Conference Launch and Keynote

All right, good morning everybody. My name is Huxley Barbie. I'm the only Huxley Barbie you're ever going to meet. U and I am the organizer for this conference. I know you're very disappointed because my name is not John Hammond. Uh but I assure you I will go as quickly as possible so that we can get to John's origin story. First and foremost, I want to remind everybody that when you bought a ticket, you check the box that says that you are familiar with our code of conduct and anti-harassment policy. Uh I hope that everybody will make sure that anybody who's attending can enjoy this conference, learn from this conference, no matter who they are and how they

choose to express themselves. Uh a couple other reminders. One is for all the sessions, we are going to clear all the rooms for the next session. So that means you can't sit here after one session to attend the next one. You have to go back out, get back on the queue in order to come back in. Uh appreciate all of your cooperation on that. There are four talks today that will not be recorded at the speaker's request. Once again, I hope everybody will abide by their uh the request of us. That means no recording by us. Also, everybody should have their phones put away for those sessions. Our volunteers will remind you if they see that you

have your phone out. Once again, I appreciate your cooperation there. So, here's a quick overview of the conference. Today, we have four speaking tracks. Red team talks are in this room. Blue team talks are downstairs in L2. The other the other colors of the infoset color wheel talks are also downstairs as well. Uh we also have an entrepreneur track which is down the hall at L76. Uh over here the room next door over is not a talk track is actually a workshop track. Uh if you have a laptop you're welcome to uh join us in the workshop room for one of the workshop workshops that we have today. Um, we have t-shirts available for you. Uh,

they're going to be one floor up. Each of you in your swag bag should have a t-shirt ticket. You need that to redeem a t-shirt for yourself. The same thing goes for lunches. You should have a ticket in your swag bag for lunch. Lunch is obviously not here yet. It'll be here in a few hours. Once it arrives, you can take that ticket, go upstairs and redeem your lunch. Uh we have multiple villages here today. We have some on the Hound Square which is two levels up and then we have um more villages on the second floor dining hall as well. Uh please um go and visit them. Uh new this year is we have a

career center. So, we have resume reviewers as well as career counselors that are staffing some tables two levels up. Um, please uh you're welcome to go there and speak with them to get your resume reviewed or to ask any questions about your career and things like this. We also have four capture the flags today, not just two that are listed up here. There are four capture the flags. We got CTFD.io IO clothes versus Joe's um red team village and AI village as well. See, one very important thing I want to mention to everybody is the conference survey. There's a QR code and if you don't want to click uh scan the QR code, I have the URL there for the Google

form. It is very very important for you to please provide your feedback to this conference. Many of the new things that you're seeing here today, for example, the fact that the conference is now contiguous as opposed to scattered over over multiple rooms or the fact that we have a career center is in fact based on the feedback from prior years. I read every single one of the responses uh to these the survey and this is really your conference and I need your input to make it better for next year and the years beyond. So, please, please, please, please, please take the time to provide feedback uh via that survey. All right. And the last thing I wanted

to mention before we move on uh is uh the fact that you all have 0 tickets to pay. So, think about what you have. You have a PCB badge. You're going to get a t-shirt. You get lunch. You get a variety of swag. You have this very large space that uh we're making use of today. Why is it $0? How is it possible that this is free when a Coke is like $5 these days and a $1 pizza is like three bucks everywhere you go? The reason why all this is free to you is because of these names up here. It is because of our sponsors that you have this opportunity at such a low cost. And so

it behooves all of you to please, please, please visit all of our sponsors, say hi to them, listen to what they have to say about their products and maybe learn a bit little bit more about what they can offer to you in your jobs. Now, just to further sweeten the deal for all of you, each of you should have one of these passport sponsors, sponsor passports in your swag bag. If you get 15 stars from 15 different sponsors, you will be you can come to the operations desk and hand this to us and you'll be entered into a raffle for prizes that will be redeemed at the end of today. All right, the prizes are worth between

$50 and $250. There'll be three of these given out and some of the sponsors may piggyback on top of this as well, so there may be additional prizes on top of that. All right, you have absolutely no reason to not go talk to at least 15 sponsors. All right. Um, but of course among all the sponsors, perhaps the most important one uh is John J. College who has donated this space to us. So you captive captive audience um uh may I introduce to you professor Jane who is head of the mathematics and computer science department. to give us a few words about John and Jane College. [applause]

