Phillip Wylie Show Phillip Wylie

Summary
Tanisha Martin, founder of Black Girls Hack and organizer of Squad Con, shares her journey in cybersecurity, the importance of hands-on training, and the challenges of diversity in the industry. She also discusses the motivation behind organizing Squad Con and the need for scholarships to support diversity in cybersecurity education.

Takeaways


The importance of hands-on training in cybersecurity education
The need for diversity and inclusion in the cybersecurity industry
The motivation behind organizing Squad Con and the impact of scholarships on diversity in cybersecurity education

Sound Bites


"Empowering Diversity in Cybersecurity Education"
"The Impact of Hands-On Training in Cybersecurity"
"Organizing Squad Con: A Journey to Diversity"

Resources

https://www.linkedin.com/in/tennisha/

https://squadcon.me/

https://blackgirlshack.org/

Summary

In this episode, Eddie Miro shares his hacker origin story and discusses his recently published book. He talks about his journey from a troubled childhood to a life of crime and eventually finding his passion in cybersecurity. Eddie emphasizes the importance of mentorship, creativity, and community involvement in the cybersecurity field. He also highlights the process of self-publishing his book and the impact it has had on his personal growth and the lives of others.



Takeaways


Mentorship and community involvement are crucial for success in the cybersecurity field.
Creativity and authenticity can make a significant impact in the industry.
Self-publishing a book can be a cost-effective and fulfilling way to share knowledge and personal experiences.
Overcoming shame and embracing vulnerability can lead to personal growth and inspire others.
Soft skills and networking are essential for career advancement in cybersecurity.



Sound Bites


"People didn't care about the social engineering content. What they wanted to hear was my story."
"Reach out to mentors and ask for advice and help. Most people are willing to assist."
"I feel a lot of empathy for my former self. I don't fear being judged anymore."



Resources

https://www.linkedin.com/in/theedmiroshow/

Eddie's book: https://www.amazon.com/Outlaw-Summer-Cyber-Dreams-Redemption/dp/B0CZFB2KNM/ref=sr_1_1?sr=8-1

About the Guest:

In this episode of "The Phillip Wylie Show," Dirce Hernandez joins as a featured guest. With a notable career spanning over 17 years in the cybersecurity industry, Dirce stands as a first-generation college graduate hailing from South Texas. He has worked across various sectors including state government, higher education, healthcare, and financial services. His diverse experience includes roles at TxDOT, University of Texas at Brownsville, Wells Fargo, USAA, and currently at Northwestern Mutual Insurance Company. Apart from his professional endeavors, Dirce is known for his dedication to helping others, sharing knowledge, and mentoring aspiring cybersecurity professionals.



Episode Summary:

In this insightful conversation with Phillip Wylie, cybersecurity veteran Dirce Hernandez shares his extensive experience in the industry, shedding light on the intricacies of breaking into the field. This episode is a trove of knowledge for anyone aspiring to launch or enhance their career in cybersecurity.

The discussion opens with Dirce's origin story, tracing his journey from state government positions to his ventures into the enterprise-level cybersecurity landscape. The conversation pivots to analyze how the job market within cybersecurity has evolved and the current challenges faced by individuals attempting to enter the field. Drawing upon Dirce's own transitions among sectors, the episode explores the value of diversified experience and the importance of soft skills like report writing and communication.



Key Takeaways:


Networking is vital for breaking into cybersecurity, with channels like LinkedIn and B-Sides conferences being highly beneficial.
Understanding GRC (Governance, Risk and Compliance) can make aspiring professionals more marketable, even if their goal is to work in offensive security.
The ability to write a coherent and comprehensive report is crucial, as the deliverable often carries significant weight in business environments.
Soft skills, including communication and the art of conveying technical information to non-technical stakeholders, are indispensable in cybersecurity roles.
Persistence and patience are key when seeking to start a career in cybersecurity, as potential barriers often occur in job requisitions and HR filtering.



Notable Quotes:


"But like I mentioned, there's so much red tape. And I consider that red tape that affects the entry level folks that are trying to get in there and get those jobs."
"You're talking to CISOs from, you know, financial services. Right. I'm talking to the CISO at AIG, previously the CSO at USAA, and, you know, having those discussions and just being one of them."
"If you can't write the report to showcase and align to the work you did, it's not gonna go anywhere."
"You have to really understand and put yourself in another's shoes. And there's a reason why there's different areas."
"So it's not easy, but ultimately, some people don't even think about communication, don't think about critical thinking and technical writing and all those things that kind of play into making a really good actionable deliverable from a documentation perspective."



