A Year In Review

Close out 2023 right and start 2024 strong.

Follow & like the podcast!

Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902

Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today

1 00:00:00
Speaker 1: I was going, patrick and Dwayne, like I feel like

00:00:03
we've been trying to plan this thing for like a year now.

00:00:05
Hey Joe, yeah.

00:00:07
Speaker 2: I feel like old friends.

00:00:08
I asked you have we talked before?

00:00:10
And you're like I don't think so.

00:00:13
Speaker 3: We keep trying.

00:00:13
It feels like it, though.

00:00:14
It feels like it.

00:00:16
Speaker 1: Right, yeah, we've been pen pals over email for a

00:00:19
year.

00:00:21
Speaker 3: Whatever happened to pen pals?

00:00:22
They used to do that in schools .

00:00:23
You used to write a letter, snail mail them.

00:00:25
Now it's just, it's all dying art.

00:00:28
Speaker 2: I actually got letters in the Gulf War.

00:00:30
When I was on the front lines in Iraq, I got letters from kids

00:00:33
and it was actually quite fun for the soldiers to get those

00:00:36
letters.

00:00:36
Speaker 3: So that's cool, bring it back.

00:00:38
Speaker 1: I'm not sure if I ever did that in grade school.

00:00:41
Speaker 3: Oh, really.

00:00:42
Yeah, it used to be a thing Like you'd write letters and

00:00:44
you'd send them off and then, mysteriously, they'd maybe

00:00:48
respond or not.

00:00:49
I don't know.

00:00:49
It's cool.

00:00:49
Yeah, it was magical to get a letter, open it up in the

00:00:52
mailbox, see the postman delivering it.

00:00:54
It's like Christmas.

00:00:56
Speaker 1: I don't know.

00:00:56
I mean that's interesting.

00:00:58
I mean I don't feel that old, but I guess maybe I'm getting

00:01:01
old.

00:01:04
Speaker 3: It's entirely possible.

00:01:05
It's entirely possible.

00:01:08
Speaker 1: Yeah, it's a.

00:01:09
It's surprising.

00:01:11
I just had my first, my first kid.

00:01:13
She's just turned nine months.

00:01:15
Congratulations, like for the first time I feel like an old

00:01:19
man, it's like what is going on right now.

00:01:21
Speaker 2: Where do your grandkids can roll their eyes?

00:01:24
Speaker 3: Then, let me know.

00:01:25
That's when you know you've made it.

00:01:27
Yeah.

00:01:28
Speaker 2: Yeah, when you become lame to your grandchildren.

00:01:32
You pretty much accomplished their life, right.

00:01:38
Speaker 1: Well, guys, I start with everyone's background and

00:01:41
I'll tell you why I do that.

00:01:42
It's because I have a varied audience.

00:01:45
I have a group of my audience that could be trying to get into

00:01:49
IT or security, maybe straight out of college, or they're

00:01:53
trying to do a career change.

00:01:54
You know, they may not know that it's possible for them,

00:01:58
right?

00:01:58
And I've found, after doing over 150 episodes now, that I

00:02:04
haven't heard the same background twice.

00:02:06
So I feel like I remember when I was trying to get into

00:02:11
security and IT, hearing other people talk about how they got

00:02:16
into it made it feel like, okay, this is obtainable for me.

00:02:20
Speaker 2: It's absolutely obtainable.

00:02:21
Speaker 1: Yeah Right, so why don't we start with you?

00:02:24
How did you get into IT?

00:02:25
How did you get into security?

00:02:27
Maybe what sparked that interest in you that brought you

00:02:31
into this?

00:02:31
Speaker 3: field.

00:02:32
Oh my gosh.

00:02:33
Well, this will date me, but for me it actually happened in

00:02:38
high school.

00:02:38
So in high school I got my amateur radio license and that

00:02:45
hobby is all about tinkering with radio waves and electronics

00:02:48
and figuring out how it all works, like doing the

00:02:52
mathematics of building your own antenna right and then how you

00:02:56
can transmit on that antenna and bounce it off the ionosphere

00:03:00
and then talk to somebody 7 miles away.

00:03:02
And you get into that world of really tinkering and figuring

00:03:08
things out.

00:03:09
And at the time the Apple IIE came out and my parents spent a

00:03:13
fortune on an Apple IIE and my brother and I were enamored with

00:03:17
it and then later on, you know, started pulling apart our 386

00:03:21
computer, doing online BBSs and bringing it.

00:03:27
So that world sort of grasped us and part of it, honestly, was

00:03:31
video games back then, because you couldn't just click a game

00:03:36
and play it.

00:03:36
Back then it was like you had to install it and then move

00:03:40
memory drivers around and then like decide whether you wanted

00:03:43
the mouse, because if you didn't want the mouse you could save

00:03:46
memory.

00:03:47
Speaker 2: And then there was cheating, right.

00:03:51
Speaker 3: So there's all that tinkering involved with

00:03:53
computers back in those days and we started playing around with

00:03:57
bulletin board systems and for the listeners who might not know

00:04:00
what a bulletin board system is you'd have a modem and you

00:04:03
would dial up another computer that was running a program that

00:04:06
you could then log into, in essence, and play what they

00:04:09
called door games, and then it was probing the systems there.

00:04:13
Well, what else can I do?

00:04:14
Can I get it to give me a command?

00:04:16
Can I get it to do these types of things?

00:04:18
And that's when I started early on in cybersecurity.

00:04:20
There was an incident in high school.

00:04:23
I did get suspended for computer acts that we won't talk

00:04:28
about.

00:04:29
Fast forward, got my computer science degree.

00:04:31
Actually, oddly enough, I went to a Benedictine Monk College

00:04:36
because most of the engineering colleges turned me down at the

00:04:39
time.

00:04:39
They were like listen, we don't want a student with your

00:04:40
background Right In computer nefariousness.

00:04:45
Speaker 2: Now, they'd be dying for him.

00:04:47
They'd be lining up, so I applied it.

00:04:50
Speaker 3: That's the way I started a career, right, I

00:04:53
applied it at St Anne's own college, so it's a Benedictine

00:04:55
Monk.

00:04:55
I mean literally the monks with the brown robes and the rope

00:04:59
ties and that sort of stuff, and they're like you know what?

00:05:01
We think we can reform you, we think you can.

00:05:03
So yeah, you can get your computer science degree here,

00:05:08
they're wrong.

00:05:10
So then when I graduated, I had my computer science degree, my

00:05:14
Bachelor of Arts in computer science, and I started teaching

00:05:17
for Microsoft and I was doing Microsoft courses at that time

00:05:20
and teaching TCPIP and that sort of thing, and I went to take my

00:05:24
next course, which was in commerce server Patrick.

00:05:29
Speaker 2: Merch.

00:05:30
Yeah, it was commerce server.

00:05:31
Commerce server.

00:05:31
We transitioned from merchant server.

00:05:34
Speaker 3: So I was taking my next course so that I could

00:05:36
deliver solutions to customers and, lo and behold, my

00:05:39
instructor, this old crotchety West Point graduate, Patrick

00:05:44
Hines, was like hey, we should start working together.

00:05:48
And this is in 2000.

00:05:49
This is March of 2000.

00:05:50
So yeah, long, long time ago.

00:05:53
So that's how I got into it.

00:05:54
And then hilarity ensued.

00:05:56
So it's all downhill from there .

00:06:01
Speaker 1: And Patrick, you know how did you get your start.

00:06:04
Speaker 2: So I went to the military academy at West Point.

00:06:08
I did not focus on computers, but I bought one and I was into

00:06:13
it and I was playing gunship and the games of the day.

00:06:16
And so I became the infantrymen who knew computers in my unit

00:06:22
and so I was repairing computers and doing things that you know

00:06:26
people were afraid to do, and I just wasn't afraid to break it

00:06:28
because I'd already broken mine so many times.

00:06:30
And then, when I got out of the service after the Gulf War, I

00:06:36
went in the reserves but I wanted to go into the civilian

00:06:40
sector.

00:06:41
I started programming and I got into security right away

00:06:44
because I always thought about the military side of things and

00:06:47
the adversarial thinking.

00:06:49
I guess that's the way I would describe it when I was after

00:06:53
going to West Point.

00:06:55
When people look at like nice pictures of meadows and tree

00:06:59
lines and things like that, they think about picnics and

00:07:02
butterflies and I think where I'm going to put the machine

00:07:04
guns, and so I think about systems as far as what could go

00:07:09
wrong, and that put me in the right mindset.

00:07:11
And so once I started working with Dwayne this is where we

00:07:16
went we started doing pen tests and vulnerability assessments

00:07:20
and risk analysis.

00:07:21
Almost 20 years ago actually, right after we started, we

00:07:25
started looking for this kind of work and we did a lot of

00:07:27
programming, a lot of system enterprise stuff.

00:07:30
Between us, we've probably visited 80% of the Fortune 500

00:07:35
and the global 1000 over the last 20 years and a lot of free

00:07:38
letters.

00:07:39
Yeah, and not always as a pen tester, but a lot of times as a

00:07:44
security engineer, and so now that's all we do.

00:07:49
Speaker 1: That's really interesting when you bring up

00:07:55
your mentality right.

00:07:57
That kind of, I guess, directed you towards security.

00:08:01
I can really relate to that, and so my wife and I, you know,

00:08:06
we fairly recently we built our house.

00:08:08
So when you build a house, you got to, I mean, there's a

00:08:12
million decisions.

00:08:13
Speaker 2: And my condolences.

00:08:14
Congratulations, congratulations Right.

