In this video, I discuss the hands-on hacking labs from ThreatLocker' Zero Trust World 25.

Summary

In this episode of the Phillip Wylie Show, Naveen Sunkavally shares his unique journey from software engineering to offensive security. He discusses his experiences at Horizon3.ai, the importance of coding in cybersecurity, and the evolving role of automation and AI in pen testing. Naveen emphasizes the need for a solid foundation in IT and development for those looking to break into cybersecurity, and he provides insights into vulnerability research and the future of the industry.

Takeaways

• Naveen's journey from software engineering to offensive security is inspiring.

• Understanding both offensive and defensive security is crucial.

• Automation is becoming increasingly important in pen testing.

• A solid coding background is essential for success in cybersecurity.

• Vulnerability research can lead to impactful discoveries.

• AI tools are changing the landscape of software development and security.

• The disconnect between offensive and defensive security needs to be addressed.

• Continuous learning and adaptation are key in cybersecurity.

• Naveen encourages exploring lesser-known applications for vulnerabilities.

• The future of cybersecurity is promising with emerging trends.

Sound Bites

• "I got my OSCP and it was a lot of grinding."

• "AI tools are great for senior coders."

• "The future is bright in cybersecurity."

Chapters

00:00 Introduction to Naveen Sunkavally's Journey

01:35 Naveen's Hacker Origin Story

09:30 Transitioning to Offensive Security

17:50 The Role of Automation in Pen Testing

23:24 Vulnerability Research Insights

27:59 The Future of Cybersecurity and AI

Resources

https://www.linkedin.com/in/naveensunkavally/

https://www.linkedin.com/company/horizon3ai/

https://www.horizon3.ai/

Last week, I had a great time at  ThreatLocker 's Zero Trust World 25. In this video, I share my experience attending the event.

Summary

In this episode of the Philip Wylie Show, host Phillip Wylie interviews Nicholas DiCola from Zero Networks, exploring his background in cybersecurity, the importance of foundational IT skills, and the innovative solutions offered by Zero Networks in the realm of micro-segmentation and zero trust networks. The conversation delves into the challenges of traditional security measures, the efficiency of Zero Networks' approach, and valuable career advice for those looking to enter the cybersecurity field.

Takeaways

• Nicholas DiCola emphasizes the importance of foundational IT skills for a successful career in cybersecurity.

• Micro-segmentation is a critical component of a zero trust security model.

• Zero Networks automates the micro-segmentation process, saving significant time for organizations.

• Many micro-segmentation projects fail to complete within the tenure of a CISO due to complexity.

• Certifications can validate basic skills and show initiative in the cybersecurity field.

• Hands-on experience through internships is crucial for aspiring cybersecurity professionals.

• Understanding the entire network stack is essential for effective security practices.

• Zero Networks' solutions are scalable for organizations of all sizes.

• The simplicity of Zero Networks' product allows for easy management and implementation.

• Exploring different areas within cybersecurity can help individuals find their true interests.

Sound Bites

• "I think it's really good that people explore other areas."

• "We save them a ton of time."

• "Most micro-segmentation projects outlive the tenure of the CISO."

• "Micro-segmentation is at the end of the journey."

• "It's not your legacy micro-segmentation that you think of."

• "I always love to share and talk to people about what I've done."

Chapters

00:00 Introduction to Nicholas DiCola and Zero Trust Networks

02:20 Nicholas DiCola's Background and Career Journey

06:06 The Importance of Foundational IT Skills

10:25 Navigating Certifications and Career Paths in Cybersecurity

12:40 Understanding the Role of Micro-Segmentation

19:44 Zero Networks: Solutions and Innovations

23:19 Time Savings and Efficiency with Zero Networks

28:03 Final Thoughts on Micro-Segmentation and Security Posture

Resources

https://www.linkedin.com/in/ndicola/

https://www.linkedin.com/company/zeronetworks/

90% of security pros say Zero Trust is critical, yet only 5% use microsegmentation. Why? Network segmentation project are notoriously complex, expensive, with extensive downtime. No longer! Zero Networks makes it easy—fast deployment, no manual work, no headaches.

Get the report: https://zeronetworks.com/resource-center/white-papers/network-segmentation-zero-trust-architectures-survey-of-it-security-professionals?utm_medium=social&utm_source=linkedin&utm_campaign=pwpodcast&utm_content=vibresearch&cid=701Uc00000SpVUhIAN

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with cybersecurity expert Lesley Carhart about her journey into the field, the importance of community and mentorship, and the unique challenges of working in industrial control systems (ICS) forensics. Leslie shares her hacker origin story, discusses the complexities of ICS security, and recounts a fascinating case study involving a mysterious incident at a power plant. The conversation emphasizes the need for diversity in tech and the vital role of community support in navigating cybersecurity careers.

Takeaways

• Lesley Carhart's journey into cybersecurity began at a young age with a passion for computers.

• The importance of mentorship in the cybersecurity community cannot be overstated.

• Industrial Control Systems (ICS) present unique challenges in cybersecurity due to their critical nature.

• Understanding processes is key to succeeding in ICS cybersecurity.

• Diversity in the tech field has improved over the years, allowing for more varied backgrounds in cybersecurity.

• Real-world investigations in ICS can lead to unexpected and humorous outcomes, like the moth story.

• Community involvement is crucial for career advancement in cybersecurity.

• Self-study and networking are essential for breaking into the cybersecurity field.

• The job market for junior cybersecurity professionals is competitive, making community connections vital.

• Lesley encourages senior professionals to mentor newcomers to the field.

Sound Bites

• "I hope we don't end up back there."

• "It's been a grand adventure."

• "Mentorship can be so, so valuable."

Chapters

00:00 Introduction to Cybersecurity Community Connections

01:43 Lesley Carhart's Hacker Origin Story

06:57 Diving into ICS and OT Forensics

09:47 Challenges in Industrial Cybersecurity Training

13:25 The Complexity of Digital Forensics in ICS

15:45 The Moth Story: A Case Study in ICS

25:34 The Importance of Community in Cybersecurity

30:37 Closing Thoughts and Social Media Connections

Resources

https://www.linkedin.com/in/lcarhart/

https://bsky.app/profile/hacks4pancakes.com

https://infosec.exchange/@hacks4pancakes

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie interviews Eva Benn, a leader in the cybersecurity field. Eva shares her inspiring journey from a disadvantaged background in Bulgaria to leading the Microsoft Red Team. She discusses the importance of resilience, the role of gaming in developing cybersecurity skills, and offers valuable advice for aspiring professionals in the field. The conversation also covers personal branding, networking authentically, and the significance of continuous learning and growth in one's career.

Takeaways

• Eva Benn's journey from Bulgaria to leading the Microsoft Red Team is inspiring.

• Resilience and determination are key to overcoming challenges.

• Gaming can develop strategic thinking skills beneficial for cybersecurity.

• Participating in CTFs is crucial for building skills and credibility.

• Networking should be genuine and not forced.

• Personal branding involves sharing valuable insights and experiences.

• Continuous learning is essential in the ever-evolving field of cybersecurity.

• Diverse backgrounds can provide unique advantages in cybersecurity roles.

• It's important to understand the entire cybersecurity landscape before specializing.

• Building meaningful connections takes time and authenticity.

Sound Bites

• "You have to do what you need to do."

• "Be genuine, take it slow."

• "You have what it takes."

Chapters

00:00 Introduction and Background

01:12 Eva's Hacker Origin Story

04:50 Overcoming Challenges and Embracing Opportunities

10:19 The Importance of Hands-On Experience

14:05 Advice for Aspiring Pen Testers

17:22 Tips for Job Seekers in Cybersecurity

21:57 Building a Personal Brand

24:51 Networking Naturally

30:01 Final Words of Wisdom

Resources

https://www.linkedin.com/in/evabenn/

https://www.evabenn.com/

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie interviews Ben Sadeghipour, known as NahamSec, a prominent figure in the bug bounty community. They discuss NahamSec's journey into hacking, his achievements in bug bounties, and the importance of personal branding and content creation in the cybersecurity field. NahamSec shares insights on transitioning from part-time to full-time bug bounty hunting, the role of automation and AI in the industry, and offers advice for newcomers looking to break into bug bounties. The conversation emphasizes the value of creativity, curiosity, and continuous learning in becoming a successful hacker.

Takeaways

• NahamSec's journey into hacking began unintentionally as a child.

• He achieved the milestone of earning over a million dollars in bug bounties.

• Transitioning from part-time to full-time bug bounty hunting requires dedication and understanding of the ecosystem.

• Diverse ventures in cybersecurity can enhance skills and knowledge.

• Understanding web applications is crucial for bug bounty hunters.

• Automation should come after mastering manual exploitation techniques.

• AI tools can assist in bug bounty hunting but should not replace manual skills.

• Personal branding is essential for career growth in cybersecurity.

• Content creation can take many forms, including writing and blogging.

• Continuous learning is vital in the ever-evolving field of cybersecurity.

Sound Bites

• "I have a company called Hacking Hub."

• "You need to understand how web apps work."

• "Writing is content creation."

Resources

https://x.com/NahamSec

https://www.linkedin.com/in/nahamsec/

https://www.instagram.com/nahamsec

https://www.nahamsec.com/

https://www.youtube.com/nahamsec

Hands-On Web Exploitation Course (NahamSec's Bug Bounty Course)

https://app.hackinghub.io/hubs/nahamsec-bug-bounty-course?v=nahamsecdotcom&_trk=09934e30d001cfb67886dca52660e548

Summary

In this episode of the Phillip Wylie Show, Phillip Wylie interviews Fletus Poston, discussing his journey in cybersecurity, the evolution of email security, and the shift to cloud technology. Fletus shares valuable advice for those looking to break into the field, emphasizing the importance of networking, mentorship, and soft skills. He also provides insights from his experience as a hiring manager, discusses career paths in cybersecurity, and highlights the significance of work-life balance. The conversation concludes with Fletus encouraging listeners to engage with their community and prioritize their well-being.

Takeaways

• Networking and mentorship are crucial for career growth.

• Soft skills are as important as technical skills in cybersecurity.

• Your resume should highlight your most relevant experiences at the top.

• Participating in community events can lead to job opportunities.

• It's okay to transition out of cybersecurity if it's not fulfilling.

• Understanding the evolution of technology is key to staying relevant.

• Cloud technology has transformed disaster recovery and business continuity.

• Engaging with peers can provide valuable insights and support.

• Career paths in cybersecurity can vary widely; explore different roles.

• Work-life balance is essential for long-term success and happiness.

Sound Bites

• "It's okay to try this field and not stay."

• "You can transition out of the field."

• "Are you regretting Monday morning?"

Chapters

00:00 Introduction and New Year Reflections

04:51 The Shift to Cloud Solutions

12:02 Networking and Online Platforms

20:13 The Importance of Soft Skills

29:57 Maintaining Work-Life Balance

Resources

https://www.linkedin.com/in/fletusposton/

https://x.com/fletusposton

Summary

In this episode of the Phillip Wylie Show, Marina Ciavatta shares her unique journey into the world of physical pen testing and social engineering. From her origins in journalism to her current role as a red teamer, Marina discusses the challenges and experiences she has faced in the field. She shares thrilling stories of her pen tests, including moments of fear and unexpected encounters, while also emphasizing the importance of training and awareness in cybersecurity. Marina provides insights for those looking to enter the field, highlighting the blend of creativity and strategy required for successful penetration testing.

Takeaways

• Marina's journey began with event organizing and content production in cybersecurity.

• Physical pen testing requires a deep understanding of security protocols and ethical considerations.

• Experience in event management can enhance skills in physical pen testing.

• Being caught during a pen test can provide valuable insights into security effectiveness.

• Security guards play a crucial role in preventing unauthorized access.

• Creative approaches, such as using costumes, can aid in infiltration during pen tests.

• Combining social engineering with physical pen testing can yield better results.

• Training and awareness are essential for both red and blue teams in cybersecurity.

• Practicing social engineering ethically can help develop skills without causing harm.

• Marina emphasizes the importance of leaving positive feedback in security reports.

Sound Bites

• "I had to crawl a lot on the floor."

• "Being caught is part of the job."

• "I tend to collect my costumes as I go."

Chapters

00:00 Introduction to Marina's Journey

06:53 Breaking into Cybersecurity: Tips for Newcomers

13:20 Getting Caught: Lessons from the Field

29:55 Combining Social Engineering with Physical Pen Testing

34:37 Training and Ethical Considerations in Social Engineering

Resources

https://www.linkedin.com/in/mciavatta/

https://x.com/MarinaCiavatta

https://linktr.ee/marinaciavatta

Phillip's New Free Penetration Testing Methodology Training on Just Hacking Training

https://www.justhacking.com/uc/uc-penetration-testing-methodology/

Summary