#14 Social Engineering Unleashed: DEF CON Insights from Jacob Villarreal

09/25/24 • 34 min

Kyser Clark interviews Jacob Villarreal, a penetration tester, about his journey into the cybersecurity field, his experiences at DEFCON, and various topics related to cybersecurity. Jacob shares his background, including his education, certifications, and transition from IT roles to penetration testing. The discussion covers the importance of networking, volunteering at conferences, and key cybersecurity issues such as biometrics, automation, boot camps, and the role of certifications. Jacob also offers insights into social engineering and advice for those interested in pursuing a cybersecurity career.
Connect with Jacob Villarreal on LinkedIn: https://www.linkedin.com/in/jacob-villarreal-utsa/
Takeaways:

Cybersecurity should be a top priority for companies, but financial considerations often take precedence.
Networking is crucial in the cybersecurity field and can lead to valuable connections and opportunities.
Social engineering is an important skill for red teamers, and building rapport and trust is essential in these engagements. Studying sales techniques can be helpful in this regard.
Conferences like DEFCON offer valuable learning and networking opportunities, though the cost should be carefully considered.
Engaging in conversations with people in public settings can improve social skills and lead to unexpected connections.
Reaching out to professionals in the cybersecurity field through platforms like LinkedIn can provide valuable insights and advice.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

Cybersecurity should be a top priority for companies, but financial considerations often take precedence.
Networking is crucial in the cybersecurity field and can lead to valuable connections and opportunities.
Social engineering is an important skill for red teamers, and building rapport and trust is essential in these engagements. Studying sales techniques can be helpful in this regard.
Conferences like DEFCON offer valuable learning and networking opportunities, though the cost should be carefully considered.
Engaging in conversations with people in public settings can improve social skills and lead to unexpected connections.
Reaching out to professionals in the cybersecurity field through platforms like LinkedIn can provide valuable insights and advice.

Previous Episode

#13 Hacking Time: Real World Skills They Don't Teach You | Trent Darrow

Kyser Clark interviews Trent Darrow, a senior penetration tester and cyber protection team crew lead. They discuss Trent's background, certifications, and his role in building a red team. They also touch on ethical dilemmas in the industry, the effectiveness of certifications in preparing for real-world pen testing, and the importance of skills like time management and effective communication. In this conversation, Trent and Kyser discuss time management in cybersecurity exams, the challenges of scanning large networks, the role of a cyber warfare technician, the transition between civilian and military careers, strategies for preparing for the OSCP and OSEP exams, the value of participating in CTFs, and the future of the cybersecurity field.
Connect with Trent Darrow on LinkedIn: https://www.linkedin.com/in/trenton-darrow/

Takeaways:
Trent's background spans help desk, IT specialist roles, network engineering, and cybersecurity contracting, with certifications like OSCP, GCFA, GWAPT, GPEN, and GCPN.
Real-world skills like time management, note-taking, and communication are crucial, differing from those needed for exams or CTFs.
Ethical dilemmas, such as downgrading findings to please clients, can be common in the industry.
Preparing for certifications like OSCP and OSEP requires practice, extensive note-taking, and ensuring tools work properly through a proxy.
AI isn't a threat to cybersecurity jobs, but learning web application security is essential for staying competitive.

Next Episode

#15 From Zero to Hero: How Anyone Can Succeed in Cybersecurity

In this solo episode, Kyser Clark discusses the accessibility of cybersecurity careers, emphasizing that anyone can enter the field regardless of their background. He shares his personal journey from blue-collar jobs to becoming a penetration tester, highlighting the importance of certifications and continuous learning. Kyser provides actionable steps for breaking into cybersecurity, including gaining tech experience, obtaining certifications, and effectively marketing oneself. He concludes by encouraging listeners to remain persistent and adaptable in their job search, reminding them that while anyone can enter the field, competition is fierce.
Takeaways

Anyone can get into cybersecurity regardless of background.
Certifications are often more beneficial than college degrees.
Learning from failure is a crucial part of the process.
You don't need to be good at math to work in tech.
Discipline and hard work are essential for success.
Aggressive patience is key in the job search process.
Rejections are often due to cultural fit, not skill level.
Networking and marketing oneself are vital for job hunting.
Internships are a great way to gain experience.
Continuous learning is necessary to advance in cybersecurity.

The Hacker's Cache - #14 Social Engineering Unleashed: DEF CON Insights from Jacob Villarreal

Transcript

[Jacob Villarreal] (0:00 - 0:31)

To be on the path of being a really good red teamer, you will need social engineering skills. Having that skill set of social engineering whenever you go into red team engagements is a huge plus. That's what's worked for me to get internal access on my red team engagement.

It's always been through social engineering. So I went into a conference room, found the network port, plugged it into my laptop, and that's whenever the four other people were l