00:08:18
Speaker 1: I will never financially recover from this

00:08:20
decision.

00:08:20
But you know you go through a million different choices.

00:08:25
You know and, like you know, in the front of the house there's

00:08:28
a big window.

00:08:29
My wife loved it and I'm sitting here thinking, well,

00:08:32
that's a non-defensible structure.

00:08:34
You know like anyone get through that thing and she's

00:08:38
like hey, can you take your security hat off?

00:08:40
Speaker 2: for a bit.

00:08:41
No, just think about aesthetics .

00:08:43
No, it's your job, though yeah, she's like who hurts you as a

00:08:47
child so do you have a big front yard?

00:08:48
Do you have a big front yard?

00:08:50
It's a good amount.

00:08:51
Yeah, you know, you can put some piles in and put, like,

00:08:55
some PVC pipe in the wood piles and you can use those as

00:08:58
fighting positions.

00:08:59
Speaker 3: Yeah, see, yeah, the thing that always struck me, the

00:09:04
thing that made me start thinking about physical

00:09:06
securities when I met Patrick because I was always into the

00:09:08
digital security, tearing computers apart and that sort of

00:09:10
stuff but we'd sit down in a conference room with a customer

00:09:14
or something like that Patrick, very specifically, would pick a

00:09:17
chair, like he would.

00:09:18
It would always be a chair facing the door.

00:09:21
I'm like what are you doing?

00:09:23
He's like I want to see him coming.

00:09:24
I was like what is wrong with you?

00:09:26
Like seriously, yeah, yeah, that's always the mentality I've

00:09:32
been tested.

00:09:33
Speaker 2: There's nothing wrong with me, but we don't have

00:09:40
computer science.

00:09:41
Dwayne has a computer science degree.

00:09:42
He doesn't have a cybersecurity .

00:09:44
I don't have.

00:09:44
You have a computer science degree.

00:09:45
I'm all self-taught.

00:09:47
The bottom line is we've got veterans, we've got people who

00:09:50
used to work as mechanics.

00:09:51
We've got all sorts of people who work for us who are

00:09:55
excellent cybersecurity engineers who never started in

00:09:57
technology.

00:09:57
It's a long road, but you can self-service your way to it.

00:10:03
Speaker 3: One of our great pen testers.

00:10:04
His job before this is he was a salesperson.

00:10:07
I think he was a salesperson at Oracle, really yeah, and he

00:10:11
used to sell a technical product , but he's fantastic at ripping

00:10:15
apart websites Like just you name it.

00:10:18
He can swizzle and tear apart a website like you wouldn't

00:10:22
believe it.

00:10:24
Really, hacking is a mentality.

00:10:26
You want to know how it all works.

00:10:27
You want to tear it apart and see the insides and, I don't

00:10:30
know, sometimes put it back together, but mostly just break

00:10:32
it and we find somebody else's job, isn't it, if we're doing?

00:10:38
it right somebody else.

00:10:39
So we find that mentality is the most important part.

00:10:42
Oh, not the technical background of the know-how or

00:10:45
whatever that can all be taught, it's really just the drive to

00:10:49
understand how it all works problem solving.

00:10:52
Speaker 2: So some people come at it differently.

00:10:53
Some people are gamers.

00:10:54
Gamers like to solve problems and they like the challenge.

00:10:57
Some people it's the aesthetic.

00:10:59
They're more into Sudoku and they like there's no one

00:11:02
personality type.

00:11:03
She can't be intellectually lazy.

00:11:05
That's probably the biggest thing.

00:11:06
You have to be curious.

00:11:08
What I like to tell people who are trying to get into it

00:11:10
because I think that's where you're going with this is you

00:11:13
need to learn all the buzzwords.

00:11:14
Not because you're trying to fool anybody, but if you're

00:11:17
hacking a system and you find a file that says something about

00:11:20
kubernetes, you need to know what that means so that you know

00:11:22
where to go with it.

00:11:23
If you find something that talks about indexes, you know

00:11:26
what that means.

00:11:27
Or x 500?

00:11:28
Terminology is the first obstacle.

00:11:31
It's kind of like anatomy for doctors.

00:11:33
A doctor's have to learn grades anatomy.

00:11:34
It washes out a lot of people in medical school.

00:11:36
The same thing's true here.

00:11:37
We tell people when they start they need to learn a little

00:11:41
about a lot.

00:11:42
So listen to the first ten minutes of a Hundred ten hour

00:11:47
courses, because you only need to know the buzzwords.

00:11:50
What's the, what's this?

00:11:50
Oh well, that's what it's used for.

00:11:52
Okay, great.

00:11:52
Moving on and then eventually you come back for the depth and

00:11:56
you learn the hacking skills and things like that.

00:11:58
But there's a lot of Cyber security positions that aren't a

00:12:02
Offensive, that aren't what we do we're.

00:12:04
We're like red team hackers and that's.

00:12:06
You know, that's kind of the dramatized.

00:12:09
There's one, there's one of us on on the mission impossible

00:12:11
team.

00:12:12
There's one of us on every break-in crew and it's like well

00:12:15
, you want me to hack the NSA?

00:12:16
This is gonna be tough.

00:12:18
Speaker 1: I'm in you know, that doesn't actually work.

00:12:22
Speaker 2: But but the advice would be it is a lot easier to

00:12:26
get into, it's a lot harder to stay in Because you have to run

00:12:30
the whole time.

00:12:32
Speaker 1: Yeah, yeah, that's.

00:12:33
That's a really good point.

00:12:35
You know that.

00:12:36
That's why, that's why there's so much burnout in security

00:12:41
People.

00:12:41
People don't understand that from the outside.

00:12:43
It's.

00:12:44
Like you know, I constantly need to be on top of my stuff,

00:12:49
you know, if I miss, if I miss one thing, and yep, and my boss

00:12:53
starts to be like, oh, he's not, he's not where I thought he was

00:12:57
.

00:12:57
Yeah, you know, like this field is a hundred percent employed.

00:13:00
It's not.

00:13:01
Like you know, 50% of us are, you know, unemployed at any one

00:13:05
point in time.

00:13:05
Like you know, my buddy, I was at a.

00:13:08
I was at a mortgage company when the interest rates started

00:13:11
to turn, yeah, and so immediately they laid off like

00:13:14
12 people.

00:13:15
My buddy on the security team Was a part of those 12

00:13:19
people in the first round of layoffs.

00:13:21
Right, yeah, this was a Monday or a Tuesday.

00:13:25
By Friday he had an offer in hand.

00:13:27
Speaker 2: Yeah, right ago, as a security specialist, you could

00:13:30
forget how to speak English and they would make allowances.

00:13:34
Speaker 1: Most don't know how to speak English.

00:13:36
Speaker 2: Yeah, that's true.

00:13:39
Speaker 1: I'm better than I speak in English.

00:13:42
Speaker 3: Right, but you're exactly right, you get that like

00:13:44
it's a treadmill.

00:13:45
I like constantly.

00:13:46
My wife is like listen, I love the fact that you love what you

00:13:49
do and I hate the fact that you love what you do, because it's

00:13:53
like my my phone's always blowing up and I'm like, oh wait

00:13:56
, hold on.

00:13:56
There's this really cool Citrix hack that just came out.

00:13:59
Let me read about it.

00:14:00
Or there's this you know, there's a really new.

00:14:02
I don't know if you've seen this Logo fail, but there's a

00:14:06
way to breach any computer right now by injecting a logo into

00:14:09
the BIOS.

00:14:10
Then it bypasses all security.

00:14:11
And there's like and I'm reading these things and my god,

00:14:14
this cool is a rock chain or is it whatever?

00:14:16
And she's like oh, it's great that you're excited, but

00:14:17
honestly, put it away.

00:14:18
And I'm like, every five seconds something is happening,

00:14:21
there's a breach in some major system.

00:14:23
Right, and it's yeah, it's constantly moving.

00:14:26
You got one of you ever heard our Pat.

00:14:27
Speaker 2: Pat podcast.

00:14:28
Every time something's horribly bad, dwayne's loving it.

00:14:31
Speaker 3: Oh, I do I.

00:14:31
Speaker 1: When the internet's on fire is what I'm my happiest

00:14:34
yeah, I mean my Another one of my my buddies at another company

00:14:41
.

00:14:41
He, he's been dealing with a hack for the past month.

00:14:45
They just like keep on targeting them in different ways

00:14:48
.

00:14:48
I mean he's on a team of like five people.

00:14:51
I'm like, dude, I need to tell your CISO to, like you know,

00:14:54
hire me.

00:14:54
Yeah, yeah, yeah, beef up the team, you know.

00:14:59
Speaker 2: There's also I'm sorry, interrupt, but there's

00:15:01
also people I've encountered in our space that are burning out

00:15:05
because the clients just don't listen and it's like they feel

00:15:10
like they're, they're, they're this feels like they're I Don't

00:15:15
want to use a bad, bad term, but they're they're moving against

00:15:18
the tide how about that?

00:15:19
And they're just sick of the fact that they know what the

00:15:23
people need to do.

00:15:24
They've told them what they need to do and they won't do it.

00:15:26
Like patching, like just you know, don't don't be stupid

00:15:30
about it, just patch, you know.

00:15:32
Or you change the password policy and don't let the

00:15:36
executives get away with cheating, because it's not like

00:15:39
other things, like when you park , where you know it's, it's rank

00:15:43
, habits, privileges.

00:15:44
If you get hacked, everybody gets hacked with you.

00:15:48
Speaker 1: Right, yeah, that's it.

00:15:50
That's a really, that's a really good point.

