Phillip Wylie Show Phillip Wylie

About the Guest:

Rob Fuller (Mubix): Rob Fuller, also known as Mubix, is a well-known figure in the cybersecurity community, particularly in the realms of penetration testing and red teaming. As an experienced professional, Fuller has a background in the Marine Corps where he was part of the Marine Corps CERT at Quantico. Fuller has contributed significantly to the community through his work with Hak5 on series like Metasploit Minute and Practical Exploitation. His deep understanding of security concepts, coupled with his engaging teaching methods, has influenced aspiring hackers and professionals worldwide. He now holds a leadership role, guiding and nurturing the next generation of cybersecurity talent.



Episode Summary:

In this engaging episode of "The Phillip Wylie Show," Phillip Wylie sits down with Rob Fuller, also known as Mubix, a revered figure in the cybersecurity and penetration testing community. The conversation kicks off with Fuller's early experiences that propelled him into the world of hacking, such as his fascination with Game Shark and reverse engineering concepts during his childhood. Fuller elaborates on his journey from the Marine Corps to becoming a renowned penetration tester and red teamer, providing invaluable insights into the practical and psychological aspects of entering the cybersecurity field.

Throughout the episode, Fuller emphasizes the importance of content creation and community involvement for career advancement in cybersecurity. He illustrates how blogging, podcasts, or even YouTube channels can showcase one's expertise and help build a personal brand. This episode is packed with actionable advice on certifications, the value of scripting, and the mental fortitude needed to combat imposter syndrome. Listeners are bound to find Fuller's story inspiring and his advice practical for both newcomers and seasoned professionals in cybersecurity.



Key Takeaways:


Content Creation is Key: Fuller emphasizes the necessity of creating content—whether blogs, videos, or code repositories—to establish oneself in the cybersecurity community and attract job opportunities.
Learning Programming Helps: While not a strict requirement, knowing how to code can greatly enhance a pen tester's ability to adapt and overcome challenges during engagements.
Select Certifications Wisely: Fuller shares his perspective on the current landscape of cybersecurity certifications, recommending those with practical, hands-on tests like CRTO.
Imposter Syndrome is Natural: Fuller advises embracing the learning process and valuing opportunities to be the 'dumbest person in the room' as it's critical for growth.
Trust in Community: Fuller underscores that the cybersecurity field thrives on knowledge sharing and cautions against feeding the "try harder" mentality that inhibits communal learning and growth.



Notable Quotes:


"It's not who you know, it's not what you know, it's who knows what you know." - Rob Fuller
"One of the best things you can ever do is start a blog, a video log, a podcast, something to detail your learning experience." - Rob Fuller
"If you're ever in a situation where you are the dumbest person in the room, and someone belittles you for it, they're the butthead." - Rob Fuller
"As long as you understand basic logic, if this, then that… You can learn programming along the way." - Rob Fuller
"Creating content is like investing money. The sooner you start, the better." - Rob Fuller



Resources:


Rob Fuller (Mubix) on Twitter: @mubix
Hak5: Hak5 Website
Zero Point Security's CRTO Certification: https://training.zeropointsecurity.co.uk/courses/red-team-ops
Security Plus Certification: https://www.comptia.org/certifications/security
OSCP Certification: https://www.offsec.com/courses/pen-200/

Don't miss this episode to dive deep into Mubix's fascinating journey through cybersecurity and glean insights that can aid your own career progression.

About The Guest:

Noah King is a Senior Software Engineer at Horizon3.ai, specializing in offensive security and exploit development. Coming from a background in sales and with a strong expertise in web application development, Noah transitioned into cybersecurity after being inspired by his wife's journey into engineering. With a passion for breaking things rather than building them, Noah has rapidly advanced in the field, earning his OSCP certification and contributing to automating complex security attacks at Horizon3.ai.



Summary:

Noah King shares his journey from sales to offensive security. He started with a coding bootcamp and transitioned into web app development. Eventually, he joined Horizon3.ai as a senior software engineer and became interested in offensive security. He learned through hack the box and became a teaching assistant for a cybersecurity bootcamp. He obtained the OSCP certification and now focuses on offensive security at Horizon3.ai, automating attacks and finding vulnerabilities.



Takeaways


Transitioning from a different career background is possible in offensive security.
Obtaining certifications like OSCP and gaining experience through bug bounties are valuable.
Learning to code or script is important for offensive security professionals.
Automation is crucial in scaling pen testing efforts.
Continuous learning and staying up-to-date with emerging threats is essential in offensive security.



Quotes:


"I really wanted to be on the opposite edge of breaking."
"Automating and making everything instead of having to pay for some pen testers to come in."
"I do a lot with making the JavaScript, making deceptive login pages."



