Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.
Episodes
Tuesday Sep 13, 2022
Tuesday Sep 13, 2022
Caitlin Sarian, known on TikTok as Cybersecurity Girl, comes to Hacker Valley to talk about the endless possibilities for cybersecurity on social media. Walking through her journey of becoming cyber’s biggest TikTok star, Caitlin covers every aspect of internet fame and online presence, including facing criticism, gaining and losing viewers, and trying to make an impact on women in STEM. Alongside her work on social media, Caitlin also walks through the development of her new online cybersecurity course.
Timecoded Guide:
[00:00] Introducing Caitlin & her work on TikTok with Cybersecurity Girl
[06:45] Building a cyber platform on TikTok & dealing with imposter syndrome
[11:21] Keeping women in STEM, instead of just getting women into STEM fields
[15:56] Dismissing the idea of the diversity hire in tech & cyber
[24:43] Working with Girls Who Code & building her own low-cost cyber school
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com
How do you feel about going viral, or not going viral, on TikTok?
Although social media, especially TikTok, relies on an algorithm to push content to different viewers, Caitlin admits that viral content creation is more about luck than about methods. Since becoming involved in TikTok as a cybersecurity influencer, Caitlin has developed tricks of her own to elevate her content and interact with her audience, including going live on the app. However, she still explains that going viral is still random, with lower quality quick content sometimes hitting a larger audience than her higher value creations.
“Videos that you spend the least time on get the most views and the videos that you spend the most time on, get the least views. I've stopped looking at the views and just started trying to produce content that either makes people smile, or adds value to people's lives.”
What is that value that you're getting from making cybersecurity content for TikTok?
While creating podcasts at Hacker Valley allows for Chris and Ron to give back to their community and meet incredible cybersecurity content creators, a similar idea guides Caitlin’s work on TikTok. Considering that content creation can sometimes feel thankless and frustrating, Caitlin motivates herself by focusing on the people she helps. Through making cybersecurity more accessible online, she hopes to inspire other women to get involved and stay involved in cyber, tech, and STEM fields.
“It adds value to my life, knowing that I'm not just going day-by day-doing my job and that's it. I like bringing awareness and being that light for people that need it, especially in the tech world. I think for me, this is what I'm hoping for, I'm hoping to get more women in STEM.”
Can you tell us a little bit about your online cybersecurity school?
Caitlin isn’t only working on her cybersecurity platform on TikTok, she’s also expanding into online education with her course, Become a Cyber Analyst. Focusing on cybersecurity accessibility and affordable education, Caitlin’s course is a six-month boot camp that teaches students the ropes of the cyber industry. The best part? Students don’t pay until they’re employed in cyber, and Caitlin’s course guarantees a job within 3 months of graduation.
“I partnered up with a school called Master School, and it's basically a six-month boot camp. And then, after the boot camp, we have HR specialists that help students get a job after. You don't have to pay for it until you get a job, and it's a lump sum.”
What is your perspective on the struggles women face breaking into cybersecurity and staying in tech careers?
As a woman in cybersecurity, Caitlin has witnessed alarming levels of sexism in the industry and has seen fellow women experience tech burnout. With her content on TikTok and her new cybersecurity school, Caitlin hopes to solve the problem of not just inviting women into the cyber industry, but retaining female employees in cyber as well. Through supportive content creation and her own influence, she hopes other woman see that the possibilities in their careers are endless.
“I think the issue that I always used to deal with is a lot of men think I got the job from just being a woman. That also goes to my imposter syndrome, because I'm like, ‘Maybe I did just get this job because I'm a woman and they want to work with me. Maybe I'm a diversity hire.’”
---------------
Links:
Keep up with our guest Caitlin/Cybersecurity Girl on TikTok and Instagram
Learn more about Caitlin’s incredible Masterschool course, Become a Cyber Analyst
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Sep 08, 2022
Thursday Sep 08, 2022
We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.
Timecoded Guide:
[02:57] Fixating on hacking because of the endless possibilities and iterations to learn
[09:54] Giving advice to the next generation of hackers
[17:17] Contacting Tommy and keeping up with him on Twitter
[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples
[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
Do you ever struggle with burnout when it comes to hacking?
Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.
“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”
What hacking advice would you give the younger version of yourself?
Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.
“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”
What do you think about the “media obsessed” stereotype many people have about black hat hackers?
Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.
“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”
What are the best ways for people to keep up with what you’re doing?
Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.
“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”
-----------
Links:
Stay in touch with Thomas DeVoss on LinkedIn and Twitter.
Check out the Bug Bounty Hunter website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Tuesday Sep 06, 2022
Tuesday Sep 06, 2022
Mari Reisberg, therapist, performer, creativity coach, and host of the Sustaining Creativity podcast, brings her many talents to Hacker Valley to help adults unlock their creativity and engage with their inner child. Tackling topics from artistic ruts to technical frameworks, Mari walks through the essentials of reconnecting with creativity and curiosity. Instead of limiting thoughts to the path of least resistance, Mari challenges her clients to get comfortable with the uncomfortable in creativity.
