Phillip Wylie Show

Summary

In this episode, Phillip Wylie interviews Marcus Carey, a prominent figure in the cybersecurity community. They discuss the importance of living in the moment, the power of positivity, and Marcus's journey from a young nerd to a successful hacker and entrepreneur. Marcus shares his experiences in the military and how they shaped his career in cybersecurity, emphasizing the significance of foundational skills and the role of automation and AI in the field. The conversation also touches on the Tribe of Hackers book series and the importance of mentorship and community in personal and professional growth.

Takeaways

• Live in the moment and cherish experiences.

• Positivity can uplift others, even on bad days.

• Every experience has a purpose and can help others.

• Foundational skills are crucial for success in cybersecurity.

• Automation and scripting can enhance productivity.

• AI is a powerful tool for cybersecurity professionals.

• Mentorship and sharing knowledge are vital in the community.

• Pursue your passions to find your superpower.

• Everyone has a role in the cybersecurity community.

• Start where you are and pursue your goals relentlessly.

Notable Quotes

• "You need to enjoy those times better."

• "Everything you learn is to help somebody else out."

• "Life is on purpose in everything that you experience."

Chapters

00:00

Living in the Moment and Embracing Positivity

06:34

Hacker Origin Stories and the Value of Learning

11:09

The Power of Automation in Cybersecurity

19:22

Exploring the Potential of AI and Blockchain

23:19

Starting with the Basics and Finding Passion in Coding

27:39

The Importance of Troubleshooting in IT and Cybersecurity

34:21

The Future of AI in Cybersecurity

36:05

The Role of Humans in AI-Driven Cybersecurity

45:51

Empowering the Cybersecurity Community through Tribe of Hackers

54:04

Being a Blessing and Sharing Knowledge in Cybersecurity

01:00:35

Pursuing Your Passions and Finding Fulfillment in Cybersecurity

Resources

https://www.linkedin.com/in/marcuscarey/

https://x.com/marcusjcarey

lWHcfYxqt8HRcXC1NwV6

About The Guest: Trey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Summary: In this episode of the Phillip Wylie Show, Trey Bilbrey shares his unique journey into cybersecurity, highlighting the importance of foundational knowledge and diverse experiences. He discusses the transition from red teaming to purple teaming, emphasizing the benefits of collaboration and community in the field. Trey also offers valuable advice for newcomers, stressing the need to understand the ecosystem before diving into offensive security. The conversation concludes with a call to build connections within the cybersecurity community to enhance collective defense against threats. Key Takeaways: * **Start with a Strong IT Foundation**: Trey emphasizes the importance of gaining experience in IT roles, such as help desk or systems administration, to build a solid understanding before focusing on offensive security. * **Embrace Purple Teaming**: The integration of red and blue team methodologies can significantly enhance an organization's security posture through real-time collaboration and feedback. * **Community and Collaboration**: Building trust and sharing insights within and between organizations can raise security standards and prevent breach incidents through collective defense strategies. * **Navigating Career Waves**: Opportunities often arise unexpectedly; being open to change and ready to evolve is key to a successful career in cybersecurity. * **Value of Threat Informed Defense**: Understanding your infrastructure and potential threats is crucial for implementing effective security measures and focusing your resources where they matter most. Notable Quotes: 1. "It's okay to not know your path right now. Dive in, do something new\...it's going to make you better for it." 2. "If we could bring all of that stuff together, that's really what makes an awesome purple team engagement." 3. "Community—we're all in this together. These threats are working as teams, they're crews, they're all talking, they're all communicating. Why aren't we doing the same?" 4. "If you understand how the ecosystem works...it's going to make you so much better." 5. "We need to engage our local communities...we've got to talk. We got to work together." Resources: https://www.linkedin.com/in/georgebilbrey/ Chapters 00:00 Introduction and Hacker Origin Story 08:38 Exploring Different Areas of Cybersecurity 12:48 The Importance of Hands-On Experience 18:28 Transitioning to Purple Teaming 25:06 Planning and Executing Purple Team Operations 31:04 The Role of Cyber Threat Intelligence 37:41 Building Community and Collaboration

About the Guests:

Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg's background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John's journey began with a passion for hacking at 17, which led to a diverse career across IT roles, eventually specializing in penetration testing and red teaming for global companies. Together, they offer unique services aimed at elevating cybersecurity standards through White Knight Labs.

Episode Summary:

Dive into an engaging conversation on The Phillip Wylie Show featuring Greg Hatcher and John Stigerwalt from White Knight Labs. In this episode, the duo returns to discuss their explosive growth in the cybersecurity space, emphasizing their dedication to providing top-tier penetration testing services and innovative training programs. Greg and John highlight their focus on delivering comprehensive security testing, not just ticking compliance boxes but aiming to identify potential threats that could cripple a business financially.

As they delve into their services, Greg and John emphasize their approach to cybersecurity assessments, distinguishing themselves by employing senior engineers for direct, high-impact testing rather than a flat-rate service model. They discuss their various training programs, including offensive development and red teaming operations courses, all tailored to stay hyper-current and relevant in the fast-evolving cybersecurity landscape. The conversation also navigates through intriguing war stories from their physical penetration testing engagements, offering listeners a peek into the challenges and excitement of real-world security assessments.

Key Takeaways:

• Comprehensive Cybersecurity Services: White Knight Labs focuses on delivering more than just compliance-driven testing, aiming for substantial security insights to protect businesses.
• Advanced Training Programs: The company offers courses on advanced red teaming, Azure penetration testing, and entry-level certifications, ensuring students gain hands-on, up-to-date skills in cybersecurity.
• Skillbridge Program: Engaging with transitioning military personnel, White Knight Labs offers internships and training, providing valuable career opportunities in cybersecurity.
• Utilizing AI in Cybersecurity: Greg and John discuss leveraging AI tools to streamline coding and development processes, increasing efficiency in their operations.
• Real-world Penetration Testing Stories: Sharing intriguing insights, the duo discusses the complexity and adventure involved in physical penetration testing operations.

Key Takeaways:

1. "Our engineers at WKL will get the domain admin typically in the first hour or two… We're going after the crown jewels." - Greg Hatcher
2. "We’re not just giving TLS Cert issues. We’re top of the line, going for the RC, the big level bugs." - John Stigerwalt
3. "We're participating in the Skillbridge program… It's our way of getting back to the community as well." - Greg Hatcher
4. "If I could cut off the database… that business is gonna shut doors." - John Stigerwalt
5. "The OSCP made my career, but it wasn't that relevant for what I was doing as a full-time penetration tester." - John Stigerwalt

Chapters

00:00 Introduction to White Knight Labs

02:03 The Growth of White Knight Labs

05:20 SkillBridge Program and Community Support

06:37 Differentiating Factors in Pen Testing Services

11:26 Compliance vs. Security in Pen Testing

15:19 The Impact of Breaches on Security Budgets

16:28 Training Programs and Course Offerings

30:36 Leveraging AI in Offensive Security

34:37 War Stories from the Field

56:18 Upcoming Events and Closing Remarks

57:52 Phillip Wylie Show Outro Video.mp4

Resources:

• White Knight Labs Website: White Knight Labs
• Greg Hatcher's LinkedIn: Greg Hatcher
• John Stigerwalt's LinkedIn: John Stigerwalt
• White Knight Labs: **Navigating Advanced Red Team Operations (previous episode) **https://phillipwylieshow.com/episode/white-knight-security-navigating-advanced-red-team-operations

Summary

In this conversation, Ryan Feder and Phillip Wylie explore the themes of resilience, innovation, and personal growth. They discuss how challenges can be transformed into opportunities and the importance of maintaining a positive mindset in the face of adversity. The dialogue emphasizes the power of innovative thinking and the necessity of embracing change as a pathway to success.

Takeaways

• Turning challenges into opportunities is key to success.
• Resilience allows us to navigate through tough times.
• Innovative thinking can lead to transformative solutions.
• Growth often comes from overcoming significant challenges.
• Embracing change is essential for personal development.
• A positive mindset can alter our perception of adversity.
• Learning from failures can pave the way for future success.
• Collaboration can enhance innovative ideas and solutions.
• Personal growth is a continuous journey, not a destination.
• Adapting to change can unlock new possibilities.

Sound Bites

• "You took a bad situation and made it good."
• "The power of resilience is incredible."
• "Innovative thinking can change everything."

Chapters

00:00 Meeting at Defcon

06:30 Finding Passion in the Cybersecurity Industry

12:50 Transitioning to Offensive Security

15:56 The Importance of Networking

18:46 The Supportive Cybersecurity Community

19:30 The Importance of Physical Security

24:34 Admitting Ignorance and Seeking Help

34:54 Networking and Continuous Learning

40:00 Understanding Technology for Effective Pen Testing

Resources

https://www.linkedin.com/in/ryan-feder-sscp/

https://x.com/Ano1X8

Takeaways

·      Snehal Antani emphasizes the importance of product obsession in leadership.

·      The transition from a bull market to a bear market requires quick strategic shifts.

·      A strong technical foundation is crucial for success in offensive security roles.

·      Certifications signal a commitment to self-improvement but are not the sole indicator of skill.

·      Bootcamps can provide a pathway into cybersecurity but require ongoing learning to retain skills.

·      Autonomous pen testing offers a consistent and comprehensive approach to security assessments.

·      The integration of offensive and defensive security communities is essential for overall effectiveness.

·      Understanding the threat actor perspective is vital for effective cybersecurity strategies.

·      Horizon 3 aims to leverage data advantage to enhance its product offerings.

·      The future of cybersecurity will involve algorithms fighting algorithms with human oversight.

Sound Bites

·      "Pen testing can be automated that much."

·      "I am obsessed with the product."

·      "I took a 99% pay cut to serve."

Chapters

00:00 Introduction to Horizon 3 and Snehal Antani

03:26 Leadership and Company Culture at Horizon 3

06:30 Snehal's Hacker Origin Story

10:37 Transition from Corporate America to JSOC

13:45 Building Horizon 3's Culture and Team

16:28 The Unique Approach of Horizon 3

20:24 The Evolution of Pen Testing

24:34 The Role of Humans in Pen Testing

28:41 The Shift in Cybersecurity Mindset

32:31 Certifications and Bootcamps in Cybersecurity

36:26 The Future of Cybersecurity and Co-Pilots

40:21 The Importance of Data in Cybersecurity

44:22 The Impact of Autonomous Pen Testing

48:22 Conclusion and Future Outlook

58:33 Phillip Wylie Show Outro Video.mp4

Resources

https://www.linkedin.com/in/snehalantani/

https://x.com/snehalantani

https://www.horizon3.ai/

https://www.linkedin.com/company/horizon3ai/

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Christophe Foulon, a cybersecurity expert and podcaster, about his journey into the cybersecurity field, the importance of self-discovery for aspiring professionals, and the evolving landscape of hiring practices in the industry. They discuss the significance of certifications, the need for internal talent development, and the value of community involvement in cybersecurity education. Christophe shares practical advice for job seekers, emphasizing the importance of networking and curiosity in building a successful career in cybersecurity.

Takeaways

Christophe's journey into cybersecurity began at a young age.

Self-discovery is crucial for those entering the cybersecurity field.

Certifications are often necessary, especially for government roles.

Hiring practices are evolving, with less emphasis on traditional degrees.

Internal training and development can help fill cybersecurity roles.

Apprenticeships can provide valuable hands-on experience.

Community involvement is essential for building a skilled workforce.

Networking is key to finding job opportunities in cybersecurity.

Curiosity and continuous learning are vital for success in cybersecurity.

Understanding the job market and roles can prevent burnout.

Sound Bites

"I was just hooked."

"It all starts on the foundation of self-discovery."

"You need to be eternally curious."

Chapters

00:00 Introduction and Background

06:46 Recommendations for Breaking Into Cybersecurity

10:54 The Role of Certifications in Cybersecurity

16:08 Creating Career Paths and Apprenticeships in Cybersecurity

25:02 The Value of Networking and Building Relationships in Job Hunting

29:40 Staying Informed: Researching Industry Trends in Cybersecurity

32:14 Closing Remarks

32:39 Phillip Wylie Show Outro Video.mp4

Resources

https://www.linkedin.com/in/christophefoulon/

https://x.com/chris_foulon

Summary

 In this episode, Len Noe, the world's first augmented ethical hacker, shares his journey into cybersecurity and his experience with body modification. He discusses his hacker origin story, his professional career, and his current work as an evangelist for CyberArk. Len also talks about his book, 'Hacked Human: My Life and Lessons,' which explores the world of augmented humans and the ethical implications of integrating technology into the human body.

Takeaways 

• Len Noe shares his hacker origin story and how he got into cybersecurity.
• He discusses his professional career and how he transitioned from being a black hat to an ethical hacker.
• Len talks about his current work as an evangelist for CyberArk and his role in educating people about cybersecurity.
• He explores the world of augmented humans and the ethical implications of integrating technology into the human body.

Sound Bites 

• "I came to the ways of cybersecurity via the Black Hat route."
• "I have 10 different microchips that are planted inside my body."
• "I can attack physical access control systems directly through physical contact."

Chapters 

00:00 Introduction and Guest Introduction

03:36 Unconventional Paths into Cybersecurity

10:28 Implantable Technology and the Future of Augmented Humans

18:41 Redefining Medical Ethics: Risks and Benefits of Body Modification

25:44 Hacked Human: Insights from the World's First Augmented Ethical Hacker

37:26 Phillip Wylie Show Outro Video.mp4

Resources

https://x.com/hacker_213

https://www.linkedin.com/in/len-noe/

Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker

https://www.wiley.com/en-mx/Human+Hacked%3A+My+Life+and+Lessons+as+the+World's+First+Augmented+Ethical+Hacker-p-9781394269167

Summary

HOU.SEC.CON is a cybersecurity conference in Texas that aims to provide opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder, who wanted to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group, but eventually split off and ran it independently. The conference has grown over the years, attracting attendees and speakers from all over the United States and even internationally. They have had to move to larger venues to accommodate the increasing number of participants. HOU.SEC.CON has steadily grown from 120 attendees in its first year to almost 1400 attendees last year. The organizers initially planned to cap the conference at 300 or 500 attendees, but the demand kept increasing. The conference aims to grow the cybersecurity community in Houston and provide a more affordable and accessible option compared to larger conferences like RSA and Black Hat. HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields. The organizers also host monthly user group meetings and provide networking opportunities for the community.

Takeaways

HOU.SEC.CON is a cybersecurity conference in Texas that provides opportunities for students and professionals in the industry.

The conference was started in 2010 by Michael Farnum and Sam Van Ryder to create a community for cybersecurity professionals in Houston.

They initially ran the conference under the auspices of the National Information Security Group before splitting off and running it independently.

HOU.SEC.CON has grown over the years, attracting attendees and speakers from all over the United States and internationally. HOU.SEC.CON has experienced significant growth, from 120 attendees in its first year to almost 1400 attendees last year.

The conference aims to provide an affordable and accessible option for the cybersecurity community in Houston.

HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields.

The organizers also host monthly user group meetings and provide networking opportunities for the community.

Sound Bites

"HOU.SEC.CON is a cybersecurity conference in Texas"

"The conference was started in 2010 by Michael Farnum and Sam Van Ryder"

"They initially ran the conference under the auspices of the National Information Security Group"

"We were close to 1400 last year."

"Let's top out at 300. Let's top out at 500. Let's do whatever."

"We would have to take up multiple floors if we were going to stay at the hotel."

Chapters

00:00 Introduction to HOU.SEC.CON and its mission

06:15 The origins of HOU.SEC.CON and its role in the Houston cybersecurity community

18:33 Differentiating HOU.SEC.CON from other conferences: Valuable content and community focus

24:15 The growth and recognition of HOU.SEC.CON

26:35 Expanding HOU.SEC.CON

30:51 A More Accessible Alternative

35:46 Building a Strong Cybersecurity Community

Resources

http://houstonseccon.org/

https://www.linkedin.com/company/houseccon/

https://x.com/HouSecCon

https://www.linkedin.com/in/mfarnum/

https://x.com/m1a1vet

https://www.linkedin.com/in/svanryder/

https://x.com/SamVR

About the Guest:

Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary:

In this captivating episode of 'The Philip Wylie Show', host Philip Wylie is joined once again by offensive security aficionado Jeswin Mathai. This talk orbits around the expansive realm of professional hacking, highlighting the persistent curiosity and zealous passion these experts have for overcoming challenges in their line of work. With Jeswin on board, listeners can anticipate an in-depth exploration of Squarex's new and riveting features aimed at staving off online vulnerabilities.

The episode delves into the intricate world of in-browser malicious file detection, a pressing issue in today's digital-heavy climate. Jeswin Mathai meticulously walks listeners through the challenges surrounding the detection of malicious files, expanding upon why conventional antivirus solutions struggle and how attackers exploit naïveté during delivery. Furthermore, he presents a live demonstration of Squarex's monumental browser integration, showcasing its real-time detection capabilities and remediation options, elevating Gmail's native security measures to impressive new heights.

Key Takeaways:

Squarex is revolutionizing online security: The discussion reveals how the product can enhance Gmail security by detecting and alerting users to potential threats before they materialize.

In-browser file analysis: Squarex performs comprehensive checks directly within your browser, maintaining user privacy while offering robust protection against malicious files.

Malicious macros are a key threat vector: Jeswin explains how attackers utilize document macros, often undetected by traditional antivirus software, to compromise user systems.

Real-time alerts and remediation: Squarex provides instantaneous analysis of file attachments, distinguishing malicious intent and providing safer alternatives for download.

Enhanced user-friendly protection: The product is designed for ease of use, offering an intuitive safety net for both tech-savvy individuals and those less accustomed to cybersecurity measures.

Notable Quotes:

"The moment you open it, it's almost instantaneous. And not only is it telling you contains macros, tells you the details."

"This is a macro free version created right there in your browser, in case if you're concerned that something can go wrong."

"Email is like the primary source right now of delivery of malicious payload."

"So we have received the mail. So now as you can notice, this is a macro enabled file, but Gmail didn't say anything."

"It's a full blown file system packaged in just one single file, and how crazy it can be to detect malicious macros."

Resources:

Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠

⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠

⁠⁠https://twitter.com/getsquarex⁠⁠

⁠⁠https://www.instagram.com/getsquarex/

Summary

In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company.

Takeaways

• Joe Brinkley, also known as the blind hacker, shares his hacker origin story and offers advice for breaking into offensive security and pen testing.
• The commoditization of pen testing has led to a shift in the industry, with companies seeking budget-friendly alternatives and rotating vendors frequently.
• Automation and AI play a significant role in pen testing, allowing for faster and more efficient testing, but human expertise is still crucial for in-depth analysis and finding vulnerabilities that automated tools may miss.
• The industry is currently in the sixth or seventh generation of hackers, with increased access to education and tools, but also more complex environments to test.
• Joe Brinkley is actively involved in the Mentor Village, offering mentoring, education, and resources to those interested in cybersecurity.
• He encourages individuals to build their own cybersecurity brand and consider starting their own cybersecurity company, emphasizing the importance of branding and networking in the industry.

Sound Bites

• "I don't care who you go to, learn something."
• "Long-term security is the value we provide"
• "People are looking for a budget-friendly alternative because compliance and insurance now require yearly security activities."

Resources

https://www.linkedin.com/in/brinkleyjoseph/

https://x.com/TheBlindHacker

https://x.com/deadpixelsec

https://deadpixelsec.com/

Chapters

00:00 Introduction and Background

06:24 Advice for Breaking into Offensive Security

10:39 The Commoditization of Pentesting

15:53 The Impact of Compliance and Cyber Insurance

22:03 Challenges Faced by Practitioners in Limited Time Windows

25:33 The Evolution of Hackers and Accessibility of Education and Tools

30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting

36:23 Building Cybersecurity Brands and the Mentor Village

41:14 Conclusion

41:52 Phillip Wylie Show Outro Video.mp4

Summary

In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences.

Takeaways

• Basic cyber hygiene is essential in preventing hacking and improving cybersecurity.
• AI is ready for prime time, but organizations need to ensure safe adoption and consider the potential risks and impacts.
• Systematizing the fundamentals of cybersecurity and aligning it with business objectives is crucial for effective cybersecurity programs.
• Technology should be designed with people in mind, considering their experiences and needs.
• Understanding the risks and benefits of new technologies, such as AI, is important for making informed decisions and designing resilient systems.

Quotes

• "All I did my whole career is primarily take advantage of bad awareness, bad administration, bad configurations."
• "We're gonna have an overabundance of tooling and an underabundance of looking at the business processes themselves."
• "Your users are a company resource that are gonna be fallible, just like any other resource you have."

Resources

https://www.linkedin.com/in/irawinkler/

https://www.linkedin.com/in/ryan-cloutier/

https://cruisecon.com/

Chapters

00:00 Introduction and Hacker Origin Stories

05:39 The Evolution of Hacking and Basic Cyber Hygiene

08:03 Threat Landscape and Shifting Attack Profiles

10:18 The Impact of Social Media and Bring Your Own Device

18:05 Systematizing the Basics and Enforcing Policies

23:35 Aligning Cybersecurity with the Business and Employee Experience

26:01 AI: Readiness and Safe Adoption

32:13 Understanding AI as Math and the Potential Risks

34:48 Personal Intimate Information and the Weaponization of AI

Summary

David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like lock picking and prison escape. He also talks about the challenges of transitioning from using malware and exploits to using his brain in the civilian world. Dahvid emphasizes the importance of finding your passion within offensive security and recommends exploring different areas to figure out what you enjoy. He also highlights the significance of building a personal brand in the cybersecurity field and encourages professionals to be more public about their skills and expertise.

Takeaways

• David Schloss has a military background and served in the Joint Special Operations Command (JSOC), where he was involved in unique and high-value missions.

• He transitioned to the private sector and currently works as a Hive Leader at Covert Swarm, focusing on continuous APT emulation.

• The skills he acquired in JSOC, such as threat emulation, malware development, and exploit development, have been highly transferable and valuable in his offensive security career.

• David emphasizes the importance of privacy and cybersecurity as basic human rights and aims to grow the field by helping individuals with no experience enter the industry and supporting specialization for those already in the field. Seer, a practice prison camp, taught Dahvid Schloss transferable skills like lock picking and prison escape, which he found helpful in the cybersecurity field.