00:15:53
I actually just encountered this yesterday of you know

00:15:57
you're presenting these vulnerabilities Right of like.

00:16:00
Hey, you know this has been here since September.

00:16:03
Like this was patched by Microsoft's patch Tuesday in

00:16:07
September, yeah, and you still have this throughout the entire

00:16:11
environment.

00:16:11
You know what are we, what are we talking about right now?

00:16:14
Like, what are you guys paying for?

00:16:16
Please, please, tell me what you're paying for, because now I

00:16:19
feel guilty, because I'm doing my job, but I feel like I'm not

00:16:23
enabling you, you know right.

00:16:25
Speaker 2: Dwayne had an excellent analogy of you go to

00:16:27
your doctor and they say you need to eat some fruits and

00:16:29
vegetables.

00:16:29
And you need to and you're like , no, that can happen and that's

00:16:33
how it feels, but I still don't .

00:16:35
I understand that I don't want to eat fruits and vegetables

00:16:37
thing, but I don't understand that I don't want to patch when

00:16:41
a patch is available.

00:16:41
Thing doesn't make sense now.

00:16:44
Speaker 1: It's amazing my mentality with the fruits and

00:16:46
vegetables.

00:16:47
I actually just got told you know, I need to eat more fruits

00:16:50
and vegetables and I'm like so I can't just work out harder.

00:16:53
Speaker 2: I just think we got a thing that whole thing, just

00:16:56
work out harder.

00:16:58
Speaker 3: Patrick.

00:16:58
Patrick always says when we, when we go out to dinner or

00:17:01
whatever, they'll bring like a hamper, and Patrick would be

00:17:05
like, hey, and they'll be like, do you want tomato, do you want

00:17:07
lettuce?

00:17:07
And be like, no, no, no, keep all that stuff, that's what food

00:17:09
eats.

00:17:09
Yeah, that's it.

00:17:10
Yeah, yeah, but it's tough, you know.

00:17:18
You got a, I feel, for the doctors now, where they're like,

00:17:20
hey, you should work out more, you should eat better, you

00:17:23
should, you know, drink more water.

00:17:25
And and all of us are like, yeah, but is there like a pill

00:17:28
or something you give me, like something?

00:17:29
And then you see it in the cyber, yeah, you see it in the

00:17:33
cyber security space, where you're like you should patch,

00:17:35
you should have better password policies, you should have, you

00:17:38
know, some sort of global aggregated log that you can look

00:17:41
there.

00:17:41
And they're like, yeah, but is there just like some simple

00:17:43
product I can buy that'll make me a hundred percent secure?

00:17:45
You're like, no, there isn't, like you have to do these things

00:17:49
.

00:17:50
Speaker 1: Even if there was a product that you could deploy

00:17:53
and you'll be a hundred percent secure, you still have to do the

00:17:56
work and deploy it and configure it and you need to

00:18:00
maintain it.

00:18:00
And you know guess what?

00:18:01
You need to keep it updated.

00:18:03
So if you're not updating your windows, you know You're

00:18:06
probably not gonna update this thing right, like there's still

00:18:10
work involved.

00:18:11
Speaker 3: Yep, yep, here's what you do.

00:18:12
You go into the customer.

00:18:13
You get like absolutely, I can do this, I can make you a

00:18:15
hundred percent secure.

00:18:15
And you power the computer off and you walk off.

00:18:17
You're like you good, you good, just leave that off, don't turn

00:18:19
that back on you good, nobody can act you well.

00:18:22
Speaker 2: We've also seen a lot of complaints by big companies

00:18:25
that they'll hire a Company to do a pen test or an audit or

00:18:29
something and they'll get something that's a completely

00:18:32
Inactionable and useless because there's a shortage of people in

00:18:35
our field.

00:18:36
There's also a lot of people who are willing to deliver sub

00:18:39
par products and they don't get called for it.

00:18:40
A lot of our customers have said we're only gonna deal with

00:18:43
you once because we've had such bad results in your industry.

00:18:47
We're, we're gonna play the field and we some of those

00:18:51
customers are working with us for three, four years now.

00:18:54
Speaker 3: Yeah, and a lot of it is like listen, there is a

00:18:56
shortage in this field.

00:18:57
I, you know the three of us probably know better than most

00:19:01
we don't have a sales staff, we don't need one.

00:19:03
It's just people who need cybersecurity.

00:19:06
Hear from other people who have had services with you.

00:19:09
It's just such a crazy market right now.

00:19:10
But the problem is you do you run into those, those providers

00:19:15
who are like oh, you know what I'm gonna do.

00:19:16
I'm gonna take this automated scanner, I'm gonna run it

00:19:18
against you, I'm gonna call it a pen test.

00:19:19
I'm gonna throw your report.

00:19:20
That's 900 lines long.

00:19:22
That really doesn't mean anything.

00:19:23
And then I'm gonna move on to the next customer.

00:19:25
And, yeah, it's unfortunate that that happens, because

00:19:28
really doesn't help anybody at that point.

00:19:30
Speaker 1: No, yeah, that's a, that's a really good point.

00:19:34
You know, it's interesting because several years ago I

00:19:39
started my LSE to start, you know, kind of like consulting

00:19:42
and whatever else, right, cuz I always have the habit of doing a

00:19:46
whole, just shit ton of Side work.

00:19:49
You know, yeah, and so I'm like okay, like I need to do this a

00:19:53
little bit more smart.

00:19:54
You know, let's get an LSE going and you do that whole

00:19:57
thing out and you know, I don't know what got into me.

00:20:00
I put like security consultant in my title on LinkedIn, right,

00:20:04
and when I was forming the LSE, I'm like, well, I'm not gonna

00:20:06
get any customers.

00:20:07
You know, I'm one man show, I don't know anything.

00:20:10
You know Like, yeah, I engineered this product really

00:20:13
well, but that's really a.

00:20:14
You know, no one's gonna, no one's gonna hire me.

00:20:16
And I mean, I did that on Monday and by Friday at three

00:20:20
customers.

00:20:20
Yeah, I'm like crazy, like I had to figure out how to write a

00:20:24
contract and all that sort of stuff.

00:20:26
I mean we're talking like last minute.

00:20:28
It's like guys like I don't know what the hell, I don't know

00:20:31
if I know what I'm doing.

00:20:34
Speaker 2: Well, your first mistake was listing cyber on

00:20:37
your resume, but but there's such a short.

00:20:41
This I the last numbers I saw was half a million open

00:20:44
positions in the United States and three million worldwide, and

00:20:48
I, I basically it's in and that's for people who can

00:20:53
actually help you get secure, not just people who are Fixing

00:20:57
after, after you get like forensics and that's for stuff.

00:21:00
Speaker 1: Yeah, yeah yeah, you know, it's actually a lot easier

00:21:04
to stand out in the field.

00:21:05
Then I think people realize the reason why I say that is, you

00:21:11
know, so I, my first like big boy cert right, was the CCSP

00:21:16
Mm-hmm.

00:21:17
Extremely, it was extremely difficult for me to get it.

00:21:20
There's a huge leap forward and I figured I'm one of a million.

00:21:24
You know, like, it's not gonna make me stand out, it's just

00:21:28
gonna help me start a conversation again.

00:21:30
The cloud security, right, that's how I viewed it and you

00:21:34
know, recently, actually fairly recently I got that several

00:21:37
years ago, fairly recently I looked at the numbers of how

00:21:40
many actually have the certification.

00:21:42
It's like 5 people Mm-hmm.

00:21:45
Yeah, either it was either worldwide or in North America,

00:21:48
but either way that number is insane away because you have

00:21:52
this, you have this high level cert in Cloud security.

00:21:55
Cloud security is a field of security.

00:21:56
That's, you know, blowing up, right, that's where everything

00:21:59
is going and there's 5 people that have this cert.

00:22:02
I mean, you know, you put in the time, you put in the work,

00:22:07
you get the cert and now you're standing apart, yeah, from the

00:22:11
other.

00:22:11
You know, 10 million of us that are in security right.

00:22:15
Speaker 2: So I used to be a big , secure a certification guy

00:22:18
Back in the old days when you two were probably both in high

00:22:21
school or junior high school.

00:22:22
So I, yeah.

00:22:24
So I had one point.

00:22:25
I had 55.

00:22:27
Now I 55 Microsoft sort of technical certifications MCSE,

00:22:32
mcsd, mcp, everything, oh yeah, mct and I went from 50 to 55 and

00:22:38
no one cared at that point.

00:22:40
I could have stopped at 10 and nobody.

00:22:42
So what's happens is it's become so rare.

00:22:45
If I'm not saying you shouldn't get certification, I really

00:22:47
like certifications.

00:22:47
But you Like CISSP, specific cloud stuff, ai that is going to

00:22:53
be coming out soon OSCP, oswe, the Offset stuff, the right SAN

00:23:00
certifications those are all excellent advertisements, but as

00:23:03
long as you can do the work and not just it be a book

00:23:08
certification, but that's what the interview is all about.

00:23:10
So I would recommend, if people can get a certification like

00:23:14
that, it is a great way to be, and once you can get one of

00:23:18
those certifications, you're in the industry.

00:23:20
Speaker 3: Yeah, and I'm on that .

00:23:21
I'm on the side of, like, if there's a new certification in

00:23:24
cloud security or like I have, you know, my OSCP, my Pen 300, I

00:23:31
have my GX pen, so I'm always looking for what classes and

00:23:38
training can I get that's going to teach me new tactics and

00:23:41
techniques I might not otherwise run into and I want to go and

00:23:44
get the certification to prove.

00:23:45
Yeah, I do know these things and I agree, you know what

00:23:49
happens in the beginning of a field and cybersecurity really

00:23:52
is kind of just blowing up.

00:23:53
What happens in the beginning of the field is how do you tell

00:23:56
you're right absolutely, joe from the other 10 million people

00:23:59
who say they're cybersecurity experts because they know

00:24:01
cybersecurity is a big field and yesterday they were a network

00:24:04
administrator and now they changed their title to

00:24:05
cybersecurity administrator, how do you know that that person

00:24:09
knows what they're doing?

00:24:10
Right, and certifications set us apart.

00:24:13
You know, maybe 10, 15 years from now everybody has those

00:24:16
certs right, because you know it's kind of commonplace for

00:24:19
them to take them.

00:24:19
We saw that with the MCSC back in the late 90s, early 2000

00:24:23
range.

00:24:24
Right, if you were an MCSC in, you know 96, 97, 98, like you

00:24:29
were countably few and then when you got into like 2005, 2006,

00:24:33
you get a busload of MCSCs for 100 bucks, right, and I'm hoping

00:24:37
cybersecurity goes there.

00:24:38
But honestly I just don't think anybody.

00:24:40
There's such a treadmill this day in cybersecurity.

00:24:43
I think people won't want to keep doing it.

00:24:47
So we'll see what happens.

00:24:48
Speaker 2: But I don't know.

00:24:49
I think they'll get paper.

00:24:51
I think we're already seeing some of that where paper

00:24:53
security engineers who are willing to give you a rote

00:24:59
answer and collect the fee, and so I think there's some of that

00:25:04
there now.

00:25:04
But yeah, in order to actually hold your own, you need to stay

00:25:07
on the treadmill Because it's changed so much.

00:25:10
Speaker 1: Yeah, I think you know what I always recommend,

00:25:14
right, let's assume someone's trying to get into cloud

00:25:16
security.

00:25:17
What I recommend typically is, you know, let's start with a

00:25:22
broad cert, right, and then choose a cloud, and you may not

00:25:28
have to necessarily go like deep in terms of get all 25 of the

00:25:32
AWS certs right, or however many .

00:25:35
Speaker 2: They have 23, 24, whatever.

00:25:37
Speaker 1: Yeah, whatever, I've only had two AWS certs, but I

00:25:40
had their foundations level cert and then I had their like

00:25:44
hardest security cert, right, and that was a terrible mistake

00:25:48
that I made because, like literally the week of taking my

00:25:54
exam, I learned oh, I should have taken like this other cert

00:25:58
before taking it.

00:25:59
Like this is meant to build onto that.

00:26:01
Speaker 3: Yeah, baby steps, show, baby steps.

00:26:04
Speaker 1: But, like, the reason I give you know is one you have

00:26:09
to know the language, like what you guys were talking about.

00:26:11
You have to know all the buzzwords, you have to actually

00:26:14
have a good understanding you know.

00:26:15
So that overarching non-technical cert will get you

00:26:19
there.

00:26:19
And then you have that deep dive technical cert, like the

00:26:24
AWS security specialist certification, which is actually

00:26:28
very surprisingly technical.

00:26:29
Yes, it's a multiple choice.

00:26:33
You know nothing but words exam , but you need to know where it

00:26:40
ends and out.

00:26:41
You know you don't need to just like know the terms.

00:26:43
You're thinking about IAM, roles and rules and how you

00:26:47
would deploy it, and then you have to troubleshoot it and

00:26:50
talking about services, talking to each other, I mean that is

00:26:54
technical.

00:26:54
I was actually proven, you know , in my current role, my current

00:26:58
day job, where you know I was on this call.

00:27:01
It was like week one of starting and they were like, oh,

00:27:04
we can't do it, we have to open up.

00:27:06
This thing is very like obscure .

00:27:08
I was going to put the organization at risk.

00:27:10
I was like guys like AWS, you know, has this thing it's called

00:27:13
a VPC endpoint Like can we just deploy that?

00:27:16
Or a bastion host, like they're the same thing, different words

00:27:20
and he goes, oh no that doesn't exist.

00:27:22
I'm like I'm pretty sure it exists because they just beat it

00:27:25
into me for this exam.

00:27:26
Speaker 3: But maybe I'm wrong, you know, yeah, and within 30

00:27:30
minutes.

00:27:30
Speaker 1: he was like, oh, he's right, We'll do that.

00:27:33
Speaker 3: Yeah, yeah, and that's that's a majority.

00:27:38
Like cloud right now is there's so many moving parts in cloud

00:27:42
and there's so many new and upcoming services and should we

00:27:45
put an ELB on that?

00:27:46
Let's use an Elkstag and let's use like and a lot of people,

00:27:49
and there's not only just the terminology, but then the the

00:27:52
hey, we got this new microservice that we're offering

00:27:54
over here and it's like okay, well, how do I secure it?

00:27:56
Like so it's real easy for customers to architect

00:27:59
themselves I say architect with air quotes into a very bad place

00:28:03
.

00:28:03
Like ah, let me just click the start button on all these

00:28:06
services and we're good, and you're like no, no, you really

00:28:09
need an expert who knows how to actually control the data flow.

00:28:13
Speaker 2: And there's a lot of things that that they don't,

00:28:16
that aren't the default as far as backups and recovery and logs

00:28:19
I mean all the logs that you might need for a breach.

00:28:22
How many times have we gone in with a somebody's had a business

00:28:26
business?

00:28:28
Speaker 3: email compromise or something like that Exactly.

00:28:31
Speaker 2: And we have to go in and it's like none of the logs

00:28:32
are turned on.

00:28:33
So next time we'll get them yeah.

00:28:36
Speaker 3: Not this time, right, ooh, so close.

00:28:40
Speaker 1: Yeah, it's a and all of the clouds are like speaking

00:28:45
different languages.

00:28:45
You know you have to.

00:28:47
It's not just like even buzz terms, too, because they operate

00:28:51
differently.

00:28:52
Yeah, yeah, and it's it's like for the tech industry just

00:28:57
overall.

00:28:58
You know, like cloud security is going to turn into a place

00:29:01
where it's like, okay, we have a cloud security AWS team and

00:29:05
then we have a cloud security Azure team, 100%.

00:29:07
You know, I was, I was recently talking to someone that is, you

00:29:11
know, entirely into Azure and I'm, you know, well-certified in

00:29:15
AWS and I understand, you know, azure overall, right, but I

00:29:20
couldn't tell you any of the terms.

00:29:21
Yeah, yeah, I'm over here with a cheat sheet, you know looking

00:29:25
it up, you know like you're talking foreign language.

00:29:27
Speaker 3: Yeah, exactly.

00:29:28
Yeah, it's like oh, they use this word.

00:29:29
All right, right, well, it's tough too, because each of those

00:29:32
clouds was designed with a different customer in mind.

00:29:34
Right, aws's cloud initially was designed with developers in

00:29:37
mind and then, when they started getting into the enterprise,

00:29:39
they were like, oh crap, we could have changed how we

00:29:41
architect things.

00:29:42
The Microsoft was designed with enterprise in mind, but then

00:29:46
when you, you're an individual trying to use it as a developer,

00:29:48
and that's where we're like, ah well, there's a lot of weird

00:29:51
kind of oddities here.

00:29:52
So, yeah, you're absolutely right and unfortunately, right

00:29:54
now I agreed Joe, eventually it's going to be oh, are you an

00:29:57
Azure cloud security guy?

00:29:59
Right now, they're like, okay, can you spell security and cloud

00:30:03
?

00:30:03
Because we're going to put you in any cloud we can, because

00:30:06
you're just not enough people to specialize.

00:30:07
Speaker 2: You missed two vows.

00:30:08
Okay, we're going to accept that it's fine.

00:30:10
Speaker 3: It's fine.

00:30:19
Speaker 1: So how do you, how do you guys, maintain your mental

00:30:22
health while you know being?

00:30:25
Speaker 2: in this field.

00:30:25
Oh, bold assumption there.

00:30:26
How do you bold assumption that we have mental health?

00:30:29
Speaker 3: I mean, you know, alcohol no.

00:30:34
Speaker 1: I mean I've had people on that just like

00:30:36
admitted to like pretty destructive behaviors.

00:30:38
So as long as you're not an alcoholic, I think you'll be

00:30:41
okay.

00:30:42
Speaker 3: No.

00:30:42
So honestly, for me, I'm a martial arts instructor, so

00:30:46
three days a week I get out of the house and I go and and you

00:30:50
just do martial arts or or teach martial arts.

00:30:53
And then I'm also a robotics mentor.

00:30:55
So I work with local high school and I mentor robotics.

00:31:00
So that's that's also three days a week.

00:31:02
So in the evenings, you know, I'm forced to step away and just

00:31:07
go do something else, and it's still either in the tech field

00:31:09
or with martial arts.

00:31:10
There's actually an odd sort of symbiosis between hacking and

00:31:14
martial arts, like hackers manipulate computers to do

00:31:17
things that they weren't designed to do and martial

00:31:20
artists manipulate the human body to do things, Generally,

00:31:23
they weren't designed to do.

00:31:24
But yeah, that's that's for me, that's, it is just really

00:31:29
getting out either doing martial arts, doing robotics and and

00:31:32
then coming fresh to do it.

00:31:35
Speaker 2: Yeah, and I I like to cleanse my palate with

00:31:38
something a lot less technical, and that's why I have a quantum

00:31:40
computing podcast.

00:31:41
Okay, you know something like Nezzie?

00:31:46
Speaker 1: Yeah let's spice that up Right.

00:31:48
Speaker 2: Well, Dwayne stole my answer.

00:31:49
I've been doing martial arts for 50 years and he stole my

00:31:52
answer.

00:31:52
Speaker 3: I let him go first, but it's pretty common, honestly

00:31:54
, in this field.

00:31:55
There are a lot of martial artists and that's I think

00:31:57
that's one of the things is like it's, it's martial artists.

00:32:02
Speaker 2: I think it's.

00:32:02
The seeking of control is what we have.

00:32:05
Speaker 3: It could be, but it also, I think it's also it's a

00:32:08
it's a heady enough sport where there's a lot of thinking and

00:32:11
puzzle solving in it.

00:32:12
That's true, but it's also still a sport.

00:32:14
It still gets you out onto the field and doing things and it's

00:32:18
still the sort of the natural progression of someone who

00:32:20
really likes to break things apart and solve problems and

00:32:23
twist Like elbows and then go break elbows and twist people.

00:32:27
Speaker 1: Yeah, yeah I'm.

00:32:30
I'm actually going to start getting back into jujitsu here.

00:32:33
Speaker 2: Nice, nice, I'm excited Japanese or Brazilian,

00:32:38
brazilian that's a funny comment .

00:32:39
I hold rank in Nihon jujitsu, which is the Japanese started by

00:32:45
master say Sato, who I met several times.

00:32:48
My son-in-law is big in Brazilian jujitsu and so we kind

00:32:51
of have our lanes.

00:32:52
He does Brazilian and I stay over here and Japanese.

00:32:55
Yeah, there's a lot of overlap though.

00:32:57
Speaker 1: Yeah, it's, you know you.

00:32:59
You bring up the, the control aspect of it and that's a.

00:33:03
It's really interesting.

00:33:04
You know, when I was in high school right, I was a wrestler

00:33:07
in high school and I mean week one you learn, you know, control

00:33:11
the head and you'll control where they go, control their

00:33:15
hips and you know you're going to win.

00:33:17
They'll do whatever you want them to do.

00:33:19
You don't, you don't really understand it and you're going

00:33:22
through these moves, but like thinking back and then being in,

00:33:24
like you know, real confrontations is like, yeah,

00:33:30
like those basics, you know, like there's, there's literally,

00:33:33
you know there's a lot of you know like you know, you can't

00:33:35
really you know you can't really .

00:33:37
You know you can't really.

00:33:40
You know you can't really.

00:33:41
You know you can't really.

00:33:43
You know you can't really.

00:33:43
They're defining principles.

00:33:44
Yeah, there's no chance that anyone defends that if they

00:33:47
don't understand when you're controlling their hips, right.

00:33:49
Speaker 3: And why you're doing it and how you're doing it,

00:33:50
where you're applying pressure.

00:33:51
It's like, yeah, you're just going to feed into it.

00:33:52
You know at that point, and it's it's funny you say that

00:33:53
because then translate that over to what we do in offensive

00:33:55
cybersecurity.

00:33:55
We do the same thing.

00:33:55
We apply the pressure because we know they're not going to be

00:33:57
able to defend against it.

00:33:58
So sometimes, like we'll be really loud on one part of the

00:34:00
networks that we can exfiltrate data from another side of the

00:34:03
network and and we know how they're going to react, and we

00:34:06
know if we, you know, cause enough noise, the sock is going

00:34:09
to go nuts over the SQL server over here and not pay attention

00:34:12
to this file server there we're completely, you know, pulling

00:34:14
data off of.

00:34:14
So there's, yeah, there's, there's all sorts of those same

00:34:17
sort of tactics from a logical standpoint, in what we do as

00:34:21
well.

00:34:21
So, yeah, that's.

00:34:22
Speaker 2: Well, you also do a lot of things to see if you get

00:34:25
a reaction.

00:34:25
Yeah, so, if you're, if you're in a, a competition will call it

00:34:30
or a fight, and you're well over matched.

00:34:32
That's when you might like experiment a little bit, so to

00:34:36
see if the, the CERT team, or the, the, the, the, the socks

00:34:40
that they're using will see?

00:34:42
Why don't?

00:34:42
Why aren't they seeing this?

00:34:43
We're setting up red flares.

00:34:44
How come they're not?

00:34:45
We shut down, we uninstalled their agent.

00:34:48
Why are they not?

00:34:48
Speaker 3: seeing this, oh my God, most recent pen test we had

00:34:51
.

00:34:51
We've all we all know about net cat right Very common ability

00:34:56
to get a reverse shell on a server.

00:34:57
We never use it because it's detected by every AV on the

00:34:59
planet.

00:35:00
For the last decade and we had super fancy reverse shells we

00:35:03
were using and all of them were getting caught and we're like

00:35:05
you know what, just throw this oldie on there.

00:35:07
And we threw like straight up net cat and it's fine, like

00:35:10
defender didn't care, nothing cared.

00:35:11
It was like oh yeah, this is a tool from you know the nineties

00:35:14
and you're like this is nuts, yeah, so definitely, probing the

00:35:18
defenses is is something that ties to both martial arts and

00:35:22
hacking as well.

00:35:25
Speaker 1: Yeah, maybe I don't know.

00:35:30
I've seen that too.

00:35:32
I've encountered situations where teams, or pretty large

00:35:39
teams of people will say oh yeah , I know what to do if we're

00:35:42
going to DDoS, or I know what to do if there's data being

00:35:46
exfiltrated or whatnot.

00:35:47
And then you get to the tabletop exercise and the

00:35:55
developer team didn't even tell security that this was going on.

00:35:58
And then the question is asked well, what's alerting on it?

00:36:02
Well, nothing's alerting on it.

00:36:05
Speaker 3: There's no longs for this, it's just going through.

00:36:09
Speaker 1: You're just begrudgingly going through the

00:36:13
next hour or two hours of a tabletop exercise.

00:36:16
It's like, well, yeah, we failed.

00:36:18
There's always a couple of people that are confident yeah,

00:36:22
we did good, guys, we got breached, yeah we did it with

00:36:27
style, but it could have been worse.

00:36:28
Speaker 3: I love that rationale .

00:36:30
Speaker 1: Yeah, we only got breached 2% of our data, guys.

00:36:36
That's all we have available for the exercise.

00:36:39
Speaker 3: Yeah, 23 and me or whatever.

00:36:41
They came, they got breached and they said, oh, it was only

00:36:44
14 accounts, that's it.

00:36:46
You guys are good, you're good.

00:36:47
And then two days ago they came back and they were like our bad

00:36:49
, it was actually 6.9 million and it was half of our database,

00:36:53
but only half.

00:36:56
You went from 0.01% of your database to half of it, but the

00:37:00
other half secure.

00:37:01
You're like, yeah, okay, or Okta or LastPass, exactly yes.

00:37:09
Speaker 1: The story is Thankfully Okta isn't a sponsor

00:37:12
of the podcast, but like If they were, they wouldn't be soon.

00:37:15
Yeah, I cannot believe that.

00:37:18
Like you know, before they were like oh yeah, it was only

00:37:23
targeted on the government clients.

00:37:24
You know, that's what they said , and they're like oh, there's a

00:37:27
couple stragglers to.

00:37:29
Speaker 3: I do.

00:37:30
Speaker 1: Like guys, you know I'm in security.

00:37:33
Okay, like you can find this out before you make your first

00:37:38
post.

00:37:38
Yeah, but you knew this, you 100% knew it 100%.

00:37:40
If someone at your company knew Yep.

00:37:42
Like you, can't tell me you didn't know.

00:37:44
Speaker 2: Somebody knew, but always I'm very charitable in

00:37:48
that I subscribe to the thing.

00:37:49
It's never ascribed to malice what can be explained by

00:37:52
incompetence, and so it's very possible that the person giving

00:37:56
the statement believe what they said at the time that they said

00:37:59
it and they just are not communicating.

00:38:02
It doesn't make them any look any better, but at least they're

00:38:04
not evil.

00:38:06
Speaker 1: I guess that's possible.

00:38:07
You know, they didn't trust the highly paid hopefully highly

00:38:11
paid engineer and architect that told them, hey, this was 100%.

00:38:15
They were like, no, it can't be 100%.

00:38:18
Speaker 3: And it's only 1%, right, right that highly paid,

00:38:24
overworked, probably not as highly paid as he or she should

00:38:27
be engineer who right now is like oh, my God, Probably

00:38:31
recently fired, Exactly Right.

00:38:37
Speaker 1: But you guys also have a podcast, right?

00:38:40
How do you stay motivated with staying up on top of the podcast

00:38:45
?

00:38:45
Because I feel like doing it myself, doing a day job, doing

00:38:51
some consulting, doing a podcast .

00:38:54
At least the first two are kind of related.

00:38:57
The first two you get away with doing one and you know how to

00:39:01
do the other.

00:39:01
But doing a podcast and marketing and getting on guests

00:39:05
and all that sort of stuff, Right?

00:39:07
I mean, like I just told you right, Like we started the

00:39:09
conversation off with, like it's literally been a year since we

00:39:13
started talking about this, yeah , you know like, how do you, how

00:39:18
do you manage it?

00:39:19
Speaker 2: Because I'm having a terrible time doing it.

00:39:23
You're not going to like the answer.

00:39:24
You're not going to like the answer at all.

00:39:26
So for security this week.

00:39:27
So our podcast that we do weekly is securitythisweekcom.

00:39:31
We have a partner in that, Carl Franklin, who is a gifted

00:39:37
programmer, someone I've known for for many years, even as long

00:39:41
as I've known Dwayne almost and he and I got together many

00:39:46
years ago and he had a podcast that he still has called Dotnet

00:39:50
Rocks, and I was the first guest on his podcast.

00:39:53
I didn't know what a podcast was until he explained it to me.

00:39:55
Speaker 3: So 2005, 2001.

00:39:59
Speaker 1: Yeah, so I thought him and his grandmother would be

00:40:01
the only ones that ever heard of this, yeah.

00:40:04
Speaker 2: So he does the technology, he does the

00:40:08
recording and we all you know, promote it through.

00:40:10
So it's a three man team.

00:40:12
It's a lot.

00:40:12
Have more hands, make light, work For my podcast, my other,

00:40:16
my partner in the Quantum podcast, entanglethingscom, is a

00:40:21
PhD in AI out of Romania who is more busy than me and I'm

00:40:26
pretty busy.

00:40:26
So we have our CIO is an audio engineer.

00:40:30
He does the recordings and the editing.

00:40:32
Our head of marketing gets the guests on and does the

00:40:35
promotions and so we cheat fair and square.

00:40:37
If I was doing this alone, it would be.

00:40:40
It would be a.

00:40:41
It's a lot of work, we know it.

00:40:42
Speaker 3: Yeah, and I'd say for security this week, for content

00:40:45
.

00:40:45
So the goal of security this week is, for the last seven days

00:40:50
, what were the biggest stories in cybersecurity and which of

00:40:53
them were just type and you shouldn't worry about, and which

00:40:56
of them are marketing.

00:40:57
Enough play and you really should take a peek at?

00:40:59
And and for me, those stories are the stories I'm already

00:41:04
reading.

00:41:04
I'm already constantly have these.

00:41:06
Now all I have to do is bookmark them and say, hey, we

00:41:09
want to talk about this on the pod this week.

00:41:11
That's it.

00:41:12
So from a content standpoint there, I think we've only had

00:41:16
one guest in two years, two and a half years, whatever we're

00:41:19
doing.

00:41:19
Speaker 2: Yeah, we had one special episode, we might do

00:41:21
another.

00:41:22
It's not a guest base.

00:41:23
We're each other's guests.

00:41:25
Speaker 3: There's three of us, I know right, just like now.

00:41:27
So so, yeah, so from that standpoint the content's easy,

00:41:30
because my day job is keeping up on all of the scary things that

00:41:33
are happening and I just mark the ones that I think are

00:41:36
interesting, that I think the public should know about, and

00:41:38
then we go and talk about them.

00:41:40
Speaker 1: So yeah, it's very different when you, when you're

00:41:44
doing it with other people, yes, so I actually started out

00:41:49
having a co-host and it was.

00:41:50
It was totally different.

00:41:52
It was so much more, you know, significantly easier, because

00:41:57
you could rely on another person .

00:41:59
It's like, oh, this guest, you know, canceled on me, not a big

00:42:02
deal, you know, I have someone that I can fill the space with,

00:42:07
right.

00:42:07
Well, now, if there's no guest, it's just me talking.

00:42:14
I mean, no one really wants to hear that, you know so like it's

00:42:18
just, it's a different ballgame , you know, like adding on these

00:42:21
layers of difficulty, but I also think it's kind of that.

00:42:25
It's kind of that mentality of security that we talked about in

00:42:28
the beginning, of like, okay, I need to be learning, I need to

00:42:31
be doing something new.

00:42:31
You know what's a good way to maybe voice your opinion on

00:42:37
something or get your feedback out there.

00:42:39
Right, that gains more traction .

00:42:41
Oh, podcast is a great way of doing that.

00:42:44
Speaker 3: Yes, yeah, absolutely yeah.

00:42:46
And you're absolutely right With us with three hosts, like,

00:42:49
if there's a week I'm in some skiff, you know, hacking into a

00:42:53
train, then the other two of them can just talk, right, and

00:43:00
they, you know, they can go through stories and security and

00:43:02
whatever right.

00:43:03
So there's always at least two of us, you know, who can then

00:43:05
sit down and do the podcast and it doesn't become a monologue.

00:43:08
But yeah, it's, it's.

00:43:09
I'd say it's tough being being on your own.

00:43:14
Speaker 1: So you know, Dwayne, I saw you are potentially good

00:43:19
with cryptography.

00:43:20
How in the world do you get good with cryptography?

00:43:25
Speaker 3: Oh, that's so.

00:43:26
That story actually brings me to getting on a no fly list.

00:43:30
Okay, well watch.

00:43:33
Speaker 1: It's a ride of messages security.

00:43:35
Speaker 3: Yeah, exactly, apparently I pissed off Malaysia

00:43:39
and back up that story, microsoft came to us and said,

00:43:44
hey, listen, you know I'd like you to do a lecture.

00:43:45
And I said, well, you know, cryptography is something I've

00:43:48
always loved.

00:43:48
The math I always do like the mathematics of SSL and that sort

00:43:51
of stuff when I'm giving lectures to developers and that

00:43:53
sort of stuff so they understand how it all works.

00:43:55
And this is back early, early days.

00:43:58
I've been doing like mathematics and cryptography and that sort

00:44:01
of stuff.

00:44:01
I mean heck, even for my three kids as they were growing up.

00:44:04
I would actually give them crypto quips a day and be like,

00:44:08
okay, solve these.

00:44:09
And even to the point where my daughter's like, oh my gosh,

00:44:11
she's going looking at colleges now and she's like, I remember,

00:44:13
she's like I want to go work for the NSA, I think, because I was

00:44:16
doing these, these crypto puzzles like all the time.

00:44:19
But so, you know, fast forward, I do, I'm doing this lecture

00:44:23
for Microsoft.

00:44:23
And they're like, well, we wanted on distributed computing.

00:44:25
I was like, okay, cool, so I created a distributed computing

00:44:28
app for for scalping tickets at concert events.

00:44:35
Speaker 2: And mobile mobile, mobile, mobile.

00:44:38
Speaker 3: Yeah, and we of course didn't want the

00:44:41
authorities to be able to know what we're doing.

00:44:43
So I entered in like frequency hopping in different layers of

00:44:46
encryption and all sorts of stuff, and it was more to show

00:44:49
how you would do encryption inside of a database at row

00:44:51
level and how you do encryption at the disk level and how you do

00:44:53
encryption at the protocol level, and that's where stuff.

00:44:55
Well, I had a buddy who worked for the VA, who was going for

00:45:00
higher and higher levels clearances and he got flagged.

00:45:02
He was like they're like, you know this guy?

00:45:04
They're like, oh my God.

00:45:05
So they started to research me but for the, for the course of a

00:45:09
year, I was the guy who always got pulled out at the airport to

00:45:12
get searched and I was like Dude, this is crazy.

00:45:14
And then even on connecting flights, I go from like Boston

00:45:17
to Baltimore to, you know, seattle, and in Baltimore they'd

00:45:22
pull me out and I was like Boston, just check me.

00:45:24
Like seriously, what's going on ?

00:45:26
Come to find out.

00:45:27
My lecture that I had posted got picked up by the government of

00:45:30
Malaysia and they put it on their website and they were like

00:45:32
look how horrible Americans are .

00:45:33
And you know, microsoft is supporting them, stealing things

00:45:37
and that sort of stuff.

00:45:37
And if you're a US citizen and your name shows up on a foreign

00:45:40
website, you instantly get on this, this watch list, where you

00:45:45
go pull that.

00:45:45
Yeah, so that's how my love of security made it hard to travel,

00:45:49
or a cryptography that made it hard to travel, but more was

00:45:52
just the love of the mathematics and the puzzles, like that's

00:45:55
why I love offensive securities.

00:45:56
It's the puzzle.

00:45:57
Speaker 2: He's off the list now , but he's still not going to

00:46:00
Malaysia.

00:46:02
Speaker 3: I'm still never going to Malaysia.

00:46:09
Speaker 1: How do you get started?

00:46:10
You know going down that path right, because that's that's an

00:46:13
area that's always interested me .

00:46:16
Speaker 3: I know it's always interested other people?

00:46:18
Yeah, but the good news is it's all starting over.

00:46:21
That's good.

00:46:21
That's the good news.

00:46:22
Yeah, it's all changing.

00:46:24
Speaker 2: So let me, let me jump in here.

00:46:25
So, yeah, math is a part of your future.

00:46:28
If you want to be in cryptography, a little bit of

00:46:30
math, a little bit at least.

00:46:32
There's some really good YouTube videos that will explain

00:46:34
step by step, using really small numbers, how to do RSA and

00:46:39
how it works for for asymmetric encryption.

00:46:42
So the first thing you need to understand is there's two

00:46:44
different types of encryption.

00:46:46
There's the one where we share a key I hope you don't mind me

00:46:49
going through this here, no, it's great.

00:46:51
There's one where we share a key and we have to be in the

00:46:54
same place or in a secret compartment or the cone of

00:46:56
silence, if you remember, get smart or whatever and we have to

00:47:00
share that secret, which is not always possible.

00:47:02
When I go to a vendor that I've never visited before, I have to

00:47:06
share a key in public.

00:47:07
Right, that's where public, private key encryption, rsa,

00:47:12
elliptical curved.

00:47:13
If he helmet come in, okay.

00:47:15
So that's, this is current day encryption.

00:47:17
So with symmetric encryption, it's fast and it handles very

00:47:22
large things.

00:47:23
If you encrypt a file or hard drive, it's symmetric encryption

00:47:26
and you may be like, okay, well , what about a transaction on

00:47:31
the internet?

