Kyser Clark interviews Trent Darrow, a senior penetration tester and cyber protection team crew lead. They discuss Trent's background, certifications, and his role in building a red team. They also touch on ethical dilemmas in the industry, the effectiveness of certifications in preparing for real-world pen testing, and the importance of skills like time management and effective communication. In this conversation, Trent and Kyser discuss time management in cybersecurity exams, the challenges of scanning large networks, the role of a cyber warfare technician, the transition between civilian and military careers, strategies for preparing for the OSCP and OSEP exams, the value of participating in CTFs, and the future of the cybersecurity field.

Connect with Trent Darrow on LinkedIn: https://www.linkedin.com/in/trenton-darrow/

Takeaways:

Trent's background spans help desk, IT specialist roles, network engineering, and cybersecurity contracting, with certifications like OSCP, GCFA, GWAPT, GPEN, and GCPN.

Real-world skills like time management, note-taking, and communication are crucial, differing from those needed for exams or CTFs.

Ethical dilemmas, such as downgrading findings to please clients, can be common in the industry.

Preparing for certifications like OSCP and OSEP requires practice, extensive note-taking, and ensuring tools work properly through a proxy.

AI isn't a threat to cybersecurity jobs, but learning web application security is essential for staying competitive.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

Kyser Clark and Evan Isaac discuss their experiences and insights in cybersecurity. They cover topics such as certifications, content creation on LinkedIn, web hacking resources, job searching advice, and the importance of offensive and defensive cybersecurity skills.

Connect with Evan Isaac on LinkedIn: https://www.linkedin.com/in/evan-isaac/

Takeaways

• Certifications like OSCP and eWPTX are valuable in cybersecurity, but other certifications like PMPT and CPTS are gaining recognition.
• Creating content on LinkedIn and other platforms can help build your personal brand and network in the cybersecurity industry.
• Web hacking resources like PortSwigger Academy, TryHackMe, and Hack The Box are great for learning and practicing web application security.
• When searching for a job, networking and building connections are crucial. Contact recruiters and professionals in the field, and consider posting content to showcase your knowledge and skills.
• Both offensive and defensive skills are essential in cybersecurity. Gaining experience in blue team roles can provide valuable insights for red teaming and penetration testing.
• Stay consistent, never give up, and continue learning and growing in cybersecurity.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

Kyser Clark interviews Nouha Ben Brahim, a Python programmer turned bug bounty hunter and founder of No Breach. They discuss Nouha's journey into cybersecurity, the most concerning cyber breach, common web hacking vulnerabilities, becoming a speaker at events, starting a cybersecurity company, and Nouha's podcast, The Hackers Line.

Connect with Nouha Ben Brahim on LinkedIn: https://www.linkedin.com/in/nouha-ben-brahim-4b749b278/

Takeaways

• Transitioning from programming to bug bounty hunting requires experimentation and learning the basics of hacking.
• Common web hacking vulnerabilities include GraphQL flaws, authentication issues, and IDOR.
• To become a speaker at events, choose a topic that tells a compelling story and resonates with the audience.
• Starting a cybersecurity company requires building trust, providing high-quality solutions, and staying up to date with industry trends.
• Podcasts are a valuable platform for sharing knowledge and connecting with experts in the cybersecurity field.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

In this conversation, Kyser Clark interviews Jake Mayhew, a senior penetration tester, about his background and experiences in cybersecurity. They discuss the importance of internships, the value of creating a home lab, and the benefits of networking at local conferences and meetups. Jake also shares advice for job seekers, including the significance of standing out through proactive actions like writing reports and asking questions. Jake Mayhew and Kyser Clark discuss their favorite hacker movies and shows, as well as their experiences with different hacking certifications. They also explore the challenges of pursuing higher-level certifications and offer advice for those entering the cybersecurity field. The conversation concludes with a discussion on the importance of perseverance and community involvement in the job search process.

Connect with Jake Mayhew: https://www.linkedin.com/in/jake-mayhew-osce-oscp/

Takeaways

• Internships can be a valuable way to gain experience and get your foot in the door in the cybersecurity field.
• Creating a home lab and actively using it to learn and practice cybersecurity skills can demonstrate your passion and dedication to potential employers.
• Attending local conferences and meetups can provide opportunities for networking and building relationships with professionals in the industry.
• Proactively standing out in the job search process, such as by writing reports or asking questions, can make a candidate more memorable and increase their chances of getting hired.
• Continuous learning and pursuing certifications can help job seekers demonstrate their commitment to improving their skills and staying up-to-date in the field.
• The OSCP certification is highly regarded and a good starting point for those interested in network penetration testing.
• Higher-level certifications like OSEP, OSWE, and OSED require a deeper understanding of specific topics and may be more challenging.
• Real-world experience and practical application of skills are crucial for success in advanced certifications.
• Perseverance is key in the job search process, as rejection is common in the cybersecurity field.
• Getting involved in the cybersecurity community can provide valuable networking opportunities and support.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

In this conversation, Kyser Clark interviews Nathan Rice, a senior penetration tester, about his background and experience in cybersecurity. They discuss the differences between penetration testing and red team operations, the importance of starting with penetration testing before moving to red teaming, and the challenges and rewards of obtaining certifications. They also touch on the skills required for malware development and the importance of staying up to date with evolving techniques. Nathan shares advice for aspiring red team operators and emphasizes the need to be proactive and not be afraid to ask questions.