• Transitioning from using malware and exploits to using his brain in the civilian world was challenging for Dahvid.

• Dahvid recommends exploring different areas within offensive security to find your passion and avoid pigeonholing yourself into a specific role.

• Building a personal brand is crucial in the cybersecurity field to showcase your skills and expertise.

• Dahvid encourages professionals to be more public about their personal brand and expertise to increase job opportunities and career growth.

Quotes

"I got through this course, I graduated, and I got to do the fun job of being a special operations communicator."

"Seer was amazing. So Seer is like practice prison camp, right? Which sounds why would that be amazing to cyber? And the reason is, is because they teach you some transferable skills, like how to pick locks and how to escape from prisons."

"Having access to really good malware, really good exploits was not at all. It sounds like it would be really helpful, but it was a hard transfer for me, especially because I'm so used to being able to go dot slash execute. And now I'm on a box and now I have to go, Oh, I have to use my brain."

"Offensive security is massive. It's like, there is no way you can be a master of all. Like there is only one and that's John Hammond so far. That's all I've seen. He's, know, he's got, he's got the chops, but we can't all be him. Right. So, um, really like my biggest recommendation."

Resources

https://www.linkedin.com/in/dahvidschloss/

https://x.com/DahvidSchloss

Chapters

00:00 Introduction and Background

02:36 Military to Cybersecurity Transition

08:41 Learning Cybersecurity Skills

17:34 JSOC and Fighting High-Value Targets

26:34 Transferable Skills and Challenges in Offensive Security

29:55 Exploring Different Areas in Offensive Security

39:04 The Importance of Building a Personal Brand

46:41 Opportunities for Growth in Smaller Cybersecurity Startups

49:49 Taking the Time to Find Your Path in Cybersecurity

Summary

In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout.

Takeaways

• Eric Teichmiller shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security.

• As a technical account manager, Eric supports customers and acts as a subject matter expert for autonomous pen testing.

• Certifications can be beneficial in the cybersecurity field, but work experience and the ability to connect with interviewers are also important.

• Eric advises aspiring cybersecurity professionals to never stop learning, focus on building experience, and apply intentionally for positions.

• To avoid burnout while studying, eliminate distractions, find a learning method that works for you, and have hobbies outside of your day job.

• Eric's goal at Horizon3 is to explore positions that allow him to take a big picture approach and continue problem-solving.

Sound Bites

"I'm really enjoying cybersecurity as a whole."

"I kind of have that customer perspective."

"Everything that they were geeking out on not only works, but it works well."

Chapters

00:00 Introduction and Background

03:29 The Role of a Technical Account Manager

06:36 Transitioning from Defensive to Offensive Security

08:41 The Fascination with Autonomous Pen Testing

12:14 The Value of Certifications and Continuous Learning

14:13 Advice for Job Seekers in Cybersecurity

15:55 Navigating Job Descriptions and Requirements

20:12 Avoiding Burnout in Cybersecurity

24:07 Goals and Future Plans at Horizon 3

25:59 Final Thoughts and Conclusion

Resources

https://www.linkedin.com/in/eric-teichmiller-82296295/

https://x.com/ericteichmiller

About the Guest:

Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity.

Episode Summary:

In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape.

Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike.

Key Takeaways:

• Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster.

• Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades.

• Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors.

• Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program.

• Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals.

Notable Quotes:

• "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now."

• "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape."

• "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access."

• "I've always been a consultant. I've always been sort of in this trusted advisor role."

• "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say."

Resources:

Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/

Jeff Man X(formerly Twitter): https://x.com/MrJeffMan

Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly

About the Guest: 

Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry. 

Episode Summary: 

Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of his friend and cybersecurity expert, Andrew Lemon. Andrew shares his unique hacker origin story, from tech-savvy childhood and learning from his Novell admin dad to becoming the founder of Red Threat. With an emphasis on practical, hands-on experience, Andrew discusses how he has approached building a successful career in offensive security and what it takes to start a thriving consulting business. 

In this comprehensive conversation, Andrew explains the strategies and technologies he employs in his assessments, the importance of tailoring services to client maturity levels, and insights into some of his latest research, including traffic control system vulnerabilities and AI pentesting. Phillip and Andrew also explore the critical nature of crafting a personal brand and the value of community-driven networking in cybersecurity. These engaging insights make this a must-listen episode for anyone interested in the inner workings of professional hacking and security consulting. 

Key Takeaways: 

• Starting a cybersecurity consulting business: Andrew highlights the importance of financial planning, brand recognition, and maintaining integrity in service offerings. 

• Ransomware readiness assessments: A key focus for Andrew’s company, Red Threat, is preparing organizations for ransomware attacks by simulating real-world scenarios and actor techniques. 

• Physical security and social engineering: Despite the transition to remote work, physical security assessments remain a crucial part of Andrew's toolkit, demonstrating easy-to-understand vulnerabilities. 

• AI pentesting: Andrew talks about the emerging field of AI pentesting, shedding light on the unique challenges and methodologies, including leveraging the OWASP Top Ten for AI. 

• Career advice: Emphasizing the importance of networking and creating opportunities, Andrew shares actionable tips on how to navigate and succeed in the cybersecurity industry. 

Notable Quotes: 

• "Growth begins at the edge of your comfort zone." 
• "If you want to see an area mature, look at it through the lens of an attacker." 
• "My main goal has been transparency." 
• "For me, it's all about delivering the highest integrity I can." 
• "There's no rulebook in the job market—you can always re-engineer your career path." 

Resources: 

• Andrew Lemon on LinkedIn 

• Red Threat 

• Defcon 

• OWASP Top Ten for AI 

For more in-depth insights and to hear the full conversation, be sure to listen to the complete episode. Stay tuned for more engaging discussions on the Phillip Wylie Show, where you get a behind-the-curtain look at the world of professional hacking. 

About the Guest:

Anthony "TonyP" Pillitiere: Anthony is the co-founder and Chief Technology Officer (CTO) of Horizon3.ai, a company renowned for its innovative product, NodeZero, which focuses on autonomous security. With a remarkable career spanning 21 years in the military, much of which was spent in highly sensitive missions, TonyP brings a wealth of expertise in offensive and defensive cybersecurity. His experience includes serving as the deputy CTO for the Joint Special Operations Command, where he spearheaded various cybersecurity initiatives.

Episode Summary:

In this episode of the Phillip Wylie Show, host Phillip Wylie delves into an insightful discussion with Anthony "TonyP" Pillitiere, the co-founder of Horizon 3 and the mastermind behind the cutting-edge product NodeZero. They explore the unique landscape of cybersecurity products stemming from the US special operations, contrasting with those from Israel's famous Unit 8200. Anthony shares riveting anecdotes from his military experience, emphasizing how the high-stakes environment shaped his approach to cybersecurity and led to the creation of NodeZero.

Drawing from over 80,000 automated pen tests executed using NodeZero, TonyP elucidates key lessons and recurring security challenges organizations face. The conversation highlights the transformative impact of autonomous pen testing on identifying vulnerabilities, enhancing risk assessments, and ultimately shaping the future of cybersecurity. Through engaging narratives and technical wisdom, this episode offers listeners a rare glimpse into the synergy between offensive and defensive security practices and the vital role of continuous automated assessment in safeguarding digital assets.

Key Takeaways:

• Offensive Security as the Future: TonyP stresses the importance of understanding offensive tactics to bolster defensive measures, shifting the mindset of cybersecurity from a cost center to a key mission component.
• Credentials and Vulnerabilities: Recurring issues such as credential reuse and inadequate vulnerability management remain significant challenges in securing organizational environments.
• Bridging the Gap: There's a critical need to close the knowledge gap between cybersecurity practitioners and business executives to better communicate and prioritize security risks.
• Continuous Assessment: Traditional annual pen testing is insufficient; continuous automated assessments via tools like NodeZero are essential for keeping up with evolving threats and internal changes.
• Improving Business Outcomes: Effective cybersecurity is not just about defense; it’s also vital for business continuity and preventing significant financial losses.

Notable Quotes:

• "We tend to call ourselves the quiet professionals. Marketing ourselves, we try not to do that, but it is compelling." - Anthony "TonyP" Pillitiere
• "The fundamentals get missed a lot. And it's not because we don't know about the fundamentals. The sprawl of the organization is just too much." - Anthony "TonyP" Pillitier
• "It's not until you send an attacker at your defenses do you really know that your defenses can hold up to an attacker." - Anthony "TonyP" Pillitiere
• "The amount of revenue that organizations have lost has just been significant. It's hard to convince the business that this capability having an offensive understanding really prioritizing cybersecurity." - Anthony "TonyP" Pillitiere
• "This is the future of cybersecurity. Offensive understanding of an environment is the future of cybersecurity." - Anthony "TonyP" Pillitier

Resources:

Anthony "TonyP" Pillitiere's LinkedIn: Anthony Pillitiere

Horizon 3 Website: horizon3.ai

NodeZero Product Information: NodeZero

About the Guest:

KJ Haywood: KJ Haywood is a seasoned professional in the field of cybersecurity with over 25 years of experience in governance and compliance. She has dedicated the last 11 years to security governance and has recently shifted focus to AI and generative AI, launching her company, Nomad Cyber Concepts. Her expertise lies in helping mid-sized organizations pivot their solutions and acquire or design AI tools. KJ holds an MIT certification in AI no-code model building and is a prominent figure in the cybersecurity community, frequently sharing her knowledge at conferences and through teaching and mentoring.

Episode Summary:

In this engaging episode of "The Phillip Wylie Show," Phillip Wylie welcomes KJ Haywood, a veteran in cybersecurity governance and compliance, to discuss the transformative impact of AI and generative AI on the industry. The conversation dives into KJ’s professional journey from human resources to cybersecurity, her passion for governance, and her recent pivot into AI, particularly focusing on her company's role in helping organizations integrate AI tools.

The episode provides valuable insights into the importance of continually learning and staying updated in the cybersecurity field. KJ discusses the advent of generative AI, its rapid adoption since the release of ChatGPT, and the necessity for security practitioners to adapt. Listeners will gain an understanding of how to balance work and personal time to avoid burnout, the critical nature of governance in AI model design, and how to leverage community resources and certifications to advance one's career.

Key Takeaways:

• Career Transition and Passion in Cybersecurity: KJ shares her unconventional journey from HR to cybersecurity, emphasizing the importance of following one's interests and continually learning.
• Impact of AI on Cybersecurity: Discussion on how generative AI is revolutionizing the field, the urgency of adapting, and KJ's role in helping organizations integrate AI tools.
• Balancing Work and Wellness: Strategies for managing work hours to avoid burnout, including recognizing personal productivity times and taking necessary breaks for mental health.
• Educational Resources for AI and Cybersecurity: KJ's recommendations for AI literacy, including free resources, certifications, and institutions offering comprehensive courses.
• Community and Networking: The importance of being involved in professional communities, attending conferences, and leveraging networks to stay updated and advance in one's career.

Notable Quotes:

1. "Are you absolutely sure you want to transition to this industry? Because you have to really love what you do because it's easy to get burned out." - KJ Haywood

2. "The privileged access, remember we talked a lot about zero trust and privilege access back in the day. I think we're going to end up circling right back to that." - KJ Haywood

3. "We need pen testers very much. Consider going into pen testing if you haven't already considered it." - KJ Haywood

4. "I believe it's going to be similar to the shift with cybersecurity. Industry practitioners are going to have to pivot a little bit of their skill set and level themselves up." - KJ Haywood

5. "I think artificial intelligence or any type of Gen AI tool, because there are going to be so many more that are going to be launched over the next, I'd say, three years, we're going to have so many." - KJ Haywood

   
   

   Resources:

   • KJ Haywood: LinkedIn

   • Nomad Cyber Concepts: Website

   • Phillip Wylie: Pen Testing Book

   • OWASP: Website

   • MIT AI No-Code Course

   • Women in Security and Privacy (WISP): Website

   • SecureWorld: Website

About the Guest:

Rob Fuller (Mubix): Rob Fuller, also known as Mubix, is a well-known figure in the cybersecurity community, particularly in the realms of penetration testing and red teaming. As an experienced professional, Fuller has a background in the Marine Corps where he was part of the Marine Corps CERT at Quantico. Fuller has contributed significantly to the community through his work with Hak5 on series like Metasploit Minute and Practical Exploitation. His deep understanding of security concepts, coupled with his engaging teaching methods, has influenced aspiring hackers and professionals worldwide. He now holds a leadership role, guiding and nurturing the next generation of cybersecurity talent.

Episode Summary:

In this engaging episode of "The Phillip Wylie Show," Phillip Wylie sits down with Rob Fuller, also known as Mubix, a revered figure in the cybersecurity and penetration testing community. The conversation kicks off with Fuller's early experiences that propelled him into the world of hacking, such as his fascination with Game Shark and reverse engineering concepts during his childhood. Fuller elaborates on his journey from the Marine Corps to becoming a renowned penetration tester and red teamer, providing invaluable insights into the practical and psychological aspects of entering the cybersecurity field.

Throughout the episode, Fuller emphasizes the importance of content creation and community involvement for career advancement in cybersecurity. He illustrates how blogging, podcasts, or even YouTube channels can showcase one's expertise and help build a personal brand. This episode is packed with actionable advice on certifications, the value of scripting, and the mental fortitude needed to combat imposter syndrome. Listeners are bound to find Fuller's story inspiring and his advice practical for both newcomers and seasoned professionals in cybersecurity.

Key Takeaways:

• Content Creation is Key: Fuller emphasizes the necessity of creating content—whether blogs, videos, or code repositories—to establish oneself in the cybersecurity community and attract job opportunities.
• Learning Programming Helps: While not a strict requirement, knowing how to code can greatly enhance a pen tester's ability to adapt and overcome challenges during engagements.
• Select Certifications Wisely: Fuller shares his perspective on the current landscape of cybersecurity certifications, recommending those with practical, hands-on tests like CRTO.
• Imposter Syndrome is Natural: Fuller advises embracing the learning process and valuing opportunities to be the 'dumbest person in the room' as it's critical for growth.
• Trust in Community: Fuller underscores that the cybersecurity field thrives on knowledge sharing and cautions against feeding the "try harder" mentality that inhibits communal learning and growth.

Notable Quotes:

1. "It's not who you know, it's not what you know, it's who knows what you know." - Rob Fuller
2. "One of the best things you can ever do is start a blog, a video log, a podcast, something to detail your learning experience." - Rob Fuller
3. "If you're ever in a situation where you are the dumbest person in the room, and someone belittles you for it, they're the butthead." - Rob Fuller
4. "As long as you understand basic logic, if this, then that… You can learn programming along the way." - Rob Fuller
5. "Creating content is like investing money. The sooner you start, the better." - Rob Fuller

Resources:

• Rob Fuller (Mubix) on Twitter: @mubix
• Hak5: Hak5 Website
• Zero Point Security's CRTO Certification: https://training.zeropointsecurity.co.uk/courses/red-team-ops
• Security Plus Certification: https://www.comptia.org/certifications/security
• OSCP Certification: https://www.offsec.com/courses/pen-200/

Don't miss this episode to dive deep into Mubix's fascinating journey through cybersecurity and glean insights that can aid your own career progression.

About The Guest:

Noah King is a Senior Software Engineer at Horizon3.ai, specializing in offensive security and exploit development. Coming from a background in sales and with a strong expertise in web application development, Noah transitioned into cybersecurity after being inspired by his wife's journey into engineering. With a passion for breaking things rather than building them, Noah has rapidly advanced in the field, earning his OSCP certification and contributing to automating complex security attacks at Horizon3.ai.

Summary:

Noah King shares his journey from sales to offensive security. He started with a coding bootcamp and transitioned into web app development. Eventually, he joined Horizon3.ai as a senior software engineer and became interested in offensive security. He learned through hack the box and became a teaching assistant for a cybersecurity bootcamp. He obtained the OSCP certification and now focuses on offensive security at Horizon3.ai, automating attacks and finding vulnerabilities.

Takeaways

• Transitioning from a different career background is possible in offensive security.
• Obtaining certifications like OSCP and gaining experience through bug bounties are valuable.
• Learning to code or script is important for offensive security professionals.
• Automation is crucial in scaling pen testing efforts.
• Continuous learning and staying up-to-date with emerging threats is essential in offensive security.

Quotes:

• "I really wanted to be on the opposite edge of breaking."
• "Automating and making everything instead of having to pay for some pen testers to come in."
• "I do a lot with making the JavaScript, making deceptive login pages."

Chapters:

00:00 Introduction and Background

03:50 Finding Passion and Building a Foundation

10:07 Automation and Scaling in Offensive Security

15:19 The Challenges and Rewards of Offensive Security 22:59 Certifications and Experience in the Job Market

25:41 Closing Remarks

Resources:

Noah's Horizon3 Tech Talk: Journey to OSCP https://www.horizon3.ai/insights/webinars/tech-talk-journey-to-oscp/

Noah's LinkedIn: https://www.linkedin.com/in/noahking1/

About the Guest:

Jacob Krasnov is a cybersecurity expert, CEO, and co-founder at BC Security. He and his co-founder Anthony and Vincent Rose have significantly contributed to the cybersecurity field, particularly with their work on the Empire project. Jacob's background includes aerospace engineering and high-level cybersecurity assessments in the Air Force, where he was involved in rigorous testing of military aircraft like the F-22 and F-35. Transitioning to BC Security, Jacob has focused on enhancing tools for red teaming and threat emulation, making sophisticated cybersecurity tools accessible and maintainable.

Episode Summary:

In this episode of the Phillip Wylie Show, Phillip Wylie sits down with Jacob Krasnov from BC Security to delve into the evolution of the Empire project, cybersecurity's role in modern defense systems, and the importance of making advanced security tools accessible. Jacob elaborates on his journey from working on military aircraft cybersecurity assessments to co-founding BC Security, a company that has breathed new life into the Empire project—a project initially shelved by its original developers but resuscitated and advanced by Jacob and his team.

The conversation spotlights the significance of rigorous and repeatable security testing, as well as tying cybersecurity impacts to operational outcomes. Jacob details the extensive updates made to Empire, including support for Python 3, new agent types, and a comprehensive code rewrite to enhance maintainability and extend the tool's functionality. The show also touches on the importance of entry-level cybersecurity tools for global teams, the learning curve of such tools, and using AI in cybersecurity.

Key Takeaways:

• Evolution of Empire: BC Security transformed Empire from a deprecated tool into a sophisticated platform with Python 3, C sharp, and Iron Python agents.
• Cybersecurity Experience: Jacob's rich background in aerospace cybersecurity underpins his approach to advanced cyber defense strategies.
• Educational Resources: Various training programs and resources, including TryHackMe and workshops at Defcon, are highlighted for budding cybersecurity professionals.
• Tool Accessibility: Making advanced cybersecurity tools like Empire accessible is crucial for small and mid-sized business security postures.
• AI in Cybersecurity: AI can streamline workflow and assist with complex tasks in cybersecurity but has its limitations, particularly in advanced and fringe areas.

Notable Quotes:

1. “We really liked the platform. We wanted to keep it up to date.” — Jacob Krasnov
2. “…important thing for those small businesses. And they can actually go fix stuff because they can't afford for a 15-20, $30,000 pen test to come in because that was their whole security budget for the year.” — Jacob Krasnov
3. “The conversation spotlights the significance of rigorous and repeatable security testing, as well as tying cybersecurity impacts to operational outcomes.” — Jacob Krasnov
4. “I'm excited to be here. Thanks for having me on.” — Jacob Krasnov
5. “…useful for people to be able to learn those tools. And I would imagine more willing to have people to help out from the community, create modules and add-ons and stuff, I would think.” — Phillip Wylie

Resources:

• https://www.linkedin.com/in/jacobkrasnov/

• BC Security Website
• Black Hat 2024 Training - ADVANCED THREAT EMULATION: EVASION
• Black Hat 2024 Training - ADVANCED THREAT EMULATION: ACTIVE DIRECTORY
• Empire Operations I Training

• BC Security Discord
• TryHackMe
• Defcon
• The Empire Project on GitHub

Discover the intricacies of cybersecurity, the evolution of powerful tools, and insightful professional journeys in this episode. Tune in to not only learn about the technical advancements but also the significance of making these tools accessible to a broader audience. Stay tuned for more enriching content from the Philip Wylie Show.

About the Guest:

McKenna Dallmeyer is a technical account manager at Horizon3.ai, specializing in offensive security and penetration testing. Starting her academic journey in biomedical science and political science, she eventually pursued cybersecurity, driven by a combination of personal interests and family influence. McKenna has experience working with the NSA as a developer intern and later full-time in a development program. She holds several certifications in penetration testing and network security and is also part of the Synack Red Team, conducting side work through her LLC.

Episode Summary:

In this engaging episode of The Phillip Wylie Show, host Phillip Wylie sits down with McKenna Dallmeyer to discuss her unconventional journey into the realm of cybersecurity and penetration testing. McKenna shares how her initial aspirations of becoming a veterinarian transitioned into a passion for cybersecurity and offensive security, ultimately leading her to her current role at Horizon3.ai. Along the way, she highlights the importance of hands-on experience, continuous learning, and the role of soft skills in a technical field.

McKenna provides insights into her background, from her academic shifts and internships to her work at the NSA and her current involvement with Synack Red Team. She emphasizes the value of diverse experiences, outlining how coding, networking, and certifications like GCIH and GWAPT have contributed to her skill set. McKenna also offers practical advice for those aspiring to enter the field of penetration testing, underscoring the necessity of taking on challenges, saying yes to opportunities, and leveraging any available resources to facilitate learning and growth.

Key Takeaways:

• McKenna's journey showcases the fluidity of career paths and the importance of remaining open to new opportunities in evolving fields like cybersecurity.
• Gaining hands-on experience and practical certifications is crucial for anyone looking to establish a career in penetration testing.
• Soft skills, combined with technical expertise, can significantly enhance career prospects, particularly in customer-facing roles within cybersecurity.
• Networking, staying updated through podcasts, and participating in community events like DEFCON and Black Hat are invaluable for professional growth.
• Embarking on side projects and involvement in specialized teams, such as Synack Red Team, can provide robust, real-world experience and career development.

Notable Quotes:

1. "It takes all of us to make the world a safer place." - McKenna Dallmeyer
2. "You learn more after you fail than when you succeed." - McKenna Dallmeyer
3. "Start talking to people who are pen testers and gain an idea of what their day-to-day is like." - McKenna Dallmeyer
4. "Don't shy away from opportunities thinking, 'Oh, I've never done anything like that.' Just say yes and see what happens." - McKenna Dallmeyer
5. "Always try to learn everything that you can. If you see something unfamiliar, look into it at a surface level." - McKenna Dallmeyer

Resources:

• McKenna's LinkedIn: https://www.linkedin.com/in/mckenna-dallmeyer/

• Horizon3.ai: Website

• Synack Red Team: Website

• Certifications Mentioned:

  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Python Code for Pen Testers (GPYC)

For more insightful discussions and expert advice from the world of cybersecurity, be sure to listen to the full episode and stay tuned for future episodes of The Phillip Wylie Show.

Summary In this conversation, John and Greg from White Knight Labs discuss their backgrounds and the work they do in red teaming and penetration testing. They explain the difference between red teaming and pen testing, with red teaming being more focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. They also discuss the skills and knowledge required to become a red teamer, including a background in sysadmin or software development, networking knowledge, and experience in pen testing. They recommend certifications such as Certified Red Team Professional and Certified Red Team Expert, as well as courses on redirectors and offensive development. In this conversation, John Stigerwalt and Greg Hatcher discuss various aspects of red teaming and physical security. They emphasize the importance of teamwork and diverse skill sets in red team operations. They also highlight the challenges and grueling nature of red teaming, as well as the misconceptions surrounding it. The conversation touches on the use of AI in security, the practice of assuming breach, and the courses offered by White Knight Labs. Takeaways Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. A background in sysadmin or software development is recommended for aspiring red teamers. Networking knowledge and experience in pen testing are important skills to have. Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial. Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach. Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares. Physical security assessments often involve challenging and uncomfortable situations. Getting started in physical security can involve courses like Covert Access Team and Optiv's course. Assume breach is a valuable mindset to adopt in security. White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.

Takeaways

• Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations.
• A background in sysadmin or software development is recommended for aspiring red teamers.
• Networking knowledge and experience in pen testing are important skills to have.
• Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial.
• Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach.
• Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares.
• Physical security assessments often involve challenging and uncomfortable situations.
• Getting started in physical security can involve courses like Covert Access Team and Optiv's course.
• Assume breach is a valuable mindset to adopt in security.
• White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.

Resources:

• White Knight Security Website

• https://whiteknightlabs.com/training/

• https://www.linkedin.com/in/gregoryhatcher2/

• https://www.linkedin.com/in/john-stigerwalt-90a9b4110/

• https://x.com/WKL_cyber

WKL Courses:

• Advanced Red Team Operations Course (ARTO) https://training.whiteknightlabs.com/advanced-red-team-operations/

• Offensive Development Course https://training.whiteknightlabs.com/offensive-development-training/

• Offensive Azure Operations and Tactics Course https://training.whiteknightlabs.com/offensive-azure-operations-tactics/

• Educators and Tools:

  • Travis Weathers physical pentesting courses: https://physicalexploit.com/

In this episode, Phillip Wylie is joined by Matt Scheurer, a digital forensics and incident response expert. They discuss Matt's hacker origin story, his work in digital forensics and incident response, and the education path for aspiring professionals in this field. They also touch on the importance of professional networking and the benefits of public speaking in the cybersecurity industry.

Takeaways

• Digital forensics and incident response (DFIR) professionals play a crucial role in investigating and responding to cybersecurity incidents.
• Having a background in systems administration and networking can provide a solid foundation for a career in DFIR.
• Building a professional network and seeking mentorship from experienced professionals can greatly enhance career opportunities in the cybersecurity industry.
• Public speaking can help establish credibility and open doors for career advancement in the cybersecurity field.
• Exploring different areas of cybersecurity and finding one's passion can lead to a more fulfilling and successful career.

Sound Bites

• "I was just always enthralled with hackers and hacker lore and all the things that people would do with technology that the people that designed it didn't anticipate."
• "Understanding basic networking, learning the Linux command line, and knowing where things should be on a Windows endpoint are essential skills for aspiring DFIR professionals."
• "Having a background in SOC (Security Operations Center) analysis can provide a solid foundation for understanding digital forensics and incident response."

Resources

https://www.linkedin.com/in/mattscheurer/

https://twitter.com/c3rkah

About the Guest:

John Woodling is a seasoned cybersecurity expert with seven years of experience in the industry. He currently holds the position of Senior Information Security Analyst. John has a diverse background that includes a blend of hands-on technical expertise and a profound understanding of different cybersecurity domains. As a member of the DFW Cybersecurity community and DEFCON 940 Group in Denton, Texas, John is known for his mentorship and willingness to share his insights. With an initial career path in art and finance, John’s journey into cybersecurity showcases his passion and curiosity for technology and security.

Episode Summary:

Welcome to another insightful episode of the Phillip Wylie Show! In this episode, Phillip sits down with John Woodling, a prominent figure in the DFW Cybersecurity community and an adept Senior Information Security Analyst. John shares his journey into the world of cybersecurity, providing invaluable advice for those looking to transition into this ever-evolving field. Known for his deep knowledge and practical experience, John offers listeners a comprehensive look into the necessary skills, potential career paths, and the importance of community in cybersecurity.

The conversation delves into different entry points into the cybersecurity industry, emphasizing the significance of hands-on learning, certifications, and networking. John discusses the transformation of cybersecurity from a niche technical field into a widespread and essential discipline, highlighting various roles like GRC, red teaming, and social engineering. He also reflects on his personal career choices and lessons learned, offering today’s aspiring cybersecurity professionals actionable advice and encouragement. Additionally, the episode touches upon the evolving job market, the importance of diverse backgrounds, and the role of modern resources like bug bounties in global talent development.

Key Takeaways:

• Evolving Cybersecurity Landscape: Cybersecurity has transitioned from a specialized technical field to a broad industry encompassing various roles, making it accessible to people with diverse backgrounds.

• Importance of Networking and Community: Building relationships and engaging with community members can significantly enhance career opportunities and knowledge sharing.

• Hands-On Learning and Certification: Practical experience and certifications remain crucial in breaking into the cybersecurity field, with resources more accessible than ever.

• Career Advice for Aspiring Professionals: John emphasizes understanding networking fundamentals and finding accessible, high-quality training programs that offer real-world applicability.

• Global Opportunities with Technology: Modern technological advancements and resources like bug bounties provide opportunities for individuals worldwide, potentially mitigating the need for unethical hacking behaviors.

Notable Quotes:

• "I think that there's a lot of room for a lot of different individuals."
• "Nobody knows anything. I thought you all knew everything."
• "It's a way that I can connect with people, and talk to them about these things."
• "I think today is definitely, it feels more of a trade than it does the traditional white-collar position that it was 20 years ago."
• "You belong. That would be the big piece to it."

Resources

https://x.com/statictear

https://www.linkedin.com/in/johnwoodling/

DC940 Discord https://discord.gg/DDZEnFHFbt

Summary Tanisha Martin, founder of Black Girls Hack and organizer of Squad Con, shares her journey in cybersecurity, the importance of hands-on training, and the challenges of diversity in the industry. She also discusses the motivation behind organizing Squad Con and the need for scholarships to support diversity in cybersecurity education. Takeaways

• The importance of hands-on training in cybersecurity education
• The need for diversity and inclusion in the cybersecurity industry
• The motivation behind organizing Squad Con and the impact of scholarships on diversity in cybersecurity education

Sound Bites

• "Empowering Diversity in Cybersecurity Education"
• "The Impact of Hands-On Training in Cybersecurity"
• "Organizing Squad Con: A Journey to Diversity"

Resources

https://www.linkedin.com/in/tennisha/

https://squadcon.me/

https://blackgirlshack.org/

Summary

In this episode, Eddie Miro shares his hacker origin story and discusses his recently published book. He talks about his journey from a troubled childhood to a life of crime and eventually finding his passion in cybersecurity. Eddie emphasizes the importance of mentorship, creativity, and community involvement in the cybersecurity field. He also highlights the process of self-publishing his book and the impact it has had on his personal growth and the lives of others.

Takeaways

• Mentorship and community involvement are crucial for success in the cybersecurity field.
• Creativity and authenticity can make a significant impact in the industry.
• Self-publishing a book can be a cost-effective and fulfilling way to share knowledge and personal experiences.
• Overcoming shame and embracing vulnerability can lead to personal growth and inspire others.
• Soft skills and networking are essential for career advancement in cybersecurity.

Sound Bites

• "People didn't care about the social engineering content. What they wanted to hear was my story."
• "Reach out to mentors and ask for advice and help. Most people are willing to assist."
• "I feel a lot of empathy for my former self. I don't fear being judged anymore."

Resources

https://www.linkedin.com/in/theedmiroshow/

Eddie's book: https://www.amazon.com/Outlaw-Summer-Cyber-Dreams-Redemption/dp/B0CZFB2KNM/ref=sr_1_1?sr=8-1

About the Guest:

In this episode of "The Phillip Wylie Show," Dirce Hernandez joins as a featured guest. With a notable career spanning over 17 years in the cybersecurity industry, Dirce stands as a first-generation college graduate hailing from South Texas. He has worked across various sectors including state government, higher education, healthcare, and financial services. His diverse experience includes roles at TxDOT, University of Texas at Brownsville, Wells Fargo, USAA, and currently at Northwestern Mutual Insurance Company. Apart from his professional endeavors, Dirce is known for his dedication to helping others, sharing knowledge, and mentoring aspiring cybersecurity professionals.

Episode Summary:

In this insightful conversation with Phillip Wylie, cybersecurity veteran Dirce Hernandez shares his extensive experience in the industry, shedding light on the intricacies of breaking into the field. This episode is a trove of knowledge for anyone aspiring to launch or enhance their career in cybersecurity.

The discussion opens with Dirce's origin story, tracing his journey from state government positions to his ventures into the enterprise-level cybersecurity landscape. The conversation pivots to analyze how the job market within cybersecurity has evolved and the current challenges faced by individuals attempting to enter the field. Drawing upon Dirce's own transitions among sectors, the episode explores the value of diversified experience and the importance of soft skills like report writing and communication.

Key Takeaways:

• Networking is vital for breaking into cybersecurity, with channels like LinkedIn and B-Sides conferences being highly beneficial.
• Understanding GRC (Governance, Risk and Compliance) can make aspiring professionals more marketable, even if their goal is to work in offensive security.
• The ability to write a coherent and comprehensive report is crucial, as the deliverable often carries significant weight in business environments.
• Soft skills, including communication and the art of conveying technical information to non-technical stakeholders, are indispensable in cybersecurity roles.
• Persistence and patience are key when seeking to start a career in cybersecurity, as potential barriers often occur in job requisitions and HR filtering.

Notable Quotes:

• "But like I mentioned, there's so much red tape. And I consider that red tape that affects the entry level folks that are trying to get in there and get those jobs."
• "You're talking to CISOs from, you know, financial services. Right. I'm talking to the CISO at AIG, previously the CSO at USAA, and, you know, having those discussions and just being one of them."
• "If you can't write the report to showcase and align to the work you did, it's not gonna go anywhere."
• "You have to really understand and put yourself in another's shoes. And there's a reason why there's different areas."
• "So it's not easy, but ultimately, some people don't even think about communication, don't think about critical thinking and technical writing and all those things that kind of play into making a really good actionable deliverable from a documentation perspective."

Resources:

• https://www.linkedin.com/in/eduardohernandez79/

About the Guest: Dr. Anmol Agarwal is a senior security researcher focused on securing 5G and 6G. Her research interests include AI and Machine Learning security. She is also an adjunct professor teaching Machine Learning to doctoral students. She holds a doctoral degree in cybersecurity analytics and previously worked at the U.S. Cybersecurity and Infrastructure Security Agency managing risk to the federal enterprise. Dr. Agarwal is also an active speaker and has spoken at numerous events and conferences to educate the public about cybersecurity and data science concepts. In her free time, she enjoys mentoring others in the community, traveling, and spending time with her family.

Episode Summary: In this intriguing episode of the Phillip Wylie Show, we delve into the rapidly evolving intersection of AI and cybersecurity with Dr. Anmol Agarwal. Phillip and Dr. Agarwal engage in a comprehensive discussion that illuminates the cutting-edge advancements in telecommunications security, the ethical considerations of AI, and practical advice for those looking to break into the cybersecurity field. Dr. Agarwal shares her journey from computer science student to an authoritative voice in the AI and cybersecurity realm, revealing insights into the quarterly meetings for 5G and 6G standardization. She provides valuable knowledge on how both offensive and defensive strategies are shaping AI utilization in security and offers resource recommendations for those aspiring to pen-test AI and machine learning systems. The conversation uncovers the current and potential applications of AI in various technologies and initiatives, from digital twins to deepfakes, and how they pose significant opportunities and threats to cybersecurity.

Key Takeaways:

• AI and cybersecurity are intertwined fields that benefit from understanding both the cybersecurity fundamentals and AI technologies.
• OWASP offers resources regarding AI vulnerabilities, and Mitre Atlas provides a matrix on AI attacks for those interested in pen-testing AI.
• Digital twins and AI-generated content such as deepfakes are emerging technologies that both excite and concern cybersecurity professionals, emphasizing the need for advanced security measures.
• A career in cybersecurity remains promising due to the continuous emergence of new technologies that will invariably require secure implementation and management.

• Free online platforms like Kaggle and Sklearn tutorials are recommended for learning machine learning and Python for AI applications. Notable Quotes:
• "I actually got enlightened into cybersecurity, and I realized I like cybersecurity because we had so many college clubs." - Anmol Agarwal
• "I don't think you need to code to be in cybersecurity… But there are so many career paths in cybersecurity that don't require any coding." - Anmol Agarwal
• "Now we're seeing AI is starting to create deepfakes that are more realistic looking." - Anmol Agarwal
• "Whenever a new technology comes out or there's a disruptive startup, we need security to actually secure this technology." - Anmol Agarwal
• "AI is going to allow us to prevent or detect certain kinds of attacks that might occur in the system." - Anmol Agarwal Resources:
• https://www.linkedin.com/in/anmolsagarwal/
• https://twitter.com/anmolspeaker
• OWASP Top Ten for Large Language Models: https://owasp.org/www-project-top-10-for-large-language-model-applications/
• MITRE Atlas Framework: https://atlas.mitre.org
• Kaggle Online Learning Platform: https://www.kaggle.com
• Gandalf - https://gandalf.lakera.ai/
• SK learn Python Package: SK learn Documentation https://scikit-learn.org

About the Guest: Matt Johanson, known as Matt J, is a seasoned cybersecurity professional and an active content creator within the industry. With a rich background that spans across various facets of cybersecurity, Matt's expertise ranges from practical experience in offensive security to leadership roles in software security. His journey began with computer programming in high school, followed by a computer science degree and an influential senior seminar focused on cybersecurity, taught by a SANS instructor. Matt's professional career kicked off with engagements in penetration testing, and he eventually played an instrumental role in building WhiteHat Security's threat research team. At present, Matt holds the title of Head of Software Security at Reddit, where he brings his extensive knowledge and experience to the forefront of protecting one of the internet's most significant community platforms.

Episode Summary: In this intriguing episode of The Philip Wylie Show, host Philip Wylie engages in a compelling conversation with cybersecurity connoisseur Matt Johansson. Listeners are drawn into the dialogue as Matt shares the narrative of his origin story, chronicling his early forays into hacker culture, his educational pursuits, and the serendipitous events involving industry notables that shaped his career trajectory. Delving into the intricacies of breaking into and advancing within the AppSec realm, Matt elucidates the accessibility of the field, emphasizing the advantage of readily available learning resources like bug bounty programs and OWASP. Equally crucial, he divulges insights on the evolving landscape of cybersecurity, spotlighting burgeoning areas like threat detection that beckon aspirants.

Key Takeaways: Matt Johansson's foundational cybersecurity experiences were fostered in the '90s through video game system modding and initial programming courses in high school and college. Networking and community involvement at hacker conferences like ShmooCon can yield lifelong professional relationships and career opportunities. AppSec and web app penetration testing present more accessible entry points for breaking into cybersecurity, bolstered by resources such as OWASP and bug bounty programs. Everyone has valuable experiences to share; beginning content creators should start creating and learning publicly, regardless of initial quality perceptions. Open dialogue on mental health is vital within the cybersecurity industry, and it's something Matt J actively promotes through his newsletter Vulnerable You and other content mediums. Notable Quotes: "…really fortunate timing there." — Matt Johansson regarding his introduction to cybersecurity. "There is no, like, you're never going to turn the corner and find the room of adults. Like, you're the adults now." — Matt Johansson on career progression and imposter syndrome. "Look at this. We're, we're not in it. We're, you and I are both in our house right now." — Matt Johansson on the prevalence of remote work affecting the loneliness epidemic. Resources: https://twitter.com/mattjay https://www.linkedin.com/in/matthewjohansen/ Vulnerable U Newsletter https://vulnu.mattjay.com/ https://www.youtube.com/@VulnerableU

About the Guest: Michael Kim is a seasoned professional in the realm of offensive security, boasting an extensive background in red teaming and penetration testing. Throughout his dynamic career, Michael has contributed his expertise to a variety of organizations, which enables him to offer a unique perspective on cybersecurity. Prior to diving into the security field, Michael followed his passion in music production and DJing for over a decade. His pivot to cybersecurity was catalyzed by the realization that it did not require a formal degree but could be pursued through alternative educational platforms like boot camps. Michael's commitment to continual learning and self-improvement is demonstrated by his approach to gaining new skills and certifications necessary for advancing his career. Currently, he holds the position of red team operator. Episode Summary: In this episode of the Philip Wylie Show, host Phillip Wylie engages with Michael Kim, an expert in offensive security, to discuss his unconventional journey into the field of cybersecurity and insights on red teaming and penetration testing. Michael's narrative is not only a testament to career shifts but also an inspiration for individuals looking to pivot into new endeavors later in life. This conversation delves into the intricacies of cybersecurity, the differences between penetration testing, and red teaming, as well as effective learning strategies for those aspiring to break into the security sector. Michael and Phillip exchange valuable information on the evolution of cybersecurity careers, revealing how passion and dedication can lead to substantial professional growth despite starting from non-technical backgrounds. The episode underscores the importance of a proactive work ethic, the utilization of learning resources like TryHackMe and Hack The Box, and the strategic pursuit of relevant certifications. With Michael's background in music and his proactive approach to personal branding on LinkedIn, listeners are offered a multifaceted perspective on forging a successful career path in offensive security. Key Takeaways: Transitioning to cybersecurity does not require a formal degree; alternative education paths like boot camps can be effective. Red teaming involves stealth and in-depth tactics, unlike the broader approach of penetration testing. Certifications like OSCP are valuable but not entry-level; it's essential to build a foundation of skills prior to attempting advanced certifications. Resources such as TryHackMe and Hack The Box Academy are highly recommended for hands-on learning and skill development. Personal branding and active engagement on professional networks like LinkedIn can significantly benefit one's career advancement. Notable Quotes: "I always start with saying… I'm not here to push past, I'm just here because I just want to help out." "If I can do it, anyone can do it. If you have the passion, if you have dedication, never give up because everybody has a different starting point." "It's important to have a plan of action. And I feel like from there on, you can build on that plan of action." "I feel like if everybody does their due diligence to try to research, understand what certs actually help, it'll be easier to navigate [the field]." "We only go through this once and there'll be times when you look back fondly and like, 'Oh, I used to not be able to do this, but now I can do this really easily.'" Resources: https://www.linkedin.com/in/michael-kim-83b0627b/ https://twitter.com/MeterPeter4Eva

About the Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining ⁠ SquareX⁠, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.

Episode Summary: In this highly informative episode of the Philip Wylie Show, we dive into the pertinent topic of online security. Together with Shourya Pratap Singh from Squarex, we explore the intricacies of malicious file detection and examine the latest advancements Squarex has incorporated to bolster digital safety. From password-protected archives to deceptive file naming practices, this episode sheds light on the multi-layered defense strategies designed to ward off cyber threats. Shourya explains how Squarex has evolved its scanning abilities, focusing on zip files and extending its malicious document detection features to manage complex archives, including encrypted and recursively nested zip files. By integrating innovative capabilities directly within the browser, Squarex enables users to seamlessly scan for potential threats without compromising the security of their data. The discussion extends to how Squarex handles password retrieval from email bodies to automate the scanning process, showcasing the company's forward-thinking approach to cybersecurity. The episode also reveals Squarex's latest feature developments, such as the Download Interceptor, which provides users with additional layers of protection against unwittingly executing harmful downloads.

Key Takeaways:

• Squarex has enhanced its platform to detect malicious content within zip files, including password-protected and recursively nested archives.
• The download interceptor feature within Squarex offers capabilities such as blocking downloads, ensuring users can review security scans before proceeding.
• Squarex can automatically use passwords found in email bodies to scan encrypted files seamlessly, maintaining user convenience without compromising security.
• Attackers' methods, such as renaming zip files or using multiple layers of encryption, can be thwarted with Squarex's comprehensive scanning features.
• The cybersecurity landscape demands defenders to be always vigilant, as showcased by Shourya's assertion that "attackers have to win only once, but whoever is trying to protect you has to win every time." Resources: Get your free SquareX Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/sible.

About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary: In this insightful episode of the Phillip Wylie show, cybersecurity aficionado Jeswin Mathai returns to delve deeper into the intricacies of in-browser malicious file detection. Sponsored by Squarex, this continuation of the "Be Fearless Online" series sheds light on the ever-evolving tactics used by cyber attackers to circumvent traditional antivirus measures. The conversation promises a blend of technical demonstrations and thought-provoking discussion that's integral for professionals and enthusiasts alike. Jeswin guides us through the dark alleys of cyber threats, starting with reflections on the fundamental evasion techniques like VBA stomping and purging. He invites listeners into a complex world where even simple file renaming or metadata tampering can make malicious documents slip undetected past security checkpoints. Further, Jeswin exposes a fascinating aspect of cybersecurity—"large file attacks"—demonstrating that size does matter in malware detection. With technology that detects such threats in real-time, Jeswin introduces listeners to Squarex's latest advancements, aiming to revolutionize the way we stay safe online.

Key Takeaways: Attackers are innovating new evasion techniques that fool even the most advanced antivirus systems, like hiding malicious code in macro-enabled files. Simple changes, such as renaming files and modifying metadata, can significantly reduce the chances of detection by standard security measures. Large-file attacks are a newer method used by attackers to bypass antivirus systems by embedding malicious code within massive files. Squarex is at the forefront of combating these advanced threats with in-browser detection technology capable of analyzing and intercepting malicious downloads. Future updates from Squarex promise even greater capabilities in detecting and dealing with sophisticated in-browser threats. Notable Quotes: "In case of large files, let me start with the one XLSM. So this is the one that's having 33 Mb. It will take a few seconds and… it was able to flag it right there." "Now the moment we try to upload this on Virus Total… it will take a long time." "So now let's take a look at how Squarex's detection is going to help us." "With download Interceptor, it's a big win for all of the files out there, whether the file is coming from Google Drive, whether it is Telegram, WhatsApp, Whatnot." Resources: Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/

About the Guest: Cecile Mengue is a dynamic and inspiring penetration tester with a background that diverges from the traditional cybersecurity pathway. Her journey into the realm of cybersecurity was spurred by a personal experience involving cybercrime, which led her to pivot from her degree in criminal justice to pursuing a career in penetration testing. Demonstrating an entrepreneurial spirit and a passion for security, Mengue transitioned from being a victim of hacking to a cybersecurity expert. A notable speaker with an interesting origin story, she presently holds a position as a penetration tester at IBM.

Episode Summary: In this compelling episode of the Phillip Wylie Show, host Phillip Wylie welcomes an intriguing guest, Cecile Mengue, whose unconventional path to becoming a penetration tester is not just informative but also deeply motivational. The conversation delves into Mengue's unique "hacker origin story," shedding light on her transition from working in juvenile court to unraveling a hacking attempt that targeted her own business. Cecile Mengue's narrative is one of resilience and tenacity. Having been hacked during her entrepreneurial ventures, Mengue chose to transform her anger into curiosity, leading her down the path of self-taught cybersecurity methods and eventually open-source intelligence (OSINT). She remarkably tracked down her attackers and successfully recovered her losses, a victory that fueled her interest in cybersecurity. Her unconventional entry into pen testing highlights the power of determination and self-directed learning. Throughout the conversation, Mengue candidly shares the strategies she employed to break into the cybersecurity field, including how she targeted her efforts specifically toward pen testing and leveraged networking to secure her first professional role. The episode is a testament to the idea that one's passion, complemented by strategic skill-building and smart networking, can create pathways to success in the technology industry.

Key Takeaways: Cecile Mengue's foray into cybersecurity stemmed from her own experience with a hacking incident, leading to a career change from criminal justice to penetration testing. With determination and self-learning, she tracked down her hacker, which sparked her interest in cybersecurity and ethical hacking. Focusing on a specific area of interest within cybersecurity, Mengue optimized her learning and job search toward penetration testing, emphasizing the importance of specialization. Mengue's proactive approach in gaining experience, such as volunteering to help secure local businesses, played a pivotal role in strengthening her resume. Networking and taking advantage of apprenticeship and entry-level programs can be crucial steps in securing a position in cybersecurity, as demonstrated by Mengue’s journey. Notable Quotes: "Once I became curious about how it happened, I started kind of like poking around the Internet myself, trying to Google." "It was anger, then curiosity, then after curiosity, it was determination." "I kept waiting because I didn't think that I could do it, right, because I felt like every time I start researching hackers or pen testers or anything in cybersecurity, one of the things that I noticed, like, nobody looked like me." "Your attitude and just the way you go about things is already a big step." "My passion was always about going after the bad guy to protect the good guy, right?" Resources: https://www.linkedin.com/in/cecile-m-2375b9133/ https://www.instagram.com/cybercile/ https://cybercile.com/

About the Guest:

Mariana Padilla is a cybersecurity professional with a background in marketing and a keen focus on storytelling as a powerful tool. With an unexpected foray into the cybersecurity world, she has found her niche and currently serves as a co-founder, and CEO of a company pioneering in creating an automated demo marketplace for cybersecurity software. She brings a wealth of experience from education and nonprofit sectors, with a mission to bridge the gap between different cybersecurity communities through initiatives like virtual coffee meetings and community events.

Episode Summary:

In this fascinating episode of the Phillip Wylie Show, we delve into the importance of networking and the art of virtual connection in the dynamic field of cybersecurity. Our special guest, Mariana Padilla, shares her journey into the world of cybersecurity, highlighting the unexpected paths that lead to fulfilling careers in the industry. Her innovative approach to networking through 'virtual coffees' underscores the value of building strong professional relationships.

Mariana Padilla emphasizes the critical role of trust and relationship-building in the cybersecurity sector. She narrates her personal networking strategy, which includes initiating 100 virtual meetings in as many days, an effort that significantly expanded her professional network. This approach not only showcases her dedication to connecting with industry professionals but also her entrepreneurial spirit as she ventured into the cybersecurity space with her automated demo marketplace and community events. Her ability to leverage LinkedIn as a networking tool provides listeners with actionable insights on how to navigate and utilize social media effectively for career advancement.

Key Takeaways:

The Power of Networking: Establishing a strong network is key in cybersecurity, and virtual coffees can serve as an innovative and effective method for building connections.

Trusting in Opportunities: Being open to possibilities and stepping out of your comfort zone can lead to unforeseen and valuable relationships within the industry.

Personal Branding Importance: Showcasing personal achievements, like participating in or winning CTF (Capture The Flag) competitions, is crucial for building one's brand and portfolio.

Bridging Industry Gaps: Collaboration between different cybersecurity communities, such as practitioners and executives, is essential.

Utilizing LinkedIn: Engage actively on LinkedIn, not just by posting content but also by participating in discussions and utilizing the platform's diverse features for networking.

Notable Quotes:

"I really think that the common thread with everything that I've done is storytelling."

"One of the things that I learned very early on after joining this industry is that it is very much focused… it operates differently from a lot of industries in terms of it is trust based."

"Every good conversation opens the door to other conversations."

"You have to think about it kind of like sailing. You just have to open up your sails and be willing to be open to the opportunities that come your way."

"The market is continuing to be more and more crowded. They're looking for new ways to show their product and showcase to potential clients and customers how it works."

Resources:

Mariana Padilla's LinkedIn Profile: https://www.linkedin.com/in/heretoshakeshitup/

Hackerverse Website: https://hackerverse.co/

Hackerverse LinkedIn Page: https://www.linkedin.com/company/hackerverse/

About the Guest:

Justin Elze is the CTO of TrustedSec, a highly acclaimed cybersecurity company. With over 14 years of industry experience, Justin is an expert in the field of offensive security, especially in the domain of red teaming and penetration testing. His extensive knowledge extends over several facets of cybersecurity, from system engineering to research. At TrustedSec, he also oversees the red team and research team, showcasing a driven career that advanced from hands-on technical roles to strategic leadership.

Episode Summary:

In this insightful episode of the cybersecurity-focused podcast, we have the pleasure of welcoming Justin Elze, the Chief Technology Officer of TrustedSec. The conversation dives deep into the world of offensive security, balancing technical expertise with leadership, and the evolution of penetration testing and red teaming in the dynamic cybersecurity landscape.

The episode kicks off with host Phillip Wylie introducing Justin Elze and acknowledging his substantial experience in cybersecurity and defensive security. As they delve into the discussion, Justin shares his origin story, detailing his journey from IRC beginnings and computer repair to ascending the ranks in the cybersecurity realm. The conversation steers towards various career tips for aspiring cybersecurity professionals, touching upon certifications, the art of interviewing, and the importance of having a diverse skill set. Also discussed are current trends and future directions in offensive security, such as assume breach assessments, red team specialization, and purple team operations.

Key Takeaways:

• Experience in IT prior to entering offensive security is invaluable for understanding business processes and applying cybersecurity measures effectively.

• For those looking to break into cybersecurity, certifications such as OSCP and specialized courses can offer a significant edge.

• Purple team operations are pivotal for organizations to develop robust defenses and improve upon the insights gained from offensive security assessments.

• Cultural shifts, such as the move towards more assume breach assessments, indicate the evolving strategies in red teaming and cybersecurity testing.

• Although specializations can be advantageous, they should be balanced with broader skills to remain adaptable in the swiftly changing cybersecurity landscape.

Notable Quotes:

"Once you get to a certain point of doing this, you really just need to focus on, hey, I found a really good class on AWS, found a really good class on enumeration."

"You kind of need to look at where you are today, where things you think will be in five years."

"The report is really what you're going to digest… Making sure that they [cybersecurity firms] are there to kind of support you after you have the report to digest it at different levels that you need."

Resources:

https://twitter.com/HackingLZ

https://www.linkedin.com/in/justinelze/

TrustedSec website: trustedsec.com

About the Guest:

Cathy Ullman, known in the cybersecurity community as Investigator Chick, boasts an impressive 24-year tenure at the University of Buffalo where her expertise spans across digital forensics and incident response. She has not only made a mark with her significant work in tech support but also holds a leadership position in organizing significant conference events such as summer camp. A celebrated author, Ullman recently published a thought-provoking book that delves into the intersection of offensive and defensive cybersecurity strategies.

Episode Summary:

In this episode of the Phillip Wylie show, listeners are treated to an intimate conversation with cybersecurity expert Cathy Ullman. The talk traverses Ullman's storied path which veers from a unique childhood surrounded by pioneering computing to her two-decade-plus stint in university cyber security. Along the way, Ullman offers a peek into the heart of her recent book, which urges a mindset shift in cybersecurity defense by taking cues from offensive tactics.

Ullman reflects on her early days in tech support, leading to her current specialization in digital forensics and incident response at the University of Buffalo. She discusses the value and rigorous nature of certifications such as the IAsis and the doors they've opened within her field. The conversation turns to Ullman's enlightening journey into the offensive side of cybersecurity, captured in her new book "The Active Defender." Ullman makes a compelling case for why understanding offensive strategies can fortify defense mechanisms within the cybersecurity realm.

Key Takeaways:

Cathy Ullman's Emergence: From a childhood surrounded by computing, Cathy's journey is emblematic of the organic evolution into the cybersecurity niche.

Higher Education in Cybersecurity: Ullman underscores the benefits and stability offered by her long-standing role at the University of Buffalo and the profound learning and growth it has facilitated.

Digital Forensics Certification: Cathy shares insights into the invaluable expertise and depth gained from the digital forensics and incident response training with IAsis.

Cybersecurity Community Engagement: The significance of attending and participating in events like B sides for professional development and networking is emphasized.

Understanding Offensive Security: Ullman explores the perspective that comprehending offensive techniques enhances defensive strategies, a central theme in her latest book.

Notable Quotes:

"And I took SANS classes on forensics before I had the IACIS background, and it did not go well."

"Understanding how offensive security folks think, because if you understand what they do and how they think, then you can be better as a defender in terms of your own defenses."

"I've been there 24 years, and I've had the opportunity to kind of grow into different spaces within that without having to jump ship."

"It was a matrix moment, you know, the blue pill, red pill thing, where I suddenly realized, hey, there's this whole other world that I was missing out on."

"Everybody wants to share all the cool things with you. The excitement is palpable when you go to these conferences."

Resources:

Cathys Twitter: @investigatorchic

Cathy's LinkedIn: https://www.linkedin.com/in/catherine-ullman-26a9406/

Cathy's book: The Active Defender: Immersion in the Offensive Security Mindset https://www.wiley.com/en-us/The+Active+Defender%3A+Immersion+in+the+Offensive+Security+Mindset-p-9781119895213

About the Guest:

Andy Liverman Anderson is a seasoned professional with a diverse background spanning real estate, Wall Street, and cybersecurity. With nearly a decade dedicated to the field of cybersecurity, Andy brings a wealth of experience and knowledge to the industry. As a history major, he leverages his unique perspective to analyze the intricacies of cybersecurity's geopolitical landscape. Notably, Andy has been pivotal in the development of moving target defense strategies and has pioneered the use of machine learning to estimate cyber risk in the insurance domain. Currently, he serves as a VP of Sales at Uno AI, a company at the forefront of incorporating AI into cybersecurity efforts.

Episode Summary:

This episode of The Phillip Wylie Show delves into the rapidly evolving landscape of cybersecurity, focusing on the integration of automation and AI technologies. Host Phillip Wylie is joined by Andy Liverman Anderson from Uno AI to explore the ways these advancements are transforming the industry. Fascinated by the seismic shift caused by AI tools like Chat GPT, they discuss the implications for cybersecurity professionals, who like superheroes, each have their own origin story.

The conversation begins by highlighting the role of automation in cybersecurity, referencing Jeff Foley's mass reconnaissance script, and moves on to unpack Andy's journey from real estate and Wall Street into the complex world of cybersecurity. The second summary paragraph touches on the significant role AI plays in vulnerability management, acting as a force multiplier for security practitioners, and the potential for Uno AI's copilots to scale and enhance the capabilities of cybersecurity teams. As the episode unfolds, it becomes clear that the integration of AI into cybersecurity is not just a possibility, it's a reality unfolding before us.

Key Takeaways:

Automation and AI are revolutionizing cybersecurity, taking over repetitive and tedious tasks to free up professionals for more complex work.

Andy Liverman Anderson's history in both traditional tech and cybersecurity provides a unique perspective on the use of AI in cybersecurity.

Cyber insurance and understanding post-attack scenarios are critical components in managing cyber risk effectively.

Uno AI's cyber AI copilot assists security professionals by streamlining the process of vulnerability management and producing actionable insights.

As AI democratizes technology, it may lower barriers to entry in cybersecurity and generate better, more creative jobs.

Notable Quotes:

"It's the land of broken toys. You get to look at all these different things."

"Every organization should have cyber insurance. I'm not selling insurance anymore, but I think you're crazy as an organization, even a very small business, it's surprisingly inexpensive."

"What AI is going to do because the very narrow skills that you had are no longer so scarce."

"A bot never gets tired, is always happy to answer them, and as long as they're providing accurate answers."

"When you've seen sort of a democratization of core technologies, that's just the explosive impact it's had across the world."

Resources:

https://www.linkedin.com/in/andyandersoncyber/

https://www.linkedin.com/company/unoai/

https://uno.ai/

About the Guest:

Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics.

She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education.

Episode Summary:

In this captivating episode of The Phillip Wylie Show, cybersecurity enthusiasts witnessed a deep dive into the cutting-edge realm of in-browser malicious file detection with Dakshitaa Babu. Dakshitaa, showcasing her prowess in the industry, illustrates sophisticated features of her company's flagship cybersecurity product designed to enhance online safety.

Dakshitaa demonstrates the product's ability to detect malicious macros within files, emphasizing the significance of privacy in their detection methods which occur directly within the browser environment. Focusing primarily on Gmail due to its widespread use, she articulates how the product can reveal hidden dangers within office documents and macros. The episode highlights not only the detection of conventional threats but also uncovers tactics like file renaming, VBA purging, and old file format analysis to pinpoint potentially harmful activity.

The conversation shifts towards the efficiency and privacy advantages of in-browser detection. Dakshitaa explains how this approach offers immediate and private threat recognition compared to traditional methods. She confidently positions her company's product as a vital layer of defense, complementing existing antivirus solutions and empowering users with immediate insights into file safety before downloads occur.

Key Takeaways:

In-browser malicious file detection technology offers advanced privacy and fast analysis by scanning files directly within the email client.

Dakshitaa demoed the tech's proficiency in detecting renamed files, large file components, and outdated file formats—all indicative of potential malware.

The product integrates seamlessly with Gmail, providing users with immediate warnings and detailed insights into file contents without downloads.

Unique detection methods allow for identifying suspicious activities such as VBA purging, which can bypass some antivirus solutions.

The browser extension is free and compatible with all chromium-based browsers, encouraging user adoption for an added layer of cybersecurity.

Notable Quotes:

"We are going deeper than what surface level checks do in Gmail, for instance." -Dakshitaa Babu

"We have no idea why you're still using it in 2024." -Dakshitaa Babu

"We are trying to create a product that has never been there before that is truly important for every user." -Dakshitaa Babu

"We can't always take our own sweet time to scan through every single file thoroughly before letting the user use it." -Dakshitaa Babu

"We want to make sure that before you give the file a chance to even penetrate to your local device or to your network… we want to be there first and give you a first line of defense." -Dakshitaa Babu

Resources:

Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠

⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠

⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠

⁠⁠⁠https://www.instagram.com/getsquarex/

About the Guest:

Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and defensive cyber operations.

Episode Summary:

In this riveting episode of the Phillip Wylie Show, host Phillip examines the intersection of cybersecurity and defense backgrounds through his conversation with Michael Jenks from Interpris. The dynamic dialogue delves into how professionals from critical sectors, such as the Department of Defense, bring innovative solutions and meaningful perspectives to the cybersecurity industry.

Jenks shares his 'origin story,' which follows a trajectory starting from gaming and IRC administration, leading to a computer science degree and an impressive tenure at various defense-related roles. His story highlights a critical insight: that the best cybersecurity defenses are often forged in the crucible of real-world operations where the cost of failure is immense.

Central to the conversation, Jenks unravels the methodology behind Interpris—a platform designed to contextualize and elevate existing cybersecurity tools through continuous threat exposure management. Leveraging a thorough understanding of threat profiles, Interpris aims to help organizations prioritize potential risks based on industry, operations, and data sensitivity. The platform's philosophy is clear—fortify defenses by optimizing tools that organizations already possess, using informed strategies and continuous monitoring to proactively counter advanced cyber threats.

Key Takeaways:

Cyber professionals with DoD experience bring invaluable expertise to cybersecurity solutions.

Interpris focuses on improving an organization's security posture by providing context and strengthening existing tools.

Assume breach approach and implementing best practices are essential for a robust security posture.

Insider threats are as significant as external threat actors, making holistic security measures necessary.

The emergence of AI in both offensive and defensive cybersecurity tools is rapidly changing the landscape.

Notable Quotes:

"I mean, man, if you have it, background, a clearance, man, there are just a ton of jobs." -Michael Jenks

"From just the digital realm. Gamer growing up. Cut my teeth on hacking back in the day." -Michael Jenks

"You already have enough tools, right. It's really just that optimized configuration, that prioritization, that customization." -Michael Jenks

"It's my job to defend this environment. I have no idea where we're protected, where we're not." -Michael Jenks

"What we're doing is weaving together all of these products, from EDR, from network sensing, to firewall, to your ESM." Michael Jenks

Resources:

https://www.linkedin.com/in/michaeljenks/

https://www.linkedin.com/company/interpres-security/

https://twitter.com/InterpresSec

https://interpressecurity.com/

About the Guest:

Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary:

In this riveting episode of the "Philip Wylie Show," listeners are invited to explore the intricate world of cybersecurity with Jeswin Mathai, who returns to discuss the innovative features of Squarex. Designed to bolster online safety, Squarex addresses the challenges individuals face with malicious files, particularly through email and other online communication platforms.

Jeswin demonstrates Squarex's ground-breaking in-browser malicious file detection capability against the backdrop of increasing macro-based cyber threats. These threats often exploit macros within documents to compromise systems, a technique that has persisted in popularity among cybercriminals. Jeswin also touches upon the limitations of traditional antivirus solutions and email client security in detecting such risks.

Key Takeaways:

Squarex's new feature conducts an in-browser analysis of files to promptly detect malicious content, enhancing email client security.

Traditional antivirus programs and email clients often fail to adequately detect or block macros, a common vector for cyber attacks.

Attackers can exploit file type mismatches and employ social engineering tactics to deliver malicious payloads through seemingly benign document files.

Jeswin unveils techniques such as "VBA Stomping" and "VBA Purging" that attackers use to bypass antivirus detection.

Squarex offers solutions to safely convert potential macro-threats into clean or PDF versions within the browser, providing a privacy-centric approach to cybersecurity.

Notable Quotes:

"Anytime you receive a malicious attachment…we are going to do in-browser file analysis." - Jeswin Mathai

"It's kind of interesting because, like going through the OSCP course, one of the payloads they were mentioning during that time, this was back 2012, 2013, was using macros in the payloads." - Phillip Wylie

"Gmail, when it comes to webmail client, has the most amount of market share…72% is just Gmail." - Jeswin Mathai

"So the way mail clients work is, let's say here, we'll consider the example of Gmail…" - Jeswin Mathai

"The sad part about COVID was a lot of things happened that we are not aware of because the sad event of COVID, the deaths…a lot of other attention or other issues were not given that much amount of attention and they never came to the light of the public." - Jeswin Mathai

Resources:

Get your free Chrome plugin: ⁠http://sqrx.io/pw_x⁠

⁠https://www.linkedin.com/company/getsquarex/⁠

⁠https://twitter.com/getsquarex⁠

⁠https://www.instagram.com/getsquarex/

About the Guests:

Kevin Pentecost and Jason Papillon are the dynamic duo behind the engaging podcast Cyber Distortion. They share a strong history of creating content that delves deep into the cybersecurity world, aiming to educate and inform a wide audience about offensive and defensive strategies within the industry. Kevin brings in his expertise in graphic design, while Jason focuses on the content structure and delivery, making them a well-rounded team.

Chris Glanden is the voice behind the Barcode podcast and the newly introduced webcast, Risk Radar. With previous experience in film, Chris steers his podcast to explore the impacts of AI on cybersecurity, aligning with his efforts to create a documentary on the weaponization of AI systems. He recently made strides into entrepreneurship with his company, Barcode Security.

In this episode of the Phillip Wylie Show, we're treated to a rare gathering of cybersecurity enthusiasts who have built a reputation for their captivating content creation. This episode stands out as the first to feature multiple guests, offering a unique blend of perspectives on professional hacking, content creation, and AI's role in cybersecurity.

Episode Summary:

The episode kicks off with a recount of the Lone Star Cyber Circus—a collaboration event that brought together local talent from Dallas and introduced thought-provoking discussions on the ever-evolving Dallas hacker scene and AI's intersection with cybersecurity. The conversation pivots to the art and influence of content creation, as the guests delineate pathways for individuals to kickstart or amplify their cybersecurity careers through effective branding and exposure.

