[James Scott] (0:00 - 0:34)

It took me three years to get a contract basis with the company and then it took me a little while longer to get my a full-time job. I'm not the typical 70 percenter that just does their eight hours a day and does the bare minimum to get by. I'm not here to play games.

Quitting is not an option. How much sacrifice are you willing to make? There's so much competition.

You need to get as much education as you can and research as you can. You need to separate yourself from the average. This is not easy, so suck it up buttercup and stay persistent and you'll make it.

[Kyser Clark] (0:34 - 2:30)

Hi, I'm Kyser Clark and welcome to The Hacker's Cash, the show that decrypts the secrets of offensive security one bite at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hey, before we start the show, I want to let you know that I'm going to start doing monthly Q&A episodes where I answer your questions in as much detail as possible. So if you want your questions answered, drop them in the comments on the YouTube channel or email me at Kyser at Kyserclark.com. Once again, it's Kyser at Kyserclark.com and I'm looking forward to hearing your questions. I'm looking forward to giving you a detailed response to those questions. Hello, hello, welcome to The Hacker's Cash. My name is Kyser Clark.

I've been in the field for over six years now and I currently work as a full-time penetration tester and I'm here to help you grow your hacking and cyber security knowledge. Today on this episode, I have James Scott who was a human resource specialist in the U.S. Army for about five and a half years, then did some digital forensics for almost two years, then he was a common operational picture manager for just under a year, did some junior pen testing for just under a year, and is now a cyber security test engineer slash penetration tester and has been in the current role for about a half year now.

For education, he has a bachelor of science in cyber security and is currently working towards his master's degree in cyber security. For certifications, James has the offense security certified professional, that's the OSCP, the certified red team professional is the CRTP, the practical network penetration tester is the PNPT, and the junior penetration tester that is the EJPT. So James, thank you so much for taking your time and coming on the show.

I really do appreciate it. Go ahead and walk through your background and introduce yourself to the audience.

[James Scott] (2:31 - 3:34)

Hi, I'm James. My background for the last 10 years, I've spent several years in the Army, in the U.S. Army Special Operations Command. I did human resources.

I went in for a second, did some time there and ended up being human resources. So while I was there, I got some really great training, got out of the Army, went to go work for a contractor in support of the Joint Special Operations Command doing digital forensics. Spent about four months in Afghanistan doing battlefield forensics.

Ended up leaving there, did some time in the other part of the command doing common operational picture, so maps and real-time feeds and stuff. That was pretty cool. But my passion has always been offensive security, and I wanted to get there.

So I went back to school, finished out my bachelor's, worked on several certifications and linked up with the right people on LinkedIn and security conferences and kept pushing. And before you know it, now, you know, four months into my first full-time role as a penetration tester. Happy to be on your show.

[Kyser Clark] (3:35 - 3:46)

Thanks for walking through your background. So the first question I have for you here is kind of related to your background. So what was the most challenging aspect of landing your first pen testing position and how did you overcome it?

[James Scott] (3:47 - 5:59)

I would say the hardest was really standing out. It was about getting the qualifications that I needed to get past the gatekeepers. And standing out enough where they would actually take the time to look at my interview out of the hundreds of interviews that they, or the hundreds of applications that they actually get for, like, say, a junior role.

I've seen anytime I looked for a junior role, it was hundreds or a thousand applicants on LinkedIn or wherever. And I know you only get to spend so many seconds or very few time per, so you really got to stand out. That was the most difficult part.

I got through that one. I ended up linking up with another pen tester on LinkedIn, you know, networking. Then he referred me to another guy.

He goes by the bow tie security guy on LinkedIn. His name is Robert Westing. Amazing guy.

We talked about challenges and things and he gave me his resume and it looked a little different than what everybody else was recommending, which was like a one page. And his was like four. And I was like, okay, I'll give this a shot.

Redid my resume. He reviewed it, made a few corrections. And then I started, you know, every, I had a tailor for every single job.

I got pretty good at that because in a two year time span, I sent out 12 to 1300 applications. Finally, I started getting interviews, calls, emails, just from nothing for a very long time, which is, you know, very soul crushing and heartbreaking on a daily basis to get nothing but denial emails or just nothing to an overwhelming amount of recruiters and everybody calling you. And somebody allowed me to have a couple of interviews.

I didn't, it took me a couple of interviews. I did horrible in some interviews, but be persistent, keep pushing and study with ChatGPT and kept pushing. And I did really well with the particular interview and it pushed forward.

And then I did a CTF and then I did the report. They reviewed it and they were like, okay, we'll give you a shot. And now here I am on a full-time basis.

[Kyser Clark] (6:00 - 6:35)

Nice. Congratulations on that. And good on you for overcoming this struggle.

You said 1200 to 1300 applications. That's a lot. That's way more than I ever have done.

I've only probably done like maybe a hundred, 150 or so, but you said something that really stuck out to me and that was the four page resume. So that's really against the grain of what a lot of people teach and say. I've always told people, yeah, you want to keep it two or under.

So I'm kind of curious on how did taking your one page resume and expanding it to a four page resume, how did that work and why did that work? Do you think?

[James Scott] (6:36 - 7:33)

It worked because it allowed me to demonstrate on paper a little bit, a little bit about my work history. And then of course, you got to have a pretty decent section for additional experience like CTF challenges, conference experience, scripting languages, personal projects. That's a little bit of a section.

It took a little bit to put it all together. It just kind of added up real fast. So honestly, I really don't know, but what the magic key is to that, but it worked.

So I was always told anything more than that's a little excessive, but on the private sector resumes, I would say that's, it's a really good stopping point. When you get into the federal resumes, you're going to be looking, I think my federal resume right now is like nine to maybe 11 pages with everything. And that's with all the spaces removed.

It just depends what type of, what you're actually applying for.

[Kyser Clark] (7:33 - 7:38)

So the federal resumes should be longer and then the private ones should be shorter is what you're saying?

[James Scott] (7:38 - 8:08)

Yes. Federal resumes are pretty easy. You can go to usajobs.gov, plug in all your information, and then you can tell it to create resume. And then you can print the PDF and there you go. But it usually has more information like federal resumes will have salary information, how many hours you worked, location, clearance level, different things like that, where like a private sector might not get be omitted.

[Kyser Clark] (8:08 - 9:29)

That's good to know about resumes. I'm sure the audience got a lot of value out of that because resume is one of those, I don't know, it's really hard to get resumes really down, honestly. And everybody wants different types of resume.

Every company wants different types resumes and every recruiter and every coach, they're going to recommend different things. So that's good to know that the federal resumes are long. I have heard that, but I haven't actually seen it in practice, but I've also, I've never applied for a federal job.

So I don't, that's good to know though, if I ever do apply for a federal job. Hey, I wanted to tell you about my new cyber security insider list where you get raw unfiltered cyber security advice, tips, and hot takes plus exclusive first looks at my content delivered directly to your inbox every single week. No flow for spam, just valuable content.

Head over to Kyserclark.com slash newsletter and level up your cybersecurity knowledge today. Once again, that's Kyserclark.com slash newsletter. There's also a link in the description.

All right, now back to the show. Let's go ahead and get into our rap fire questions. For those who are new to the show, James will have 30 seconds to answer five questions.

If he answers all five questions in 30 seconds, he will get a bonus six question unrelated to cyber security. James, are you ready for the rap fire round?

[James Scott] (9:29 - 9:30)

Yes.

[Kyser Clark] (9:30 - 9:40)

Your time will start as soon as I stop asking the first question. Here we go. What is the most critical security vulnerability today?

[James Scott] (9:43 - 9:43)

Misconfigurations.

[Kyser Clark] (9:44 - 9:46)

Favorite hacker movie, show, or game?

[James Scott] (9:48 - 9:51)

Hacker Jeopardy at security conferences.

[Kyser Clark] (9:52 - 9:53)

Favorite hacking tool?

[James Scott] (9:58 - 9:59)

Something I create on my own.

[Kyser Clark] (10:00 - 10:01)

Best hacker alive today?

[James Scott] (10:10 - 10:11)

I don't know their name.

[Kyser Clark] (10:13 - 10:18)

Multiple certifications or a degree, which is more valuable to a cybersecurity career today?

[James Scott] (10:21 - 10:22)

What was the question again?

[Kyser Clark] (10:25 - 10:30)

Multiple certifications or a degree. What is more valuable to a cybersecurity career today?

[James Scott] (10:31 - 10:31)

Both.

[Kyser Clark] (10:32 - 10:58)

All right. So that was over 30 seconds. So we're not going to do the bonus question, but don't worry about it.

I mean, not that many people get the bonus question. It is hard. You have to answer that.

The fourth question, best hacker alive today. That's a tricky one. And I don't know what I would say for that one either, but I do like your response to that one where you said, I don't know.

And that's, that's honestly the answer. And it's like the best one is the ones we don't know because they got away with it.

[James Scott] (11:00 - 11:01)

They do every day.

[Kyser Clark] (11:02 - 11:28)

So I think what I want to dive into is, so you said your favorite hacking tool was the one you create yourself. And I want to know what is your process when it comes to creating hacker tools? Do you create hacker tools because a tool doesn't exist in a capacity that you want it to work?

Or like what is really the thought process on like why you would create a tool? And then how do you go about creating a tool? Like what are you, what are you trying to do?

[James Scott] (11:29 - 12:00)

Well, essentially there are thousands and thousands of tools. Essentially they exist and add over time because the capability wasn't there previously, or it wasn't good enough to provide what they needed, or there's something, a better way to do it. I would say the best tool is, is when you're in a situation when you can't find the right tool and you have to create the capability you need to, to provide, to get the resources that you want.

And I would say right tool, the right time, you know, that's all it takes with the right mindset. So of course.

[Kyser Clark] (12:01 - 12:07)

What do you write your tools in to use like bash scripts, Python scripts, all the above, some other languages, like what's your go-to languages for those?

[James Scott] (12:08 - 12:41)

I started writing my own tools in, a long time ago, 96. So batch initially in DOS, in Windows 95. Eventually I found, fell in love with Linux and then I started using bash.

And I know Python is there and got a little bit of scripting with that, but mainly I stick with bash just because it could be easily put together and troubleshooted because, you know, it takes a couple times to get right. And I just felt like that's the easiest way to go.

[Kyser Clark] (12:42 - 13:02)

And while you were talking about that and talking about programming, I thought about something that I haven't asked on the podcast before. So you're going to have the luxury of being the first one to get this question. It just popped in my mind.

I wasn't planning on asking this today, but programming, how important is it for someone to know programming and cybersecurity and hacking? How critical is it?

[James Scott] (13:02 - 14:28)

I would say at a junior level, it's really not, but I would say when you start working up to a mid or more advanced level, then it's essential just because from what I understand so far, there's a lot of junior jobs where they want you to do source code review. You need to understand how it's put together, what it does, what's the purpose and how it operates. And if you don't have the development mindset, it's going to be very difficult to do that.

The best way to understand something is to use it to create something. So if you don't know how to understand how to hack web applications, the best way to start is to build a foundation of creating and developing a website. And then you can start picking apart and understanding how it's configured and the mechanisms and all that good stuff.

But with development, I'd say that eventually you're going to reach a point in time where you're going to go from just using tools to get a result to you're going to develop to where you're going to have to start asking strategic questions. What am I looking for? What are the things I'm looking for?

What is it? What is it doing? Then you're going to say, okay, what tools do I need to answer that question?

And sometimes you're not going to have a tool or it may not work perfect. And sometimes it's just easier to create your capability to provide the answer to your questions.

[Kyser Clark] (14:29 - 14:38)

And if someone wanted to learn how to program and script, what do you recommend as places to learn those skills?

[James Scott] (14:40 - 15:08)

Well, I know Google has a couple of resources. TCM Security has some good resources. Zero Point Security has some good resources.

Zero Point Security has a Rust course. I think it's pretty great. I know that colleges usually have programming courses, but for more for the free stuff, there's just, you pretty much just go to Google and type in free resources for this and you're going to find several.

That's just a good place to start.

[Kyser Clark] (15:08 - 15:19)

Good to know. So I'm going to rewind and go back to your background a little bit. So I want to know how has your digital forensic experience contributed to your current work as a penetration tester?

[James Scott] (15:20 - 16:42)

I would say for trying to, you know, being new to digital forensics and really understanding the purpose and what you're looking at, you're looking at a deep dive into Windows operating systems, cellular devices, and how they operate. And then you're making a bit for bit copy of that device and you're making an image of it and you're running tools against it and you're analyzing it, things like that. My thought process coming from a hacker's view is how can I use forensics to make me better as a hacker?

Can I understand the system better? Can I understand where things are stored better? Things like that.

So I would say my thought process is now I maybe have a better understanding, a more focused or strategic outlook on where I'm going to target. For example, if I wanted to pull, use volatility, for example, to pull, do a memory analysis. Maybe I want to look for passwords.

Maybe I want to see deleted files from the recycle bin. Maybe there's passwords. You know, just that thought process, you know, what's out there that I can't see right now that from a hacker's view, I'm like, I want that information.

I want to know what's there. Can I use that information to get me further in the system?

[Kyser Clark] (16:43 - 17:40)

Yeah, that's a really good point you mentioned. I probably need to take a digital forensics course so I can better understand it. I was actually recently doing a Hack the Box livestream, which was yesterday, the time I was recording.

And I had like, there was like a backup file of the system and there was, I had to mount it and I had spent so much time like trying to figure out how to mount this thing. And like, if I just knew how to mount it and like dig into the files, I could get the information I needed to progress in that CTF challenge. And yeah, there's, I think digital forensics helps a lot, you know, when it comes to that kind of stuff.

And I really do like those Hack the Box and the CTF styles that like forces you to go in those digital forensics, because I think it is a critical skill for pen testers to understand. You volunteered at both Hack RedCon and Hack SpaceCon. And I would like to know, you know, what kind of volunteering work did you do during those conferences?

And how has volunteering at those conferences impacted your cybersecurity career?

[James Scott] (17:40 - 19:48)

I would say they have greatly impacted my security career in general. It was like part of the very foundation of why I am where I am today. Volunteering in a Hack at RedCon, networking meeting, actually getting to talk to other hackers where previously I didn't know anybody.

I'm just behind a computer for days or hours and who knows. And I don't know who I'm really talking to on IRC or whatever. But getting to see people in real life and go like, wow, this is my community.

These are my people. We understand each other where I'm at home and nobody understands what I have to talk about. And they don't want to talk about it.

But these people are like, yeah, man, awesome. I really like what you have to say. I'm like, this is great.

But networking allowed me to connect up with Red Seer Security. I signed up for a voucher program. They brought me onto an organization, a fantastic organization called Build Cyber, which gives to those in need, veterans and other people that have a difficult time getting into the field.

They hooked me up with free training and vouchers, which I used to get the OSCP certification with their mentorship, that private Discord channel, the people I can communicate with that helped get me to where I am. Pretty much when I did volunteer, it was, hey, I'm here, put on a yellow shirt, put me to work. Am I going to go gather chairs and set them up?

Am I going to put water up on the stage for the speakers? Servant leadership. What can I do to help you succeed?

And it's all about being a part of the team. I just did whatever they needed me to do. And I enjoyed being a part of the process and they actually allowed me to sit in several of the talks.

So it wasn't just all work and no play. I did get exposed to see how a conference runs, all the amount of effort and work that's all done behind the scenes. It makes you really appreciate what you're going to and what you're experiencing.

So you don't take it for granted, as a lot of people do.

[Kyser Clark] (19:49 - 19:57)

Yeah, that's understandable. So what are some pros and cons of volunteering at conferences rather than being a regular attendee?

[James Scott] (19:58 - 20:17)

Getting to, I would say, meet the staff. I'll say that the folks at Residual Security are phenomenal. Ken Nevers and Dan, the social janitor, and a couple of the others are really great working with the other people.

Obviously, the networking piece, that really does help.

[Kyser Clark] (20:17 - 20:27)

Does volunteering generally help you get a free admission or a reduced admission to go to these conferences? Does that help at all?

[James Scott] (20:28 - 21:18)

From my understanding, yes. So when I got to volunteer at Hack Space Con, you got in for free, right? You were there to work, but they allowed you to participate with the conference too.

So they didn't charge you whatever the fee was at the time. So it was a great way to get there and attend to being part of the process without the huge financial crunch that a lot of people have that don't have jobs. Not everybody has the $200 or $300 to shell out for the conference fee when they have to shell out $600 for a plane ticket or a couple hundred for gas to drive nine hours of where they're at.

So every little bit helps. It's a great way to get involved. And like I said, it helps.

[Kyser Clark] (21:19 - 21:34)

And if someone wanted to volunteer at a conference, what would you recommend that they do? Do they got to contact certain people? Does most conferences have a place where you sign up at?

Or is it something that people ask you to do? How do you get into volunteering work?

[James Scott] (21:34 - 22:34)

Well, I would say that they're always looking for volunteers. Generally, I can personally speak for Hack Space Con down in Florida, which was awesome. And Hack Red Con in Kentucky, where you can go to a website and fill out an application to get part of the process.

They invite you to like your Discord group and they like, hey, we're going to have a meeting this time to talk about our volunteering efforts and things like that. So you get to, you know, you get to meet people and then get updates on times and things like that. So generally there's a website process where you can get involved, fill out, you know, half page, whatever name, email, phone number, stuff like that.

But I have been to DEF CON for the first time this year as not a volunteer. So I don't know how that works, but highly encourage everybody to go. It was pretty awesome.

[Kyser Clark] (22:35 - 22:50)

Yeah, I really would like to attend my first DEF CON next year. It's on, it's kind of like one of my top priorities because everyone, obviously everyone speaks highly of conferences. I've only been to one conference myself and DEF CON is like the one to be at.

[James Scott] (22:51 - 23:02)

I've waited my whole life to go to DEF CON and I finally, finally got there. So you just got to be persistent and find a, find a way. Eventually you'll get it.

So.

[Kyser Clark] (23:03 - 23:14)

That's great. And yeah, it sounds like you had a lot of fun. So what, when you went to DEF CON, what can you tell newcomers?

Like some advice on like do's and don'ts of DEF CON when you're attending?

[James Scott] (23:15 - 24:54)

Do's, I would say it's good to have people that have been there previously that kind of know where like you're going to, if you're interested in red teaming, you're going to go to the red teaming village. If you want to do a CTF challenge, they know probably where to go for CTF challenge. If you want to do talks, you know, Hey, you know, they're over here, but do's, you know, they have the goons.

They're there to help. And you can go up there and ask them any questions and they'll point you in the right direction or yell at you to tell you where you need to go. It's pretty great.

And there's so much to do. You can't do it all when you're there with people, you know, they can, they can help you with that. There's, there's apps for like, I think it was, there's a particular app for DEF CON, Hacker Tracker.

And it has a list of all the talks and challenges and pretty much everything for the whole event there. And you can scope it all out and kind of plan your time in Vegas. It helps.

I would say don'ts is don't be part of the problem. If others are out causing mayhem and mischief in the town, don't add to the stereotype that all hackers are evil and bad. And we're all out to steal your passwords in your bank account because we're not.

A lot of us are just, we just love this field and we're not all out to steal all your money in your bank account and fish you. And you know, not everybody's the bad guy, you know, and everybody's always been, you know, they say the stereotypicals, hackers are all, you know, they're all bad. And that's not the truth.

Not at all. That's probably a very few percent, honestly. And a lot of us are just, you know, really good, decent people.

So at least that's what I believe.

[Kyser Clark] (24:55 - 25:41)

Yeah. So I've been to one conference, like I said, and when you said, you know, plan out your sequence of events ahead of time, that was one of the mistakes that I made in my first conference. Cause I was like, Oh, I'll just, you know, go with the flow and, and get there and then see what's up.

And then kind of, but I waste a lot of time because when I got there, I was like, Oh, there's this, I'm not gonna be able to see everything. It's impossible. And this wasn't even DEF CON, this was a smaller conference, you know, and I'm like, I'm not gonna be able to see everything.

And I need to get the app and I need to, you know, start planning out, planning that stuff out. So after the day one, I was like, all right, day two, I'm gonna plan everything out. And that's, I made that mistake.

So it's good to know that you can plan out your, your days, your conference, you know, prior to even leaving the house really. Right.

[James Scott] (25:42 - 25:42)

Right.

[Kyser Clark] (25:43 - 25:54)

Before the recording, you told me that you were looking to pursue your PhD after your master's degree. So I want you to share with the audience, what kind of research you're planning on doing and yeah, go ahead and talk about that.

[James Scott] (25:54 - 28:19)

I'll talk about it briefly. I'm looking to, to give back. I'm not really looking to ever teach in a classroom.

I don't see myself really as a teacher, but maybe one day when I, when you just hate those that can't do teach, you know, it's a ha ha, but maybe one day I'll, I'll teach if I, if I get that old and I can't type anymore. But my research will be focused on weaponizing forensics, offensive forensics in support of information dominance. How can you use forensic software to, in combination with penetration testing and red teaming techniques to take it a step beyond if you're, you know, you're allowed to in this legal.

So that's, that's my research there. There's a gap there. I haven't seen a whole lot of, haven't seen a whole lot of information articles with anybody talking about it other than using volatility for, you know, memory analysis other than for, you know, for defensive purposes, but I've never seen anybody use it for offensive purposes.

And at the end of the day, that's what I care about. So while I've had forensic training, my focus is, can I use this forensic software to hack, use it to, you know, hack further into the system? What, you know, how can I, can I use this to benefit me?

And so that's what I want to, that's what I want to fill the gap in that. On top of maybe I want to also add on some offensive compliance training, right? Compliance training that's focused from a hacker's point of view.

How can compliance training throw fuel onto the fire? How can it make us better? Can it make us more focused and strategic in knowing where things are not configured properly so we can focus on that to really understand how things are designed and set up?

Like I said, just from the few tests that I have done, misconfigurations are a huge problem and I think it's an easy solution to fix it, but knowing where to look and where to, you know, really point to fast can really help a lot. So I think that that needs to be, somebody needs to write about that or give training on that. So I just want to help give back and I want to help change or make the field that I love better.

[Kyser Clark] (28:19 - 28:52)

Yeah, that sounds like a really interesting topic and I'd love to see your research once you get it done. You know, weaponizing forensics definitely sounds really cool. It sounds like, you know, something you'd see in a sci-fi movie or something.

But, so I guess I'm just curious, like why why the PhD? Like why do you feel like you need to do like the PhD route to pursue that research? Because rather than doing like independent research without the PhD, can you dive into that at all?

I'm just curious on like your thought process behind pursuing a PhD.

[James Scott] (28:52 - 31:14)

It's a multi-step thought process, right? In this field, you have to, there's so much competition. Just even getting your foot in the door, it took me three years to get a contract basis with the company.

And then it took me a little while longer to get my full-time job. So you need to get as much education as you can, and you search as you can. You know, if you need a degree to do that, more power to you.

But you need to separate yourself from the average, the gray man, right? You want to be the one resume that sticks out and says, okay, what does this guy have to add? What makes him so different than the others, hundreds of applicants that I'm looking at?

So I'm looking to, I'm not in, I don't ever start something and then not want to finish it. I think it's one, it's a lifetime, a lifetime achievement. So I do want to get it, you know, in my lifetime, like I want to finish out or that process, right?

And I see that as a doctoral or a PhD in the field that I love, because I can't see myself doing anything else. So that's why I want to do it. One, I want to stand out and I want to move up.

I don't want, I'm not a, I'm not the typical 70 percenter that just does their eight hours a day and does the bare minimum to get by. Like I'm not, I'm not here to play games. I'm here to, for a purpose, more, you know, some of it's challenging myself, but others, it's, I want to achieve something with my life and I want, and I want to give back to something that is, you know, something I love that's really affected me my whole life.

I want to give something back to that as well, to others who love the same thing. And I think for, for me to be taken seriously at, at a highly technical level, I feel like getting a doctoral or PhD is necessary to make that change. I've seen others that didn't, and all power to you, but for me, this is my route, my journey.

And, you know, so I'm focused on if you can do it, why not? You know, not everybody can say they, you know, a lot of people stopped before that and that's fine for them, but this is right for me.

[Kyser Clark] (31:15 - 32:12)

That's good to know. And I appreciate you impacting that. And yeah, I'm the same mentality.

Like I'm not, you know, I'm all in on, on this career and you know, I'm a little bit overachiever myself, having 13 certifications and I'm almost done with my master's degree as well. I appreciate you mentioning like the standing out in the field. My last solo episode, I talked about how competition's pretty, pretty fierce in this field as far as landing positions.

And that's actually, you know, I kind of teased that in my last solo episode, and then I'm actually going to dive deeper into my next solo episode, because the competition is fierce and, you know, doing things for you to stand out is something that you have to do, in my opinion, if you want to make a career out of this. And, you know, the PhD definitely, or doctoral, I keep saying PhD, but any doctoral really makes you stand out for sure. So yeah, good luck on your studies and good luck in your endeavors.

And I would, I'm interested in reading about your research once you, once you get it done.

[James Scott] (32:13 - 32:30)

Yeah, I would love to start sharing it. I've been working on it since 2021. So I just want to get finished with it.

So, so I can, so I can start something else, you know. So there's a lot, there's so much more to explore. So we're just getting started.

[Kyser Clark] (32:30 - 32:37)

So we'll head to our final question, which is, do you have any additional cybersecurity hot takes or hidden wisdom you would like to share?

[James Scott] (32:38 - 33:24)

Learn that quitting is not an option. Persistence, persistence, persistence. If you want to make it, you have to know that quitting is not an option.

And when you stay persistence, when you bang your head enough times on that wall, that wall will break, or something will break, but your head's going to get a callus and eventually you're going to break the wall, but something's going to happen. You're going to move forward. You will succeed.

There's others that are here for you. They're here to mentor you, to give back. Others that love the same thing you love.

There's lots of training, lots of resources. It's how much time can you invest? You know, how much sacrifice are you willing to make?

Stay persistent.

[Kyser Clark] (33:25 - 33:50)

That's really good advice. And yeah, I agree with you. Just keep at it and don't give up.

And you know, your story with, you went three years looking for a job. That's a long, long, long, long, long time. That's probably way more than most.

So that just proves that you really do mean like never quit and good things will happen. So I think you're definitely an inspiration to many audience members out there. So I appreciate you sharing that story.

[James Scott] (33:51 - 34:13)

I hope that what I have to add or my experience can help let others know that you're not alone and there's others that have been through it too. And we're all in this journey together and you'll make it. You just can't quit.

You can't walk away. This is not easy. So suck it up buttercup and stay persistent and you'll make it.

[Kyser Clark] (34:16 - 34:21)

All right, James. Well, where can the audience get ahold of you if they want to connect with you?

[James Scott] (34:22 - 35:07)

LinkedIn is a great place. That's pretty much where my social media lies. You can always email on my ProtonMail account if you want, tux.shells at protonmail.com.

I don't click links. So you may try to weaponize a PDF and get me, but I've already thought about that. So write to me.

I'm pretty, I have like a pretty rapid response. So I'm always available. I may get a ding in the middle of the night and wake up and send you an email right back and go back to sleep.

So I'm always around, but you can reach me on LinkedIn or send you a message and you can relate it to me, but that's the best place right now. So.

[Kyser Clark] (35:08 - 35:39)

Good to know. And audience, the best place to reach me is also LinkedIn and my website, Kyserclark.com. Audience members, thank you so much for watching.

Thanks for listening. Whatever platform you're on, if you are on YouTube, hit the like button. It would help me out a lot and hit the subscribe button if you're not subscribed already.

And if you're listening on Spotify or other podcasts, it would really help the show. It would support the show a lot. If you hit a five star review, if you think the show deserves it, this is Kyser signing off.

See you next episode.