Phillip Wylie Show

In this video, I discuss the hands-on hacking labs from ThreatLocker' Zero Trust World 25.

SummaryIn this episode of the Phillip Wylie Show, Naveen Sunkavally shares his unique journey from software engineering to offensive security. He discusses his experiences at Horizon3.ai, the importance of coding in cybersecurity, and the evolving role of automation and AI in pen testing. Naveen emphasizes the need for a solid foundation in IT and development for those looking to break into cybersecurity, and he provides insights into vulnerability research and the future of the industry.Takeaways• Naveen's journey from software engineering to offensive security is inspiring.• Understanding both offensive and defensive security is crucial.• Automation is becoming increasingly important in pen testing.• A solid coding background is essential for success in cybersecurity.• Vulnerability research can lead to impactful discoveries.• AI tools are changing the landscape of software development and security.• The disconnect between offensive and defensive security needs to be addressed.• Continuous learning and adaptation are key in cybersecurity.• Naveen encourages exploring lesser-known applications for vulnerabilities.• The future of cybersecurity is promising with emerging trends. Sound Bites• "I got my OSCP and it was a lot of grinding."• "AI tools are great for senior coders."• "The future is bright in cybersecurity."Chapters00:00 Introduction to Naveen Sunkavally's Journey01:35 Naveen's Hacker Origin Story09:30 Transitioning to Offensive Security17:50 The Role of Automation in Pen Testing23:24 Vulnerability Research Insights27:59 The Future of Cybersecurity and AIResourceshttps://www.linkedin.com/in/naveensunkavally/https://www.linkedin.com/company/horizon3ai/https://www.horizon3.ai/

Last week, I had a great time at  ThreatLocker 's Zero Trust World 25. In this video, I share my experience attending the event.

SummaryIn this episode of the Philip Wylie Show, host Phillip Wylie interviews Nicholas DiCola from Zero Networks, exploring his background in cybersecurity, the importance of foundational IT skills, and the innovative solutions offered by Zero Networks in the realm of micro-segmentation and zero trust networks. The conversation delves into the challenges of traditional security measures, the efficiency of Zero Networks' approach, and valuable career advice for those looking to enter the cybersecurity field.Takeaways• Nicholas DiCola emphasizes the importance of foundational IT skills for a successful career in cybersecurity.• Micro-segmentation is a critical component of a zero trust security model.• Zero Networks automates the micro-segmentation process, saving significant time for organizations.• Many micro-segmentation projects fail to complete within the tenure of a CISO due to complexity.• Certifications can validate basic skills and show initiative in the cybersecurity field.• Hands-on experience through internships is crucial for aspiring cybersecurity professionals.• Understanding the entire network stack is essential for effective security practices.• Zero Networks' solutions are scalable for organizations of all sizes.• The simplicity of Zero Networks' product allows for easy management and implementation.• Exploring different areas within cybersecurity can help individuals find their true interests. Sound Bites• "I think it's really good that people explore other areas."• "We save them a ton of time."• "Most micro-segmentation projects outlive the tenure of the CISO."• "Micro-segmentation is at the end of the journey."• "It's not your legacy micro-segmentation that you think of."• "I always love to share and talk to people about what I've done."Chapters00:00 Introduction to Nicholas DiCola and Zero Trust Networks02:20 Nicholas DiCola's Background and Career Journey06:06 The Importance of Foundational IT Skills10:25 Navigating Certifications and Career Paths in Cybersecurity12:40 Understanding the Role of Micro-Segmentation19:44 Zero Networks: Solutions and Innovations23:19 Time Savings and Efficiency with Zero Networks28:03 Final Thoughts on Micro-Segmentation and Security PostureResourceshttps://www.linkedin.com/in/ndicola/https://www.linkedin.com/company/zeronetworks/90% of security pros say Zero Trust is critical, yet only 5% use microsegmentation. Why? Network segmentation project are notoriously complex, expensive, with extensive downtime. No longer! Zero Networks makes it easy—fast deployment, no manual work, no headaches.Get the report: https://zeronetworks.com/resource-center/white-papers/network-segmentation-zero-trust-architectures-survey-of-it-security-professionals?utm_medium=social&utm_source=linkedin&utm_campaign=pwpodcast&utm_content=vibresearch&cid=701Uc00000SpVUhIAN

SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie speaks with cybersecurity expert Lesley Carhart about her journey into the field, the importance of community and mentorship, and the unique challenges of working in industrial control systems (ICS) forensics. Leslie shares her hacker origin story, discusses the complexities of ICS security, and recounts a fascinating case study involving a mysterious incident at a power plant. The conversation emphasizes the need for diversity in tech and the vital role of community support in navigating cybersecurity careers.Takeaways• Lesley Carhart's journey into cybersecurity began at a young age with a passion for computers.• The importance of mentorship in the cybersecurity community cannot be overstated.• Industrial Control Systems (ICS) present unique challenges in cybersecurity due to their critical nature.• Understanding processes is key to succeeding in ICS cybersecurity.• Diversity in the tech field has improved over the years, allowing for more varied backgrounds in cybersecurity.• Real-world investigations in ICS can lead to unexpected and humorous outcomes, like the moth story.• Community involvement is crucial for career advancement in cybersecurity.• Self-study and networking are essential for breaking into the cybersecurity field.• The job market for junior cybersecurity professionals is competitive, making community connections vital.• Lesley encourages senior professionals to mentor newcomers to the field. Sound Bites• "I hope we don't end up back there."• "It's been a grand adventure."• "Mentorship can be so, so valuable."Chapters00:00 Introduction to Cybersecurity Community Connections01:43 Lesley Carhart's Hacker Origin Story06:57 Diving into ICS and OT Forensics09:47 Challenges in Industrial Cybersecurity Training13:25 The Complexity of Digital Forensics in ICS15:45 The Moth Story: A Case Study in ICS25:34 The Importance of Community in Cybersecurity30:37 Closing Thoughts and Social Media ConnectionsResourceshttps://www.linkedin.com/in/lcarhart/https://bsky.app/profile/hacks4pancakes.comhttps://infosec.exchange/@hacks4pancakes

SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Eva Benn, a leader in the cybersecurity field. Eva shares her inspiring journey from a disadvantaged background in Bulgaria to leading the Microsoft Red Team. She discusses the importance of resilience, the role of gaming in developing cybersecurity skills, and offers valuable advice for aspiring professionals in the field. The conversation also covers personal branding, networking authentically, and the significance of continuous learning and growth in one's career.Takeaways• Eva Benn's journey from Bulgaria to leading the Microsoft Red Team is inspiring.• Resilience and determination are key to overcoming challenges.• Gaming can develop strategic thinking skills beneficial for cybersecurity.• Participating in CTFs is crucial for building skills and credibility.• Networking should be genuine and not forced.• Personal branding involves sharing valuable insights and experiences.• Continuous learning is essential in the ever-evolving field of cybersecurity.• Diverse backgrounds can provide unique advantages in cybersecurity roles.• It's important to understand the entire cybersecurity landscape before specializing.• Building meaningful connections takes time and authenticity. Sound Bites• "You have to do what you need to do."• "Be genuine, take it slow."• "You have what it takes."Chapters00:00 Introduction and Background01:12 Eva's Hacker Origin Story04:50 Overcoming Challenges and Embracing Opportunities10:19 The Importance of Hands-On Experience14:05 Advice for Aspiring Pen Testers17:22 Tips for Job Seekers in Cybersecurity21:57 Building a Personal Brand24:51 Networking Naturally30:01 Final Words of WisdomResourceshttps://www.linkedin.com/in/evabenn/https://www.evabenn.com/

SummaryIn this episode of the Phillip Wylie Show, host Phillip Wylie interviews Ben Sadeghipour, known as NahamSec, a prominent figure in the bug bounty community. They discuss NahamSec's journey into hacking, his achievements in bug bounties, and the importance of personal branding and content creation in the cybersecurity field. NahamSec shares insights on transitioning from part-time to full-time bug bounty hunting, the role of automation and AI in the industry, and offers advice for newcomers looking to break into bug bounties. The conversation emphasizes the value of creativity, curiosity, and continuous learning in becoming a successful hacker.Takeaways• NahamSec's journey into hacking began unintentionally as a child.• He achieved the milestone of earning over a million dollars in bug bounties.• Transitioning from part-time to full-time bug bounty hunting requires dedication and understanding of the ecosystem.• Diverse ventures in cybersecurity can enhance skills and knowledge.• Understanding web applications is crucial for bug bounty hunters.• Automation should come after mastering manual exploitation techniques.• AI tools can assist in bug bounty hunting but should not replace manual skills.• Personal branding is essential for career growth in cybersecurity.• Content creation can take many forms, including writing and blogging.• Continuous learning is vital in the ever-evolving field of cybersecurity.Sound Bites• "I have a company called Hacking Hub."• "You need to understand how web apps work."• "Writing is content creation."Resourceshttps://x.com/NahamSechttps://www.linkedin.com/in/nahamsec/https://www.instagram.com/nahamsechttps://www.nahamsec.com/https://www.youtube.com/nahamsecHands-On Web Exploitation Course (NahamSec's Bug Bounty Course)https://app.hackinghub.io/hubs/nahamsec-bug-bounty-course?v=nahamsecdotcom&_trk=09934e30d001cfb67886dca52660e548

Summary In this episode of the Phillip Wylie Show, Phillip Wylie interviews Fletus Poston, discussing his journey in cybersecurity, the evolution of email security, and the shift to cloud technology. Fletus shares valuable advice for those looking to break into the field, emphasizing the importance of networking, mentorship, and soft skills. He also provides insights from his experience as a hiring manager, discusses career paths in cybersecurity, and highlights the significance of work-life balance. The conversation concludes with Fletus encouraging listeners to engage with their community and prioritize their well-being. Takeaways • Networking and mentorship are crucial for career growth. • Soft skills are as important as technical skills in cybersecurity. • Your resume should highlight your most relevant experiences at the top. • Participating in community events can lead to job opportunities. • It's okay to transition out of cybersecurity if it's not fulfilling. • Understanding the evolution of technology is key to staying relevant. • Cloud technology has transformed disaster recovery and business continuity. • Engaging with peers can provide valuable insights and support. • Career paths in cybersecurity can vary widely; explore different roles. • Work-life balance is essential for long-term success and happiness. Sound Bites • "It's okay to try this field and not stay." • "You can transition out of the field." • "Are you regretting Monday morning?" Chapters 00:00 Introduction and New Year Reflections 04:51 The Shift to Cloud Solutions 12:02 Networking and Online Platforms 20:13 The Importance of Soft Skills 29:57 Maintaining Work-Life Balance Resources https://www.linkedin.com/in/fletusposton/ https://x.com/fletusposton

Summary In this episode of the Phillip Wylie Show, Marina Ciavatta shares her unique journey into the world of physical pen testing and social engineering. From her origins in journalism to her current role as a red teamer, Marina discusses the challenges and experiences she has faced in the field. She shares thrilling stories of her pen tests, including moments of fear and unexpected encounters, while also emphasizing the importance of training and awareness in cybersecurity. Marina provides insights for those looking to enter the field, highlighting the blend of creativity and strategy required for successful penetration testing. Takeaways • Marina's journey began with event organizing and content production in cybersecurity. • Physical pen testing requires a deep understanding of security protocols and ethical considerations. • Experience in event management can enhance skills in physical pen testing. • Being caught during a pen test can provide valuable insights into security effectiveness. • Security guards play a crucial role in preventing unauthorized access. • Creative approaches, such as using costumes, can aid in infiltration during pen tests. • Combining social engineering with physical pen testing can yield better results. • Training and awareness are essential for both red and blue teams in cybersecurity. • Practicing social engineering ethically can help develop skills without causing harm. • Marina emphasizes the importance of leaving positive feedback in security reports. Sound Bites • "I had to crawl a lot on the floor." • "Being caught is part of the job." • "I tend to collect my costumes as I go." Chapters 00:00 Introduction to Marina's Journey 06:53 Breaking into Cybersecurity: Tips for Newcomers 13:20 Getting Caught: Lessons from the Field 29:55 Combining Social Engineering with Physical Pen Testing 34:37 Training and Ethical Considerations in Social Engineering Resources https://www.linkedin.com/in/mciavatta/ https://x.com/MarinaCiavatta https://linktr.ee/marinaciavatta Phillip's New Free Penetration Testing Methodology Training on Just Hacking Training https://www.justhacking.com/uc/uc-penetration-testing-methodology/

