HG - Penetration Testing Experience and How to Get It

thanks for the introduction and thanks everyone for joining so I am Philip Wy I have my cissp OSP and Sans GW aperts my current role is offensive security expert at Horizon 3. a we have an autonomous pentesting platform I'm an offensive security professional in evangelist so even outside of my day job since we have offensive security tool I'm always Evangel evangelizing the need for offensive security I think it's one area that's often un un overlooked uh underestimated and misunderstood because you can do all the compliance you want you can be PCI Compliant but that doesn't mean your company can't be breached some companies are too caught up on the compliance while compliance is important you need to make sure that

you're doing your due diligence everything proper pen testing and everything to make sure that what you're doing is working so I'm a former adjunct instructor so I used to teach at Dallas college so that was kind of a turning point for me in my career I've always been kind of competitive person I used to be a powerlifter uh when I worked in sales I was always trying to be the top sales person so always worked hard at what I was doing not to say I was ever the best hacker or pentester but always really put so much effort in that but in 2018 I became more outwardly focused uh I kind of looked at my wife what she was

doing she taught ESL program she had a lot of students that were uh undocumented uh immigrants and they would come to her for help and when they needed help and just see that Legacy that she built and and how she was helping those people and I wanted to do the same thing so I started teaching at Dallas College got into a lot more mentoring and speaking so my book The pentester Blueprint came out of my lecture at Dallas College on becoming a pentester which turned into a conference talk at bsize DFW in in 2018 and kind of an interesting fact when I gave that talk some of the people that was in the audience you may have heard of uh Jun

know she's part of the cult of the dead cow she was one of my students but at the time of that presentation she was just kind of in the audience I knew her from the community she watched The Talk uh enrolled in my pentesting class the the next semester and then went on to be a really good pentester and all around awesome cyber security professional and so last year during Bishop Fox Defcon live stream I had the honor of being interviewed by her on that live stream so really cool to see uh former students and mentees get out there and doing stuff so let's a lot of where my focus is at why I got into the conference

speaking and stuff why I wrote the book the book was a way to provide that information to people that aren't going to the conferences because every conference I went to that I gave the pentester blueprint talk a majority of the audience had heard it yet so give these talks so many times over when people review uh conference talks they think well we can't take talks that's been given somewhere El somewhere else but you just don't know how many times those talks haven't been been uh heard and so that's one of the reasons writing the book was a way to get that information out there to to people that I would probably never run into at a

conference or anywhere else so uh this been one of my proudest achievements and a way to serve the community and serve those I hadn't got to meet yet so I'm also was featured in tribe of hackers red team book that's kind of how I got the the book deal they asked me if I had any ideas for a book and I wanted to turn that into book I'm also the host of the the hacker Factory previous host of the hacker Factory podcast which uh I went independent last April April of last year and the new show is the Philip Wy show same format video now and just not Audio Only uh at the recommendation of some

friends I went independent and so this is one story that I like to share with everyone trying to break into cyber security because whenever whenever I graduated high school a long time ago I graduated like back in 1984 and I didn't know what I wanted to do I didn't take High School seriously and my my grade point average wasn't high enough for my college entrance exam score so I was going to have to get like eight recommendation letters from teachers and so I really decided my heart really wasn't into it I didn't know what I wanted to do anyway so some of my friends said you know you're a power hter you're a big guy you should

be a pro wrestler so I thought that sounds fun so I went off and went to wrestling school and and wrestled professionally for a couple years and during that time I wrestled people like Mick Foley uh went to wrestling school at the Undertaker uh wrestled uh the free two of the three free birds Michael Hayes and buddy Robert Roberts uh Wrestled a couple of Dwayne Johnson's relatives that wrestled as the Samo and SWAT team so it was an interesting experience but when I got married I needed a job with insurance and benefits and pro wrestling didn't have any benefits at that time uh I was making like maybe when I first started wrestling I got $75 a night and

by the time uh I quit wrestling they were paying $25 per match which You' only get to wrestle typically one time they didn't have insurance so if you got injured you're just kind of having to take care of this out of your own pocket so I was trying to figure out what to do so I worked all sorts of manual labor jobs and I'm the kind of person that I have to be doing something I'm interested in or it's just hard hard to do out of all the jobs I did I did Manual Labor retail sales worked as a cook busting tables washing dishes putting up fences Roofing houses uh doing construction didn't like any of

that stuff uh but the one job I did like was jewelry sales I was working at a jewelry store I was always number one and number two and selling jewelry in the store and the family that owned that that jewelry store they were starting a new chain they were uh lebanes and they thought if we created a store chain with an American sounding name we could be you know compete with zeles and stuff like that so they're intent was to bring me in and make me an assistant manager and so the store manager had different ideas there was the person that was always either beating me or getting beat by me in sales was a qualified candidate and

he was really want to put hurt in as assistant manager I totally understood that but one of the things I did realize too is I needed to get some skills where I can make a good living and it's not dependent on someone's political or just someone's opinion just you know right or wrong you know you you work in some of those type of jobs you're only going to get ahead as much as the people helping you even back to pro wrestling it was kind of dependent on whether people wanted to do something with you to promote you because when I wrestled I had to lose all the time and they that's refer to as a jobber or a job boy so

you're paid to go and lose to make the good guys look good and so one of the things there is if they like you or if you're a relative of someone in that you get to move up quicker and there was someone there that was booking the matches when I was there that year in the wccw which is in Dallas Fort Worth where the Von Erics wrestled anyone seen the ironclaw movie it was that wrestling territory they uh one of the Bookers there wanted to send me to Kansas City and that was one of the spots where they people got practice you know got the experience and come back and got to be a legitimate wrestler and not lose all the

time but by the time uh they got around to planning that he had the the Federation had been sold off someone else come in so I lost that that connection so one of the things I looked at based on that experience working in the jewelry store I needed to get a trade where I can make good money in advance regardless of whether I was a manager or whether you know depending on what someone's preference wouldn't hold me back in my career so one day I was watching television and saw this uh commercial for the American trades Institute is a trade school in uh Hurst Texas and always like drawing in high school and took some drafting classes so

I decided to to attend that school so I learned AutoCAD so this was back in by the time I got out was about 94 I was like one of the another one of the points I like to share here to encourage people when I was going through this CAD school I had a computer at home my ex-wife's dad had gave us a computer and basically all we were doing is back then you had Prodigy was one of the internet services or whatever and you was really limited what you could do you could play online games I could boot a computer play those online games and that was it once I went to CAD school I was probably

the worst computer skills-wise and by the time I got finished with school and was in the workplace I was Finding different uh features on new versions of AutoCAD quicker than my co-workers were and when Windows 95 came out I figured out how to use that I was figuring out how to be able to network systems how to print do Network printing when our local it guy which uh I worked for this this uh Manufacturing Company their main headquarters was in Stevenville Texas that's where all the IT staff was at but they had one accounting person that did our it in our office he wasn't able to figure out how to get Windows to print uh Windows 95 to

print on Noel Network and I was able to figure it out and this is the first time I ever got called a hacker so before I ever thought about being one this guy was kind of uh jealous because I was able to figure out something he wasn't he was kind of the the on-site uh IT staff but what I've learned is I had a lot more better more of a knack and just kind of reiterating on that story I went in not thinking I had the skills and I learned it so if you're just starting out in your career maybe you've been in security you're just getting into pen testing the more you do these things the

better you're going to get so kind of give yourself some Grace and realize that you don't start out is this awesome hacker pentester or whatever security Prof professional it takes time and you can get there and if you're ambitious and put in the time you can get there sooner so I found out about CIS admin work I was being uh the company I was working at we were being buil out at $30 an hour we were making half of that they brought in a consultant to work on our server and they were billing out $50 an hour so I thought well he's making about $25 an hour that's $10 an hour more than what I'm making and what they're doing

looks a lot more interesting so I taught myself how to build computers took a noville netware network operating system uh course for those of you that not familiar with that Noel netware was the predominant network network operating system before Microsoft came out with active directory so got my first admin job did that for 6 years and wanted to get information security got some uh the cissp and the the NSA IM certification and got to move over in the security team in 2004 so we got a new siso at the company about 2005 around September 2005 he had a more modern idea of the way security organizations should be uh divided so for for us it was everyone

was doing network security firewalls intrusion detection systems some vulnerability scanning but when he came in he put me on the application security team and that's where I found out about pen testing I was managing our third party pentest and got to do some vulnerability scanning so when I got laid off in 2012 I applied for a Consulting role with Verizon and got my first pen testing job and another lesson there is too just if you want to do it apply for it don't you know let them turn you down don't be the thing that's going to prevent you from getting the rolls I they took a chance on me and one of the things they saw was my passion to

learn I was doing a lot of self-study uh I was doing I used to do web design on the side and I hosted the web servers in my home so this manager saw that I like to build things and do a lot of self-learning so he liked that that was his kind of his way of doing things he really wasn't big on telling us go take this pentesting course he said learn how to build it first then if you know how to build it you can secure it and then it's going to be easier to break into it so I kind of fit the culture and his mindset and they gave me the job they took a chance on me because

my background I had some vulnerability scanning application security network security and also CIS admin the CIS admin experience gave me more towards that job than anything else so uh first five years of my career spent Consulting worked internally for companies and so Consulting if you had chance to do Consulting I highly recommend that experience because you get access to so many different environments if you work in environments they're going to change systems things are going to change but on a slower Pace compared to Consulting and Consulting you're uh exposed to so many different types of systems and you've got less time to test uh because actually if you're going from an internal employee to a consultant it

gets a little more difficult because a US Bank I came from from AT&T having a week to do the same pentest we had four weeks to do there and so if you're doing things right you're going to be able to test more thoroughly but if you go from that to testing as a consultant you've got a lot less time you have to learn to able to do more in less time so the the uh Consulting experience is very important so what is pen testing so before we get into how to get the experience you're just going to cover it so it's testing uh different digital assets and targets from a thread actor perspective because people always

worried about getting hacked malicious hackers they're always what are we trying to protect our systems from threat actors so you have to learn how to think like they do and and one of the advantages that has is if you're able to find you're able to assess the security from a threat actor's perspective you're able to find vulnerabilities that are actually needing to be remediated you run a Nessa scan nexos scan or tenable you find these vulnerabilities that they say may be exploitable but not necessarily so sometimes they've got mitigating controls in place sometimes if you get a foothold there's other things you can do get access to so a pin test is really required and so some of the experience

you need to get first is learning how to use the tools and one of the things I'd recommend you know if you look at the ocp course and there's a lot of good courses out there most of the stuff they're telling you to do is is manually uh they're like with ocp they don't allow use of vulnerability scanners which is building some good manual skills but one of the things that doesn't do is show aspiring Security Professionals or those trying to break into pen testing how a real pen test is done so when you're doing a real pentest you don't have all the time to manually test everything you'll run your vulnerability scanners and then you'll

go through and do some manual testing the vulnerability scan kind of helps guide you so a good way to get that experience I believe try hackme has a a n track on their vulnerability management track that you could go on there and learn how to use uh nessus so you can download a free version of nessus that'll test 16 IP addresses and so in your home lab environment you're able to use that so you get experience with a vulnerability scanner that's a transferable skill to work in a company in vulnerability management because when I worked at US Bank there were people coming in from the vulnerability management team or the remediation team moving over because the vulnerability

management was basically just working with uh remediation running the reoccurring vulnerability scans the remediation team would go through and test to see if it was still vulnerable from the pentest so those were skills that prepared them to move into pen testing so learning how to use a vulnerability scanner can be important uh it's you know the learning how to do the manual stuff is important as well so you have your network vulnerability scanners as I have listed up here in nus and expose open Vos and nuclei open Vos also has a free version uh that you can download but I would recommend nessus since it's pretty well probably most widely used in Consulting but used a lot

in internal organizations so some companies use the commercial version which is tenable Essentials or ten uh are tenable and it's the same type product but getting used that helpful learning how to use uh Linux especially the different operating systems that are geared towards pin testing like Cali Linux and paros S those are two two of the best I uh there's some others out there like Arch and some other uh pen testing dros but the nice thing about C Linux and Par they've been maintained for a long time and work really well and another thing too is learn how to use tools in a Windows environment so mandant came out with a couple different uh VMS or projects one's Commando VM and

one's flare VM Commando is strictly pentesting tools whereas flare VM is reverse engineering so reverse engineering is important to pentesters so you take your windows VM or your bare metal operating system and you run these scripts against it it's a it'll take a long time it takes like hours to run these scripts it uses uh the automation it uses the scripts are called chocolatey is the scripts it uses but it's kind of comparable to some of these other automation tools for Windows but it installs all those tools and one of the things it does for you that's kind of a a pain when you're setting up a Windows system to do hacking is it goes

