Phillip Wylie Show

Summary In this episode of the Phillip Wylie Show, Stök shares his journey from a technical background in infrastructure to becoming a successful bug bounty hunter and content creator. He emphasizes the importance of communication skills in the cybersecurity field, offers tips for aspiring content creators, and discusses the significance of building a personal brand. Stök also highlights the need for balance in life, the value of understanding target needs in bug bounty hunting, and the challenges of dealing with online criticism. Takeaways • Stök transitioned from infrastructure to web hacking. • Communication skills are crucial in bug bounty reporting. •Content creation can open many professional doors. • Being authentic helps in building a personal brand. • Understanding the target's needs is key in bug bounty. • Balancing hobbies with work is essential for mental health. • Starting with simple tools is enough for bug bounty beginners.• Automation should aid, not replace manual testing. • Building a personal brand requires consistency and authenticity. • Online criticism is common; focus on constructive feedback. Chapters 00:00 Introduction to Stök and His Journey 01:21 The Allure of Bug Bounty Hunting 06:15 Stök 's Technical Background and Transition to Web Hacking 08:32 The Path to Bug Bounty: A Personal Story 13:48 The Importance of Communication in Bug Bounty 16:57 Content Creation Tips and Building a Personal Brand 22:22 Dealing with Criticism and Haters 29:04 Building an Authentic Personal Brand 32:04 The Importance of Hobbies and Balance 35:39 Getting Started in Bug Bounty Hunting Resources https://www.linkedin.com/in/fredrikalexandersson/ https://x.com/stokfredrik https://www.stokfredrik.com/

Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Han Kanthi, a seasoned entrepreneur and cybersecurity expert. They discuss Han's journey from the corporate world to starting his own company, the importance of data security, and how AI is transforming the cybersecurity landscape. Han shares insights on building a motivated team, the challenges of sales, and the significance of proactive data security measures in today's digital age. Takeaways Han Kanthi has over 25 years of corporate experience before starting his entrepreneurial journey. The adoption of AI has significantly revamped Han's platform. Networking and attending smaller conferences can yield better results than larger events. Proactive data security is crucial in preventing breaches. Han emphasizes the importance of a motivated and young team in a startup. Lessons from the corporate world are invaluable for entrepreneurs. Sales acumen can be developed through networking and experience. AI is being leveraged for anomaly detection in data security. The journey of entrepreneurship is challenging but rewarding. Data security is a critical aspect of cybersecurity that needs attention. Resources https://www.linkedin.com/in/kanthi/ https://www.linkedin.com/company/kdex-global/ https://www.linkedin.com/company/anciledspm/ http://www.ancile.ai http://www.kdexglobal.com/

Summary In this episode of the Phillip Wylie Show, Celina Stewart, Directory of Cyber Risk Management at Neuvik, discusses her journey in cybersecurity, focusing on the often-overlooked area of risk management. She emphasizes the importance of translating technical cybersecurity insights into business language, the need for diverse career paths in the field, and the value of education and certifications. The conversation also covers frameworks for effective risk management, the challenges faced in the industry, and the importance of communication between technical and non-technical teams. Takeaways Risk management is essential for understanding business impact. There is a significant divide between offensive security and risk management. Non-technical skills can be valuable in cybersecurity roles. Understanding risk can enhance communication with executives. Education and certifications are important for a career in risk management. Familiarity with NIST frameworks is crucial for risk management professionals. Risk quantification is a specialized skill that is in demand. Effective communication is key to translating technical findings for business leaders. Mindset shifts are necessary for executives to embrace risk management. There are numerous opportunities for diverse backgrounds in cybersecurity. Sound Bites "Risk management is crucial in cybersecurity." "Communication is key in risk management." "Mindset shifts are needed in risk management." Resources https://www.linkedin.com/in/celina-r-stewart/ https://neuvik.com/

