About the Guest:

Jason Haddix is a seasoned cybersecurity professional with a wealth of experience spanning over two decades in the field. Recognized for his insightful contributions to ethical hacking communities, he's penned informative articles, engaged in content creation, and previously held the title of top hunter at Bugcrowd in 2016. Jason has contributed his expertise to several organizations including HP, where he was part of the Shadow Labs internal pen testing team, and Ubisoft where he served as CISO. He's recently embarked on a new journey with Arcanum Information Security, focusing on red teaming, training, and consulting services.

Episode Summary:

In this episode, host Phillip Wylie sits down with cybersecurity expert Jason Haddix to explore the ever-evolving realm of cybersecurity. As a beacon of knowledge, Jason delves into his career trajectory, from learning the ropes in clandestine online forums to ascending the ranks as a top bug bounty hunter and, ultimately, leading as a CISO. This conversation ventures through the corridors of Jason's illustrious journey, offering vital insights into not just his past accomplishments but his current endeavors in the wide world of cybersecurity.

The discussion pivots to the frontiers of AI's application in security, where Jason unveils his work in leveraging AI for practical defense measures and his innovative teaching methods. They explore the implications of AI on future cybersecurity roles, debunk myths around job displacement, and share resources for those keen on sharpening their hacking prowess. Emphasizing the imperative for continuous learning and adaptation, Jason's narrative is a treasure trove of guidance for professionals navigating the cybersecurity landscape.

Key Takeaways:

Jason Haddix shares how his early involvement in underground web forums sparked his pursuit of cybersecurity, leading to a diverse career in pen testing, bug bounties, and CISO roles.

AI's integration into cybersecurity is highlighted as a pivotal game-changer, with practical use cases ranging from building defensive solutions to enhancing security programs.

Haddix elucidates how his origins in bug bounty hunting enriched his capabilities during his recent tenure in red teaming more than the other way around.

The conversation dives into the emerging skill set of natural language hacking and the importance of prompt engineering for security practitioners.

Jason's new company, Arcanum Information Security, focuses on delivering specialized training and consulting in modern application analysis, reconnaissance, and security leadership.

Notable Quotes:

“It's like having a colleague next to you to ask dumb pen test questions to when you don't know how some technology works and that's how I treat the [AI] bot.” - Jason Haddix

“Who needs DA when you have the entire data lake of a company already downloaded into an app that you broke into because it had a local file include, that feels like 1995 or something like that.” - Jason Haddix

“I think defenders will run with this thing [AI] and be better than ever.” - Jason Haddix

Resources:

Jason Haddix on X(formerly Twitter): @Jhaddix

Jason Haddix on LinkedIn: https://www.linkedin.com/in/jhaddix/

Arcanum Information Security: https://arcanum-sec.com/