[Trent Williams] (0:00 - 0:23)

I would say also for people that are in tech or trying to get into tech, I would say don't sleep on your transferable skills. If you're good at talking to people, if you already work tickets, if you reset a password, put that on your resume. But when I put it on a resume, I call it risk analysis because I'm evaluating risk.

And that sounds more cybersecurity because we got risk management framework. So it's all about wordplay, you know.

[Kyser Clark] (0:23 - 1:51)

Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hello, hello, welcome to The Hacker's Cache. My name is Kyser Clark. I've been in the cybersecurity field for over six years now, and I currently work as a full-time penetration tester, and I'm here to grow your hacking and cybersecurity knowledge.

Today, I have Trent Williams, who has over seven years of experience in the field and currently works as a full-time SOC analyst. And then even though this show is typically for offense security professionals, he does have the offense security search, such as the PJPT, the EPPT, the EWPT, the EJPT, the CEH, and the Conti Appendix Plus. He also has the Blue Team Level 1 certification, the CISSP, and many other certifications centered around blue teaming and IT.

For education, he has a Bachelor of Science and a Master of Science in Computer and Information Systems Security. So Trent, thank you so much for joining the show. Go ahead and walk to your background.

Introduce yourself to the audience.

[Trent Williams] (1:51 - 2:46)

Well, thank you for having me. I really appreciate it, guys. So yeah, as you mentioned, I am Trent.

Initially, got into technology and help desk. Everyone says that's like the way into tech. So when I was doing my undergrad, I was able to do work study and get some tech experience.

From there, I was able to get more technical support roles, working with a company called WP Engine. But I was able to basically work with web hosting. So you'll have sites that are trying to get online.

They'll get hacked. Sometimes they'll begin DOSed where they have a lot of requests coming in. So it'll be troubleshooting a multitude of situations.

And from there, I was able to work at Robbins Air Force Base, basically doing vulnerability management. And right now, I'm in the current role as a SOC analyst. So just on the blue team, trying to defend and secure networks, doing security monitoring.

[Kyser Clark] (2:48 - 3:02)

So when it comes to SOC analysts, is it as busy as people make it out to be? Because a lot of people say SOC analysts, it's a tough job. It's long hours.

Do you experience a lot of that, a lot of long hours and a lot of work?

[Trent Williams] (3:02 - 3:31)

Definitely. You definitely can get alert fatigue. Sometimes you'll have so many tickets coming in.

And there'll be things you've never seen before. So it's a continuous learning is the biggest thing. Googling, using your peers, looking at prior investigations.

So yeah, it's a lot of different things. And with the offensive background that I have, as far as studying and understanding theory and doing practical things there, it makes some of these processes easier.

[Kyser Clark] (3:33 - 4:46)

Yeah, we're going to dive more into your red teaming and offensive security experience here in a bit. But before we do that, we got to get into the rap fire questions. So before we start, I have to ask if you're ready.

Yes. Hey, I wanted to tell you about my new cyber security insider list, where you get raw, unfiltered cyber security advice, tips and hot takes, plus exclusive first looks at my content delivered directly to your inbox every single week. No flow for spam, just valuable content.

Head over to Kyserclark.com slash newsletter and level up your cybersecurity knowledge today. Once again, that's Kyserclark.com slash newsletter. There's also a link in the description.

All right, now back to the show. All right. So for those who don't know, for those who are new to the show, Trent will have 30 seconds to answer five questions.

And if he answers all five questions in 30 seconds, he will get a bonus six question that's unrelated to cyber security. His time is going to start as soon as I stop asking the first question. So here we go.

Trent, what is the top soft skill for cyber security professionals?

[Trent Williams] (4:48 - 4:48)

Communication.

[Kyser Clark] (4:49 - 4:51)

What's your favorite command?

[Trent Williams] (4:55 - 4:56)

Who am I?

[Kyser Clark] (4:57 - 5:12)

Ethical hacking, art or science? Art. Most concerning cyber breach?

DOS. Do you think cyber security will ever be fully automated?

[Trent Williams] (5:12 - 5:13)

No.

[Kyser Clark] (5:14 - 5:33)

Perfect. That's 27.59 seconds. So great, great job.

You have earned a bonus question. So let's go ahead and do the bonus question. You can explain your answer as much or as little as you want to.

So here it is. Is cereal a soup?

[Trent Williams] (5:36 - 5:55)

No. I say soups are hot. That's just the only way I describe it.

The simplest way. I never had a cold soup. Yeah, I agree with you.

[Kyser Clark] (5:55 - 6:25)

I don't think cereal is a soup at all. I actually ate soup right before this recording. I had a chunky sirloin burger soup, but it was spicy.

So that's literally what I ate before we started recording. And I love cereal too. And they're not even the same.

It's not even the same thing. And the people who argue that cereal is a soup, I'm just like, what is wrong with you? Like, have you ever went to a restaurant and sat down and saw cereal on under the soup category?

[Trent Williams] (6:25 - 6:25)

Never.

[Kyser Clark] (6:28 - 6:36)

Like when I see, uh, when I see cereal on the list of endless soup at Olive Garden, then it's a soup.

[Trent Williams] (6:37 - 6:37)

Exactly.

[Kyser Clark] (6:40 - 7:10)

Oh man. Well, let's go ahead and dive into your most interesting response from the rap fire questions. So I think, I think the most interesting response you had was, uh, when you said no to, do you think cybersecurity will, will ever be fully automated?

So why don't you think cybersecurity will be fully automated? And what can you tell people who are in fear that AI is going to replace our jobs? Yeah.

[Trent Williams] (7:11 - 8:40)

Yeah. So I don't think it'll be fully automated because you still have, um, human intuition, even on the offensive side, you know, if you find, let's say you enumerate and you find information that you really can't exploit, but you can use it and it can be information informational that they're trying to go domain admin and they're trying to get domain control. Sometimes so many things are systematic.

You don't really know, you know, what you can use and what you, what you can't use. So when it comes to cybersecurity, it's so many different fields. Like we say, IOT hacking, mobile pen testing, web app is so it's impossible to make a robot do all of these things, even on the defensive side, something's going to go skate through, you know, as far as, as far as, um, technology advance, you're going to have a process masquerading as another process.

It can, it can, it can trick the robot to, you know, that right now we have in where the AI give the wrong answers. So I can picture doing the same thing as cybersecurity. And when that goes through, that's companies losing money.

That's, that's customers information getting breached because they're like, well, I had a robot. So it's not a real, or I did a pen test with a robot and robots can do pretty good. You know, they can, they can get a lot of models and a lot of data that they can pull from, but it's, it's something about humans that it's, you can't beat that experience, especially if you're in a lot of different domains.

[Kyser Clark] (8:42 - 8:57)

Yeah. I totally agree with you. What a great response.

And when you said robots can get answers wrong. I just thought of that, uh, that common one where you asked AI, like how many hours are in strawberry and it always gets it wrong. Did you ever see that one?

[Trent Williams] (8:58 - 9:07)

And then they say, no, it's actually this. And they're like, Oh yes, you are right. It is actually Yeah.

[Kyser Clark] (9:07 - 9:49)

AI is a very useful tool, but it does get things incorrect. And you have to fact check pretty much anything AI gives you, especially the large language models. And yeah, I think I agree with you.

I don't think, I don't think AI or cybersecurity is going to be fully automated. And AI is just a tool, you know, it's just a tool. And, um, I'm a firm believer in, uh, you know, AI is not going to take our jobs, but someone who uses AI is going to take your job.

So as long as you learn how to use it and you'll understand what it's doing under the hood, at least a little bit, you don't need to be like a AI engineer or anything like that. But as long as you understand, you know, the basics of AI then and using it appropriately, then you're going to go far in the field, I believe.

[Trent Williams] (9:50 - 9:51)

Yeah, I agree.

[Kyser Clark] (9:52 - 10:05)

I agree with it. All right. So this first question here is actually pretty new in the news.

And I wanted to talk to you, talk about it for a little bit, especially since you have a TCM security certification.

[Trent Williams] (10:05 - 10:05)

Okay.

[Kyser Clark] (10:06 - 10:11)

And did you see, did you see that the TCM changed their certification names? Did you see that news yet?

[Trent Williams] (10:11 - 10:23)

I seen something about, uh, some of them are going to be like associate level, but I didn't know that they changed the name of them, but yeah, I seen some updates come in and via email, but I don't know what they changed them to.

[Kyser Clark] (10:23 - 11:01)

Yeah, basically they just changed anything that says, uh, junior to associate and they kind of move the words around. So it's like, instead of like, well, they didn't, they, there was one search that you have, which is the one that you have, the PJPT. They didn't change that one to associates.

That's still junior pen tester. But the rest of them for like, um, like for example, the practical junior web tester, they changed it to practical web tester associate. And, um, yeah, I just want to see if you had any opinions on it at all.

Like, do you think it was, like, it makes sense that it did it make, like not make any sense to change the names or do you not care?

[Trent Williams] (11:02 - 11:28)

To me, like being an associate, it's kind of like how, um, ISC squared does this. You can be associate and you can be, you get the experience and you can be the real thing. I don't, I don't know.

I feel like once you've already obtained a certification, it's the same thing. That's just my opinion. I feel like it's the same thing and they are pretty challenging.

So yeah, if you got that, then that's good.

[Kyser Clark] (11:29 - 12:02)

Yeah. I like how they got rid of the junior designation and changed to associate because a lot of people think a junior is like someone who is like an intern level type of type of role. But those, those junior level certifications are not easy.

A lot of people are like, those are really hard. Like they're not easy at all. That's right.

And I actually, the day before the announcement, I'm not even kidding. Someone I work with, he was literally complaining. He's like, I just don't like how they call him junior search.

And then the next day they're like associate. He was, I was like, you see this? He's like, yo, let's go.

It was a good time.

[Trent Williams] (12:03 - 12:16)

Yeah. I would say another thing similar to that though, like when you're doing boxes on try hat me and had the box or had the box and they have them easy and they really be crazy. They'd be really difficult.

It's that same level. Like just call it insane. Like this is ridiculous.

[Kyser Clark] (12:18 - 12:25)

Yeah. I get stuck on the easy machines on the easy machines on how to box all the time. I'm like, bro, this isn't easy.

[Trent Williams] (12:27 - 12:33)

And it's just subjective. It's like, nah, not to me. This is hard.

[Kyser Clark] (12:34 - 12:46)

Yeah, for sure. All right. Well, when you, when you got in your first sock job, what are some things that you were surprised by or you didn't realize are a part of the job when you got into your first sock position?

[Trent Williams] (12:47 - 14:14)

So when people stress and knowing a lot of technologies, I didn't really understand like how big of a thing that is. So when you work for MS, MSSP, you can be using like four or five different scenes or Sims, however they say. So you, you might want to learn Splunk.

You might want to learn alien ball, log rhythm. You want to learn endpoints, defender, crowd strike. So if you're doing defense, it's good to know a lot about a little bit about a lot of them.

You don't have to be an expert at every one of them, but if you know, if you know a lot of different technologies, then you'll be really good in the field. You got to learn quick, multiple ticketing systems, you know, that's where a transferable skills, like some people that work in helpdesk, they probably already using JIRA or Zendesk or Salesforce or whatever other ones they have out there. Service now snow.

So those things can transfer over. So, um, and tickets, you know, you get it, you get so many tickets coming in. It's crazy.

Yeah, man. And I have different priorities. So you got to understand how to look at a ticket and, and be calm and say, Hey, like, let me investigate this.

If you thinking everything's on fire, then you're going to be definitely overwhelmed because a lot of, sometimes stuff be false positives and it's just got to be tuned.

[Kyser Clark] (14:17 - 14:39)

Yeah. That's a good point. You, you make there, by the way, audience members, I keep saying sock.

That's saying that's SOC. That stands for security operations center. So if you're unfamiliar with the term sock, that's what that stands for.

So you bring out the ticket and alert fatigue. Would you say that's the most challenging part about being a SOC analyst? Or do you think there's something else that's still more challenging to being a SOC analyst?

[Trent Williams] (14:40 - 15:58)

I would say a continuous learning because you have so many processes. It's like, is this a normal windows process? Windows update, they can add something that I never heard of, you know, and you can see SBC host and be like, yeah, I'm familiar with that.

But is it running from the process? Is it running from the normal path? Like, what is it doing?

So I would say, you know, everybody say, get the foundations, a plus net plus set plus, which is good, but understand your regular window system. If you're using windows, look at task manager, what am I really running? What's normal?

So I can know what's abnormal, just basic things. Let me look at files and see how many kilobytes is this. If you got an image and it's saying it's like five gigs, just one picture, that might not be an image.

That might be an excuse. So it's like little small things that you can already check in your windows environment. And I would say that's some of the disconnect, like you can get a plus net plus and set plus.

It's teaching you the foundations about tech, but it really don't teach you the foundations about windows systems. And same thing with Linux. You'll have basic Linux processes and stuff like that.

Is this really something that they run? So yeah, I would say kind of understanding that. So I do little write-ups and things like that to help learners.

[Kyser Clark] (16:00 - 16:43)

Yeah, that's good. You mentioned that because as a pen tester, I will get on a box or even just on a hacked device machine. And, you know, I'll run like WinP's, you know, and it'll light up red.

And I'm like, is this interesting? And I look at it like, oh, that's just a base windows process. This isn't like a misconfiguration.

This is literally the standard here. And yeah, like you said, I run into windows processes that I never heard about all the time. I'm like, oh, I didn't know that was a thing.

So because there's so many things on windows, it's such a, there's so many Linux too. Like it doesn't matter. Like there's just so many things that are about the operating system.

And I feel like every time I get on a box, I'm like, I learned something new about just the base, just the fundamentals every day, you know? That's true.

[Trent Williams] (16:44 - 18:08)

That's true. And again, practical experience, like you said, with the certification, I have the blue team level one. I recommend things like that.

Let's defend. You can still do try hack me on the defensive side. But I would say also for people that are in tech or trying to get into tech, I would say don't sleep on your transferable skills.

If you're good at talking to people, if you already work tickets, if you were resetting passwords, put them on your resume, talk to things that are cyber. If you, if you doing like prior to tech, I was on insurance too. Right.

But I was doing sales. But when I put it on a resume, I call it risk analysis because I'm evaluating risk. And that sounds more cybersecurity because we got risk management framework.

So it's all about wordplay, you know? So things like that definitely help. And you can look at emails, you can look at headers, you can export your email, download it.

I'm familiar with headers. I see that it has SPF, DKIM, DMARC. I'm saying, is this valid?

You get spam, spam still come. If I can get a spam blocker that can block all spam, that would be the best creation ever. So, yeah, you can look at, you know, spam and, and, and, you know, do little stuff on your own computer to learn as well.

That'll make it fun.

[Kyser Clark] (18:10 - 19:12)

Yeah. It's good that you mentioned that. I never even thought about like, yeah, insurance salesperson could say, yeah, I'm a risk analyst.

Like, yeah, that's a very valid point. Yeah. That's really good.

Yeah. You just got to figure out how to make those connections to the field if you're transferring from another field, which is, I would say, I would say a good portion of the audience is in that position where they're in a field and they're trying to break in. They're already adults in like an established field other than cyber.

So for those out there who are listening, just know, like, there's always ways to connect like what you're doing now to the cyber realm. You just got to figure out how to change the words around because you do have a lot of transferable skills, like you said. So with your offense security and red teaming certifications and training, what do you think about all blue teamers having some offense security training?

Do you think do you think it's necessary or do you think people can be great soccer analysts without the offensive security skill set?

[Trent Williams] (19:13 - 20:49)

I think I think they can still do good in the role without having offensive, but I strongly recommend it because when exploits and things like that happen, if you perform these attacks in a while or you did it in a practice or a lab environment, then you'll see it, you'll know how to react to it. If you're a sock analyst, hypothetically, let's just say you see Kerberos and then come up, you're like, I never heard of that. But we got certifications like PJPT and we got PMPT and these ones that got active directory.

We're like, I ran that before, so I know what this is. So it makes your job easier. You know, even if you got to get a lower level like a EJPT, I would say at least get that.

You probably don't want to go straight CEH because there's multiple choice. I do think that EC council has a lot of good stuff in the books, like in the courseware, but just to test itself, you're not going to be getting no boxes. I don't think so.

You know, you're going to have the theory, but I don't know if you're just going to be attacking boxes out the gate. So, but it does help on the blue team side. Definitely.

I encourage it. You know, even if you're doing bone hub or just anything, if you can't afford a cert, get you a virtual machine, get you, try to get you one, like virtual box, spin up Kali, get you an ISO from windows. And you can make, I also got this thing on GitHub that shows you how to create your own capture the flag.

So I'm making one now. I'm going to put it on try hack me and I'm going to make it simple for, for beginners.

[Kyser Clark] (20:52 - 22:57)

Yeah. It's good. You mentioned that, that like you said I agree with you on a CEH comment too, by the way, like I don't think you're going to get any boxes with that because I have CEH as well.

And it's good for the definitions and the terms and kind of knowing the terminology and all that, but it doesn't, it's not practical at all, but it's better than nothing for sure. But yeah, it's um, yeah, I agree with you there. So, yeah.

And I think like as a red team or as a, well, I'm not a red team. I'm a pen tester, uh, as a pen tester who wants to become a red teamer, I think, you know, I want to start getting some of those blue team certifications because being a red teamer means that I'm testing a blue team and I have to bypass EDR and I have to be stealthy. And I think in order for me to be like a really good red teamer, I need to start getting some of those blue team certifications and know how to detect and respond and like how to do that, um, in order to figure out how to bypass and get past the blue team to really test them out if I know what they're doing.

So I think it goes both ways. I think, I think, um, you can start, you know, in one, in one area and then, and then pick up the other skillsets later. But I think having, there's a lot, that's, that's one of the biggest challenges with cyber security.

There's so much to know and you can't know everything about everything, which is most unfortunate. Cause like we want to know everything about everything. It's just, it's impossible.

And that's like looking under my face every day. I'm like, man, I want to know more about this. But then if I learned this, then I can't learn that.

I was thinking today earlier today, I was like, man, every time I learned something, it's like, it's like, you know, the mythical creature Hydra, like when you put the dragon head off, like fly more, grow out or whatever. That's what cyber security is. I mean, it's like every time I learned something new, I'm like, all right, I knocked check mark, knocked it out.

I'm like, Oh, I, there's like four of the things that I learned now because that's true. So there's a, there's a lot of, a lot to do in cyber security.

[Trent Williams] (22:57 - 22:59)

It is. Yeah.

[Kyser Clark] (23:00 - 23:02)

And so, Oh, go ahead.

[Trent Williams] (23:03 - 24:12)

I was going to say, and I see a lot of pretty, pretty good roadmaps, but I still feel like sometimes it'd be things that are missing. Like how people say, get the trifecta first, get the foundation. I do agree with that.

You don't have to get the trifecta, but at least get the foundational knowledge with, you know, networking and learning it concepts. Um, probably sec plus, especially if you want to do government, because, you know, they're big on certifications, pen test plus just any, you know, any certification like that. Um, but one thing I would say that is not really talked about as much is command line, just regular command prompt batch batch scripts, PowerShell and Linux, because when you're in boxes, even when you doing, you know, in Kali Linux, you got Hydra, you got these powerful tools.

They don't have no graphical user interface. So if you really familiar with the command line, just doing the basic things, then you're going to be ready to, because a lot of these things don't change. You're still going to have flags.

You're still going to have the help command. You're still going to be able to, you know, know how to configure the syntax. Once you, once you do one, you've done them all.

So I think that should be brought up more. So I introduced something like that on Udemy.

[Kyser Clark] (24:14 - 24:30)

Yeah, for sure. So the blue team level one, I know that's like a super popular blue team certification. And is that kind of like, like the OSCP equivalent for blue teamers?

Because I know, isn't it like a 24 hour exam?

[Trent Williams] (24:30 - 25:47)

Yeah, it is. I would say, I don't, I don't know if it would take anyone 24 hours and I haven't took the OSCP yet, but I think I probably take it in December or January. But I don't think, and the thing is, if you do, I don't know if it's less than, it's another one, it's blue team labs.

That's what I believe it is. If you register for blue team labs and you can complete some of those, you already have a feel of what the test would be like for blue team level one. I'm not sure what the subscription cost is for it, but it goes over fishing, it goes over if you've reached, what to look at.

And with you already having a lot of offensive experience, you're going to be probably looking at this stuff like, I've crafted this, that's what I know. I know exactly where to go. I'm a wild shark.

I already know the connection I'm making. Where a blue teamer that don't have any offensive experience, they might be like, okay, what's foreign? I don't even know what's the outbound connection.

I can't even tell if they're exfiltrating data, but you would know exactly where to go. I would say anybody that started off in offense would probably be a really, really good blue team, just from that experience alone.

[Kyser Clark] (25:49 - 26:43)

Yeah. Sometimes I wonder, would I be a good blue teamer? I wonder that all the time because I haven't done, I mean, in a way I have done blue team because I was in cyber defense operations, but it was more like a system administrator role more than blue teaming.

So I haven't been in a SOC analyzing logs and all that. I do have the Cisco Cyber Ops Associate, which is, it's not like real SOC work. It would just pull up one section of a log and I'm like, hey, what attack's being run here?

I'm like, oh, I've done it. I've actually exploited this. That's how I got through that certification.

That was one hands-on, it was all multiple choice, but it was pretty good to kind of get at least an overview of what a SOC analyst does. Yeah. So with your SOC analyst work, are you MSP or do you work for one organization or?

[Trent Williams] (26:43 - 27:40)

Yeah, MSP. So multiple different clients. So it can be, that's why there's so many different technologies and it can be a new scene tomorrow.

It can be one they just made, like Waza is a that's open source. So people can actually get that on GitHub, spin it up, practice. I recommend doing labs.

I looked at Josh Matakor's SOC, implementing a SOC in Honeypot and I set that up, got that on GitHub and it's easy to follow. It's easy to follow and that's experience right there. You're seeing how the alerts come in, you can see log analysis and that's a good way to get your feet wet.

And you get Azure experience too. You can say, Hey, I've done cloud, use Sentinel, see the same in Azure Sentinel and you can go through logs and stuff like that.

[Kyser Clark] (27:44 - 28:23)

Yeah. It's gotta be hard to manage all those clients at one time. I imagine it's gotta be very difficult because for me, I have a bunch of clients as a pen tester, right?

But I'm not working on a bunch of clients at the same time, like you are. I have one client a week or maybe it's two weeks or maybe three, it depends on when they engage in this, but it's like I have one client and then they get all my attention, a hundred percent of my attention. And then when I'm done with that pen test, I move on to the next client and then I give them a hundred percent, but I feel like you have multiple clients that have had to split up your attention.

So that's gotta be extremely challenging, divvying up your attention across all those clients.

[Trent Williams] (28:23 - 29:18)

That's right. And it's having templates and things like that in place. And sometimes when you have alerts come in, you may see some of the same stuff.

Like, let's just say, for example, you have a conditional access policy and they're used to you logging in the US and now you just traveled to Mexico and you log in there, but you already got it approved. It's going to flag on the scene probably like two, three times a week, but we can go ahead and consider that a false positive, add the notation to it. Like, Hey, this is already verified and approved usage, close that out.

So it can make it a little bit better when you have multiple alerts and things coming in. If you see a system and you already have documentation, but if it's a lot of different things coming in and it's all different clients and it's like some advanced stuff, yeah, that was the best case you can take a while that alert fatigue kicking in.

[Kyser Clark] (29:20 - 29:30)

Yeah, I believe that. So is there, I mean, is it always alert fatigue? Like, do you have any downtime at all?

Like, or is it just like ticket after ticket, never nonstop?

[Trent Williams] (29:31 - 30:32)

It's different days. So I work 14. So it'll be like, I would say two days busy, two days.

Okay. Not too busy. You might have one kind of lax day.

Like it might be a not a normal business operating day, like a Sunday or something like where like this ain't money through Friday nine to five. So it'll be a little bit better. So yeah, it depends on the days, but yeah, it can get, it can get there and it depends on the team too.

Some, some, some people work in really big teams probably have 90 people on the side and they probably get one ticket a day, two tickets a day, but see, we got a small team. So we might have seven people on the team completely. Right.

But on the shelf, it might be two or three people. So all the alerts really coming in and everybody's spread thin and when you might have 50 clients, so yeah, that's a lot of work between a few people. So it get like that sometimes.

[Kyser Clark] (30:35 - 30:47)

Yeah. Interesting. That's, that's good to know.

So as a SOC analyst, do you have to, do you have to like write reports and give them to your clients at all? Or how, how, how do you talk? How do you engage your clients?

[Trent Williams] (30:48 - 31:50)

Yeah. So we engage with clients like kind of like how we're meeting now. It'll be like zoom or teams or whatever video conferencing platform that they're, that they want to use.

But the great thing is what a lot of these scenes, they can't generate reports, reports like Splunk. All these scenes have those capabilities, what majority of them, not all of them. And they can tell you like how many alerts for that week or how many for that month?

How many was false positive? How many was true positive? Who was the repeat offender?

Like, let's say you have a lady named Kathy. She keeps clicking fishing links and get her account messed up. You're like, y'all got to talk to Kathy.

So you can go over those things with the client. Once you get that report, you can say, Hey, everything looks good, but these are the points that we want to stress. We was able to block this, was able to get disseminate alerts coming in, those types of things.

It's basically a summary. And usually it's monthly is what we go over the monthly numbers. Yeah.

[Kyser Clark] (31:52 - 31:55)

And, uh, do you work remote or do you work in person?

[Trent Williams] (31:56 - 31:56)

It's hybrid.

[Kyser Clark] (31:57 - 31:57)

Hybrid?

[Trent Williams] (31:58 - 31:58)

Yeah.

[Kyser Clark] (32:00 - 32:00)

Deal.

[Trent Williams] (32:01 - 32:13)

Do you like the hybrid or like, I like, I like fully remote, but it's like, yeah, fully remote is more home work-life balance and no gas. So I'm an advocate for that. Yeah.

Yeah.

[Kyser Clark] (32:13 - 32:48)

I have a full remote job. Well, it's almost full. It's it's almost full remote.

I have to travel very, maybe like three or four times a year. I have to travel. And then other than that, I have to do remote work, which is, I love it because like, yeah, being remote all the time is really nice.

And then like the, the weeks where I get to travel, it's like, it's super nice too. He's like, Oh man, I actually get to talk to humans now for one. So it's a good break from being at home all the time.

But I was just curious, cause I didn't know like what the, is there, is there a lot of remote jobs out there? Or are they almost all hybrid?

[Trent Williams] (32:50 - 33:17)

Uh, most are hybrid in a, in a sock environment. Yeah. Because one, because of the training and, um, the dependability, because if someone calls out or something happens, it's like, they need to be able to get to these, these people.

They want you to be kind of close. So, um, it's always operating 24 seven. So I I've seen some fully remote, but most I see hybrid or on site all the time on site for sock roles.

[Kyser Clark] (33:18 - 33:47)

Yeah. I have a good friend who's also a sock, uh, well, he's not a sock, you know, she's a cybersecurity analyst. I guess it's kind of different, but he's also hybrid as well.

Or he works remote a lot of the time, but he also still has to go on site and, and do stuff too. So do you work? So is your hours consistent at all?

Like, is it like, are you on like day shift one week and night shift next week? Is it, is it consistent at all? Or is it kind of like all over the place when it comes to like your hours?

[Trent Williams] (33:47 - 34:02)

Yeah, it's, it's consistent. So it's like a Sunday through Wednesday, 10 hour shift. Um, yeah, if it was all over the place, I wouldn't know what to do.

I wouldn't be able to make no schedule or anything. I'm like, I don't know if I'm working nights this week, morning this week, that'd be hard to manage.

[Kyser Clark] (34:02 - 34:44)

That's good. That's good. Cause that would be hard.

Cause I don't, yeah. My, my brother, he's not in cyber at all, but he has a job where he's like flipping from nights to days all the time. I don't know how you do it.

Like I call him randomly and I'm like, he's like, Oh, I'm at work. I'm like, I'm sorry, man. I didn't know.

And then like, sometimes like he'll message me at like two in the morning. I'm like, bro, what are you, why are you up? Like I should be in bed right now.

I shouldn't be seeing this, but why are you up? Yeah. So that's good that you, you get a consistent schedule.

I actually, before I was in the cyber world, I worked four 10s. It was Monday through Thursday, four 10s. It was a really good work schedule.

I didn't like the job and didn't have any passion about it, but I did like my three-day weekends. It was really nice.

[Trent Williams] (34:45 - 34:51)

Yeah. Yeah. It's good to have that time, man.

You can decompress, relax. Yeah.

[Kyser Clark] (34:53 - 34:59)

All right. So final question, do you have any additional cybersecurity hot takes or hidden wisdom you would like to share?

[Trent Williams] (35:01 - 36:24)

I would just say, you know, continuous learning. And I would say, don't get discouraged about the challenges. You know, I failed certifications before I've had interviews that didn't go well, but I learned from it, you know, and I use that as motivation to do better on the next one.

Or like, Oh, I didn't know this. I understand my weaknesses now. Let me focus in on that more.

So it's a, it's a tough market. Like everybody's going to say it, but like you have a lot of certifications. I have a few certifications, but the thing is I'm gonna still get more, you know, it's, it's just about the learning.

It's about, you know, knowing what's going on, because if technology is the main thing we use every day, it's important to know how it works. You don't want someone in another country without a power. Like I know how to work a computer.

I know how to do everything. We don't know anything over here. Like we need to be on top of it.

So I would say don't, don't get discouraged, continuously continuous learning. And it's so many free resources. Use those free resources.

We had 24 hours in a day. You know, I know a lot of people got families and they work. I be busy all the time as well, but 24 hours is a long time guys.

You can, you can, you can, you can open a book and do it. You can do a chapter and get some knowledge. So, you know, just, just keep at it.

That's what I say. It's not an easy road for nobody.

[Kyser Clark] (36:25 - 37:20)

Yeah. I'm glad you brought that up, especially like the getting discouraged. Cause I had a moment where like, or just recently, like, like where I'm like, oh my gosh, like, am I even doing this the right way?

Like I like, cause I failed a certification recently and I'm like, how did I fail this? I have 14 other certifications. I'm like, then this one particular one's like, just really hard to get over the hump on this one.

I'm like, man, am I, do I even know what I think I know? So it's easy to fall in that trap of getting discouraged, but it is part of the process that happens to everybody. So if you, if you do fail, like just now, like everybody in the field fails at one point, it's just, you know, you just gotta get back up and, and get back into it.

Cause it's a never ending learning process and it's going to just don't want to get to you too much. And yeah, I agree, man.

[Trent Williams] (37:21 - 37:59)

And I will also say, ask questions, you know, everybody says no dumb question. You know, a lot of people in the community are willing to help. I know imposter syndrome kicks in that happens to everybody.

It's going to be something that somebody does not know, but we have a way to learn it. And we have chat GPT now. Hey, dumb this down.

Like I'm five, you know, like both overflows used to kill me. I'm like, Hey, dumb this down. Like I'm five.

I don't know the pointers. I don't know. This is too much right now.

Like, let me start over and let's, I had to watch TCM. See, I'm glad TCM is doing what he's doing in the community because he definitely made that easier to understand.

[Kyser Clark] (38:00 - 38:21)

Yeah. That's how I learned Buffer overflows too. Cause I didn't know either.

And I watched the video and I was like, dude, this makes sense to me. Like, so yeah, I agree with you there. All right, Trent.

Well, thank you so much for your time and, and your attention to this episode and thanks for being here. And, uh, before you go work in the audience, get ahold of you if they want to connect with you.

[Trent Williams] (38:22 - 39:02)

Awesome. Yeah. You can, uh, you can follow me on LinkedIn under Trenton W.

Um, you can also review, um, some of my blogs on medium, same thing, Trenton W. Um, you to me, I have free course there. Um, you know, that's quick guide to tech and command line basics.

Um, that's pretty much it. You know how much, Oh yeah. And get hub, check out, get hub.

That'll give you some experience about how to get your VM ready to go and do some windows server. If you want to be sys admin or do something in Azure. So that'll be something y'all can play with and sock in a honey pot.

So that's it.

[Kyser Clark] (39:03 - 39:23)

And audience best place to reach me is also LinkedIn and my website, Kyserclark.com audience. Thank you so much for watching. Thanks for listening.

If you haven't shared a show with your friends, it would help the show out tremendously if you shared a show. So please share the show and, uh, hopefully I'll see you in the next episode until then this is Kyser signing off.