00:47:31
Yeah, every time you order something on the internet, it's

00:47:33
using symmetric encryption for all your communications.

00:47:36
But how did I get?

00:47:38
Speaker 3: How did I get that key?

00:47:39
Speaker 2: Yeah, how did 1 flowers free plug get that key

00:47:44
so that I could have a secure transmission?

00:47:46
Well, they exchange the key as part of a symmetric encryption

00:47:52
with RSA, because it is not suitable, it's not fast and it

00:47:56
also doesn't accommodate large pieces of information, but it's

00:47:59
enough for us to share a secret key.

00:48:00
So RSA is really the big standard, but you can also use

00:48:05
elliptical curve, and they're all using the discrete log

00:48:08
problem of.

00:48:09
It's really hard to take really large primes, multiply them

00:48:15
together and then factor those primes, because that's how you

00:48:18
break it if you're not one of the Pete parties to the

00:48:20
encryption.

00:48:22
So fast forward to quantum computers, and quantum computers

00:48:26
, through Peter Schor's algorithm mathematician

00:48:29
professor at MIT, will break RSA not in a billion years or a

00:48:36
trillion years, which is what it would currently take, but in

00:48:40
minutes or hours.

00:48:41
And so when quantum becomes ubiquitous, which is probably

00:48:46
not more than a decade or certainly not more than two

00:48:49
decades away, then we need a new encryption standard that we're

00:48:52
already been using, and so NIST has come up with new encryption

00:48:56
standards based on mostly crystal technology and which is

00:49:00
more geometric, and so the good news is, if you want to get an

00:49:03
encryption now, you probably have to learn what's going on

00:49:06
now, but you have to really focus on what's coming, and so I

00:49:09
would encourage organizations to start getting ahead on this,

00:49:12
because if you thought the old stuff was hard, the new stuff's

00:49:14
going to be harder.

00:49:16
Speaker 3: Yeah, when you start talking about crystals dilithium

00:49:18
and crystals kyber and, like I know, right.

00:49:20
So crystals.

00:49:22
Speaker 2: kyber is the key encapsulation mechanism.

00:49:26
It's the RSA encryption mechanism replacement and

00:49:32
dilithium is the signature technology using crystals, and

00:49:36
we could do a whole show on that , but maybe we should.

00:49:40
But it's a good time to get into it because you can start

00:49:45
learning about this new technology and learn a little

00:49:47
bit about the other and you'll be in demand because the

00:49:50
government has mandated that organizations start using.

00:49:52
If you want to work with the government, you're going to have

00:49:54
to start using the new encryption because there's fear

00:49:56
that the certain nations that I probably won't travel to anytime

00:50:00
soon, like Russia and China, are collecting this information

00:50:04
so that they can crack it later.

00:50:05
Right.

00:50:06
Speaker 3: Using the old encryption.

00:50:07
Imagine if you could collect all of the encrypted data today

00:50:11
and knowing in about 10, 15 years you'll be able to open it

00:50:13
all up.

00:50:14
It won't be declassified at that point, but yeah.

00:50:18
Speaker 2: It will be to you.

00:50:18
Did that answer your question or did I go way off in a tangent

00:50:22
?

00:50:22
Speaker 1: No, I think that makes sense and I think that

00:50:24
they both build on each other.

00:50:26
That was actually going to be my follow-up question, because I

00:50:33
find it interesting and me as someone that is paranoid, I

00:50:37
guess from the job market, I always want to be ahead of the

00:50:41
curve.

00:50:42
So 10 years ago I identified cloud security as something I

00:50:46
wanted to get into.

00:50:47
Did the work in the cloud security.

00:50:49
Now it's like okay, I have that expertise, when am I going next

00:50:52
?

00:50:52
Well, quantum is where everything is going next Come on

00:50:55
Aquano.

00:50:55
How the hell do I get into quantum?

00:51:00
Speaker 2: If you think it's hard to find engineers for cyber

00:51:03
, wait 20 years and watch quantum, because, oh my gosh,

00:51:07
it's not that hard if you're willing to have an open mind,

00:51:10
but there's some basics you've got to really accept.

00:51:13
The hardest part about the quantum stuff is once you start

00:51:16
getting into it.

00:51:16
Is you want to understand why?

00:51:17
That's a dangerous question?

00:51:19
Because, honestly, we don't know why You're going to be

00:51:23
disappointed into, just like suspend belief and act like it's

00:51:25
a Superman movie.

00:51:26
Oh yeah, he can fly, just move on.

00:51:29
Speaker 3: Now what can we do?

00:51:29
He can fly, Assuming he flies.

00:51:31
Now what do we do?

00:51:32
Yeah, exactly.

00:51:37
Speaker 1: So the two solutions that you talked about are those

00:51:42
what's considered like, it's like quantum resistant

00:51:47
technology.

00:51:49
Speaker 2: Yes, yeah, they're quantum resistant algorithms and

00:51:54
they're trying to.

00:51:54
Nist, the National Institute of Standards and Technologies,

00:51:57
came out with their recommendations.

00:51:58
They started with 57 different mechanisms and they had all

00:52:03
sorts of cool names, and some of them are still going to be in

00:52:06
use, but the winners seem to be the crystalsorg.

00:52:10
There's a company called Crystals.

00:52:12
They don't sell Aura charts or anything like that and they've

00:52:16
come up with these algorithms.

00:52:18
There's a company called PQ Shield that's very heavily

00:52:21
involved and if you're interested in this, you might

00:52:23
want to get in their mailing list.

00:52:24
They sent out a lot of interesting articles.

00:52:25
They did an article where they talked about what it would take

00:52:29
to take the signal app, the communications app, and change

00:52:34
its algorithms to be quantum resistant and use the new

00:52:39
algorithms.

00:52:40
So there's a lot coming here.

00:52:42
There's also a lot of promise that quantum itself will solve

00:52:47
some of these problems with quantum key distribution, the

00:52:50
ability to generate unbreakable keys using quantum technology.

00:52:54
But that's kind of a chicken and egg thing.

00:52:56
You can't wait for that because by the time that's ready for

00:53:00
prime time, your data's already toast.

00:53:02
So you need to get ahead with the nist recommendations, the

00:53:06
crystal stuff, and then get into it.

00:53:08
I can explain the crystal stuff a little bit more.

00:53:10
But yeah, sure, okay, all right , glutton for punishment.

00:53:14
So imagine a matrix, a diagram, just a 2D XY axis, and so if I

00:53:22
say the matrix is 1, 1, that means every whole number point

00:53:26
on that whole grid is a potential point.

00:53:29
It's a valid point in the matrix, in the lattice we call

00:53:35
it.

00:53:35
Now.

00:53:35
A two-dimensional array is pretty simple and you can

00:53:38
imagine things with it.

00:53:39
But if I say it's 2, 2, then that means 0, 0 would be a point

00:53:46
, 2, 0 would be a point, 2, 2 would be a point, but 1, 1 would

00:53:50
not be a point on that lattice.

00:53:52
It's not a valid point.

00:53:53
So I can basically come up with any number of lattices that I

00:53:57
want, but they're always whole numbers and it's an infinite

00:54:00
space.

00:54:01
Speaker 3: Now-.

00:54:02
Speaker 2: That's an n-dimensional, yeah, but now

00:54:04
multiply it by a thousand dimensions or a hundred

00:54:07
dimensions.

00:54:07
And if I look at the 2D space and I say, ok, I'm going to give

00:54:13
you a number, I'm going to give you a point that's not on the

00:54:16
lattice, and we're going to use the most, the closest valid

00:54:22
point on the lattice to that as the key.

00:54:24
And you're going to be like, well, that's trivial, I give you

00:54:27
a point of, I give you a lattice of 2, 2, and I give you

00:54:30
a point of 1.9, 1.9, right, and the 2, 2 point is the closest

00:54:38
point.

00:54:38
That's easy to see.

00:54:40
But what they do is they build in errors.

00:54:43
Learning with errors is what they call it, which I still

00:54:47
haven't got a good analogy for it.

00:54:48
They build in some errors and then they multiply it by a

00:54:52
thousand fold and then it becomes really, really hard for

00:54:57
a computer to figure out where the closest point is, and it

00:55:00
becomes impossible for humans because we can't think in a

00:55:01
thousand dimensions.

00:55:02
And so they're using a geometric relationships and

00:55:05
there's different ways of relationships that you can use.

00:55:09
So that's what crystals is doing.

00:55:11
That's what lattice encryption is all about.

00:55:14
I hope that was quick enough, wow.

00:55:18
Speaker 1: Yeah, I mean.

00:55:20
Speaker 3: I was going to say it's enough to bake your noodle.

00:55:21
It's fun.

00:55:23
Speaker 1: Yeah, like I feel like I'm done for the day now.

00:55:27
You know, like I'm just going to tell my boss hey, like I went

00:55:31
too deep on quantum, I got to take it.

00:55:34
I'll be back next week, I'll be back next week.

00:55:36
Speaker 2: That's all you need to know.

00:55:37
Yeah, well, and again, if you nibble at it, you'll get there,

00:55:41
just like cyber.

00:55:41
None of us learned, none of us became cyber engineers overnight

00:55:44
.

00:55:44
It was a process.

00:55:46
Quantum's the same way, ai is the same way.

00:55:48
And I think those are the three key technologies that if you're

00:55:51
good with one, you can do the others, because it takes a.

00:55:55
You got to be curious for all of them.

00:55:57
And I think unfortunately, they're going to compete for

00:55:59
each other, for people.

00:56:01
Speaker 1: Yeah.

00:56:01
So with when we're talking about going into an emerging

00:56:06
field right like quantum, how do you become recognized, as you

00:56:13
know, knowing anything that knows about it.

00:56:15
How do you become recognized?

00:56:17
Because there's no certs, there's extremely few jobs.

00:56:21
Most companies aren't even thinking about quantum right now

00:56:24
in order.

00:56:25
Do they want to?

00:56:26
Speaker 2: So here's how quantum would work in my opinion.

00:56:28
And first thing is you got to know what you're talking about.

00:56:32
So you got to go and consume and understand the basics and

00:56:36
you've got to look.

00:56:37
You're going to, you're going to go to lectures.

00:56:38
My first lecture on quantum computing was More than ten

00:56:44
years ago, before there was a quantum computer, and I was like

00:56:48
fascinated by it.

00:56:48
And then I saw, I seeked out people, I started reading books,

00:56:51
I brushed up on my math which it was pretty good anyways and

00:56:55
then a big turning point was I took the MIT courses on quantum.

00:57:01
I actually went and, you know, had to pay something for it, but

00:57:03
they were great.

00:57:04
They filled in some blanks and I found like-minded people and I

00:57:08
started doing presentations at code camps and Other user groups

00:57:12
on the topic to become, you know, well, this is the guy,

00:57:16
he's speaking about it, so he must, and I admitted early on

00:57:19
I'm an amateur, I'm just learning it.

00:57:20
And then I managed to start a podcast three years ago with a

00:57:25
guy who's you know, one of the brightest guys I've ever met,

00:57:28
outside of present company, of course, and and I've been doing

00:57:32
this podcast, so I've been talking to professors and CEOs

00:57:36
the government of Finland Seeked us out to talk.

00:57:39
So actually having a podcast not a bad idea.

00:57:41
And I would say that I'm pretty well known now in the small

00:57:46
pond that is quantum, because I talk about it all the time and

00:57:49
I'm reading about it all the time and the guys send me

00:57:51
articles all the time and I'm constantly bringing it places

00:57:54
like this where no one expects it.

00:57:57
But, honestly, just being able to have the conversation and

00:58:00
applying for the job and knowing the terms, you're probably in

00:58:04
the secret handshake is yeah, you know you, somebody tells an

00:58:07
entanglement joke and you get it , you know, or something like

00:58:10
that.

00:58:10
Or or somebody makes a reference.

00:58:12
They might ask you some questions, but if you know your

00:58:14
stuff, it's really not hard because there's so there's gonna

00:58:17
be so much demand.

00:58:18
We're still very early days quantum if you're not doing the

00:58:20
hardware stuff, but you can program right now.

00:58:22
So I'm gonna reveal something and I know I'm doing too much

00:58:25
talking.

00:58:26
We were gonna do a startup, dwayne and I with some other

00:58:30
friends, where we were gonna build a product to help develop

00:58:36
new material science, new materials using quantum.

00:58:40
Microsoft just released it and so we killed our idea.

00:58:44
But it's Microsoft, my Microsoft, has a Quantum

00:58:49
essentials.

00:58:50
They basically will help you take development of new

00:58:54
materials and Accelerate it the way most people think it would

00:58:58
take AI to do.

00:58:59
But really you need AI plus quantum, and so there's tons of

00:59:03
opportunities.

00:59:03
There's gonna be tons of startup and in the next five

00:59:06
years We'll probably see tons of money going into startups not

00:59:09
for AI as much, but the money will switch over to quantum, so

00:59:12
it's a good time to get ahead of that.

00:59:16
Speaker 1: Yeah, I got a lot of work.

00:59:21
Speaker 2: You're still sleeping , I bet you know there's a lot

00:59:23
of.

00:59:25
Speaker 3: Tell you he has a nine-month old.

00:59:26
He isn't sleeping.

00:59:27
Speaker 2: He's asleep.

00:59:27
There you go.

00:59:28
Yeah, what we talk about sleep.

00:59:30
Speaker 3: What is this sleep thing you talk about?

00:59:31
I?

00:59:34
Speaker 2: Mean it's self-serving, but podcasts go a

00:59:35
long way, so this I love Patrick opens up with.

00:59:39
Speaker 3: Well, all you got to do is take the courses at MIT,

00:59:42
and then, you know, I didn't build on that as a foundation.

00:59:45
Speaker 2: You're like oh, I didn't have to go as get

00:59:47
accepted as an undergraduate.

00:59:49
Speaker 1: Just pay, yeah because that's, anyone can just

00:59:55
go to MIT.

00:59:56
Speaker 2: Honestly, if you have $1, you can, but you have

01:00:01
to also understand.

01:00:02
So I'll be full disclosure.

01:00:04
I spent it was only 10 hours a week for eight weeks, but I was

01:00:09
spending another 20 hours a week on math, yeah, on revisiting

01:00:13
linear algebra, matrix math.

01:00:16
I went back to you Euclidean geometry just because I was

01:00:20
trying to understand some of the things they were saying and I

01:00:22
got a lot out of it.

01:00:23
I mean, I got every single little bit out of it.

01:00:26
So your, your mileage may vary, but it was very helpful to me.

01:00:31
Speaker 1: Huh, well, you know, in the next five years, I mean

01:00:36
this will be, this will be where we leave it.

01:00:38
Of course I don't mean to go over time.

01:00:39
I know you guys are busy, but you know, if you had to pick

01:00:43
three fields for people to start getting into, right, obviously

01:00:47
quantum is gonna be one of them.

01:00:49
What are other emerging fields that you think are gonna be?

01:00:53
You know, blowing up will be beneficial for someone to.

01:00:57
You know, get some sort of specialty in to kind of, you

01:01:01
know, secure that career, that career.

01:01:03
Speaker 3: So one that I would offer up.

01:01:05
You know, of course, cybersecurity, but cybersecurity

01:01:08
is too general.

01:01:08
I think what we're gonna start seeing is cybersecurity around

01:01:11
AI and, and more specifically, you're gonna start with things

01:01:15
like cybersecurity around LLMs and Then move into more.

01:01:20
You know, securing the corpus of data that an AI may either

01:01:24
have access to.

01:01:25
So I think you're gonna start to see more fields around really

01:01:29
artificial intelligence.

01:01:31
You know slash machine learning, but but yeah, and and

01:01:34
cybersecurity, I think that's that's gonna be a hot field

01:01:38
coming up very shortly.

01:01:39
And then obviously, quantum.

01:01:41
Yeah, I think you know quantum in general, but then quantum

01:01:45
cybersecurity is a whole other mind-blowing thing Around.

01:01:50
You know understanding how lattices work and crystals and

01:01:54
how to do entanglement of data, and you know there's there's a

01:01:57
lot going on there too.

01:01:59
Speaker 2: If you want to be specific, I think it the the,

01:02:02
the new quantum resistant encryption is a big space.

01:02:04
Hmm, as we were talking about, as Dwayne was talking about, the

01:02:08
AI.

01:02:09
You know, put the security on AI.

01:02:11
You gotta understand AI and you gotta understand security.

01:02:13
That's an intersection that's gonna be big.

01:02:15
But if I had to go big picture, it's gonna still be quantum AI

01:02:21
and cyber.

01:02:21
Those are the three fields that are gonna keep on, those are

01:02:23
the gifts that are gonna keep on giving, and then it's the

01:02:26
Intersections and maybe there's something new that's gonna get

01:02:28
invented we never heard of, but big data is still big and and

01:02:32
you know, can't material science is gonna be impacted by all of

01:02:35
these.

01:02:38
Speaker 1: Yeah, it's.

01:02:38
Uh, it sounds like we probably need to have another

01:02:41
conversation, maybe, maybe, in a year we'll be able to.

01:02:47
Speaker 3: Maybe, we'll make it semi-annually.

01:02:53
Speaker 1: Awesome.

01:02:53
Well, before I let you guys go, you know how about you tell my

01:02:55
audience.

01:02:56
You know where they could find you, what your podcasts are and

01:03:00
your website and all that good information so they could they

01:03:03
could locate you and learn more about you if they want.

01:03:06
Speaker 2: So we pulse our securities, the company we work

01:03:10
for, that we you know we founded Security this week.

01:03:14
Calm is where we talk every week about cyber and Entangle

01:03:19
things.

01:03:19
Calm is where I talk about quantum and Dwayne tries to

01:03:22
avoid, and that's about it.

01:03:24
We go to conferences, we speak at code camps and things like

01:03:27
that.

01:03:27
We're gonna probably start a few up in New Hampshire.

01:03:30
We're about an hour north of Boston, so that's where we are.

01:03:33
If you're looking for me, I'm in the basement with my guns, so

01:03:39
make sure I know you're coming, yeah.

01:03:43
Speaker 1: Awesome.

01:03:44
Well, thanks guys.

01:03:45
I really appreciate you coming on.

01:03:46
It was a fantastic conversation .

01:03:48
Well, I absolutely have to do it again, you know, sooner

01:03:53
rather than later.

01:03:54
Thanks, joe.

01:03:55
Speaker 3: I can't be awesome.

01:03:56
This was a lot of fun.

01:03:56
Yeah, anytime, joe.

01:03:59
Speaker 1: Absolutely.

01:03:59
Thanks everyone.

01:04:01
Hope you enjoyed this episode.

podcast,2023,2024,goals,

Related Episodes

From Hacked Teen to Cybersecurity Pro: Ron Eddings' Journey to the NSA & Hacker Valley Studios

From Mathematics to Cybersecurity: Fayon Atkinson's Unexpected Career Journey

Protecting Small Businesses in the Digital Age With Chris Petersen From Radicl