Summary In this episode, Phillip Wylie engages with David Malicoat and Vivek Ramachandran to discuss the evolving role of the Chief Information Security Officer (CISO) in today's cybersecurity landscape. They explore the unique challenges faced by CISOs, particularly in the context of direct marketing and data protection, the impact of AI and automation on security practices, and the limitations of traditional security solutions. The conversation also delves into the future challenges for CISOs and the importance of adapting to new threats in an increasingly digital world. Takeaways David Malicoat emphasizes the importance of understanding threats in the context of specific tools. The browser is becoming a critical endpoint for security measures. CISOs need to identify and address vulnerabilities among users. AI and automation are essential for scaling security efforts. Traditional security solutions often fall short in addressing modern threats. The demand for effective cybersecurity solutions is continuously increasing. CISOs must prioritize application security (AppSec) in their strategies. There is a need for better visibility into user behavior and security risks. The uptake of SASE solutions has not met expectations in the industry. Future cybersecurity strategies must focus on browser security and threat detection. Sound Bites "The uptake on SASE just hasn't been there." "I need to understand how that threat looks." "We need to make AppSec a priority." Chapters 00:00 Introduction to the CISO Perspective 09:38 The Journey into Cybersecurity and Podcasting 13:52 Challenges in Direct Marketing and Data Protection 18:46 Addressing Browser-Based Vulnerabilities 22:09 Enhancing Security Awareness Training 23:13 AI and Automation in Cybersecurity 26:36 Navigating Risks with AI Tools 27:33 Browser DLP: A New Approach to Security 31:23 Limitations of Traditional Security Solutions 32:27 The Evolution of Secure Web Gateways 35:53 Architectural Vulnerabilities in Web Security 40:00 Challenges Faced by CISOs 41:43 Future Directions for Square X and Browser Security Resources Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠ ⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠ ⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠ ⁠⁠⁠https://www.instagram.com/getsquarex/ https://www.linkedin.com/in/david-malicoat-cissp/ https://www.theprofessionalciso.com/ https://www.linkedin.com/in/vivekramachandran/

Summary In this episode, Phillip Wylie engages with Robert Pace and Vivek Ramachandran to discuss the evolving landscape of cybersecurity, particularly focusing on browser security, fraud prevention in real estate, and the challenges posed by remote work and BYOD policies. They emphasize the importance of education, transparency, and innovative solutions in addressing security threats. The conversation also highlights the need for organizations to adapt to new technologies and approaches to effectively manage risks and protect their assets. Takeaways Education is crucial for residents to understand security risks. Risks and vulnerabilities are universal across industries. The browser has become the primary endpoint for security. Traditional security measures may not address modern threats. BYOD policies need to be flexible and secure. Transparency in security solutions builds trust with users. Organizations must adapt to the evolving threat landscape. Effective communication with vendors is essential for security. Policy-based access control can streamline security processes. User-centric policies can enhance security without hindering productivity. Sound Bites "Risks do not discriminate." "The browser is the new endpoint." "We need to manage risk intelligently." Chapters 00:00 Introduction and Backgrounds 03:29 Cybersecurity Landscape and Education 06:45 Fraud Prevention in Real Estate 09:39 Transparency in Security Solutions 12:32 Understanding Industry-Specific Threats 15:41 The Role of EDR and Browser Security 18:33 BYOD and Remote Work Policies 27:19 Dynamic Policy Management in Cybersecurity 37:17 The Future of Browser Security 46:28 Innovations in Security Solutions for 2025 Resources Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠ ⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠ ⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠ ⁠⁠⁠https://www.instagram.com/getsquarex/ https://www.linkedin.com/in/robert-pace097/ https://www.linkedin.com/in/vivekramachandran/

Summary In this episode of the Phillip Wylie Show, Int Eighty from Dualcore shares insights into his journey in cybersecurity and music. He discusses the evolution of bug bounty programs, the importance of hands-on experience in cybersecurity education, and his personal hacker origin story. Int Eighty also delves into red teaming, physical pentesting, and career hacking strategies for aspiring professionals. He emphasizes the significance of leveraging AI in cybersecurity and shares his experiences as a musician in the hacking community. Takeaways Int Eighty has performed at various cybersecurity events, including Nolacon and Bugcrowd events. Bug bounty programs have evolved to provide opportunities for hackers globally. Hands-on experience is crucial in cybersecurity education, often lacking in traditional university settings. Int Eighty's hacker origin story began with creative problem-solving as a child. Red teaming involves finding vulnerabilities without causing actual damage to the business. Physical pentesting can be approached creatively, often involving social engineering. Building a portfolio through free projects is essential for career advancement in cybersecurity. Avoiding burnout involves optimizing work schedules and understanding personal productivity patterns. AI can be leveraged to enhance productivity and efficiency in cybersecurity tasks. Dualcore combines Int Eighty's passion for hacking with his love for music, creating a unique niche. Sound Bites "I prefer to sit at home." "I just like computers." "Hack all the things." Chapters 00:00 Introduction to Dualcore and Live Performances 03:44 The Evolution of Bug Bounty Programs 06:20 The Role of Education in Cybersecurity 09:38 Hacker Origin Stories 12:22 Red Teaming and Offensive Security 15:39 Physical Pen Testing Experiences 24:32 The Art of Red Teaming 28:25 Career Hacking: Getting Your Foot in the Door 32:18 Optimizing Work and Avoiding Burnout 36:23 Leveraging AI in Red Teaming 41:26 The Intersection of Hacking and Music Resources https://x.com/int0x80 https://t.co/myhSQyweOp https://github.com/int0x80 https://inteighty.bandcamp.com/album/loyalty-2

Summary In this episode of the Phillip Wylie Show, host Phillip Wylie welcomes Lauren Lynch, a marketing professional and podcast producer, to discuss her journey into the world of marketing and podcasting. They explore the evolution of podcasting, the importance of video content, and the growth of HOU.SEC.CON, a cybersecurity conference that emphasizes community engagement and accessibility. Lauren shares insights on how to get started in podcasting and content creation, highlighting the low-cost opportunities available for aspiring creators. The conversation also touches on the significance of quality content in conferences and the collaborative efforts behind HOU.SEC.CON's success. Takeaways Lauren Lynch shares her unexpected journey into marketing. Podcasting is a low-cost way to disseminate information. The importance of video content in modern podcasting. Community engagement is key to successful conferences. Quality content is essential for attracting attendees. HOU.SEC.CON has seen significant growth in attendance. Accessibility in conferences helps include more participants. Aspiring podcasters should leverage free resources to learn. Networking and community involvement can lead to job opportunities. The balance between vendor sponsorship and quality content is crucial. Sound Bites "I think we've seen that over and over again." "We grew our audience by 46% in that first year." "We blew past that really quick." Chapters 00:00 Introduction to the Podcast and Guest 06:32 The Evolution of Podcasting and Content Creation 14:32 Getting Started in Content Creation and Marketing 25:03 Accessibility and Community Engagement in Conferences Resources https://www.linkedin.com/in/laurenandruslynch/ https://www.linkedin.com/company/houseccon/ http://houstonseccon.org/

Summary In this episode of the Philip Wylie Show, host Phillip Wylie interviews cybersecurity expert John Hammond. They discuss John's journey into hacking, the importance of Capture the Flag competitions, and the value of training and certifications in cybersecurity. John shares insights about his new educational platform, Just Hacking Training, and emphasizes the role of content creation in advancing one's career in the cybersecurity field. The conversation highlights the collaborative nature of cybersecurity education and encourages listeners to share their knowledge and experiences. Takeaways John Hammond's journey into cybersecurity began with a passion for video games and hacking. Capture the Flag competitions provide valuable skills that are applicable in real-world scenarios. Training resources for penetration testing are abundant and accessible online. Just Hacking Training aims to provide free and affordable cybersecurity education. Collaboration with other experts enhances the quality of educational content. Certifications can help beginners get their foot in the door in cybersecurity. The OSCP certification is highly regarded in the penetration testing community. Content creation can significantly impact career opportunities in cybersecurity. Sharing knowledge and experiences is crucial for community growth in cybersecurity. Continuous learning and adaptation are essential in the ever-evolving field of cybersecurity. Sound Bites "CTF is more difficult than real world." "Building up free accessible training." "It's a buffet assortment of training." Chapters 00:00 Introduction to John Hammond 01:36 John's Hacker Origin Story 04:07 The Value of Capture the Flag Competitions 07:08 Training for Aspiring Penetration Testers 09:11 Introducing Just Hacking Training 10:57 Collaborators in Cybersecurity Education 13:24 The Role of Certifications in Cybersecurity 16:55 Navigating Penetration Testing Certifications 19:14 The Impact of Content Creation on Career Growth 23:23 Encouragement for Aspiring Cybersecurity Professionals Resources https://www.linkedin.com/in/johnhammond010/ https://www.youtube.com/@_JohnHammond https://x.com/_JohnHammond https://www.justhacking.com/

Summary In this episode of the Phillip Wylie Show, Jayson E. Street shares his journey from a troubled childhood to becoming a prominent figure in the cybersecurity community. He discusses the importance of understanding the hacker mindset, the value of starting in blue team roles before transitioning to red team positions, and the significance of empathy and kindness in both personal and professional interactions. Through engaging stories and valuable insights, Jayson emphasizes the need for effective communication in security roles and the importance of fostering a supportive community. Takeaways Jayson E. Street emphasizes that everyone has a hacker origin story. Starting in blue team roles provides a solid foundation for cybersecurity careers. Effective communication is crucial for red teamers to convey findings to management. Success in security is measured by the impact on client awareness and behavior. Empathy and kindness are essential in navigating personal and professional relationships. The hacker mindset is about questioning and challenging the status quo. Networking and community support are vital in the cybersecurity field. Red teaming should focus on improving blue team defenses, not just breaking in. Personal growth often comes from overcoming past traumas and making conscious choices. It's important to remain humble and recognize that everyone has valuable insights to share. Sound Bites "You're one of my inspirations." "I was able to destroy them." "It's always time to be kind." Chapters 00:00 Introduction and Inspiration 03:18 The Hacker Origin Story 07:40 Starting in Cybersecurity: Blue Team First 13:03 Engaging Stories from the Field 21:58 The Importance of Communication in Security 25:26 Active Intrusions and Real-World Experiences 26:19 The Art of Social Engineering 30:56 The Hacker's Humility 36:05 From Rage to Empathy 41:02 Choosing Kindness Over Anger Resources https://www.linkedin.com/in/jstreet/ https://x.com/jaysonstreet https://jaysonestreet.com/