Timecoded Guide:
[00:00] Sustaining creativity & coaching others on becoming curious
[06:35] Defining creativity with new ideas & fresh innovations
[10:07] Climbing out of a creative rut & expanding your comfort zone
[18:47] Unlocking different levels of creativity in everyday life
[23:59] Tapping into creativity and unlocking childhood memories
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
What is creativity, in your opinion?
There isn’t one way to define creativity, Mari explains, but instead a myriad of ways. Each person has their own individual relationship with the concept of creativity, but Mari considers creativity to be tied to the processes of coming up with new ideas and innovating on those ideas. Seeing life through a creative lens means that Mari isn’t afraid to try and fail, because everything she does expands her comfort zone and tests her curiosity.
“Creativity is one of those words where, if you asked 100 people, you’d get 100 different answers. For me, my definition of creativity really is around thinking of novel, new ideas. And then, the second piece of the creative process is that innovation process.”
What advice would you have for someone who is trying to find their way through a creative rut?
The human brain will always choose the path of least resistance. People like to feel safe and comfortable with everything they do, but Mari understands that creativity can only be practiced at the edge of someone’s comfort zone. With one foot in her comfort zone and one foot out of it, Mari has been able to escape her own creative ruts and make active decisions to try the everyday activities in her life with a different perspective.
“If my desire is to create something new, something different, and I'm continuing to do the same things and expecting a new result, it's not going to happen. How could you try something different every day?”
Are there different types of creativity, similar to there being different types of intelligence?
In Mari’s experience, there are two forms of creativity: big C creativity and little c creativity. While little c creativity is an everyday reality, big C creativity is much more performative, curious, and expressive. When someone says they aren’t creative, what they’re thinking of is this second form of creativity. The fact is that anyone can become big C creative, but it requires actively exploring and expanding the skills of creativity.
“The big C creativity is what everyone assumes is creativity; performing arts, creative arts, I'm doing something that I'm sharing with the world. The small c creativity is that every day creativity. It’s something new, something different.”
When it comes to wanting to build our creative muscles, what are some techniques or frameworks that we should be considering?
Creativity is a practice, not a one-and-done deal. Mari explains that building creative muscles comes from repetition of creativity, such as trying something new everyday, challenging ourselves to think of something from an opposite point of view, and even daydreaming. Explore what would happen if something, even one small detail of an event, was different, and never limit yourself to the idea that you’re “just not creative.”
“There’re opportunities to flex that creativity, but it's about continuing to do it. You can’t do it once and expect a miracle. You keep coming back to it, keep practicing, keep having new ways of trying something.”
---------------
Links:
Keep up with Mari Reisberg at SustainingCreativity.com
Check out Mari’s podcast, the Sustaining Creativity podcast
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Sep 01, 2022
Thursday Sep 01, 2022
We’re joined by million-dollar hacker and bug bounty hunter, Thomas DeVoss, this week as we continue our season-long discussion of offensive cybersecurity legends. A legend in the making with a success story in bug bounty hunting that has to be heard to be believed, Tommy is an incredibly successful blach hat hacker-turned-bug bounty hunter, representing how misunderstood the hacking community can be and how positively impactful bug bounties can be. Who hacks the hackers? Look no further than Tommy DeVoss.
Timecoded Guide:
[02:59] Becoming interested in hacking for the first time
[08:26] Encountering unfriendly visits with the government and the FBI after his hacking skills progressed
[14:20] Seeking his first computer job after prison and leveraging his hacking skills
[25:21] Discussing with Yahoo the possibility of working with them due to his successful bug boundaries
[30:56] Giving honest advice to hackers looking to break into the bug bounty scene
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
When did you get into hacking for the first time?
At an early age, Thomas found his passion for hacking in an IRC chat room. Mentored by a man named Lewis and encouraged by fellow friends in the hacking world, popping shells and breaking into US systems using foreign IP addresses. Although Tommy became incredible at his craft from a young age, his early habits became serious black hat issues that ended up getting him in trouble with the US government. Just like the hacker in a big Hollywood blockbuster, the government caught up with Tommy and he faced 2 years in prison in his first sentence.
“Instead of coming back to him and saying, "Hey, I'm done," I came back and I was actually asking him questions like, "Can you explain this?” And he saw that I was like, actually interested in this and I wasn't one of the people that was just expecting it to be handed to me and everything like that.”
After spending time in prison, were there barriers to getting involved in hacking again?
After being in and out of prison a couple times, Tommy found the worst part of coming home to be his ban from touching any sort of device with internet access. Despite it being a part of his probation, his passion for tech continued to bring him back to computers and gaming. After his final stint in prison after being falsely suspected of returning to his black hat ways, the FBI lifted Tommy’s indefinite ban on computer usage and immediately renewed his passion for working in tech.
“They had banned me indefinitely from touching a computer. So, when I came home on probation the first time, they upheld that and I still wasn't allowed to touch computers as part of my probation. For the first month or so, I didn't get on a computer when I came home from prison, but then it didn't take long before I got bored.”
How did your cyber career pivot to bug bounty hunting?
With prison behind him and his ban on computers lifted, Tommy got a job working for a family friend in Richmond, Virginia for a modest salary of $30,000. Although this amount felt like a lot at the time, he quickly realized that there was money to be made in bug bounties. His first few experiments in attempting bug bounty programs had him earning $20,000 or $30,000 for hours of work, a huge increase from the salary he was currently making. Encountering success after success, Thomas quit his job in 2017 to become a full-time bug bounty hunter.
“The first bug bounty program that jumped out at me was Yahoo. I had started hacking Yahoo in the mid 90s, I knew their systems in the 90s and early 2000s better than a lot of their system admins and stuff. And I figured, if there's any company that I should start out with, it should be them.”
What success have you seen since becoming a bug bounty hunter, especially with major corporations like Yahoo?
Thomas has become a huge earner in the cybersecurity community, and has continued to see incredible results from his hacking and bug bounty projects. Most notably, after numerous high earning days, making up to $130K at once, with companies like Yahoo, he’s even been offered positions working with corporations he’s bug bountied for. However, Tommy is quick to point out that his success was definitely not overnight, and warns fellow hackers of getting too confident in their bug bounty abilities without the proper skill sets or amount of experience under their belts.
“I think at this point, I've had days where I've made six-digit income in that single day, at least six or seven times. And it's almost always been from Yahoo.”
-----------
Links:
Stay in touch with Thomas DeVoss on LinkedIn and Twitter.
Check out the Bug Bounty Hunter website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Tuesday Aug 30, 2022
Tuesday Aug 30, 2022
Kyle Elliott, the Founder and Career Coach behind CaffeinatedKyle.com, joins the pod on his quest to transform boring job searches into something fabulous. Kyle specializes in helping job seekers, especially those in technology and cybersecurity, find jobs they love and express the value they bring to potential employers. Need to know the secret to acing your next tech job interview? Look no further than Caffeinated Kyle.
Timecoded Guide:
[00:00] Finding your own definition of fabulous
[06:06] Standing out in a tech job interview
[12:19] Dealing with and learning from job rejection
[16:41] Targeting your dream tech job & telling your career story
[21:33] Breaking into technology the easy way and the hard way
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
From your perspective, what makes someone fabulous?
Being “fabulous” can sound grandiose to most tech practitioners, but Kyle believes that everyone has the potential to be fabulous, especially when they’re forging their career path. There’s a lot of competition amongst large tech companies to find the employees that close skill gaps and stand out from the massive group of hungry job seekers. To be fabulous, one has to know how to stand out and what sets them apart.
“When I think of fabulousness, I think: What sets you apart from other people? I work with job seekers, so I think: What sets you apart from other job seekers or other applicants?”
When you look at standing out in a job interview, what are some of the key components that go into that?
Many job seekers that Kyle works with have the skills, meet the position requirements, show up for the interview, and still struggle with getting a job in tech. While this can happen for a variety of reasons, Kyle explains that a simple mistake job hunters are making is regurgitating their resume without backing up their experience. A strong story about the experiences you had and the value you delivered makes you memorable and explains what you can provide.
“When you're doing this, you want to think in the mind of a hiring manager. How have you added value to the organization? What sets you apart? I didn't just code, I didn't just have cross functional collaboration, here's the value to the organization and what sets me apart.”
How do you coach someone through being able to tell their story in an interview?
Career storytelling skills separate a potential employee from a pack of qualified applicants. However, a lot of technical people aren’t known for their storytelling skills or knack for creativity. Instead, Kyle recommends his clients in tech and cyber practice their storytelling through a more familiar world of spreadsheets. Each spreadsheet helps job seekers break down the value they bring with their skills, so they can tell a story that connects their past experiences to their future position.
“A lot of the people I work with in tech, they're amazing at their job, but they're just not used to practicing storytelling…It feels awkward. It feels different. It feels weird, because that's not something they’re used to.”
From your experience, what have been the easiest and hardest fields in technology to break into?
In Kyle’s opinion, there isn’t one field of the tech industry that’s easier or harder to break into. Instead, breaking into the tech industry relies more on professional experiences, background, and skillset. If the leap to tech feels like too many transitions at once, Kyle recommends slowing down to one transition at a time and building each experience off of one another. Instead of hiding that this may be a new path for you, embrace your past when job searching and explain why a potential employer should hire someone transitioning into the tech world.
“Everyone's like, ‘Kyle, how do I get a job in tech?’ I would start with your background, and I think that's gonna determine what's easiest or hardest for the person. What I always recommend is, try to make the least amount of transitions possible.”
---------------
Links:
Keep up with Kyle Elliott on LinkedIn and the Caffeinated Kyle website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio