[Trent Miller] (0:00 - 0:30)

When I was trying to really get into it, where people were saying, you're not going to get in. It takes many hours to get through the content. You're staring at your screen all day long.

Yes, you're learning cool things. Yes, you're doing cool things, hands-on learning. But you start to push aside your family, your friends, your free time.

Everything goes into getting that. You burn all of your free time. Everything becomes a inconvenience.

The sacrifices are real. They really are.

[Kyser Clark] (0:30 - 3:16)

Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hey, before we dive in, just a quick heads up on the audio quality in this episode. It isn't up to my usual standard. Unfortunately, my recording software picked up my webcam mic instead of my studio mic, so you'll notice a difference on my end.

Luckily, the guest mic is on point, so that's not all bad, and the conversation is packed with valuable insights I don't want you to miss. If this is your first time tuning in, rest assured that episodes other than 20 and 21 sound much better, and if the audio quality is a deal breaker for you, I get it, but I hope you'll power through this one or check out another episode. Thank you for your understanding, and let's go ahead and get into it.

Hello, hello. Welcome to The Hacker's Cache. My name is Kyser Clark.

I have over six years experience in the cyber security field, and I currently work as a full-time penetration tester. And today is a very special episode because this is episode number 21. So it's number 20, but we started with zero, so it's actually the 21st episode, and that's a big deal because it's a pretty common thing to say, once you hit 21 episodes, you are in the top 1% podcast, so we have officially hit the top 1% podcast.

So thanks for everybody who's been listening and watching these episodes. I really do appreciate the support, and let's continue to grow the show, and if you haven't already, share the show with your friends. Today, I have Trent Miller, who has over 10 years experience in the field.

He started off in a computer repair shop. He was there for about a year, then moved into a network technician role and was there for just over a year, and then went into a system engineer role, was there for just over three years, and then moved into a system administrator role, was there for about four months, and then went back to a systems engineer role, was there for just over two years. Then he moved to technical support for Tenable, was there for about a year, and then moved up in the company and became a inference security engineer at Tenable and did that for a year.

And then he currently is a freelance security researcher, or he has been doing that for almost a year now and works as a full-time penetration tester and has been in his current position for about four months. So Trent, thank you so much for taking your time and doing this with me. Go ahead and unpack your experience and introduce yourself to the audience.

[Trent Miller] (3:16 - 5:03)

Thanks for having me. As you may have heard, my name is Trent. I go by AzureAD.

I'm currently one of the founding members of DC608, a DEF CON group in Madison, Wisconsin. I have been in quite a few different roles throughout my IT career, starting from just working in a regular shop, moving into the network operations center for a little while, then stepping into kind of the MSP world, managed service provider if you're not familiar with it, where my primary focus was doing regular IT work, but with a mix of a few other security things like security administration or doing some instant responder work, even some forensics. Well, I stepped away from that to kind of move internal, still in the IT field, working for the state for a little while. Didn't really like that, moved back and continued my role working in that same MSP I left.

Now, it may seem a little weird, but I stepped back into a role by moving into Tenable, going into their technical support. Wonderful people, great software, but the real reason I moved back was to focus on the security side of things. Wanted to learn more about vulnerability management and the tools associated with it.

I did get a chance to move into their InfoSec, working in vulnerability management. Got to learn the ropes in there, learn about a lot of different compliance and governance topics. And then that helped me push into my penetration testing role, where I'm at now.

Having all that knowledge together really has helped me move in my career and continues to help me to this day.

[Kyser Clark] (5:06 - 5:52)

Well, thanks for a pioneering experience, Trent. I actually forgot to talk about your education and certifications, two things I like to cover on the show. I was excited to get you on the show that I just forgot.

I just skipped over that. So, for education, Trent has a Bachelor of Science in Apprentice Technology and Network Management Certifications. He has the Office Certified Professionals, OFCP.

So, Trent, can you talk about why you went into that role with Tenable as a support technician, which kind of seems like a backward step on paper. But can you tell me why you did that and how it opened up more opportunities for you in your career and why it was a good move to make for you?