in and sets like a shared section of your drive where you know Windows Defender antivirus is not going to delete your tools because if you ever try to install tools on Windows Windows Defender you know is doing its job what it should be doing what looks like malware removing it so trying to set up a pentesting box is kind of difficult so one of the best options with this not only doesn't install tools It prepares your hard drive so your tools aren't going to be deleted so other pin testing tools like inmap and metas sploit uh Metasploit is a good one it's a a exploit framework and one of the only free ones out there

just about everything else is paid and you get a lot of this similar functionality out of met exploit Community Edition compared to professional cuz professional kind of integrates with their nexos product so if you're lucky enough to work for one of these companies as nexos you're able to find some of these vulnerabilities and it works kind of uh integratedly with with Metasploit but fortunately I'm glad I started out with the Community Edition because it's a little more difficult so you know have the opportunity to use menit Pro and so different web application pen testing tools burp Suite is like one of the industry standards zap is good and does a lot of things but one of the things

with burp Suite most companies that are looking for pentesters typically want you to have uh burp site experience and uh different web application vulnerability scanners so burp site Pro does vulnerability scanning and OAS zap or zap actually they they're part of another project now they're outside of oasp uh but it does vulnerability scanning as well so if you're using uh burp site Community then you can use the vulnerability scanning feature of of Zap and so fuzzers are also good options to learn how to use these tools so getting to learn how these tools is important getting the Hands-On experience so as you learn how to use these tools uh some other skills that are helpful and this all kind of

depends on where you are in your career so if you you're working in it you may have the networking and and operating system skills but you kind of need the operating system skills at assis admin level I had students before and a lot and mentees coming in say you you spent like six years of CIS admin do I have to work in it you don't have to work in a specific roles you just kind of need the CIS admin level experience and we talked to some experienced people in the industry you'll run into Gatekeepers but then you run to people that's just their honest opinion that they think you have to work in it first but I recommend

having those skills because you know if you're wanting to be a pentester you don't want to wait six or 10 years to get into that into that type of job so also hacking and pentesting this is the important part whenever I started my job at Verizon I knew how to run vulnerability scanners I didn't know how to to hack so I had to gain the hacking skills so the ocp was the best option of the time so I signed up for the ocp also took some of the e-learn security courses and then reverse engineering reverse engineering is important because maybe you're doing a pen test and you find a APK file for an Android app

sometimes there's hardcoded credentials in those APK files and even Java jar files uh I did a pen test once for an airline and we found a Java jar file that was used for their application and it had hardcoded credentials to the database in there so it has the username for the baded database you logged into the application but it connected to the database using the same credential but from reverse engineering that was able to uncover it so that's an important uh skill to learn there as well so getting the hands-on experience this is what's going to be very valuable sometimes you think that if you don't have the professional experience if you learn how to do this through ctfs hack

the Box try hack me uh offensive security has their cyber range with vulnerable VMS building your own home lab getting this experience and and documented is a way to get that experience because if you're going through a job interview and you have the actual professional experience if you're able to explain how the tools work that's going to be helpful because as a pentester in your experience you're going to get asked these same questions how do I do this type of testing with burp site or you know how do you use nessus or these other vulnerability scanners and how to use metas you'll get ask some of these questions so if you can answer those questions that'll go a

long way for helping you get through the interview so other ways to get experience is through bug bounties so bug bounties are kind of like crowdsource pentesting but with bug bounties uh it's basically you're getting paid per bug and some people get into it and they find duplicates or the the duplicate the finding they find is a downgrade they don't get paid for it but don't get discouraged the thing is you're finding these vulnerabilities and if you're able to find those if you're doing a pin test you would be able to find these vulnerabilities and one of the reasons I think people should look at bug Bounty learning resources and even try bug Bounty as a pentester you

get paid to do the job period but with bug bounty hunters you have to work really hard to find bugs and some of those people are able to find bugs that maybe a pentester may miss because they're having to do different tricks to try to find those bug bounties because they want to get paid so using that will M make you a better web app pentester and so there's also pinest as a service so Cobalt does this synac with Cobalt they do like Network pin testing web application pentesting Cobalt's nice too because they pay $1,500 per pentest so by pentesting fir uh terms and compared to other roles that's not a lot of money but it's good side money and once you've

done that for a year you've got a Year's worth of pentesting experience now you've got that experience that you can apply somewhere full-time and make more money so I'm hearing of people making 60 uh $80 an hour $10.99 contract doing pen testing a company I worked for they were paying like $113 an hour so once you get that experience then you're able to translate that over to full-time jobs and people are starting to see because one of the things I I talked to someone when I was interviewing for a job back in 2020 and they said it's easier to find web app pentesters because bug Bounty because this gives people an opportunity you're able to do real world

pin testing whereas there's not really much out there for the infrastructure side testing you know servers and hosts outside of pentest as a service and some of these offer like a if you look at synak red team and Cowal they have different paths to apply for their team and some of them is going through some of the hack the Box uh challenges you have certain certifications it'll get you a an interview so there's different things in the career path to help you get in there so the more of this experience you get that uh you're able to get in the roles like that that that help you get your foot in the store in the door so pro bono and lowcost

pentesting so if you know some non-profit or religious groups that they can't afford pentest you can offer to do a pentest for them and if you know someone has a small business you could charge them a really low price and so you're actually getting professional experience and you're kind of starting a side consulting company uh but this is a way to help someone else and get experience at the same time plus then you can get referrals from these people as well and get referred to to a potential other business and cve common vulnerabilities and exposures this is one that uh that I was aware of but something I never did but one of the things I would say for and I've talked

to other people that work in pentesting and they say hiring uh professionals if they find someone has a cve sometimes they value that over a certification because with a cve you're finding a vulnerability that may have not existed before essentially a zero day and so they know you're going to be able to find vulnerabilities past what a vulnerability scanner will do so I'm sure most of you have are uh familiar with cves is basically a database of these vulnerabilities that you report to some companies maintain their own miter and some other organizations uh maintain these databases but one of the nice things about this you get a cve you can put it on your resume on LinkedIn you

can put in Publications so you can put a description of that cve on there and put a link to it so that way people can validate they can go to the cve and say your see your name on there and see that you actually uh found that cve so that goes a long way so someone sees you're finding cves then you're more than well qualified to be a pentester so some good learning resources on that i' recommend it and so uh Joe heli was the one who really brought my attention to to doing this uh he's also known as the mayor he works for TCM but what he did is he found some open source software web application

software he built a web server at home set up a server installed the the software and performed a pinest against it what bugs he found he reported those CVS and got credit for it and then he's built up cves you see some of the really good bug bounty hunters they've got lots of cve so this is a good way to build up your resume improve experience before you're actually getting paid as a pentester so Bobby cook had some really good information and Joe heli referred that so when he was going through one of the offens of security the oswe certification he was working on finding OD days and stuff to help him through that certification process so both of

these these articles are really good if you go to Joe hel's uh medium he's got several different writeups that he's done on finding cves so demonstrating skills so you're taking these different recommendations that I mentioned uh so you do writeups on it so if you're doing a CTF hack the box or try hack me of course be sure to respect if they say not to share this on the Internet or something so that way you don't get any kind of trouble with them but uh do writeups you can do that Medium GitHub or through blogs uh if you like to do video type stuff record walkthroughs on YouTube there's been a lot of Security Professionals that

really launched their career through content creation it's a really good way to build your brand as I mentioned cve IDs earlier you document that on your resume and on LinkedIn and then scripts or programs you write even if you alter script to do something else shy that on your GitHub people like to see what you're doing and uh you may be competing someone for the same pentest job you could have the identical CTS but the cves may be the thing or the things you got documented may be the thing that helps you get the job and this kind of demonstrates some of your skills some of the things that through the first interview they may not get and through

one that you may not see something till a technical interview but you're able to prove that and these stacks of resumés that they're getting in it's kind of a good way to to help you know kind of get you that uh that interview and one of the things too is you know used to is just artists that needed to have portfolios but Security Professionals especially when you're just starting out a new to the industry it's a good idea to to you know kind of have a portfolio of the things you've done document your uh Journey just like the Cyber Mentor started out creating videos because he is documenting his learning experience so you can do the same thing and I've

seen a lot of people do well with that and kind of the more connections you build on social media the easier it is to get jobs and an example I like to share is I was uh looking for a job last October I gave my two weeks notice I really didn't start looking until a week or so before that two weeks notice uh I left on a Thursday by Friday I had two job offers the next day and part of that was because my network I'm connected my network they know what I do and so was I had a lot of different uh people reached out to me with jobs to to interview for and so the more you're