As the dialogue unfolds, it touches upon the individual journeys and collaborative ventures of the guests. Kevin and Jason of Cyber Distortion detail their foray into podcasting, aiming to disseminate cybersecurity knowledge at scale. Chris shares his foray into documentary filmmaking, aiming to shed light on the dark potential of AI if left unchecked. Together, their experiences coalesce into a shared vision that culminates in the announcement of the Cyber Circus Network (CCN)—a unifying initiative set to propel the cybersecurity conversation into new heights.

Key Takeaways:

• The synergistic collaboration of Kevin and Jason provides insights into the world of cybersecurity through their high-production podcast, Cyber Distortion.
• Chris Glanden's Barcode podcast and his upcoming documentary on AI highlight the industry's pertinent issues and emerging threats.
• Content creation in cybersecurity is an avenue ripe for exploration, presenting opportunities for education, networking, and career growth.
• The newly formed Cyber Circus Network signals a collective move toward amplifying cybersecurity awareness and fostering community engagement through various events and content mediums.
• The upcoming episodes and events under CCN are gearing up to provide value-driven, diverse content for the cybersecurity community.

Notable Quotes:

• "We want to surround ourselves with as many people as possible that can add value to the area that we're working in." — Jason Papillon

• "I always have fun meeting with you guys and talking shop." — Jason Popillion
• "I'm excited about what we all do individually as well, and how that adds value." — Jason Papillon
• "I think our values align as well. At the end of the day, we all want to help each other." — Chris Glanden

Resources:

Kevin Pentecost & Jason Popillion: Cyber Distortion Podcast

• https://twitter.com/DistortionCyber
• https://www.linkedin.com/in/jason-popillion-cissp-863a464/
• https://www.linkedin.com/in/kevin-pentecost-cissp-cism-ceh-cpt-mcse-cca-itil-f-4a61404/
• https://www.youtube.com/@TheCyberDistortionPodcast

Chris Glanden: Barcode Podcast

• https://www.linkedin.com/in/chrisglanden/
• https://www.linkedin.com/company/barcodesecurity/
• https://barcodesecurity.com/
• https://twitter.com/ChrisGlitz

Cyber Circus Network

• http://cybercircusnetwork.com/

About the Guest:

Jason Haddix is a seasoned cybersecurity professional with a wealth of experience spanning over two decades in the field. Recognized for his insightful contributions to ethical hacking communities, he's penned informative articles, engaged in content creation, and previously held the title of top hunter at Bugcrowd in 2016. Jason has contributed his expertise to several organizations including HP, where he was part of the Shadow Labs internal pen testing team, and Ubisoft where he served as CISO. He's recently embarked on a new journey with Arcanum Information Security, focusing on red teaming, training, and consulting services.

Episode Summary:

In this episode, host Phillip Wylie sits down with cybersecurity expert Jason Haddix to explore the ever-evolving realm of cybersecurity. As a beacon of knowledge, Jason delves into his career trajectory, from learning the ropes in clandestine online forums to ascending the ranks as a top bug bounty hunter and, ultimately, leading as a CISO. This conversation ventures through the corridors of Jason's illustrious journey, offering vital insights into not just his past accomplishments but his current endeavors in the wide world of cybersecurity.

The discussion pivots to the frontiers of AI's application in security, where Jason unveils his work in leveraging AI for practical defense measures and his innovative teaching methods. They explore the implications of AI on future cybersecurity roles, debunk myths around job displacement, and share resources for those keen on sharpening their hacking prowess. Emphasizing the imperative for continuous learning and adaptation, Jason's narrative is a treasure trove of guidance for professionals navigating the cybersecurity landscape.

Key Takeaways:

Jason Haddix shares how his early involvement in underground web forums sparked his pursuit of cybersecurity, leading to a diverse career in pen testing, bug bounties, and CISO roles.

AI's integration into cybersecurity is highlighted as a pivotal game-changer, with practical use cases ranging from building defensive solutions to enhancing security programs.

Haddix elucidates how his origins in bug bounty hunting enriched his capabilities during his recent tenure in red teaming more than the other way around.

The conversation dives into the emerging skill set of natural language hacking and the importance of prompt engineering for security practitioners.

Jason's new company, Arcanum Information Security, focuses on delivering specialized training and consulting in modern application analysis, reconnaissance, and security leadership.

Notable Quotes:

“It's like having a colleague next to you to ask dumb pen test questions to when you don't know how some technology works and that's how I treat the [AI] bot.” - Jason Haddix

“Who needs DA when you have the entire data lake of a company already downloaded into an app that you broke into because it had a local file include, that feels like 1995 or something like that.” - Jason Haddix

“I think defenders will run with this thing [AI] and be better than ever.” - Jason Haddix

Resources:

Jason Haddix on X(formerly Twitter): @Jhaddix

Jason Haddix on LinkedIn: https://www.linkedin.com/in/jhaddix/

Arcanum Information Security: https://arcanum-sec.com/

About the Guest:

Bryson Bort is a recognized information security expert, founder, and entrepreneur with extensive experience in the cybersecurity field. Bryson is the founder and CEO of Scythe, a cybersecurity company known for creating a platform that enables security teams to build and emulate real-world adversarial campaigns in a safe manner. He has a rich background, having grown up in Germany and the Soviet Union, and served at West Point and as an officer in the Army and Signal Corps. Bryson is also known for his work in defense and intelligence, and he's a prominent figure for his contributions to the information security community. Additionally, he co-founded a nonprofit called the ICS Village dedicated to education and advocacy for critical infrastructure security.

In this thought-provoking episode of "The Philip Wylie Show," the host Phillip Wylie dives into an in-depth conversation with cybersecurity maven Bryson Bort. The audience is welcomed into Bryson's world of entrepreneurship and cybersecurity innovation, with particular emphasis on his journey from military service to founding cutting-edge cybersecurity ventures.

Bryson's impactful narrative charts his transition from his startup Scythe's initial product offering—a platform for creating custom, scalable cyberattack simulations—to driving the cybersecurity industry forward with accessible automated defenses. Bryson shares insights into the psychological barriers in information security, the evolution of cyber threats, and the critical role of post-access attack strategies. Furthermore, the episode shines a light on the operational technology (OT) space, underscoring the pressing need for robust cybersecurity measures amidst crucial infrastructures and the inherent risks of physical harm.

• Bryson Bort's transition from military service to cybersecurity entrepreneurship highlights the value of real-world offensive security experience in building successful startups.
• The concept of "Bryson Attack Model" (BAM), which emphasizes the significance of post-access attack phases, reveals limitations in the traditional cybersecurity defenses.
• The progression from red team tools to a more enterprise-friendly purple teaming approach suggests a shift in cybersecurity practices aiming for collaborative and immediate security enhancements.
• Industrial Control Systems (ICS) and OT cybersecurity represent a field of critical importance with unique challenges, including the need for balancing safety with potential cyber threats.
• Bryson Bort discusses the importance of drawing wisdom from cybersecurity's past to inform future defenses, hinting at the release of a detailed paper on developing a true cyber warfare capability.

• "The first is reconnaissance [...] the second step is I break in. Initial access [...] That's the third phase, the post access." -Bryson Bort
• "We built our initial platform in C Sharp. No assembly [...] Red team operators aren't developers." -Bryson Bort
• "I describe being a startup founder as you are the CEO and you're the janitor." -Bryson Bort
• "Going back to your question earlier, what does the real thing look like? I think that will also give a lot more detail that I'll be comfortable sharing because I'll have time to really think with him through what we're willing to share publicly." -Bryson Bort

Socials and Resources:

https://www.linkedin.com/in/brysonbort/
https://www.linkedin.com/company/scythe_io/
https://www.linkedin.com/company/icsvillage/
https://twitter.com/brysonbort
https://twitter.com/scythe_io
https://twitter.com/ICS_Village
https://scythe.io/

About the Guest:

Phillip Wylie is a seasoned professional in the cybersecurity field, recognized for his expertise in offensive security and personal branding. With a career marked by actively sharing his insights at conferences like DEF CON, Phillip engages deeply with the community to foster networking and personal growth. As a speaker and advocate, he guides others in diversifying their connections and professional presence, promoting an integrated approach to in-person and online networking.

In this insightful episode featuring Phillip Wylie, listeners gain essential advice on networking and personal branding sculpted from Wylie's rich experience in the cybersecurity industry. Known for his practical guidance and successful engagement strategies with the community, Wylie unpacks the synergistic relationship between virtual and real-world interactions, offering a valuable roadmap for career growth and visibility.

Philip emphasizes the power of diversification in networking efforts, both online and offline. Encouraging professionals to attend various conferences and engage with individuals outside their usual circles, Wylie's approach is about expanding personal networks and opportunities in unexpected places. With a focus on cybersecurity events and how to leverage them for greater impact, he offers unique tips that promise to enrich one's personal brand and career path.

• Integrate in-person networking with social media to create synergistic personal branding effects.
• Attend various meetups and conferences, even those outside your usual professional scope, to broaden your network.
• Utilize social media platforms to announce presence at events and connect with both existing and new contacts.
• Diversification in social media presence, including experimenting with new platforms or content formats, can lead to unexpected opportunities.
• The significance of building a personal brand for increased visibility and engagement in your professional field, benefiting both the individual and their associated organizations.

• "The connections you make in person are so much more powerful than just what you do online."
• "Getting out there, talking to people when you're at these events is helpful and diversification."
• "You need to show this is where I'm speaking. These are workshops I'm teaching. These are things I'm doing. So people get to see this guy is a subject matter expert in offensive security."
• "Work on your personal brand because the day may come you may need to move jobs and you don't want it to all be purely this certain company over here that's not transferable."
• "I've got so many more followers and subscribers to my podcast and views compared to the audio-only platforms."

Resources:

• Phillip Wylie's LinkedIn Article (Referenced as an inspirational article for this video.)
• DEF CON (Mentioned as a venue where Phillip gave a talk on networking and personal branding)
• Podcast: The Phillip Wylie Show https://www.phillipwylieshow.com/

Episode Summary:Key Takeaways:Notable Quotes:Resources:

About The Guest:

Andy Thompson, also known as Rainmaker, is a cybersecurity professional and a research evangelist at CyberArk. With over 20 years of experience in the industry, Andy has a background in systems administration and website design. He is an active member of the cybersecurity community and is heavily involved in the Dallas Hackers Association (DHA), where he serves as the MC and co-organizer of the monthly meetups. Andy is passionate about mentoring and helping others get started in the industry.

Summary:

In this episode, Phillip Wylie interviews Andy Thompson, a cybersecurity professional and research evangelist at CyberArk. They discuss Andy's journey into the industry, the importance of community, and the role of public speaking in cybersecurity. Andy shares his experience with Dallas Hackers Association (DHA) and how it has helped launch many speaking careers in the cybersecurity field. He also provides valuable advice for those looking to get started in cybersecurity and emphasizes the significance of networking and being part of a community.

Key Takeaways:

1. Dallas Hackers Association (DHA) has played a significant role in launching speaking careers in the cybersecurity field.
2. Public speaking skills are valuable in the industry and can help differentiate individuals from the crowd.
3. Toastmasters and improv classes are great resources for improving public speaking skills.
4. Being part of a community and networking are crucial for getting started in cybersecurity.
5. Twitter is a valuable platform for staying updated on the latest hacks, vulnerabilities, and industry news.

Quotes:

• "The best way to become part of the information security hacking industry is to be part of a community." - Andy Thompson
• "Networking really will get your foot in the door in ways that traditional job hunting won't allow you to do." - Andy Thompson

Socials and Resources:

https://twitter.com/Andy_Thompson

https://www.linkedin.com/in/andythompsoninfosec/

About The Guest:
Cheryl Biswas is a cybersecurity professional with a background in political science. She currently works in cyber threat intelligence, protecting a big bank against cybercrime and state-sponsored adversaries. Cheryl is passionate about the intersection of politics, economics, and technology in the cybersecurity field.

Summary:
Cheryl Biswas, a cybersecurity professional with a background in political science, shares her journey into the field of cyber threat intelligence. She discusses the importance of curiosity, analysis, and pattern recognition in this field. Cheryl also highlights the need for historical context and an understanding of politics and economics to effectively analyze cyber threats. She emphasizes the value of networking and volunteering at conferences to build connections and gain opportunities in the industry. Cheryl also encourages individuals to take care of their mental health and to have confidence in their abilities.

Key Takeaways:

• Curiosity, analysis, and pattern recognition are essential skills in cyber threat intelligence.
• Historical context, politics, and economics play a significant role in understanding cyber threats.
• Networking and volunteering at conferences can provide valuable opportunities and connections.
• Taking care of mental health is crucial in the cybersecurity field.
• Confidence in one's abilities is essential for success in the industry.

Quotes:

• "If you are a problem solver and into being a detective by nature, this is a very good field for you." -Cheryl Biswas
• "The bad guys are extremely efficient. They make money, they don't spend it." -Cheryl Biswas
• "Volunteering creates conversations where somebody starts to know you, and then they may very well be able to answer your questions or make recommendations." -Cheryl Biswas
• "Take a moment and assess how you are doing and don't push yourself past your limits because mental health is a real deal." -Cheryl Biswas
• "You are enough and you have what it takes. You have absolutely got something to bring to this table." -Cheryl Biswas

Socials and Resources
https://www.linkedin.com/in/cherylbiswas/
https://twitter.com/3ncr1pt3d

About The Guest:
Chris Marks is a cybersecurity professional with a background in engineering and architecture. He has worked in various roles in the cybersecurity field, including system engineer, senior analyst, and security manager. Chris is passionate about helping others enter the cybersecurity industry and is involved in mentoring and advising students at community colleges and universities.

Summary:
Chris Marks shares his journey into the cybersecurity field, starting from his interest in hacking and his involvement in the Tiger Trap Group. He discusses his experience applying for jobs and the challenges he faced before finally landing a position in Dallas. Chris emphasizes the importance of passion in cybersecurity and advises aspiring professionals to focus on their interests rather than just the potential for financial gain. He also highlights the significance of certifications and degrees in opening doors and advancing in the field. Chris concludes by discussing his current role in security management and his desire to help others succeed in cybersecurity.

Key Takeaways:

• Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated.
• Certifications and degrees can significantly enhance career opportunities in cybersecurity.
• Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects.
• The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more.
• It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry.

Quotes:

• "If this is not your passion, if this is not your passion, you will get burned out no matter what avenue it goes." -Chris Marks
• "You need to invest in your offensive line." -Chris Marks
• "The money will come, but don't get into this for the money because you will not like it." -Chris Marks
• "We're not the business to make money, but we are the business to save money." -Chris Marks
• "If you want to do cybersecurity, there's ways. There's universities, there's community colleges. Definitely reach out to people who know it, who've done it, and then see where it takes you." -Chris Marks
• "Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated." -Chris Marks
• "Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects." -Chris Marks
• "The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more." -Chris Marks
• "It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry." -Chris Marks

Socials and Resources:

https://twitter.com/DaBootWolverine

https://www.linkedin.com/in/christopher-marks-7357441b/

About The Guest:

Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks.
He has conducted a workshop in Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining SquareX, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building, and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent to his name. His area of interest includes browser extensions and web application security.

Summary:

Shourya Pratap Singh discusses the importance of safely using URLs and introduces Squarex, a product that provides URL protection. He explains that malicious URLs are a significant problem for IT teams worldwide and that it can be challenging to determine if a URL is malicious or not. SquareX offers a solution with its disposable browser feature, which allows users to open suspicious websites or links in a cloud browser. This feature provides a deterministic view of the website's safety and allows users to access it from different geographical locations. Shourya demonstrates how to use Squarex through the browser extension and the web app, highlighting the convenience and privacy it offers. He also mentions that Squarex includes an ad blocker and protects against browser fingerprinting. Overall, SquareX simplifies online safety and protects users from malicious URLs.

Key Takeaways:

1. SquareX's disposable browser feature allows users to open suspicious websites or links in a cloud browser, ensuring their safety.
2. The disposable browser can be accessed through the Squarex browser extension or the web app, providing flexibility for users.
3. SquareX protects users' privacy by preventing cookie sharing and browser fingerprinting.
4. The disposable browser includes an ad blocker, enhancing the browsing experience and protecting against adware.

Quotes:

• "With SquareX, what we have is sort of a deterministic view. So we have this feature which is called disposable browser." - Shourya Pratap Singh
• "This disposable browser is completely disposable. So you can simply click here, click on the cross button, and that particular session will basically get disposed of." - Shourya Pratap Singh

Socials and Resources:
Get your free Chrome plugin: ⁠http://sqrx.io/pw_x⁠
⁠https://www.linkedin.com/company/getsquarex/⁠
⁠https://twitter.com/getsquarex⁠
⁠https://www.instagram.com/getsquarex/

About The Guest:
Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics.

She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education.

Summary:
Dakshitaa Babu discusses the importance of disposable emails in the cybersecurity space. She highlights that emails are a primary mode of communication and are therefore at great risk of threats. More than a quarter of all threats that occur on a daily basis happen through email. Dakshitaa explains that the growing importance of disposable emails is due to the fact that email is the gateway into our personal and professional lives. We often have to use our email addresses to sign up for services or receive important information. However, more than 50% of the emails we receive are spam, which can be a waste of time and affect productivity. Dakshitaa also mentions that legitimate sources sometimes sell our email addresses to spammers. She shares a fun tip of adding a suffix to our email addresses to track who may have leaked our email address. Dakshitaa emphasizes the increasing threat of phishing emails, which are becoming more targeted and difficult to detect. She mentions that phishing emails often contain malicious files or links, and even unsubscribe links within emails can be malicious. Dakshitaa explains that Squarex promotes safe email practices by providing an enhanced privacy mode and opening links and files in a disposable environment. She also mentions that Squarex is working on integrating with social media accounts to make clicking on links safer. Dakshitaa concludes by highlighting the importance of using disposable emails to reduce exposure to threats and maintain privacy online.

Key Takeaways:

• Disposable emails are important in reducing the risk of threats that come through email.
• More than 50% of the emails we receive are spam, which can waste time and affect productivity.
• Phishing emails are becoming more targeted and difficult to detect.
• SquareX provides enhanced privacy mode and opens links and files in a disposable environment.
• Using disposable emails can help reduce exposure to threats and maintain privacy online.

Quotes:

• "Emails are like a primary mode of communication, and that also puts it at great risk of threats." -Dakshitaa Babu
• "More than 50% of the emails that come in our inbox are spam." -Dakshitaa Babu
• "Phishing is getting worse, and these days you can't even tell if it's legitimate or not." -Dakshitaa Babu
• "Emails have become really dangerous. It's almost like the floor is lava." -Dakshitaa Babu
• "Disposable emails are a great way to exercise privacy online." -Dakshitaa Babu

Socials and Resources:
Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠
⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠
⁠⁠https://twitter.com/getsquarex⁠⁠
⁠⁠https://www.instagram.com/getsquarex/

Summary:
In this episode of the Phillip Wylie Show, Phillip interviews Justin "Hutch" Hutchens, an offensive security professional and author of "The Language of Deception: Weaponizing Next Generation AI." They discuss the emerging risks and opportunities of artificial intelligence (AI) in the cybersecurity space. Justin shares his experiences with using AI to automate social engineering attacks and highlights the potential dangers of AI-powered conversational agents and technical agents. He also explores the defensive applications of AI, such as using language models for threat intelligence and incident response. The conversation concludes with a discussion on how individuals can leverage AI resources to improve their skills and stay ahead of the curve.

Key Takeaways:

• AI-powered conversational agents can automate social engineering attacks, posing a significant risk to individuals and organizations.
• The emergence of AI-powered conversational agents and technical agents raises concerns about the potential for large-scale manipulation and exploitation.
• Language models can be used to filter and make sense of unstructured threat intelligence data, improving the efficiency and effectiveness of security operations.
• AI has the potential to revolutionize incident response by automating the creation of runbooks and enabling faster, more efficient incident resolution.
• Individuals can take advantage of AI resources by experimenting with language models and exploring freely available courses and resources.

Quotes:

• "The fact that now, instead of just getting a phishing email, I could now be having a conversation with someone on LinkedIn, or if they've managed to get access to my internal network, possibly even on something like Teams or Slack." - Justin Hutchens
• "The most profound new capability that we're seeing with these language models in a defensive capability is being able to take that unstructured data and figure out what is relevant to me, what is relevant to my organization." - Justin Hutchens
• "The most important thing is really just starting, getting your hands on it and playing with it." - Justin Hutchens

Socials and Resources:

https://www.linkedin.com/in/justinhutchens/

https://twitter.com/sociosploit

https://www.wiley.com/en-cn/The+Language+of+Deception%3A+Weaponizing+Next+Generation+AI-p-9781394222544

About The Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining  @SquareXTeam , he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.

Summary:
In this episode, Shourya Pratap Singh from Squarex discusses how to deal with files securely online. He highlights the dangers of malicious files and the importance of protecting ourselves, especially during the holiday season when cyberattacks are more prevalent. Shourya demonstrates how traditional antivirus software and endpoint security systems work in a probabilistic way, making it difficult to determine if a file is truly safe. He then introduces SquareX's disposable file viewer, which allows users to open files in a cloud-based sandbox, eliminating the risk of executing malicious code on their own machines. Shourya also explains how the disposable file viewer integrates with other SquareX features, such as the privacy mode and download interceptor, to enhance security measures. He concludes by introducing SquareX's progressive web app, which enables users to open local files securely and conveniently.

Key Takeaways:

• Traditional antivirus software and endpoint security systems work in a probabilistic way, making it difficult to determine if a file is truly safe.
• SquareX's disposable file viewer allows users to open files in a cloud-based sandbox, eliminating the risk of executing malicious code on their own machines.
• The disposable file viewer integrates with other SquareX features, such as the privacy mode and download interceptor, to enhance security measures.
• SquareX's progressive web app enables users to open local files securely and conveniently.

Quotes:

• "Probabilistic models are not something we can 100% rely on." - Shourya Pratap Singh
• "You can open a file fearlessly in a very deterministic way without worrying much about if it's going to actually affect your computer or not." - Shourya Pratap Singh
• "SquareX brings these features for any normal person to use. Something like a sandbox is not something everyone would usually have access to." - Shourya Pratap Singh

Socials and Resources: Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/

About The Guest:
Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments.

Summary:
Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex environments. He explains the graph theory behind Bloodhound and how it visualizes data to help practitioners and defenders understand and mitigate security risks. Andy also discusses the recent release of Bloodhound Community Edition (CE) and the improvements it brings, including faster data ingest, query times, and a friendlier user experience. He highlights the focus on practical attack primitives and abuse primitives in Bloodhound and the goal of making attack paths a non-issue for organizations. Andy concludes by sharing valuable advice for those looking to advance in the industry, emphasizing the importance of understanding and solving real problems and being loyal to people rather than companies.

Key Takeaways:

• Bloodhound is a tool for attack path mapping in Active Directory environments, using graph theory to visualize data and identify security risks.
• Bloodhound Community Edition (CE) brings improvements such as faster data ingest, query times, and a friendlier user experience.
• Bloodhound focuses on practical attack primitives and abuse primitives to solve real security problems and make attack paths a non-issue for organizations.

Quotes:

• "If we give people an excellent experience for free, then enough of those people will choose to become paying customers that we have a viable business." - Andy Robbins
• "The industry as a whole is very young, but the capability of visualizing data problems and data security problems in this way is also relatively brand new." - Andy Robbins
• "We focus on attack paths or risk that emerges out of a combination of the mechanics of a system, the configurations of that system, and the behaviors of users or identities in that system." - Andy Robbins

Socials and Resources:

https://twitter.com/_wald0

https://twitter.com/SpecterOps

https://specterops.io/

https://bloodhoundenterprise.io/

https://github.com/SpecterOps/BloodHound

About The Guest: Jason Downey is a pen tester at Red Siege, a boutique pen testing firm. He has been in the industry for almost three years and specializes in network pen testing, social engineering, and physical assessments. Jason has a background in network administration and security, and he is passionate about sharing his knowledge and helping others in the industry.

Summary: Jason Downey, a pen tester at Red Siege, joins the podcast to discuss his journey into the world of pen testing and the importance of networking and building relationships in the industry. He emphasizes the need for a strong foundation in networking fundamentals and active directory knowledge. Jason also shares his favorite resources for learning infrastructure pen testing and highlights the collaborative nature of the industry.

Key Takeaways:

• Building a strong network is crucial in the information security industry and can open up opportunities for job prospects and knowledge sharing.
• Networking fundamentals and active directory knowledge are essential for successful pen testing, as most corporate infrastructures rely on these technologies.
• Specializing in a specific area of pen testing can be beneficial once you have a solid foundation and understanding of the fundamentals.
• Online resources such as Google, Hacktricks XYZ, and ired team can provide valuable information and guidance for learning infrastructure pen testing.

Quotes:

• "The power of your network is crucial in the information security industry. It can help you bypass the traditional education, experience, and certification requirements." - Jason Downey
• "To break something, you have to know how it functions first. Understanding the fundamentals is key to successful pen testing." - Jason Downey
• "Active directory knowledge is mission critical in pen testing, as most companies rely on it for their infrastructure." - Jason Downey

Socials and Resources:

https://twitter.com/hackandbackpack

About The Guest:
Jesse Bolton is the founder of Bolt Resources, a cyber staffing and recruiting firm that focuses on workforce development and coaching. She is also involved in the North Texas ISSA and is passionate about advocating for the cybersecurity workforce.

Summary:
Jesse Bolton, founder of Bolt Resources, joins Phillip Wylie on the Phillip Wylie Show to discuss the importance of building a personal brand and networking in the cybersecurity industry. Jesse emphasizes the need for recruiters to go beyond simply matching candidates with job descriptions and instead focus on understanding the individual and their career goals. She also highlights the prevalence of ghost job postings and the importance of transparency in the hiring process. Jesse shares tips for avoiding burnout and retaining employees, including building authentic relationships and providing opportunities for growth.

Key Takeaways:

• Building a personal brand and networking are essential in the cybersecurity industry.
• Soft skills, such as communication and self-awareness, are highly valued by hiring managers.
• Creating a portfolio of projects and sharing them on platforms like GitHub and LinkedIn can help candidates stand out.
• Employers should focus on building authentic relationships with their employees and providing opportunities for growth to retain talent.

Quotes:

• "Networking is so important. It's not just about what people can do for you. Try to tap into that authenticity within and just be real." - Jesse Bolton
• "Your social score, your credibility, and how you treat people are important in the hiring process." - Jesse Bolton
• "Resumes are a piece of paper. Your social media presence and personal brand can have a bigger impact on your job search." - Jesse Bolton

Socials and Resources:

https://www.linkedin.com/in/cybertalentadvisor/

https://boltresources.net/

https://www.youtube.com/@CyberCareersCoffee

About The Guest:
Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Summary:
Jeswin Mathai joins Phillip Wylie in this episode of the "Stay Fearless Online" series to discuss email safety and how SquareX can protect users from being tracked or hacked. They highlight the challenges individuals face in staying safe online, especially those who are not tech-savvy. Jeswin explains that SquareX's browser extension is designed to provide a better way to protect users by sitting on the browser and ensuring secure browsing. They demonstrate how email tracking works and how SquareX's Enhanced Privacy Mode can prevent tracking by blocking third-party images. The extension also offers a secure disposable file viewing environment for opening attachments safely. Jeswin emphasizes the importance of email security as an entry point for attackers and how SquareX aims to provide a user-friendly solution.

Key Takeaways:

• SquareX's browser extension sits on the browser to provide better security for users.
• Email tracking can reveal information about the user's location, device, and IP address.
• SquareX's Enhanced Privacy Mode blocks third-party images to prevent tracking.
• The extension offers a secure disposable file viewing environment for opening attachments safely.
• Email security is crucial as attackers often target individuals through email.

Quotes:

• "With SquareX, the idea is not to intrude in users' workflow, rather ensuring that we provide them a way with which they can do everything securely." - Jeswin Mathai
• "The moment you open a link, it will go ahead and reveal information about from where you are opening the email, the IP address information, similarly what device you're using. Now all of this information can be used to profile the user." - Jeswin Mathai

Socials and Resources:

Get your free Chrome plugin: http://sqrx.io/pw_x

https://www.linkedin.com/company/getsquarex/

https://twitter.com/getsquarex

https://www.instagram.com/getsquarex/

About The Guest:
Diamond Forbes is a security engineer at Google with over eight years of experience in the field. He started his career in the Army National Guard as an IT specialist and network engineer. Diamond has worked in various roles, including help desk, system admin, and senior network engineer. He has a passion for learning and has self-taught himself many skills, including coding and cybersecurity. Diamond is known for his resilience and ability to overcome failures, which has led him to success in his career.

Summary:
Diamond Forbes shares his inspiring journey from being homeless and working at McDonald's to becoming a security engineer at Google. He talks about his early interest in hacking and how he joined the Army National Guard as an IT specialist. Diamond shares his experiences in different roles, including help desk, system admin, and network engineer. He emphasizes the importance of embracing failure and using it as a learning opportunity. Diamond also discusses the value of self-teaching and the impact of networking on his career. He shares his transition into security and the skills he developed, including coding and DevSecOps. Diamond encourages listeners to stay curious, put themselves out there, and be well-rounded in their skill set.

Key Takeaways:

• Embrace failure and use it as a learning opportunity.
• Don't sell yourself short and showcase your skills and experience confidently.
• Be curious and continuously learn new things to stay relevant in the industry.
• Put yourself out there and develop strong networking skills.
• Develop a well-rounded skill set and be open to learning different things.

Quotes:

• "I failed a lot, actually. But that was like my biggest teacher in personal life and in my career." -Diamond Forbes
• "Don't sell yourself short, especially if you're very ambitious."
• "Don't let imposter syndrome deter you from anything." -Diamond Forbes
• "Broaden your skill set, it's not just about your technical skills." -Diamond Forbes
• "Try to be as well-rounded as possible and you can do anything at that point." -Diamond Forbes

Socials and Resources:

https://www.linkedin.com/in/diamondforbes/

About The Guest:
Katie Paxton-Fear, also known as Insider PhD, is a content creator and educator in the field of cybersecurity. With a background in software engineering, Katie creates high-quality videos on her YouTube channel that cover various topics related to web security and bug bounty hunting. She is known for her detailed and comprehensive approach to teaching and sharing knowledge in the cybersecurity field.

Summary:
In this episode of The Phillip Wylie Show, host Phillip Wylie interviews Katie Paxton-Fear, also known as Insider PhD, a content creator and educator in the field of cybersecurity. Katie shares her insights on bug bounty hunting, API security, and the importance of having hobbies outside of the computer. She emphasizes the value of content creation in building a personal brand and advancing one's career in cybersecurity. Katie also discusses her teaching approach and how she incorporates content creation into her curriculum to help students showcase their skills and knowledge.

Key Takeaways:

• Bug bounty hunting is a valuable path for individuals interested in cybersecurity, but it is important to have a genuine interest in security rather than just the financial aspect.
• APIs are often overlooked in terms of security, but they can be a significant vulnerability and a great place to find bugs.
• When approaching bug hunting, Katie takes a top-down perspective, starting with the functionality of the application and breaking it down into its component parts to identify potential vulnerabilities.
• Having hobbies outside of the computer is crucial for maintaining a healthy work-life balance and preventing burnout in the cybersecurity field.
• Content creation, such as writing blogs or creating videos, is highly beneficial for personal branding and career advancement in cybersecurity.

Quotes:

• "Bug hunting is really interesting. It's like having a puzzle, except you only have a few pieces, they're completely blank, and you're not sure if they came from the same set." - Katie Paxton-Fear
• "It's really easy to get caught up in 'I finish work, I'm going to go look at my phone.' I think it's really important to have hobbies that just do not involve a computer at all." - Katie Paxton-Fear
• "Content creation is the biggest thing you can do for your personal career. It changes the equation in hiring, where companies come to you instead of you chasing them." - Katie Paxton-Fear

Socials and Resources:

https://www.linkedin.com/in/katiepf/

https://www.youtube.com/@InsiderPhD

https://twitter.com/InsiderPhD

About The Guest:Maxie Reynolds is a former offshore oil and gas worker turned entrepreneur. She is the founder and CEO of a company that specializes in placing data centers underwater, reducing cooling costs and carbon emissions. Maxie is also a stuntwoman and has a background in robotics and computer science.

Summary:Maxie Reynolds shares her journey from working offshore in the oil and gas industry to becoming an entrepreneur in the data center industry. She discusses the challenges she faced and the lessons she learned along the way. Maxie explains how her company solves the problem of high cooling costs and carbon emissions by placing data centers underwater. She also addresses misconceptions about the environmental impact of data centers and the importance of sustainability.

Key Takeaways:

• Maxie Reynolds started her career as an offshore oil and gas worker before transitioning to cybersecurity and eventually founding her own company.
• Placing data centers underwater reduces cooling costs by 40% and eliminates the need for electrically driven cooling systems.
• Data centers placed underwater also reduce carbon emissions by 750 tons per megawatt hour of electricity used.
• Water has a higher specific heat than air, making it a more efficient heat sink and preventing the surrounding water from heating up significantly.
• Maxie emphasizes the importance of acknowledging the realities of sustainability and finding innovative solutions to address them.

Quotes:

• "Whatever you want to do as a female, try, go, try, do it, and see how far you get." - Maxie Reynolds
• "To have a good company, you have to be solving a problem." - Maxie Reynolds
• "We are reliant on fossil fuel in every single way." - Maxie Reynolds
• "There's no incentive to use our commodities efficiently." - Maxie Reynolds
• "Reach out to people that you think are smart, even if they aren't in your circle, and start to find some of the right answers." - Maxie Reynolds

Socials and Resources:

⁠https://twitter.com/SubseaCloud⁠

⁠https://www.linkedin.com/in/maxiereynolds/⁠

Book: The Art of Attack: Attacker Mindset for Security Professionals: ⁠https://www.wiley.com/en-us/The+Art+of+Attack%3A+Attacker+Mindset+for+Security+Professionals-p-9781119805472⁠

About The Guest

Olivia Gallucci is a junior at the Rochester Institute of Technology and an expert in offensive security and content creation. She has worked in various offensive roles, including pen testing and red teaming, and has also done freelance work in the field. Olivia is passionate about open source software and has contributed to several projects. She is known for her blog, oliviagallucci.com, where she shares her expertise in offensive security, open source, and glitter.

Summary

Olivia Gallucci, a junior at the Rochester Institute of Technology, shares her journey in offensive security and content creation. She emphasizes the importance of content creation in showcasing expertise and networking. Olivia discusses her experience in open source software and the benefits of contributing to the community. She also highlights her passion for malicious tool development in red teaming and exploit development. Olivia provides valuable advice for those interested in pursuing a similar career path.

Key Takeaways

• Content creation is a powerful tool for showcasing expertise, networking, and finding opportunities.
• Open source software provides a valuable learning platform and fosters collaboration within the community.
• Malicious tool development in red teaming and exploit development requires a deep understanding of code and specific use cases.
• Reading other people's code and searching GitHub for popular offensive tools are effective ways to learn and improve coding skills.
• Getting a job in security or software development helps gain credibility and make connections in the field.

Quotes

• "Content creation has really been great in terms of showing people what I know how to do, but also helping me know how to do what I know how to do." - Olivia Gallucci
• "Open source is an amazing place to start because you have YouTube for tutorials, but when you need help, the open source community breaks it down into simple concepts." - Olivia Gallucci
• "Malicious tool development is like a puzzle, figuring out where you fit in and how to modify existing code to achieve specific use cases." - Olivia Gallucci
• "Reading code and understanding what others have done is crucial in exploit development and identifying vulnerabilities." - Olivia Gallucci
• "Getting a job in security or software development helps gain credibility and make connections to pursue a career in exploit development." - Olivia Gallucci

Socials and Resources

https://twitter.com/OliviaGalluccii

https://www.linkedin.com/in/olivia-gallucci/

https://oliviagallucci.com/

About The Guest:
Jessica Barker is a cybersecurity expert and co-founder of Cygenta, a company that focuses on the human, technical, and physical aspects of cybersecurity. With a background in sociology and civic design, Jessica brings a unique perspective to the field of cybersecurity. She is the co-author of "Cybersecurity ABCs" and "Confident Cybersecurity," and is currently working on her upcoming book, "Hacked."

Summary:
In this episode of The Phillip Wylie Show, host Phillip Wylie interviews cybersecurity expert Jessica Barker. They discuss the importance of cybersecurity culture, the role of social engineering in cybersecurity, and the impact of simulated phishing exercises. Jessica emphasizes the need for organizations to create a positive and empowering cybersecurity culture that focuses on self-efficacy and intrinsic motivation. She also highlights the value of culture assessments in understanding an organization's cybersecurity culture and making informed improvements. Throughout the conversation, Jessica shares insights and practical tips for raising cybersecurity awareness and building a strong security culture.

Key Takeaways:

• Cybersecurity culture is crucial for organizations to effectively defend against social engineering attacks.
• Simulated phishing exercises can be valuable in raising awareness and improving cybersecurity behaviors, but they should be implemented in a supportive and non-punitive manner.
• Rewards and recognition can be effective motivators for encouraging positive cybersecurity behaviors.
• Culture assessments provide valuable insights into an organization's cybersecurity culture and help identify areas for improvement.
• Empathy and understanding are essential in cybersecurity awareness and culture-building efforts.

Quotes:

• "The most influential factor when raising awareness is harnessing self-efficacy." - Jessica Barker
• "The right fish at the wrong time can catch anyone." - Jessica Barker
• "Creating a safe space for employees to express their concerns and ask questions is crucial for building a positive cybersecurity culture." - Jessica Barker

Socials and Resources:

https://twitter.com/drjessicabarker

https://www.linkedin.com/in/jessica-barker/

https://www.cygenta.co.uk/

About The Guest:
Lilly Chalupowski, also known as Cerberus, is a malware reverse engineer specializing in criminal malware. She has extensive experience in analyzing various malware families and has developed open-source projects to aid in the detection and extraction of intelligence from malware. Lilly is also a talented musician and often incorporates guitar playing into her live Twitch streams.

Summary:
Lilly Chalupowski shares her inspiring hacker origin story, from starting out in computer science to pursuing a degree in music and facing financial hardships. She discusses the importance of having a healthy relationship with failure and the value of continuous learning and practice. Lilly also provides valuable advice for aspiring malware analysts, emphasizing the significance of creating a portfolio and actively participating in the cybersecurity community.

Key Takeaways:

• Don't be afraid of failure; view it as a normal part of the learning process.
• Dedicate time each day to practice and improve your skills, even if it's just half an hour.
• Establish a portfolio to showcase your work and value to potential employers.
• Attend local cybersecurity meetups and network with professionals in the field.
• Create a virtual machine and practice analyzing malware samples from open-source resources.

Quotes:

• "Be okay with failure and if you enjoy it, keep doing it and you'll improve over time."
• "Half an hour to an hour a day, put it on your calendar and make time for what you're passionate about."
• "Your value is showcased through your output, not just a resume."
• "You have nothing to lose by applying; what's the worst thing they can tell you? No."
• "VMs are literally the gateway drug to malware analysis."

Socials and Resources:

https://www.linkedin.com/in/lillypads/

https://twitter.com/c3rb3ru5d3d53c

https://www.twitch.tv/c3rb3ru5d3d53c

https://c3rb3ru5d3d53c.github.io

About The Guest:
Patrick Gorman, also known as Infosec Pat, is a content creator in the cybersecurity community. He started making content on YouTube about four years ago and has since built a strong following. Patrick is an offensive security professional and covers a wide range of topics in his videos, including hacking, penetration testing, and network security.

Summary:
In this episode, Phillip Wylie interviews Patrick Gorman, also known as Infosec Pat, about content creation and brand building in the cybersecurity industry. Patrick shares his journey of accidentally starting his YouTube channel and how it has grown over the years. He emphasizes the importance of building a personal brand and networking in the industry. Patrick also provides advice for those looking to get started in offensive security and discusses the role of certifications in landing a job in cybersecurity.

Key Takeaways:

• Content creation and brand building are essential for getting jobs in the cybersecurity industry.
• Building a personal brand through content creation can help showcase your skills and attract job opportunities.
• Networking is crucial in the industry, and attending conferences and local meetups can help you connect with professionals and potential employers.
• Certifications can act as a gatekeeper and demonstrate your ability to start and finish something, but networking and a positive attitude are equally important.

Quotes:

• "If you have a good attitude, technology can be learned. But if you don't have that attitude, you're screwed." - Patrick Gorman
• "Never be one thing about me. I'm super approachable. I'm not better than you, you're not better than me." - Patrick Gorman

Socials and Resources:

https://twitter.com/Infosecpat

https://www.instagram.com/infosecpat/

https://www.linkedin.com/in/infosecpat/

https://www.youtube.com/@InfoSecPat

About The Guest:
Ira Winkler is a renowned cybersecurity expert with over 30 years of industry experience. He started his career at the National Security Agency (NSA) and has since held various roles in the field of cybersecurity, including chief security strategist at HP and chief security architect at Walmart. He is currently the CISO at CYE, a cybersecurity company. Winkler is also the author of several books, including "You Can Stop Stupid" and "Security Awareness for Dummies."

Summary:
Ira Winkler, a cybersecurity expert with over 30 years of industry experience, joins the podcast to discuss the cybersecurity skills shortage and the importance of practical experience in the field. He emphasizes the need for cross-training individuals with computer backgrounds in cybersecurity rather than relying solely on certifications or degrees. Winkler also highlights the value of soft skills and critical thinking in the cybersecurity field. He shares his perspective on the misconception that anyone can enter the field without experience or credentials and explains the importance of understanding programming and mathematical principles in certain cybersecurity roles.

Key Takeaways:

• Practical experience and cross-training individuals with computer backgrounds are more valuable than certifications or degrees in cybersecurity.
• Soft skills and critical thinking are essential in the cybersecurity field.
• Understanding programming and mathematical principles can enhance cybersecurity skills.
• Machine learning may automate certain cybersecurity tasks, but a deeper understanding of the underlying principles is still necessary.

Quotes:

• "Our job is to stop stupid. Our job is to patch stupid." - Ira Winkler
• "You're competing against people who know how to program, who have college degrees, who set up their home labs." - Ira Winkler
• "A job might have no requirements, but you're likely going to be competing against people who do have qualifications." - Ira Winkler

Socials and Resources:

https://www.linkedin.com/in/irawinkler/

https://twitter.com/irawinkler

About The Guest:
Kevin Apolinario is a cybersecurity professional with a diverse background in IT support and training. He has over 12 years of experience in the restaurant industry, which has helped him develop strong customer service and soft skills. Kevin is also involved with Riosis, an organization that supports Latin individuals in the cybersecurity field. He is passionate about helping others and sharing his knowledge through his YouTube channel and various training programs.

Summary:
Kevin Apolinario shares his unique career journey, starting from his experience in the restaurant industry to his transition into IT support and cybersecurity. He emphasizes the importance of soft skills and customer service experience in the field. Kevin also discusses the value of creating content and networking to enhance career opportunities. He highlights the significance of building a strong foundation in IT fundamentals and recommends creating a home lab to gain practical experience. Kevin emphasizes the importance of mindset and perseverance in overcoming rejection and securing job opportunities in the IT industry.

Key Takeaways:

• Soft skills gained from customer service experience are valuable in IT and cybersecurity roles.
• Creating content and networking can enhance career opportunities.
• Building a strong foundation in IT fundamentals is crucial for success.
• Creating a home lab can provide practical experience and make candidates stand out.
• Mindset and perseverance are essential in overcoming rejection and securing job opportunities.

Quotes:

• "Soft skills are important in IT. You're going to use soft skills and you can leverage that over to it." - Kevin Apolinario
• "Put yourself out there and see what happens. You never know who's watching you." - Kevin Apolinario
• "Fundamentals are very important. It's like building a house. You gotta have a strong base." - Kevin Apolinario
• "Certifications do not guarantee you a job. It just guarantees you an interview." - Kevin Apolinario
• "Embrace rejection. Keep applying for jobs until someone gives you a chance." - Kevin Apolinario

Socials and Resources:

https://www.linkedin.com/in/itprofessionalkevinapolinario/

https://www.youtube.com/c/KevtechITSupport

https://kevtechitsupport.com/

https://twitter.com/KevTechSupport

About The Guest:
Tib3rius is a penetration tester with over ten years of experience, specializing in web application security. He is the creator of the popular tool Autorecon, which is widely used for enumeration in the OSCP exam and CTF challenges. Tib3rius also offers courses on Udemy and Hackers Academy, focusing on privilege escalation techniques for Windows and Linux.

