Episodes
-
Summary
In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Alyse Zavala, a cybersecurity professional and rock band vocalist. They discuss the importance of having hobbies outside of work, Alyse's journey from IT to offensive security, and her experiences in the music industry. Alyse shares valuable advice for aspiring penetration testers, insights into exploitdevelopment, and the challenges of balancing her dual careers. The conversation also touches on work-life balance, burnout prevention, and upcoming projects inboth cybersecurity and music.
Takeaways
It's important to have interests outside ofcybersecurity. Alyse's journey began in IT and evolved intooffensive security. Hands-on experience is crucial for aspiringpenetration testers. Certifications like OSCP are more valuable thana degree. Alyse emphasizes the importance ofscenario-based interview questions. She started a rock band to explore her passionfor music. The band recorded with notable producers andgained significant views on their music video. Meditation has helped Alyse manage stress andimprove focus. Balancing work and music is challenging butrewarding. Alyse is excited about upcoming projects in bothcybersecurity and music.Sound Bites
"It's important to disconnect for abit." "I started specializing in malwareextraction." "I convinced them to let us start pentesting."Chapters
00:00 Introduction and Connection
06:03 Alyse's Hacker Origin Story
12:54 Career Development and Opportunities
21:00 Advice for Aspiring Pen Testers
30:00 Balancing Music and Cybersecurity Career
40:24 Work-Life Balance and Burnout Management
48:14 Closing Thoughts and Future Plans
Resources
https://x.com/Bellebytes
https://lylvc.com/
https://linktr.ee/lylvc
-
Summary
In this episode, Phillip Wylie interviews Marcus Carey, a prominent figure in the cybersecurity community. They discuss the importance of living in the moment, the power of positivity, and Marcus's journey from a young nerd to a successful hacker and entrepreneur. Marcus shares his experiences in the military and how they shaped his career in cybersecurity, emphasizing the significance of foundational skills and the role of automation and AI in the field. The conversation also touches on the Tribe of Hackers book series and the importance of mentorship and community in personal and professional growth.
Takeaways
Live in the moment and cherish experiences.
Positivity can uplift others, even on bad days.
Every experience has a purpose and can help others.
Foundational skills are crucial for success in cybersecurity.
Automation and scripting can enhance productivity.
AI is a powerful tool for cybersecurity professionals.
Mentorship and sharing knowledge are vital in the community.
Pursue your passions to find your superpower.
Everyone has a role in the cybersecurity community.
Start where you are and pursue your goals relentlessly.
Notable Quotes
"You need to enjoy those times better."
"Everything you learn is to help somebody else out."
"Life is on purpose in everything that you experience."
Chapters
00:00
Living in the Moment and Embracing Positivity
06:34
Hacker Origin Stories and the Value of Learning
11:09
The Power of Automation in Cybersecurity
19:22
Exploring the Potential of AI and Blockchain
23:19
Starting with the Basics and Finding Passion in Coding
27:39
The Importance of Troubleshooting in IT and Cybersecurity
34:21
The Future of AI in Cybersecurity
36:05
The Role of Humans in AI-Driven Cybersecurity
45:51
Empowering the Cybersecurity Community through Tribe of Hackers
54:04
Being a Blessing and Sharing Knowledge in Cybersecurity
01:00:35
Pursuing Your Passions and Finding Fulfillment in Cybersecurity
Resources
https://www.linkedin.com/in/marcuscarey/
https://x.com/marcusjcarey
-
About The Guest:Trey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Summary:In this episode of the Phillip Wylie Show, Trey Bilbrey shares his unique journey into cybersecurity, highlighting the importance of foundational knowledge and diverse experiences. He discusses the transition from red teaming to purple teaming, emphasizing the benefits of collaboration and community in the field. Trey also offers valuable advice for newcomers, stressing the need to understand the ecosystem before diving into offensive security. The conversation concludes with a call to build connections within the cybersecurity community to enhance collective defense against threats.Key Takeaways:* **Start with a Strong IT Foundation**: Trey emphasizes the importance of gaining experience in IT roles, such as help desk or systems administration, to build a solid understanding before focusing on offensive security.* **Embrace Purple Teaming**: The integration of red and blue team methodologies can significantly enhance an organization's security posture through real-time collaboration and feedback.* **Community and Collaboration**: Building trust and sharing insights within and between organizations can raise security standards and prevent breach incidents through collective defense strategies.* **Navigating Career Waves**: Opportunities often arise unexpectedly; being open to change and ready to evolve is key to a successful career in cybersecurity.* **Value of Threat Informed Defense**: Understanding your infrastructure and potential threats is crucial for implementing effective security measures and focusing your resources where they matter most.Notable Quotes:1. "It's okay to not know your path right now. Dive in, do something new\...it's going to make you better for it."2. "If we could bring all of that stuff together, that's really what makes an awesome purple team engagement."3. "Community—we're all in this together. These threats are working as teams, they're crews, they're all talking, they're all communicating. Why aren't we doing the same?"4. "If you understand how the ecosystem works...it's going to make you so much better."5. "We need to engage our local communities...we've got to talk. We got to work together."Resources:https://www.linkedin.com/in/georgebilbrey/Chapters00:00 Introduction and Hacker Origin Story08:38 Exploring Different Areas of Cybersecurity12:48 The Importance of Hands-On Experience18:28 Transitioning to Purple Teaming25:06 Planning and Executing Purple Team Operations31:04 The Role of Cyber Threat Intelligence37:41 Building Community and Collaboration
-
About the Guests:
Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg's background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John's journey began with a passion for hacking at 17, which led to a diverse career across IT roles, eventually specializing in penetration testing and red teaming for global companies. Together, they offer unique services aimed at elevating cybersecurity standards through White Knight Labs.