>> Sounds like I paid good price to come here. It was totally worth it, right? Um, hello. Besides, thank you for choosing us again this year. Uh we've had the pleasure to host you for the past three years and before the pandemic for a few more. Um so thank you. I'm very happy to welcome you all at John J College. If this is the first time you're here, I want to let you know a little bit about John J. We have 12,000 plus undergraduates and graduate students here uh at John J. Our most popular majors are computer science, criminal justice, and psychology. Um, we are a Hispanic Servic Institute. We have 41% Hispanic, 26% black

students, 18% white, and 14% Asian students. We are a diverse college. 75% of our students come from New York City public schools. 85% of our students graduate with zero student debt. and 50% are first in family to go to college. So if you see a student over here uh you will find that they are really excited to be here and they're here for their education. Um we were recently designated as the NSA center of excellence in cyber defense. So our curriculum is rigorously evaluated by NSA program officer. Our students are natural leaders and I don't say that lightly. It nothing speaks for this louder than the fact that we have two tables here at the conference and one of

the tables I didn't even know about until Thursday. They reached out to Hudsley and crew and asked for a table. Uh they are at the villages. They are the computer science society. It's a club uh with uh I don't know how many members. I think they have at least 900 members uh right now because that's approximately the strength of a gun undergraduate program. So if you see our students um you know that they are natural leaders and they're here to learn to uh advance their careers and some of them are in the audience. Can I get a show of hands? Who's who's in our Come on just one. No, there's few of them. Oh, there

they are. There they are. [applause] Thank you for coming. [applause] So if you're looking for talent, don't look any further than this room or this conference. Uh if the student approaches you, please listen to them, offer advice. Any small amount of mentorship goes a long way for their careers. Uh and I can tell you they all have bright careers ahead of them. Um, if you're looking for further your own education, I don't mind advertising that we have 35 uh undergraduate majors, 14 M's program, 20 20 certificate programs, and we have pathways to the cyber security masters program. So, if anybody's looking to further their education, we have all here for you. Um, thanks for choosing uh us again this

year. I hope you'll have a good time and you'll come back next year. And now it's my pleasure to introduce John Hammond. He's a cyber security researcher, educator, content creator. Um he's in the research and development threat operations team at Huntress. He spends his day analyzing malware, making it making hackers earn their access. He was previously department of defense cyber training academy as an instructor. He has taught civilians and military members offensive Python, PowerShell and other scripts. Um he's also um a YouTube personality. So if you look for him on YouTube, you'll uh find programming tutorials, CTF video walkthroughs, and cyber security content. So please welcome John Hammond. [applause]

All righty. Does the microphone work? It works actually. Good morning, everyone. >> I need the podium mic there. >> You need the podium mic. So, I am I am immobile. I do need to be tied to the volume. I'm sorry. I I like to walk around, so I'll do my darnest. And hopefully there's not too much extra like three microphones in the way here. But hey, thank you all so much for coming to hang out and let me be here with you all for Bides New York City. Uh this is kind of cool. This is a real awesome opportunity for me. This [snorts] is a real treat and a real honor uh because I think it would be fun

to tell you a little bit about uh my origin story. And with that, there is some good, bad, and ugly. That's kind of a subtitle here because hey, maybe it's not all that we thought it would be when you're finding your way into the industry or finding your way into a passion or all the things that you're up to. Uh, so I hope you'll indulge me while we get to roll through the origin story. Um, let me knowe though that it gets a little bit weird. gets a little bit strange and I don't get to tell that story all that often or particularly very publicly. Um, it's not a story that most folks get to hear and I'm grateful

that you all are willing to tune in for what I'm up to. But I actually have to add a little caveat. Um, when I realize, oh, sure, hey, opening keynote, that's pretty cool. That's very exciting. It's super surreal and super sweet for that invitation and opportunity. Um, and Huxley had reached out and we jumped on a Zoom call. Hey, we got to get together and he offered this invitation. I'm flattered, honored, but he said like, you know, John, uh, the conference theme this year is actually inspired by something you said, John, something you said on Twitter. And that is a very horrifying sentence, if I may say. That's not something that I would have thought would be a good

thing. Um but he said look John you alluded to the fact that besides New York City was your first ever cyber security conference. Uh I said you know what you're right. Yeah. Way back when looking at my origin story this was the first ever conference cyber [clears throat] security bides I have ever been to. That's way back in 2018. Um and that I guess is part of my origin story. And way back in 2018, uh I was around over at the US Coast Guard Academy. We'll dive into more of that gory story very soon. Um but with all the cadets, this was kind of the first opportunity to go to a real security conference. And may I ask, is this folks

first besides New York City? Oh, that's awesome. Heck yeah. Anyone first like cyber security conference ever? Super cool. Well, thank you all for being here. So I attended with the uh Coast Guard Academy Kidlets while I was there as just cadet and we had this unspoken tradition that just now began and started while we went to conferences and events like this where we would commandeer uh some signage. We would uh swap and take oh just a cutesy the biz New York City two villages sign to having kind of our lab and room and area there. So, sorry about that. But it's a fun kind of unspoken silly thing now that we get to do. But I know that's an

old picture. And with that, while I'm going back in time a little bit to tell the origin story, I have to add a warning. I need to add a disclaimer because I feel bad talking about myself. Very, very weird, narcissistic, selfish story. And I asked Huxley, "Are you sure? Are are you sure especially for an open keynote like I know it doesn't need to be extremely technical. We still want to get hey the audience hyped up everyone involved in here but it's a cyber security conference. It's tech security. So we'll have some of that interweaved and mixed in but the still good bad and ugly of the beginnings of how we got to all the

stuff we're going to now. And with that I do need to get the obligatory credibility slide out of the way. But who am I? the introduction. I'm so grateful for that warm welcome. Uh really today spending my day job over at Huntress, but came back from uh the Coastg Guard Academy where those roots kind of got started. Learn a little bit with the Department of Defense Cyber Training Academy, but folks might be a little bit more familiar with my work online and on the internet. And I know none of this really matters, stupid, dumb, fake internet points. But I am grateful for all of your support and uh making it not become what it has become.

So let me take us back in time uh bring us not to say 2018 timeline not to say 2017 maybe 2016 2015 2014 a little bit maybe 10 years or so ago uh how I kind of fell into what is cyber security. I think I grew up like any kiddo like uh anyone thinking oh I want to make video games cuz I was a young kid and I like to play video games. Uh, I thought, you know what? I I I want to become a hacker. Like I see in the movies, like I see on TV, Hollywood has some like guy in a hoodie in the basement with a projector pointed at him, ones and zeros

flying around. I was like, that looks cool. Hollywood and media kind of glorified that. And I Googled. I remember literally googling how to become a hacker. And I found what was Eric S. Raymond, like one of the free and open source software kind of early visionaries on that front. I found his blog or his write up an article literally titled how to become a hacker. And way back when it was saying look you got to learn some scripting some some coding some programming. Uh and that was Python kind of the first language that they suggested. So in the [clears throat] early days high school and such I thought well let me learn just how to code. There was a little bit

of Python here and there. And in the those beginning like fundamental first steps, it was just trying to make things, trying to build, trying to create, experiment, oh, make a website, make a web app, run a little bit of Linux here and there. And that opened the door. But that's high [clears throat] school timeline, I'll admit. And I was thinking I got to now move on to university, college, school, and undergrad. But I had this thought. >> I would still really like to have some form of service in my life. Some military service some way. Whether that's ROC, whether that's going to, oh, just enlisting, going right out of high school, whatever the case may be. And I

had learned a little bit about the servicemies. Um, and if folks aren't tracking, oh, in the US here we have all the different military servicemies. They are an institution like a college or school undergrad, four years of college there. But you are now into the military branch of service. US Air Force Academy, US Military Academy for the Army, US Naval Academy, Naval Academy, etc., etc. And that was interesting to me because it was almost two birds with one stone. I could fit in some oh military time that I knew I wanted in my life and college and education. And I'll admit I was kind of risk averse uh growing up. I was thinking look I want this traditional

path that everyone says oh go to college. And I knew I still wanted some time here with the military. The thing about the servicemies is that they are free. Big air quotes on free because you are a member of the military, right? You're active duty. You're a cadet. You're paid with the monthly paycheck and then whatever they need for your uniforms or for your board or for your textbooks or for all of the things that both school and military time are taken out of your paycheck. So, as cadet, you are paid monthly, but you don't have a whole lot of funds. You're still kind of in school and you're on base. You're on campus. You're usually locked into there, not

having liberty, but the availability to go out uh to go see the town, to go watch a movie at night, to go to dinner. You basically have to be in your room and on campus. Now, I applied thinking this is the way, this is how I could find myself into my future. I had uh two nominations for the Naval Academy, one nomination for the Air Force Academy, and you need to go through some congressional nomination and have some House of Representatives senator kind of vote for you, give you the thumbs up to say, "Yes, I uh elect this individual for an appointment at the academy." I have one for an application in for West Point Military

County, but I actually pulled that away because the Coast Guard Academy said yes. And that's the only one that does not require some nomination or congressional thumbs up. But let me add another kind of bullet point here. Coastg guard academy is very small. Um and I think our servicemies USMA military academy are also small maybe about 4,000 or so total students cadets from the shipment. Coastg guard academy is like around 400. Uh there will be maybe a hundred or so students in a class. I think they've amped that up now. Maybe 150, maybe 200 or so. But it is a small tight-knit family kind of thing. And they don't particularly or at the time when I attended have a computer science

program of study. Now me growing up as a kid thinking, "Oh, I want to get into programming. I want to code. I want to be a hacker in some way or shape or form." They didn't have computer science. But it's a free four-year education, but it's oh an entry point and like your life handed to you on a silver platter because then you got a career, you got a job right out of your right out of the gate of graduation. But they didn't particularly have my passion. Um, they had an electrical engineering degree, but that is studies of signals and systems and applause transforms and four-year stuff that I really don't use at all in my

day-to-day. But I thought, let's do it. I do want that opportunity. I do want to set my life on the right track. That was the intent. And I opted, let's go all in for the Coast Guard Academy. credit. That was moving from uh old New Hampshire, New England for me. Uh cutting up the high school graduation, getting that done. And YouTube has been a concurrent thread throughout my life. You might be able to see maybe something cutesy in the corner. YouTube was just about at 1,000 subscribers of something fun to get videos, training, and education out the door. And then I thought, well, we're going to put it on hold because that was something while I

was doing at high school along the way, I've been studying and learning. And now I got to go do Coast Guard stuff. Sill the graduation pictures. Oh, getting in the car. You You probably can't see it written on the window, but there's some like marker crayon coast guard or bust I was pretty hyped up about. And that was that. That was the new life, the new John. That was me thinking, okay, time to do boat stuff, which is not cyber security. [laughter] And I was in the Coast Guard for a little bit. At the Coast Guard Academy school training, granted, you go to class in uniform. You stand at the position of attention whenever you're a

like beginner freshman or they call these silly funny names for the new indoctrinated cadetses. Uh you you might hear some othermies will call someone a pleb. I think that's a naval academy or cow. I don't know if I don't know if military academy still. Uh but for the Coast Guard, you are a swab for your very first year and you always need to be at the position of attention. You need to like square your corners and the way that you navigate or move around. You either have to sound off or shout and yell for a lot of the communication. And you always need to be at the absolute edge of the stairwell, the ladder well they call it, or the

Pway or the bulkhead or all those nautical terms doing boat stuff. So, I had a lot of fun there, but it felt like I was putting cyber security and technology and computers and programming off to the side. Well, I played in a marching band. I joined the sailing team. Got to ride around this RHIB to oh, keep an eye on some of the stuff. And then you go through a lot of summer training because you are military, active duty, still training to become what would be an officer at the end of four years of school. That's the care. That's the gimmick. I don't know if I got that included as well as I should have, but look, once you graduate

at one of the militarymies, you spend 5 years now as a commissioned officer in that branch of service. That's that's the plan. That's the game plan. That's the idea that okay, cool. I do have a job and something solid and certified for me getting out of school. But I'm doing a couple of the summer training things. You might be able to see me in the engine room. Uh that's the Coast Guard cutter eagle, a big tall ship. But I would spend some time on different summer training uh assignments. I was on a buoy tender way over in um Rhode Island. I was over on a fast response cutter between Miami and the Bahamas picking up drugs, stopping

uh drug runners here and there. And I'm living it up. are enjoying or now leaning into college school cyber security sort of not really. You might be able to see at the very bottom because we started to get the breadcrumbs there in place while everything else you're balancing academics, school and sports so to speak and military. So play to their bands. I even got to be some of their like regimental review announcer for when they would walk parades and we'd be out and about on the parade field. And that's another kind of key component if I may. When we lean into the military end of this, the differentmies have these core values or even not to say

these restrictions or rules for what you're doing. They have this um slogan, a cadet shall not lie, cheat or steal. Right? You need to be the utmost in integrity. You've got to be strong and sharp and regimented and militant. So, they take things like, oh, cheating on your homework or uh-oh, maybe doing something like getting some food from the wardrobe late at night, silly stuff that they'll kind of crack down on and and hor. And you've got to be in your room, right? You don't have liberty unless you're one of the upper classmans. Can't always go out on the weekends. It's a strange strange place. But all those rules are in the way uh alongside what

we do. Let me note though, um I was telling you a little bit about some of the training that we did uh while I was either on a boot buoy tender or help and support with the parades. And again, this is just how I was getting further and further away from what I thought I wanted to [snorts] do, which was computers and tech and cyber security. When I was telling myself, I kept telling myself, look, this is a springboard. this is a way for me to get a job right out of the gates, but it was really really not on the keyboard. Um, so I tried to fit that in while I could. I tried to still oh maybe record some

YouTube videos over in the library or practice and play with anything that I could see or learn online. And some time ago, there was the beginnings, the very early embers of the fire for a cyber team. I know this sounds silly, but I mentioned we have to balance academics, military duties and sports. Uh, every cadet or midshipman needs to spend a 2 hours a day for like the practice time that they have for their sport of choice. You got to be athletic. Uh so folks that will play football, go play football, folks that will play soccer basketball whatever. And some way somehow we were able to swindle some admirals and generals and tell them that look

cyber security is a sport and it, you know, to a certain extent could very well be, right? Uh playing some capture the flag or working in these games and having some competitive edge to what we're up to. And the way that that kind of all took shape was an event that was happening called cyber stakes. Um, and this was something that Daro put together. I think now it's with the Army Cyber Institute was going back and forth with the Plaid Parliament opponent uh for all secure team. Anyway, they hosted this game, this event where they invited all the different servicemies. There was an online qualifier for the cadetses or midshipman that might want to play and

participate. and I wanted to try my hand at it. Uh, and as a fourth class or as a freshman, right, sort of thing. And I guess I did well enough that said, "Hey, John, you can come along for the in-person actual event IRL." Um, and that was kind of a sweet opportunity because it meant, hey, we're finally on keyboard. We're finally doing some technology stuff. And it's a CTF. I didn't realize it or know it at the time, but it is a capture the flag be Jeopardy style challenges, breaking binaries, web application security, cryptography here and there. And those were the again beginning breadcrumbs that start to kind of open the floodgates for me. I have a very uh

visceral memory uh someone that I'll probably never forget, a very vivid memory when hey we are on our way to the cyber stakes events and competition and game. Um because I'm still a freshman, right? I'm still a fourth class. I got me at the position of attention, squared up, braced away, walking down the ladder. Well, and they're instilling all this discipline in you. And even will you do the right thing when no one's watching kind of thing. Now, at 2:00 in the morning, well before revy, well before the trumpets and alarms that all go up to wake everyone up for just after taps after 10 p.m. midnight and all 2 in the morning when we go leave to go to

this event, I got to be squaring down the stairs of the ladder well to make sure I'm always at the edge. No one's around to watch. But I remember thinking in the moment, this is it. Like, this is what I really wanted to do. This is tech. This is cyber security. And it's getting to work sort of side by side with other service members, the cadets in the shipment, government and military. It felt super exciting. I'm glad that opened the floodgates cuz I had no idea what a CTF was. This this was the whole introduction. Now, I got to say we were not that good. Uh first opportunity, first time we're at an event like this and kind of feeling a

little bit like the other docs. don't we don't have a computer science degree. We don't have a strict cyber security major or program. We're starting from scratch kind of with nothing to go off of here. But that began the cyber team as we realized, okay, all the other services andmies have taken this more seriously. we really need to start and we'll kick up and start this sort of extracurricular after class after school activity, a club, a team, a sport, so to speak, when we'll have a dedicated 1,600-,800 time period every day to practice. And that was awesome because that meant, okay, we're actually getting a chance to practice. We're actually getting a chance to learn. We're actually finding

material, training, different war games, different cyber ranges, different things that we could cut our teeth on and get super sharp. And then we kind of started to get with it. I had so much fun with this because I felt like, hey, you know, freshman kind of thing. We started off strong, getting an opportunity to go to this event. How could I teach other people what I'm learning about? How could I create new exercises for war games and just sort of teach colleagues and peers and friends? And then we start to crush it. We go to different events, CDX, NCX, all these acronyms here for cyber defense or uh NSA cyber exercise. Cool things there. Different cyber stakes

competitions where we come back and now start to win. Get a gold medal, get a silver medal, get a bronze medal. And we weren't just the underdogs. worth is kind of the bot. That was awesome. And we do this a little bit. A couple years go by and we get to not to say the senior year, but yeah, realistically, okay, the final year of my time in tenure at the Coastg Guard Academy and I am becoming what is the the team captain or the QT uh sports team captain to be the club president kind of thing of our extracurricular learning, cyber security. And we now have a whole lot of VIPs that want to come on base, come on

to the academy and learn and understand what is the cyber team doing? What what is Coast Guard Cyber going to look like? Who do we have kind of upcoming in the generation to do this a little bit more? And I'm the dude that gets to talk to these generals or these gold stars and whatever admirals that might come to work with some of those VIPs and present to them what we've been doing, what we're learning and just try to make cyber security approachable for folks like that. Um, that's a very fascinating and wild experience. um because you're trying to prepare demos for folks that are very uh detached from technology and cyber security in the world today. Um we

had uh some of the previous common or VIP kind of folks where we wanted to let them play with a sort of heartbleleed exercise. Folks are familiar with heartbleleed. Yeah. Old vulnerability leaking data from some server here. So we put together I I had made some small cutesy interface on the command line where you could give it a word much like the XKCD comic if folks are familiar with this. Uh give it a word like apple and say how how long is that word? Well apple is just five letters. So we'd return the five letters of the word apple. So if you gave it the word apple and then said look this word is actually

500 characters long it will spit back some more data. So, super tiny, super little experiment and demo to replicate a heart bleed bug for someone that has no idea a lot of this tech behind it. And I I tell this anecdote, I'm sorry, because we handed this highly folk uh wireless keyboard to be able to type in the word Apple into the thing. And we handed him the keyboard and he had it like backwards. He did not know that he needed to turn the wireless keyboard around to be able to use the keyboard. So that was sometimes, you know, the the stories that we would tell folks that were trying to get a little bit sharper and

