#25 Beyond Compliance: How Hackers Think and What Companies Miss ft. Albert Corzo

12/11/24 • 41 min

Kyser Clark engages with cybersecurity expert Albert Corzo, who shares his extensive experience in ethical hacking, bug bounty programs, and the importance of certifications in the field. Albert discusses his past experiences, including hacking the U.S. government, and emphasizes the need for understanding cybercrime and threat actors to better protect organizations. The conversation also covers the differences between compliance and security, the challenges of bug bounty hunting, and the significance of mentorship in cybersecurity careers.
Bug bounty programs can serve as a practical playground for ethical hackers.
Understanding how cybercriminals operate is crucial for effective security measures.
Compliance does not equate to security; companies must prioritize actual data protection.
Phishing remains a significant threat, accounting for 70% of attacks.
Real-world experience is invaluable in cybersecurity, beyond just certifications.
Adversary simulations can help organizations prepare for potential attacks.
Networking and mentorship are key components for success in cybersecurity careers.
Connect with Albert on LinkedIn: https://www.linkedin.com/in/alberto-corzo-gonzalez/
Check out the Coffee&&Pizza Podcast: https://youtu.be/hcLMYEb8yA4?si=UmoHImLAUTNOxce4

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.

Previous Episode

#24 Building a Career Together: Lessons from Clint & Si The Hackers

Kyser Clark is joined by Simon and Clint from the YouTube channel 'Clint & Si The Hackers.' They discuss their journey into cybersecurity, the importance of practical experience over formal education, and the benefits of collaboration in building a successful career. The conversation covers various aspects of penetration testing, the challenges faced in their careers, and the significance of certifications and continuous learning in the field.
Watch Clint & Si The Hackers On YouTube: https://www.youtube.com/@_The_hackers
Connect with Clint on Linkedin: https://www.linkedin.com/in/clinton-elves-180ba0148/
Connect with Simon on Linkedin: https://www.linkedin.com/in/simon-exley-355816194/

Takeaways

A college degree is not essential for a cybersecurity career.
Practical experience is more valuable than theoretical knowledge.
Collaboration can significantly enhance career growth.
Networking and building relationships are crucial in the industry.
Certifications can help in career advancement.
Learning from peers can accelerate skill development.
The cybersecurity field is diverse with many specializations.
Challenges faced in moving countries can lead to personal growth.
Engaging with the community through platforms like LinkedIn is beneficial.
Continuous learning is key to staying relevant in cybersecurity.

Next Episode

#26 Q&A: The Certification Everyone Asks For (Is It Overrated?)

In this Q&A episode, Kyser Clark addresses various questions related to cybersecurity certifications, focusing on the relevance of CISSP in 2025, the comparison between CPTS and OSCP, and the role of OSCP as a gatekeeper certification. He also discusses the value of TCM and INE certifications and provides insights on the time investment required for the eJPT certification. The conversation emphasizes the importance of experience and practical knowledge in the cybersecurity field.
Takeaways

CISSP remains the most in-demand certification in cybersecurity.
Experience is crucial for obtaining CISSP certification.
CISSP covers a broad range of cybersecurity topics.
CPTS is considered harder than OSCP but less recognized.
OSCP is still the most sought-after certification for pentesters.
TCM certifications do not expire, unlike INE certifications.
Hands-on experience is vital for success in cybersecurity roles.
The time to complete certifications varies based on individual study habits.
Employers may not require OSCP for all pentesting positions.
Certifications should align with career goals and job requirements.

The Hacker's Cache - #25 Beyond Compliance: How Hackers Think and What Companies Miss ft. Albert Corzo

Transcript

[Albert Corzo] (0:00 - 0:24)

That's why 70% of the infections come from fishing because fishing and do you know also many people still get trapped or get hooked by the Nigerian Prince or But it's still working in 2024 it's like crazy, right And I did some investigation. It was so funny.

[Kyser Clark] (0:24 - 2:06)

Hi I'm Kyser Clark and welcome to the hackers cash the show that decrypts the secrets of offensive security One bite at a time every week. I invite you into the wo