Ep.8 - Marcus Sailler, Global Director of Red Team at MUFG

11/27/24 • 133 min

In this episode of Hackers to Founders, Chris Magistrado interviews Marcus Sailler, a seasoned expert in cybersecurity with over 25 years of experience. They discuss Marcus's journey from the military to leading red teams, the importance of understanding business impact in cybersecurity, and the nuances of interviewing in the field. Marcus shares insights on building effective red teams, the significance of program development, and how aspiring professionals can transition from pen testing to red teaming. The conversation emphasizes the need for intellectual curiosity, practical experience, and the ability to communicate effectively within organizations. In this conversation, Chris and Marcus delve into the dynamics between red and blue teams, discussing the transition of professionals between these roles and the importance of understanding various vulnerabilities. They explore the relevance of legacy vulnerabilities in modern cybersecurity, the challenges faced in building effective red team programs, and the ethical considerations surrounding the use of zero-day vulnerabilities. Additionally, they highlight the significance of industry breaches in validating security programs and the value of certifications and training for aspiring red teamers. In this conversation, Chris and Marcus delve into various aspects of cybersecurity, focusing on the importance of critical thinking in exams, the transition from on-premises to cloud environments, and the necessity of understanding cloud infrastructure for red teaming. They also explore social engineering techniques, particularly vishing, and discuss the #WeHackHealth movement, which combines fitness and cybersecurity. Additionally, they touch on the discovery of CVEs and the challenges of vulnerability management in software. In this conversation, Chris REal0day and Marcus Sailler discuss various aspects of the cybersecurity industry, including investment opportunities, content creation strategies, the importance of networking, and career transitions. They explore the challenges of building relationships in a corporate environment, the significance of soft skills, and the complexities of navigating global cybersecurity issues. The discussion also touches on the differences between vulnerability research and red teaming, highlighting the unique challenges and rewards of each career path. In this conversation, Marcus Sailler and Chris REal0day delve into various aspects of cybersecurity, leadership dynamics, cultural insights, and personal growth. They discuss the challenges of reporting vulnerabilities without rewards, the complexities of different leadership styles, and the importance of understanding interpersonal relationships through concepts like love languages. The conversation also touches on the significance of cultural adaptation in language learning, the tools essential for cybersecurity professionals, and the value of continuous training and development in red teaming. Additionally, they share insightful book recommendations that emphasize resilience and self-awareness in both personal and professional contexts.

Takeaways

Red teamers must understand the business impact of their findings.
Interviews should be interactive and allow for discussion.
Early career experiences can be valuable in cybersecurity.
Joining the military can provide a strong foundation for IT careers.
Building a red team requires maturity in the organization's security posture.
Learning from experts and networking is crucial for career development.
Program development is essential for legitimizing red team efforts.
Demonstrating curiosity and initiative can help in career transitions.
Creating internal communities can foster talent and interest in cybersecurity.
Understanding operating systems is key for effective red teaming. Red teamers often transition from blue team roles due to frustration with unaddressed issues.
Understanding foundational vulnerabilities is still valuable, even if less prevalent.
The usefulness of vulnerabilities depends on the organization's maturity and vulnerability management program.
Building a red team requires investment in talent development and retention.
Using industry breaches can effectively validate the need for security programs.
Ethical considerations arise when using zero-day vulnerabilities in demonstrations.
Training and certifications are crucial for effective red teaming.
Practical experience is essential for understanding red team operations.
The urgency of red teaming requires quick execution in complex environments.
A strong understanding of both offensive and defensive strategies is necessary for red team success. The exam structure emphasizes critical thinking and situational awareness.
Understanding cloud infrastructure is crucial for aspiring ...

Takeaways

Red teamers must understand the business impact of their findings.
Interviews should be interactive and allow for discussion.
Early career experiences can be valuable in cybersecurity.
Joining the military can provide a strong foundation for IT careers.
Building a red team requires maturity in the organization's security posture.
Learning from experts and networking is crucial for career development.
Program development is essential for legitimizing red team efforts.
Demonstrating curiosity and initiative can help in career transitions.
Creating internal communities can foster talent and interest in cybersecurity.
Understanding operating systems is key for effective red teaming. Red teamers often transition from blue team roles due to frustration with unaddressed issues.
Understanding foundational vulnerabilities is still valuable, even if less prevalent.
The usefulness of vulnerabilities depends on the organization's maturity and vulnerability management program.
Building a red team requires investment in talent development and retention.
Using industry breaches can effectively validate the need for security programs.
Ethical considerations arise when using zero-day vulnerabilities in demonstrations.
Training and certifications are crucial for effective red teaming.
Practical experience is essential for understanding red team operations.
The urgency of red teaming requires quick execution in complex environments.
A strong understanding of both offensive and defensive strategies is necessary for red team success. The exam structure emphasizes critical thinking and situational awareness.
Understanding cloud infrastructure is crucial for aspiring ...

Previous Episode

Ep.7 - Lauro Perez, Host of Exploit Brokers

Chris REal0day interviews Lauro Perez, a seasoned software engineer and cybersecurity enthusiast, exploring his journey from a young computer enthusiast to a professional in the field. Lauro shares pivotal career moments, including a life-changing scholarship, navigating job offers, overcoming imposter syndrome, and the importance of mentorship. The conversation highlights AI’s role in learning, the evolution of cybersecurity, and challenges like ransomware-as-a-service and bug bounty programs. Lauro emphasizes soft skills, networking, and balancing work with personal growth while reflecting on ethical considerations in tech. They also discuss content creation in cybersecurity, hands-on learning, unscripted podcasting, and future aspirations. Touching on AI, true crime, and gaming, the dialogue offers insights into the evolving tech landscape and personal growth.

Key Takeaways

Lauro's passion for computers began at age 10, with perseverance shaping his career.
A scholarship was pivotal, and networking led to multiple job offers.
Soft skills, confidence, and concrete achievements are crucial in interviews.
Mentorship and self-study greatly impact career growth.
AI tools aid in learning, cybersecurity, and content creation.
Balancing work, family, and personal projects is essential.
Imposter syndrome is common but manageable with self-belief.
Challenges in cybersecurity include AI's role, unfair bug bounty rewards, and ransomware-as-a-service.
Sharing knowledge empowers others and reinforces personal learning.
Trends like AI and diverse representation are reshaping cybersecurity.
Hands-on learning is critical, as computer science education often lacks depth.
Authentic, unscripted content fosters engaging discussions.
Collaboration and personal experiences inspire innovation in tech, health, and gaming.

Lauro Perez
LinkedIn - https://www.linkedin.com/in/lauroperezjr/

Exploit Brokers
Website - https://exploitbrokers.com/
YouTube - https://www.youtube.com/@exploitbrokers
Spotify - https://open.spotify.com/show/3YRafqb2OGxfXgoIPfRbe2?si=40e21cd5ac0b45c0
Rumble - https://rumble.com/user/ExploitBrokers

Visit our website: https://HackersToFounders.com

Next Episode

Ep.9 - Maxie Reynolds, Founder of Subsea Cloud

Join our Discord! https://discord.gg/NWN3ehgmwP

In this episode of the Hackers to Founder podcast, host Chris REal0day interviews Maxie Reynolds, a pioneer in sustainable technology and cybersecurity. Maxie shares her unique journey from working offshore as a ROV pilot to founding Subsea Cloud, a company focused on underwater data centers. She discusses overcoming family expectations, her experiences in the offshore industry, and her transition into cybersecurity. The conversation also touches on cultural differences experienced while living in Alabama and Australia, her philosophy on life choices, and her brief foray into the entertainment industry as a stuntwoman and actress. In this conversation, Maxie shares his experiences ranging from cultural misunderstandings to the challenges faced during red team engagements in cybersecurity. He discusses his transition from working at PWC to starting his own firm, emphasizing the importance of networking and building a client base. Maxie also highlights the significance of continuous learning through reading and debates the effectiveness of carbon capture and other environmental solutions. Finally, he introduces his company, Subsea Cloud, which focuses on innovative data center efficiency. In this conversation, Maxie discusses the intricacies of subsea operations, emphasizing the cost efficiency and energy dynamics involved. He shares insights on the challenges faced by startups, particularly in navigating the enabler's dilemma and the impact of antitrust regulations. The discussion also covers client acquisition strategies, the exploration of GPU trials, and the landscape of crypto mining. Maxie highlights the importance of networking and building authentic connections, while also touching on the art of social engineering and perceptions in networking. In this engaging conversation, Chris and Maxie delve into the intricacies of red teaming, the importance of social engineering, and the profound impact of literature on personal and professional development. They discuss their dream team for red team engagements, share insights on various influential books, and reflect on the writing process and its challenges. The dialogue highlights the significance of knowledge sharing and the role of imagination in problem-solving, culminating in a thoughtful exploration of happiness and lifestyle choices.

Takeaways

Maxie Reynolds is a trailblazer in sustainable technology and cybersecurity.
She overcame family expectations to pursue a career offshore.
Maxie's journey includes working as a ROV pilot and in underwater robotics.
She transitioned into cybersecurity and founded her own company.
Cultural experiences in Alabama and Australia shaped her perspective.
Maxie emphasizes the importance of taking opportunities in life.
She believes parenting is a challenging and thankless task.
Maxie's philosophy is to live an interesting life without regrets.
She has a unique background in stunt work and acting.
Maxie's experiences highlight the intersection of technology and personal growth. Cultural identity can lead to misunderstandings in professional settings.
Red team engagements can present unexpected challenges.
Transitioning to entrepreneurship often involves risk and uncertainty.
Networking is crucial for building a client base.
Continuous learning through reading is essential for personal growth.
Carbon capture technology faces significant challenges and skepticism.
Data centers can be made more efficient through innovative cooling solutions.
Being likeable, driven, and smart are key traits for success.
Understanding the technical aspects of environmental issues is vital.
Networking can lead to unexpected opportunities. Water has a high specific heat, affecting ocean warming.
Subsea operations can be significantly cheaper than traditional methods.
Startups often face challenges due to the enabler's dilemma.
Antitrust movements can benefit startups by reducing acquisitions.
Determination and synthesis of information are key to startup success.
Client trials are a common strategy for acquiring larger companies.
The crypto mining market presents unique opportunities and challenges.
Targeting large companies is a primary focus for growth.
Funding strategies are crucial for operational success.
Networking authentically can lead to valuable connections. Max shares his ideal red team members, emphasizing their unique skills.
Social engineering is a crucial aspect of red team engagements.
Books like 'The Artist's Direction' and 'Atomic Habits' are influential.
Maxie prefers actionable, research-based books over self-help.
The conversation touches o...