Summary:
Tib3rius joins Phillip Wylie on The Phillip Wylie Show to discuss his background in penetration testing and his specialization in web application security. He shares insights into the development of his tool Autorecon, which was initially created for the OSCP exam but gained popularity in the community. Tib3rius also talks about the importance of specialization in offensive security and offers advice for those looking to start a career in penetration testing. He highlights the value of bug bounty hunting as a way to gain practical experience and shares his thoughts on the OWASP Top Ten and the future of web application security tools.

Key Takeaways:

• Autorecon, a tool created by Tib3rius, is widely used for enumeration in the OSCP exam and CTF challenges.
• Specializing in a specific area of penetration testing, such as web application security, can lead to becoming a subject matter expert and increase value to a company.
• Bug bounty hunting can provide practical experience and count as valuable experience in the field of penetration testing.
• The OWASP Top Ten has evolved from a list of the top ten vulnerabilities to a list of categories, covering a wide range of web application security issues.
• The future of web application security tools, such as Kaido, remains to be seen, but competition in the field can lead to improvements and alternatives to existing tools.

Quotes:

• "I think specialize in something and learn that thing well, and you'll be fine." - Tib3rius
• "Bug bounty hunting is a great thing to go into because you'll get some experience actually testing real applications." - Tib3rius
• "The OWASP Top Ten has become a catch-all category that covers almost every vulnerability." - Tib3rius

Socials and Resources:

https://twitter.com/0xTib3rius

http://youtube.com/Tib3rius

https://tib3rius.com/

https://courses.tib3rius.com/

https://linktr.ee/tib3rius

About The Guest:
Jakoby is a content creator and hacker with over a decade of experience in the field. He started his journey in hacking at a young age and has since become skilled in various areas, including bad USB and PowerShell. Jakoby is known for his ability to make complex concepts easily digestible for newcomers to the field.

Summary:
In this episode, Phillip Wylie interviews Jakoby, a content creator and hacker. They discuss Jakoby's hacker origin story, his experience in the content creation space, and the positive impact of a Discord server for content creators. Jakoby shares his passion for educating and helping others, as well as his journey to overcome imposter syndrome. He also talks about his plans to pursue certifications and work in the security field professionally. The conversation highlights the importance of sharing knowledge and the power of positive communities in the industry.

Key Takeaways:

• Joining a positive and supportive community, like the Discord server for content creators, can be incredibly beneficial for learning and growth.
• Blind spots in our knowledge can be filled by engaging in conversations and learning from others in the community.
• Overcoming imposter syndrome requires recognizing and accepting the value of your own knowledge and skills.
• Sharing content that is easily digestible for newcomers can have a significant impact on their learning and understanding.
• Leveraging social media platforms, such as YouTube, Twitter, and LinkedIn, can help build a personal brand and create opportunities in the industry.

Quotes:

• "Everybody needs to hear that you don't have to believe it, but maybe consider that they're telling the truth." - Jakoby
• "You give this presentation, you give this lecture, you do this demonstration, and you think it's kind of lame, but then someone comes up and tells you, 'Man, I learned a lot from that.'" - Phillip Wylie
• "If you're constantly getting into Twitter disputes and Twitter fights, that's what the algorithm is going to feed you." - Jakoby
• "You could be the best at something in the world, but if people don't know who you are, you're still stuck in the manual process of reaching out to people individually." - Jakoby
• "You put a lot of effort into your projects. You don't halfway do anything, which is awesome to see." - Phillip Wylie

Socials and Resources:

https://twitter.com/I_Am_Jakoby

https://www.youtube.com/@IamJakoby

https://discord.gg/iamjakoby

About The Guest:

Michael Taggart is the founder of the Taggart Institute, an education project that aims to provide affordable and accessible learning resources for individuals interested in information security. With a background in teaching and technology, Michael transitioned from K-12 education to security analysis work and is currently a senior researcher at UCLA Health. He is passionate about sharing knowledge and helping others develop their skills in the field of cybersecurity.

Summary:

In this episode, Phil interviews Michael Taggart, the founder of the Taggart Institute. Michael shares his background in teaching and technology and how he transitioned into the field of information security. He discusses the importance of accessible education and the mission of the Taggart Institute to provide affordable learning resources. Michael also talks about the benefits of content creation and learning in public, as well as the tools and equipment needed to get started. He emphasizes the value of diversity in tools and the importance of responsible red teaming.

Key Takeaways:

• Learning in public and creating content can be valuable for both personal growth and sharing knowledge with others.
• The Taggart Institute aims to provide affordable and accessible learning resources for individuals interested in information security.
• It is important to choose tools and equipment that work best for you and your specific needs.
• Building a hacking-specific machine from a base OS can provide more flexibility and customization options.
• Responsible red teaming involves ethical considerations and responsible handling of customer data.

Quotes:

• "Learning in public is incredibly valuable. Teaching is a fantastic learning mechanism." - Michael Taggart
• "Diversity is good in all senses. Monoculture is dangerous." - Michael Taggart

Socials and Resources:

https://infosec.exchange/@mttaggart

https://threads.net/@mttaggart| https://www.linkedin.com/in/mttaggart

The Taggart Institute:

https://taggartinstitute.org

https://discord.gg/taggartinstitute

https://www.linkedin.com/company/the-taggart-institute

About The Guest:
Tom Eston is the VP of Consulting and Cosmos Delivery at Bishop Fox, an information security consulting firm. He is also the founder and host of the Shared Security Podcast, which has been running for over 14 years. Tom has over 24 years of experience in the technology and cybersecurity industry, with a focus on offensive security and application security.

Summary:
Tom Eston joins The Phillip Wylie Show to discuss his journey in offensive security and his role at Bishop Fox. He shares how he got started in the industry, his experience in consulting and management, and the importance of mentorship. Tom also gives a preview of his upcoming talk at Summer Camp, where he will discuss personalities, empathy, and difficult conversations in leadership.

Key Takeaways:

• Tom Eston started his career in technology as a contractor doing desktop support and Help Desk work.
• He transitioned into information security when he was hired to start the first information security department at a real estate company.
• Tom's interest in offensive security was sparked when he hired a pen tester for the first time and was amazed by their skills.
• He transitioned into consulting to gain more experience and exposure to different environments and clients.
• Tom believes that leadership is about making people better and that mentorship is an important aspect of the industry.

Quotes:

• "I was just so inspired by this guy. And he let me sit next to him. It was like three or four days he was in the office, and I'm just soaking up all this information." - Tom Eston
• "Consulting for me was really that door that I think led me to where I'm at today by just exposing me to different environments, different clients, different people." - Tom Eston
• "Leadership is about making people better. Essentially, that's my job. My job is to make people better, help them do their jobs better." - Tom Eston

Socials and Resources:

https://www.linkedin.com/in/tomeston/

https://twitter.com/agent0x0

https://sharedsecurity.net/

About The Guest:

Jake is a cybersecurity professional with a background in system administration. He has a deep understanding of Active Directory security and is currently the Active Directory Security Assessment Service Lead at Trimarc. Jake is also the head developer of the open-source tool Locksmith, which focuses on Active Directory Certificate Services misconfigurations.

Summary:

Jake shares his hacker origin story, starting from his early days tinkering with computers and discovering the world of IRC. He talks about his transition from a sysadmin role to focusing on security and his journey to becoming an Active Directory expert. Jake also discusses the importance of automation and scripting in his work and the role of PowerShell in his day-to-day tasks. He emphasizes the value of continuous learning and the parallels he sees between powerlifting and research in terms of setting goals and putting in consistent effort.

Key Takeaways:

• Jake's transition from sysadmin to security professional was driven by his passion for tinkering with computers and his desire to secure his organization's systems.
• PowerShell is a crucial tool for Active Directory security professionals, allowing for automation and scripting to streamline tasks.
• Continuous learning and consistent effort are key to achieving goals, whether in powerlifting or cybersecurity research.

Quotes:

• "I was one of those kids, age four, playing on my grandparents' Commodore 64 and typing in Basic from a magazine... anytime I was near a computer, I would play around with it."
• "PowerShell is are you familiar with Beto on security, the Twitter account? Okay, so he and I have become buddies, and he has a PowerShell tattoo. I'm not quite to that level, but yeah, PowerShell and I were... I have a red teamer named Spencer that works with me on locksmith. He's part of our core team. We got three guys, Spencer and Sam... we just all love PowerShell."
• "Do the work, put in a little bit of work every day, and before you know it, you're going to be to your goal or past your goal... just it wouldn't have felt like it doesn't really feel like anything."
• "Powerlifting taught me... you get out there and you do the work... usually if you're out there working, you're going to progressively build up over time and then eventually you're going to look back and see, holy hell, I just put 425 pounds on my back and went down into a squat and came back up."

Links:

• Twitter: @dotdotdotHorse
• Jake's Infosec Exchange: @[email protected]
• Trimark: https://www.trimarcsecurity.com/
• Locksmith: https://github.com/TrimarcJake/Locksmith

About The Guest:
Yuri Diogenes is a cybersecurity expert and author with over 15 years of experience in the industry. Originally from Brazil, Yuri moved to the US in 2003 to work at Microsoft and Dell Computers. He has published 31 books on cybersecurity and currently works as a People Manager at Microsoft, overseeing the development of cloud security products. Yuri is also a professor at Capitol Technology University and holds a Master's degree in Cybersecurity.

Summary:
Yuri Diogenes, a cybersecurity expert and author, joins the podcast to discuss his book "Building a Career in Cybersecurity." He emphasizes the importance of self-assessment and leveraging existing skills when transitioning into the cybersecurity field. Yuri also highlights the need for a strong foundation in operating systems and network communication. He shares insights on the evolving nature of cybersecurity education and the importance of incorporating security fundamentals into school curriculums. Additionally, Yuri emphasizes the significance of soft skills in the industry and the need for effective communication and collaboration. He encourages individuals to pursue their passion within the cybersecurity field and provides guidance on finding the right specialization.

Key Takeaways:

• Self-assessment and leveraging existing skills are crucial when transitioning into cybersecurity.
• A strong foundation in operating systems and network communication is essential for success in the field.
• Incorporating security fundamentals into school curriculums can help build cybersecurity awareness from a young age.
• Soft skills, such as effective communication and collaboration, are highly valued in the industry.
• Finding a specialization within the cybersecurity field based on personal passion is key to long-term success.

Quotes:

• "Unless we start building this level of awareness about information security that becomes second nature, it will continue to be a challenge for many people to be aware of what's going on out there." - Yuri Diogenes
• "Soft skills are important. If you don't have the soft skills to manage those things and to interact with people, it becomes very hard." - Yuri Diogenes
• "Go to where you feel passionate about. That's a question I receive a lot. Should I be a pen tester? Should I be a cybersecurity analyst? Well, I don't know. It depends on what you want for your life." - Yuri Diogenes

Socials and Resources:

https://twitter.com/yuridiogenes

https://www.linkedin.com/in/yuridiogenes/

https://www.amazon.com/Building-Career-Cybersecurity-Strategy-Succeed/dp/0138214514

About The Guest:

Kevin Johnson is a renowned cybersecurity expert and the founder of Secure Ideas, a consulting and training company. He has been in the industry for over 30 years and has extensive experience in penetration testing and application security. Kevin is also actively involved in the open-source community and is a strong advocate for the OWASP (Open Web Application Security Project) organization.

Summary:

In this episode of The Phillip Wylie Show, host Phillip interviews Kevin Johnson, founder of Secure Ideas and a prominent figure in the cybersecurity industry. They discuss Kevin's journey into pen testing, his involvement with the open-source community, and the importance of OWASP. Kevin also shares his thoughts on the need for increased membership and support for OWASP to ensure its continued success.

Key Takeaways:

• Kevin Johnson emphasizes the importance of sharing knowledge and helping others in the cybersecurity community.
• He believes that true expertise is demonstrated when one can effectively teach and explain complex concepts to others.
• Kevin highlights the need for improved membership and support for OWASP to address the challenges it currently faces.
• He encourages individuals to ask questions and seek guidance from experienced professionals in the field.

Quotes:

• "I am where I am today because other people showed me stuff or helped me."
• "For you to be able to teach it to somebody, that's proof you actually know it."
• "The fear of being found to be ignorant makes these people clam up."
• "The vast majority of people that say 'go figure it out yourself' don't actually know the things they say they do."
• "OWASP has lost two major flagship projects to OpenSSF. We need to fix this or we're going to lose."

Socials and Resources:

https://www.linkedin.com/in/kevinjohnson/

https://twitter.com/secureideas

https://www.secureideas.com/

About The Guest:

Brandon Colley is a cybersecurity professional who specializes in Active Directory security. He has a background in IT operations and has worked in various roles, including help desk support, desktop support, and server administration. Brandon currently works for Trimarc Security, a well-known Active Directory security company.

Summary:

In this episode, Brandon discusses his journey from IT operations to his current role in Active Directory security. He shares how he discovered his passion for security and the steps he took to specialize in Active Directory. Brandon also talks about the importance of understanding the technology behind security and the value of having a background in IT operations. He emphasizes the need for continuous learning and recommends playing with Active Directory in a lab environment to gain hands-on experience. Brandon also highlights the benefits of giving talks and being active in the cybersecurity community.

Key Takeaways:

• Understanding the technology behind security is crucial for effective Active Directory security.
• Playing with Active Directory in a lab environment is a great way to gain hands-on experience.
• Having a background in IT operations provides valuable insights for defending against attacks.
• Giving talks and being active in the cybersecurity community can help in learning and sharing knowledge.

Quotes:

• "One of the things I like to do outside of mentoring and teaching is share resources, and some of those resources are awesome people like yourself, where people can learn from." - Brandon
• "Meet security where you are. See things that are security-related in your current role." - Brandon

• "Security is everyone's responsibility. Go out and find it, do it, learn about it, and suggest things." - Brandon

Socials and resources:

https://www.linkedin.com/in/techbrandon/

https://twitter.com/TechBrandon

About The Guest(s):
Dan and Ken are the founders and coordinators of Hack Red Con, and Hack Space Con. They are passionate about bringing hands-on technical training and mentorship to the cybersecurity community. They believe in the power of community and strive to bridge the gap between experienced professionals and those just starting out in the industry.

Summary:
Dan and Ken discuss their upcoming conference, Hack Red Con, and the mission behind it. They emphasize the importance of hands-on training, mentorship, and building connections within the cybersecurity community. They also share stories of how their organization has helped individuals from low-income and at-risk communities find jobs and change their lives. The conference aims to provide a unique and accessible experience for attendees, with a focus on community and education.

Key Takeaways:

• Hack Spacecon is a hacker conference that focuses on hands-on training, mentorship, and building connections within the cybersecurity community.
• Volunteering at conferences is a great way to build relationships, gain experience, and give back to the community.
• CTFs (Capture the Flag) are an important part of cybersecurity training and provide opportunities for competition, camaraderie, and skill development.
• The conference aims to bridge the gap between experienced professionals and those just starting out in the industry, with a focus on supporting individuals from low-income and at-risk communities.
• The organization offers scholarships, education vouchers, and job placement assistance to help individuals break into the cybersecurity field.

Quotes:

• "We wanted to take a more hands-on approach towards what we, as founders, have a lifetime of experience in: hands-on technical training, getting involved, and learning by doing." - Dan
• "Volunteering at conferences is an amazing way to build relationships, both on a personal and business level, and to impact people's lives." - Ken
• "CTFs are a great way to not only compete and prove yourself, but also to build friendships, connections, and camaraderie within the cybersecurity community." - Dan
• "Our goal is to get people into a better economic position by providing training, mentorship, and job opportunities." - Ken
• "Teaching others and mentoring them is a high that helps both the mentor and the student learn and grow." - Dan

Socials and Resources:

https://www.hackredcon.com/

https://twitter.com/HackRedCon

https://www.linkedin.com/company/hackredcon/

https://twitter.com/k3nundrum

https://discord.gg/YaNp8SfUfj

About The Guest:
Katerina is the CEO and founder of Exelasis, a cybersecurity organization that focuses on elite pen testing and advanced security testing. She is one of the first female CEOs in the industry, and she is passionate about bringing the elite back into cybersecurity and promoting the importance of pen testing.

Summary:
Katerina discusses the commoditization of pen testing and the need for organizations to prioritize quality over quantity. She explains the difference between pen testing and red team operations, emphasizing that pen testing is coverage-based while red teaming is objective-based. Katerina also shares her thoughts on the role of AI in pen testing and cybersecurity, highlighting the importance of human expertise and the need for ethical guidelines in AI development. She emphasizes the need for organizations to invest in pen testing and validate their cybersecurity measures to ensure the safety of their digital assets.

Key Takeaways:

• Pen testing is coverage-based, while red teaming is objective-based.
• AI can enhance pen testing, but it cannot replace the human expertise and ethical decision-making required in cybersecurity.
• Organizations should prioritize quality over quantity when it comes to pen testing and invest in elite testing to validate their cybersecurity measures.
• Pen testing is crucial in identifying vulnerabilities and reducing exposure, but it cannot guarantee 100% security.

Quotes:

• "Pen testing really lost the eliteness it could have had. It's become a checklist." - Katerina
• "Red teaming is an objective-based exercise. It will tell you if the ultimate objective is achievable or not." - Katerina
• "AI cannot possibly go into an organization and have that logical thinking saying, 'I'm not going to touch that because it's a real customer.'" - Katerina
• "We want to enhance, not replace. Use AI to enhance, not to replace." - Katerina
• "Pen testing is not commodity. It's a lot more elite, it's a lot more strategical." - Katerina

Socials and Resources:

https://www.linkedin.com/in/katerina-tasiopoulou-a71424128/

https://www.linkedin.com/company/exelasis-ltd/

www.exelasis.com

About The Guest:

Liron Mendel is a product marketing professional with a background in sales and marketing. She has worked in various tech companies, including CYE and Allot, and specializes in bridging the gap between product and marketing.

Summary:

Liron Mendel, a product marketing professional, joins the podcast to discuss the role of product marketing in the cybersecurity industry. She explains that product marketing serves as a bridge between the product and marketing teams, ensuring that the product's messaging accurately defines its value proposition. Liron emphasizes the importance of understanding customers and the market in order to effectively market a product. She also highlights the role of research in product marketing, including competitive analysis. Liron discusses how CYE's platform, Hyver, helps cybersecurity professionals quantify cyber risk and communicate it to the board in a way that resonates with business leaders. She advises aspiring product marketers to start in marketing roles and develop a passion for a specific product or industry. Liron concludes by encouraging listeners to believe in their ability to achieve their career goals.

Key Takeaways:

• Product marketing is the bridge between the product and marketing teams, ensuring accurate messaging.
• Understanding customers and the market is crucial for effective product marketing.
• Research, including competitive analysis, is an important aspect of product marketing.
• CYE's platform, Hyver, helps quantify cyber risk and communicate it to the board in a business-focused manner.
• Aspiring product marketers should start in marketing roles and develop a passion for a specific product or industry.

Quotes:

• "Product marketing is the bridge between product and marketing." - Liron Mendel
• "You have to be really eager to learn and understand your customer base." - Liron Mendel
• "CYE's platform, Hyver, simplifies cyber risk quantification for the board." - Liron Mendel
• "If you're passionate and willing to work at it, anything is possible." - Liron Mendel

https://www.linkedin.com/in/leeron-walter-mendel-%F0%9F%92%A1-96113648/

https://www.linkedin.com/company/cyesec/mycompany/

About The Guest: James Potter is the CEO and founder of DSE, a professional services firm specializing in Active Directory security. With over 25 years of experience in Active Directory work, James has a deep understanding of the challenges and vulnerabilities associated with this core piece of software. He is passionate about helping organizations secure their boundaries through Active Directory security. Summary: James Potter, CEO and founder of DSE, joins The Phillip Wylie Show to discuss the importance of Active Directory security and the evolving landscape of directory services. James shares his background in Active Directory work and explains how DSE helps organizations secure their Active Directory environments. He highlights the impact of the pandemic on remote work and the challenges faced by companies transitioning to a hybrid or cloud-based environment. James also offers advice for individuals looking to start a career in Active Directory security. Key Takeaways: 1. The pandemic has accelerated the adoption of remote work and highlighted the importance of nimble and flexible organizations. 2. Moving to the cloud can offer cost savings and scalability, but it requires skilled resources to ensure proper management and security. 3. Legacy accounts and configurations in Active Directory can pose significant security vulnerabilities and should be regularly audited and cleaned up. 4. Cloud environments provide resiliency and global availability, but cost considerations are driving organizations to reevaluate their cloud strategies. 5. Starting a career in Active Directory security requires a baseline understanding of networking and certifications such as Network+ and Security+ can provide a solid foundation. Quotes: - "The pandemic allowed us to blossom because we're very nimble. We don't have a lot of overhead office buildings." - James Potter - "Moving to the cloud doesn't automatically fix Active Directory issues. You still need skilled resources to manage and secure it." - James Potter - "Legacy accounts and configurations in Active Directory are low-hanging fruit for threat actors." - James Potter - "The cloud offers maneuverability and speed for startups, but it's important to evaluate cost and long-term scalability." - James Potter - "Imposter syndrome is huge. Don't give up. If you're motivated and pushing yourself, you deserve to be there." - James Potter

Socials and resources:

https://www.linkedin.com/in/jamesthesecurityguy/

https://www.linkedin.com/company/directoryservicesexpedited/

https://twitter.com/DSEteam

https://www.dse.team/

About The Guest

Jeff Foley is a security researcher and the Vice President of Research for ZeroFOX. He is also the project leader for OWASP Amass, a project focused on external cybersecurity. Jeff has a strong background in computer science and has been involved in the information security industry for many years.

Summary

In this episode, Jeff Foley discusses the evolution of OWASP Amass, a project he leads that focuses on external cybersecurity. He explains how he got started in information security and coding, and how his passion for automation led him to create Amass. Jeff also introduces the Open Asset Model (OAM), a new data model that allows users to represent and analyze the data collected by Amass. He highlights the importance of having visibility on one's attack surface and the need for a unified format to communicate about exposed assets on the internet. Jeff shares his plans for the future of Amass, including expanding the taxonomy and collection capabilities, and involving the community in the development process.

