The Hacker's Cache

Kyser Clark interviews Patrick Gorman, also known as InfoSec Pat, a seasoned cybersecurity professional with over 23 years of experience. They discuss the importance of certifications in the cybersecurity field, the challenges of retaining knowledge, and the journey of creating educational content on YouTube. Pat shares insights on his motivations for teaching and mentoring others, as well as his thoughts on bug bounty programs and the value of collaborative learning.
Check out InfoSec Pat on YouTube: https://www.youtube.com/c/InfoSecPat
And Connect with Patrick Gorman on LinkedIn: https://www.linkedin.com/in/infosecpat/
Takeaways

• Certifications are valuable but do not guarantee knowledge.
• Creating content can be a way to reinforce one's own learning.
• Bug bounty programs can be approached collaboratively for better results.
• Teaching others can be a fulfilling way to give back to the community.
• Staying updated with technology is essential in the fast-paced field of cybersecurity.
• Networking with peers can enhance learning experiences.
• The journey of creating educational content can be challenging yet rewarding.
• Certifications should align with personal interests and career goals.
• Mentoring others can help bridge the knowledge gap in the industry. Unique perspectives in teaching can enhance learning.
• Mentoring should be valued and compensated.
• Burnout is a real challenge in cybersecurity careers.
• Engaging instructors can make a significant difference in learning.
• Networking is crucial for career advancement in cybersecurity.
• Free help often leads to a lack of appreciation.
• Taking breaks is essential to avoid burnout.
• Having a structured schedule can help manage time effectively.
• Family should always be prioritized over work.
• Different instructors resonate with different learners.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

Cybersecurity professionals Kyser Clark and Pranit Garud (RootSploit) discuss their experiences in the field. They cover topics such as bug bounty programs, the role of an offensive security engineer, and the differences between consulting and working for a Fortune 500 company. Pranit shares tips for getting started in bug bounty hunting and emphasizes the importance of understanding the business logic of a company. He also highlights the need for a mindset shift when transitioning from consulting to an internal security role.
Connect with Pranit on LinkedIn: https://www.linkedin.com/in/pranit-garud/
Takeaways

• Bug bounty hunting requires a proactive and research-oriented mindset, as well as a deep understanding of the target company's technologies and business logic.
• Working as an offensive security engineer in a Fortune 500 company offers the opportunity to see the inner workings of the organization and make a greater impact on security.
• Transitioning from consulting to an internal security role requires a shift in focus from exploitation to securing and collaborating with developers.
• Building a close relationship with developers and understanding their challenges can lead to more effective security measures.
• The pace of work in a Fortune 500 company may be slower due to approval processes and the need for careful consideration of potential impacts.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

In this conversation, Kyser Clark interviews Nathan Rice, a senior penetration tester, about his background and experience in cybersecurity. They discuss the differences between penetration testing and red team operations, the importance of starting with penetration testing before moving to red teaming, and the challenges and rewards of obtaining certifications. They also touch on the skills required for malware development and the importance of staying up to date with evolving techniques. Nathan shares advice for aspiring red team operators and emphasizes the need to be proactive and not be afraid to ask questions.
Connect with Nathan Rice: https://www.linkedin.com/in/nathan-rice-b52209123/
Takeaways

• Penetration testing and red team operations have distinct differences, with red teaming requiring more patience, stealth, and intent to emulate real-world threat adversaries.
• Starting with penetration testing before transitioning to red team operations is recommended, as the skills learned in penetration testing translate well to red teaming.
• Obtaining certifications in cybersecurity, such as OSCP and OSEP, can be challenging and may require multiple attempts, but they provide valuable knowledge and recognition in the field.
• Malware development skills are important for red team operators, as having the ability to create custom tools and bypass EDRs is crucial for success.
• Aspiring red team operators should not be afraid to ask questions, be proactive, and not get caught up in analysis paralysis. Getting caught is part of the learning process and should be used as an opportunity to improve.
• Moving with intent and being able to think creatively are essential skills for red team operators, as they need to constantly adapt and find new ways to bypass defenses.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

Kyser Clark engages with cybersecurity expert Albert Corzo, who shares his extensive experience in ethical hacking, bug bounty programs, and the importance of certifications in the field. Albert discusses his past experiences, including hacking the U.S. government, and emphasizes the need for understanding cybercrime and threat actors to better protect organizations. The conversation also covers the differences between compliance and security, the challenges of bug bounty hunting, and the significance of mentorship in cybersecurity careers.
Bug bounty programs can serve as a practical playground for ethical hackers.
Understanding how cybercriminals operate is crucial for effective security measures.
Compliance does not equate to security; companies must prioritize actual data protection.
Phishing remains a significant threat, accounting for 70% of attacks.
Real-world experience is invaluable in cybersecurity, beyond just certifications.
Adversary simulations can help organizations prepare for potential attacks.
Networking and mentorship are key components for success in cybersecurity careers.
Connect with Albert on LinkedIn: https://www.linkedin.com/in/alberto-corzo-gonzalez/
Check out the Coffee&&Pizza Podcast: https://youtu.be/hcLMYEb8yA4?si=UmoHImLAUTNOxce4

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

In this solo episode, Kyser Clark discusses the accessibility of cybersecurity careers, emphasizing that anyone can enter the field regardless of their background. He shares his personal journey from blue-collar jobs to becoming a penetration tester, highlighting the importance of certifications and continuous learning. Kyser provides actionable steps for breaking into cybersecurity, including gaining tech experience, obtaining certifications, and effectively marketing oneself. He concludes by encouraging listeners to remain persistent and adaptable in their job search, reminding them that while anyone can enter the field, competition is fierce.
Takeaways

• Anyone can get into cybersecurity regardless of background.
• Certifications are often more beneficial than college degrees.
• Learning from failure is a crucial part of the process.
• You don't need to be good at math to work in tech.
• Discipline and hard work are essential for success.
• Aggressive patience is key in the job search process.
• Rejections are often due to cultural fit, not skill level.
• Networking and marketing oneself are vital for job hunting.
• Internships are a great way to gain experience.
• Continuous learning is necessary to advance in cybersecurity.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.