wireless came out and I broke into my first wireless network. I was like, oh, i'm going to be a hacker, so I'm going to do. I thought about that Actually.

Speaker 2:

I thought you talked me off of that.

Speaker 1:

And then I learned after being a pentester how much paperwork was involved and was like, yeah, no, i don't want to do this. So I'm good, thanks, i'm not in the scope. Companies use it as a checkbox. When you sit here and tell me I have a week to do a test, but you're only allowed to test this subset of my network, i'm like then what am I doing? Yeah, because the attacker doesn't give a damn. The attacker does not care what network you want to have tested. They're going to hit whatever they find. They have my Yeah, and so I look at it and that's where. So the company I work for now We offer a service called attack surface validation And that's us basically going through checking all OSINT, checking everything we can find, and you know, if we find a path, a potential pathway into your network, whether externally or whatever OSINT, whatever we find, we'll let you know.

Speaker 1:

Hey, do you want us to proceed and actually test this and see that if this is actually vulnerable? And if they say yeah, then game on, we go. They say no, it's too sensitive, all right, cool, just won't let you know. This is a potential threat to your network, going about our way. But that's the service we offer and we do it. It's a continuous thing. So you're not stuck into this timeframe of oh, you have a week to test this and then like a week or two to write the report. It's you're paying six weeks or whatever a year of service and we're constantly checking in, looking and seeing what's out there And if we find something we let you know That seems so much smarter than the other way.

Speaker 1:

Yeah, so the other way is great for assumed breach. That makes sense Because, from an assumed breach perspective, you're testing either tools If you do it right, you're testing all the tools. So, if they have a SIM, if they have EDR, if they are like your endpoint detection response, if you have anything like that, or even a managed detection response team, like a critical start or an expel or something like that, then you have the ability to really test their functionality and their capability of stopping you. So, because you're running the loudest tools, if you're doing a pen test and not a red team engagement but a pen test you should get caught. You should have noise out there that sees what you're doing. And if nobody stops you or alerts any other team and says, hey, is this you? And you say, yeah, i'm white listed, i'm going to be doing this, or whatever, just letting you know my IP address is so you're aware of it.

Speaker 1:

If nobody challenges you, then there's a problem within the blue team of your organization And that's where the purple team effect comes in. That's where all this other stuff works out. And so, from an assumed breach perspective, yes, pen tests are great. From an external perspective, you got to give people time, i'm sorry. As good as security is these days from an external perspective, sometimes it takes a lot of digging to find the holes that actors have. Years They want to go after you. They'll wait, you know that's right Just so wait for the leak.

Speaker 2:

I'm going to be here Wait.

Speaker 1:

Don't wait till somebody's credentials get dumped And then they'll like up. There's my way in.

Speaker 2:

Right there.

Speaker 1:

And they won't do it through. The credentials won't get dumped through you, it'll be through like a LinkedIn that said, oh, somebody got into LinkedIn and dump all of these passwords and all of these usernames, which now have corporate usernames and people like to reuse passwords. So now we're going to go in and we're going to do it that way. Or you have things like war You left a VPN exposed, you don't have MFA, we're going to try to the generic log into your VPN. Hey, it worked. Or we have someone's username and password Hey, it worked. So now I'm on your network.

Speaker 1:

So all these things that companies don't have the time to validate and from a pen test perspective externally, i'm going to do a scan. I'm going to get with whatever scope you give me. If your VPN is not in that scope, i'm not going to see if your SharePoint site or something isn't within that scope, because you're like, oh, this shouldn't be available externally, so we're not going to give the external IP for it. And then, guess what, you're not getting tested, which means somebody's going to find the weakness And it isn't going to be up.

Speaker 1:

And so that's the sad part, and that's how, that's how people get caught, because they scope things down too narrow. And it's like you know. oh, only run your test on our test and dev network. Well, what about production? Oh no, that's too weak, it might go down. Which is probably why I shouldn't work on that And you want to know if an end map scan is going to bring down your production network. I'm just saying Wow. You want to know these things? Yeah, but why have you not fixed it?

Speaker 2:

Exactly.

Speaker 1:

Yeah.

Speaker 2:

I actually was put in touch with someone who's in the cybersecurity world and he gratefully I'm grateful to him for it but he talked me off the hacking ledge. No-transcript. He's just like it takes a long time to build those skills. I was like, and I'm an old lady. Thanks, man, i'll think of something else to do.

Speaker 1:

I mean, it's a good life. If you want to do it on the side and do things like bug bounties and you know stuff like that, where you can kind of work on your skill set and get side money, yeah, yeah, yeah, perfect, we'll side piece over here Right, kind of like my YouTube channel and my TikTok and you know everything else I do. I mean, if you want to donate or fund me at all, those links are down below. But no, yes, but if you look at it like bug bounties and people that want to get into the hacking side of things but don't necessarily want to work in a corporate structure where they're tied into scopes and paperwork and regulations and all this other stuff, a bug bounty is a great way to do it, right, because you have all the time for as long as that bounty program is open. Right, you have all the time to dig in, do your research, figure things out. Some of them allow you to use automated tools. A lot of them don't, which means guess what?

Speaker 1:

Now you have to learn. You have to learn. Okay, i see a login prompt. What would I do to attack a login prompt? What tools can I use to learn how to abuse it? Yep, or I have APIs, i'll just use those.

Speaker 2:

Hi I'll be with you, yes, a crab mom. So I warned you about my four year old tiny pirate, who may or may not interrupt.

Speaker 1:

There she is. I have five kids upstairs.

Speaker 2:

I completely agree, yeah, so she loves to just run in here and tackle me because it's so funny.

Speaker 1:

It's good times, it's good times.

Speaker 2:

Anyway, i was gonna tell you I finally took a look at the TriHackie Nice And I don't wanna get distracted yet. Right, because of the shiny, yeah, because I knew that all the time. Thanks, kid, i appreciate it. Bye, but I looked and I was like I didn't know y'all did that Damn. So I want to. I will get in and play, but I wanna finish my security plus first, because I get so Oh yeah, so I will.

Speaker 1:

Are you going through the same course, andrea is? Are you doing something different?

Speaker 2:

What course is Andrea doing?

Speaker 1:

Andrea? is it Ian? I can't remember. She's going through her security, plus course. also, she's actually testing on the 25th, if I'm not mistaken.

Speaker 2:

Yes, good luck, Andrea. I believe in you. I am doing just the review course, the freebie on YouTube by Professor Messer.

Speaker 1:

Oh, that's a good one too, you know that right Man throughs everything. Professor Messer is on point.

Speaker 2:

He's amazing, But I'm also in his discord, and his discord aside from there's a couple of trolls, but aside from those turds, it's phenomenal And you find that everywhere. Yeah, I know it sucks, but it's just disturbing.

Speaker 1:

That's like when I was going through OSCP. You'd go in and ask some questions of like try harder, bitch, don't go there with me. I've done everything under the sun. I need a hint of like where I'm going wrong with this specific tool, or am I looking down the wrong rabbit hole? It's in bitch and whatever, don't fucking go there. And they'd be like well, i'm like no. And so what I did is I took about like this time I met some really good people I took like six or seven that we were talking a lot and I pulled them into our own little group And so we had our own little private chat where, when we went into issues, we would bounce questions off of each other. And this is because what people don't understand is this is why I don't think any. No pentester knows everything. No, red teamer knows everything.

Speaker 2:

Everybody works best.

Speaker 1:

In teams It's impossible to know everything. So, like even going through my sans training and doing CTFs, me and my buddy would do things And I'd be sitting or banging my head on the keyboard. They'd be like, which question, have you looked at this? Not giving me an answer, just giving me an idea, like, oh, this port or this whatever, bang off the races. And I figured it out. And then he'd come up to me and be like, hey, dude, this number, what do you? did you do it? Did you figure it out? And we were on completely different teams And I'd be like hold up, and I'd go and I'd go over to him and be like, hey, you might want to look at this tool. I wouldn't even tell him what port, what tech, no, this tool, look at this tool. He'd be like shit, should have done it. And he'd go and do it. But that helps, yes, so nice. Yes, and that's the big thing is like don't tell me, try harder.

Speaker 1:

Like dude, i've been banging my head against it for days Like that is, you don't understand what I've done, and so we work together of like, hey, you might want to like, look at this tool, or you might want, look, you're going down a rabbit hole. You got to look at, like, this port or this application And that's what we do. The worst I ever had is I had a guy reach out to me And now, if you're going for your OSCP and this is the problem I have with the OSCP, one of the problems I have with the OSCP right now at the time it was supposed to be like because they had not come out with their advanced search just yet. So it was supposed to be like if you do your OSCP, you know how to break into computers, at least at a very basic level. You could crack passwords, you could do all this other stuff And you didn't really need help with it. You could use everything. You could use Metasploit, you knew how to use all the tools. You know how to do everything manually. It worked.

Speaker 1:

And so when I was going through the course and I had a guy reach out to me, he was having an issue with like two of his boxes And it was just in the lab, it wasn't like on the test or anything.

Speaker 1:

He was, hey, i'm trying to do, i've hit this box and I don't know what to do. I said, look, all I'm going to tell you is learn how to crack Windows passwords, because at the time you had access, you had full admin FTP access to all of the files that you needed to crack Windows passwords. You just had to know which files you needed to use JTR or John the Ripper And he was like okay, and then he came back What files do I need to crack Windows passwords? Not telling you. And literally a quick search on any search engine It could be Google, duckco, you name it and say how to crack Windows passwords will give you the files you need to combine and do this. And so that is where I have an issue. If I tell you what needs done and you don't look up how, then I got nothing for you.

Speaker 1:

I can't help you.

Speaker 2:

But yeah, it's been a great community to learn and it's a great alternative way for me to really focus, just because reading through the oh so boring.

Speaker 1:

The lip.

Speaker 2:

it hurts, it's painful, so how do you go through? It is, but having them do these steady groups, and the way Professor Messer teaches us to do the things and explain it, and all the whatever. I am so very happy to come here. do you want to say hi? Come here, say hi to everybody, come here, kid.

Speaker 1:

It's her password, password also.

Speaker 2:

Tiny fart Say hello everybody, hello, hello, yolo. Go, take Ballerina to mommy and tree will help her go. DP and Coo-Poo in the party. You can have a cough drop. that's awesome. Oh, you don't like those. put those away.

Speaker 1:

It's sherry.

Speaker 2:

Here, take this one, Yay, And then you can go. Can you go? take that to mommy and I'll talk to you later. Close the door please.

Speaker 1:

Is it sad that having five kids, is it sad that having five kids, the first thing that comes to mind is fuck them kids.

Speaker 2:

Yes, And now I know what I was talking about.

Speaker 1:

So anyway, take the test in July So. Don't pass it. I hear there's been a lot of changes. I got mine in the 08, mine's a lifetime search.

Speaker 2:

That's how my teaching license is in Texas state.

Speaker 1:

Oh is it.

Speaker 2:

I have a license, and not long after me they changed it, so I should still be on the books there. I just don't want to ever go back there again.

Speaker 1:

That's what's great, And in 08, I was in the international guard just before I went out to do the army And I need another beer. But I was. You should see all the bottle caps in front of my label on it right now. It's probably like two or three, it's probably like three or four weeks of beer that are like in front of my monitor at this point of bottle caps. That's hilarious, That's cool. I start a beer's away and then I go look and I'm like, oh, bottle caps.

Speaker 2:

Well, and I just got off. I hit a biotics yesterday, so today's my first day I'm even allowed to have a beer.

Speaker 1:

Oh, so you got to do it right.

Speaker 2:

There you go.

Speaker 1:

Yes, i'm very happy, so I'm glad you're off antibiotics, so hopefully that means you're doing well.

Speaker 2:

Well, I had a tooth extracted.

Speaker 1:

Ah, so you didn't want to do what I did.

Speaker 2:

Which is What did you do?

Speaker 1:

I know I was telling this story. But this story is going to be good. Oh no, i was in my twenties. I was early twenties And when I met my wife, i'd never had any of my wisdom teeth pulled. Oh no, my wife being in dental she was an expanded functions dental assistant at the time. Cool, she goes, you're having your wisdom teeth pulled. I said no. She said oh no, and I don't even. We weren't even married yet And she just looked at me. She goes you're coming to my, you're coming to my dentist's office and he's pulling your teeth. Fuck you, fuck you. You're lucky, i love you. Okay, and so I Go and I get my teeth pulled, and I think I only had like one or two at a time. I think it was two at a time. They did one side and then they did the other side, and so So they do the two and they put me on.

Speaker 1:

I want to say, was perc is sets, do the perks or bike it in, so I can't remember what they put me on, but I didn't get me high like it's six, three, two hundred and like forty pounds, like They put you on the lowest those possible and say this should take away some of your pain. You'll be right. Unfortunately It was also a holiday and so Holiday, like going into a holiday week, i believe. So my mother-in-law Was making like hammer turn, i don't know. She was making something and was using course light to put beer And it was a ham, i believe. Okay, she's like half a course light into the end of the pan. It comes over to her mom.

Speaker 1:

So my wife's grams and was like, hey, i got half a beer. Anybody wanted? I was like, yeah, sure me. And I had just taken, probably less than an hour before, my painkiller And so when I I literally down the entire half a can, i was like it's half a can of course light. Like seriously, that's nothing, yo. I was like With in probably 10 to 15 minutes if that. I was like, oh, oh, this is why they tell you not to mix colors and alcohol, got it? Oh.

Speaker 2:

Understand.

Speaker 1:

And so I did not. I don't do it no more because No, if I'm on painkillers. No, no, no, no, no. I don't like that feeling. It was hilarious. But I don't like that feeling when you're feeling lightheaded and, like you're floating, not something.

Speaker 2:

Touchdown.

Speaker 1:

The plate, please, and put my head back on my body. You know, but you know we just talk about anything.

Speaker 2:

I Anyway On a direction. Okay, cyber, i'm thinking definitely more team blueish. Yeah, purple ish, team blue ish. I'm hitting on that side of the world, so Just trying to.

Speaker 1:

I mean we need more, more good people on the blue team. We definitely need more good people in GRC, and it's only been because the media and everybody preaches this like They praised the hacking and that the red team side of things. But I believe in two, two theories. One is you need to know one to know the other. So, in order to be a good blue team, or you need to understand what logs are being generated by red teams So that you know what to find. And the other thing is To be a good red team, or you need to be a good blue team, or because you need to understand What security tools are out there, what EDR is out there, what simtals are out there and everything else like that, so that you know how to find your way around it. You cannot break through a system if you don't understand the security mechanisms in place. Right, you cannot secure a system if you don't understand what policies and procedures to put in place to stop people from exploiting all your shit.

Speaker 1:

Right, you got to know one of the other exactly and GRC just helps you check the box of saying do you have an EDR? Yes, yes, do you collect logs Yes. Can you access them? No, maybe. Sure yeah yeah, we got that.

Speaker 2:

I've been working on trying to, because it's I was. I watched your original interview with Misha and Then I watched the one that you guys, the last week thing where she was on with her friend, christine, i think, um Them talking about. Well, she and I Misha and I share a background of medical She's also in healthcare, doing the pharmacy thing and just It's such a large amount of information When you decide, yeah, this is where I want to go, i want to head towards cyber security, okay, welcome. Here is now a tsunami of information for you to siphon through and try to find a path and figure out what you want to do and all the Things, and it's just there's so much to find.

Speaker 2:

Not just like you know, i'm setting for a test and there's a lot for the security plus test, because, oh my god, but just Team blue team, red team, purple team, oh, grc team, oh, what's that over there, maybe I can know what's that. Oh, no, what's that? There's just, there's so much Which is. I spent many nights up until the we, which is I like being up to the wee hours because Brainworks awesome at 3 am. But oh, you too, oh yeah.

Speaker 2:

Ever since I was little tiny, but I got in trouble all the time. God I bet. But I'm wide awake.

Speaker 1:

I got another story for you on that one, but we're gonna let you finish no, i just I was trying to, okay, cyber, now what?

Speaker 2:

okay, there's like all of these things and then all this, it's just, it was an enormous, enormous, enormous, overwhelming amount of information to try and Find a path. Well, what do I like? What do you got? so it's just, it's a lot. It's just get in and figure out Which path that that right there by itself, there's just a lot. No, which now are you know? that's right, so that's my favorite. Oh, I think, It's just like from 11 pm To almost five or six in the morning. I'm so happy.

Speaker 1:

Well, what sucks for me is so I Prefer to work during the day. Let me and this is what's gonna get weird. I prefer to work during the day. That way I'm with, i can talk to team members, i could do what clients, i can do what I need to do. However, my brain works best and functions best if I stay up way too late And then, at about 12, midnight, one o'clock in the morning, i sit down on my computer and decide I'm gonna get some work done. Then, all of a sudden, something that would take me a week to do, i get done in 10 minutes 10, 30 minutes.

Speaker 2:

Yeah, last through it.

Speaker 1:

Why does it work this way? guilty?

Speaker 2:

Best time I ever had was when I worked night jobs Because I was wide awake, the best one. Does I hit that wall? Yeah, loaded what loaded boxes at UPS when I was in high school best job, just because you know high school and we were crazy. It was a crazy crew and I was the only girl Throwing boxes on trucks great until you were better than all the dudes that were there.

Speaker 1:

You're just like fuck you, homie. Let me show you how it's done. I.

Speaker 2:

Didn't either confirm or deny that.

Speaker 1:

When you're showing all the guys up, when you're in high school as a girl you're like you know what hold up. I got two for you. Let's go.

Speaker 2:

We had so much fun. I worked from 11 to 3 in the morning. It was perfect. But then it's like certain certain hours of the day I can blaze through, but a lot of the days just I don't know the witching hour.

Speaker 1:

I love it, i completely get it because it is. It's one of those things where I have to. I have learned to adapt my body to work during the day because that's when, again, all my clients are awake, that's when business is done, that's how things are handled, mm-hmm, especially now being in management. I have to be available And my team is. But, yeah, you put me on a night shift like you. You, if I stay up way too late And I'm up at like, if I'm up at midnight, one o'clock and I have not slept yet, i'm not going to sleep. I'm probably gonna end up back on my computer editing videos, doing things that I've been saying I was gonna do for the past two weeks and Yes, Just gonna happen.

Speaker 2:

It's beautiful. I love it and then, on top of all of that, i have a chronic illness. Well, i have rheumatoid arthritis. Yeah, that in our, in my different support groups. A lot of times we're on the Facebook because that's where we all are. Uh hey, if you're a am check, check in who's awake. New Jersey, texas, california, let me see at it.

Speaker 2:

We're just, we're all awake because it messes with our sleep. So, on top of me being a natural night owl and my brain working beautifully in the witching hour, on top of that now I get the bonus of I just don't sleep because of the the illness. So But I tell you what I did a lot of research done, so that's tsunami of information I talked about. I made a lot quicker progress than I expected. I'm still working on a few things, but, but I'm awake. I got nothing to do. I'm not gonna sleep anytime soon.

Speaker 1:

I ain't no one gonna bother you.

Speaker 2:

It's quiet, i can focus, i don't have the tiny pirate attacking.

Speaker 1:

And that's the biggest thing, and see what my problem comes down to is just how me and my wife are. Uh, and it's not actually a bad thing, but it's if I'm in bed. So like I have an issue. Like I don't mind travel And at all, except for the fact that I can't be gone too long. It's my time in the military. I just can't be gone too long. But When I go to sleep, if I know, if I see her on her computer and I know she's gonna fall asleep on the couch, i end up putting on tv and falling asleep on the couch. I cannot sleep in the same, i cannot sleep in a different room than her.

Speaker 2:

Oh, that's sweet.

Speaker 1:

So if I wake up at like one or two o'clock in the morning And because of my back or whatever else I don't get out of, i'll go to the bathroom and I'm like I'm just gonna go curl back up in bed next, sir, because I don't know the next time I'm gonna be able to lay back down in bed, um, and so it's one of those things that, for me, is just. I look at it, i'm like, yeah, i technically could get up and actually be really active and get a lot of shit done, but How often do I actually get to lay in bed next to my wife? That's not that often. So We're gonna go do that So. And then I get warm and I don't want to get out of bed anyway. So I just curl up.

Speaker 1:

I'm just wide awake, so I could be like, literally from the time I step my, by the time my two feet hit that, hit that carpet. I'm like I should be up and moving. But there's a lot of nights I'm up and moving. I'm like, let me lay back down Right and I'm a heavy sleeper. And it's funny because I'm one of those that a tornado could literally tear through my house and it wouldn't even wake me guilty.

Speaker 1:

Oh, but Oh yeah, i've always been that way. like it was funny growing up in school, because like I'd be on the bus to school And you know how some people rest their head on their hands or something like that me might have a girl like this Right on the window. Oh yeah, i'll be out and they wake me up when I go. How do you do that? Do what?

Speaker 2:

Literally, the bus is going like this and your head's banging on the window and you are out and I'm like I don't know, i'm just I Did ask that all the time on a plane, oh, all the time On a road trip, if I'm not driving, i need you to stay awake now. Yeah, okay.

Speaker 1:

So my wife used to get mad at me because When we would drive to and from different places in the army I have to be the driver. But there were occasions where she saw me getting tired Yeah and she'd like, uh, i'm taking over, no, you're not.

Speaker 1:

No, and so I'd have to, like, stop to go to the bathroom or get gas and get out of the car. So what would her ass do? she'd get in the driver's seat, driving no more. We start going and literally within like five, ten minutes, if she wasn't talking to me, i'm out, i'm out, i'm just done. That's hilarious, but yeah, that's how it is. But this is again why in cybersecurity There's so many different personalities.

Speaker 1:

There's so many. Some people are night owls, some people get the most work done at night, some people get it done during the day. Not, i'm gonna be honest, i would probably venture against. 60 to 70 percent of cybersecurity does not want to touch foot in an office. That's and that's. That's on the low end. I'm saying 60 to 70 percent on the low end does not want to step foot in an office. Why? because you have two types of people the introvert that doesn't want to be around people anyways, or the extrovert that knows if they go to an office They're not going to get any work done because they're going to be talking to people all the time. So Me, i know, on the type that if I get, if I get put back into an office setting, ain't shit getting done, because I'm literally going to be there. They're going to be like hey, i need you to go talk to Sobe, and so We need to figure this out. Three hours later, i'll be coming back to my desk.

Speaker 2:

I'm the extroverted introvert. You guys talked about this a couple weeks, either last week or couple weeks ago. The extroverted introvert, it's like teaching. You can't really be an introverted teacher, that's just. I mean, if you are, then you might mean you might not do very well, depending on the kind of teacher you are. But the extroverted Teach, have fun on the stage, teach all the things and then come home Don't talk to me. I quiet, i go into my cave and hide, i go by myself.

Speaker 1:

Yeah.

Speaker 2:

Yes, all of that, Yes, yes, just come and hide in my little hidey-o I do, i just it's to me I too much people like I, but not a lot of people.

Speaker 1:

I can't go out to bars anymore. I never did So. Growing up I was a bouncer, i lived at bars and I've done a lot of different things. I don't like bars anymore. I think it's more because I have grown up and realized the stupidity of people when they get drunk. Especially being a bouncer and also seeing my family and some other people Like I've seen how people get stupid when they drink, do the things Yeah, and I don't want to be around that.

Speaker 1:

Um and it's really expensive Also. So for me I'm like I don't want to do that, but you send me to a conference all day I can go to. I can go to cyber conferences and network and bullshit with people All day I think it's a lot. Yeah, i could work from home, but you put me in an office. I'm gonna get spent, burnout and don't want to be there.

Speaker 2:

No.