Key Takeaway

• OWASP Amass is a project focused on external cybersecurity and provides visibility on exposed assets on the internet.
• The Open Asset Model (OAM) is a new data model introduced in Amass version 4.0, which allows users to represent and analyze the collected data in a unified format.
• The OAM aims to create a standard and unified way of communicating about attack surfaces and to make it easier for users to understand and analyze the data.
• Amass is evolving to include more asset types and relationships, and the team is developing a collection engine to keep up with the expanding taxonomy.
• The project welcomes contributions from the community and encourages users to get involved and provide feedback.

Quotes

• "You can't be protecting things if you don't know they're there." - Jeff Foley
• "The Open Asset Model is about creating a standard and unified way of communicating about exposed assets on the internet." - Jeff Foley

Socials and resources

- Twitter: @jeff_foley

- Amass Twitter: @owaspamass

- GitHub: https://github.com/caffix

- Amass GitHub: https://github.com/owasp-amass

- Mastodon: @[email protected]

- Amass Mastodon: @[email protected]

- LinkedIn: https://www.linkedin.com/in/caffix/

- OWASP Amass: https://owasp.org/www-project-amass/

- Amass Discord: https://discord.gg/HNePVyX3cp

About The Guest:

Ron Nissim is the CEO of Entitle, a company that focuses on permission management and access control. He has a background in cybersecurity and intelligence, having served in the Israel Defense Forces in a cybersecurity role. Ron and his co-founder, Avi, started Entitle to address the need for better permission management in cloud environments.

Summary:

Ron Nissim, CEO of Entitle, joins Phillip Wylie on The Phillip Wylie Show to discuss the importance of permission management and access control in cybersecurity. Ron shares his background in cybersecurity and intelligence and how he and his co-founder started Entitle to address the gaps in permission management in cloud environments. They discuss the challenges of manual permission management, the need for automation, and the evolving landscape of authentication and access control. Ron also emphasizes the importance of networking and collaboration in the industry.

Key Takeaways:

1. Permission management is a critical aspect of cybersecurity, and the challenges in this area are vast and complex.

2. The traditional approach to permission management is often manual and time-consuming, leading to delays and inefficiencies.

3. Cloud-centric solutions like Entitle offer quick implementation and value, making permission management more accessible and cost-effective.

4. The industry is experiencing a shift in the access management landscape, with a focus on automation and simplification.

5. Collaboration and networking with industry leaders are essential for learning and staying on the cutting edge of permission management.

Quotes:

- "Everyone was starting companies around all this next-gen AI stuff, and the most basic stuff of an admin having too much access is still uncovered." - Ron Nissim

- "The more people have access to more resources, the bigger the risk." - Ron Nissim

- "The tolerance for manual work has gone down significantly. People are always looking to automate themselves out of the manual work." - Ron Nissim

- "The thirst or hunger for companies to be more efficient, especially in these days, to be more efficient, to utilize their manpower in the right way, puts their chips on the right areas, again, just emphasizes the importance of automation." - Ron Nissim

- "The fact that I still have to remember passwords is so 1997." - Ron Nissim

Ron and Entitle resources:

https://www.linkedin.com/in/ron-nissim/

https://www.linkedin.com/company/entitle/

https://twitter.com/EntitleIO

About The Guest:
Chloé Messdaghi is a prominent figure in the cybersecurity industry, known for her work in promoting inclusiveness and diversity. She has been a speaker at various conferences and is the host of the podcast "The Change Making Podcast" and "Secure Your Strategy." Chloé is passionate about raising awareness about hacker rights and supporting security researchers and bug bounty hunters.

Summary:
Chloé Messdaghi joins Phillip Wylie in this episode to discuss the importance of inclusiveness and diversity in the cybersecurity industry. Chloé shares her experiences as a woman in the industry and how it initially made her want to leave, but also motivated her to stay and make a difference. They discuss the need for leaders in the industry to be more inclusive and the impact of gender bias in language. Chloé also talks about the importance of addressing burnout and mental health in the industry, especially in the context of the pandemic. She shares tips for avoiding burnout and emphasizes the need for self-care and seeking therapy when needed. The conversation also touches on the topic of climate change and its potential impact on the cybersecurity industry.

Key Takeaways:

• Inclusiveness and diversity are crucial for the cybersecurity industry to thrive and make a positive impact.
• Gender bias in language can perpetuate stereotypes and exclude certain groups from leadership roles.
• Burnout and mental health issues are prevalent in the industry, and it is important to seek therapy and practice self-care.
• The cybersecurity industry needs to address the impact of climate change and prepare for potential security threats arising from it.

Quotes:

• "If you really want change to occur in an industry, you have to get the people at the top to get on board." - Chloé Messdaghi
• "Seeing a therapist is not taboo. It is trendy. So go see a therapist." - Chloé Messdaghi

Chloé's socials and resources:

https://twitter.com/ChloeMessdaghi

https://www.linkedin.com/in/chloemessdaghi/

https://www.securebychloe.com/

https://www.youtube.com/@ChloeMessdaghi

About The Guest:
Tim Medin is the CEO and founder of Red Siege, a pen testing firm that specializes in offensive security. With over 15 years of experience in the field, Tim is also a lead author of the enterprise penetration testing course for the SANS Institute. He is known for his expertise in kerberoasting and has a background in electrical engineering.

Summary:
Tim Medin, CEO and founder of Red Siege, joins the podcast to discuss his background in pen testing and the evolution of the industry. He shares his experience with the Dallas Hackers Association and talks about his infamous talk on IoT hacking using a Bluetooth-enabled doll. Tim emphasizes the importance of pursuing what interests you in the field of cybersecurity and offers advice for aspiring offensive security professionals. He also addresses the question of whether AI will replace pen testers and highlights the value of manual testing in identifying complex security issues. The episode concludes with a discussion on Red Siege's recent acquisition of 40 North and the expansion of their services and training offerings.

Key Takeaways:

• Tim Medin emphasizes the importance of pursuing what interests you in the field of cybersecurity.
• Offensive security professionals should focus on specific areas of interest and seek out resources and communities to learn and grow.
• AI is not yet capable of replacing pen testers, as manual testing is still necessary to identify complex security issues.
• Red Siege's acquisition of 40 North expands their services and training offerings, providing additional expertise and resources to their clients.

Quotes:

• "Pick the thing that's interesting to you. Pick the technology that you've got some experience with at work, with test systems, whatever it might be, and dig into that." - Tim Medin
• "The more specific the question, the better answer you're going to get and the more likely you are to get an answer." - Tim Medin
• "AI is great at processing large quantities of data, and if you can get that across many different organizations, we can really start to build some of these better profiles." - Tim Medin

Tim and Red Siege social media and website:

https://www.linkedin.com/in/timmedin/

https://twitter.com/TimMedin

https://redsiege.com/

https://www.linkedin.com/company/redsiege/

https://twitter.com/RedSiege

About The Guest:
Julien Richard is a cybersecurity professional with a background in system administration and network administration. He is the founder of a cybersecurity collective and has extensive experience in penetration testing. Julien is passionate about sharing his knowledge and helping others succeed in the industry.

Summary:
Julien Richard joins Phillip Wylie on the podcast to discuss their journeys into the cybersecurity industry. They emphasize the importance of diversity in the field and the value of sharing different paths to success. They also discuss the role of certifications and the need for continuous learning in the ever-evolving cybersecurity landscape. Julien shares his thoughts on the future of offensive security and the potential impact of AI tools like ChatGPT.

Key Takeaways:

• Diversity of stories and paths to success is important in the cybersecurity industry.
• Continuous learning and curiosity are essential for success in offensive security.
• AI tools like ChatGPT can be valuable for writing and research, but caution is needed to ensure accurate data sources.
• Understanding the fundamentals of networking, systems, and Linux is crucial for offensive security professionals.

Quotes:

• "Everybody has a different way of getting into the industry." - Julien Richard
• "Don't just run something without understanding what's going on." - Julien Richard
• "The more you're exposed to it, the better you'll become." - Julien Richard
• "Continuous learning and curiosity are the most important qualities in this field." - Julien Richard

Julien's social media: 

https://www.linkedin.com/in/julien-richard

https://bsky.app/profile/julien.bcksec.com

About The Guest:

• Shawn Alexander is a personal trainer and meditation practitioner with over 20 years of experience. He has a background in competitive bodybuilding and powerlifting and has studied meditation and mindfulness extensively.

Summary:
Shawn Alexander shares his personal journey of self-discovery and mindfulness through meditation. He discusses how his upbringing and experiences led him to seek validation through physical accomplishments, such as bodybuilding. However, he eventually faced the consequences of his extreme training and steroid use, which led to a life-threatening illness. This experience sparked his curiosity about the nature of consciousness and the mind. Shawn explains that there is a deeper awareness underneath our thoughts and emotions, which he refers to as pure awareness or consciousness. He emphasizes the importance of quieting the mind through meditation to tap into this awareness and experience inner peace and clarity. Shawn also discusses the interconnectedness of all beings and the power of manifestation through consciousness.

Key Takeaways:

• Our thoughts and emotions are not who we truly are. There is a deeper awareness or consciousness underneath them.
• Meditation and mindfulness can help quiet the mind and connect with the stillness and peace within.
• We are all connected through a collective consciousness, and our thoughts and intentions can manifest our reality.

Quotes:

• "There has to be something listening to the little voice in our heads. There has to be something that's aware of our emotions, aware of our thoughts, aware of all that." - Shawn Alexander
• "In order for everything to exist, there has to be something aware of it. We are all connected through consciousness." - Shawn Alexander
• "Be still and know that I am God. Be still doesn't mean sit still, even though that helps. It means quiet your mind. Be silent inside." - Shawn Alexander

About The Guest:

• FC Barker aka Freakyclown is an ethical hacker and professional cyber criminalist with over three decades of experience.
• He is the co-founder of Sygenta, a company that specializes in ethical hacking and penetration testing.
• Freakyclown has a background in offensive cyber research and has worked for major defense firms.

Summary:
Freakyclown shares his experience as an ethical hacker and professional cyber criminalist. He discusses the type of pen testing he does, which goes beyond the typical cookie-cutter approach. He emphasizes the importance of manual work and understanding the foundations of hacking. Freakyclown also talks about the evolution of hacking over the years and the changes he has witnessed. He provides advice for those interested in getting into offensive security, including participating in CTFs and bug bounty programs. Freakyclown also talks about his new book, "How I Rob Banks," which shares anecdotes and tips from his career in physical pen testing.

Key Takeaways:

• Ethical hacking goes beyond automated tools and requires manual work and understanding of the foundations.
• The barrier to entry in offensive security has lowered, but the threat landscape has expanded.
• Participating in CTFs and bug bounty programs is a great way to gain skills and experience in offensive security.
• Freakyclown's book, "How I Rob Banks," provides entertaining anecdotes and tips from his career in physical pen testing.

Freakyclown resources:

https://twitter.com/_Freakyclown_

https://www.linkedin.com/in/freakyclown/

https://www.cygenta.co.uk/

How I Rob Banks book:

https://www.wiley.com/en-us/How+I+Rob+Banks%3A+And+Other+Such+Places-p-9781119911517

About The Guest:

Adam Mingus is an expert in identity and access management (IAM) and privileged access management (PAM). With a background in network security and defense contracting, Adam has extensive experience in the field and has witnessed the evolution of IAM and PAM over the years. He is passionate about helping organizations strengthen their security posture and navigate the challenges of identity management in the modern digital landscape.

Summary:

Adam Migus, an expert in identity and access management (IAM) and privileged access management (PAM), joins Phillip Wylie on the show to discuss the evolving landscape of cybersecurity. Adam shares his journey in the industry, from working in defense contracting to focusing on IAM and PAM in the private sector. He emphasizes the importance of identity in security and highlights the growing need for strong access controls and authentication methods. Adam also touches on the challenges of securing operational technology (OT) and industrial control systems (ICS) and the increasing role of cyber insurance in driving cybersecurity improvements. He concludes by discussing the future of passwordless authentication and the potential impact of AI and quantum computing on cybersecurity.

Key Takeaways:

1. IAM and PAM are crucial components of a strong security posture, with identity being at the forefront of cybersecurity challenges.
2. The convergence of physical and virtual security is driving the need for robust access controls and authentication methods.
3. The rise of cyber insurance is motivating organizations to invest in stronger cybersecurity measures.
4. OT and ICS environments present unique challenges for security professionals, but the importance of securing these systems is gaining recognition.
5. Passwordless authentication is gaining traction, especially in consumer applications, but passwords will likely remain prevalent in enterprise environments.
6. The use of biometrics and hardware tokens, such as Ubikeys, can enhance security and protect against credential theft.
7. The increasing use of AI and quantum computing poses new challenges for cybersecurity, requiring ongoing innovation and adaptation.

Adam and Migus resources:

https://www.linkedin.com/in/amigus/

https://twitter.com/amigus

https://www.linkedin.com/company/the-migus-group/

https://twitter.com/migusgroup

https://www.facebook.com/migusgroup/

https://migusgroup.com/

About The Guest: Ankita Dhakar is the founder and CEO of Capture the Bug, Australia and New Zealand's first Vulnerability Intelligence Platform. She started her own cybersecurity consultancy firm specializing in penetration testing in late 2019. Ankita has worked with clients in New Zealand, Australia, Europe, and India. She is passionate about educating businesses and individuals about cybersecurity and fostering collaboration between ethical hackers and organizations. Summary: Ankita Dhakar, founder and CEO of Capture the Bug, joins Phillip Wylie on The Phillip Wylie Show to discuss her bug bounty platform and the importance of collaboration in cybersecurity. Ankita shares her background in cybersecurity and how she started her own company. She emphasizes the need for businesses to move beyond compliance and traditional security testing methods and highlights the benefits of bug bounty programs. Ankita also discusses the challenges of finding skilled cybersecurity professionals and offers advice for hiring and educating them. She concludes by inviting ethical hackers to join Capture the Bug and contribute to the growing community. Key Takeaways: Collaboration is key in protecting assets and businesses should seek to collaborate with ethical hackers. Compliance does not guarantee real security, and businesses should go beyond traditional security testing methods. Hiring skilled cybersecurity professionals requires a balanced approach, considering both technical expertise and the ability to communicate effectively. Bug bounty programs provide an opportunity for ethical hackers to contribute to cybersecurity and be rewarded for their findings. Capture the Bug aims to grow the female ethical hackers community and welcomes anyone interested in cybersecurity to reach out.

Ankita and Capture The Bug links:

https://www.linkedin.com/in/ankitadhakar/

https://twitter.com/expankita

https://twitter.com/capturethebugs

https://www.linkedin.com/company/capture-the-bug/

https://capturethebug.xyz/

About The Guest: Danny "Rand0h" Akacki is a cybersecurity professional with over 11 years of experience in the industry. He has worked at companies like Mandiant, GE, and Bank of America, focusing mainly on threat hunting. He is currently a Customer Success Manager at Trimark Security and also heads up their marketing and project management efforts. Danny is also a goon at Defcon and is passionate about streaming and content creation. Summary: Danny "Rand0h" Akacki joins Phillip Wylie on the podcast to discuss his background in cybersecurity, his love for streaming and content creation, and his experiences as a goon at Defcon. They also talk about the importance of community and giving back, as well as Danny's journey towards fitness and health during the pandemic. Key Takeaways: Streaming and content creation can be a great way to share knowledge and connect with others in the cybersecurity community. Defcon is a unique and special event that brings together people from all over the world who share a passion for hacking and cybersecurity. Failing is a natural part of the learning process, and it's important to embrace failure and learn from it. Building healthy habits and routines is key to maintaining fitness and overall well-being. It's important to be gentle with yourself and not be too hard on yourself when working towards personal goals. Danny's social media and website: https://www.linkedin.com/in/dakacki/

https://twitter.com/dakacki

https://www.randoh.net/

This trailer for the Phillip Wylie Show shares the topics discussed in episodes of the podcast.

About The Guest(s):

Nenad Zarick is a cybersecurity expert and the founder of Trickest, a platform that automates offensive security workflows. With over 15 years of experience in the field, Nenad has a deep understanding of bug bounty programs and the importance of automation in cybersecurity.

Summary:

In this episode, Phillip interviews Nenad Zaric, the founder of Trickest, a platform that automates offensive security workflows. Nenad shares his background in cybersecurity and how he got started in bug bounty programs. He emphasizes the importance of automation in bug bounty and explains how Trickest can help bug hunters optimize their efforts. Nenad gives a live demo of the platform, showcasing its features and capabilities. He also discusses the scalability of the platform and the benefits of automation in the future of cybersecurity.

Key Takeaways: Bug bounty hunters need to automate their workflows to be successful.Trickest allows users to easily automate offensive security workflows without the need for manual scripting.The platform integrates various tools and provides a visual interface for building workflows.Users can schedule workflows and execute them on multiple machines for scalability.Automation is the key to the future of cybersecurity and can save time and improve efficiency.

Nenad's and Trickest's social media and website:

https://twitter.com/ZaricNenad_

https://www.linkedin.com/in/nenad-zaric/

https://twitter.com/trick3st

https://www.linkedin.com/company/trickest/

https://trickest.com/

About The Guest(s):
Dave Mayer is an Offensive Security professional with extensive experience in Red Teaming and Penetration Testing. He has a background in computer science and has worked for companies like Citibank and Grim before founding Neuvik. Dave is also a mentor and educator in the field of Offensive Security.

Summary:
Dave Mayer, an experienced Red Team professional, shares his journey in the field of Offensive Security. He discusses his background in computer science, his transition from development to Red Teaming, and his work at Citibank and other consulting firms. Dave emphasizes the difference between Red Teaming and Penetration Testing, highlighting the intent and level of detail involved in each. He also provides insights into when organizations should consider conducting a Red Team operation and the importance of cloud security in today's hybrid environments. Dave recommends learning programming and scripting languages like Python and PowerShell to excel in Offensive Security. He also discusses the role of bug bounties and disclosure programs in finding vulnerabilities and improving security.

Key Takeaways:

• Red Teaming is focused on remaining undetected and achieving a specific objective, while Penetration Testing aims to find as many vulnerabilities as possible across multiple systems.
• Red Teaming should be conducted after organizations have matured their vulnerability scanning and Penetration Testing processes.
• Cloud security is crucial in today's hybrid environments, and understanding cloud platforms and APIs is essential for Offensive Security professionals.
• Learning programming and scripting languages like Python and PowerShell is important for automating tasks and building tools in Offensive Security.
• Bug bounties and disclosure programs can be valuable for finding vulnerabilities and improving security, but organizations should provide clear contact information for researchers to report vulnerabilities.

Dave's social media and Neuvik website:

https://twitter.com/dmay3r

https://www.linkedin.com/in/dmay3r/

https://www.neuvik.com/

Moses Frost, an offensive security expert, shares his journey into cybersecurity in this episode of the Phillip Wylie Show. Frost's interest in computers started in elementary school when he taught himself how to use an old IBM 8088 and read about DOS. He later discovered bulletin board systems (BBS) and began exploring the world of hacking. Frost's curiosity and passion for computers led him to pursue a career in offensive security, where he helps companies prevent cyber attacks.

Frost discusses his early experiences with BBS, including learning how to manipulate phone lines and bypass security systems. He also shares a story about getting doxxed after logging into an elite bulletin board and angering the admin. After high school, Frost became an auto mechanic but eventually returned to his love of computers and signed up for an A+ class. He started building systems for a company but was treated poorly and decided to better himself by learning how to use Windows NT four on his own laptop.

Later, Frost talks about his early experiences with Linux and how he figured out how to get drivers on his laptop. He eventually got a job at a hospital as a temp worker for PC support, where he developed a process to make desktop imaging faster and migrated 10,000 desktops to the system. Despite being in his teens, Frost was able to lead his senior colleagues and eventually got hired by the hospital.

The conversation also touches on the early days of cybersecurity when people were not aware of the risks and how easy it was for threat actors to exploit vulnerabilities. However, with the industry growing and maturing, the tools have become more sophisticated, and it takes a lot more to be a good pen tester now than it did in the past. Frost explains the complexity of hospital systems and the various technologies used in them. He also talks about the hospital's network, which was on the internet in 92-93 and was given a slash 16. Frost was tasked with upgrading the hospital's firewalls, which were originally Windows NT, to Nokia boxes.

Frost recommends starting small and expanding one's skillset to get into pen testing. He advises against trying to learn everything and instead encourages people to focus on what they enjoy and are good at. He also cautions against trying to become someone important or famous on social media, as it can be a trap that distracts from learning and growth. Frost's story highlights the importance of pursuing one's passions and constantly striving to improve oneself.

Moses' social media:

https://www.linkedin.com/in/mosesfrost/

https://twitter.com/mosesrenegade

Emily shares invaluable advice for those new to cybersecurity or wanting to start a cybersecurity career. She emphasizes the importance of taking the initiative by gaining real-world experience through internships or volunteer work to build up skills. Emily advises new cybersecurity professionals to practice empathy when communicating with end users. This is because empathy helps professionals to understand the point of view of their clients and co-workers when discussing security concerns. By following Emily's advice, aspiring cybersecurity professionals can gain a better understanding of how their roles fit into the larger organization and be more prepared for success in the field. Emily's social media: https://twitter.com/TechEmiiily https://www.linkedin.com/in/emily-skaggs-b63770a1/

In this podcast episode, host Phillip Wylie interviews Don Donzal, the founder of the Ethical Hacker Network, aka EH-net. Don is a cybersecurity professional, mentor, and community advocate. Don recently gave a talk about his almost two-year sabbatical, where he learned lessons about work-life balance and finding enjoyment in daily routines. Don shares his personal experiences with burnout and its consequences on his health and relationships. He emphasizes the importance of self-awareness, setting boundaries, and finding a balance between work and personal life. Don also discusses the need to engage in activities that promote mental, emotional, and physical well-being, such as exercise, meditation, and spending time with loved ones. He suggests experimenting with different activities and finding ways to incorporate them into daily routines to make them enjoyable and fulfilling.   Additionally, Don highlights the value of learning and personal growth through activities like reading, listening to audiobooks, or watching educational videos while engaging in other tasks like working out or commuting. He encourages listeners to challenge themselves, build healthy habits, and focus on what matters to them, to achieve a fulfilling and balanced life. Don's social media: https://twitter.com/ethicalhacker

https://www.linkedin.com/in/ddonzal/