About the Guest: Rob Allen is a seasoned cybersecurity expert currently working as the Chief Product Officer at ThreatLocker. With over 25 years of experience in the IT industry, Rob has a rich background in managing IT environments, having spent nearly two decades at an MSP (Managed Service Provider) in Ireland. He transitioned from cleaning up ransomware attacks to helping organizations actively prevent them through Threat Locker's innovative cybersecurity solutions. Rob is known for his in-depth understanding of evolving cyber threats and promoting effective preventive measures against them. Episode Summary: In this engaging episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Rob Allen from Threat Locker. Together, they delve into the intricacies of modern cybersecurity threats, focusing on Threat Locker's innovative approaches to tackling ransomware and other malicious attacks. Listeners get a unique insight into the Threat Locker software, known for its preventive rather than reactive approach to cybersecurity, which includes features like default deny policies, ring fencing, and network control. Rob Allen unveils how the default deny approach helps mitigate cyber threats, including ransomware and living-off-the-land binaries, by blocking unauthorized actions before they happen. He emphasizes the need for robust security measures to limit what applications and scripts like PowerShell can do, thus preventing these tools from being weaponized by cybercriminals. Besides discussing practical security steps, Rob highlights how Threat Locker addresses the ever-evolving threat landscape using its innovative network control and threat detection capabilities. This conversation is packed with insights into how organizations can safeguard their IT environments in an era of increasingly complex cyber threats. Key Takeaways: * Default Deny Approach: Rob highlights the efficiency of Threat Locker's default deny policy, preventing unauthorized programs from running by approving only necessary applications. * Living Off the Land Prevention: The discussion covers methods to control and restrict the use of common Windows utilities like PowerShell, preventing them from serving malicious purposes. * Network Control: Insights into handling remote encryption threats through a unique approach to network traffic control, ensuring only trusted devices can connect. * The Role of AI: A glimpse into how AI can be both a tool for cybersecurity advancements and a potential threat when used by bad actors for phishing and malware development. * Zero Trust World Conference: Rob invites listeners to the Zero Trust World event focusing on hands-on cybersecurity training and knowledge exchange. Notable Quotes: * "100% of successful cyber attacks are not detected in time or at all." * "Prevent ransomware, lock it by default." * "AI is just as likely to be used against you as it is to protect you." * "The fact of the matter is, if nobody ever paid, there would be no such thing as ransomware." * "You cannot trust a ransomware gang." Resources: * Threat Locker Website: https://www.threatlocker.com * ThreatLocker LinkedIn: https://www.linkedin.com/company/threatlockerinc/ * Zero Trust World Event: Explore more at ZTW.com * Zero Trust World $200 off discount code: ZTWPW25 * ThreatLocker YouTube: https://www.youtube.com/@ThreatLocker * Rob's LinkedIn: https://www.linkedin.com/in/threatlockerrob/ Chapters 00:00 Introduction to ThreatLocker and Rob Allen 03:30 Rob Allen's Hacker Origin Story 06:23 Understanding ThreatLocker’s Approach to Cybersecurity 12:29 Living Off the Land: A Cybersecurity Challenge 16:39 Macro Vulnerabilities in Office Applications 19:20 Ransomware Prevention Strategies 23:40 The Importance of Network Control 31:55 AI in Cybersecurity: A Double-Edged Sword 37:37 Zero Trust World Conference Overview 39:56 Closing Thoughts and Resources 42:02 Zero Trust World discount code

