[Opeyemi Kolawole] (0:00 - 0:28)

As a red teamer, you have to stay up to date every time you are emulating threat actors. If you are trying to emulate the threat actors, you are trying to go above and beyond. Prepare your mind, it's not an easy peasy or it's not, it won't be an easy journey.

You chose this field, nobody forced you to be here, right? Put in effort to kind of understand the field you are, your specialty, be a better version of yourself every time. Always aspire to learn.

[Kyser Clark] (0:28 - 2:44)

Hi, I'm Kyser Clark and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hello, hello. Welcome to The Hacker's Cache. My name is Kyser Clark.

I have over six years experience in the cybersecurity field and I currently work as a full-time penetration tester. Today I have Opeyemi Kolawole who is a full-time red teamer and he also runs the YouTube channel Hacking Insights that has almost 6,000 subscribers. He has 27 hacking videos on the channel.

For education, he has a bachelor of science in biology. For certifications, probably the longest list up to this point out of all the episodes, so it's going to take a second. He's got the OSCP.

He's got the Hack the Box CPTS. He's got the Hack the Box Certified Bug Bounty Hunter. That's a CBBH.

Hack the Box Certified Defensive Security Analyst, CDSA. He has completed Hack the Box ProLabs, Dante, Rasa Labs, Offshore, and Zephyr. He has the Altered Security Certified Red Team Expert.

That's a CRTE. The Certified Red Team Professional. That's a CRTP.

And the Certified Enterprise Security Professional from Altered Security. That's the CESP. He's got the I&E Security Web Application Penetration Tester Extreme.

That's the EWPTX. The I&E Security Professional Penetration Tester. That's the EPPT.

The I&E Security Junior Penetration Tester. That's the EJPT. Zero Point Security Certified Red Team Operator.

That's the CRTO. Cyber Warfare Labs Certified Red Team Analyst. That's the CRTA.

He has a Certified Ethical Hacker Master, which is both the Practical and the Base CEH combined to make the Master. And then he has a CompTIA Network Plus, Security Plus, and Pentest Plus. And last but not least, he has the Microsoft Certified Azure Fundamentals.

So Opyemi, thank you so much for taking your time and doing this episode with me. Really do appreciate it. Go ahead and walk to your background.

Introduce yourself to the audience and yeah, go ahead and tell us how you got into the cybersecurity field.

[Opeyemi Kolawole] (2:45 - 4:38)

Right. Thank you, Clark. I appreciate the opportunity given to be on this podcast.

My name, once again, is Opyemi Kolawole. I've been in the cybersecurity field for over six years now. I'm currently working as a Red Team Operator with one of the biggest pharmaceutical and health companies in the US.

I have experience in penetration testing as well. I've worked as a consultant to Facebook, which is also known as Meta. I'm proud to have done a lot of consulting jobs.

I have a Bachelor's in Biology, which a lot of people always ask questions about how you pivoted from being a biologist to cybersecurity promotion. It was a great journey for me. I took that opportunity when I moved to the US in the year 2016.

Cybersecurity is something I've always loved to do. Even though I never had the opportunity back in my home country, when I moved to the US, I felt like this is a great opportunity for me to dive more deeper into what I enjoy doing more. That's when I started my career in the cybersecurity space.

Overall, I would say I've been enjoying the journey so far. Currently working as a Red Team Operator, which is a very, very fantastic opportunity for me and a great privilege to be part of the great team and also to have the opportunity of constant learning from my job at the same time. Being a Red Team Operator is very, very challenging and it requires a lot of effort to put in in terms of studying, training and all that.

That's why you see I have a lot of certification. I never stopped learning. I never stopped doing training.

It's a great opportunity to be here and I appreciate the moderator for bringing me in today.

[Kyser Clark] (4:38 - 4:49)

Yeah, man. Thanks for being here. What made you go from being in biology to infrastructure security?

That's quite the difference in the realm of expertise. What made you make that jump?

[Opeyemi Kolawole] (4:49 - 6:28)

I've been playing around with computers ever since I've been in high school, high institution. I know a lot of people. I know a lot of things about computers, but you know something about scripts, you do something you don't even know what you do.

You don't understand the technology behind it. So I'm kind of that person when I started my career, you know, learning about computers. But when I was trying to learn more about cyber security, I never had a chance.

Back in the days when I was trying to go to the university, get an admission, I wanted to study something on computer related courses and that, but no opportunity for me then. So even though I was a biologist, but at the same time I was learning computer on the side, you know, so it's more like doing what you enjoy doing. Just have the opportunity to, even though then let me say internet wasn't like this.

It's very, very difficult to even, you know, have access to internet then. So it was kind of challenging for me during that process. But when I moved to the United States, I was like, this would be a great opportunity for me to start another career of what I enjoy doing more.

So when I moved to the US, I started with an organization as an internship student. So which lasted for about six months. So after that, I was given opportunity to start working with the organization, which I was there for about two years.

And that is how I started my career in the cyber security space.

[Kyser Clark] (6:28 - 7:42)

Thanks for sharing your journey. It's definitely inspiring, especially those who are, you know, coming from a different background, because that's why I'll ask that question, because a lot of people, they want to be in the information security field, but they don't have, you know, the experience in it, and they're coming from a different field, and you can make the jump. Before I joined the military, the United States Air Force, I went into cyber defense operations in the US Air Force.

Before I did that, I worked in oil refineries, I did, I was an industrial painter, sandblaster, I removed asbestos, and I removed lead paint, and oil refineries and chemical plants, like it's completely not even similar to this, you know what I mean? And I didn't like that job. It was, to me, it was a dead end job.

And it was, you know, extremely dangerous and extremely hazardous to my health. And, you know, I, every day I got off work, I'd play video games and build computers and tinker with computers. And that's what I enjoyed doing.

And I was like, Well, I gotta I gotta go into, I heard about cyber security was, you know, sort of pick up steam, you know, this is back in 2016. When I made the leap. Because I joined the, I joined the Air Force in 2018.

And yeah, I was like, you know, I got to get into that field. And yeah, I never looked back ever since I enlisted in the United States Air Force.

[Opeyemi Kolawole] (7:43 - 7:46)

That's interesting. I'd love to hear that.

[Kyser Clark] (7:46 - 8:40)

Hey, I wanted to tell you about my new cyber security insider list, where you get raw, unfiltered cyber security advice, tips and hot takes, plus exclusive first looks at my content delivered directly to your inbox every single week. No flow for spam, just valuable content. Head over to Kyserclark.com slash newsletter and level up your cyber security knowledge today. Once again, that's Kyserclark.com slash newsletter. There's also a link in the description. Alright, now back to the show.

Alright, so let's go ahead and dive into our rap fire questions. So for those who are new to the show, Opagamey will have 30 seconds to answer five rapid fire questions. And if he answers all five questions in 30 seconds, he's going to get a bonus six question unrelated to cyber security.

So are you ready for the rap fire round?

[Opeyemi Kolawole] (8:40 - 8:41)

Yeah, let's do it.

[Kyser Clark] (8:41 - 8:49)

All right, your time will start as soon as I stop asking the first question. Have you ever collaborated with law enforcement on a case?

[Opeyemi Kolawole] (8:52 - 8:52)

No.

[Kyser Clark] (8:53 - 8:55)

Do you think cyber security jobs are stressful?

[Opeyemi Kolawole] (8:57 - 8:58)

Yes, I believe so.

[Kyser Clark] (8:59 - 9:01)

Is it better to be a specialist or a generalist?

[Opeyemi Kolawole] (9:02 - 9:04)

It's better to be a specialist.

[Kyser Clark] (9:05 - 9:07)

Most overused cyber security buzzword?

[Opeyemi Kolawole] (9:08 - 9:08)

I'll pass on that.

[Kyser Clark] (9:10 - 9:15)

Have you ever ran into an ethical dilemma while working in an office security role? Yes or no?

[Opeyemi Kolawole] (9:17 - 9:18)

Yes.

[Kyser Clark] (9:19 - 9:21)

Most overused cyber security buzzword?

[Opeyemi Kolawole] (9:22 - 9:23)

I'll pass that to you.

[Kyser Clark] (9:25 - 10:40)

All right. So I actually asked that question on episode one, actually. And the most overused cyber security buzzword for the episode was zero trust.

And that's my preferred cyber security buzzword. But if I had to come up with the second one, that is hard. That is a hard question, because like I think it's zero trust.

But I'm trying to think of another one that's not zero trust, because we already talked about zero trust on the show. So let me think here. Let me.

Yeah, I'm drawing a blank. I think zero trust is my favorite one. Most overused cyber security buzzword.

Maybe AI, artificial intelligence. Maybe that might be one you can throw in there. But I think AI is truly the future.

So I don't think putting it in a buzzword category is fair. But it definitely can be used as a buzzword, because there's a lot of people that talk about AI, but it's not really AI. It's kind of just like a program that does things.

Because there's definitely a lot of products out there that say, yeah, we have AI in our product, but we don't actually know what AI really is. So your most interesting response, I would say, do you think cyber security jobs are stressful? So I want to know why you think cyber security jobs are stressful.

[Opeyemi Kolawole] (10:43 - 13:05)

Cyber security jobs are stressful, isn't it? Because I'm currently working in the cyber security field, and I can say from my experience, especially on the offensive security side, due to the fact that it's very, very challenging, makes it stressful. Let me use the example as a red teamer, you have to stay up to date every time you are emulating threat actors.

So if you are trying to emulate the threat actors, you are trying to go above and beyond, shifting away from your comfort zone, staying up to night, learning stuff. That alone is very, very stressful. Combining different skills, trying to learn malware development, trying to learn coding, trying to learn how to bypass invasion techniques, and all those things can make the job very, very stressful.

That's why I said it's very, very stressful from my experience. And I would say most of the time, this is why it's very, very important to take breaks. So just to get refreshed, get your brain refreshed, get your mind refreshed.

And if it's not that stressful, then I would say cyber security. Because I can categorize it from my own field. I don't want to talk on behalf of someone else.

But from my experience working in the offensive security space, it's very, very stressful for me. Even though I find it interesting, because I love what I'm doing. So that helped me not to think about the stress, because I enjoy what I'm doing.

And I'm learning every time, learning more about it. So that helped me, you know, do the stressful part of it. But overall, I would say cyber security is very, very stressful.

It's a very, very stressful field to be in. If you don't have the mind, if you are not ready, I always tell people, especially people who are upcoming, prepare your mind. It's not an easy PC, or it's not, it won't be an easy journey.

But trust me, if you put your mind and effort and you always aspire to learn, definitely will come true. But overall, once you get in, it's a very, very stressful field.

[Kyser Clark] (13:06 - 15:02)

Great insights. Yeah, I agree with you there. It is stressful.

From my perspective, it's stressful. Because, you know, I work in consulting. So I'm doing, you know, one week or two week engagement, sometimes three.

So I'm just doing back to back to back to back pen test. And every time is a new environment. So I have to learn this whole new environment every time.

And then it's stressful, because it's like, you don't know if you're missing something, you know, I mean, you can never know. You're like, you know, I did all my tricks that I know, but I don't know everything about everything. So I might have missed something.

And I probably did miss something. And that stresses me out. You know, and then you got deadlines and report writing, like, like, did I write this the right way?

Is this clear? This understandable? Like, it makes sense to me.

But does it make sense to the person going to read this report? And then yeah, it's a it's a lot. And then on top of that, like you said, there's a lot to learn.

And there's a million different, you know, courses are different. And there's, there's like 450 different certifications out there. It's like, well, which ones do I go after?

What certifications do I actually do? Which courses I actually do. And it's overwhelming, because there's so many options.

And it's impossible to know everything about everything. And that's what makes it hard, in my opinion, and stressful. You know, I use, like I said earlier in the episode, like I used to work in oil refineries.

And that's like a, like, when I worked there, like it's stressful, because like, you know, that's hazardous to my health. And like, it's, it's a dangerous profession. So I don't have that kind of stress anymore.

You know, I work in an office. And, you know, I'm not really worried about getting mesothelioma anymore. And I'm not worried about getting lead poisoning anymore.

But at the same time, you know, I still have to, well, what I worry about now is like, oh, am I getting out of shape? Because, you know, when I worked a manual labor job, like I was, you know, always doing activity outside. And now I'm like, well, am I working out enough?

So it's a different kind of stress. You know, it for sure is stressful.

[Opeyemi Kolawole] (15:03 - 15:04)

Right. I agree with you on that.

[Kyser Clark] (15:05 - 15:24)

All right. So let's go ahead and dive into our main discussion here. So I want to know more about the Cyber Warfare Lab Certified Red Team Analyst.

I've never heard that certification. Can you briefly explain what that certification is about and how it compares to some of the more common and more popular certifications for pen testers and red teamers?

[Opeyemi Kolawole] (15:24 - 18:17)

Cyber Warfare Lab Certified Red Team Analyst is a very, very good certification. A great way to start as a red teamer. Someone wants to become a red teamer.

I did a certification. I think that was my first after IJPT. That was my kind of first certification that I would say is very tough for me then.

The certification is really good. I like the way it is structured in terms of the content. The course material is good.

And the training, the instructor, you know, explains everything in detail. Especially when you're a beginner, it's easier to understand from the teaching. So someone who doesn't have prior experience in, you know, pen testing or maybe in any kind of hands-on is a very great way to start.

So the certification environment is about simulating an active directory environment about four machines, I would say. I can't really remember. But the exams are not too tough.

I would say I would categorize it in easy to kind of intermediate level. But then when I wrote it, it was, you know, I never had much experience. And I'm learning every time, every day.

So then it was a little bit challenging for me, even though I passed it at my first attempt. But it kind of helped me to understand a lot about red teaming, penetration testing as a whole, and give me more insights in terms of the technology, the tools, how to use them. And overall, all those, you know, trainees is very, very applicable in the real-world scenario.

So all the knowledge, all the technical techniques, all the skills you gain from the training can also be transferred into the real-world experience. So the certification is something I always recommend for people who are just getting started. I always say before you write CRTP, go for that first.

Go for that. Try that first. Then from there, you can move to the CRTP, the writing professional.

But the writing analyst, I found writing analyst by Simon Wolfey is a very, very good certification for a start. For someone who's trying to become a writing man, it's a great way to start. The training, the training is perfect.

Teaching is perfect. The material is perfect, 100%. I give it to them.

And overall, the exam lab, the exam lab is stable. Very much stable when I did it. No issues at all.

I was able to navigate around the environment easily. So it's a good certification, and I would definitely recommend it for anyone who's just getting started in the field of pen testing.

[Kyser Clark] (18:18 - 18:49)

Interesting. That's good to know. I never, like I said, I never heard of that cert and learned more about it.

I definitely need to check it out and do some more research on it. It's good to know that you think pretty highly of it. Sticking with the realm of certifications here.

So if you, so you have a lot, if you had to choose just one, like if someone just like was trying to get their first pen testing job, like what is the cert that's going to help them the most? Like either get the job and then, you know, be an all-star, you know, day one on the job. That's a loaded question.

[Opeyemi Kolawole] (18:50 - 18:53)

That is a very tough question.

[Kyser Clark] (18:55 - 18:57)

You can provide a few if you need to.

[Opeyemi Kolawole] (18:58 - 20:40)

Based on my experience with all the certifications that I have, if I would recommend one in terms of getting a job, bringing out the best in yourself in the job environment, I would say CPTS. I would recommend CPTS. The only downside of CPTS is it's still very new, you know.

So I think it was, I'm not sure if it's almost two years, if it's two years already. So it's pretty much new certification which need a lot of, you know, time to get recognized by, you know, HR and potential employers and all that. But CPTS is, I would recommend the certification for, you know, if you want to hit the ground running whenever you, you know, land a job, it's definitely the right certification.

I would have said OSCP, but OSCP is not as tough as CPTS. And even though the exam is structured differently, but in terms of getting the, you know, the required skill, getting the required skill, I would still pick CPTS because it's similar to reward penetration testing. Compared to OSCP, that is kind of more CTF-like.

I enjoyed the active director environment in OSCP, even though it's a very small lab environment compared to CPTS, but it was challenging for that when I did it. So, but to answer your question, once again, I would still recommend CPTS so far.

[Kyser Clark] (20:40 - 21:07)

That's another one for CPTS, everyone. Yeah, you're not the first person to, you know, highly recommend CPTS. Everyone speaks extremely highly of it.

The thing I keep running into is like, yeah, the only downside is it's new and not a lot of HR people know about it yet, but it's catching up to the OSCP very fast, it sounds like. So, it sounds like I need to get on the CPTS immediately to level up my pen testing game for sure.

[Opeyemi Kolawole] (21:08 - 21:09)

That'd be fun.

[Kyser Clark] (21:10 - 21:23)

Out of all your certs, what was the most challenging certification lab? Like, which one gave you the most trouble? Like, which one did you fail the most or which one did you almost fail?

Like, talk about like the hardest one.

[Opeyemi Kolawole] (21:24 - 23:07)

Ah, the hardest one so far. I'll still say CPTS. Yes, CPTS.

I know I've done a lot of certifications. I've run through a lot of challenges in all those certifications, even in OSCP. I remember when I was doing the active directory lab, when I solved the standard log machine, I was working on the active directory and I spent about six hours on it without even getting, you know, having a perfect direction to go.

So, it was challenging as well. But CPTS is on another level. I almost failed it because I know the exam is about 10 days.

I was able to finish the lab on the ninth day and I have only one day to write report. So, it was very, very, very, very challenging. CPTS is the most challenging certification I've ever written so far.

I will rate it at the top. Maybe I can now say after that, I'll still pick CRTO than before OSCP. Even the Hayland Security Certified Pensioner Testing and Streaming, that one also is on another level.

All those certifications, they are very, very crazy on their own different levels. But the challenging, most challenging certification is CPTS for me, that's about it.

[Kyser Clark] (23:07 - 23:50)

All right, that's good to know. Yeah, just another point for CPTS, it just keeps racking them up, it keeps slamming all those other ones. So, my next question is, so, has having a lot of certifications ever negatively affected you?

So, the reason I'm asking that is because there's a lot of people who, you know, they're certification haters, you know. I have a lot of certifications, I have 13. And, you know, I've been told like, oh, you have too many certifications.

And, you know, it doesn't equal, you know, real world experience. And people talk about how people with a lot of certifications, they get into the job and they can't perform well. So, have you ever had any issues with someone saying like, oh, you have, you know, too many certifications and it doesn't look good or anything like that?

[Opeyemi Kolawole] (23:51 - 28:09)

I've seen a lot of criticism on that, even to me personally. But one thing about me is I write certifications for my own development and training, personal growth, not because of the paper. The paper is just, you know, a proof of your achievement.

But for me, my main goal, my major reason for certification writing multiple certifications is because I want to learn more, I want to train more, I want to upskill myself and all that. So, and the thing, one thing I always tell people is having a lot of certifications helped me land my first job. I landed my first semester job because I have a lot of certifications, hands-on certifications.

The employers, even the funnest part of it is when I was hired, they hired me for, not because of the skills, my skill was just an additional. The major role was, I never had experience on what they hired me for, you know, but because I have some soft skills and some software skills and all that, so that kind of helped me to give, you know, give the employer potential, you know, give me insight about, let's give this guy an opportunity to work with us. So, the one thing that I always say is certification, if you are applying for a job, for example, and if two people are applying for a job, one person has a lot of certification and the other person doesn't have certification, right, the recruiter will pick the first, the person that have a lot of certifications to reach out first.

If they're trying to weigh the options, they will first reach out to the person that have a lot of certification. So, those are the example, those are the ways these certifications help on your resume. It's, you might be saying, okay, you're doing training, you're, but at the same time, adding those into your resume helps a lot.

I, I was, most of, whenever I was, when I was applying for a job, I get multiple interviews every time. A lot of people don't get interviews, they're always like, well, how did you get it, and how are you getting interviews, you know. So, certification, I would never ever, you know, say anything negative about it, even though everybody have different opinion about it, but for me, it's something I love to do for my own personal growth and development.

At the same time, it's helping on my resume, having those certification, and I've received a lot of criticism on that, that you have a lot of certification, why are you doing this, you are wasting your money. I was like, don't worry about it, let me be worried about that, you know. So, yeah, it is, I mean, it's one of those things that help everybody with their own different opinion, but it is what it is, and I never, I will never stop, you know, training or learning because of, you know, negative comments or that certification.

If I see a certification I love, and I love the training, or I want to be a part of the training, I will sign up for it and go for it. Not because of the paper, but just because of the training that now we, you know, all the knowledge that we acquired because of the training. And another thing I want to add to that is, well, all those trainings are transferable, all the skills are transferable to the job.

I've done a lot of puppeting engagement, I've done a lot of pen testing, we perform all these type of attacks that we do in the lab, we perform same thing in the real world. So, it's still the same skill, the only difference is, you know, we have a lot of security stacks in the corporate environment compared to your training lab, you know, but it's still the same skills, it's still the same tools that we use in the lab that we still use in the corporate environment. So, it's still very, very much useful when you're taking a lot of training.

So, I won't say anymore to stop taking training certification because someone, you know, gave a negative comment about it.

[Kyser Clark] (28:09 - 30:29)

Yeah, I've received some negative comments about it, but overall, you know, like I said, I had 13 certifications and I do the same thing as you, like I don't, I'm not chasing the paper, I'm just learning. My goal is to learn, you know, three or four new tips and tricks and if you can learn three or four new tips and tricks and add it to your tool belt, then that's really what a certification is to me and to keep your skills sharp on the existing skills because a lot of those certifications overlap, you know, and I really do take the same approach as you, you know, I don't look at it like, you know, chasing the paper, especially now since I got a full-time penetration testing job. Right now, it's just, I want to provide my client more value for their pen test and the way I do that is I have to keep training and because like I said earlier, I don't know everything about everything. So, if I can learn three or four new things from each certification I get, then that's, I think I provide so much value to everybody.

Yeah, like you said too, like having a lot of certifications has been nothing but good to me. I mean, there's no recruiters and hiring managers that look at certifications negatively. I think the negative comments are usually from people who don't have certifications either because, you know, for various reasons, I think it's because they can't afford them and maybe they're a little jealous or maybe they just don't have the skill set or they don't have the time to study this stuff.

So, I don't know. I think that the negative comments are just more from a place of jealousy rather than, you know, actual constructive criticism, you know, because like someone who has a lot of certifications will never critique you for having a lot of certifications, you know, but it's been nothing but good to me and I have no plans on stopping anytime soon. I mean, I'm slowing down the rate I'm getting certifications because I'm going after harder ones.

So, I'm not cranking them out as fast as I used to because they're getting harder and harder, but I still want to get, you know, more certifications under my belt. So, they definitely, I think honestly certifications have been number one key to success for my career and like I said, I always, I get two or three recruiters hitting me up every day, every day. They're like, hey, are you in the job market?

And I'm like, no, I got a job. Thanks.

[Opeyemi Kolawole] (30:30 - 30:34)

Right. So, yeah, it's always helped no matter what. It always helps on your resume.

[Kyser Clark] (30:35 - 30:59)

All right. Well, I noticed, I couldn't help but notice that you have like 14,000 followers on LinkedIn and you have almost 6,000 YouTube subscribers and I want to know some like tips and tricks that you can provide to help someone grow a YouTube channel, a LinkedIn profile and just overall building a self-brand. So, like what are some keys to success to building your following in the FOSTECH field?

[Opeyemi Kolawole] (31:00 - 35:20)

I think for me, I started my LinkedIn in the year 2022. I started doing it. It's happened so fast.

You know, my intention was just to start building networking on my LinkedIn, nothing serious. So, what I always do then is just I do track me a lot. Then, I was always spending my time on track.

Two years ago, I've been posting on my computer lab on my LinkedIn page. So, I started getting more followers. So, I started building up, building up, building up.

If I see something or whenever I practice anything, I post it on my LinkedIn, share it with people. The basic reason for that is to, I feel like giving back to the community is very important. If you learn something, it's good to share with others.

There was a GitHub page I found recently that I can use, you know, set up a pivoting lab. I've never seen it before. I was just, you know, browsing around the research and I found it and it's a very powerful lab that has about seven machines.

It's a very, very cool lab. It's a very, very stable lab. You set it up on your Kali and you learn pivoting and all that.

You have multiple machines. I shared it on my LinkedIn. A lot of people never heard about it too.

So, something like that is what I always, you know, push forward to make people, you know, understand and see how you can, you know, give back to the community, how people can learn from you at the same time. I also share your own experience. So, that's how I was growing my LinkedIn profile.

Then on my YouTube, I had my YouTube a long time ago, but I never used it. But recently, I started using my posting on my YouTube in about, it's never up to a year now that I was very, very active trying to, you know, post videos and share knowledge on my YouTube. So, most of the time, I was like, I don't know how this grows so fast like this, but I just kept doing what I love to do, sharing knowledge and ideas.

At the same time, it's helping my channel to grow fast and, you know, bringing more audiences and all that. So, I think the secret to that is, as a security professional, don't always put yourself out, let me say. Nobody will know you or nobody will look into your profile, nobody will check your page or your YouTube channel if you're not putting yourself out, right?

So, if you're in that school, we call branding, you brand yourself, you know, let people know about you, let people know what you're doing. And from there, people can also learn a lot of things from you, from your page, from your channel, you know. So, networking, putting yourself out, branding yourself is very, very important in the cyber security space and it has also been helping me.

However, it's not easy to, I know you have your own YouTube as well, I believe, you know what I'm saying, it's not easy to make videos, coming up with different ideas and sharing knowledge just like that. So, it's gonna be challenging sometimes working full-time, I sometimes I want to make a video, you know, we're staying up late doing some research. I know it can be very challenging but the thing, like I said before, you have to have passion for this, you have to be committed, you have to love this before you can achieve it.

If you don't love what you do, that would be like a barrier for you to achieve your goal in this field. So, for the fact that we love what we do, that's why we put in a lot of efforts to, you know, spend time, make something, make videos, share knowledge, ideas or not. So, that is how, that is the concept behind my pages and how it's been going in a couple of months now and I'm looking forward to, you know, putting out a lot of more, you know, knowledges and more videos out there for people to watch as well and also to learn something from.

[Kyser Clark] (35:21 - 35:29)

Great insights, thanks for sharing. So, final question, we're running out of time. Do you have any additional cybersecurity hot takes or hidden wisdom you would like to share?

[Opeyemi Kolawole] (35:30 - 37:46)

Number one thing is always stay up to date. Why I said that is because I always tell people you chose this field, nobody forced you to be here, right? Nobody forced you to become a cybersecurity professional, nobody forced you to become a retina or a plutum or a pen tester.

It's what you chose, you know, that is what you chose and if you have passion for it, you should always, you know, put in effort to kind of understand the field, your specialty, you know, be more, be a better version of yourself every time. Always aspire to learn. This is a very, very wide field.

Nobody knows everything. We are all learning every day, every day, new technologies, every day, new zero-day vulnerabilities, you know, things like that. So, it's an evolving field where you just have to keep learning, learning and if you're kind of a lazy person who doesn't want to learn, this field is not for you but I believe for every cybersecurity professional out there, we chose this path.

Let's try to stay up to date. Let's try to make sure we learn something. Let's try to set goals.

For me, I always set goals every year. Okay, this year I want to have this certification. I want to work on this certification.

Okay, this year I want to really take this training. This is what I want to learn. Like this year, I told myself I want to learn more about the cloud because I never had a cloud experience and I believe I'm lacking the skills on that.

So, I was like, okay, let me take training for cloud environment to learn more about cloud security and all that. So, I set goals every year what I want to achieve. I believe as a security professional, we also should emulate something like that, you know, set goals, have a plan, you know, work towards it and from that you learn a lot things, gaining more knowledge, gaining more experience and overall, you know, what we do is to help, you know, help organizations to secure their IT infrastructure and environment.

That's what we do and by doing that, we are learning more and that will also make us to be a better version of ourselves.

[Kyser Clark] (37:46 - 37:51)

Great insights. Thanks for sharing. Okoyemi, where can the audience get a hold of you if they want to connect with you?

[Opeyemi Kolawole] (37:52 - 38:14)

Most of the time, always on LinkedIn. I respond so fast on LinkedIn. LinkedIn, I would say, is the best way to reach me.

In case you have any questions, if you want to collaborate on anything or to do a training together, do some labs, whatever you want to do, LinkedIn is the best way to go for me. I respond quickly and I'm most always active on LinkedIn.

[Kyser Clark] (38:15 - 38:56)

Perfect and LinkedIn is the best way to get a hold of me as well, audience and my website, KyserClerk.com. Okoyemi, thank you so much for taking your time doing this. It's been a pleasure.

You've provided a lot of insights, so thank you so much for being here. And audience, if you haven't reviewed the show on Spotify and Apple Podcasts yet, I would really appreciate it if you drop the five-star review. That'd be the number one way to support the show right now, so if you do that, I'd really appreciate it.

If you're watching or listening on YouTube, like the video and drop a comment. Let me know what you want to see on the show going forward. Until then, thanks for watching.

Thanks for listening. This is Kyser, signing off.