Episode Summary:
Dive into an engaging conversation on The Phillip Wylie Show featuring Greg Hatcher and John Stigerwalt from White Knight Labs. In this episode, the duo returns to discuss their explosive growth in the cybersecurity space, emphasizing their dedication to providing top-tier penetration testing services and innovative training programs. Greg and John highlight their focus on delivering comprehensive security testing, not just ticking compliance boxes but aiming to identify potential threats that could cripple a business financially.
As they delve into their services, Greg and John emphasize their approach to cybersecurity assessments, distinguishing themselves by employing senior engineers for direct, high-impact testing rather than a flat-rate service model. They discuss their various training programs, including offensive development and red teaming operations courses, all tailored to stay hyper-current and relevant in the fast-evolving cybersecurity landscape. The conversation also navigates through intriguing war stories from their physical penetration testing engagements, offering listeners a peek into the challenges and excitement of real-world security assessments.
Key Takeaways:
Comprehensive Cybersecurity Services: White Knight Labs focuses on delivering more than just compliance-driven testing, aiming for substantial security insights to protect businesses. Advanced Training Programs: The company offers courses on advanced red teaming, Azure penetration testing, and entry-level certifications, ensuring students gain hands-on, up-to-date skills in cybersecurity. Skillbridge Program: Engaging with transitioning military personnel, White Knight Labs offers internships and training, providing valuable career opportunities in cybersecurity. Utilizing AI in Cybersecurity: Greg and John discuss leveraging AI tools to streamline coding and development processes, increasing efficiency in their operations. Real-world Penetration Testing Stories: Sharing intriguing insights, the duo discusses the complexity and adventure involved in physical penetration testing operations.Key Takeaways:
"Our engineers at WKL will get the domain admin typically in the first hour or two… We're going after the crown jewels." - Greg Hatcher "We’re not just giving TLS Cert issues. We’re top of the line, going for the RC, the big level bugs." - John Stigerwalt "We're participating in the Skillbridge program… It's our way of getting back to the community as well." - Greg Hatcher "If I could cut off the database… that business is gonna shut doors." - John Stigerwalt "The OSCP made my career, but it wasn't that relevant for what I was doing as a full-time penetration tester." - John StigerwaltChapters
00:00 Introduction to White Knight Labs
02:03 The Growth of White Knight Labs
05:20 SkillBridge Program and Community Support
06:37 Differentiating Factors in Pen Testing Services
11:26 Compliance vs. Security in Pen Testing
15:19 The Impact of Breaches on Security Budgets
16:28 Training Programs and Course Offerings
30:36 Leveraging AI in Offensive Security
34:37 War Stories from the Field
56:18 Upcoming Events and Closing Remarks
57:52 Phillip Wylie Show Outro Video.mp4
Resources:
White Knight Labs Website: White Knight Labs Greg Hatcher's LinkedIn: Greg Hatcher John Stigerwalt's LinkedIn: John Stigerwalt White Knight Labs: **Navigating Advanced Red Team Operations (previous episode) **https://phillipwylieshow.com/episode/white-knight-security-navigating-advanced-red-team-operations -
Summary
In this conversation, Ryan Feder and Phillip Wylie explore the themes of resilience, innovation, and personal growth. They discuss how challenges can be transformed into opportunities and the importance of maintaining a positive mindset in the face of adversity. The dialogue emphasizes the power of innovative thinking and the necessity of embracing change as a pathway to success.
Takeaways
Turning challenges into opportunities is key to success. Resilience allows us to navigate through tough times. Innovative thinking can lead to transformative solutions. Growth often comes from overcoming significant challenges. Embracing change is essential for personal development. A positive mindset can alter our perception of adversity. Learning from failures can pave the way for future success. Collaboration can enhance innovative ideas and solutions. Personal growth is a continuous journey, not a destination. Adapting to change can unlock new possibilities.Sound Bites
"You took a bad situation and made it good." "The power of resilience is incredible." "Innovative thinking can change everything."Chapters
00:00 Meeting at Defcon
06:30 Finding Passion in the Cybersecurity Industry
12:50 Transitioning to Offensive Security
15:56 The Importance of Networking
18:46 The Supportive Cybersecurity Community
19:30 The Importance of Physical Security
24:34 Admitting Ignorance and Seeking Help
34:54 Networking and Continuous Learning
40:00 Understanding Technology for Effective Pen Testing
Resources
https://www.linkedin.com/in/ryan-feder-sscp/
https://x.com/Ano1X8
-
Takeaways
· Snehal Antani emphasizes the importance ofproduct obsession in leadership.
· The transition from a bull market to a bearmarket requires quick strategic shifts.