Resources:


https://www.linkedin.com/in/eduardohernandez79/

About the Guest:
Dr. Anmol Agarwal is a senior security researcher focused on securing 5G and 6G. Her research interests include AI and Machine Learning security. She is also an adjunct professor teaching Machine Learning to doctoral students. She holds a doctoral degree in cybersecurity analytics and previously worked at the U.S. Cybersecurity and Infrastructure Security Agency managing risk to the federal enterprise. Dr. Agarwal is also an active speaker and has spoken at numerous events and conferences to educate the public about cybersecurity and data science concepts. In her free time, she enjoys mentoring others in the community, traveling, and spending time with her family.


Episode Summary:
In this intriguing episode of the Phillip Wylie Show, we delve into the rapidly evolving intersection of AI and cybersecurity with Dr. Anmol Agarwal. Phillip and Dr. Agarwal engage in a comprehensive discussion that illuminates the cutting-edge advancements in telecommunications security, the ethical considerations of AI, and practical advice for those looking to break into the cybersecurity field.
Dr. Agarwal shares her journey from computer science student to an authoritative voice in the AI and cybersecurity realm, revealing insights into the quarterly meetings for 5G and 6G standardization. She provides valuable knowledge on how both offensive and defensive strategies are shaping AI utilization in security and offers resource recommendations for those aspiring to pen-test AI and machine learning systems. The conversation uncovers the current and potential applications of AI in various technologies and initiatives, from digital twins to deepfakes, and how they pose significant opportunities and threats to cybersecurity.


Key Takeaways:


AI and cybersecurity are intertwined fields that benefit from understanding both the cybersecurity fundamentals and AI technologies.
OWASP offers resources regarding AI vulnerabilities, and Mitre Atlas provides a matrix on AI attacks for those interested in pen-testing AI.
Digital twins and AI-generated content such as deepfakes are emerging technologies that both excite and concern cybersecurity professionals, emphasizing the need for advanced security measures.
A career in cybersecurity remains promising due to the continuous emergence of new technologies that will invariably require secure implementation and management.


Free online platforms like Kaggle and Sklearn tutorials are recommended for learning machine learning and Python for AI applications.

Notable Quotes:
"I actually got enlightened into cybersecurity, and I realized I like cybersecurity because we had so many college clubs." - Anmol Agarwal
"I don't think you need to code to be in cybersecurity… But there are so many career paths in cybersecurity that don't require any coding." - Anmol Agarwal
"Now we're seeing AI is starting to create deepfakes that are more realistic looking." - Anmol Agarwal
"Whenever a new technology comes out or there's a disruptive startup, we need security to actually secure this technology." - Anmol Agarwal
"AI is going to allow us to prevent or detect certain kinds of attacks that might occur in the system." - Anmol Agarwal

Resources:
https://www.linkedin.com/in/anmolsagarwal/
https://twitter.com/anmolspeaker
OWASP Top Ten for Large Language Models: https://owasp.org/www-project-top-10-for-large-language-model-applications/
MITRE Atlas Framework: https://atlas.mitre.org
Kaggle Online Learning Platform: https://www.kaggle.com
Gandalf - https://gandalf.lakera.ai/
SK learn Python Package: SK learn Documentation https://scikit-learn.org

About the Guests:

Norman Menz and Nick Ascoli are seasoned cybersecurity professionals and entrepreneurs with experience dating back to the early days of the industry. Norman Menz is the CEO of Flare and his career spans system configuration, offensive security, vulnerability prioritization, and third-party risk assessment. He founded and led companies like Prevalent and Delve, which focused on vendor risk assessment and vulnerability prioritization, respectively. Nick Ascoli, the founder of Fortrace, started his journey with a background in Linux distros and programming. He pursued Security and Risk Analysis (SRA) at Penn State University, with a passion for red team operations and an emphasis on external exposure and data. Professionally, Nick has engaged in detection engineering and has been deeply involved in attack surface management.