[Trent Miller] (5:53 - 6:58)

Yeah. So, I stepped into that role after taking a look at the field of security as a whole. A lot of it comes down to knowledge of a lot of different tools or maybe some different processes, things that working for the managed service provider that I was at really didn't line up.

I was actually reached out to by Tenable. And after consideration, I said, let's go for it. I wanted to get into that area where I wasn't necessarily in, but by having that name and getting familiar with their tools and every little aspect of the support, I thought this would be a great opportunity for me to move in.

And after talking with their recruiting team, some of their members, they kind of helped solidify that there was a high possibility that that would be possible. And after getting in, that was absolutely the ticket for me to get into cybersecurity as a whole, especially with such a high bar of entry into that.

[Kyser Clark] (7:00 - 7:17)

Yeah. So, before Tenable reached out to you for that position, was cybersecurity something that you was eyeballing? Was you just like a little bit interested in, a lot interested in?

Talk about what was your relationship to cybersecurity before they reached out to you and why you working in those IP roles?

[Trent Miller] (7:18 - 8:47)

Yeah. So, I actually started doing offensive security, mostly CTFs in around 2018. I actually was part of the, I was part of the hack the box time where you needed to hack your entry in.

I joined that to just learn about the offensive security side of things to be a better defender. That was my whole mentality to begin with. But once I got my taste of that first shell, I instantly knew I want to go for this.

So, I joined a bunch of different groups, was stepping, looking to step into the mindset that all these different people had. I learned about the OSCP and I was really ready to go do it. But I ended up setting that aside for a little while.

So, as you can see there, 2018 to about 2022, there was that gap of, I was still in IT. I still had that interest in cybersecurity. So, I was trying to do that.

Some of the light cybersecurity work in my day-to-day helped kind of connect that role together. So, I'd take on some of the more incident responder roles or more of the security administrator roles with a focus of moving into cybersecurity full-time. Unfortunately, it didn't work out where I was at with the MSP, which is why Tenable was the best ticket forward, in my opinion.

[Kyser Clark] (8:49 - 10:12)

Yeah, it definitely sounds like a good move to make for your career. And when I was looking through your experience, I saw Tenable. I'm like, that's something that all cybersecurity professionals know.

And if you don't, then you should. When I saw Tenable, I was like, wow, you worked at Tenable. That's really cool.

That seemed like a golden opportunity for you, and I'm glad it paid off for you. So, congratulations on making that move and doing that. Hey, I wanted to tell you about my new cybersecurity insider list, where you get raw, unfiltered cybersecurity advice, tips, and hot takes, plus exclusive first looks at my content delivered directly to your inbox every single week.

No flow for spam, just valuable content. Head over to Kyserclark.com slash newsletter and level up your cybersecurity knowledge today. Once again, that's Kyserclark.com slash newsletter. There's also a link in the description. All right. Now, back to the show.

So, let's go ahead and get on a ride for our questions. Trent will have 30 seconds to answer five questions. And if he answers all five questions in 30 seconds, he'll get a bonus six questions not related to cybersecurity.

So, Trent, are you ready? I am. Time will start as soon as I stop asking the first question.

What is your favorite place to get cybersecurity news?

[Trent Miller] (10:14 - 10:15)

Probably Reddit.

[Kyser Clark] (10:17 - 10:19)

Worst advice you've ever received in cybersecurity?

[Trent Miller] (10:19 - 10:20)

I'm sorry, what'd you say?

[Kyser Clark] (10:21 - 10:24)

Worst advice you have ever received in cybersecurity?

[Trent Miller] (10:25 - 10:26)

You'll never get in.

[Kyser Clark] (10:26 - 10:28)

Favorite hacking distro?

[Trent Miller] (10:30 - 10:30)

Dabian.

[Kyser Clark] (10:31 - 10:38)

Are cybersecurity boot camps worth it? No. Do you think there's a cybersecurity skill shortage?

[Trent Miller] (10:39 - 10:40)

No.

[Kyser Clark] (10:41 - 11:14)

Nice. 28 seconds. Good job.

That's a very hard thing to do. I would say the majority of guests don't get that. So, congratulations.

Thank you. That is a feat. That is a feat on this show.

So, let's go ahead and do the bonus question. The bonus question, you can explain as much or as little as you want because it's a little bit of a hot topic. And here it is.

Is it okay to put ketchup on eggs?

[Trent Miller] (11:16 - 11:20)

I think if it makes them taste better to you, you absolutely can go ahead and do it.

[Kyser Clark] (11:24 - 11:52)

That's, yeah, I agree with that 100%. I have ate ketchup with eggs in my childhood. I haven't done it as an adult because I think it's a little weird now for my taste buds.

But, yeah, do whatever you want. I'm not going to judge you. I have family members that do that, which is what I did as a kid.

But now as an adult, it's not something I do. I do put hot sauce on eggs. I love putting hot sauce on pretty much anything.

[Trent Miller] (11:53 - 12:06)

Yeah, no, I can agree with the ketchup thing. Definitely did it as a kid too, but not something I've done in a while. And hot sauce is good, but if only certain organs would like it.

[Kyser Clark] (12:08 - 12:29)

Yeah, I know what you mean. I love spicy food and jalapenos is what's messing me up now that I'm getting older. Hot sauce is okay for me, but for some reason, it's just jalapenos that messed me up.

So I had to, unfortunately, let go of those. And that's actually one of my favorite foods I ever had. And it's just a very sad story.

[Trent Miller] (12:29 - 12:31)

Yep, I have the same exact issue.

[Kyser Clark] (12:33 - 12:52)

Okay, so I want to talk about, so your most interesting response out of the rapid fire questions, you said that the worst advice you'd ever received in cybersecurity was you're never going to make it. So did someone actually tell you that? Or did multiple people actually tell you?

Talk about why that was your response.

[Trent Miller] (12:53 - 14:06)

So I think it comes down to with cybersecurity, you kind of listen to everybody talking about it. And there was a lot of talk about it, even a year ago, two years ago, when I was trying to really get into it, where people were saying, you're not going to get in. And this is talking from multiple people who, this is Reddit posts, this is Facebook groups, doesn't matter where you get it from, social media, in person, you hear a lot.

And I think that advice is wrong, because I think anybody can get in. And even if it's the most obscure role, there's a huge chance that you'll get in as long as you put your nose down and you actually go through the motions of learning and showing your learning and constantly demonstrating your interests. I think that anybody can get anywhere.

It just takes time. So while nobody said it to me personally, it's something that has been repeated over and over again as advice. And people were selling everybody to go back to regular IT or go back to other positions, roles, whatever.

And I just don't, I can't agree with that.

[Kyser Clark] (14:09 - 15:59)

Yeah. Honestly, I haven't really seen that advice floating around. But, you know, when I was going through college, I kept seeing, you know, there's millions and millions of unfilled cybersecurity jobs.

I'm like, oh, well, this is gonna be easy. Yeah, it's gonna be a cakewalk. And that was the impression that I had going into field coming because I was also a system administrator in the United States Air Force.

I was active duty for six years. So going from system administrator to cybersecurity, getting out, I thought it was going to be a cakewalk, honestly, because I had, at the time I had 12 certifications, I had a college degree. I'm like, I have six years of IT experience.

Like, why, why wouldn't you want me? And I got a cold dose of reality. And I got rejected a lot more than I wanted to.

Now, I did find a job like in a month. But that was like, that's quick, you know, for what most people go through. But in my mind, I was like, well, I should have had recruiters lined up the door.

Like, that's what I thought should have happened to me. And that wasn't the case. So that's, yeah, I guess I have a different perspective on that.

Because I never seen, I never realized how hard it was to get into cybersecurity until I started applying for those jobs. I never saw anybody talking about how hard it was to get in. And all I saw was when I was going through college, because one of the, one of my courses I had to take when I was first getting into college was like, hey, like, what's the unemployment look like in your field?

What does the jobs look like? And all my research pointed to 0% unemployment, millions and millions and just pretty much higher than anybody else. So that was my idea.

And I couldn't have been any further from the truth. And that perfectly segues into another question. So we're going to get a double dose with your FR questions.

So, you know, question five, I had, did you, do you think there's a cybersecurity skill shortage? And you said no. And I want to see why.

Why do you think there's not a cybersecurity skill shortage?

[Trent Miller] (16:00 - 17:31)

Okay, I think it comes down to, we have a reported shortage, but there's the actual shortages is not really there. I think that there's tons and tons of hands ready to jump in to do cybersecurity. But I think it comes down to what employers are looking for versus what actually exists.

A lot of employers are looking for those senior level people, those people that are super hyper experienced, whether that's with specific tools or with specific years of experience, they're looking for those unicorns. And I think that when they, then they go report that as, as like a shortage, there's not really a shortage there because a lot of people could come into that role and learn that. I've looked at, I've talked with some other people and looked at, you know, situations where people are saying, oh yeah, you know, I can put in, you know, three years of experience as, you know, something I've worked with, but I'm still not getting interviews.

It's, it's those employers. I really think it's the employers. I think that the skill shortage is we've got tons of people.

It's just not necessarily there. And that's just from, from what I've seen and what I've, what I've experienced, especially looking for cybersecurity jobs in the past, they're just looking for those specifics, those unicorns, like I've been repeating. So I don't think that we don't, we don't really have a skill shortage.

We have a, we have an over-expectation of employers.

[Kyser Clark] (17:32 - 19:33)

I 100% agree with you. That's literally my opinion as well, because these employers, they want you to have tons of years of experience and they're not giving anybody a chance. You know, in my opinion, like anybody, if you can hack a hacker box, like you, you have what it takes to do work in this field, as long as you are a good communicator.

And what am I talking about? Soft skills later on in this, in this episode, but you know, if you are a good communicator and you have the ability to just do something basic, like a simple hack the box machine or pass, you know, an OSCP, then like, that's, in my opinion, that's enough. And you can, you can teach someone the ins and outs of, of, you know, for a penetration, penetration, in particular, that's what we are.

So I'll mentor that. But if you, I mean, I think the same thing would apply for like a blue team position, incident responder, sock, you know, as well. You know, if I had, if someone went through like every tri-hacker room and did all the sock analyst tri-hacker rooms, I'm like, as long as they can, are a good communicator, like they can learn on the job, but these employers aren't giving people a chance to do that.

And I'm not an employer. I mean, I don't, I've never hired anybody. So I can't really sit here and be like, why don't employers do that?

So I don't have the full perspective on it, but it's like, man, I wish, I wish more people got a chance, you know? And, you know, you said earlier, it's like anybody can make it in cybersecurity. And I, I agree with that.

A few episodes ago, I talked about how anybody can make it in. It is hard to break in the field right now because it's not the best at the moment, but I did say that not everyone's going to make it in the field because I think there are limited slots right now. And for that entry-level position, and it really, there isn't any entry-level positions.

You have to, it's incredibly hard to find your first position in cybersecurity, but once you get it, it's like, then that's, you're off to the races because anybody will hire you at that point.

[Trent Miller] (19:35 - 21:05)

Yeah, absolutely. I think I only, I partially agree with your, your statement about hack the box. I, I think it, it's a good indicator that someone has the ability to learn something and to explore that knowledge.

But at the same time, I think a lot of cybersecurity comes down to having that previous experience too. One of the big things that I've been telling a lot of people is you can't necessarily jump into cyber directly. It, you can in some very rare instances, but when it comes down to the regular joining, it's mostly going to be spending some time doing help desks, spend some time doing systems administration, spend some time kind of in different areas of business, learn how businesses operate, learn how cybersecurity integrates into there.

And if you can go shadow somebody, go, you know, spend a couple of days learning a new skill that you can use in your everyday job, but maybe that's not your primary role. You got to learn to branch out. You can't necessarily just hyper fixate on, I'm going to do pen testing, or I'm going to do blue team.

There's roles for both. There's paths for both, but having that experience and how does blue team, red team, how does it fit into the grand scheme of things? That's what you need to work on.

[Kyser Clark] (21:08 - 21:55)

So, yeah, I think it's important to have a overall view on the industry as a whole, like get some blue team experience, get some red team experience, learn about cyber policies and, and all that stuff. But I think at a certain point you do need to focus on, you know, a certain role that you want to get into, but you definitely don't want to be like, oh, I don't need to know anything about Splunk. I don't need to know anything about how to be a sock analyst.

If you're trying to go for like a pen tester role or vice versa, if you are trying to go for a sock analyst role, like, oh, I don't need to know how to hack. Like, no, that's, it would be good if you learned like the basics of pen testing, if you want to be a sock analyst, it would be good to know the basics of how a seam works, if you want to be a pen tester. I think that's, that experience is invaluable.

[Trent Miller] (21:56 - 21:57)

Yeah, absolutely.

[Kyser Clark] (21:58 - 22:30)

So the next thing I want to talk about was your website, Ray Frost, when I was doing my research on you before the show started, and I saw your blog about OSCP and I read it and our, our experience with OSCP is actually very similar, but you said you did the OSCP in four months and you basically said in that article that you wish you didn't do it in four months and you don't recommend it to someone to do it that quickly. And I want you to talk about, I want you to unpack that.

Like, why do you not recommend someone getting the OSCP in four months if they can?

[Trent Miller] (22:31 - 24:34)

All right. So I started it while I was working a full-time job. So this is coming from someone who put in 40, 45 hours a week doing your day-to-day job and then jumping into your learning.

I think one of the things that I noticed right away was that it takes many hours to get through the content. I would, I don't even know if I could put a time on it. You're staring at your screen all day long.

Yes, you're learning cool things. Yes, you're, you're doing cool things, hands-on learning, but you start to push aside your family, your friends, your free time. Everything goes into getting that three-month timeframe done.

And then you're spending that one month prepping for the exam and that's still doing the exact same thing you were doing while you were there. You burn all of your free time. Everything that you can plan becomes a inconvenience.

Like, oh, I need to go run and go get groceries. Well, now that's an inconvenience because that's digging into my time. But at the same time, you really should be stepping away.

And I think if I was suggesting it to somebody, you need to give yourself maybe six months if that's from beginning to end. And that's coming in maybe with low knowledge or no knowledge. Otherwise you're just, you're asking for stress and anxiety and everything to build up on you.

And then you're panicking, 20 minutes before the exam, because you don't know if you did it, you did enough in your timeframe to actually do the exam properly. So I would say definitely, six months, that's probably a good sweet spot, four months or even worse, three months and maybe a few weeks. Yeah.

It's not for everybody, but if you can do it, kudos to you, but I wouldn't do it again.

[Kyser Clark] (24:36 - 25:46)

Yeah. Yeah. I agree with everything you said there, except for the fact that I think it was, so I did something very similar.

I actually did mine in like 80 something days. That's less than three months. And I did put a time on, I estimated about 400 hours.

So I did a lot of studying in a very short amount of time. And you're right. It does eat up all your free time.

And things like going to the grocery store annoys you. Like I hate it. Like I had, so when I went to the OSCP, I neglected a lot of things.

Like, you know, I wouldn't go, I wouldn't, I hated going to the grocery store because I hated my time. My apartment wasn't the cleanest. My dishes were piling up in the sink.

Like I just didn't put time into that. And my relationship with my girlfriend at the time, it was not good, not good. We actually, we're not together anymore, probably because I work a lot.

So fair warning to anybody who wants to put in that much work, like you have to sacrifice, like I sacrificed relationships. And to me, looking back, I still think it was worth it, but it was a sacrifice I was willing to make. But just know, like, if you do that, then there are, there are consequences to doing that.

[Trent Miller] (25:48 - 26:11)

Yeah, the sacrifices are real. They really are. And I have a supportive wife.

So I, she was well aware of my intentions. Actually, this is funny. This was just before our wedding too.

I actually did the OSCP and got married in the same year. So that was definitely, definitely did quite a bit in the same year. And it did, time did seem to disappear pretty quick.

[Kyser Clark] (26:12 - 26:28)

Yeah, for sure. So with the OSCP, was that the main thing that helped you get in your first pen testing role? Or was there a lot of other things at play?

Or was it like the last piece of the puzzle for you to get in your first pen testing role?

[Trent Miller] (26:29 - 27:26)

Yeah, I think a lot of it was just having that start kind of gives people the reassurance that, Hey, you know, he's actually done something, not just said something. And I think that's obviously a little bit weird to say with sometimes you post things up or you do your, you do a blog post or you share your knowledge, but it sometimes isn't enough for an employer. I would say that between my background and the OSCP, I feel like that definitely was a better collection rather than just, just the OSCP or just doing hack the box or try hacking or whatever, you know, platform, because the numbers are great.

But if somebody doesn't necessarily understand the numbers, but maybe they'll understand a certification a little bit more, that's a better situation to be in than to not have one and then struggle to find anything or to be able to talk to employers in the first place.

[Kyser Clark] (27:28 - 28:50)

Yeah. The OSCP for me was that last piece of the puzzle that gave me the confidence to actually go out and pursue pen testing positions. And it gave me the confidence to start doing hack the box live streams.

So I do hack the box live streams. And I was like telling myself, like, I'm not doing any hack the box live streams until I get OSCP because I don't want to look silly on the stream. And I, it's funny that I say that now, because I, there's, I do look silly on the street.

So I'm like, I just don't know what I'm doing. Sometimes I'm like, I got to figure this out. But the OSCP gave me the confidence to like do those streams and make more videos and really ramp up, help me ramp up the content creation.

Um, when it, I felt like it just gave me a lot of authority. It helped with my apology syndrome quite a bit. So that's, um, interesting.

You mentioned how, how it helped you out. So even with your OSCP, so you got you, so you got all this experience you have at this time, you have like eight years experience, you get the OSCP or maybe even nine years experience, you get the OSCP and you start applying for pen testing positions. How many, how many rejections did you face?

And what was the biggest challenges getting your first pen testing job? Was it, did it come hard? Did it come easy to you?

Tell me what your mindset was trying at your first pen testing job?

[Trent Miller] (28:50 - 31:48)

Yeah. I can say that I didn't apply as much as you might think. Uh, so for me, I didn't start looking until probably close to eight months after the OSCP, because when I actually started the OSCP, I was in my support role.

Then I moved into the vulnerability management, the InfoSec role. I was kind of sitting tight for a little while. I wanted to learn the ropes a little bit better.

I did apply for some six or seven roles. I didn't hear back from most. I did have a one-sided interview with one, and then I heard nothing from everybody else.

So it was a pretty, pretty dry, um, amount of time or pretty, it was a pretty dry situation for a while. Then I actually met my current employer at a conference. So, uh, I don't know if you're familiar with CypherCon in Milwaukee, Wisconsin.

Uh, it happens in April. Really good event. Went in there and I met my now employer at the Hardware Hacking Village.

So chatted with some of them very lightly, built a cool, uh, ESP32 project. And then I thought I'll apply to them. So I sent in an application that was in April, um, of, would have been 23 then, or sorry.

Yeah, it would have been, no, it would have been, uh, April of this year. Sorry. So in April I sent the application, then I waited, didn't hear anything.

So I went to another conference, a smaller one called Grassroots, uh, that's up in Appleton and I met them again. And I thought, awesome, I'm going to chat with them. So I had a chat with a few of their, uh, a few of the guys there.

Um, and I said, oh yeah, I got my OSCP roughly, you know, six months ago or whatever it was eight months ago, I think at that point. Um, and I said, I'm really looking forward to getting into pentesting. They said, oh, cool.

You should apply. I said, I did. They're like, oh, we need to check our email.

So I ended up hearing back from pretty shortly after, arranged some interviews with some great people and I'm now working, not working for them. So I didn't apply for many, but it wasn't very hard once I started kind of doing some networking. I think that's a, that's a good point is to try to, try to talk to people because you might, you know, get your entry into your next role.

[Kyser Clark] (31:49 - 32:00)

Yeah, that's really important. So I want to clarify something, maybe I missed it, but so you went to another conference, that's where you met them again in the Wisconsin area there?

[Trent Miller] (32:00 - 32:01)

Absolutely. Yep.

[Kyser Clark] (32:02 - 33:04)

Okay. And what was the name of that conference? Grassroots.

Okay. And yeah, it's important to follow up after you send resumes into places, because like you said, some companies just don't even check the inbox. And I've, I've landed several interviews that way.

You send an application in, you wait a couple of days, don't hear anything back, go find a recruiter on LinkedIn, send them a message, and they'll be like, oh, well, yeah, we've got your resume right here. Well, you missed this. I've straight up had, you know, recruiters tell me, yeah, we've missed your resume.

And a lot of the times, you know, sometimes applicant tracking systems, for those who don't know, it's kind of like an automated way to like, like filter resumes. And sometimes your resume will get filtered out by ATS system, and a real person will never even look at it. And if you follow up, they'll like, they'll look at your LinkedIn, and they'll see some more about you.

And I'm like, oh, this person's really interesting. Where's their resume? Oh, it never came in.

And then they'll give you a look. So I've landed a few interviews that way. I haven't done that in person.

But you can do it in person. Absolutely. Anytime you can do anything in person, do it in person.

[Trent Miller] (33:05 - 33:17)

Yeah, no, absolutely. I did learn too, that maybe following up would be a better option than waiting around and not hearing anything. So yeah, good point.

[Kyser Clark] (33:19 - 33:32)

And the last thing I want to talk about before we get our final question is your DC 608 group. Can you tell me about what that group is? What it does?

And, you know, if you're, who can join it? And how they can join it?

[Trent Miller] (33:33 - 34:34)

Yeah, so DC 608 is a Madison, Wisconsin DEF CON group. We don't really have a primary focus. We just like to encourage everybody to join cybersecurity.

We really like to invite people to our local events that happen every first Thursday of the month. We also do some, some hosting of, we do some hosting of events online on Discord. So one of the events is Red Team Night, where we go through Hack the Box and do walkthroughs of those.

A lot of the time they're live, but it's all about helping people get into cybersecurity. We have lots and lots of different group members of different areas of cybersecurity. So if you want to join, you can go to dc608.org.

We have our Discord link there. We'd love to have anybody who wants to come join remotely, but we'd really love if you could come join us in meetings.

[Kyser Clark] (34:37 - 34:43)

And final question, do you have any additional cybersecurity hot takes or hidden wisdom you would like to share with the audience?

[Trent Miller] (34:44 - 35:27)

So I would say one of the best things that you can do is really just get out and start talking to people, start networking, really focus on that. If you're trying to get into the, to that career, it might be the next step for you. I've learned that I've seen it happen with other people, especially in being part of DC 608.

So many people get into those roles by just getting a little push, maybe you need some help with your resume. Maybe somebody already has that experience, they can help you out. Maybe you need to learn something and someone else has the solution.

Just collaborate. That's probably one of the best ways to get anywhere in this career field.

[Kyser Clark] (35:30 - 35:41)

Yeah, that's very good advice. So Trent, thank you so much for working your time and doing this episode. Where can the audience get ahold of you if they want to get in touch with you?

[Trent Miller] (35:42 - 36:07)

Yeah, thanks for having me. If anyone wants to find me, you can find me as AzureAD on Discord. I'll be in the DC 608 Discord.

You can find me there, or you can reach out to me on LinkedIn under Trent Miller or AzureAD Trent. I'm kind of all over the place with either of those names. So you can find me wherever and feel free to send me a request.

[Kyser Clark] (36:08 - 36:40)

And I'll put links in the show notes, audience. And audience, best place to get ahold of me is on LinkedIn or on my website, KydraClark.com. If you haven't reviewed the podcast, if you're on Spotify, our podcast, drop a review, drop five stars if you think the show deserves it.

And if you are on YouTube, hit the like button and hit the subscribe button and share the show if you haven't yet already. Thank you so much for watching. Thanks for listening.

This is Kyser, signing off.