· A strong technical foundation is crucial forsuccess in offensive security roles.
· Certifications signal a commitment toself-improvement but are not the sole indicator of skill.
· Bootcamps can provide a pathway intocybersecurity but require ongoing learning to retain skills.
· Autonomous pen testing offers a consistent andcomprehensive approach to security assessments.
· The integration of offensive and defensivesecurity communities is essential for overall effectiveness.
· Understanding the threat actor perspective isvital for effective cybersecurity strategies.
· Horizon 3 aims to leverage data advantage toenhance its product offerings.
· The future of cybersecurity will involvealgorithms fighting algorithms with human oversight.
Sound Bites
· "Pen testing can be automated thatmuch."
· "I am obsessed with the product."
· "I took a 99% pay cut to serve."
Chapters
00:00 Introduction to Horizon 3 and Snehal Antani
03:26 Leadership and Company Culture at Horizon 3
06:30 Snehal's Hacker Origin Story
10:37 Transition from Corporate America to JSOC
13:45 Building Horizon 3's Culture and Team
16:28 The Unique Approach of Horizon 3
20:24 The Evolution of Pen Testing
24:34 The Role of Humans in Pen Testing
28:41 The Shift in Cybersecurity Mindset
32:31 Certifications and Bootcamps in Cybersecurity
36:26 The Future of Cybersecurity and Co-Pilots
40:21 The Importance of Data in Cybersecurity
44:22 The Impact of Autonomous Pen Testing
48:22 Conclusion and Future Outlook
58:33 Phillip Wylie Show Outro Video.mp4
Resources
https://www.linkedin.com/in/snehalantani/
https://x.com/snehalantani
https://www.horizon3.ai/
https://www.linkedin.com/company/horizon3ai/
-
Summary
In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Christophe Foulon, a cybersecurity expert and podcaster, about his journey into the cybersecurity field, the importance of self-discovery for aspiring professionals, and the evolving landscape of hiring practices in the industry. They discuss the significance of certifications, the need for internal talent development, and the value of community involvement in cybersecurity education. Christophe shares practical advice for job seekers, emphasizing the importance of networking and curiosity in building a successful career in cybersecurity.
Takeaways
Christophe's journey into cybersecurity began at a young age.
Self-discovery is crucial for those entering the cybersecurity field.
Certifications are often necessary, especially for government roles.
Hiring practices are evolving, with less emphasis on traditional degrees.
Internal training and development can help fill cybersecurity roles.
Apprenticeships can provide valuable hands-on experience.
Community involvement is essential for building a skilled workforce.
Networking is key to finding job opportunities in cybersecurity.
Curiosity and continuous learning are vital for success in cybersecurity.
Understanding the job market and roles can prevent burnout.
Sound Bites
"I was just hooked."
"It all starts on the foundation of self-discovery."
"You need to be eternally curious."
Chapters
00:00 Introduction and Background
06:46 Recommendations for Breaking Into Cybersecurity
10:54 The Role of Certifications in Cybersecurity
16:08 Creating Career Paths and Apprenticeships in Cybersecurity
25:02 The Value of Networking and Building Relationships in Job Hunting
29:40 Staying Informed: Researching Industry Trends in Cybersecurity
32:14 Closing Remarks
32:39 Phillip Wylie Show Outro Video.mp4
Resources
https://www.linkedin.com/in/christophefoulon/
https://x.com/chris_foulon
-
Summary
In this episode, Len Noe, the world's first augmentedethical hacker, shares his journey into cybersecurity and his experience with body modification. He discusses his hacker origin story, his professional career, and his current work as an evangelist for CyberArk. Len also talks about his book, 'Hacked Human: My Life and Lessons,' which explores the world of augmented humans and the ethical implications of integrating technology intothe human body.
Takeaways
Len Noe shares his hacker origin story and how he got into cybersecurity. He discusses his professional career and how he transitioned from being a black hat to an ethical hacker. Len talks about his current work as an evangelist forCyberArk and his role in educating people about cybersecurity. He explores the world of augmented humans and the ethical implications of integrating technology into the human body.Sound Bites
"I came to the ways of cybersecurity via the Black Hatroute." "I have 10 different microchips that are planted insidemy body." "I can attack physical access control systems directlythrough physical contact."Chapters
00:00 Introduction and Guest Introduction
03:36 Unconventional Paths into Cybersecurity
10:28 Implantable Technology and the Future of AugmentedHumans
18:41 Redefining Medical Ethics: Risks and Benefits of BodyModification
25:44 Hacked Human: Insights from the World's FirstAugmented Ethical Hacker
37:26 Phillip Wylie Show Outro Video.mp4
Resources
https://x.com/hacker_213
https://www.linkedin.com/in/len-noe/
Human Hacked: My Life and Lessons as the World's FirstAugmented Ethical Hacker
https://www.wiley.com/en-mx/Human+Hacked%3A+My+Life+and+Lessons+as+the+World's+First+Augmented+Ethical+Hacker-p-9781394269167
-
Summary
HOU.SEC.CON is a cybersecurity conference in Texas that aimsto provide opportunities for students and professionals in the industry. Theconference was started in 2010 by Michael Farnum and Sam Van Ryder, who wantedto create a community for cybersecurity professionals in Houston. Theyinitially ran the conference under the auspices of the National InformationSecurity Group, but eventually split off and ran it independently. Theconference has grown over the years, attracting attendees and speakers from allover the United States and even internationally. They have had to move tolarger venues to accommodate the increasing number of participants. HOU.SEC.CONhas steadily grown from 120 attendees in its first year to almost 1400attendees last year. The organizers initially planned to cap the conference at300 or 500 attendees, but the demand kept increasing. The conference aims togrow the cybersecurity community in Houston and provide a more affordable andaccessible option compared to larger conferences like RSA and Black Hat. HOU.SEC.CONhas added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater tospecific cybersecurity subfields. The organizers also host monthly user groupmeetings and provide networking opportunities for the community.
