We think we know how to build differentiating skills in offsec

01/16/24 • 54 min

There’s a constant loop of learning, doing, and improving in offensive security. And one way to develop the “muscle” to tackle complex security challenges is through hands-on training. That’s what IppSec, our guest, does with kindness, passion, and in the community’s best interest.

IppSec helps us bust a couple of common myths which, if left unquestioned, may alter learning, distort results, and, ultimately, create big gaps in understanding, all of which can undermine your future success.

Press play to listen to IppSec explain:

Why recon requires constantly "reading between the lines" [03:20]
Why AI can’t find business logic vulnerabilities [08:23]
Why genuine communication with clients is essential [12:48]
How rewarding and valuable it is to invest in the open-source community [17:35]
How discipline makes a difference and how to develop it [24:00]
How pentesting and bug bounty hunting complement each other [27:00]
How you can build specific skills that differentiate you in the community [35:36]
How to develop your own learning system [38:04]
Why it matters to make constant learning a positive experience [44:48]

IppSec’s generosity to share so many practical, valuable examples will help you get a better understanding of this discipline and enhance your knowledge.

Press play to listen to IppSec explain:

Why recon requires constantly "reading between the lines" [03:20]
Why AI can’t find business logic vulnerabilities [08:23]
Why genuine communication with clients is essential [12:48]
How rewarding and valuable it is to invest in the open-source community [17:35]
How discipline makes a difference and how to develop it [24:00]
How pentesting and bug bounty hunting complement each other [27:00]
How you can build specific skills that differentiate you in the community [35:36]
How to develop your own learning system [38:04]
Why it matters to make constant learning a positive experience [44:48]

IppSec’s generosity to share so many practical, valuable examples will help you get a better understanding of this discipline and enhance your knowledge.

Previous Episode

We think we know the value of first principles in offensive security

Ready to excel in offensive security this year? Delve into the mind of Vivek Ramachandran, a cybersecurity virtuoso who’s seen (and learned) a lot in this field.

He's a force that fuels both his current company and the broader cybersecurity landscape with original thinking, educational and actionable insights.

And there's more to Vivek than just technical savvy. He's on a mission to revolutionize how we view ethical hackers and infosec pros, using his captivating comic books to challenge cliches and spark a new wave of enthusiasm in the next generation.

Tune in for this insightful episode with Vivek to find out:

Why people mistakenly equate offensive security with functional testing [04:36]
How (and why) the Hackers: Superheroes of the Digital Age comics came to be [07:13]
Why first principles are essential in mastering and elevating security concepts [12:31]
How to build your career on curiosity, gut feeling, generosity, and perseverance [19:33]
Why we need human ingenuity as the nature of what we automate changes [29:10]
What an entrepreneurial adventure will teach you about yourself - and others [43:45]
How being part of the infosec community changes your work, thinking, and career [51:00]

Vivek’s vast career is a rich source of inspiration if you’re ready to practice extreme ownership, radical candor, and achieve the kind of alignment between your principles and actions that will propel your work and life to the next level.

Resources from this episode:

Vivek on LinkedIn
Vivek’s story in cybersecurity
Comic books - Hackers: Superheroes of the digital age
Vivek on the Philip Wylie Show
Advanced Wi-Fi security with Vivek at DEF CON 23
Training courses on Pentester Academy
OSI model layers

Next Episode

We think we know what it feels like when we do a good job

Today’s guest, Willa Riggins, talks about how “every small piece contributes to the larger picture” in pentesting and explains why “it's about understanding the intricacies and appreciating the craftsmanship."

From the mindset behind excellent pentesting work to the (difficult) things that are never going to change in this space, we glide through Willa’s experiences, hard-earned know-how, and thoughtful approach.

Dive straight into the convo to learn:

Why you need to get comfortable with trial and error to enjoy pentesting [03:43]
The key lesson Willa learned from working in app security [09:45]
How to focus on your craft when reporting vulnerabilities [13:14]
The challenges pentest teams face in making their work count [19:07]
The realistic, reasonable way to use automation in pentesting [24:28]
Two aspects of the hacker mindset worth cultivating [28:36]
Why (and how) having a hobby outside pentesting makes you more productive [33:33]
How to set realistic expectations around developing a career in the field [36:42]
What will be the key differentiating factor in penetration testing [42:40]

We believe you’ll get wisdom and inspiration from this kind and generous conversation. Willa will help you get a broader understanding of this field highlighting the fundamental role of people and teamwork.

Just hit play!