connected and one of the things you're going to do too is kind of get past that HR firewall now they're using Ai and these systems you upload your your ation and one of the things I tell you there is if you can network with people you can get your resume in the hands of a hiring manager easier companies are paying referral bonuses and a lot of people in your LinkedIn Network may be happy to get you know $500 up to $3,000 bonus to refer you because otherwise when they're going to recruiters that could be 10 20,000 could be 10% or 20% of your first year salary that they pay these recruiters and so referrals people

are happy to refer you a lot of times so that's kind of a good way to to do that and kind of to go on into this little further this is kind of building your personal brand uh share what you're comfortable with there's some Security Professionals that don't like to be very public but it's easy to build your brand and keep your private life out of it but using some of these ways I mentioned to document your experience so streaming uh creating videos and writing these are good ways to get uh your name out there writing is pretty important so find one of these mediums that if you're too shy to be on camera but the funny thing is

is interesting the way that works too some people that are comfortable speaking a person have a hard time recording solo that's funny with me because I can do in person speaking and I do well but if I'm trying to record at home by myself it's the hardest thing in the world I did a video one time for CompTIA and I took like 20 or 30 takes to kind of get that video acceptable but then you take some people that are super introverted they can go home turn on camera record this stuff it doesn't phase them but they don't speak in public very well so find what you're comfortable with and sometimes it may be writing and all this is important so

speaking conferences security meetings we had a recent uh UT UT Arlington uh student at one of the Defcon 214 meetings and one of the hiring managers from city was there they did a talk on malware analysis this hiring manager worked at inet Response Team asked for the resume they got a job so basically display their technical skills through this Meetup doing this talk goes back to this could have been a recorded video or other things but this was a way to kind of Almost Do a technical interview improve uh their skills and this makes it a lot easier on the hiring managers because they get so many resumés in that they got to find ways to

to to get rid of rumes and it could be they're looking through to see has certifications maybe they don't look at them deeply enough and you get missed over by doing stuff like this and working on your network is a good way to build that and one of the things I I'd say too because plays back into the professional networking uh cuz for me back in 2017 I wanted to get out of Consulting I was tired of the travel uh I met someone at OAS meeting they told me their hiring at US Bank I gave him the resume I had an interview within a week had an offer within two weeks at the same time I applied for a job at

Bank of America was more than qualified had my ocp Sans web at pent testing certification CSP and I didn't hear back from them for from a year later and I just went on their their application system uploaded my resume and applied and didn't get the job so you can realize someone is trying to break in it can be even more difficult these systems are looking for different keywords and maybe you're not using enough maybe they're not using the correct industry standard way of speaking and and sharing things and I've seen companies where actually one company I worked at before we're having a hard time finding red teamers out of India but the original job description

was geared more towards uh web app pen testing so we had a bunch of bug bounty hunters so we changed the the job description to include like active directory and infrastructure pen testing we started getting good qualified rums in so sometimes it's just the job description itself and it's kind of funny you see some job descriptions where they copy and paste from another company and don't forget they don't remember to take out the other company's name so the professional networking is important so any people you meet here make sure you're meeting people connect you know even if you're going through college and stuff some of the people you're going to school with or you're taking classes with uh even trainings

this may be someone helps you get your next job I've got a real good friend of mine that help him get his first pentest job we worked back in our AutoCAD days back in '95 and about 2017 or so he's wanted to get into cyber security got his cissp and I helped him get his first pentest job and this is someone I knew from a long time ago and it's funny because uh he was kind of my mentor in my AutoCAD days because he helped me write my first really good resume that I kept that format for many years and then I was able to return the favor so pay it forward and make sure to network with

people uh groups like this I highly recommend the bides communities people are more willing to help the focus is on the community to help is that some of the commercial conferences be can be good but sometimes one of the things I don't like to see is when they eliminate students if if you're a student you can't attend uh if you're not in management you can't attend so that's a good sign to find the the organizations that you're welcome at so your Issa groups are good isaka the isc2 groups Defcon groups but one things I recommend too is because I fall into I you know I run a Defcon group myself and I attend like our dc2 and4 meetings and our

Dallas hackers Association meetings those are the ones that are most fun sometimes I kind of don't go to the ISS meeting Issa meetings but it's good to to go to the different types of meetings because the way I describe to people the hacker Association meetings the Defcon meetings the OAS meetings you learn there but you go to the OS the Issa and isaca meetings to network with hiring managers and look for jobs so make sure to kind of uh diversify your your your different groups you're associating with Twitter has gotten the online communities like Discord slack Twitter or EX's called now are are still good places most of the good security research I find is out there it's still

good places to uh to to network with folks find different conferences and stuff to go to and then LinkedIn is a must have I actually found out from my uh friends that he's possibly in risk of losing his job and he doesn't have a LinkedIn profile so that's something you always want to have that's your online resume that's how people are going to find you if you're not actively posting on job boards so we can open it up to questions and if you can't think of questions now feel free to connect with me and and check out my podcast because I got a lot of people sharing some really cool stories about how they got

started yes long time listener well I enjoy your podcast I get to listen to it very frequently and uh how would you recommend is there any magic bullet cert certification process that helps with lacking in the pedigree that comes from a military background in red teaming so yeah thanks for thanks for being a listener and thanks for question so one of the things I would look at is uh like the 0 point security red team operator CT that's a good one so I would find yeah Zero Point Security it's their certified red team operator that one nowadays I'm hearing people that hiring managers for pen testing roles they're telling people to get the OSP or the

crto but the crto you actually get to use Cobalt strike it's true red teaming because sometimes people get confused with what red teaming is but uh rosta Mouse he originally created content on hack the Box the offshore Labs it was kind of red teaming stuff so you have to find the legit red team uh content out there but there's people creating more good content but yeah if you find some of the red team focused stuff you want to do red teaming and even seeing like if you go to blackout and some of these other conferences are even offer offering physical pentest training and stuff like that so yeah certify certified red team operator is pretty

decently priced well recognized certification and so that would be kind of one I would start with uh sector 7 creates actually some malware creation uh courses out there and I think the new the certified red team Operator 2 I think it's kind of a malware so malware is like another progression in red teaming you know once you kind of get the fundamentals down be able to write malware be able to do evasion because you know there a red team operator you're wanting to be quiet when you try to break into environments you're welcome any else like I said if anyone can't think of anything uh you can message me on LinkedIn I'm happy to answer any

questions I do mentoring calls all the time uh so if someone just wants to have a call Zoom call you know I can kind of take a look at your res your LinkedIn profile and give you advice and answer any questions if if you can't think of anything here our last speaker was about mentoring and the question was how to find one so this is a perfect example of people that are willing to help and the things I wanted to say because I wasn't really totally sure about his full talk one of the things I'll say too if you're looking for mentors don't pay for a mentor there's a lot of people that do it for free I've noticed a lot of people

lately that they've got these accounts set up that you pay them for mentoring you need to find someone that's really passionate about helping other people they're going to do a better job and you don't need to pay for it now I can understand career coaching if you're someone who wants to be a ceso at some point you're making good money and you can afford that career coaching is a good thing but if you're trying to break into a certain area of the field there's a lot of people find someone that's passionate wanting to help people and you can get that for

free well thanks everyone yeah someone had a question over [Applause] here yeah I was just going to ask how much uh Credence do you give to the Paul Jeremy certification map I don't know if you've seen that online where it it has a series of certifications based on uh specification um is that something that you recommend people leverage are you familiar with it and what was that again exactly the the Paul Jeremy certification road map for cyber security asserts oh yeah I think I've heard of that I yeah I think there's a lot of work put into that but I I think sometimes some of those things can kind of be misleading because they're listing listing things like CH

if you're wanting to be a pentester you're wanting a certifications this universally accepted you need something like the ocp ppnt you know stuff from cyber mentor uh certified red team operator those type of searchs CompTIA you can learn some good stuff from it P the CH you can learn from it but it's not really going to help you build the skills to be a pentester so the things they put out there is usually like that those road maps are so General they don't give you enough information and some of those people had worked in some of those fields so when it comes to offensive security it's one of those areas you really need to talk to someone

that's experienced because some people are trying to tell you what they think pen testing is it's so much different that it's just really hard to describe so yeah they those things can kind of be overwhelming and complicated when you see all those hundreds or thousands of CTS in there in the road map what to do and yeah good

question well thank you [Applause]