Phillip Wylie Show Phillip Wylie

About the Guest:

John Woodling is a seasoned cybersecurity expert with seven years of experience in the industry. He currently holds the position of Senior Information Security Analyst. John has a diverse background that includes a blend of hands-on technical expertise and a profound understanding of different cybersecurity domains. As a member of the DFW Cybersecurity community and DEFCON 940 Group in Denton, Texas, John is known for his mentorship and willingness to share his insights. With an initial career path in art and finance, John’s journey into cybersecurity showcases his passion and curiosity for technology and security.



Episode Summary:

Welcome to another insightful episode of the Phillip Wylie Show! In this episode, Phillip sits down with John Woodling, a prominent figure in the DFW Cybersecurity community and an adept Senior Information Security Analyst. John shares his journey into the world of cybersecurity, providing invaluable advice for those looking to transition into this ever-evolving field. Known for his deep knowledge and practical experience, John offers listeners a comprehensive look into the necessary skills, potential career paths, and the importance of community in cybersecurity.



The conversation delves into different entry points into the cybersecurity industry, emphasizing the significance of hands-on learning, certifications, and networking. John discusses the transformation of cybersecurity from a niche technical field into a widespread and essential discipline, highlighting various roles like GRC, red teaming, and social engineering. He also reflects on his personal career choices and lessons learned, offering today’s aspiring cybersecurity professionals actionable advice and encouragement. Additionally, the episode touches upon the evolving job market, the importance of diverse backgrounds, and the role of modern resources like bug bounties in global talent development.



Key Takeaways:


Evolving Cybersecurity Landscape: Cybersecurity has transitioned from a specialized technical field to a broad industry encompassing various roles, making it accessible to people with diverse backgrounds.


Importance of Networking and Community: Building relationships and engaging with community members can significantly enhance career opportunities and knowledge sharing.


Hands-On Learning and Certification: Practical experience and certifications remain crucial in breaking into the cybersecurity field, with resources more accessible than ever.


Career Advice for Aspiring Professionals: John emphasizes understanding networking fundamentals and finding accessible, high-quality training programs that offer real-world applicability.


Global Opportunities with Technology: Modern technological advancements and resources like bug bounties provide opportunities for individuals worldwide, potentially mitigating the need for unethical hacking behaviors.



Notable Quotes:


"I think that there's a lot of room for a lot of different individuals."
"Nobody knows anything. I thought you all knew everything."
"It's a way that I can connect with people, and talk to them about these things."
"I think today is definitely, it feels more of a trade than it does the traditional white-collar position that it was 20 years ago."
"You belong. That would be the big piece to it."



Resources

https://x.com/statictear

https://www.linkedin.com/in/johnwoodling/

DC940 Discord https://discord.gg/DDZEnFHFbt

Summary
Tanisha Martin, founder of Black Girls Hack and organizer of Squad Con, shares her journey in cybersecurity, the importance of hands-on training, and the challenges of diversity in the industry. She also discusses the motivation behind organizing Squad Con and the need for scholarships to support diversity in cybersecurity education.

Takeaways


The importance of hands-on training in cybersecurity education
The need for diversity and inclusion in the cybersecurity industry
The motivation behind organizing Squad Con and the impact of scholarships on diversity in cybersecurity education

Sound Bites


"Empowering Diversity in Cybersecurity Education"
"The Impact of Hands-On Training in Cybersecurity"
"Organizing Squad Con: A Journey to Diversity"

Resources

https://www.linkedin.com/in/tennisha/

https://squadcon.me/

https://blackgirlshack.org/

Summary

In this episode, Eddie Miro shares his hacker origin story and discusses his recently published book. He talks about his journey from a troubled childhood to a life of crime and eventually finding his passion in cybersecurity. Eddie emphasizes the importance of mentorship, creativity, and community involvement in the cybersecurity field. He also highlights the process of self-publishing his book and the impact it has had on his personal growth and the lives of others.



Takeaways


Mentorship and community involvement are crucial for success in the cybersecurity field.
Creativity and authenticity can make a significant impact in the industry.
Self-publishing a book can be a cost-effective and fulfilling way to share knowledge and personal experiences.
Overcoming shame and embracing vulnerability can lead to personal growth and inspire others.
Soft skills and networking are essential for career advancement in cybersecurity.



Sound Bites


"People didn't care about the social engineering content. What they wanted to hear was my story."
"Reach out to mentors and ask for advice and help. Most people are willing to assist."
"I feel a lot of empathy for my former self. I don't fear being judged anymore."



Resources

https://www.linkedin.com/in/theedmiroshow/

Eddie's book: https://www.amazon.com/Outlaw-Summer-Cyber-Dreams-Redemption/dp/B0CZFB2KNM/ref=sr_1_1?sr=8-1

About the Guest:

In this episode of "The Phillip Wylie Show," Dirce Hernandez joins as a featured guest. With a notable career spanning over 17 years in the cybersecurity industry, Dirce stands as a first-generation college graduate hailing from South Texas. He has worked across various sectors including state government, higher education, healthcare, and financial services. His diverse experience includes roles at TxDOT, University of Texas at Brownsville, Wells Fargo, USAA, and currently at Northwestern Mutual Insurance Company. Apart from his professional endeavors, Dirce is known for his dedication to helping others, sharing knowledge, and mentoring aspiring cybersecurity professionals.



Episode Summary:

In this insightful conversation with Phillip Wylie, cybersecurity veteran Dirce Hernandez shares his extensive experience in the industry, shedding light on the intricacies of breaking into the field. This episode is a trove of knowledge for anyone aspiring to launch or enhance their career in cybersecurity.

The discussion opens with Dirce's origin story, tracing his journey from state government positions to his ventures into the enterprise-level cybersecurity landscape. The conversation pivots to analyze how the job market within cybersecurity has evolved and the current challenges faced by individuals attempting to enter the field. Drawing upon Dirce's own transitions among sectors, the episode explores the value of diversified experience and the importance of soft skills like report writing and communication.



Key Takeaways:


Networking is vital for breaking into cybersecurity, with channels like LinkedIn and B-Sides conferences being highly beneficial.
Understanding GRC (Governance, Risk and Compliance) can make aspiring professionals more marketable, even if their goal is to work in offensive security.
The ability to write a coherent and comprehensive report is crucial, as the deliverable often carries significant weight in business environments.
Soft skills, including communication and the art of conveying technical information to non-technical stakeholders, are indispensable in cybersecurity roles.
Persistence and patience are key when seeking to start a career in cybersecurity, as potential barriers often occur in job requisitions and HR filtering.



Notable Quotes:


"But like I mentioned, there's so much red tape. And I consider that red tape that affects the entry level folks that are trying to get in there and get those jobs."
"You're talking to CISOs from, you know, financial services. Right. I'm talking to the CISO at AIG, previously the CSO at USAA, and, you know, having those discussions and just being one of them."
"If you can't write the report to showcase and align to the work you did, it's not gonna go anywhere."
"You have to really understand and put yourself in another's shoes. And there's a reason why there's different areas."
"So it's not easy, but ultimately, some people don't even think about communication, don't think about critical thinking and technical writing and all those things that kind of play into making a really good actionable deliverable from a documentation perspective."



Resources:


https://www.linkedin.com/in/eduardohernandez79/

About the Guest:
Dr. Anmol Agarwal is a senior security researcher focused on securing 5G and 6G. Her research interests include AI and Machine Learning security. She is also an adjunct professor teaching Machine Learning to doctoral students. She holds a doctoral degree in cybersecurity analytics and previously worked at the U.S. Cybersecurity and Infrastructure Security Agency managing risk to the federal enterprise. Dr. Agarwal is also an active speaker and has spoken at numerous events and conferences to educate the public about cybersecurity and data science concepts. In her free time, she enjoys mentoring others in the community, traveling, and spending time with her family.


Episode Summary:
In this intriguing episode of the Phillip Wylie Show, we delve into the rapidly evolving intersection of AI and cybersecurity with Dr. Anmol Agarwal. Phillip and Dr. Agarwal engage in a comprehensive discussion that illuminates the cutting-edge advancements in telecommunications security, the ethical considerations of AI, and practical advice for those looking to break into the cybersecurity field.
Dr. Agarwal shares her journey from computer science student to an authoritative voice in the AI and cybersecurity realm, revealing insights into the quarterly meetings for 5G and 6G standardization. She provides valuable knowledge on how both offensive and defensive strategies are shaping AI utilization in security and offers resource recommendations for those aspiring to pen-test AI and machine learning systems. The conversation uncovers the current and potential applications of AI in various technologies and initiatives, from digital twins to deepfakes, and how they pose significant opportunities and threats to cybersecurity.


Key Takeaways:


AI and cybersecurity are intertwined fields that benefit from understanding both the cybersecurity fundamentals and AI technologies.
OWASP offers resources regarding AI vulnerabilities, and Mitre Atlas provides a matrix on AI attacks for those interested in pen-testing AI.
Digital twins and AI-generated content such as deepfakes are emerging technologies that both excite and concern cybersecurity professionals, emphasizing the need for advanced security measures.
A career in cybersecurity remains promising due to the continuous emergence of new technologies that will invariably require secure implementation and management.


Free online platforms like Kaggle and Sklearn tutorials are recommended for learning machine learning and Python for AI applications.

Notable Quotes:
"I actually got enlightened into cybersecurity, and I realized I like cybersecurity because we had so many college clubs." - Anmol Agarwal
"I don't think you need to code to be in cybersecurity… But there are so many career paths in cybersecurity that don't require any coding." - Anmol Agarwal
"Now we're seeing AI is starting to create deepfakes that are more realistic looking." - Anmol Agarwal
"Whenever a new technology comes out or there's a disruptive startup, we need security to actually secure this technology." - Anmol Agarwal
"AI is going to allow us to prevent or detect certain kinds of attacks that might occur in the system." - Anmol Agarwal

Resources:
https://www.linkedin.com/in/anmolsagarwal/
https://twitter.com/anmolspeaker
OWASP Top Ten for Large Language Models: https://owasp.org/www-project-top-10-for-large-language-model-applications/
MITRE Atlas Framework: https://atlas.mitre.org
Kaggle Online Learning Platform: https://www.kaggle.com
Gandalf - https://gandalf.lakera.ai/
SK learn Python Package: SK learn Documentation https://scikit-learn.org

About the Guests:

Norman Menz and Nick Ascoli are seasoned cybersecurity professionals and entrepreneurs with experience dating back to the early days of the industry. Norman Menz is the CEO of Flare and his career spans system configuration, offensive security, vulnerability prioritization, and third-party risk assessment. He founded and led companies like Prevalent and Delve, which focused on vendor risk assessment and vulnerability prioritization, respectively. Nick Ascoli, the founder of Fortrace, started his journey with a background in Linux distros and programming. He pursued Security and Risk Analysis (SRA) at Penn State University, with a passion for red team operations and an emphasis on external exposure and data. Professionally, Nick has engaged in detection engineering and has been deeply involved in attack surface management.

Episode Summary:

In an engaging dialogue between cybersecurity leaders, Nick Ascoli and Norman Menz share their insights into the ever-evolving landscape of cybersecurity. The episode delves into the need for better understanding external threats and leveraging adversarial-focused techniques to stay ahead of cyber risks. The conversation around reconnaissance, red teaming, and attack surface management is intertwined with personal career anecdotes, illustrating a shift towards more proactive and data-centric approaches to cybersecurity.
The transcript reveals a shared origin story for both guests' companies, originating from the desire to provide an "adversarially focused view" of external footprints in cybersecurity. In an age where conventional risk quantification isn't enough, operations at an enterprise's security level require innovative solutions. The merging of Fortress and Flair is discussed as a groundbreaking step towards unifying valuable data and expertise to enhance the industry's approach to threat exposure management, pen testing, and understanding the full scope of external exposures.

Key Takeaways:

The utilization of cybersecurity tools for reconnaissance is key for red teamers and for organizations aiming to understand what's exposed.
A fundamental aspect for both Fortrace and Flare was the emphasis on data that is "operationally relevant to the sock - to actual operational level security ops."
There's a trend in cybersecurity to educate users on the difference between a vulnerability assessment and a pen test, and when each is appropriate given the maturity of an organization's security posture.
The guests emphasized the need for a "universal search" for external exposure that simplifies finding exposed data across the clear and dark web, useful for red teamers and risk managers alike.
The acquisition of Fortrace by Flare marks the first in the Continuous Threat Exposure Management (CTEM) space, aiming to centralize and streamline the approach to understanding external exposure.

Notable Quotes:

"As red teamers sort of desperate for a more adversarially focused view of your external footprint."
"There was a lot of education of just the difference between a vulnerability assessment and a pen test."
"We were educated for a while, and then the exposure started to grow, where everyone started to realize there's a lot of different flavors of exposure."
"…How do I take the intuition of a red teamer and enable it for anyone who's using a platform in a very simple manner?"

Resources:

Flare Website: https://flare.io/
Special Promotion: A self-service trial provided by Flare: https://try.flare.io/pw/
Flare LinkedIn: https://www.linkedin.com/company/flare-io/
Norman Menz's LinkedIn: https://www.linkedin.com/in/norman-menz-92829014/
Nick Ascoli's LinkedIn: https://www.linkedin.com/in/nick-ascoli-28a78b93/