Takeaways
HOU.SEC.CON is a cybersecurity conference in Texas thatprovides opportunities for students and professionals in the industry.
The conference was started in 2010 by Michael Farnum and SamVan Ryder to create a community for cybersecurity professionals in Houston.
They initially ran the conference under the auspices of theNational Information Security Group before splitting off and running itindependently.
HOU.SEC.CON has grown over the years, attracting attendeesand speakers from all over the United States and internationally. HOU.SEC.CONhas experienced significant growth, from 120 attendees in its first year toalmost 1400 attendees last year.
The conference aims to provide an affordable and accessibleoption for the cybersecurity community in Houston.
HOU.SEC.CON has added two additional conferences, OT.SEC.CONand EXEC.SEC.CON, to cater to specific cybersecurity subfields.
The organizers also host monthly user group meetings andprovide networking opportunities for the community.
Sound Bites
"HOU.SEC.CON is a cybersecurity conference inTexas"
"The conference was started in 2010 by Michael Farnumand Sam Van Ryder"
"They initially ran the conference under the auspicesof the National Information Security Group"
"We were close to 1400 last year."
"Let's top out at 300. Let's top out at 500. Let's dowhatever."
"We would have to take up multiple floors if we weregoing to stay at the hotel."
Chapters
00:00 Introduction to HOU.SEC.CON and its mission
06:15 The origins of HOU.SEC.CON and its role in the Houstoncybersecurity community
18:33 Differentiating HOU.SEC.CON from other conferences:Valuable content and community focus
24:15 The growth and recognition of HOU.SEC.CON
26:35 Expanding HOU.SEC.CON
30:51 A More Accessible Alternative
35:46 Building a Strong Cybersecurity Community
Resources
http://houstonseccon.org/
https://www.linkedin.com/company/houseccon/
https://x.com/HouSecCon
https://www.linkedin.com/in/mfarnum/
https://x.com/m1a1vet
https://www.linkedin.com/in/svanryder/
https://x.com/SamVR
-
About the Guest:
Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
Episode Summary:
In this captivating episode of 'The Philip Wylie Show', host Philip Wylie is joined once again by offensive security aficionado Jeswin Mathai. This talk orbits around the expansive realm of professional hacking, highlighting the persistent curiosity and zealous passion these experts have for overcoming challenges in their line of work. With Jeswin on board, listeners can anticipate an in-depth exploration of Squarex's new and riveting features aimed at staving off online vulnerabilities.
The episode delves into the intricate world of in-browser malicious file detection, a pressing issue in today's digital-heavy climate. Jeswin Mathai meticulously walks listeners through the challenges surrounding the detection of malicious files, expanding upon why conventional antivirus solutions struggle and how attackers exploit naïveté during delivery. Furthermore, he presents a live demonstration of Squarex's monumental browser integration, showcasing its real-time detection capabilities and remediation options, elevating Gmail's native security measures to impressive new heights.
Key Takeaways:
Squarex is revolutionizing online security: The discussion reveals how the product can enhance Gmail security by detecting and alerting users to potential threats before they materialize.
In-browser file analysis: Squarex performs comprehensive checks directly within your browser, maintaining user privacy while offering robust protection against malicious files.
Malicious macros are a key threat vector: Jeswin explains how attackers utilize document macros, often undetected by traditional antivirus software, to compromise user systems.
Real-time alerts and remediation: Squarex provides instantaneous analysis of file attachments, distinguishing malicious intent and providing safer alternatives for download.
Enhanced user-friendly protection: The product is designed for ease of use, offering an intuitive safety net for both tech-savvy individuals and those less accustomed to cybersecurity measures.
Notable Quotes:
"The moment you open it, it's almost instantaneous. And not only is it telling you contains macros, tells you the details."
"This is a macro free version created right there in your browser, in case if you're concerned that something can go wrong."
"Email is like the primary source right now of delivery of malicious payload."
"So we have received the mail. So now as you can notice, this is a macro enabled file, but Gmail didn't say anything."
"It's a full blown file system packaged in just one single file, and how crazy it can be to detect malicious macros."
Resources:
Get your free Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/
-
Summary
In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company.
Takeaways
Joe Brinkley, also known as the blind hacker, shares his hacker origin story and offers advice for breaking into offensive security and pen testing. The commoditization of pen testing has led to a shift in the industry, with companies seeking budget-friendly alternatives and rotating vendors frequently. Automation and AI play a significant role in pen testing, allowing for faster and more efficient testing, but human expertise is still crucial for in-depth analysis and finding vulnerabilities that automated tools may miss. The industry is currently in the sixth or seventh generation of hackers, with increased access to education and tools, but also more complex environments to test. Joe Brinkley is actively involved in the Mentor Village, offering mentoring, education, and resources to those interested in cybersecurity. He encourages individuals to build their own cybersecurity brand and consider starting their own cybersecurity company, emphasizing the importance of branding and networking in the industry.Sound Bites
"I don't care who you go to, learn something." "Long-term security is the value we provide" "People are looking for a budget-friendly alternative because compliance and insurance now require yearly security activities."Resources
https://www.linkedin.com/in/brinkleyjoseph/
https://x.com/TheBlindHacker
https://x.com/deadpixelsec
https://deadpixelsec.com/
Chapters
00:00 Introduction and Background
06:24 Advice for Breaking into Offensive Security
10:39 The Commoditization of Pentesting
15:53 The Impact of Compliance and Cyber Insurance
22:03 Challenges Faced by Practitioners in Limited Time Windows
25:33 The Evolution of Hackers and Accessibility of Education and Tools
30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting
36:23 Building Cybersecurity Brands and the Mentor Village
41:14 Conclusion
41:52 Phillip Wylie Show Outro Video.mp4
-
Summary
In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences.
Takeaways
Basic cyber hygiene is essential in preventing hacking and improving cybersecurity. AI is ready for prime time, but organizations need to ensure safe adoption and consider the potential risks and impacts. Systematizing the fundamentals of cybersecurity and aligning it with business objectives is crucial for effective cybersecurity programs. Technology should be designed with people in mind, considering their experiences and needs. Understanding the risks and benefits of new technologies, such as AI, is important for making informed decisions and designing resilient systems.Quotes
"All I did my whole career is primarily take advantage of bad awareness, bad administration, bad configurations." "We're gonna have an overabundance of tooling and an underabundance of looking at the business processes themselves." "Your users are a company resource that are gonna be fallible, just like any other resource you have."Resources
https://www.linkedin.com/in/irawinkler/
https://www.linkedin.com/in/ryan-cloutier/
https://cruisecon.com/
Chapters
00:00 Introduction and Hacker Origin Stories
05:39 The Evolution of Hacking and Basic Cyber Hygiene
08:03 Threat Landscape and Shifting Attack Profiles
10:18 The Impact of Social Media and Bring Your Own Device
18:05 Systematizing the Basics and Enforcing Policies
23:35 Aligning Cybersecurity with the Business and Employee Experience
26:01 AI: Readiness and Safe Adoption
32:13 Understanding AI as Math and the Potential Risks
34:48 Personal Intimate Information and the Weaponization of AI
-
Summary
David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like lock picking and prison escape. He also talks about the challenges of transitioning from using malware and exploits to using his brain in the civilian world. Dahvid emphasizes the importance of finding your passion within offensive security and recommends exploring different areas to figure out what you enjoy. He also highlights the significance of building a personal brand in the cybersecurity field and encourages professionals to be more public about their skills and expertise.
Takeaways
David Schloss has a military background and served in the Joint Special Operations Command (JSOC), where he was involved in unique and high-value missions. He transitioned to the private sector and currently works as a Hive Leader at Covert Swarm, focusing on continuous APT emulation. The skills he acquired in JSOC, such as threat emulation, malware development, and exploit development, have been highly transferable and valuable in his offensive security career. David emphasizes the importance of privacy and cybersecurity as basic human rights and aims to grow the field by helping individuals with no experience enter the industry and supporting specialization for those already in the field. Seer, a practice prison camp, taught Dahvid Schloss transferable skills like lock picking and prison escape, which he found helpful in the cybersecurity field. Transitioning from using malware and exploits to using his brain in the civilian world was challenging for Dahvid. Dahvid recommends exploring different areas within offensive security to find your passion and avoid pigeonholing yourself into a specific role. Building a personal brand is crucial in the cybersecurity field to showcase your skills and expertise. Dahvid encourages professionals to be more public about their personal brand and expertise to increase job opportunities and career growth.Quotes
"I got through this course, I graduated, and I got to do the fun job of being a special operations communicator."
"Seer was amazing. So Seer is like practice prison camp, right? Which sounds why would that be amazing to cyber? And the reason is, is because they teach you some transferable skills, like how to pick locks and how to escape from prisons."
"Having access to really good malware, really good exploits was not at all. It sounds like it would be really helpful, but it was a hard transfer for me, especially because I'm so used to being able to go dot slash execute. And now I'm on a box and now I have to go, Oh, I have to use my brain."
"Offensive security is massive. It's like, there is no way you can be a master of all. Like there is only one and that's John Hammond so far. That's all I've seen. He's, know, he's got, he's got the chops, but we can't all be him. Right. So, um, really like my biggest recommendation."
Resources
https://www.linkedin.com/in/dahvidschloss/
https://x.com/DahvidSchloss
Chapters
00:00 Introduction and Background
02:36 Military to Cybersecurity Transition
08:41 Learning Cybersecurity Skills
17:34 JSOC and Fighting High-Value Targets
26:34 Transferable Skills and Challenges in Offensive Security
29:55 Exploring Different Areas in Offensive Security
39:04 The Importance of Building a Personal Brand
46:41 Opportunities for Growth in Smaller Cybersecurity Startups
49:49 Taking the Time to Find Your Path in Cybersecurity
-
Summary
In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout.
Takeaways
Eric Teichmiller shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. As a technical account manager, Eric supports customers and acts as a subject matter expert for autonomous pen testing. Certifications can be beneficial in the cybersecurity field, but work experience and the ability to connect with interviewers are also important. Eric advises aspiring cybersecurity professionals to never stop learning, focus on building experience, and apply intentionally for positions. To avoid burnout while studying, eliminate distractions, find a learning method that works for you, and have hobbies outside of your day job. Eric's goal at Horizon3 is to explore positions that allow him to take a big picture approach and continue problem-solving.Sound Bites
"I'm really enjoying cybersecurity as a whole."
"I kind of have that customer perspective."
"Everything that they were geeking out on not only works, but it works well."
Chapters
00:00 Introduction and Background
03:29 The Role of a Technical Account Manager
06:36 Transitioning from Defensive to Offensive Security
08:41 The Fascination with Autonomous Pen Testing
12:14 The Value of Certifications and Continuous Learning
14:13 Advice for Job Seekers in Cybersecurity
15:55 Navigating Job Descriptions and Requirements
20:12 Avoiding Burnout in Cybersecurity
24:07 Goals and Future Plans at Horizon 3
25:59 Final Thoughts and Conclusion
Resources
https://www.linkedin.com/in/eric-teichmiller-82296295/
https://x.com/ericteichmiller
-
About the Guest:
Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity.
Episode Summary:
In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape.
Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike.
Key Takeaways:
• Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster.
• Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades.
• Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors.
• Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program.
• Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals.
Notable Quotes:
• "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now."
• "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape."
• "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access."
• "I've always been a consultant. I've always been sort of in this trusted advisor role."
• "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say."
Resources:
Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/
Jeff Man X(formerly Twitter): https://x.com/MrJeffMan
Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly
-
About the Guest:
Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry.
Episode Summary:
Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of his friend and cybersecurity expert, Andrew Lemon. Andrew shares his unique hacker origin story, from tech-savvy childhood and learning from his Novell admin dad to becoming the founder of Red Threat. With an emphasis on practical, hands-on experience, Andrew discusses how he has approached building a successful career in offensive security and what it takes to start a thriving consulting business.
In this comprehensive conversation, Andrew explains the strategies and technologies he employs in his assessments, the importance of tailoring services to client maturity levels, and insights into some of his latest research, including traffic control system vulnerabilities and AI pentesting. Phillip and Andrew also explore the critical nature of crafting a personal brand and the value of community-driven networking in cybersecurity. These engaging insights make this a must-listen episode for anyone interested in the inner workings of professional hacking and security consulting.
Key Takeaways:
Starting a cybersecurity consulting business: Andrew highlights the importance of financial planning, brand recognition, and maintaining integrity in service offerings.
Ransomware readiness assessments: A key focus for Andrew’s company, Red Threat, is preparing organizations for ransomware attacks by simulating real-world scenarios and actor techniques.
Physical security and social engineering: Despite the transition to remote work, physical security assessments remain a crucial part of Andrew's toolkit, demonstrating easy-to-understand vulnerabilities.
AI pentesting: Andrew talks about the emerging field of AI pentesting, shedding light on the unique challenges and methodologies, including leveraging the OWASP Top Ten for AI.
Career advice: Emphasizing the importance of networking and creating opportunities, Andrew shares actionable tips on how to navigate and succeed in the cybersecurity industry.
Notable Quotes:
"Growth begins at the edge of your comfort zone." "If you want to see an area mature, look at it through the lens of an attacker." "My main goal has been transparency." "For me, it's all about delivering the highest integrity I can." "There's no rulebook in the job market—you can always re-engineer your career path."Resources:
Andrew Lemon on LinkedIn
Red Threat
Defcon
OWASP Top Ten for AI
For more in-depth insights and to hear the full conversation, be sure to listen to the complete episode. Stay tuned for more engaging discussions on the Phillip Wylie Show, where you get a behind-the-curtain look at the world of professional hacking.
-
About the Guest:
Anthony "TonyP" Pillitiere: Anthony is the co-founder and Chief Technology Officer (CTO) of Horizon3.ai, a company renowned for its innovative product, NodeZero, which focuses on autonomous security. With a remarkable career spanning 21 years in the military, much of which was spent in highly sensitive missions, TonyP brings a wealth of expertise in offensive and defensive cybersecurity. His experience includes serving as the deputy CTO for the Joint Special Operations Command, where he spearheaded various cybersecurity initiatives.
Episode Summary:
In this episode of the Phillip Wylie Show, host Phillip Wylie delves into an insightful discussion with Anthony "TonyP" Pillitiere, the co-founder of Horizon 3 and the mastermind behind the cutting-edge product NodeZero. They explore the unique landscape of cybersecurity products stemming from the US special operations, contrasting with those from Israel's famous Unit 8200. Anthony shares riveting anecdotes from his military experience, emphasizing how the high-stakes environment shaped his approach to cybersecurity and led to the creation of NodeZero.
Drawing from over 80,000 automated pen tests executed using NodeZero, TonyP elucidates key lessons and recurring security challenges organizations face. The conversation highlights the transformative impact of autonomous pen testing on identifying vulnerabilities, enhancing risk assessments, and ultimately shaping the future of cybersecurity. Through engaging narratives and technical wisdom, this episode offers listeners a rare glimpse into the synergy between offensive and defensive security practices and the vital role of continuous automated assessment in safeguarding digital assets.
Key Takeaways:
Offensive Security as the Future: TonyP stresses the importance of understanding offensive tactics to bolster defensive measures, shifting the mindset of cybersecurity from a cost center to a key mission component. Credentials and Vulnerabilities: Recurring issues such as credential reuse and inadequate vulnerability management remain significant challenges in securing organizational environments. Bridging the Gap: There's a critical need to close the knowledge gap between cybersecurity practitioners and business executives to better communicate and prioritize security risks. Continuous Assessment: Traditional annual pen testing is insufficient; continuous automated assessments via tools like NodeZero are essential for keeping up with evolving threats and internal changes. Improving Business Outcomes: Effective cybersecurity is not just about defense; it’s also vital for business continuity and preventing significant financial losses.Notable Quotes:
"We tend to call ourselves the quiet professionals. Marketing ourselves, we try not to do that, but it is compelling." - Anthony "TonyP" Pillitiere "The fundamentals get missed a lot. And it's not because we don't know about the fundamentals. The sprawl of the organization is just too much." - Anthony "TonyP" Pillitier "It's not until you send an attacker at your defenses do you really know that your defenses can hold up to an attacker." - Anthony "TonyP" Pillitiere "The amount of revenue that organizations have lost has just been significant. It's hard to convince the business that this capability having an offensive understanding really prioritizing cybersecurity." - Anthony "TonyP" Pillitiere "This is the future of cybersecurity. Offensive understanding of an environment is the future of cybersecurity." - Anthony "TonyP" PillitierResources:
Anthony "TonyP" Pillitiere's LinkedIn: Anthony Pillitiere
Horizon 3 Website: horizon3.ai
NodeZero Product Information: NodeZero
-
About the Guest:
KJ Haywood: KJ Haywood is a seasoned professional in the field of cybersecurity with over 25 years of experience in governance and compliance. She has dedicated the last 11 years to security governance and has recently shifted focus to AI and generative AI, launching her company, Nomad Cyber Concepts. Her expertise lies in helping mid-sized organizations pivot their solutions and acquire or design AI tools. KJ holds an MIT certification in AI no-code model building and is a prominent figure in the cybersecurity community, frequently sharing her knowledge at conferences and through teaching and mentoring.
Episode Summary:
In this engaging episode of "The Phillip Wylie Show," Phillip Wylie welcomes KJ Haywood, a veteran in cybersecurity governance and compliance, to discuss the transformative impact of AI and generative AI on the industry. The conversation dives into KJ’s professional journey from human resources to cybersecurity, her passion for governance, and her recent pivot into AI, particularly focusing on her company's role in helping organizations integrate AI tools.
The episode provides valuable insights into the importance of continually learning and staying updated in the cybersecurity field. KJ discusses the advent of generative AI, its rapid adoption since the release of ChatGPT, and the necessity for security practitioners to adapt. Listeners will gain an understanding of how to balance work and personal time to avoid burnout, the critical nature of governance in AI model design, and how to leverage community resources and certifications to advance one's career.
Key Takeaways:
Career Transition and Passion in Cybersecurity: KJ shares her unconventional journey from HR to cybersecurity, emphasizing the importance of following one's interests and continually learning. Impact of AI on Cybersecurity: Discussion on how generative AI is revolutionizing the field, the urgency of adapting, and KJ's role in helping organizations integrate AI tools. Balancing Work and Wellness: Strategies for managing work hours to avoid burnout, including recognizing personal productivity times and taking necessary breaks for mental health. Educational Resources for AI and Cybersecurity: KJ's recommendations for AI literacy, including free resources, certifications, and institutions offering comprehensive courses. Community and Networking: The importance of being involved in professional communities, attending conferences, and leveraging networks to stay updated and advance in one's career.Notable Quotes:
"Are you absolutely sure you want to transition to this industry? Because you have to really love what you do because it's easy to get burned out." - KJ Haywood
"The privileged access, remember we talked a lot about zero trust and privilege access back in the day. I think we're going to end up circling right back to that." - KJ Haywood
"We need pen testers very much. Consider going into pen testing if you haven't already considered it." - KJ Haywood
"I believe it's going to be similar to the shift with cybersecurity. Industry practitioners are going to have to pivot a little bit of their skill set and level themselves up." - KJ Haywood
"I think artificial intelligence or any type of Gen AI tool, because there are going to be so many more that are going to be launched over the next, I'd say, three years, we're going to have so many." - KJ Haywood
Resources:
KJ Haywood: LinkedIn
Nomad Cyber Concepts: Website
Phillip Wylie: Pen Testing Book
OWASP: Website
MIT AI No-Code Course
Women in Security and Privacy (WISP): Website
SecureWorld: Website
-
About the Guest:
Rob Fuller (Mubix): Rob Fuller, also known as Mubix, is a well-known figure in the cybersecurity community, particularly in the realms of penetration testing and red teaming. As an experienced professional, Fuller has a background in the Marine Corps where he was part of the Marine Corps CERT at Quantico. Fuller has contributed significantly to the community through his work with Hak5 on series like Metasploit Minute and Practical Exploitation. His deep understanding of security concepts, coupled with his engaging teaching methods, has influenced aspiring hackers and professionals worldwide. He now holds a leadership role, guiding and nurturing the next generation of cybersecurity talent.
Episode Summary:
In this engaging episode of "The Phillip Wylie Show," Phillip Wylie sits down with Rob Fuller, also known as Mubix, a revered figure in the cybersecurity and penetration testing community. The conversation kicks off with Fuller's early experiences that propelled him into the world of hacking, such as his fascination with Game Shark and reverse engineering concepts during his childhood. Fuller elaborates on his journey from the Marine Corps to becoming a renowned penetration tester and red teamer, providing invaluable insights into the practical and psychological aspects of entering the cybersecurity field.
Throughout the episode, Fuller emphasizes the importance of content creation and community involvement for career advancement in cybersecurity. He illustrates how blogging, podcasts, or even YouTube channels can showcase one's expertise and help build a personal brand. This episode is packed with actionable advice on certifications, the value of scripting, and the mental fortitude needed to combat imposter syndrome. Listeners are bound to find Fuller's story inspiring and his advice practical for both newcomers and seasoned professionals in cybersecurity.
Key Takeaways:
Content Creation is Key: Fuller emphasizes the necessity of creating content—whether blogs, videos, or code repositories—to establish oneself in the cybersecurity community and attract job opportunities. Learning Programming Helps: While not a strict requirement, knowing how to code can greatly enhance a pen tester's ability to adapt and overcome challenges during engagements. Select Certifications Wisely: Fuller shares his perspective on the current landscape of cybersecurity certifications, recommending those with practical, hands-on tests like CRTO. Imposter Syndrome is Natural: Fuller advises embracing the learning process and valuing opportunities to be the 'dumbest person in the room' as it's critical for growth. Trust in Community: Fuller underscores that the cybersecurity field thrives on knowledge sharing and cautions against feeding the "try harder" mentality that inhibits communal learning and growth.Notable Quotes:
"It's not who you know, it's not what you know, it's who knows what you know." - Rob Fuller "One of the best things you can ever do is start a blog, a video log, a podcast, something to detail your learning experience." - Rob Fuller "If you're ever in a situation where you are the dumbest person in the room, and someone belittles you for it, they're the butthead." - Rob Fuller "As long as you understand basic logic, if this, then that… You can learn programming along the way." - Rob Fuller "Creating content is like investing money. The sooner you start, the better." - Rob FullerResources:
Rob Fuller (Mubix) on Twitter: @mubix Hak5: Hak5 Website Zero Point Security's CRTO Certification: https://training.zeropointsecurity.co.uk/courses/red-team-ops Security Plus Certification: https://www.comptia.org/certifications/security OSCP Certification: https://www.offsec.com/courses/pen-200/Don't miss this episode to dive deep into Mubix's fascinating journey through cybersecurity and glean insights that can aid your own career progression.
-
About The Guest:
Noah King is a Senior Software Engineer at Horizon3.ai, specializing in offensive security and exploit development. Coming from a background in sales and with a strong expertise in web application development, Noah transitioned into cybersecurity after being inspired by his wife's journey into engineering. With a passion for breaking things rather than building them, Noah has rapidly advanced in the field, earning his OSCP certification and contributing to automating complex security attacks at Horizon3.ai.
Summary:
Noah King shares his journey from sales to offensive security. He started with a coding bootcamp and transitioned into web app development. Eventually, he joined Horizon3.ai as a senior software engineer and became interested in offensive security. He learned through hack the box and became a teaching assistant for a cybersecurity bootcamp. He obtained the OSCP certification and now focuses on offensive security at Horizon3.ai, automating attacks and finding vulnerabilities.
Takeaways
Transitioning from a different career background is possible in offensive security. Obtaining certifications like OSCP and gaining experience through bug bounties are valuable. Learning to code or script is important for offensive security professionals. Automation is crucial in scaling pen testing efforts. Continuous learning and staying up-to-date with emerging threats is essential in offensive security.Quotes:
"I really wanted to be on the opposite edge of breaking." "Automating and making everything instead of having to pay for some pen testers to come in." "I do a lot with making the JavaScript, making deceptive login pages."Chapters:
00:00 Introduction and Background
03:50 Finding Passion and Building a Foundation
10:07 Automation and Scaling in Offensive Security
15:19 The Challenges and Rewards of Offensive Security 22:59 Certifications and Experience in the Job Market
25:41 Closing Remarks
Resources:
Noah's Horizon3 Tech Talk: Journey to OSCP https://www.horizon3.ai/insights/webinars/tech-talk-journey-to-oscp/
Noah's LinkedIn: https://www.linkedin.com/in/noahking1/
- Show more