Speaker 1:

Like because, because someone's gonna find a reason to bitch, it's either. The last time I worked in an office, it was oh, you're smoking too much. Oh, you're never at your desk, oh, you're doing this bitch. My work is done. I don't know what the hell you want. I deal with it. It's like you're you're going outside every hour, yeah, to fuck. So what? At least I'm getting work done. Well, people are seeing you. Yeah, because the smoke pit is right behind the building and there's a ton of windows right there.

Speaker 2:

There, so I have to go there to smoke.

Speaker 1:

I can smoke at my desk.

Speaker 2:

But a lot of people will be pissed, so right.

Speaker 1:

And so it was just one of those things I prefer to like be at home because I can get up for my desk. Go have a drink, right, like I. There's days actually the best part about where I work now Thursdays I've shown up to work in a sleeveless shirt and been on video wearing a damn thing, not even cared, and they're like. Actually, i went to one meeting with my sunglasses on Nice. Anna was like What's up? What's going on? They were like our nose. The sunglasses you were talking about. You were ordered. You were waiting for damn straight.

Speaker 2:

And thank you for noticing.

Speaker 1:

Which, by the way, two of my monitors that are hp. I can't see the screens at all because the light that it missed from them My glasses block out, but my big gaming monitor is like 27 inches or 30 inches or whatever.

Speaker 1:

Yeah, if I'm looking at that one perfect sight, it's like, oh yeah, you can see all this. But if I turn left or right, they're like, yeah, no, you can't see shit. I was like this is weird. I'm like trying to hit refresh on twitter and I'm like where's the refresh? I'm like where to go? I can't see my cursor.

Speaker 2:

It was here. I need to get some blue light, some more blue light glasses.

Speaker 1:

So I got stokes blue light glasses. Stoke, stoke st Oh with the double dots above k. He came out with his own and their transition lenses also, so Their blue light lenses that if you go outside they turn into sunglasses. It's pretty cool.

Speaker 2:

I'm writing this down.

Speaker 1:

So I hope he still sells them Um. If not, I'll send you mine. I don't use them, I do.

Speaker 2:

I mean if. If not, then I'll just call you a liar and go find my repair.

Speaker 1:

Okay, either way works Okay, But anyways. Hey, we are well over the top of the hour. And major and please stay behind so we could chat a little bit. But otherwise, before we go, as we end every show, i want you to give some advice to all those that are trying to join cyber security. You're in the same position as them, so what? that's the advice you can give Advice.

Speaker 2:

Find your path and learn as much as you can about what makes you happy in this field. Wait through the tsunami of information And ask for guidance.

Speaker 1:

I love it because that's really what it comes down to. That's the gist of it. That's what everybody needs to do and again, finding the right role is going to take time. Finding the right place you want to be is going to take time. Have patience, even after you get certified. Let me put this out. There is my final bit of advice.

Speaker 1:

I retired out of the army as a 25 delta cyber network defender. I had four sand certifications. I had a degree in computer information systems and I had years of experience in it and cyber. It still took me, from the time I retired, another six to eight months to find a job, and that is fully loaded with certifications and experience. So for those just trying to break in as a junior, that has a security plus, maybe one more. Yes, the rules are going to come, junior rules.

Speaker 1:

When they show up, hr is a bunch of pain in the ass and and they put the bullshit regs out there. Don't go by that network with people. There are people like myself out there that I don't give a damn What HR says if I see your resume and I'm hiring specifically for a junior role I'm not looking for a degree, i'm not looking for certifications, i'm looking for passion, the ability to learn. Yeah, sometimes degree and certifications show that. If I don't know you personally, but if we've talked, if I know you, if we've communicated and I've seen you learn in public, i know you have the ability to learn and we're going to keep going with that. So network, network, network, network, network, network, damn it. That is my advice. Network, damn it, but otherwise look.

Speaker 1:

I love you all you are all my warriors, you're all my family. Thank you for joining us for another amazing episode of security happy hour. And don't forget, i drink because your password is password And I really hope it's gonna get changed really soon because, man, y'all make me drink a lot. Cheers, cheers, love you, take care and have a great rest of your weekend weekend.