Connect with Nathan Rice: https://www.linkedin.com/in/nathan-rice-b52209123/

Takeaways

• Penetration testing and red team operations have distinct differences, with red teaming requiring more patience, stealth, and intent to emulate real-world threat adversaries.
• Starting with penetration testing before transitioning to red team operations is recommended, as the skills learned in penetration testing translate well to red teaming.
• Obtaining certifications in cybersecurity, such as OSCP and OSEP, can be challenging and may require multiple attempts, but they provide valuable knowledge and recognition in the field.
• Malware development skills are important for red team operators, as having the ability to create custom tools and bypass EDRs is crucial for success.
• Aspiring red team operators should not be afraid to ask questions, be proactive, and not get caught up in analysis paralysis. Getting caught is part of the learning process and should be used as an opportunity to improve.
• Moving with intent and being able to think creatively are essential skills for red team operators, as they need to constantly adapt and find new ways to bypass defenses.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

Kyser Clark interviews Aaron Tran, a military veteran who successfully transitioned into a career in cybersecurity. They discuss Aaron's journey from the military to becoming a penetration tester, the challenges he faced, and the steps he took to bridge the gap between non-cyber and cyber roles. They also touch on the importance of having a plan and utilizing resources like the SkillBridge internship program. Aaron shares his insights on paying ransomware demands, the value of the TCM Practical Career Ready Professional program, and the need for kindness and collaboration in the cybersecurity field.

Connect with Aaron Tran on LinkedIn: https://www.linkedin.com/in/aarontran-anasec/

Takeaways

• Having a plan is crucial when transitioning from the military to a career in cybersecurity
• Utilize resources like the SkillBridge internship program to gain real-world experience
• Paying ransomware demands is not recommended, but there may be situations where it's the only option
• The TCM Practical Career Ready Professional program can provide valuable training and networking opportunities
• Soft skills are essential in cybersecurity, as they help with client interactions and job interviews
• Don't let the noise and conflicting advice in the cybersecurity field discourage you
• Reach out to fellow veterans for support and camaraderie
• Kindness and collaboration are important in the cybersecurity field

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

In this conversation, Kyser Clark interviews Ryan Daub, an Offensive Security Analyst Associate, about his journey in cybersecurity and his current role as an internal penetration tester for healthcare organizations. They discuss topics such as landing a job in cybersecurity, the role of AI in penetration testing, the differences between internal and consulting pentesting, the importance of collaboration between red and blue teams, and the value of continuous learning in the field. Ryan also shares his advice for aspiring cybersecurity professionals.

Connect with Ryan Daub on LinkedIn: https://www.linkedin.com/in/ryan-daub-b87b9b216/

Takeaways

• Landing a job in cybersecurity requires dedication, self-awareness, and demonstrating your skills through personal projects and documentation.
• AI is a useful tool in penetration testing, but it is not yet capable of fully automating the process due to the complexity and constant evolution of technology and environments.
• The role of an internal penetration tester in healthcare organizations involves conducting compliance testing, red team engagements, and collaborating closely with the blue team.
• Continuous learning and staying up to date with industry trends and certifications, such as OSCP and CRTO, are essential for career growth in offensive security.
• Collaboration and knowledge sharing within the cybersecurity community are crucial for personal and professional development.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.

In this conversation, Kyser Clark interviews Mike Finkel, a penetration tester, about his background and experiences in the cybersecurity field. They discuss certifications, the importance of customer service skills in pentesting, and the role of AI in the industry. Mike shares his hot take on AI, expressing his excitement for its potential in pentesting. They also touch on the value of getting out of one's comfort zone and overcoming social anxiety. Overall, the conversation provides insights into pentesting and the skills and knowledge needed to succeed.

Takeaways

• Certifications such as OSCP, OSWE, and CRTP can be valuable in pentesting, providing a baseline of knowledge and helping with specific areas like web application testing and source code review.
• Customer service skills are important in pentesting, as effective communication with clients can lead to better relationships and repeat business.
• Getting out of your comfort zone and overcoming social anxiety can benefit personal and professional growth.
• AI is a hot topic in the cybersecurity field, with potential applications in pentesting, but it should be used with caution and not relied upon as the sole solution.
• AI tools like ChatGPT can be helpful in research and information gathering, but their results should be verified and not blindly trusted.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark

Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.