Summary

In this episode of the Philip Wylie Show, host Phillip Wylie interviews cybersecurity expert John Hammond. They discuss John's journey into hacking, the importance of Capture the Flag competitions, and the value of training and certifications in cybersecurity. John shares insights about his new educational platform, Just Hacking Training, and emphasizes the role of content creation in advancing one's career in the cybersecurity field. The conversation highlights the collaborative nature of cybersecurity education and encourages listeners to share their knowledge and experiences.

Takeaways

• John Hammond's journey into cybersecurity began with a passion for video games and hacking.
• Capture the Flag competitions provide valuable skills that are applicable in real-world scenarios.
• Training resources for penetration testing are abundant and accessible online.
• Just Hacking Training aims to provide free and affordable cybersecurity education.
• Collaboration with other experts enhances the quality of educational content.
• Certifications can help beginners get their foot in the door in cybersecurity.
• The OSCP certification is highly regarded in the penetration testing community.
• Content creation can significantly impact career opportunities in cybersecurity.
• Sharing knowledge and experiences is crucial for community growth in cybersecurity.
• Continuous learning and adaptation are essential in the ever-evolving field of cybersecurity.

Sound Bites

• "CTF is more difficult than real world."
• "Building up free accessible training."
• "It's a buffet assortment of training."

Chapters

00:00 Introduction to John Hammond

01:36 John's Hacker Origin Story

04:07 The Value of Capture the Flag Competitions

07:08 Training for Aspiring Penetration Testers

09:11 Introducing Just Hacking Training

10:57 Collaborators in Cybersecurity Education

13:24 The Role of Certifications in Cybersecurity

16:55 Navigating Penetration Testing Certifications

19:14 The Impact of Content Creation on Career Growth

23:23 Encouragement for Aspiring Cybersecurity Professionals

Resources https://www.linkedin.com/in/johnhammond010/ https://www.youtube.com/@_JohnHammond https://x.com/_JohnHammond https://www.justhacking.com/

Summary

In this episode of the Phillip Wylie Show, Jayson E. Street shares his journey from a troubled childhood to becoming a prominent figure in the cybersecurity community. He discusses the importance of understanding the hacker mindset, the value of starting in blue team roles before transitioning to red team positions, and the significance of empathy and kindness in both personal and professional interactions. Through engaging stories and valuable insights, Jayson emphasizes the need for effective communication in security roles and the importance of fostering a supportive community.

Takeaways

• Jayson E. Street emphasizes that everyone has a hacker origin story.
• Starting in blue team roles provides a solid foundation for cybersecurity careers.
• Effective communication is crucial for red teamers to convey findings to management.
• Success in security is measured by the impact on client awareness and behavior.
• Empathy and kindness are essential in navigating personal and professional relationships.
• The hacker mindset is about questioning and challenging the status quo.
• Networking and community support are vital in the cybersecurity field.
• Red teaming should focus on improving blue team defenses, not just breaking in.
• Personal growth often comes from overcoming past traumas and making conscious choices.
• It's important to remain humble and recognize that everyone has valuable insights to share.

Sound Bites

• "You're one of my inspirations."

• "I was able to destroy them."

• "It's always time to be kind."

Chapters

00:00 Introduction and Inspiration

03:18 The Hacker Origin Story

07:40 Starting in Cybersecurity: Blue Team First

13:03 Engaging Stories from the Field

21:58 The Importance of Communication in Security

25:26 Active Intrusions and Real-World Experiences

26:19 The Art of Social Engineering

30:56 The Hacker's Humility

36:05 From Rage to Empathy

41:02 Choosing Kindness Over Anger

Resources

• https://www.linkedin.com/in/jstreet/
• https://x.com/jaysonstreet
• https://jaysonestreet.com/

About the Guest:

Rob Allen is a seasoned cybersecurity expert currently working as the Chief Product Officer at ThreatLocker. With over 25 years of experience in the IT industry, Rob has a rich background in managing IT environments, having spent nearly two decades at an MSP (Managed Service Provider) in Ireland. He transitioned from cleaning up ransomware attacks to helping organizations actively prevent them through Threat Locker's innovative cybersecurity solutions. Rob is known for his in-depth understanding of evolving cyber threats and promoting effective preventive measures against them. Episode Summary:

In this engaging episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Rob Allen from Threat Locker. Together, they delve into the intricacies of modern cybersecurity threats, focusing on Threat Locker's innovative approaches to tackling ransomware and other malicious attacks. Listeners get a unique insight into the Threat Locker software, known for its preventive rather than reactive approach to cybersecurity, which includes features like default deny policies, ring fencing, and network control. Rob Allen unveils how the default deny approach helps mitigate cyber threats, including ransomware and living-off-the-land binaries, by blocking unauthorized actions before they happen. He emphasizes the need for robust security measures to limit what applications and scripts like PowerShell can do, thus preventing these tools from being weaponized by cybercriminals. Besides discussing practical security steps, Rob highlights how Threat Locker addresses the ever-evolving threat landscape using its innovative network control and threat detection capabilities. This conversation is packed with insights into how organizations can safeguard their IT environments in an era of increasingly complex cyber threats. Key Takeaways: * Default Deny Approach: Rob highlights the efficiency of Threat Locker's default deny policy, preventing unauthorized programs from running by approving only necessary applications. * Living Off the Land Prevention: The discussion covers methods to control and restrict the use of common Windows utilities like PowerShell, preventing them from serving malicious purposes. * Network Control: Insights into handling remote encryption threats through a unique approach to network traffic control, ensuring only trusted devices can connect. * The Role of AI: A glimpse into how AI can be both a tool for cybersecurity advancements and a potential threat when used by bad actors for phishing and malware development. * Zero Trust World Conference: Rob invites listeners to the Zero Trust World event focusing on hands-on cybersecurity training and knowledge exchange. Notable Quotes: * "100% of successful cyber attacks are not detected in time or at all." * "Prevent ransomware, lock it by default." * "AI is just as likely to be used against you as it is to protect you." * "The fact of the matter is, if nobody ever paid, there would be no such thing as ransomware." * "You cannot trust a ransomware gang." Resources: * Threat Locker Website: https://www.threatlocker.com * ThreatLocker LinkedIn: https://www.linkedin.com/company/threatlockerinc/ * Zero Trust World Event: Explore more at ZTW.com * Zero Trust World $200 off discount code: ZTWPW25 * ThreatLocker YouTube: https://www.youtube.com/@ThreatLocker * Rob's LinkedIn: https://www.linkedin.com/in/threatlockerrob/

Chapters

00:00 Introduction to ThreatLocker and Rob Allen

03:30 Rob Allen's Hacker Origin Story

06:23 Understanding ThreatLocker’s Approach to Cybersecurity

12:29 Living Off the Land: A Cybersecurity Challenge

16:39 Macro Vulnerabilities in Office Applications

19:20 Ransomware Prevention Strategies

23:40 The Importance of Network Control

31:55 AI in Cybersecurity: A Double-Edged Sword

37:37 Zero Trust World Conference Overview

39:56 Closing Thoughts and Resources

42:02 Zero Trust World discount code

Summary

In this episode of the Phillip Wylie Show, Sean Metcalf, an expert in Active Directory security, discusses his journey into cybersecurity, the evolution of Active Directory and Azure AD, and the common mistakes organizations make in cloud security. He emphasizes the importance of security assessments over penetration testing and shares insights into Trimarc's unique approach to security assessments. Sean also highlights the significance of scripting in security roles and discusses the future of Active Directory in hybrid environments. The episode concludes with information about Trimarc's new product, Trimarc Vision, aimed at enhancing Active Directory security.

Takeaways

• Sean Metcalf has assessed environments with up to 960,000 users.
• Active Directory security is often overlooked in organizations.
• Many organizations are making the same security mistakes in the cloud as they did on-premises.
• Security assessments are crucial for identifying potential vulnerabilities.
• Trimarc uses proprietary tools for in-depth security assessments.
• Scripting knowledge, especially in PowerShell, is beneficial for security professionals.
• Active Directory is not going away anytime soon due to legacy applications.
• Organizations should conduct security assessments every couple of years.
• Trimarc's assessments provide actionable insights for improving security.
• The new Trimarc Vision product aims to enhance Active Directory security monitoring.

Sound Bites

• "It's been quite a year."
• "I saw something change in the URL."
• "We're the identity experts."

Chapters

00:00 Introduction to Active Directory Security

03:33 Sean Metcalf's Hacker Origin Story

06:20 The Evolution of Active Directory and Azure AD

09:31 The Importance of Specialization in Cybersecurity

12:30 Active Directory Security Challenges

15:39 The Role of Security Assessments

18:26 Comparing Trimarc and Bloodhound

20:56 Understanding Active Directory Security Assessments

22:35 Getting Started in Active Directory Security

25:30 The Importance of Scripting in Security

34:43 The Hybrid Environment: On-Prem vs Cloud

37:23 Trimarc's Unique Services and Assessments

40:17 Frequency of Active Directory Assessments

42:21 Introducing Trimarc Vision

Resources

https://www.linkedin.com/in/seanmmetcalf/

https://x.com/PyroTek3

https://www.linkedin.com/company/trimarcsecurity/

https://x.com/TrimarcSecurity

https://www.trimarcsecurity.com/

https://adsecurity.org/

Summary

In this episode of the Phillip Wylie Show, Mishaal Khan shares his journey from a curious child assembling computers to becoming an expert in OSINT and pen testing. He discusses the importance of OSINT in various fields, the transition to consulting and virtual CISO roles, and offers valuable advice for aspiring CISOs. Mishaal also highlights the impact of AI on cybersecurity and emphasizes the importance of passion over monetary gain in one's career.

Takeaways

• Mishaal's journey began with a curiosity about computers and programming.

• OSINT can be applied in various fields beyond cybersecurity.

• Practical experience is crucial for learning OSINT techniques.

• Social engineering is a key component of successful pen testing.

• Free tools can be just as effective as paid ones in OSINT.

• Transitioning to a consulting role requires a blend of technical and managerial skills.

• Understanding risk is essential for aspiring CISOs.

• Training should focus on practical applications and real-world scenarios.

• AI can enhance productivity but is not a replacement for human skills.

• Pursuing passion in your career leads to greater satisfaction and success.

Sound Bites

• "Do OSINT on yourself first."

• "I can do it in an hour if you allow me."

• "AI is not going to take over the world."

Chapters

00:00 Introduction to Mishaal Khan

04:43 Mishaal's Hacker Origin Story

06:34 Getting Started in OSINT

11:33 The Role of OSINT in Pen Testing

18:49 Transitioning to Consulting and Virtual CISO

26:43 Advice for Aspiring CISOs

33:00 Training and Educational Initiatives

36:02 The Impact of AI on Cybersecurity

40:32 Final Thoughts and Advice

Resources

https://www.mishaalkhan.com

https://www.linkedin.com/in/mish-aal/

https://x.com/mish3alkhan

Summary

In this episode, Phillip Wylie interviews Wirefall, a veteran in the pen testing industry, discussing his journey from a curious child to a seasoned professional. They explore the evolution of pen testing tools, the impact of compliance on testing practices, and the importance of community engagement in cybersecurity. Wirefall shares insights on starting a career in pen testing, the significance of the Dallas Hackers Association, and how improv has transformed his approach to public speaking and adaptability in the field. The conversation emphasizes the need for trust, communication, and a supportive community in the cybersecurity landscape.

Takeaways

• We are all born hackers, driven by curiosity.
• The evolution of tools has made pen testing both easier and more complex.
• Compliance often leads to unrealistic pen testing scopes.
• Trust is essential when engaging penetration testers.
• Networking is crucial for career advancement in cybersecurity.
• The Dallas Hackers Association fosters community and learning.
• Improv can enhance adaptability and public speaking skills.
• Community engagement is vital for personal and professional growth.
• Ransomware has shifted the focus back to full-scope testing.

• Be excellent to each other to maintain a positive community.

Sound Bites

• "We are all born hackers."
• "DHA is a cyber circus."
• "It's a journey."

Chapters

00:00 Introduction to Wirefall and Pen Testing Journey

02:10 The Hacker Origin Story

08:34 First Paid Pen Testing Job

11:05 Evolution of Pen Testing Tools

15:31 Compliance and Its Impact on Pen Testing

20:44 Advice for Engaging Pen Testers

25:02 Starting a Career in Pen Testing

27:43 The Dallas Hackers Association

41:30 The Power of Improv in Hacking

52:37 Community and Conduct in Cybersecurity

Resources

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Alyse Zavala, a cybersecurity professional and rock band vocalist. They discuss the importance of having hobbies outside of work, Alyse's journey from IT to offensive security, and her experiences in the music industry. Alyse shares valuable advice for aspiring penetration testers, insights into exploit development, and the challenges of balancing her dual careers. The conversation also touches on work-life balance, burnout prevention, and upcoming projects in both cybersecurity and music.

Takeaways

• It's important to have interests outside of cybersecurity.
• Alyse's journey began in IT and evolved into offensive security.
• Hands-on experience is crucial for aspiring penetration testers.
• Certifications like OSCP are more valuable than a degree.
• Alyse emphasizes the importance of scenario-based interview questions.
• She started a rock band to explore her passion for music.
• The band recorded with notable producers and gained significant views on their music video.
• Meditation has helped Alyse manage stress and improve focus.
• Balancing work and music is challenging but rewarding.
• Alyse is excited about upcoming projects in both cybersecurity and music.

Sound Bites

• "It's important to disconnect for a bit."
• "I started specializing in malware extraction."
• "I convinced them to let us start pen testing."

Chapters

00:00 Introduction and Connection

06:03 Alyse's Hacker Origin Story

12:54 Career Development and Opportunities

21:00 Advice for Aspiring Pen Testers

30:00 Balancing Music and Cybersecurity Career

40:24 Work-Life Balance and Burnout Management

48:14 Closing Thoughts and Future Plans

Resources

https://x.com/Bellebytes

https://lylvc.com/

https://linktr.ee/lylvc

Summary

In this episode, Phillip Wylie interviews Marcus Carey, a prominent figure in the cybersecurity community. They discuss the importance of living in the moment, the power of positivity, and Marcus's journey from a young nerd to a successful hacker and entrepreneur. Marcus shares his experiences in the military and how they shaped his career in cybersecurity, emphasizing the significance of foundational skills and the role of automation and AI in the field. The conversation also touches on the Tribe of Hackers book series and the importance of mentorship and community in personal and professional growth.

Takeaways

• Live in the moment and cherish experiences.

• Positivity can uplift others, even on bad days.

• Every experience has a purpose and can help others.

• Foundational skills are crucial for success in cybersecurity.

• Automation and scripting can enhance productivity.

• AI is a powerful tool for cybersecurity professionals.

• Mentorship and sharing knowledge are vital in the community.

• Pursue your passions to find your superpower.

• Everyone has a role in the cybersecurity community.

• Start where you are and pursue your goals relentlessly.

Notable Quotes

• "You need to enjoy those times better."

• "Everything you learn is to help somebody else out."

• "Life is on purpose in everything that you experience."

Chapters

00:00

Living in the Moment and Embracing Positivity

06:34

Hacker Origin Stories and the Value of Learning

11:09

The Power of Automation in Cybersecurity

19:22

Exploring the Potential of AI and Blockchain

23:19

Starting with the Basics and Finding Passion in Coding

27:39

The Importance of Troubleshooting in IT and Cybersecurity

34:21

The Future of AI in Cybersecurity

36:05

The Role of Humans in AI-Driven Cybersecurity

45:51

Empowering the Cybersecurity Community through Tribe of Hackers

54:04

Being a Blessing and Sharing Knowledge in Cybersecurity

01:00:35

Pursuing Your Passions and Finding Fulfillment in Cybersecurity

Resources

https://www.linkedin.com/in/marcuscarey/

https://x.com/marcusjcarey

lWHcfYxqt8HRcXC1NwV6