Ep 24 FULL

[Simon Exley] (0:00 - 0:24)

I think looking back I think we thought cyber security was only hacking and I think we thought that was all all it was it wasn't anything our cyber security was we're gonna hack you and then that's it we didn't actually know that there's multiple other avenues of it risk governance all of that sort of thing so so as well we didn't we didn't look into it deeply enough and it's our fault at

[Kyser Clark] (0:24 - 1:49)

the end of the day hi I'm Kyser Clark and welcome to the hackers cash the show that decrypts the secrets of offensive security one bite at a time every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners if you are a penetration tester bug bounty hunter red teamer or blue teamer who wants to better understand the modern hacker mindset whether you are new or experienced this show is for you hello hello welcome to the hackers cash my name is Kyser Clark I have been in the cybersecurity field for over six years now and I currently work as a full-time penetration tester also known as an ethical hacker and I'm here to help you grow your hacking and cyber security knowledge today I have a very special episode because this is the first episode that has more than one guest so we have Clint & Si The Hackers they have a YouTube channel as well so if you haven't seen their YouTube channel definitely check it out it's a quality content good job on your guys's videos and you guys are put out good content so definitely check them out if you haven't seen them already so both of them have two years of experience and they both work as penetration testers and they both have a bachelor's of science in computer science for certifications Simon has the CPTS the EJPT and the ICCA that's the IME certified cloud associate introduce yourselves to the audience guys and yeah walk to your

[Simon Exley] (1:49 - 2:19)

background sure Kyser thank you so much for having us on so I'll go first my name is Simon I originally come from South Africa I started computer science at the University of Stellenbosch there and then got the call to move to the UK and started a career in cyber security as well as my colleague here Clint he also got the same call from the same recruiter so I'll pass it on to Clint to quickly talk about his background and how he got to London as well thanks so

[Clint Elves] (2:19 - 2:37)

also Stellenbosch University started a degree in mathematical sciences but switched to computer science in my second year and yeah moved to London started this job as a pen tester and haven't looked back nice so you so that call that

[Kyser Clark] (2:37 - 2:55)

you got to move out there and be become pen testers how did that come to be because you guys were in software engineering prior correct so how did how did you guys go like why did the recruiter call you specifically because I feel like recruiters typically only call like other pen testers to do pen

[Clint Elves] (2:55 - 3:53)

testing work so how did that kind of be so basically we had done a bit of work as software engineers and we had also luckily put ourselves out there on LinkedIn which was quite cool I think that's how they found us and we actually weren't hired as pen testers originally we hired as more like consultants for cyber auditing and they were just interested in our technical knowledge not specifically cyber like pen testing skills so we did the interviews and we flew over after passing them all and yeah we started our work here and then we realized that we would like to go into pen testing a bit more so we decided to switch over and there was a team of pen testers in the company and we quickly got into that and started our work there nice so let's go ahead and dive

[Kyser Clark] (3:53 - 4:29)

into the rap for our questions hey I wanted to tell you about my new cyber security insider list where you get raw unfiltered cyber security advice tips and hot takes plus exclusive first looks of my content delivered directly to your inbox every single week no flow for spam just valuable content head over to Kyserclark.com slash newsletter and level up your cyber security knowledge today once again that's Kyserclark.com slash newsletter there's also a link in the description all right now back to the show are you guys ready for the rap

[Simon Exley] (4:29 - 4:37)

fire questions yes let's go they're intrigued see what they are they it's

[Kyser Clark] (4:37 - 5:46)

always a good time let me pull my stopwatch here all right so those who don't know the audience members Clinton Simon will have 30 seconds answer five questions and if they answer all five questions 30 seconds they will have a bonus six questions so this one's gonna be a little bit different because we have two of them we have two guests here so in order for them to move on to the next question they both have to answer the question so they're actually going into this at a disadvantage because they have to have two responses before we can go to the next one so we'll see how it plays out for them I'm excited to hear the responses and for you guys you guys can say that the same answers if it's the same and then you can also don't explain your responses well whatever your most interesting responses we'll talk about that but for the rap fire just just say the first thing comes your mind sure all right and your time is gonna start as soon as I stop asking the first question okay here we go what is the most useful certification I think the most useful certification would be

[Clint Elves] (5:46 - 6:07)

the OECP I also think so it's a HR gateway favorite type of pen testing Oh physical I like to go internal most annoying cyber security myth it's easy to

[Kyser Clark] (6:09 - 6:15)

yeah on a scale from 1 to 10 how important is a college degree for a

[Clint Elves] (6:15 - 6:39)

cyber security career today one yeah it's one not that important greatest hacker of all time tough one that's which Chuck I would have to say

[Simon Exley] (6:39 - 6:59)

that Stuxnet guys or all those Russian guys that hacked the u.s. and then drove around in there in the Audi's they were pretty the Russian gangs I don't know their names though but yeah just how they just don't care there was also that

[Clint Elves] (6:59 - 7:04)

Korean guy that started that marketplace oh yes so bro that's also good but he's

[Kyser Clark] (7:04 - 7:56)

more of an entrepreneur all right so I when you answered stuck that I stopped the time because that was really the end of the answer there I started count the explanation in your time and you guys got one minute so I'm gonna give it to you because you guys are combined and you guys like if you guys were by yourselves I would've been 30 seconds apart so I want to give it to you even though you had had it at a minute but you guys had two responses so I think that's double the time allotted I should I should have said that before but I want to go ahead give it to you because we got to get to the most pressing question of all time which is our bonus question you can answer you can you can explain this as much or as little as you want to so if don't feel any pressure to explain your answer but if you want to feel free so here it is should toilet paper hang

[Clint Elves] (7:56 - 8:26)

over or under yeah without a doubt me I actually don't care did I've seen so we flatmates and I take it off and I switch it really a certain way it's a

[Kyser Clark] (8:26 - 9:08)

process oh man I think the perfect question for this one man that was that was great yeah so for me I deep down inside of me I do not care but I always put it over because other people care so like like if I'm expecting well I just put it over all the time I just get in the habit of that because like if a guest comes over I don't want to like look like I'm a barbarian or something or like like if I'm at like work and that's my responsibility to change like the toilet paper roll if I'm not like on an insight person job then I will you know put it over because other people care if other people didn't care I wouldn't care that's kind of how I kind of deal with it I've never ever thought

[Simon Exley] (9:08 - 9:11)

about that not once in my life

[Kyser Clark] (9:21 - 9:37)

and one can make the argument so fun fact is when when they made the patent for the toilet paper roll the patent images have it over that's why people say it's over but personally yeah I don't really care what happens if you don't have a

[Simon Exley] (9:37 - 9:42)

toilet roll holder and it just sits on the floor or something it has to be

[Kyser Clark] (9:42 - 10:09)

vertical then surely that's the that's the worst crime you can commit well all right well you you guys is most interesting response I think was on a scale from one to ten you but you guys both said one for the cybersecurity college degree so why do you think a college degree isn't important for

[Clint Elves] (10:09 - 11:18)

cybersecurity careers well it's like okay so first of all you there's so many different types of things you can study in college under computer science I mean where we studied there was a course available computer science with a major in genetics which is even less to do with cybersecurity and pen testing we didn't learn I mean we learnt networking for about we did a six-month like module on networking which was the closest thing to the work that we do now where we learnt about like the OSI models TCP IP models and how different protocols work but other than that it was mainly coding and that helps with scripting and stuff but it's not gonna help you like get any real practical experience I wouldn't like trust somebody coming out of a three or four year degree on computer science to actually pen test the network but doing a course like the OCP or CPTS a few months and yeah you could actually do pen testing so yeah I

[Kyser Clark] (11:18 - 12:27)

agree with you on that my my thoughts like I have a college degree as well and cybersecurity I'm actually working on my master's degree in cybersecurity I'm actually very close to getting that done and it's it's not really come like it's not really coming into my day-to-day work I mean the things that came into my day-to-day work for my college degree was like I had to learn how to use Excel for my statistics class and that really helped me out like know how to use Excel because I didn't use Excel prior to college so that that helped out a lot but when it comes to like the actual pen testing and stuff it doesn't really help me out at all but at the same times I chose to go into a non-technical cybersecurity degree my degree specifically cybersecurity management policy so I want to learn more GRC stuff so it helped with that like learning a lot of the GRC stuff that I do see in my day-to-day job so I guess it depends on like the lens but I don't think I don't think you're gonna learn pen testing from a college degree I think I think a college degree is really meant for like like like what I'm using it for for the GRC stuff like the legal and the policy type stuff sure I think it's just because pen testing at

[Simon Exley] (12:27 - 13:02)

the end of day is extremely practical and every test you do is completely different and you can't boil it down to a textbook that I think that's also the problem with courses that you will have a target and you have to attack this target and then you have this preconceived notion that every time you get a pen test you're gonna have a target that's exactly the same as the one you learned about in university or on a course and I think that's where university falls short that they can't teach you that practical side and they can't teach you to think on your feet and that sort of thing yeah yeah I agree

[Kyser Clark] (13:02 - 13:31)

with you so so you guys are you guys work very closely together so I would say most people don't have like like the relationship that you guys have when it comes to like building your careers up it seems like you guys are like building your careers up together you guys work together a lot so what are what are like the perks from your guys perspective on like how it has helped you guys grow and breaking in the field working together yeah so I definitely

[Simon Exley] (13:31 - 14:39)

think it's Clint's is basically my brother from another mother and I'm the same to him and our family share the same bond they've both accepted us as their adopted sons and I think it's helped our careers massively because just the ability to bounce ideas off of each other and Clint this is my desk and Clint literally sits a couple meters away from me so we can always communicate together and we test each other so we'll ask each other questions so that we always staying at the top of our game and that sort of thing and that our manager would never catch us out asking us an easy question and then we fall flat on our face as well as we both share the same passion so we both really enjoy business and an ethical hacking and learning as a as a holistic approach so we love learning we love getting better and bettering ourselves every day and just to share that together makes the journey that much easier so obviously it was hard moving over here from South Africa but there's no one else I would rather do it with and during the hard winter months just having our bond really helped with that and that sort of thing I don't know if you want to add

[Clint Elves] (14:39 - 15:20)

anything yeah it's also cool because sometimes one of us will get good at something and then the other one will get good at something else and then like I guess it's like when I started I started getting interested in photography like in the beginning of last year and that's like helped with the channel and Simon's been I mean I got into cyber security because Simon started doing the eJPT and I started getting interested in that and that's how I started cyber security so when I've usually run into like a war I can ask him for advice and it's really helped so yeah we just work together I guess it's awesome having support I guess yeah yeah it's great yeah like I

[Kyser Clark] (15:20 - 16:21)

said I for me I don't have someone I can pass ideas off all the time like I have a lot of acquaintances but I don't have anybody that's like really really close to me to like just bounce on ideas off of all the time and you know when I was I went into the military and I had made a lot of friends and we all were all system administrators and we all kind of went different paths right like I have you know one friend he became a cybersecurity unless I have one friend who became a cybersecurity engineer I have multiple friends who got out of the military and became system administrators out of the military and I have friends who are still in the military it's like I don't have anybody that like I built a career up with so I think that's really cool how you guys did that and I can definitely see a lot of some advantages because there's sometimes I'm like man I'm on this journey alone and it's a tough journey like pentesting and cybersecurity is a tough journey and having someone there I feel like would just make make the hard times not so hard because you guys are you know motivating and helping each other all the time so that's really

[Clint Elves] (16:21 - 16:47)

cool you guys have done that thank you yeah thanks man yeah sometimes things do get like hectic when there's lots of work we're still trying to do like study for service we're trying to do the YouTube stuff and it gets like a lot and then being able to go for a walk and just talk about it and then yeah like just get it all out and then come back and get back to it that it helps a lot

[Simon Exley] (16:47 - 16:58)

highly recommended Kyser so if you're looking for joining a triangle just move to London and we can just work it out you know you can just come with to the

[Kyser Clark] (16:58 - 17:32)

thing about think about that one I don't I wasn't plan on moving to one anytime soon but I'll get back with you on that one okay I'll be waiting for the call so yeah so like you guys are did you guys plan on like building a career out together like when did that happen like like like you guys were in the same college and did you guys like what did you guys meet each other for the first time like how long have you guys been friends and like did you guys did you guys plan on building a career out together did it kind of just happen so

[Simon Exley] (17:32 - 19:16)

I'll go first so so at uni there was a introductory programming course and I was on the it was the first week of uni so then I went there and I didn't know anyone because it was a new town I wasn't from that town and then I was sitting outside the engineering block at that time and Clint came up and he asked me is this the engineering block for the short course for programming then I said yes and then introduced ourselves blah blah blah and then from that day on we've been friends ever since and that was in 2020 just before COVID and yeah so from 2020 until now and then I think the whole business idea came to fruition so Clint has a farm outside of his family and I would go up to the farm a lot because obviously my family wasn't in in the town where we were studying so I would go spend weekends with Clint and we were sitting at the table one one day and both our families have their own businesses my dad is an engineer and has an engineering business and Clint's dad was an engineer and now is a whiskey connoisseur whiskey maker whiskey distiller Clint can talk more about that but they both they both work really hard and they both instill those values into us so from there we we want to make our parents proud and we want to also be better than them and go further and that sort of thing and we just thought how could we take what we knew then and and do something with that so then we thought it would be a great idea if we started our own security business that sort of thing so so yeah that is the vision in quite a way a way away but the dream one day will be to own our own pen testing firm professional services firm

[Clint Elves] (19:19 - 19:47)

so yeah met at Varsity went through that whole process and then I remember being in the in the distillery and Sai told me that he got the call to come and do a interviews to get through so you can go to the UK and I said congratulations that's awesome and literally an hour after that I got the same call and I ended up going through the same interview process and ended up in London.

[Kyser Clark] (19:49 - 20:14)

Nice what a story that's that's really cool so do you guys like for your skill sets and your knowledge like what are some things that you know Clint's really good at that that Simon's not good at and vice versa like where are some like things that you consider strengths that your your counterpart has as a weakness and if any at all do you have any of that going on?

[Simon Exley] (20:14 - 20:54)

Yeah so I can so outside of ethical hacking and that sort of thing I love to just go on to something I'll come to like dude we need to do this we need this is gonna be the best thing ever and then Clint has this this calming effect where he takes this holistic approach and and looks at the thing with a great lens and and basically comes up with all of the things that could go wrong and brings that to to my attention which helps me balance in a sense and in that way we are able to come to the best possible solution the best possible outcome so I think that's definitely one of your best skills.

[Clint Elves] (20:56 - 21:11)

So yeah so it's the exact opposite for me I'm usually thinking why something can't work and then this guy will get me to actually do something and it ends up actually working and it's great you know so yeah it's a nice balance I guess.

[Kyser Clark] (21:12 - 21:59)

Yeah for my small amount of studies I've seen in like like business partnerships and just partnerships in general like that's honestly like one of the top things you guys can have is like have someone you know like you said have someone like kind of like be the visionary and if someone kind of like bring someone else back to reality you know and think about like what could go wrong so you don't you know fall off the road and die because you're you're overzealous with like your ambitions you know so that's really cool and yeah I feel like I'm kind of like kind of like you Simon where you know I have like a million plans but I don't have anybody like like pull me back into reality I have to do it myself and yes that's really cool.

[Clint Elves] (22:01 - 22:22)

Yeah yeah plus yeah we got different interests so he's also really into like podcasts and like business and he'll follow a lot of guys and I'm like yeah some influencers and then I'm also like into like languages so I like learning like spoken languages not programming ones but yeah.

[Simon Exley] (22:22 - 22:56)

But I definitely think that we've found a harmony now in the in the sense of our YouTube channel because it takes Clint's creative mindset and and my vision of our personal brand because obviously YouTube is a great platform to begin building your personal brand and social media in general so it takes both both our passions and brings them together and I think that's why our channel works so well together and how we are able to grow and we have a big vision for the channel and that sort of thing and it's great to be able to do it together as well so yeah.

[Kyser Clark] (22:58 - 23:22)

Yeah there's I feel like almost there isn't a day that goes by like me I wish I had someone just help me out like with my channel or I wish I had someone help me out like with the podcast you know it's a lot of work and yeah that's really cool you guys are working together and I'm pretty much everything you're like working and the content creation you guys are like seeming like a like a well-oiled machine together you know that's that's really cool to see.

[Simon Exley] (23:23 - 23:44)

Thank you so much I take my hat off to you as well because I'm colorblind so I can't really make thumbnails or color grade videos so that's also where Clint comes into play so I'm disabled and obviously Clint can use his eyes so I take my hat off to you to do all that by yourself is an incredible achievement yeah so yeah.

[Kyser Clark] (23:46 - 23:55)

Thank you, thank you. So what is some of the greatest challenge you guys have faced in your career so far and how did you overcome them like what was like some of the hardest challenges?

[Simon Exley] (23:58 - 25:35)

So when when we landed in England, it was cold. So in South Africa in January in the early months of the year it's warm it's 30 degrees I don't even know what that is in Fahrenheit I think it's 100 degrees Fahrenheit but but yeah so we landed in London it was it was getting dark at four o'clock in the afternoon and we thought in the beginning that we were coming here to do pen testing but when we soon found out that we were doing auditing that's when things changed and that that became the biggest challenge it was how do we get out of this and how do we get to become pen testers and that sort of thing so yeah so that was that was the biggest challenge firstly from from this year as well as leaving our family behind leaving comfort behind safety security all that sort of thing to move to a new country where we don't understand how basically anything works and it's very different from Africa in the sense that obviously England is is a first world country and South Africa is a third world country so yeah so having to learn all of that not having the networks and the connections and the social aspect that we had in South Africa with all of our friends and all that jazz and you're having to start from scratch definitely as character and Clinton I'm actually talking about it today on our walk we wouldn't we wouldn't trade it for anything because it has provided value to us and we have developed as people and as pen testers we've learned a lot yeah yeah so so yeah we definitely value this year but it was very hard so yeah other than that and

[Clint Elves] (25:35 - 25:42)

just studying for degrees and stuff yeah pretty much yeah that's definitely

[Kyser Clark] (25:42 - 26:47)

I mean a lot of people don't do that where they don't where they you know they just move their whole life from point A to point B and that's that's extremely difficult being in the military I've done that several times now I went to South Korea for two years and that was a wild thing because no one in my family has been in the military at least my immediate family so that was like a whole adventure that I had to like kind of do on my own and had to like learn how to because because the United States military is like there's so many different cultures like I learned so much about like you know other cultures and stuff and I was I don't want to say it was a challenge it was a little challenging but it wasn't like one of the base on it but it was a experience that not a lot of people get and that's it's kind of similar to you guys where you guys you know went from South Africa to the UK but I guess how did so you you thought he was going into pen testing and you get there and they're like you're gonna be an auditor and you're like I don't want to be an auditor so how did how did that happen like how did you guys think it was pen testing and it was actually auditing today did they lie to you or did you

[Clint Elves] (26:47 - 27:38)

guys not understand like how did it wasn't a lie necessarily they used a recruitment agency so we did it the whole recruitment process through them and we were given the impression that we would be doing a technical role and I mean based on our background and we I mean they weren't wrong it is technical as in it is cyber security and you have to know a little bit about like well obviously you need to know a lot about the process of auditing companies based on their cyber infrastructure which is important but it's not practically technical as in you're not actually interacting with systems to test their their posture and stuff so yeah we thought it would be a bit more involved but it ended up not being that and I also think it comes down to our naivety

[Simon Exley] (27:38 - 28:07)

and immaturity I think looking back I think we thought cyber security was only hacking and I think we thought that was all all it was it wasn't anything our cyber security was we're gonna hack you and then that's it we didn't actually know that there's multiple other avenues of it risk governance all of that sort of thing so so as well we didn't we didn't look into it deeply enough and it's our fault at the end of the day so so yeah but it was just a

[Kyser Clark] (28:07 - 28:26)

lesson learned I guess read the fine print yeah yeah that's a good lesson to learn luckily didn't hurt you and you guys you guys recovered so did you guys they have to find a new company to work for did you guys like was it the same company you went from like an eye roll to appendix the same one so we were

[Clint Elves] (28:26 - 28:52)

lucky enough to move to the penetration testing team that was in the company and yeah we're just lucky that that was there as an option yeah we we basically went to the the guy that was hitting that team we said that we would like to do more technical roles he asked us about a background we had to pass an interview to get in and luckily it worked out well you liked what we said

[Kyser Clark] (28:52 - 29:19)

in the interviews and we were able to move in nice and so you guys are pen testing consultants can you tell the audience like what like what kind of pen testing you're doing day to day and like what like I guess like the full suite of what kind of pen testing you're doing but like and then let me know like what you're doing the most often right now so we we do everything and anything

[Simon Exley] (29:19 - 29:42)

so we do physical internal web network cloud some hardware some mobile but the majority of it is definitely web app tests and internal networking tests when when the physicals come along and the on-site work is very exciting but they don't they're not as as frequent as the web apps and the internal infrastructure

[Clint Elves] (29:42 - 29:51)

tests so yeah sometimes you also get an assumed breach which is quite interesting because you got to be a bit more stealthy oh yeah red teaming as

[Simon Exley] (29:51 - 30:03)

well we do a lot of sometimes we do DFIR as well so incident response so we get a we get a lot of exposure which is really great especially so early on in our careers just trying to get as much experience as possible and learning as

[Kyser Clark] (30:03 - 30:18)

much as possible nice now since you guys are at the same company do you guys how often do you guys work on several projects at the same time or do you guys always work on the same project at the same time like how often are you guys

[Clint Elves] (30:18 - 31:07)

working together how often you guys kind of split up so I've we really I mean I've worked aside a few times on the same project but sometimes with work it's really hectic you can work on I wouldn't say many projects at the same time you usually don't do more than like two or three but usually you're focusing on just one and if you are doing multiple it's usually like small web app tests or yeah so that's like just static websites sometimes they come along you can do a few but yeah if you're doing like a big internal it's usually you and then like one of the more senior testers that will go and yeah so that's how that testing would be done for like a week or a few weeks yeah

[Simon Exley] (31:07 - 31:32)

now there's always a senior so now more intermediate junior now so there's generally a senior and a manager on each job so if it's a big test we'll work on it together but otherwise it's normally myself a senior and a manager running a test and vice versa for Clinton as well nice yeah it's uh I feel like it's

[Kyser Clark] (31:32 - 32:11)

pretty common where yeah you'll have like a senior like a team lead kind of overseeing all the projects at once and yeah I'm at that same level with you guys like I'm like that dead mid-level pen tester right now so what are you guys doing to I'm assuming you guys are trying to like level up your pen testing game to you know maybe become a senior pen tester and if that's the case what what are you guys doing to try to elevate your careers like is it certifications is it just more hands-on experience in the field like what's what's really like the thing that moves a needle the most free for in your opinion from going up from a pen tester to a senior pen tester yeah so I

[Simon Exley] (32:11 - 33:30)

definitely think in the marketplace as a as a whole it's certifications so so for instance I'm trying to get the OACP the company is trying to sponsor it so so when that comes through I will do the learning for that we've got a business trial now so I've just done a week's worth of that it's pretty much the same as the CPTS just with videos as well as the text-based course content so that next thing I'm looking at trying to do the CRTO I think it is by zero point security or altered security I don't know exactly but but yeah definitely certifications I think is the number one way to get a promotion or if you're looking to move jobs it's the best way to be able to get spotted by recruiters or other or other forms of job applications and that sort of thing and then yeah it's definitely the more you know the better so immersing yourself in as many tests as possible so internal web hardware mobile physical red TV stuff helps a lot so yeah because at the end of the day if you want to get a new job you have to pass an interview so by knowing as much as possible you increase your attack surface for the questions they're going to ask and this helps you land the job so so yeah I don't know if you want to add on to that yeah so I'm

[Clint Elves] (33:30 - 33:49)

busy just doing my CPTS because I'd like to get that under my belt and also just studying basically on every work project that comes along you're learning something new it's a different type of testing the old guys that you're working with your seniors are smarter than you so ask questions and yeah that's awesome

[Simon Exley] (33:51 - 33:56)

and yourself Kyser you have incredible amounts of certifications what are your

[Kyser Clark] (33:56 - 35:45)

tips I think certifications are a top way because certifications are very relevant but I think also on top of that like if you're trying to promote what's in the same company I think one of the biggest things you got to do is you got to deliver value to your clients like you got to have your clients you know give good feedback and you have to have good communication with your clients because if your clients are complaining to your management saying hey you're at pen test you're like what's this guy doing like he's an idiot or like he's rude or whatever it is you know you can't have that kind of you got to have good customer service from my point of view at least in my company and then another thing is like you want to make sure your reports are quality and you want to make sure that your reports are turned in on time every time yeah and that's that's my big focus is like never turn a report in late ever yeah never have a never have a client complain or like give me negative feedback and that's my focus during work and then outside of work I'm also trying to get other certifications and like you said try to branch out into as many other areas as I can it's like you know what about pen testing network testing IOT hacking wireless hacking there's so many other things you can do and I think you said having that large breadth of areas of expertise really helps you because when you're in a consulting world like we are you never know what the clients are gonna want there's so many different kinds of pen testing and sometimes they need you know three or four different types of pen testing at the same time so having that breadth of knowledge I think helps you go from that from the pen tester to senior level which that's just my hunch and that's what I've been working on when I become a senior pen tester then I have a you know a lot more lot more knowledge when it comes to that but for right now that's what I'm that's what I'm feeling and thinking for my own career.

[Simon Exley] (35:46 - 35:58)

That's really good and what certifications are you working on now to help you get to that senior level because you have the OSCP the OSWP you have pretty much all of the the big ones that I know of.

[Kyser Clark] (35:59 - 37:02)

Yeah right now I'm working on OSWA which web app hacking has been very challenging for me because the OSCP passed my first try it wasn't easy but I passed on my first try and I had a really good time with it and going to OSWA which is a web app hacking cert that I failed three times now and it's been something that's in a huge obstacle for me you know so because web app hacking pops up probably more frequently slightly more frequently than network pen testing and I feel like network pen testing is I'm more comfortable doing that because it makes more sense to me but I'm trying to make sure like I know how to do the web app hacking stuff because it pops up you know as frequently as networking or maybe even more and that's why I'm focusing on that and yeah it's just been really really challenging trying to get the web app the OSWA it's it's equivalent in level like it's a 200 level certification as like OSCP but it's like a completely realm a completely different realm of expertise that that's been challenging for me.

[Simon Exley] (37:03 - 37:05)

I wish you luck and I hope you pass.

[Kyser Clark] (37:06 - 37:21)

Thank you. Alright so unfortunately we're running out of time it's been a great episode but we are running out of time so let's go ahead and do the final question so the final question is do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share?

[Simon Exley] (37:22 - 38:22)

Yeah I'll go first. I definitely think if you want to break into the industry learn as much as possible I think LinkedIn is a big one reach out to all the recruiters that you can find in your area or even in your country be open to to moving to different places in South Africa the cybersecurity especially the offensive security careers are very limited there so that's why I had to come over here because there was no exposure down there so you have to be open to that and yeah learn as much as possible post on LinkedIn.

LinkedIn is really good because all the recruiters are on there so so if you post there they'll see and take any job I guess that is in the cyber security field even if you're starting at helpdesk I think network Chuck talks about how he started out as a helpdesk and went to network engineer and then went to offensive security but now he's a content creator so yeah I definitely think learn as much as possible be open to learning it's gonna be long it's gonna be a hard slog so just get strapped in.

[Clint Elves] (38:23 - 38:33)

Yeah and a lot of people think that you need to go for certifications off the bat but there's also a lot of good free resources out there that you should definitely check out first yeah.

[Kyser Clark] (38:35 - 38:52)

Well thank you for that wisdom that is really good advice and I agree with the LinkedIn comment as well like that's how I got my current job it just posted on LinkedIn someone reached out to me and it's been huge that's why I always talk about LinkedIn. So speaking of LinkedIn where can the audience connect with you if they want to get a hold of you?

[Simon Exley] (38:53 - 39:22)

So we our YouTube channel Clintons are the hackers we have a discord channel as well that has got a lot of great people in there so if you have any questions they always help you out they always reply very quickly as well. LinkedIn you can reach us Simon X Lee Clinton Owls, Instagram Clintons are the hackers, Twitter Clintons are the hackers, even tik-tok so so anywhere any of the big platforms just type in Clintons are the hackers and we'll come up. So yeah Kyser thank you so much for having us.

Appreciate it.

[Kyser Clark] (39:23 - 39:44)

Yeah thanks for being here you guys are awesome and audience the best place to get a hold of me is LinkedIn and my website KyserClerk.com. Audience members thank you so much for watching thanks for listening if you haven't shared the show with a friend yet please do so that would help out the show the most right now so hopefully I see you in the next episode until then this is Kyser signing off