Summary In this episode of the Phillip Wylie Show, Chris Wysopal, a renowned hacker and cybersecurity expert, shares his journey from his early days of hacking to founding Veracode. He discusses the evolution of hacking culture, the importance of hands-on experience in cybersecurity, and the challenges posed by generative AI in software development. Wysopal emphasizes the need for understanding coding and the risks associated with supply chain security in the ever-evolving landscape of cybersecurity. Takeaways • Chris Wysopal's journey into hacking began with a modem in college. • The hacker culture has evolved from building to breaking into systems. • Starting Veracode was driven by a passion for application security technology. • The CTO role is flexible and evolves with the company's needs. • Hands-on experience is crucial for aspiring cybersecurity professionals. • Understanding coding is beneficial, but not strictly necessary for cybersecurity roles. • Supply chain security is a growing concern in the cybersecurity landscape. • Generative AI is changing the way software is developed and tested. • Automated tools are essential for managing increased code vulnerabilities. • Security must be integrated seamlessly into the development process. Resources https://www.linkedin.com/in/wysopal/ https://x.com/WeldPond https://en.wikipedia.org/wiki/Chris_Wysopal https://www.linkedin.com/company/veracode/ Chapters 00:00 Introduction to Chris Wysopal 07:55 The Evolution of Hacking Culture 15:35 The Role of a CTO and Company Evolution 23:22 Advice for Aspiring Cybersecurity Professionals 29:47 Cybersecurity Risks in 2025 35:03 Generative AI and Its Impact on Security

Summary In this episode of the Phillip Wylie Show, Stök shares his journey from a technical background in infrastructure to becoming a successful bug bounty hunter and content creator. He emphasizes the importance of communication skills in the cybersecurity field, offers tips for aspiring content creators, and discusses the significance of building a personal brand. Stök also highlights the need for balance in life, the value of understanding target needs in bug bounty hunting, and the challenges of dealing with online criticism. Takeaways • Stök transitioned from infrastructure to web hacking. • Communication skills are crucial in bug bounty reporting. •Content creation can open many professional doors. • Being authentic helps in building a personal brand. • Understanding the target's needs is key in bug bounty. • Balancing hobbies with work is essential for mental health. • Starting with simple tools is enough for bug bounty beginners.• Automation should aid, not replace manual testing. • Building a personal brand requires consistency and authenticity. • Online criticism is common; focus on constructive feedback. Chapters 00:00 Introduction to Stök and His Journey 01:21 The Allure of Bug Bounty Hunting 06:15 Stök 's Technical Background and Transition to Web Hacking 08:32 The Path to Bug Bounty: A Personal Story 13:48 The Importance of Communication in Bug Bounty 16:57 Content Creation Tips and Building a Personal Brand 22:22 Dealing with Criticism and Haters 29:04 Building an Authentic Personal Brand 32:04 The Importance of Hobbies and Balance 35:39 Getting Started in Bug Bounty Hunting Resources https://www.linkedin.com/in/fredrikalexandersson/ https://x.com/stokfredrik https://www.stokfredrik.com/