smarter in security. But that's an anecdote. I'm sorry. I tell you all this because I feel like I found some footing. I found the passion and I was able to explore and fall down that rabbit hole while I'm at the Coast Guard cabin, which it seemed like from the beginning there wasn't going to be an outlet for what I was up to. And I got to cut my teeth on. I got to get smart. I got to learn. I got to practice. I got to prepare material, train folks, train friends. And I absolutely loved it. I was obsessed with it. And that became all that I cared about. I didn't want to do school work. I didn't want to deal

with any of the military uniform inspection march parade things. everything else just sort of faded away because I wanted to do cyber security stuff. I wanted to keep pouring into the cyber team and I kind of lost my grip on everything else and I'm getting to that senior year, right? Falling asleep in class but thinking like I'm going to get out of here, you know, I'll graduate and maybe we can make it to Coast Guard Cyber Command. That was kind of the end goal. now a new billet or assignment that could be opened up. But I found myself getting in some hot water and there are a couple anecdotes that we could kind of keep pouring into

here. Different stories that hey, John is on the hook for things that uh probably are not the best look. Some of my teammates, some of my classmates, some of the folks in the cyber team are underclassmen and they are individuals that are super excited, passionate, and want to love this whole cyber team just as well. But they are fighting school work and dealing through all this stuff. And at one point there was a assignment in one of their courses or school classes that I had already passed because I was an upper classman, they were an underassman, and they said like, "Hey, John, could I just use the template that you wrote for this report um so that way we can speed up and get

that work done because they were busy with the MIT CTF or some other event that we were out and about for." I'm like, "Yeah, sure. Of course, you go." And this is something that is in another class that I'm not in. Um, and an assignment that I don't have. And they use this template. They change all the material. They uh tweak up the content. And they forget to leave my name on that paper that they submit and report and put in for their homework. And remember, cadets shall not lie, cheat or steal. But now they have cheated on this homework and this assignment because oh they had this template that I given them which is the same as what you could find

on some online resource like Blackboard or Desire to Learn for folks that know that in the education realm but now I'm on the hook too because I'm the senior member and well I cheated even though I'm not in that class and don't have that assignment. So I started to kind of bite back at that scenario. I would sit through what for honor board or masks or sort of the non-judicial punishment kind of thing that they let cadetses go through to emulate and replicate what's out and about in the Coast Guard other services. And I kind of got my wrists slapped for that. That puts you on probation. that puts you on suitability for service where you're no longer allowed to leave

the campus even if you earn some of those privileges as you climb the ranks to become an upper classman senior whoever the case may be. Um sometimes there's room restriction where you can't leave base. Sometimes there's different uh suitability for service where they put you kind of with behind the shackles there. And this happens a couple other situations, a couple other times because there are further investigations uh where these underassmen I'm out and about with maybe after I've been on this suitability for service of this probation, if I request or write a special request to please ask permission to go out for maybe a holiday ball or celebration or dance that we have, right? military dance, military ball

kind of thing, winter formal. Um, I got the authorized permission, but these other class, these other second class might be able to two sls here, four being a freshman, three being sophomore etc. I uh was not tracking that they didn't have permission or overnight uh availability to leave base and stay at some hotel or Airbnb. Now again, I'm the senior member and I'm kind of on the hook for that even if I wasn't aware and was tracking. And you may or may not have different opinions. Uh oh, John, of course, maybe you should or shouldn't be in trouble finger wacking for something like that. But it did kind of put me on the colts. And with that already damaged

with some reputation stuff of oh honor development, honor remediation for the previous infraction, incident, and breach. They lock it all down a little bit further. John, now you got to write some journals. You got to tell us how you've improved your honor and your all the uh internal growth that you've had from your professional development walking through these experiences. blah blah blah. But now I'm on strike number two, right? And we're getting close to what's supposed to be graduation. What's supposed to be oh the new beginning of the rest of my life and getting out of school work and hopefully finding a way to Coast Guard Cyber Command to be able to do this a little bit more. And um

I could tell you a little bit more, but I don't know how far down the rabbit hole we'd like to go. While I am on this suitability for service and probation where I'm not allowed to leave base, of course, all the graduated cadetses and uh officers in the military have to be very well-rounded. So, there's some mandatory classes that you'll have to take on lifetime sports like raetball or badmitten or golf. And uh as a sophomore, you take one of these and as a first year or senior, you'll take the next advanced class. So I was taking advanced golf. And advanced golf requires you to leave base and go play on a real golf course, not just

putter around on like the football field on campus. I don't know if you caught the key word there. That means leave base, which I can't do. And I'm sure I could have asked to raise my hand and try to be a squeaky wheel to say, "Hey, how am I supposed to get this done as my assignment to play however many rounds of golf?" Um, and these scorecards that are necessary to prove and to apply testament that you did go out and play golf or two at the end of the semester after final exams and all this very end of the year. Now, I'm scrambling and this is again maybe a blunder. I don't know when it is, what day, what time,

but I'm like, I got to get these store cards just out of my life, out of the way. And folks probably all the time just fill in whatever days they went to a golf course. Submit that. Turn it in. Here you go. Now, I was not paying attention or not being as smart as I should be with my clever tricks because uh another officer, a class team teacher, instructor comes to me and says like, "Hey, John, I was looking at your golf scorecards and I don't think you did go golfing on January 17th because there was a snowstorm that day." I said, "Oh, yeah, you're right. >> [laughter] >> Um, and that's one of those, oh, cadet shall

not lie, cheater, steel thing, and I just filled out some golf guard timelines. And that is the stupid silly straw that broke the camel's back. That's our third strike. And maybe we want to think, oh, I didn't get to particularly get my way out the door because I didn't play enough golf. But I remember in the evaluation reports as a member of either cadet enlisted or officer, you have your OEER or EER. Folks might be familiar with that acronym. And I remember senior year, final semester, absolute end of this four-year race, squaring away and being in uniform, going to class and work every day like it was etched in stone. commanding officer and company officer

says, "John is not ready to graduate." And I'm like, "Crap." four years of the life that I wanted to set in place while it was handed to me on a silver platter. Free air quote school, free training and education and all the things that I've done to be able to build up this team, speak with the microphone for parades, be in the band just slipped through my fingers because I made some stupid mistakes. And they say, "Hey, John, that's three strikes you're out." uh after all of these non-judicial punishment proceedings, your masked uh kind of the oh investigation as they uncover, you're out the door, dude. Sorry, we can't let you graduate. And that, okay, is a bit of a hit.

That's a good quick kick in the pants, but I'm trying to be all adult and tough like, all right, we'll move forward. We'll figure it out. will determine what goes what goes next in our life. Maybe this is a good thing somewhat some way somehow. Maybe we get to do more of the cyber security work we were thinking of. But remember how I said I was free. That doesn't normally happen. Uh right, it doesn't normally go through the situation where someone gets kicked out at the very end of their military training time period. And the way that they remedy this is by giving you two options. You could uh do financial recruitment and pay back

whatever the government military has paid for you. Or you could do the equivalent time as an enlisted member as a boat in this case like oh running the lines handling small boats at the small boat station. Now I don't have a spare $200,000 or whatever the heck it might have been. And I thought, let's go for that enlisted option. Let's just go be a Bosen's mate. I'll kick around however many years again just wasting away, not doing the cyber security stuff I want to do. And now while I'm leaving the academy, while I'm leaving the campus school base, while we're doing this out processing work, they kind of put you on busy work because you can't be in a

school classroom anymore. You can't be in the barracks with the other cadetses. you're just kind of weird zombie purgatory state. So they give me a little job as some busy work to work with the IT shop and we do some things to oh check the education devices servers different printers here in on base in campus and I'm basically running inventory stupid stuff trying to work through do we have everything that we should and this is still just stuff that is not cyber security but it's something to get you out of sight out of mind now I make another Blender here. Are folks familiar with Nurosoft tools? Yeah, I see a couple nods. Nuroft is neat. It's a uh utility and collection

of tools for uncovering passwords. Uh to be able to see, oh, remember you forgotten your password. Let's go see what it would be. Um from cache data, from things stored on your Windows operating system. And at some point while I'm boppinging around looking at different servers trying to go, I'll take the property tag and do inventory on these different rooms and different classrooms, stupid me gets a dumb idea and just kind of wonders, huh, what's on that computer over there? I wonder I wonder what's there silly things. And this is something that I had poked and played with before because I was on the security team and cyber team and just oh uh could I use this nurse off tool to

uncover passwords and uh I had [clears throat] it on network drive because that was something that again we got to do for the work that I did and I thought I'd run it on my computer in that computer in that classroom in that basement of that building. I don't remember exactly how it would have been hooked up or triggered one way or another, but HBSS, the hostbased security system, probably did not like me running passwords and trying to see what and recover what they all are. So, that raised a little alert and that got me even further on the naughty list um because I have committed now a significant cyber violation and I am a

cyber criminal. Whoops. Uh, now they don't trust John with a computer. So they take away the laptop. They commandeer. They say John can no longer work with the IT shop. They say, um, don't let him communicate or talk with any cadets cuz he'll be poisoning the air. Toxic environment. Um, and they say, "You cannot go enlisted as a Bosen's mate anymore. We're getting you out of the Coast Guard." Okay, yeah, that makes sense. And they give me more busy work. I get to pull weeds. I get to uh do some landscaping. I get to roll the lawn mower around. Uh and for some time I actually did that grounds work with a couple of civilians and contractors to

the point where I was just rolling around on the ground in mulch to pull weeds. Now I am a light-skinned guy with red hair and I got a big sunburn. So I went to the chapel, the kind of campus chaplain and said like, "Can I do something else?" Because this is quite literally burning the eye. And they said, "Look, you can go do public works. You can work with the team that might need to manage the government vehicles." So I got to leave base to go drive those around, uh, bring them to the car wash, [snorts] and then just do other odd jobs, other busy work. more inventory, determining what needs to go in the