Summary   In this episode of the Phillip Wylie Show, Sean Metcalf, an expert in Active Directory security, discusses his journey into cybersecurity, the evolution of Active Directory and Azure AD, and the common mistakes organizations make in cloud security. He emphasizes the importance of security assessments over penetration testing and shares insights into Trimarc's unique approach to security assessments. Sean also highlights the significance of scripting in security roles and discusses the future of Active Directory in hybrid environments. The episode concludes with information about Trimarc's new product, Trimarc Vision, aimed at enhancing Active Directory security.   Takeaways   Sean Metcalf has assessed environments with up to 960,000 users. Active Directory security is often overlooked in organizations. Many organizations are making the same security mistakes in the cloud as they did on-premises. Security assessments are crucial for identifying potential vulnerabilities. Trimarc uses proprietary tools for in-depth security assessments. Scripting knowledge, especially in PowerShell, is beneficial for security professionals. Active Directory is not going away anytime soon due to legacy applications. Organizations should conduct security assessments every couple of years. Trimarc's assessments provide actionable insights for improving security. The new Trimarc Vision product aims to enhance Active Directory security monitoring.   Sound Bites   "It's been quite a year." "I saw something change in the URL." "We're the identity experts."   Chapters   00:00 Introduction to Active Directory Security 03:33 Sean Metcalf's Hacker Origin Story 06:20 The Evolution of Active Directory and Azure AD 09:31 The Importance of Specialization in Cybersecurity 12:30 Active Directory Security Challenges 15:39 The Role of Security Assessments 18:26 Comparing Trimarc and Bloodhound 20:56 Understanding Active Directory Security Assessments 22:35 Getting Started in Active Directory Security 25:30 The Importance of Scripting in Security 34:43 The Hybrid Environment: On-Prem vs Cloud 37:23 Trimarc's Unique Services and Assessments 40:17 Frequency of Active Directory Assessments 42:21 Introducing Trimarc Vision   Resources https://www.linkedin.com/in/seanmmetcalf/ https://x.com/PyroTek3 https://www.linkedin.com/company/trimarcsecurity/ https://x.com/TrimarcSecurity https://www.trimarcsecurity.com/ https://adsecurity.org/    

Summary    In this episode of the Phillip Wylie Show, Mishaal Khan shares his journey from a curious child assembling computers to becoming an expert in OSINT and pen testing. He discusses the importance of OSINT in various fields, the transition to consulting and virtual CISO roles, and offers valuable advice for aspiring CISOs. Mishaal also highlights the impact of AI on cybersecurity and emphasizes the importance of passion over monetary gain in one's career.    Takeaways    Mishaal's journey began with a curiosity about computers and programming.  OSINT can be applied in various fields beyond cybersecurity.  Practical experience is crucial for learning OSINT techniques.  Social engineering is a key component of successful pen testing.  Free tools can be just as effective as paid ones in OSINT.  Transitioning to a consulting role requires a blend of technical and managerial skills.  Understanding risk is essential for aspiring CISOs.  Training should focus on practical applications and real-world scenarios.  AI can enhance productivity but is not a replacement for human skills.  Pursuing passion in your career leads to greater satisfaction and success.    Sound Bites    "Do OSINT on yourself first."  "I can do it in an hour if you allow me."  "AI is not going to take over the world."      Chapters    00:00 Introduction to Mishaal Khan  04:43 Mishaal's Hacker Origin Story  06:34 Getting Started in OSINT  11:33 The Role of OSINT in Pen Testing  18:49 Transitioning to Consulting and Virtual CISO  26:43 Advice for Aspiring CISOs  33:00 Training and Educational Initiatives  36:02 The Impact of AI on Cybersecurity  40:32 Final Thoughts and Advice    Resources  https://www.mishaalkhan.com  https://www.linkedin.com/in/mish-aal/  https://x.com/mish3alkhan   

Summary  In this episode, Phillip Wylie interviews Wirefall, a veteran in the pen testing industry, discussing his journey from a curious child to a seasoned professional. They explore the evolution of pen testing tools, the impact of compliance on testing practices, and the importance of community engagement in cybersecurity. Wirefall shares insights on starting a career in pen testing, the significance of the Dallas Hackers Association, and how improv has transformed his approach to public speaking and adaptability in the field. The conversation emphasizes the need for trust, communication, and a supportive community in the cybersecurity landscape.   Takeaways  We are all born hackers, driven by curiosity. The evolution of tools has made pen testing both easier and more complex. Compliance often leads to unrealistic pen testing scopes. Trust is essential when engaging penetration testers.   Networking is crucial for career advancement in cybersecurity. The Dallas Hackers Association fosters community and learning. Improv can enhance adaptability and public speaking skills. Community engagement is vital for personal and professional growth. Ransomware has shifted the focus back to full-scope testing. Be excellent to each other to maintain a positive community.   Sound Bites  "We are all born hackers."  "DHA is a cyber circus." "It's a journey."   Chapters 00:00 Introduction to Wirefall and Pen Testing Journey 02:10 The Hacker Origin Story 08:34 First Paid Pen Testing Job 11:05 Evolution of Pen Testing Tools 15:31 Compliance and Its Impact on Pen Testing 20:44 Advice for Engaging Pen Testers 25:02 Starting a Career in Pen Testing 27:43 The Dallas Hackers Association 41:30 The Power of Improv in Hacking 52:37 Community and Conduct in Cybersecurity Resources

Summary   In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Alyse Zavala, a cybersecurity professional and rock band vocalist. They discuss the importance of having hobbies outside of work, Alyse's journey from IT to offensive security, and her experiences in the music industry. Alyse shares valuable advice for aspiring penetration testers, insights into exploit development, and the challenges of balancing her dual careers. The conversation also touches on work-life balance, burnout prevention, and upcoming projects in both cybersecurity and music.   Takeaways   It's important to have interests outside of cybersecurity.  Alyse's journey began in IT and evolved into offensive security.     Hands-on experience is crucial for aspiring penetration testers. Certifications like OSCP are more valuable than a degree. Alyse emphasizes the importance of scenario-based interview questions. She started a rock band to explore her passion for music. The band recorded with notable producers and gained significant views on their music video. Meditation has helped Alyse manage stress and improve focus. Balancing work and music is challenging but rewarding. Alyse is excited about upcoming projects in both cybersecurity and music.   Sound Bites    "It's important to disconnect for a bit."  "I started specializing in malware extraction."  "I convinced them to let us start pen testing."   Chapters   00:00 Introduction and Connection 06:03 Alyse's Hacker Origin Story 12:54 Career Development and Opportunities 21:00 Advice for Aspiring Pen Testers 30:00 Balancing Music and Cybersecurity Career 40:24 Work-Life Balance and Burnout Management 48:14 Closing Thoughts and Future Plans   Resources https://x.com/Bellebytes https://lylvc.com/ https://linktr.ee/lylvc

Summary In this episode, Phillip Wylie interviews Marcus Carey, a prominent figure in the cybersecurity community. They discuss the importance of living in the moment, the power of positivity, and Marcus's journey from a young nerd to a successful hacker and entrepreneur. Marcus shares his experiences in the military and how they shaped his career in cybersecurity, emphasizing the significance of foundational skills and the role of automation and AI in the field. The conversation also touches on the Tribe of Hackers book series and the importance of mentorship and community in personal and professional growth. Takeaways Live in the moment and cherish experiences. Positivity can uplift others, even on bad days. Every experience has a purpose and can help others. Foundational skills are crucial for success in cybersecurity. Automation and scripting can enhance productivity. AI is a powerful tool for cybersecurity professionals. Mentorship and sharing knowledge are vital in the community. Pursue your passions to find your superpower. Everyone has a role in the cybersecurity community. Start where you are and pursue your goals relentlessly. Notable Quotes "You need to enjoy those times better." "Everything you learn is to help somebody else out." "Life is on purpose in everything that you experience." Chapters 00:00 Living in the Moment and Embracing Positivity 06:34 Hacker Origin Stories and the Value of Learning 11:09 The Power of Automation in Cybersecurity 19:22 Exploring the Potential of AI and Blockchain 23:19 Starting with the Basics and Finding Passion in Coding 27:39 The Importance of Troubleshooting in IT and Cybersecurity 34:21 The Future of AI in Cybersecurity 36:05 The Role of Humans in AI-Driven Cybersecurity 45:51 Empowering the Cybersecurity Community through Tribe of Hackers 54:04 Being a Blessing and Sharing Knowledge in Cybersecurity 01:00:35 Pursuing Your Passions and Finding Fulfillment in Cybersecurity Resources https://www.linkedin.com/in/marcuscarey/ https://x.com/marcusjcarey lWHcfYxqt8HRcXC1NwV6

About The Guest: Trey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Summary: In this episode of the Phillip Wylie Show, Trey Bilbrey shares his unique journey into cybersecurity, highlighting the importance of foundational knowledge and diverse experiences. He discusses the transition from red teaming to purple teaming, emphasizing the benefits of collaboration and community in the field. Trey also offers valuable advice for newcomers, stressing the need to understand the ecosystem before diving into offensive security. The conversation concludes with a call to build connections within the cybersecurity community to enhance collective defense against threats. Key Takeaways: * **Start with a Strong IT Foundation**: Trey emphasizes the importance of gaining experience in IT roles, such as help desk or systems administration, to build a solid understanding before focusing on offensive security. * **Embrace Purple Teaming**: The integration of red and blue team methodologies can significantly enhance an organization's security posture through real-time collaboration and feedback. * **Community and Collaboration**: Building trust and sharing insights within and between organizations can raise security standards and prevent breach incidents through collective defense strategies. * **Navigating Career Waves**: Opportunities often arise unexpectedly; being open to change and ready to evolve is key to a successful career in cybersecurity. * **Value of Threat Informed Defense**: Understanding your infrastructure and potential threats is crucial for implementing effective security measures and focusing your resources where they matter most. Notable Quotes: 1. "It's okay to not know your path right now. Dive in, do something new\...it's going to make you better for it." 2. "If we could bring all of that stuff together, that's really what makes an awesome purple team engagement." 3. "Community—we're all in this together. These threats are working as teams, they're crews, they're all talking, they're all communicating. Why aren't we doing the same?" 4. "If you understand how the ecosystem works...it's going to make you so much better." 5. "We need to engage our local communities...we've got to talk. We got to work together." Resources: https://www.linkedin.com/in/georgebilbrey/ Chapters 00:00 Introduction and Hacker Origin Story 08:38 Exploring Different Areas of Cybersecurity 12:48 The Importance of Hands-On Experience 18:28 Transitioning to Purple Teaming 25:06 Planning and Executing Purple Team Operations 31:04 The Role of Cyber Threat Intelligence 37:41 Building Community and Collaboration

About the Guests: Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg's background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John's journey began with a passion for hacking at 17, which led to a diverse career across IT roles, eventually specializing in penetration testing and red teaming for global companies. Together, they offer unique services aimed at elevating cybersecurity standards through White Knight Labs. Episode Summary: Dive into an engaging conversation on The Phillip Wylie Show featuring Greg Hatcher and John Stigerwalt from White Knight Labs. In this episode, the duo returns to discuss their explosive growth in the cybersecurity space, emphasizing their dedication to providing top-tier penetration testing services and innovative training programs. Greg and John highlight their focus on delivering comprehensive security testing, not just ticking compliance boxes but aiming to identify potential threats that could cripple a business financially. As they delve into their services, Greg and John emphasize their approach to cybersecurity assessments, distinguishing themselves by employing senior engineers for direct, high-impact testing rather than a flat-rate service model. They discuss their various training programs, including offensive development and red teaming operations courses, all tailored to stay hyper-current and relevant in the fast-evolving cybersecurity landscape. The conversation also navigates through intriguing war stories from their physical penetration testing engagements, offering listeners a peek into the challenges and excitement of real-world security assessments. Key Takeaways: Comprehensive Cybersecurity Services: White Knight Labs focuses on delivering more than just compliance-driven testing, aiming for substantial security insights to protect businesses. Advanced Training Programs: The company offers courses on advanced red teaming, Azure penetration testing, and entry-level certifications, ensuring students gain hands-on, up-to-date skills in cybersecurity. Skillbridge Program: Engaging with transitioning military personnel, White Knight Labs offers internships and training, providing valuable career opportunities in cybersecurity. Utilizing AI in Cybersecurity: Greg and John discuss leveraging AI tools to streamline coding and development processes, increasing efficiency in their operations. Real-world Penetration Testing Stories: Sharing intriguing insights, the duo discusses the complexity and adventure involved in physical penetration testing operations. Key Takeaways: "Our engineers at WKL will get the domain admin typically in the first hour or two… We're going after the crown jewels." - Greg Hatcher "We’re not just giving TLS Cert issues. We’re top of the line, going for the RC, the big level bugs." - John Stigerwalt "We're participating in the Skillbridge program… It's our way of getting back to the community as well." - Greg Hatcher "If I could cut off the database… that business is gonna shut doors." - John Stigerwalt "The OSCP made my career, but it wasn't that relevant for what I was doing as a full-time penetration tester." - John Stigerwalt Chapters 00:00 Introduction to White Knight Labs 02:03 The Growth of White Knight Labs 05:20 SkillBridge Program and Community Support 06:37 Differentiating Factors in Pen Testing Services 11:26 Compliance vs. Security in Pen Testing 15:19 The Impact of Breaches on Security Budgets 16:28 Training Programs and Course Offerings 30:36 Leveraging AI in Offensive Security 34:37 War Stories from the Field 56:18 Upcoming Events and Closing Remarks 57:52 Phillip Wylie Show Outro Video.mp4 Resources: White Knight Labs Website: White Knight Labs Greg Hatcher's LinkedIn: Greg Hatcher John Stigerwalt's LinkedIn: John Stigerwalt White Knight Labs: **Navigating Advanced Red Team Operations (previous episode) **https://phillipwylieshow.com/episode/white-knight-security-navigating-advanced-red-team-operations

Summary In this conversation, Ryan Feder and Phillip Wylie explore the themes of resilience, innovation, and personal growth. They discuss how challenges can be transformed into opportunities and the importance of maintaining a positive mindset in the face of adversity. The dialogue emphasizes the power of innovative thinking and the necessity of embracing change as a pathway to success. Takeaways Turning challenges into opportunities is key to success. Resilience allows us to navigate through tough times. Innovative thinking can lead to transformative solutions. Growth often comes from overcoming significant challenges. Embracing change is essential for personal development. A positive mindset can alter our perception of adversity. Learning from failures can pave the way for future success. Collaboration can enhance innovative ideas and solutions. Personal growth is a continuous journey, not a destination. Adapting to change can unlock new possibilities. Sound Bites "You took a bad situation and made it good." "The power of resilience is incredible." "Innovative thinking can change everything." Chapters 00:00 Meeting at Defcon 06:30 Finding Passion in the Cybersecurity Industry 12:50 Transitioning to Offensive Security 15:56 The Importance of Networking 18:46 The Supportive Cybersecurity Community 19:30 The Importance of Physical Security 24:34 Admitting Ignorance and Seeking Help 34:54 Networking and Continuous Learning 40:00 Understanding Technology for Effective Pen Testing Resources https://www.linkedin.com/in/ryan-feder-sscp/ https://x.com/Ano1X8

Takeaways   ·      Snehal Antani emphasizes the importance of product obsession in leadership. ·      The transition from a bull market to a bear market requires quick strategic shifts. ·      A strong technical foundation is crucial for success in offensive security roles. ·      Certifications signal a commitment to self-improvement but are not the sole indicator of skill. ·      Bootcamps can provide a pathway into cybersecurity but require ongoing learning to retain skills. ·      Autonomous pen testing offers a consistent and comprehensive approach to security assessments. ·      The integration of offensive and defensive security communities is essential for overall effectiveness. ·      Understanding the threat actor perspective is vital for effective cybersecurity strategies. ·      Horizon 3 aims to leverage data advantage to enhance its product offerings. ·      The future of cybersecurity will involve algorithms fighting algorithms with human oversight. Sound Bites   ·      "Pen testing can be automated that much." ·      "I am obsessed with the product." ·      "I took a 99% pay cut to serve."   Chapters   00:00 Introduction to Horizon 3 and Snehal Antani 03:26 Leadership and Company Culture at Horizon 3 06:30 Snehal's Hacker Origin Story 10:37 Transition from Corporate America to JSOC 13:45 Building Horizon 3's Culture and Team 16:28 The Unique Approach of Horizon 3 20:24 The Evolution of Pen Testing 24:34 The Role of Humans in Pen Testing 28:41 The Shift in Cybersecurity Mindset 32:31 Certifications and Bootcamps in Cybersecurity 36:26 The Future of Cybersecurity and Co-Pilots 40:21 The Importance of Data in Cybersecurity 44:22 The Impact of Autonomous Pen Testing 48:22 Conclusion and Future Outlook 58:33 Phillip Wylie Show Outro Video.mp4   Resources https://www.linkedin.com/in/snehalantani/ https://x.com/snehalantani https://www.horizon3.ai/ https://www.linkedin.com/company/horizon3ai/

Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Christophe Foulon, a cybersecurity expert and podcaster, about his journey into the cybersecurity field, the importance of self-discovery for aspiring professionals, and the evolving landscape of hiring practices in the industry. They discuss the significance of certifications, the need for internal talent development, and the value of community involvement in cybersecurity education. Christophe shares practical advice for job seekers, emphasizing the importance of networking and curiosity in building a successful career in cybersecurity. Takeaways Christophe's journey into cybersecurity began at a young age. Self-discovery is crucial for those entering the cybersecurity field. Certifications are often necessary, especially for government roles. Hiring practices are evolving, with less emphasis on traditional degrees. Internal training and development can help fill cybersecurity roles. Apprenticeships can provide valuable hands-on experience. Community involvement is essential for building a skilled workforce. Networking is key to finding job opportunities in cybersecurity. Curiosity and continuous learning are vital for success in cybersecurity. Understanding the job market and roles can prevent burnout. Sound Bites "I was just hooked." "It all starts on the foundation of self-discovery." "You need to be eternally curious." Chapters 00:00 Introduction and Background 06:46 Recommendations for Breaking Into Cybersecurity 10:54 The Role of Certifications in Cybersecurity 16:08 Creating Career Paths and Apprenticeships in Cybersecurity 25:02 The Value of Networking and Building Relationships in Job Hunting 29:40 Staying Informed: Researching Industry Trends in Cybersecurity 32:14 Closing Remarks 32:39 Phillip Wylie Show Outro Video.mp4 Resources https://www.linkedin.com/in/christophefoulon/ https://x.com/chris_foulon