Summary In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Han Kanthi, a seasoned entrepreneur and cybersecurity expert. They discuss Han's journey from the corporate world to starting his own company, the importance of data security, and how AI is transforming the cybersecurity landscape. Han shares insights on building a motivated team, the challenges of sales, and the significance of proactive data security measures in today's digital age. Takeaways Han Kanthi has over 25 years of corporate experience before starting his entrepreneurial journey. The adoption of AI has significantly revamped Han's platform. Networking and attending smaller conferences can yield better results than larger events. Proactive data security is crucial in preventing breaches. Han emphasizes the importance of a motivated and young team in a startup. Lessons from the corporate world are invaluable for entrepreneurs. Sales acumen can be developed through networking and experience. AI is being leveraged for anomaly detection in data security. The journey of entrepreneurship is challenging but rewarding. Data security is a critical aspect of cybersecurity that needs attention. Resources https://www.linkedin.com/in/kanthi/ https://www.linkedin.com/company/kdex-global/ https://www.linkedin.com/company/anciledspm/ http://www.ancile.ai http://www.kdexglobal.com/

Summary In this episode of the Phillip Wylie Show, Celina Stewart, Directory of Cyber Risk Management at Neuvik, discusses her journey in cybersecurity, focusing on the often-overlooked area of risk management. She emphasizes the importance of translating technical cybersecurity insights into business language, the need for diverse career paths in the field, and the value of education and certifications. The conversation also covers frameworks for effective risk management, the challenges faced in the industry, and the importance of communication between technical and non-technical teams. Takeaways Risk management is essential for understanding business impact. There is a significant divide between offensive security and risk management. Non-technical skills can be valuable in cybersecurity roles. Understanding risk can enhance communication with executives. Education and certifications are important for a career in risk management. Familiarity with NIST frameworks is crucial for risk management professionals. Risk quantification is a specialized skill that is in demand. Effective communication is key to translating technical findings for business leaders. Mindset shifts are necessary for executives to embrace risk management. There are numerous opportunities for diverse backgrounds in cybersecurity. Sound Bites "Risk management is crucial in cybersecurity." "Communication is key in risk management." "Mindset shifts are needed in risk management." Resources https://www.linkedin.com/in/celina-r-stewart/ https://neuvik.com/

Summary In this episode, Phillip Wylie engages with David Malicoat and Vivek Ramachandran to discuss the evolving role of the Chief Information Security Officer (CISO) in today's cybersecurity landscape. They explore the unique challenges faced by CISOs, particularly in the context of direct marketing and data protection, the impact of AI and automation on security practices, and the limitations of traditional security solutions. The conversation also delves into the future challenges for CISOs and the importance of adapting to new threats in an increasingly digital world. Takeaways David Malicoat emphasizes the importance of understanding threats in the context of specific tools. The browser is becoming a critical endpoint for security measures. CISOs need to identify and address vulnerabilities among users. AI and automation are essential for scaling security efforts. Traditional security solutions often fall short in addressing modern threats. The demand for effective cybersecurity solutions is continuously increasing. CISOs must prioritize application security (AppSec) in their strategies. There is a need for better visibility into user behavior and security risks. The uptake of SASE solutions has not met expectations in the industry. Future cybersecurity strategies must focus on browser security and threat detection. Sound Bites "The uptake on SASE just hasn't been there." "I need to understand how that threat looks." "We need to make AppSec a priority." Chapters 00:00 Introduction to the CISO Perspective 09:38 The Journey into Cybersecurity and Podcasting 13:52 Challenges in Direct Marketing and Data Protection 18:46 Addressing Browser-Based Vulnerabilities 22:09 Enhancing Security Awareness Training 23:13 AI and Automation in Cybersecurity 26:36 Navigating Risks with AI Tools 27:33 Browser DLP: A New Approach to Security 31:23 Limitations of Traditional Security Solutions 32:27 The Evolution of Secure Web Gateways 35:53 Architectural Vulnerabilities in Web Security 40:00 Challenges Faced by CISOs 41:43 Future Directions for Square X and Browser Security Resources Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠ ⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠ ⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠ ⁠⁠⁠https://www.instagram.com/getsquarex/ https://www.linkedin.com/in/david-malicoat-cissp/ https://www.theprofessionalciso.com/ https://www.linkedin.com/in/vivekramachandran/

Summary In this episode, Phillip Wylie engages with Robert Pace and Vivek Ramachandran to discuss the evolving landscape of cybersecurity, particularly focusing on browser security, fraud prevention in real estate, and the challenges posed by remote work and BYOD policies. They emphasize the importance of education, transparency, and innovative solutions in addressing security threats. The conversation also highlights the need for organizations to adapt to new technologies and approaches to effectively manage risks and protect their assets. Takeaways Education is crucial for residents to understand security risks. Risks and vulnerabilities are universal across industries. The browser has become the primary endpoint for security. Traditional security measures may not address modern threats. BYOD policies need to be flexible and secure. Transparency in security solutions builds trust with users. Organizations must adapt to the evolving threat landscape. Effective communication with vendors is essential for security. Policy-based access control can streamline security processes. User-centric policies can enhance security without hindering productivity. Sound Bites "Risks do not discriminate." "The browser is the new endpoint." "We need to manage risk intelligently." Chapters 00:00 Introduction and Backgrounds 03:29 Cybersecurity Landscape and Education 06:45 Fraud Prevention in Real Estate 09:39 Transparency in Security Solutions 12:32 Understanding Industry-Specific Threats 15:41 The Role of EDR and Browser Security 18:33 BYOD and Remote Work Policies 27:19 Dynamic Policy Management in Cybersecurity 37:17 The Future of Browser Security 46:28 Innovations in Security Solutions for 2025 Resources Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠ ⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠ ⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠ ⁠⁠⁠https://www.instagram.com/getsquarex/ https://www.linkedin.com/in/robert-pace097/ https://www.linkedin.com/in/vivekramachandran/

Summary In this episode of the Phillip Wylie Show, Int Eighty from Dualcore shares insights into his journey in cybersecurity and music. He discusses the evolution of bug bounty programs, the importance of hands-on experience in cybersecurity education, and his personal hacker origin story. Int Eighty also delves into red teaming, physical pentesting, and career hacking strategies for aspiring professionals. He emphasizes the significance of leveraging AI in cybersecurity and shares his experiences as a musician in the hacking community. Takeaways Int Eighty has performed at various cybersecurity events, including Nolacon and Bugcrowd events. Bug bounty programs have evolved to provide opportunities for hackers globally. Hands-on experience is crucial in cybersecurity education, often lacking in traditional university settings. Int Eighty's hacker origin story began with creative problem-solving as a child. Red teaming involves finding vulnerabilities without causing actual damage to the business. Physical pentesting can be approached creatively, often involving social engineering. Building a portfolio through free projects is essential for career advancement in cybersecurity. Avoiding burnout involves optimizing work schedules and understanding personal productivity patterns. AI can be leveraged to enhance productivity and efficiency in cybersecurity tasks. Dualcore combines Int Eighty's passion for hacking with his love for music, creating a unique niche. Sound Bites "I prefer to sit at home." "I just like computers." "Hack all the things." Chapters 00:00 Introduction to Dualcore and Live Performances 03:44 The Evolution of Bug Bounty Programs 06:20 The Role of Education in Cybersecurity 09:38 Hacker Origin Stories 12:22 Red Teaming and Offensive Security 15:39 Physical Pen Testing Experiences 24:32 The Art of Red Teaming 28:25 Career Hacking: Getting Your Foot in the Door 32:18 Optimizing Work and Avoiding Burnout 36:23 Leveraging AI in Red Teaming 41:26 The Intersection of Hacking and Music Resources https://x.com/int0x80 https://t.co/myhSQyweOp https://github.com/int0x80 https://inteighty.bandcamp.com/album/loyalty-2

Summary In this episode of the Phillip Wylie Show, host Phillip Wylie welcomes Lauren Lynch, a marketing professional and podcast producer, to discuss her journey into the world of marketing and podcasting. They explore the evolution of podcasting, the importance of video content, and the growth of HOU.SEC.CON, a cybersecurity conference that emphasizes community engagement and accessibility. Lauren shares insights on how to get started in podcasting and content creation, highlighting the low-cost opportunities available for aspiring creators. The conversation also touches on the significance of quality content in conferences and the collaborative efforts behind HOU.SEC.CON's success. Takeaways Lauren Lynch shares her unexpected journey into marketing. Podcasting is a low-cost way to disseminate information. The importance of video content in modern podcasting. Community engagement is key to successful conferences. Quality content is essential for attracting attendees. HOU.SEC.CON has seen significant growth in attendance. Accessibility in conferences helps include more participants. Aspiring podcasters should leverage free resources to learn. Networking and community involvement can lead to job opportunities. The balance between vendor sponsorship and quality content is crucial. Sound Bites "I think we've seen that over and over again." "We grew our audience by 46% in that first year." "We blew past that really quick." Chapters 00:00 Introduction to the Podcast and Guest 06:32 The Evolution of Podcasting and Content Creation 14:32 Getting Started in Content Creation and Marketing 25:03 Accessibility and Community Engagement in Conferences Resources https://www.linkedin.com/in/laurenandruslynch/ https://www.linkedin.com/company/houseccon/ http://houstonseccon.org/

Summary In this episode of the Philip Wylie Show, host Phillip Wylie interviews cybersecurity expert John Hammond. They discuss John's journey into hacking, the importance of Capture the Flag competitions, and the value of training and certifications in cybersecurity. John shares insights about his new educational platform, Just Hacking Training, and emphasizes the role of content creation in advancing one's career in the cybersecurity field. The conversation highlights the collaborative nature of cybersecurity education and encourages listeners to share their knowledge and experiences. Takeaways John Hammond's journey into cybersecurity began with a passion for video games and hacking. Capture the Flag competitions provide valuable skills that are applicable in real-world scenarios. Training resources for penetration testing are abundant and accessible online. Just Hacking Training aims to provide free and affordable cybersecurity education. Collaboration with other experts enhances the quality of educational content. Certifications can help beginners get their foot in the door in cybersecurity. The OSCP certification is highly regarded in the penetration testing community. Content creation can significantly impact career opportunities in cybersecurity. Sharing knowledge and experiences is crucial for community growth in cybersecurity. Continuous learning and adaptation are essential in the ever-evolving field of cybersecurity. Sound Bites "CTF is more difficult than real world." "Building up free accessible training." "It's a buffet assortment of training." Chapters 00:00 Introduction to John Hammond 01:36 John's Hacker Origin Story 04:07 The Value of Capture the Flag Competitions 07:08 Training for Aspiring Penetration Testers 09:11 Introducing Just Hacking Training 10:57 Collaborators in Cybersecurity Education 13:24 The Role of Certifications in Cybersecurity 16:55 Navigating Penetration Testing Certifications 19:14 The Impact of Content Creation on Career Growth 23:23 Encouragement for Aspiring Cybersecurity Professionals Resources https://www.linkedin.com/in/johnhammond010/ https://www.youtube.com/@_JohnHammond https://x.com/_JohnHammond https://www.justhacking.com/

Summary In this episode of the Phillip Wylie Show, Jayson E. Street shares his journey from a troubled childhood to becoming a prominent figure in the cybersecurity community. He discusses the importance of understanding the hacker mindset, the value of starting in blue team roles before transitioning to red team positions, and the significance of empathy and kindness in both personal and professional interactions. Through engaging stories and valuable insights, Jayson emphasizes the need for effective communication in security roles and the importance of fostering a supportive community. Takeaways Jayson E. Street emphasizes that everyone has a hacker origin story. Starting in blue team roles provides a solid foundation for cybersecurity careers. Effective communication is crucial for red teamers to convey findings to management. Success in security is measured by the impact on client awareness and behavior. Empathy and kindness are essential in navigating personal and professional relationships. The hacker mindset is about questioning and challenging the status quo. Networking and community support are vital in the cybersecurity field. Red teaming should focus on improving blue team defenses, not just breaking in. Personal growth often comes from overcoming past traumas and making conscious choices. It's important to remain humble and recognize that everyone has valuable insights to share. Sound Bites "You're one of my inspirations." "I was able to destroy them." "It's always time to be kind." Chapters 00:00 Introduction and Inspiration 03:18 The Hacker Origin Story 07:40 Starting in Cybersecurity: Blue Team First 13:03 Engaging Stories from the Field 21:58 The Importance of Communication in Security 25:26 Active Intrusions and Real-World Experiences 26:19 The Art of Social Engineering 30:56 The Hacker's Humility 36:05 From Rage to Empathy 41:02 Choosing Kindness Over Anger Resources https://www.linkedin.com/in/jstreet/ https://x.com/jaysonstreet https://jaysonestreet.com/

About the Guest: Rob Allen is a seasoned cybersecurity expert currently working as the Chief Product Officer at ThreatLocker. With over 25 years of experience in the IT industry, Rob has a rich background in managing IT environments, having spent nearly two decades at an MSP (Managed Service Provider) in Ireland. He transitioned from cleaning up ransomware attacks to helping organizations actively prevent them through Threat Locker's innovative cybersecurity solutions. Rob is known for his in-depth understanding of evolving cyber threats and promoting effective preventive measures against them. Episode Summary: In this engaging episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Rob Allen from Threat Locker. Together, they delve into the intricacies of modern cybersecurity threats, focusing on Threat Locker's innovative approaches to tackling ransomware and other malicious attacks. Listeners get a unique insight into the Threat Locker software, known for its preventive rather than reactive approach to cybersecurity, which includes features like default deny policies, ring fencing, and network control. Rob Allen unveils how the default deny approach helps mitigate cyber threats, including ransomware and living-off-the-land binaries, by blocking unauthorized actions before they happen. He emphasizes the need for robust security measures to limit what applications and scripts like PowerShell can do, thus preventing these tools from being weaponized by cybercriminals. Besides discussing practical security steps, Rob highlights how Threat Locker addresses the ever-evolving threat landscape using its innovative network control and threat detection capabilities. This conversation is packed with insights into how organizations can safeguard their IT environments in an era of increasingly complex cyber threats. Key Takeaways: * Default Deny Approach: Rob highlights the efficiency of Threat Locker's default deny policy, preventing unauthorized programs from running by approving only necessary applications. * Living Off the Land Prevention: The discussion covers methods to control and restrict the use of common Windows utilities like PowerShell, preventing them from serving malicious purposes. * Network Control: Insights into handling remote encryption threats through a unique approach to network traffic control, ensuring only trusted devices can connect. * The Role of AI: A glimpse into how AI can be both a tool for cybersecurity advancements and a potential threat when used by bad actors for phishing and malware development. * Zero Trust World Conference: Rob invites listeners to the Zero Trust World event focusing on hands-on cybersecurity training and knowledge exchange. Notable Quotes: * "100% of successful cyber attacks are not detected in time or at all." * "Prevent ransomware, lock it by default." * "AI is just as likely to be used against you as it is to protect you." * "The fact of the matter is, if nobody ever paid, there would be no such thing as ransomware." * "You cannot trust a ransomware gang." Resources: * Threat Locker Website: https://www.threatlocker.com * ThreatLocker LinkedIn: https://www.linkedin.com/company/threatlockerinc/ * Zero Trust World Event: Explore more at ZTW.com * Zero Trust World $200 off discount code: ZTWPW25 * ThreatLocker YouTube: https://www.youtube.com/@ThreatLocker * Rob's LinkedIn: https://www.linkedin.com/in/threatlockerrob/ Chapters 00:00 Introduction to ThreatLocker and Rob Allen 03:30 Rob Allen's Hacker Origin Story 06:23 Understanding ThreatLocker’s Approach to Cybersecurity 12:29 Living Off the Land: A Cybersecurity Challenge 16:39 Macro Vulnerabilities in Office Applications 19:20 Ransomware Prevention Strategies 23:40 The Importance of Network Control 31:55 AI in Cybersecurity: A Double-Edged Sword 37:37 Zero Trust World Conference Overview 39:56 Closing Thoughts and Resources 42:02 Zero Trust World discount code