trash for recycling, not cyber security work, carrying desks, carrying couches, carrying stupid stuff that doesn't matter. This is all at the Coastg Guard Academy campus, which has a very green, very New England vibe to it, right? And they have a lot of trees. I don't know if you saw or seen a blue little tag on the trees, but turns out that should be inventory, too. So, my tasking was quite literally go count trees [laughter] and they gave me a map [laughter] of all however many thousands of trees on campus. This was silly. We did this for our air conditioners once I got done with the trees. I really like this job a lot better. Um, try to see the heating

in one room and I would try and scramble to get my life in order while I would pour into YouTube. Uh, I can't be in the regular cadet barracks, so in Monroe Hall or the other kind of sequestered spot. I'm trying to spend time to put things away. And these 9 months or so, however long that I've been waiting around, just literally 9 months or I don't know the maybe six in this timeline here. uh all this out processing that they needed to do, all the back and forth of all the paperwork and the filings and all, I'm just wasting away. So, I finally ask, can I leave? Can I have this leave without pay? And finally, it's approved.

And then I begin trying to rebuild my life. What I thought I was backed into a corner, when I thought I kind of had nothing else to work off of and rebuild with, I go to these different events. Uh, I would speak at Bides Connecticut. That was kind of the first gig. And I started to cold call people on the internet. Literally just, hey, who can I reach out to? Who can I ask for help from? And I found people that I just thought looked cool. It had a high follower count that had some sweet, funny, I don't know, cool banner or profile picture. And some way, somehow, I messaged a gentleman named Kyle. Uh,

and folks aren't too familiar with Huntress or my day job, right? He's the old CEO there. He calls himself the chief janitor. And it was just absolute cold call outreach to some stranger on the internet. Hey, uh I I do this online security stuff. I try to make videos. Would you be willing to like give it a shout out? Um and this is again me scrambling. We try to cover what I could do. Kyle says, "Yeah, I can take a look at this." And look, you don't need to ask for some payment or try to figure out a money conversation. It's a very Kyle thing to say while he's laughing at some of these. Um, but I know I'm coming

to the end of time, so I do want to speed this up. I'm sorry I was rambling for a little bit as I get to know Kyle over the internet. Um, we schedule some time to catch up to meet meet in person. I'm finally out of the academy and trying to find my career over in DC. And eventually, years later, while those screenshots might have been in 2018, come 2020, he says, "Look, John, we've been having a lot of fun at Huntress. do you want to come join the party? Now, um, and that opened the door for really me to find the current deja where I have myself. Now, all of this is to say, and I will wrap

this up because I know I've been rambling and I feel like we kind of hope cut ourselves off at the end here. When you have this idea of success or what you accomplish or what you want to do, you don't really think of those turns or those twists or the mistakes that might be made along the way. It's not a straight line. It's some completely random scattered sometimes going backwards, going all over the place as to how you find what you think you want for success. The YouTube thing along the lines that I've had concurrent throughout my life just got to be something I could pour into because I kind of got myself kicked to the curb

over with what I thought would be my career, Coast Guard, and all. So, you might be able to see some of the arrows here. zero way back in 11 2011 maybe you can see the graph start to curve up for hey 2018 once I'm kicked out of the Coast Guard uh and then 2020 once I jump in with Huntress that red arrow does as well and we see this thing grow that's been very very very cool and very surreal but I do want to wrap this up um I hope I don't know if that's a call to action for you when you're thinking of what you might be up to here at the conference try to take everything that

you learn so you have some notes so you have something to bring back home so you have something to bring to the team and colleagues know that it'll take time for you getting sharper and you getting better I have this silly analogy of an ice cube and this sounds stupid maybe kind of wax and poetic but say you could try to melt this ice cube that's your goal that's your objective that's something that you got to do over time maybe there's some rule limitation You can only change the temperature in this, I don't know, fridge imaginary situation here. Maybe one degree at a time or a tenth of a degree at the time. How can

you get this thing to melt? Well, eventually it will melt because you put in that work. You try to turn the heat on, but no one's going to get to see that effort. No one's going to get to see the transition when that ice cube melts. and doing that, putting in that work, finding those mistakes, finding those whoops, failures, burnout, things that put you in a place you never thought you'd be in. I know those suck, but no one also talks about when you've reached that goal, when you've met the finale, when you're kind of there at the end. You got a good story to tell, [clears throat] good, bad, and ugly. You got an origin story.

I hope uh you had some fun with uh my whoops, fatigue, failures, and the unexpected path that I found myself on to get here. Maybe you never melt the ice cube, but you keep at it. You keep trying. You keep up that effort. Keep the heat on. Thanks everybody. I hope that was a little bit [applause]