Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.
Episodes
Thursday Aug 25, 2022
Thursday Aug 25, 2022
John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective.
Timecode Guide:
[01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content
[06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success”
[13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches
[16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team
[21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands”
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What is your origin story for wanting to educate other hackers?
Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience.
“Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”
What feelings do you get looking back on the YouTube content you’ve created so far?
John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work.
“I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”
Have you ever considered focusing on the blue team or the defensive side of cybersecurity?
The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team.
“We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”
What advice do you have for red team content creators that want to share content and spread awareness safely?
With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before.
Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone.
“Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.”
----------
Links:
Check out our guest, John Hammond, on YouTube and LinkedIn.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn.
Catch up with Chris Cochran on Twitter and LinkedIn.
Continue the conversation by joining our Discord.
Tuesday Aug 23, 2022
Tuesday Aug 23, 2022
Claire Gallagher, Designer and Solopreneur Strategist, comes to Hacker Valley to break down branding, visibility, and choosing solopreneurship over business ownership. Combining the terms solo and entrepreneur, solopreneurs are a different breed of business owner, and Claire has made it her mission to help them not make the same business mistakes she once made. Claire walks through the essentials of how her business caters to individuals looking to go it alone and how to make an impact while staying small.
Timecoded Guide:
[00:00] Introducing the concept of solopreneurship
[04:32] Shifting to business strategy to better serve a client base
[09:19] Deciding alone as a solo entrepreneur
[16:40] Pricing your work and validating your professional value
[24:46] Making peace with looking silly as a business owner
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
Why did you choose to go down a path of catering to solopreneurs, versus working with enterprises or small and medium businesses?
Claire has dabbled in building teams and working in larger businesses in the past, but her calling has always brought her back to a company of one. For solopreneurs, Claire explains, it’s not that they cannot afford hiring employees or scaling their business. Instead, a solopreneur’s focus is on the balance between work and life, along with the power and experience to make their own decisions about their business.
“I'm a loud introvert. I could talk all day, but essentially, I'm kind of introverted in secret. Generally, I like to work alone, to get into a creative flow, to not have anybody to answer to. This company of one, this solopreneurship, it suits my energy and my temperament.”
What are some of the pros and cons of going it alone as a solopreneur and keeping your business small?
There are pros and cons in business, no matter the size. Claire’s strongest pro for becoming a solo entrepreneur has been her ability to pivot without impacting anyone but herself. Pivoting towards strategy was a hard decision, but it was so much easier to make on her own. Unfortunately, making decisions on one’s own can also be a con of solopreneurship. Claire has seen clients have a lack of accountability in sticking with their decisions when they don’t have anyone working with them.
“That's a pro, I was able to pivot without having to hire people, sack people, and really invest heavily in changing everything. That's a real plus, I could just pivot like that and it was a decision that I made, and I was responsible for it.”
At what point would you recommend a solopreneur, or content creator, to reach out to someone like you so they could shine in this digital world?
Although solo entrepreneurs thrive in business on their own, it’s important to never go it alone. Claire advises that early stage solopreneurs consider the community around them and build their business with a healthy curiosity in books, online resources, and virtual communities of fellow entrepreneurs. As they progress through their business, Claire also recommends connecting with a coach or strategist, like herself, to go further faster and avoid careless mistakes.
“Solopreneurs think, ‘I'm smart, I can figure this out.’ Yes, you can, but to go further faster, I think you need to work with a mentor or a coach or strategist. You're always going to get further faster by finding somebody who understands what you're trying to achieve.”
What are some of the tenants that you teach people about coming across as authentically as possible?
Branding is a vital element of content creation and business ownership. However, the current world craves branding that comes across as authentic. Claire explains that authenticity comes from a willingness to make mistakes and put yourself out there, even if it feels or looks silly the first time. If a solopreneur is honestly trying to deliver value, that will show through any first-time awkwardness or silliness and still feel authentic to potential clients.
“Starting before you feel ready is really the only way that you can start because you can't know everything until you've tried some stuff. Showing up and making mistakes and maybe seeming a little bit foolish at the start, take it. That's what's gonna happen.”
---------------
Links:
Keep up with Claire Gallagher on LinkedIn and at ClaireCreative.com
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Aug 18, 2022
Thursday Aug 18, 2022
We’re joined by sponsor and guest Dan DeCloss, CEO and Founder of PlexTrac, on the podcast today to talk about communication and collaboration between the red and blue side of cybersecurity and why security success depends on those two sides working together. On their mission to build stronger, more productive, and well-rounded security teams, PlexTrac provides incredible and insightful metric and messaging tools that change the game for the cybersecurity industry.
Timecoded Guide:
[05:36] Understanding PlexTrac’s history and mission for cybersecurity teams
[09:58] Lack of empathy and understanding in red team and blue team communication
[18:48] Breaking through the resentment and confusion within a team
[24:45] Envisioning the future of PlexTrac’s community impact
[27:52] Caring about your cybersecurity mission beyond yourself
Sponsors:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
What is the function of PlexTrac that would help you the most as a pen tester?
With prior hands-on experience on the red side, Dan found his journey to creating PlexTrac to be full of moments where he wanted to fix the same problems he encountered over and over with reporting and communicating. One of these problems was solved easily with the addition of a video feature, a simple function that has existed since PlexTrac first began but is instrumental and is a huge time-saver for visual learners.
“As a pen tester, I hated finding that I had 20-odd screenshots if it's a pretty complex exploit. I think the adage for us is like, if a picture's worth 1,000 words, then a video is worth 1,000 pictures, right?”
What do you think are some of the gaps in skills that organizations face when hiring these professionals to perform offensive operations?
Communication is key— not just in life, but in this episode. While we’ve discussed skills gaps previously in cybersecurity, Dan is quick to point out that a consistent gap he sees in all areas of cybersecurity is effective communication. PlexTrac keeps this struggle to communicate in mind and creates easy, simple pathways and functions that encourage communication and facilitate collaborative problem solving.
“If there's one area that I really emphasize with anybody that I'm mentoring or have hired in the past is, as a security person, whether you're red or blue, you really do need to be a good communicator and be able to communicate risk effectively within the right context.”
What would you want to say to those folks that don't see eye-to-eye from the red or the blue side?
We’re fighting the same fight, no matter if we’re on the red side or the blue side of cybersecurity. Dan’s message for our warring red and blue teams throughout the industry is to understand the importance of your mission and to not let relationships between red and blue feel clouded with misunderstanding or resentment. No one’s job is harder than anyone else’s, and each role on offensive and defensive plays a part in our collective victory.
“I'm gonna just be point blank about it…Are you trying to just prove a point about your knowledge and your skills? Or, are you actually trying to make the world a safer place?”
What would you want to say to all those folks out there [in cybersecurity]?
As PlexTrac aims to make a huge impact on our community, Dan and his team acknowledge a need for a unified, focused, and collaborative cybersecurity industry, with hard workers on both the red and blue sides. With PlexTrac’s assistance in making reports, measurable results, and communication that much easier, our team at Hacker Valley is thankful to be a part of PlexTrac’s amazing network and can’t wait to share more tools like this with all of you.
“I think keep fighting the good fight, for both sides, and recognizing that your mission is vital to the safety and security of your organization and the world at large, right? We are all in this battle together.”
----------
Links:
Spend some time with our guest, Dan DeCloss, on LinkedIn, and the PlexTrac website
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Tuesday Aug 16, 2022
Tuesday Aug 16, 2022
Anne Ricketts, Founder & Principal of Lighthouse Communications, brings her techniques for public speaking and presenting to the show to help Chris and Ron unpack unhelpful mindsets around storytelling and unhealthy speaking habits. Covering the basics from filler words to hand gestures, eye contact to working the camera, Anne explains the role storytelling plays in the way people communicate at the office, out in public in their free time, virtually on Zoom, and even onstage at events like TEDx.
Timecoded Guide:
[00:00] Why Anne became a communication coach
[05:16] How COVID impacted public speaking and presentations
[12:57] Why you shouldn’t stop hand gesturing
[18:38] How to stop saying “um”, “like,” “so,” and other filler words
[22:45] What makes storytelling an essential career communication tool
Sponsor Links:
Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life!
Complexity is increasing and manual asset inventory approaches no longer cut it. That's where Axonius comes in. Take control of security complexities by uncovering gaps in your organization. Sign up for a free walk through of the platform at axonius.com/get-a-tour
AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
Why was communication coaching your chosen profession?
Anne wasn’t always a communication coach, but she’s always been passionate about helping others speak. In fact, prior to 2013, Anne taught English as a second language to a variety of people, first in Italy, then in San Francisco. When Anne founded Lighthouse Communications, her goal was to help everyone, English speaking or not, communicate efficiently and confidently. Speaking skills and storytelling talent can open up a world of opportunities for anyone, and Anne is excited that she can help others unlock their potential everyday.
“I really like helping people because there's so many small things you can do to look more confident, like the way you stand or projecting your voice. If you look more confident, you start to feel more confident.”
In the past two years, because of the pandemic, what have been the ways that you've seen communication coaching change?
With so few events and courses happening in-person, Anne had to shift her mindset around coaching and her advice she gives to clients. Virtual presentation unlocked a new world of communication, but comes with new rules and a learning curve. Thankfully, Anne has learned to love the world of virtual and believes that when professionals give their all to connecting with their audience, amazing communication can still occur, even from long distances away.
“Normally, when teaching a class, you can see if someone's struggling or confused, you can walk over and connect with them. Everything was happening so fast in the Zoom room, I personally felt like I started from scratch.”
How could someone who isn't the biggest fan of small talk reset and reframe small talk in a way that's valuable for them?
Networking and communicating can feel like a chore, especially when small talk is involved. Anne believes that small talk, as awkward and boring as it may be, allows professionals an amazing opportunity to practice connecting with others on a small scale and hone their listening and storytelling skills. Ask curious questions to connect with others during small talk moments, and don’t fear the occasional awkwardness that comes with meeting someone new.
“If you want to be good at small talk, it's just being curious. Asking questions like, ‘Hey, what's that in your background?,’ or in person, ‘Tell me more about yourself. Oh, interesting. Where did you go to school?’ Asking specific follow up questions and just being curious.”
What advice would you have for anyone that has impactful details to share, but doesn't really know how to make it into a story?
Storytelling is one of the most valuable skills a professional can learn, according to Anne. Stories allow us an opportunity to connect with others emotionally and mentally, and can even inspire someone to action with the power of simple words. Anne’s biggest advice around the art of storytelling is to practice. Listen to the stories others tell, build your experiences around a framework that feels personally right to you, and practice, practice, practice.
“What makes for a good story is tension, emotion. We want to know what was going through your head during that security hack, what was the reaction, what was at stake, and that's not necessarily, on an everyday basis, how we're trained to speak at work.”
---------------
Links:
Keep up with Anne Ricketts on LinkedIn
Check out Lighthouse Communications on LinkedIn and their website
https://www.youtube.com/watch?v=xDI32BRr2pY
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Aug 11, 2022
Thursday Aug 11, 2022
We’re breaking down the concept of difference makers this week, and we couldn’t help but call upon Mari Galloway, CEO of Women’s Society of Cyberjutsu, to be our guest during this conversation. As a black woman in cybersecurity who has dedicated a large portion of her career to helping women and girls become a part of the cyber community on both the technical and non-technical sides, Mari is a stunning example of making a difference and creating a path to expand cybersecurity beyond stereotypes.
Timecoded Guide:
[01:29] Defining the difference makers and explaining the OODA loop
[13:52] Introducing Mari and the Women’s Society of Cyberjutsu
[20:14] Finding her purpose in helping others find their purpose
[25:06] Explaining the roles and paths available outside of strictly technical
[30:31] Understanding imposter syndrome and forging a freedom-based career journey
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What is that like to see people go from taking that original red pill all the way through starting their career in cybersecurity?
When we talk about making a difference, many of us don’t get to see our impact as clearly as the Women’s Society of Cyberjutsu sometimes gets to see. Mari tells us numerous stories of women throughout this episode, including herself, who became a part of this industry because of the instrumental work they do in outreach and education. For Mari, seeing women change their minds and majors to become a part of the tech industry shows how vital this work is.
“These are the moments we're waiting for, whether it's one person or 50 million people. We want you to feel confident enough to get the skills you need, get in the industry, continue to refine those skills, and be super successful.”
What would you equate your purpose to, and how does everything you do fit into it?
Like many of us, Mari isn’t entirely sure what her purpose is, but she knows that she enjoys helping the next generation and making a difference in the landscape of cybersecurity. Working with a nonprofit is not an easy job, even if it is rewarding, and Mari still prioritizes her freedom alongside meeting her purpose. No matter what Mari’s future holds, she knows that this work and this purpose to help others will always find her.
“I think as I get older, as I start to take steps back to just kind of look at what's happened and the impact that I'm having and others around me are having on the next generation of folks coming up, I think my purpose is to help people. It's to help other people see their potential.”
How do you feel like creating that safe environment has affected others?
Helping others find their footing in the cybersecurity industry can be extremely rewarding, especially when Mari found herself in a situation of uncertainty when she first joined the Cyberjutsu Tribe. The community of cybersecurity and the stereotypes around hackers can feel incredibly uninviting from the outside. Offering people, especially women and young girls, an opportunity to step into a safe space where they can ask anything has been huge for Mari.
“We call it our Cyberjutsu Tribe, and we want to make sure that anybody that comes to us feels like they can reach out and touch us and ask us questions and get answers and just have a conversation with us.”
How do we invite more people in and let them know that there are opportunities in cyber outside of technical roles?
Whether you’re hacking, selling, managing, or marketing, there is a space for you in the cybersecurity world. You don’t have to code or to be extremely technical to fit in this industry anymore, and you don’t have to have a certain look. The Women’s Society of Cyberjutsu prioritizes educating people on every role involved in the industry and showing them that they don’t have to be a tech wizard or a computer guru to find a satisfying and profitable position.
“You don't have to look like this to be a hacker. You can look like me…That stereotype, I think, is dying, as we see the number of women coming in and men coming into the space that don't look like that anymore.”
Links:
Spend some time with our guest, Mari Galloway, on LinkedIn, Twitter, her website , and the Women’s Society of Cyberjutsu website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter.
Catch up with Chris Cochan on Twitter.