Episode Summary:

In an engaging dialogue between cybersecurity leaders, Nick Ascoli and Norman Menz share their insights into the ever-evolving landscape of cybersecurity. The episode delves into the need for better understanding external threats and leveraging adversarial-focused techniques to stay ahead of cyber risks. The conversation around reconnaissance, red teaming, and attack surface management is intertwined with personal career anecdotes, illustrating a shift towards more proactive and data-centric approaches to cybersecurity.
The transcript reveals a shared origin story for both guests' companies, originating from the desire to provide an "adversarially focused view" of external footprints in cybersecurity. In an age where conventional risk quantification isn't enough, operations at an enterprise's security level require innovative solutions. The merging of Fortress and Flair is discussed as a groundbreaking step towards unifying valuable data and expertise to enhance the industry's approach to threat exposure management, pen testing, and understanding the full scope of external exposures.

Key Takeaways:

The utilization of cybersecurity tools for reconnaissance is key for red teamers and for organizations aiming to understand what's exposed.
A fundamental aspect for both Fortrace and Flare was the emphasis on data that is "operationally relevant to the sock - to actual operational level security ops."
There's a trend in cybersecurity to educate users on the difference between a vulnerability assessment and a pen test, and when each is appropriate given the maturity of an organization's security posture.
The guests emphasized the need for a "universal search" for external exposure that simplifies finding exposed data across the clear and dark web, useful for red teamers and risk managers alike.
The acquisition of Fortrace by Flare marks the first in the Continuous Threat Exposure Management (CTEM) space, aiming to centralize and streamline the approach to understanding external exposure.

Notable Quotes:

"As red teamers sort of desperate for a more adversarially focused view of your external footprint."
"There was a lot of education of just the difference between a vulnerability assessment and a pen test."
"We were educated for a while, and then the exposure started to grow, where everyone started to realize there's a lot of different flavors of exposure."
"…How do I take the intuition of a red teamer and enable it for anyone who's using a platform in a very simple manner?"

Resources:

Flare Website: https://flare.io/
Special Promotion: A self-service trial provided by Flare: https://try.flare.io/pw/
Flare LinkedIn: https://www.linkedin.com/company/flare-io/
Norman Menz's LinkedIn: https://www.linkedin.com/in/norman-menz-92829014/
Nick Ascoli's LinkedIn: https://www.linkedin.com/in/nick-ascoli-28a78b93/

About the Guest:

Tyler Day is a seasoned professional in the cybersecurity field, whose journey into penetration testing (pen testing) has been one of substantial growth and commitment. With a rich background that involves disassembling computers and game consoles from a young age, Tyler's passion for understanding the intricacies of technology has been evident. His transition from being intrigued by shows like 'Mr. Robot' to becoming a proficient pen tester showcases his dedication to the craft. Tyler's trajectory includes a period of rigorous self-teaching aided by formal education and a series of professional opportunities that forged his path in the cybersecurity industry.

Episode Summary:

In this captivating episode, Phillip Wylie engages in a deep dive with Tyler Day, unraveling the complexities and challenges of a career in penetration testing. This conversation is a treasure trove of insights for both novices and seasoned professionals in cybersecurity.
Tyler Day shares his hacker origin story, reflecting on the initial allure of cybersecurity as depicted in pop culture and his subsequent realization of the discipline's intricate nature. The discussion meanders through the real-world applications of pen testing, the perseverance required to excel, and the continuous learning imperative in the field. The conversation also touches on the mental fortitude necessary to confront competition and imposter syndrome, offering empathy and strategies to aspiring professionals in the rapidly evolving cybersecurity landscape.

Key Takeaways:

Penetration testing requires a significant commitment to continuous learning both during and outside of work hours.
Entry into the cybersecurity field can be both competitive and intimidating, yet it holds a wealth of opportunity for personal and professional growth.
It is common for cybersecurity professionals to struggle with confidence and feelings of imposter syndrome but overcoming these challenges is crucial for career advancement.
Innovation, adaptability, and persistence are essential traits for anyone embarking on or progressing within a cybersecurity career.
Seeking mentorship, being open to asking questions, and putting oneself in challenging situations are key to developing expertise in cyber pen testing.

Notable Quotes:

"Pen testing is the only pillar within the cyber field that requires you to do as much work as you do in work outside of work."
"Be yourself in your own corner. If nobody's gonna help and support you, you don't need them."
"Can I research and they know how to study? That skill, I think, is developed through just life."
"Just keeping up with the Joneses on that, and it's like, am I required to be the jack of all but master of none?"
"Do you have the time, you know, and this for the cyber field in general. Is this something that you can commit time to?"

Resources:

https://www.linkedin.com/in/tyler-day-4a831a12b/