Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.
Episodes
Tuesday Sep 27, 2022
Tuesday Sep 27, 2022
Mimi Gross, Founder and Cybersecurity Matchmaker at People By Mimi, connects early stage through Series C cybersecurity startups with sales and marketing talent. As a recruiter and headhunter with over 5 years of experience, Mimi refers to the process of recruiting and hiring as “cybersecurity matchmaking.” Mimi joins Hacker Valley Studio this week to talk about what recruiting and dating have in common (including marriage!), and the ways to deal with rejection during the hiring process.
Timecoded Guide:
[00:00] Defining the term “cybersecurity matchmaking” as a recruiter
[04:00] Commonalities between recruiting and dating advice
[07:55] Dealing with job rejection like a bad breakup
[15:17] Balancing hiring manager wants and needs in the recruitment process
[20:11] Emphasizing chemistry between the ideal candidate and their future employer
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
Where did the term “cybersecurity matchmaking” come from?
There’s a huge element of matchmaking in recruiting. That’s essentially what you’re doing — you’re matching a potential candidate with a potential new position. Certain recruiters and companies instead treat the act of recruiting candidates and hiring new employees like a sales transaction. This feels impersonal for everyone involved. Referring to recruiting as “matchmaking” reminds everyone involved that there are humans in the process at every stage, from application to references, interviews to onboarding.
“Early on, I was disillusioned with recruiting, because I realized that people don't treat it like finding the perfect match. It's like sales for some people. I quickly said, ‘I can't do this thing unless I can call it matchmaking.’ That's where the term came in.”
What does dating advice have to do with recruiting?
In both recruiting and dating, you’re trying to find the “right” fit. In dating, both people in a relationship are looking for “the one”; someone to grow with long term and to build a mutually beneficial relationship with. In recruiting, the founder or hiring manager is looking for the right candidate for the role, while the job searcher is looking for the right job for their career. In both dating and recruiting, when you find the right one, it won’t be a huge compromise or a challenging fit; the relationship will feel authentic and natural.
“I find that the best matches I make — and I love to call them matches, because they really are — I look back at them, like, ‘You know, that was a good match.’ In those great matches, the chemistry was there right away.”
How do you help candidates deal with rejection?
Rejection is part of the recruiting process, just like how breaking up is part of the dating cycle. There are going to be times when the fit isn’t right and the job you want goes to a different candidate. The trick is to not take it personally. Instead, take a learning approach to the situation. The company might need to go in a different direction, or someone else in the organization may be taking over the position. Unlike dating, the hiring process is unrelated to who you are as a person. Focus on learning and applying your experience elsewhere.
“It’s not just about not taking rejection personally. You have to see that there will be the right fit for you, and that also, the person who is rejecting you now could be a valuable person to know in the future. Never burn bridges.”
What is one of the most important aspects in recruiting?
Chemistry is key in the recruiting process. You may have a company executive or a hiring manager who wants a specific trait from their applicants, like an Ivy League education. As a recruiter, you have to dig beneath the surface to discover the “why” behind a job qualification or educational requirement. Perhaps the employer actually wants someone organized or detail-oriented. Getting to know the “why” means that you can find the actual right fit, while the chemistry between the job seeker and the hiring executive will take care of the rest.
“In the beginning, if you find the right match, the dating metaphor here is that nobody's perfect. You have to figure out what kind of imperfect you can handle and you can love, and that's the right match.”
----------
Links:
Spend some time with our guest Mimi Gross on LinkedIn
Learn more about cybersecurity matchmaking on the People By Mimi website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Tuesday Sep 20, 2022
Tuesday Sep 20, 2022
Renee Small, Cybersecurity Super Recruiter, content creator, and host of the Breaking into Cybersecurity podcast, joins the Hacker Valley team to clear the misconceptions around recruiting and discuss cybersecurity’s open positions. Taking labor shortages and skills gaps into consideration, Renee explains how she’s helped others start strong in the industry and hone their skills. Additionally, Renee covers her journey into content creation and podcasting, and how that’s impacted her recruiting work.
Timecoded Guide:
[00:00] Understanding a recruiter’s role in big and small cybersecurity orgs
[06:37] Diving into content creation with the Breaking into Cybersecurity podcast
[12:13] Challenges and rewards of helping entry level cybersecurity professionals
[16:02] Rewarding cyber recruitment stories and tech mentorship opportunities
[22:39] Advising job seekers looking for entry level positions in cybersecurity
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
What is the role of a recruiter in cybersecurity?
Renee knows the idea of a recruiter can be a confusing one, and the role of a recruiter can be radically different depending on the size of an organization or the type of recruitment they focus on. Overall, however, Renee believes that the role of a recruiter is to be a matchmaker for a position within a company. Cybersecurity recruiters have to understand the technical needs of a position and the cultural needs of a cybersecurity company to find the perfect practitioner fit.
“The role really is to be like a matchmaker. You’re seeing who out there is a great fit for which roles, which companies, and which culture, or which company culture, and that's what makes it, for me, a lot of fun.”
How has being a content creator impacted your work as a recruiter?
Although Renee doesn’t always identify as a content creator, her work with Chris Foulon on the Breaking into Cybersecurity podcast speaks volumes about the type of creator she really is. Renee always focuses on giving back with the work she produces, whether that work involves career coaching, recruitment advice, or cybersecurity education. Becoming a podcaster and content creator has allowed Renee to answer questions and provide information that helps the entire online cyber community.
“I experienced all the positions that were open as a recruiter, but I had no idea that there was this group of folks who were entry level, or transitioning into their first cybersecurity position, and they needed my help [in order to break into cyber].”
What are some of the most fulfilling moments that a recruiter can have?
Being a recruiter gives Renee the opportunity to help cybersecurity practitioners discover their dream job and navigate the industry intelligently. Her fulfilling moments actually center around those she’s helped along the way, including a former mentee and a former helpdesk employee looking for upward mobility. Finding the perfect match isn’t just about satisfying the company needs, Renee explains, but is also about connecting someone to an opportunity for success and growth.
“I get a kick out of people getting a job, it's almost like a little high for me. Every time I'm the person who connects people and it works out and they get paid well, I have a little party in my head. It's just so rewarding. I love that matchmaking process so much.”
What advice do you have for professionals struggling with their job search in the cybersecurity industry?
Cybersecurity’s labor shortage and staff burnout issues threaten even the most air-tight of security teams. Unfortunately, Renee explains that even with so many job openings, entry-level employees or professionals transitioning industries still can’t break into cyber. Her best advice for those struggling to take the first step is to connect with successful practitioners in the field already through nonprofit organizations and network events. Focus on a network that will expand your knowledge of cyber and the state of the industry.
“If you're a college student, if you are someone out there looking to understand what's happening in the field, join one of the myriad of cybersecurity nonprofit organizations and learn about what security really is.”
---------------
Links:
Keep up with Renee Small on LinkedIn
Listen to Renee’s podcast Breaking into Cybersecurity
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Sep 15, 2022
Thursday Sep 15, 2022
This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.
Timecoded Guide:
[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble
[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit
[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly
[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit
[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What were some of the trials, tribulations, and successes of Metasploit?
Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.
“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”
Where does your philosophy land today on giving information freely?
HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.
“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”
Is it possible to be a CEO, or a co-founder, and stay technical?
The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.
“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."
What advice do you have for people looking to follow a similar cyber career path?
Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.
“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”
-----------
Links:
Stay in touch with HD Moore on LinkedIn, Twitter, and his website.
Learn more about Rumble, Inc on LinkedIn and the Rumble website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Continue the conversation by joining our Discord
Tuesday Sep 13, 2022
Tuesday Sep 13, 2022
Caitlin Sarian, known on TikTok as Cybersecurity Girl, comes to Hacker Valley to talk about the endless possibilities for cybersecurity on social media. Walking through her journey of becoming cyber’s biggest TikTok star, Caitlin covers every aspect of internet fame and online presence, including facing criticism, gaining and losing viewers, and trying to make an impact on women in STEM. Alongside her work on social media, Caitlin also walks through the development of her new online cybersecurity course.