Chapters:

00:00 Introduction and Background

03:50 Finding Passion and Building a Foundation

10:07 Automation and Scaling in Offensive Security

15:19 The Challenges and Rewards of Offensive Security 22:59 Certifications and Experience in the Job Market

25:41 Closing Remarks



Resources:

Noah's Horizon3 Tech Talk: Journey to OSCP https://www.horizon3.ai/insights/webinars/tech-talk-journey-to-oscp/

Noah's LinkedIn: https://www.linkedin.com/in/noahking1/

About the Guest:

Jacob Krasnov is a cybersecurity expert, CEO, and co-founder at BC Security. He and his co-founder Anthony and Vincent Rose have significantly contributed to the cybersecurity field, particularly with their work on the Empire project. Jacob's background includes aerospace engineering and high-level cybersecurity assessments in the Air Force, where he was involved in rigorous testing of military aircraft like the F-22 and F-35. Transitioning to BC Security, Jacob has focused on enhancing tools for red teaming and threat emulation, making sophisticated cybersecurity tools accessible and maintainable.



Episode Summary:

In this episode of the Phillip Wylie Show, Phillip Wylie sits down with Jacob Krasnov from BC Security to delve into the evolution of the Empire project, cybersecurity's role in modern defense systems, and the importance of making advanced security tools accessible. Jacob elaborates on his journey from working on military aircraft cybersecurity assessments to co-founding BC Security, a company that has breathed new life into the Empire project—a project initially shelved by its original developers but resuscitated and advanced by Jacob and his team.

The conversation spotlights the significance of rigorous and repeatable security testing, as well as tying cybersecurity impacts to operational outcomes. Jacob details the extensive updates made to Empire, including support for Python 3, new agent types, and a comprehensive code rewrite to enhance maintainability and extend the tool's functionality. The show also touches on the importance of entry-level cybersecurity tools for global teams, the learning curve of such tools, and using AI in cybersecurity.



Key Takeaways:


Evolution of Empire: BC Security transformed Empire from a deprecated tool into a sophisticated platform with Python 3, C sharp, and Iron Python agents.
Cybersecurity Experience: Jacob's rich background in aerospace cybersecurity underpins his approach to advanced cyber defense strategies.
Educational Resources: Various training programs and resources, including TryHackMe and workshops at Defcon, are highlighted for budding cybersecurity professionals.
Tool Accessibility: Making advanced cybersecurity tools like Empire accessible is crucial for small and mid-sized business security postures.
AI in Cybersecurity: AI can streamline workflow and assist with complex tasks in cybersecurity but has its limitations, particularly in advanced and fringe areas.



Notable Quotes:


“We really liked the platform. We wanted to keep it up to date.” — Jacob Krasnov
“…important thing for those small businesses. And they can actually go fix stuff because they can't afford for a 15-20, $30,000 pen test to come in because that was their whole security budget for the year.” — Jacob Krasnov
“The conversation spotlights the significance of rigorous and repeatable security testing, as well as tying cybersecurity impacts to operational outcomes.” — Jacob Krasnov
“I'm excited to be here. Thanks for having me on.” — Jacob Krasnov
“…useful for people to be able to learn those tools. And I would imagine more willing to have people to help out from the community, create modules and add-ons and stuff, I would think.” — Phillip Wylie

Resources:


https://www.linkedin.com/in/jacobkrasnov/


BC Security Website
Black Hat 2024 Training - ADVANCED THREAT EMULATION: EVASION
Black Hat 2024 Training - ADVANCED THREAT EMULATION: ACTIVE DIRECTORY
Empire Operations I Training


BC Security Discord
TryHackMe
Defcon
The Empire Project on GitHub

Discover the intricacies of cybersecurity, the evolution of powerful tools, and insightful professional journeys in this episode. Tune in to not only learn about the technical advancements but also the significance of making these tools accessible to a broader audience. Stay tuned for more enriching content from the Philip Wylie Show.

About the Guest:

McKenna Dallmeyer is a technical account manager at Horizon3.ai, specializing in offensive security and penetration testing. Starting her academic journey in biomedical science and political science, she eventually pursued cybersecurity, driven by a combination of personal interests and family influence. McKenna has experience working with the NSA as a developer intern and later full-time in a development program. She holds several certifications in penetration testing and network security and is also part of the Synack Red Team, conducting side work through her LLC.



Episode Summary:

In this engaging episode of The Phillip Wylie Show, host Phillip Wylie sits down with McKenna Dallmeyer to discuss her unconventional journey into the realm of cybersecurity and penetration testing. McKenna shares how her initial aspirations of becoming a veterinarian transitioned into a passion for cybersecurity and offensive security, ultimately leading her to her current role at Horizon3.ai. Along the way, she highlights the importance of hands-on experience, continuous learning, and the role of soft skills in a technical field.

McKenna provides insights into her background, from her academic shifts and internships to her work at the NSA and her current involvement with Synack Red Team. She emphasizes the value of diverse experiences, outlining how coding, networking, and certifications like GCIH and GWAPT have contributed to her skill set. McKenna also offers practical advice for those aspiring to enter the field of penetration testing, underscoring the necessity of taking on challenges, saying yes to opportunities, and leveraging any available resources to facilitate learning and growth.



Key Takeaways:


McKenna's journey showcases the fluidity of career paths and the importance of remaining open to new opportunities in evolving fields like cybersecurity.
Gaining hands-on experience and practical certifications is crucial for anyone looking to establish a career in penetration testing.
Soft skills, combined with technical expertise, can significantly enhance career prospects, particularly in customer-facing roles within cybersecurity.
Networking, staying updated through podcasts, and participating in community events like DEFCON and Black Hat are invaluable for professional growth.
Embarking on side projects and involvement in specialized teams, such as Synack Red Team, can provide robust, real-world experience and career development.



Notable Quotes:


"It takes all of us to make the world a safer place." - McKenna Dallmeyer
"You learn more after you fail than when you succeed." - McKenna Dallmeyer
"Start talking to people who are pen testers and gain an idea of what their day-to-day is like." - McKenna Dallmeyer
"Don't shy away from opportunities thinking, 'Oh, I've never done anything like that.' Just say yes and see what happens." - McKenna Dallmeyer
"Always try to learn everything that you can. If you see something unfamiliar, look into it at a surface level." - McKenna Dallmeyer



Resources:


McKenna's LinkedIn: https://www.linkedin.com/in/mckenna-dallmeyer/


Horizon3.ai: Website


Synack Red Team: Website


Certifications Mentioned:


GIAC Certified Penetration Tester (GPEN)
GIAC Web Application Penetration Tester (GWAPT)
GIAC Python Code for Pen Testers (GPYC)



For more insightful discussions and expert advice from the world of cybersecurity, be sure to listen to the full episode and stay tuned for future episodes of The Phillip Wylie Show.

Summary
In this conversation, John and Greg from White Knight Labs discuss their backgrounds and the work they do in red teaming and penetration testing. They explain the difference between red teaming and pen testing, with red teaming being more focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. They also discuss the skills and knowledge required to become a red teamer, including a background in sysadmin or software development, networking knowledge, and experience in pen testing. They recommend certifications such as Certified Red Team Professional and Certified Red Team Expert, as well as courses on redirectors and offensive development. In this conversation, John Stigerwalt and Greg Hatcher discuss various aspects of red teaming and physical security. They emphasize the importance of teamwork and diverse skill sets in red team operations. They also highlight the challenges and grueling nature of red teaming, as well as the misconceptions surrounding it. The conversation touches on the use of AI in security, the practice of assuming breach, and the courses offered by White Knight Labs.

Takeaways
Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations.
A background in sysadmin or software development is recommended for aspiring red teamers.
Networking knowledge and experience in pen testing are important skills to have.
Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial.
Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach.
Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares.
Physical security assessments often involve challenging and uncomfortable situations.
Getting started in physical security can involve courses like Covert Access Team and Optiv's course.
Assume breach is a valuable mindset to adopt in security.
White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.



Takeaways


Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations.
A background in sysadmin or software development is recommended for aspiring red teamers.
Networking knowledge and experience in pen testing are important skills to have.
Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial.
Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach.
Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares.
Physical security assessments often involve challenging and uncomfortable situations.
Getting started in physical security can involve courses like Covert Access Team and Optiv's course.
Assume breach is a valuable mindset to adopt in security.
White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.

Resources:


White Knight Security Website


https://whiteknightlabs.com/training/


https://www.linkedin.com/in/gregoryhatcher2/


https://www.linkedin.com/in/john-stigerwalt-90a9b4110/


https://x.com/WKL_cyber



WKL Courses:


Advanced Red Team Operations Course (ARTO) https://training.whiteknightlabs.com/advanced-red-team-operations/


Offensive Development Course https://training.whiteknightlabs.com/offensive-development-training/


Offensive Azure Operations and Tactics Course https://training.whiteknightlabs.com/offensive-azure-operations-tactics/


Educators and Tools:


Travis Weathe

In this episode, Phillip Wylie is joined by Matt Scheurer, a digital forensics and incident response expert. They discuss Matt's hacker origin story, his work in digital forensics and incident response, and the education path for aspiring professionals in this field. They also touch on the importance of professional networking and the benefits of public speaking in the cybersecurity industry.



Takeaways


Digital forensics and incident response (DFIR) professionals play a crucial role in investigating and responding to cybersecurity incidents.
Having a background in systems administration and networking can provide a solid foundation for a career in DFIR.
Building a professional network and seeking mentorship from experienced professionals can greatly enhance career opportunities in the cybersecurity industry.
Public speaking can help establish credibility and open doors for career advancement in the cybersecurity field.
Exploring different areas of cybersecurity and finding one's passion can lead to a more fulfilling and successful career.



Sound Bites


"I was just always enthralled with hackers and hacker lore and all the things that people would do with technology that the people that designed it didn't anticipate."
"Understanding basic networking, learning the Linux command line, and knowing where things should be on a Windows endpoint are essential skills for aspiring DFIR professionals."
"Having a background in SOC (Security Operations Center) analysis can provide a solid foundation for understanding digital forensics and incident response."



Resources

https://www.linkedin.com/in/mattscheurer/

https://twitter.com/c3rkah