The Hacker's Cache

#8 Cybersecurity Is a Beautiful Field: There's People That Don't Like Me ft. Aaron Tran

Kyser Clark - Cybersecurity Episode 9

Kyser Clark interviews Aaron Tran, a military veteran who successfully transitioned into a career in cybersecurity. They discuss Aaron's journey from the military to becoming a penetration tester, the challenges he faced, and the steps he took to bridge the gap between non-cyber and cyber roles. They also touch on the importance of having a plan and utilizing resources like the SkillBridge internship program. Aaron shares his insights on paying ransomware demands, the value of the TCM Practical Career Ready Professional program, and the need for kindness and collaboration in the cybersecurity field.

Connect with Aaron Tran on LinkedIn: https://www.linkedin.com/in/aarontran-anasec/

Takeaways

  • Having a plan is crucial when transitioning from the military to a career in cybersecurity
  • Utilize resources like the SkillBridge internship program to gain real-world experience
  • Paying ransomware demands is not recommended, but there may be situations where it's the only option
  • The TCM Practical Career Ready Professional program can provide valuable training and networking opportunities
  • Soft skills are essential in cybersecurity, as they help with client interactions and job interviews
  • Don't let the noise and conflicting advice in the cybersecurity field discourage you
  • Reach out to fellow veterans for support and camaraderie
  • Kindness and collaboration are important in the cybersecurity field

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY


Music by Karl Casey @ White Bat Audio

Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of ...

(0:00 - 0:09)
Silence the noise. Cybersecurity is a beautiful field because we have so much information available to us. Cross-site scripting, how to get a job, why your resume sucks.

(0:09 - 0:14)
And I know for a fact, there are people who don't like me out there. Not everyone likes me either. There are going to be people who just disagree with you.

(0:14 - 0:24)
When you listen to advice out there, definitely take it with a grain of salt because no one has all the right answers. We're all figuring this out together. No one knows everything and there are infinite paths into the world of cybersecurity.

(0:25 - 0:31)
There is no one right way to do this. This is your journey. Hi, I'm Kyser Clark.

(0:31 - 0:45)
And welcome to The Hacker's Cache. The show that decrypts the secrets of offensive security one byte at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners.

(0:45 - 0:58)
If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Hello, hello. Welcome to The Hacker's Cache.

(0:58 - 1:03)
My name is Kyser Clark. I have six years of experience in the field. I currently work as a full-time penetration tester.

(1:03 - 1:20)
I have 12 certifications, a bachelor's degree in cybersecurity, and I'm currently working on my master's degree in cybersecurity. Today, I have Aaron Tran, who was on active duty in the US Army for three and a half years. Then he got out of the Army and went into a penetration testing SkillBridge internship for about four months.

(1:20 - 1:39)
After that SkillBridge internship, he migrated to his current position where he's a full-time penetration tester and he's been doing that for almost a half year now. For education, Aaron is currently working on his Bachelor of Science in cybersecurity. For certifications, Aaron has the TCM Security Practical Career Ready Professional, so that's a PCRP.

(1:39 - 1:49)
Practical Network Penetration Tester, that's the PNPT. The Practical Junior Penetration Tester, that's the PJPT. The CompTIA Cybersecurity Analyst, that's the CySA+.

(1:49 - 2:04)
PenTest+, the ISC2 CC, that's the Certified in Cybersecurity, Network+, and Security+. So Aaron, go ahead and unpack your experience, walk me through your background, and introduce yourself to the audience. So, hello, my name is Aaron Tran.

(2:05 - 2:19)
Thank you Kyser for having me on here. Currently, I am an Offensive Cybersecurity Engineer at Blue Goat Cyber and a Penetration Tester. Prior to this, I was a Penetration Testing Intern at TCM Security.

(2:19 - 2:39)
And like you said, prior to that, I was in the U.S. Army as an 18X-Ray Special Forces candidate. I was not Special Forces, I did not complete the training all the way through, but that's part of my history, yes. For the record, you talk about how you didn't come from a tech background, so we got out of the military around the same time.

(2:39 - 3:08)
But one of the things that made my military transition easier was the fact that I was in Cyber Defense Operations for the United States Air Force, and you didn't have a tech background or a cyber background in the Army. So it had been incredibly challenging for you to get out of the military. Can you talk about what you did to bridge that gap between non-cyber to Penetration Tester Internship? Yes, so as we know, breaking into cyber and IT in general is very, very difficult for everybody.

(3:08 - 3:30)
It was the same for me. While I had no cyber background in the Army, cyber and IT have been a part of my life since I was a kid, and it's been a hobby. So even as a kid, I built multiple computers for all my family members, and I was a big gamer growing up, so it was a big part of my life.

(3:31 - 3:46)
And I even played around with tools such as Nmap and Kali Linux, and I didn't even know that cyber was a career field. So that was very interesting to discover. I was like, oh, people get paid to hack? That's absolutely insane.

(3:46 - 4:02)
So, but as I was bridging that gap, I used my resources in the Army to the max. So you have your day job in the Army, and then when the day ends, a lot of people either go out or they relax and have fun. Every day I studied.

(4:02 - 4:38)
So I used my resources such as TA, tuition assistance, and I went to school, and I started my cybersecurity studies, and I started studying for certifications, and I dedicated everything to building my background to become an asset in cyber. Then once I was leaving service, pretty much the reason I was able to even break in is because of Joe Helle. So Joe Helle from TCM Security, I applied for their internship, their SkillBridge internship, and he gave me a chance, period.

(4:39 - 4:55)
So when you hear about all these people trying to break in, it's like, hey, give me a chance. You know what? If you do give someone a chance, they may show you. They have everything that proves they can be a competent cybersecurity professional, and that's what Joe did.

(4:56 - 5:09)
So he and I share a little bit of the same background. We've eaten a lot of the same dirt. So he took me in, and he basically raised me into the hacker and the cybersecurity professional that I am today.

(5:09 - 5:13)
So I'm very grateful for that. Yeah, that's great. That's a great story.

(5:13 - 5:19)
Let's go ahead and get into our rapid fire questions. Are you ready for the rapid fire round? Sure. Let me get on my stopwatch here.

(5:19 - 5:35)
Okay, so for the new listeners, Aaron will have 30 seconds to answer five questions related to cybersecurity. If he answers all five questions in 30 seconds, he'll get a bonus sixth question that's not related to cybersecurity, and his time will start after I stop reading the first question. Here we go.

(5:35 - 5:58)
Is it okay to get into cybersecurity just for the money? No, you have to be completely passionate and obsessed with this career field. If you're not obsessed, it's unfortunate, but you're probably not going to make it. So wanting it for just the money, you can probably do it if you're that obsessed about money, but most of us love what we do, and that's why we're here.

(5:59 - 6:41)
Is it ever okay to pay the ransomware demands? No, if you pay ransomware, you never know if they're going to keep that system still under hold, so we don't negotiate with terrorists. Favorite type of cyber attack to simulate? Favorite attack to simulate? I would say password spraying, because it's an art form in itself, and I learned a lot at TCM Security from Bradley Thornton, who was a password spraying wizard, and the number of password hits that he got would blow your mind. Do you think privacy is dead in the digital age? I would say so.

(6:41 - 6:55)
Privacy is very hard to have nowadays. We have a big footprint, and if you do OSINT on anybody, you're going to dig something up. So I would say reduce your footprint as much as possible, and it's hard to do.

(6:55 - 7:20)
So I'm on this podcast right now, and that's already eliminating that, so yeah. Have you ever participated in a podcast on a bug bounty program? I actually just joined the Synack Red Team, and I haven't had much time to dig into it, but I'm super excited. It's a very good team, and they have a lot of resources, so I look forward to doing more of that.

(7:20 - 7:41)
Okay, so that was a minute and 44 seconds. That wasn't 30 seconds. So I forgot to tell you that, not to provide an explanation, so that's one thing I normally do, and I forgot to tell you, just don't explain any of those answers, but you had a good explanation to all those, so it's still great content, and I appreciate you for unpacking some of those, because those are some heavy-hitting questions, actually.

(7:41 - 8:14)
You got some heavy-hitting questions. By the way, these are randomly pulled from a pool of questions that I came up with. The one I want to get into out of all of your responses was is it ever okay to pay the ransomware demands? And so this is going to be a little controversial here, because I think there are times when it's okay to pay the ransomware demands, and so why I think it's okay sometimes, so if you're an organization that doesn't have any cybersecurity readiness at all, and you don't have your backups, and you truly, you got taken out by ransomware.

(8:14 - 8:18)
You have no access to anything. It's your only option. It truly is.

(8:19 - 9:04)
It's either pay the ransomware and hope that they give you access to your stuff back, or you go out of business, you lose your data, and I think in that situation, it's okay to pay the ransomware demands. On the flip side, I think, if you're doing what you're supposed to do, you have proper backups, then you can get away with not paying the ransomware demands, but I think a lot of these small organizations, they're not in that position because they don't have great cyber hygiene, which is why cybersecurity's so prevalent today, and why people like us have jobs is because there are a lot of organizations that they're not cybersecurity organizations. They're a construction company, or they operate a water tower, or they sell clothing, and they're not focused on cybersecurity like we are.

(9:05 - 10:02)
Their job is to sell whatever they're selling, and cybersecurity is an afterthought, so there are a lot of organizations that are getting hit with ransomware that just never saw it coming, and they are kind of forced to pay it. So with that, my explanation said, I would like to hear you go more in depth on this topic, like do you think there are times when ransomware is okay, or do you think it's just straight up never ever do it? Yeah, so like most questions in cyber, it's never black and white, it's never an easy answer. It's going to depend on the situation, but I would say the risk of you paying that ransomware, and then that entity not releasing your data is still high, so they can do that to extort even more money from you, and there's nothing you can do, so you've already paid them. They can say, hey, you know what, we want more, now what are you going to do? So now you've dug yourself into a deeper hole.

(10:02 - 10:24)
I would say if the entire industry said, no, we're not paying anybody anything, because that makes no sense, now there's less reason for ransomware, so if we all got on the same page about it, there'd be less reason to attack people that way, in my opinion. You're right, if everyone stopped paying, then ransomware would be pretty much defeated overnight, I feel like. Exactly.

(10:24 - 11:01)
But like I said, there are some companies that are just so pressured that they have to pay, there's no other option. It's true. It's a hard topic, that's a heavy-hitting question, and no one has the right answer, and everyone has a different opinion, and it is a hard situation to be in, and I've never been in that situation, but I can kind of sympathize with companies that have no other option, so would it be nice if all organizations didn't pay ransomware? Yes, obviously, but sometimes that's not the reality, unfortunately, and cyber warfare is real.

(11:01 - 14:29)
It's very real, yes it is. Okay, let's go ahead and dive into our main discussion, so the first thing I want to talk about, so we briefly mentioned it, so you just transitioned out of the military not too long ago, roughly the same time as me, and military transitions are not easy, it's hard for everyone, even if you prepare your butt off, like you're going to have some hiccups along the way, so what are some important tips you can give people who are considering military separation? So my biggest tip is to have a plan, because I think the majority, or many service members go out thinking they'll figure it out on the way out, or they'll figure it out once they get home, or wherever they're going, but you really do need to have a plan, and that's why TAP program exists, it's a transition, it stands for Transition Assistance Program, I don't remember what it means, but utilize TAP, and when they ask you questions about, hey, what's your rank going to be where you're moving, think about that deeply, because that's going to be something you're dealing with immediately, and what are you going to do for work, and if it's not cyber, whatever it is, so a lot of us are breaking in too, so what if you don't have cyber experience, or you can't get a job immediately, what's your backup plan? So plan it all, and you're military, so make sure you have all your contingencies in place, so that's my biggest recommendation for everyone who's transitioning out, and also plan for it being a struggle, because it's going to be a struggle, a lot of service members have a lot of resources available to them, and you don't really realize it until you're out, but all your brothers and sisters are with you every day, and they're all supporting you, because if you ever had an issue, hey, what do I do here, and your brothers and sisters have you, and that may not be the case on the way out, so you want to plan for that as well, make sure you have a support system. That's great advice, and when you say have a plan, that is very important, and I had a plan, and I worked on, I was in the military for six years, and I would say the last four years, I was really planning on my transition out, that's how far back I started my transition really, started preparing myself, like I started building up the skills that I needed to separate to be a pen tester at two years of my career basically, and even with all four years of preparation, I started networking on LinkedIn four years before I even got out of the military, and that really helped me, and even though I did all of that, I had a great plan, and everyone's like, dude, you have a great plan, we really don't have any other advice, you're doing everything right, and even then, your plan still isn't going to be exactly how you thought it was going to be, so let me give my story, so when I had a job offer, I accepted a job offer, and I was supposed to work this company right after I got out of the military, it was supposed to be like, I'm in the military, boom, job, and then one week before my military separation, they withdrew my offer, and it was like derailed all my plans, and luckily, I had a huge network on LinkedIn, and I found a job three weeks after that, so I really went one week where I didn't, where I was like unemployed, where I wasn't working, and if I didn't have that LinkedIn network, then that one week could have dragged on for months, two, maybe even three months long, so when you say have a plan, that's very important, but also plan for the plan to get derailed a little bit too.

(14:30 - 16:12)
Yes, no plan survives contact with the enemy, so you have to have primary, secondary, and beyond, yeah. Yeah, and then the last thing I'll add to that was, even though I was in cyber defense operations for six years, and even then, getting out of the military, I still had the 12 certifications, I hacked 60 Hack The Box machines, I did 216 TryHackMe rooms, and even with all, I had my bachelor's degree, with all this stuff, I still got rejected, I still got rejected, so you have to face rejection, and people say don't take rejection personally, but so this is actually one of my hot takes, is like I do take it personally, because it fires me up to work harder, and that's one of the reasons how I got my current role, I was like man, I just gotta work harder, I just gotta network more, and stuff like that, so yeah, so definitely plan for getting rejected, no matter how good you are. Yes, I think everybody listening, and if you're trying to break into cyber, and just hearing Kyser's story, should inspire you to keep going, because you're going to take a lot of punches, and you're going to get discouraged at some points, but it's important for you to move forward, no matter what, and that's something that the military teaches us, you can shoot me, I might be bleeding, I'm going to crawl to the end of the finish line, because that's what you need to do, you're doing it, and you're not doing it for yourself, you're doing it for the team, so just think about it as hey, your future cyber team, that you're going to be a part of needs you, don't quit now, if you quit you'll never see it, so keep moving forward.

(16:13 - 19:01)
Great advice, so now I want to move on to penetration testing SkillBridges, specifically, because I told you this before the recording, but my penetration testing SkillBridge was harder to attain, than my actual job that I'm in now, and the reason for that was because, there's not a lot of penetration testing SkillBridge opportunities out there, so what I did was, I just basically applied to open penetration testing positions, and then I would go in the interview, and they would always ask, hey, when can you start, and then hey, I'll be like funny story, I'm actually looking for a penetration testing SkillBridge, and I would say nine times out of 10, the organization has no idea what SkillBridge is, and then you explain what SkillBridge is, and for those that are watching and listening, that don't know what SkillBridge is, basically it's a program for transitioning military members, to get real world experience, in their final months of their active duty contract, and instead of reporting to the military, they report to a civilian company, they still get their pay and benefits from the military, but they are basically working in a civilian job, and then on the flip side, companies can basically get zero to very low cost labor, out of a military person, who's transitioning out, and it's a good way to test their fit within an organization, before they make the full-time commitment, to hiring that individual, so it benefits everybody, except for the military, because the military is losing an incredible asset, but it benefits society, because now we have less homeless veterans, and we have veterans contributing into the civilian world, so I would say the biggest con to it is like, yeah, your unit's going to lose an incredible asset, but the benefits for everybody else are tenfold. Go ahead, go ahead. I'd like to add something to that as well, is the free labor or cheap labor, for the company, accepting a SkillBridge intern is a thing, but additionally, and this is where TCM Security benefited, it wasn't the labor, they didn't need me for the labor, is they can use you as an outside point of reference, a new set of eyes, say, hey, how's the organization doing? How do we look from a new viewpoint? So that was probably the best thing for the company, in terms of accepting a SkillBridge intern, because they don't really need a SkillBridge intern, and TCM Security, straight up, Heath Adams and Joe Helley, they're just giving back to the community, that's the only reason why they have a SkillBridge program, and I really appreciate that, and Heath Adams does that in every regard, he gives a military discount or a veteran discount for all their education platforms, and that's just one way he gives back, so.

(19:01 - 20:51)
Great, yeah, I'm glad you threw that in there, because that's something I never even thought of, so I'm glad you mentioned that. So yeah, let me finish my thought on that last one, so I was going to ask you, what advice could you give to others who are looking to land their first, a penetration testing SkillBridge specifically? So, like you said, SkillBridges are really hard to get, there's just few and far between, there's not too many programs that are out there, I would say, cast your net wide, you know, don't just say, hey, I want this company, make a list and apply to them all, and don't limit yourself to just cyber, you know, apply to IT SkillBridges, help desk SkillBridges, everything, because the most important thing is to get your feet wet and to get experience, so if you can get accepted for anything, I would do that. In terms of advice on how to do it, and this is the same advice I would give for anyone trying to break into cyber, is you really need to tie down and tighten up your resume, so make sure your resume is clean, before I applied for my SkillBridge, and I'll give a shout out to Stacy Phelps from National University, she was a counselor and advisor there, and my university offers these career counseling sessions for free, so I got in touch with Stacy, she looked at my resume, she made suggestions, she did mock interviews with me, and that was huge, because I spent three and a half years in the Army, and I couldn't remember the last time I had an interview, or edited my resume, so she actually made a huge impact on me, even just applying to my SkillBridge, so do that, and you'll go a lot further.

(20:52 - 21:56)
Second thing is, Joe Helley, who ended up, you know, interviewing me and accepting me into the program, he'll mention this as well, he says, you better make sure you write a good cover letter that's formatted for that company, spend your time to research the company, who are they, what do they stand for, so when I applied to TCM, I already knew I loved the company, I was a big fan of them, before I even knew they had a SkillBridge, so know the culture, know what you're applying for, tailor your cover letter, have a clean resume is my recommendation. Great advice. Yeah, so speaking, we're going to stick with the theme with the TCM here, so you have the TCM Practical Career-Ready Professional, once again, that's the PCRP, and I know you have to have the PNPT, but how hard or how long did it take to upgrade like your PNPT to the Career-Ready Professional, and if you can give any insight into this, I think that would be beneficial to the audience, for anybody that doesn't really understand like what that certification is.

(21:56 - 22:49)
Yeah, so first off, I'm not in sales, so I don't know the exact details of everything, so I'm sorry if I butcher this, but the PCRP program, the Practical Career-Ready Professional program, there's two ways to do it, you can either buy it off the get-go, or you can buy your PNPT and then upgrade to the PCRP. Now, I recommend that if you have zero experience in cyber or IT, and you have the funds, and you know you want to be in offensive security, and you know you want to take the PNPT, then just go ahead and do the PCRP first. Why? Because the PCRP program includes the PNPT training, and then it includes everything you need to get through the PCRP program, which means it includes training in soft skills.

(22:50 - 23:23)
So, as many of us know, technical skills, while important, are not enough to get a job in cyber and to keep your job in cyber. Soft skills are everything, because you're face-to-face with a client, and I've had someone tell me this before, you know, I competed in a cyber competition for my university, and this guy was like, hey, you know, I thought this job was just like, hey, we're in a dark corner of the room, and we're just hacking away, and you never need to talk to people. I'm like, dude, you cannot be more wrong.

(23:23 - 23:48)
You need to make sure you have the personal skills to talk to the client, deliver the product and service, and the PCRP will help you do that, because there's a lot more to cyber, and hacking, and penetration testing than is, you know, the hard skills. The soft skills are what's going to land you a job and keep you employed. I 100% agree.

(23:48 - 23:55)
I hope I answered all the questions about the PCRP there. Is that clear, or? Oh, I'm sorry. Kyser, go ahead.

(23:55 - 24:06)
Let me hash it out a little bit more. So the PCRP, they will help you tailor your resume. That's one big thing.

(24:06 - 24:31)
Like I said before, for example, and I've seen this on LinkedIn, you have people who are like, hey, I haven't applied to jobs for three years, and I haven't gotten a job. Well, you know what? You might want to go backwards and see, hey, are there automatic HR filters that are tagging my resume? And they are. And your resume should not be five to 10 pages long.

(24:31 - 24:43)
That's too long. So those are things I didn't even know. So the PCRP program connected me with professionals in the industry who knew how to make your resume top-notch.

(24:43 - 24:54)
They scrutinize every single portion of it. That's one. Two, they teach you the soft skills, how to talk to the client, how to do a debrief, all those different things.

(24:54 - 25:07)
And for me, the most beneficial portion of the PCRP was the interview. So the interview that I did with the PCRP was intense. I didn't expect it to be, but I was well-prepared.

(25:08 - 25:36)
I was a different case because TCM Security has been training me for the past five months. So I'm a little bit more prepared than the average PCRP candidate, but in short, the interview was a dynamic experience. Heath Adams was there, and they ask you typical questions you would see during a technical and a, just basic interview process.

(25:37 - 25:44)
And if you've never been in the hot seat during an interview, that's going to be an eye-opener for you. And it was very beneficial. Nice.

(25:44 - 26:18)
Yeah, that sounds like a great opportunity for people who are looking to break into the field. So my next question is, do you think the TCM Practical Career-Ready Professional is worth pursuing if someone already has paid penetration testing experience, or they're already in a paid cybersecurity role at the moment? I would say if you are working in cyber and you are a penetration tester already, you probably have a lot of experience dealing with those interviews, and you probably had a good resume to begin with. That's how you got your job.

(26:18 - 26:31)
So there's probably less return on investment in that regard. But let's say you've been working your penetration test job for three to five years now, and you're looking to pivot. Well, you haven't interviewed in a while.

(26:31 - 26:48)
So if you have the funds, the PCRP could be beneficial for you. But it's more beneficial for those who have no experience, no interview experience, and you're going to take away from it and be confident. That's the most important thing is the confidence.

(26:49 - 27:22)
When you were answering that last question, I just remembered that one of the things, and I could be wrong on this, but one of the things that the PCRP has, and correct me if I'm wrong, but they kind of take you as a candidate and they promote you to other organizations that are looking for talent. Is that accurate to say? Yes. So that's another thing is, once you are PCRP certified, this is really cool is as part of TCM's Discord, there's another section for the PCRP cohort, and you are there for life.

(27:22 - 27:42)
The coolest thing is Heath himself is in that chat frequently. So you can interact with the TCM team every day, and I know Ang is in there as well. So you're basically a part of the family, the TCM family now once you're PCRP certified, and not very many people have the PCRP.

(27:42 - 28:06)
One benefit is, let's say, okay, you're PCRP certified, you're applying for jobs, and you're having some struggles. Now you can drop into that Discord private, very small group, say, hey, I'm experiencing this, having some issues, and they're going to give you their advice from a highly experienced level that you're not going to get anywhere else. So that's a big benefit as well.

(28:06 - 28:25)
And then to answer your question about the, yes, you are basically put in a program where they will share your info with potential companies. I can't speak too much about that because I did end up getting a job right after, but I know it's a great program. A lot of people have made great use of it.

(28:26 - 28:53)
That's good to know. And yeah, it sounds like you went more in-depth on if it's worth pursuing if someone's already in a position. So I think those perks could help you out if you are, like you said, been in the field for five years, and you haven't been networking, and you haven't been interviewing, and you need a boost, and that sounds like even if you have quite a bit of experience, it could help you out with some of those soft skills and promoting yourself.

(28:54 - 29:01)
So that sounds like a great opportunity. I will tell you, Heath doesn't go easy on you in the interview. So, I mean, I'll share this.

(29:01 - 29:15)
There was one portion where he asked me a technical question, and I answered it, but it wasn't at the level of detail that he wanted. So he asked again, and then I answered again, and then he went again. So you need to be ready for that during technical interviews.

(29:16 - 29:29)
And he didn't just give me that piece of it, you earn it, so. That's great. Wow, I'm so glad to talk to you about that, because that's, and I've seen it advertised, and I've only seen what it was public knowledge about.

(29:29 - 29:35)
I haven't talked to anybody that's went through that program before. So I'm really glad we got a chance to talk about it. Very cool.

(29:35 - 29:52)
Okay, so let's go ahead and start wrapping up here. So normally I ask a final question, but we're going to break that final question up into two for this episode. So the first part is, do you have any additional cybersecurity hot takes that you'd like to share? Yeah, hot take.

(29:53 - 30:22)
This is going to be some advice for newbies entering cybersecurity, and that is to silence the noise. And what I mean by that is cybersecurity and tech, in general, is a beautiful field because we have so much information available to us everywhere. Everywhere on LinkedIn, people are giving info about SQL injection, cross-site scripting, or how to get a job, why your resume sucks, or everyone has a lot of input.

(30:23 - 30:32)
People say, okay, this certification sucks. Don't do the CySA+. CompTIA certs don't do this.

(30:33 - 30:55)
You should get the OSCP. All these different opinions, right? Now, it's information overload for a new person. So what I would say is take in the good info, make use of it, of what you can, but just work hard, put your head down, and everything will fall into place, okay? So don't ever let anyone tell you that you can't do this.

(30:56 - 31:05)
Not everyone's going to like you or support you. And I know for a fact, there are people who don't like me out there and they have no reason to. And just believe in yourself.

(31:06 - 31:12)
You're worth it, and your future team is worth it. So don't give up. That's great advice.

(31:12 - 31:36)
And what you said there towards the end there, not everybody likes me, and not everybody likes me either. There are going to be people that just disagree with you, and I've shared my opinions on how to help beginners in the field, and a lot of people disagree with that because everybody's journey is unique. So when you listen to advice out there, definitely take it with a grain of salt because no one has all the right answers.

(31:36 - 31:56)
We're all figuring this out together. No one knows everything, and there are infinite paths into the world of cybersecurity, and there are infinite paths to level up your career, and there are paths that no one has walked on before either. So when you listen to advice, career advice, everybody is incorrect and everybody is correct at the same time, I feel like.

(31:57 - 32:12)
100%, and I'll touch on that again, is there is no one right way to do this. This is your journey. So take in the info that people are sharing with you about their journeys and tailor it to your own life.

(32:12 - 32:25)
No one can tell you, hey, you need the OSCP to be in offensive security. They can, and it might be a good recommendation, and I still recommend that as well, but it's not end all, be all. There are many ways to do this.

(32:25 - 32:32)
So just believe in yourself and keep going at it. You're going to get your chance. The market, it's going to change as well.

(32:33 - 32:35)
So just stick to it. Don't give up. Great advice.

(32:35 - 33:04)
So let's go ahead and get into the second part of the final question. Do you have any extra hidden wisdom that you'd like to share? So the last one is for my fellow veterans who are transitioning or have recently transitioned from military service, is if you're feeling alone or you're struggling, reach out to your brothers and sisters because we're all here for each other. Even if we're far away from each other, we have each other's backs and that's never going to change.

(33:05 - 33:21)
So I think once you transition out, you might be separated geographically and that may stop you from reaching out. But remember your brothers and sisters are there for you and be there for your brothers and sisters as well. You're not alone.

(33:22 - 33:32)
So that's a huge thing. I've really leaned on my fellow service members and the people that I served with and I bled with. So you're not alone.

(33:33 - 33:50)
The last thing I like to say is one of TCM's mottos and I just think it's a good motto is to hate less and hack more. So I think kindness is rare in IT nowadays. We have a lot of egos out there.

(33:50 - 33:57)
We have a lot of pretentiousness. We have a lot of gatekeeping. I would say just be nice to each other.

(33:57 - 34:07)
We need more people who are kind. So if you are kind, please work very hard to get into this career field because we need more kind and good people out there. So hate less, hack more.

(34:09 - 34:19)
Great words to live by. Thank you so much, Aaron, for sharing your journey and your insights. You brought a level of energy to the show that I really enjoyed.

(34:19 - 34:48)
So I think there's a lot of value in this episode for transitioning service members, military veterans, and newcomers because it is challenging to break in the field and it can be a complex journey sometimes. So thank you so much for talking about it and encouraging other people to, it's okay, you are going to struggle, but reach out and get support. And yeah, there's just so much wisdom that you've shared and I really do appreciate you for that.

(34:48 - 34:53)
Thank you, Kyser. I appreciate you having me and we'll keep in touch. We definitely will.

(34:53 - 35:04)
So my last question is, where can the audience find you if they want to get a hold of you? I'm on LinkedIn. My name's Aaron Tran. The best place to get a hold of me is also LinkedIn audience.

(35:04 - 35:14)
My website, kyserclark.com. Audience, if you enjoyed the episode, check out another episode. And until then, this is Kyser signing off. Thanks for watching.

People on this episode