Timecoded Guide:
[00:00] Introducing Caitlin & her work on TikTok with Cybersecurity Girl
[06:45] Building a cyber platform on TikTok & dealing with imposter syndrome
[11:21] Keeping women in STEM, instead of just getting women into STEM fields
[15:56] Dismissing the idea of the diversity hire in tech & cyber
[24:43] Working with Girls Who Code & building her own low-cost cyber school
Sponsor Links:
Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!
Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com
How do you feel about going viral, or not going viral, on TikTok?
Although social media, especially TikTok, relies on an algorithm to push content to different viewers, Caitlin admits that viral content creation is more about luck than about methods. Since becoming involved in TikTok as a cybersecurity influencer, Caitlin has developed tricks of her own to elevate her content and interact with her audience, including going live on the app. However, she still explains that going viral is still random, with lower quality quick content sometimes hitting a larger audience than her higher value creations.
“Videos that you spend the least time on get the most views and the videos that you spend the most time on, get the least views. I've stopped looking at the views and just started trying to produce content that either makes people smile, or adds value to people's lives.”
What is that value that you're getting from making cybersecurity content for TikTok?
While creating podcasts at Hacker Valley allows for Chris and Ron to give back to their community and meet incredible cybersecurity content creators, a similar idea guides Caitlin’s work on TikTok. Considering that content creation can sometimes feel thankless and frustrating, Caitlin motivates herself by focusing on the people she helps. Through making cybersecurity more accessible online, she hopes to inspire other women to get involved and stay involved in cyber, tech, and STEM fields.
“It adds value to my life, knowing that I'm not just going day-by day-doing my job and that's it. I like bringing awareness and being that light for people that need it, especially in the tech world. I think for me, this is what I'm hoping for, I'm hoping to get more women in STEM.”
Can you tell us a little bit about your online cybersecurity school?
Caitlin isn’t only working on her cybersecurity platform on TikTok, she’s also expanding into online education with her course, Become a Cyber Analyst. Focusing on cybersecurity accessibility and affordable education, Caitlin’s course is a six-month boot camp that teaches students the ropes of the cyber industry. The best part? Students don’t pay until they’re employed in cyber, and Caitlin’s course guarantees a job within 3 months of graduation.
“I partnered up with a school called Master School, and it's basically a six-month boot camp. And then, after the boot camp, we have HR specialists that help students get a job after. You don't have to pay for it until you get a job, and it's a lump sum.”
What is your perspective on the struggles women face breaking into cybersecurity and staying in tech careers?
As a woman in cybersecurity, Caitlin has witnessed alarming levels of sexism in the industry and has seen fellow women experience tech burnout. With her content on TikTok and her new cybersecurity school, Caitlin hopes to solve the problem of not just inviting women into the cyber industry, but retaining female employees in cyber as well. Through supportive content creation and her own influence, she hopes other woman see that the possibilities in their careers are endless.
“I think the issue that I always used to deal with is a lot of men think I got the job from just being a woman. That also goes to my imposter syndrome, because I'm like, ‘Maybe I did just get this job because I'm a woman and they want to work with me. Maybe I'm a diversity hire.’”
---------------
Links:
Keep up with our guest Caitlin/Cybersecurity Girl on TikTok and Instagram
Learn more about Caitlin’s incredible Masterschool course, Become a Cyber Analyst
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Thursday Sep 08, 2022
Thursday Sep 08, 2022
We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.
Timecoded Guide:
[02:57] Fixating on hacking because of the endless possibilities and iterations to learn
[09:54] Giving advice to the next generation of hackers
[17:17] Contacting Tommy and keeping up with him on Twitter
[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples
[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
Do you ever struggle with burnout when it comes to hacking?
Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.
“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”
What hacking advice would you give the younger version of yourself?
Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.
“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”
What do you think about the “media obsessed” stereotype many people have about black hat hackers?
Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.
“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”
What are the best ways for people to keep up with what you’re doing?
Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.
“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”
-----------
Links:
Stay in touch with Thomas DeVoss on LinkedIn and Twitter.
Check out the Bug Bounty Hunter website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord