[Albert Corzo] (0:00 - 0:24)

That's why 70% of the infections come from fishing because fishing and do you know also many people still get trapped or get hooked by the Nigerian Prince or But it's still working in 2024 it's like crazy, right And I did some investigation. It was so funny.

[Kyser Clark] (0:24 - 2:06)

Hi I'm Kyser Clark and welcome to the hackers cash the show that decrypts the secrets of offensive security One bite at a time every week. I invite you into the world of ethical hacking by interviewing leading offensive security practitioners You are a penetration tester bug bounty hunter red teamer or blue teamer He wants to better understand the modern hacker mindset whether you are new or experienced. This show is for you Hello, hello, welcome to the hackers cash, my name is Kyser Clark I have over six years experience in cyber security and I currently work as a full-time penetration tester Also known as an ethical hacker and I'm here to help you grow your hacking and cyber security knowledge today I have Albert Corzo who has over 22 years experience in tech and IT He currently works as a cyber security project manager and does freelance bug buying work on the side for certifications He has the EW PTX the PMP.

That's the project management professional Security plus as well as a lot of other related training He's also the host of the coffee and pizza podcast and that's kind of how me and him got together He asked me to be on his podcast. I'm gonna be on episode 19 so if you want to check that out definitely check out the coffee and pizza podcast and that is coffee and And so the in ampersand ampersand pizza podcast So if you're looking it up, I will put the link in the description of this episode so definitely check that out if you want to hear more from Albert so Albert, thank you so much for taking time and doing this episode with me and I'm look forward to our discussion So go ahead and introduce yourself to the audience and want to your background

[Albert Corzo] (2:07 - 4:01)

The first thing is like thank you very much because you did a very good pronunciation for my surname But it's no easy for you Congress for it And the second thing is like thank you very much for the invitation, you know for me It's a pleasure always take my time share my time with a professional like you because you are a full inspiration for many people you know because the people can hear a podcast in the 19 because it's full inspirational because I believe your background and your story can be use it for many people and that's that's very make me very proud have the opportunity to share that time with you and If you want some highlights for me, you know, I hack it the government United State government couple of times and I started as a Professional or cyber security for accident because one of my favorite things to do is hacking I started with 16 and I started hacking some companies around the world because when I was younger doesn't access the platform like hack the box to try hangman something like that and The only way to do it is like doing illegal things and what if that's what I did I get trapped it for that work and I started to collaborate and stay with many we can say in the gray line understanding what the Criminals are doing and what tools are using and it's one of my area of my expertise and Something you mentioned that I tried to get the last certification because also is important We can discuss about that if you want to run the episode, but it's important have some certifications because most of the companies are looking for professionals that need the certification and cyber security is a question of confidence with the other person right and The certification always give you that the paper like okay You are able to do like that same when you are driving a car. You need your license something like that And that's it guys, sir And

[Kyser Clark] (4:03 - 4:18)

Yeah, so thanks for thanks for walking through your background introduce yourself a little bit there So one thing that really started to me was you said you hanked the government a couple of times the US government a couple of times so can you Can you explain like what that is and like how that can it be and like what how did you end up doing that?

[Albert Corzo] (4:19 - 7:42)

And just give me the whole story on on how that happened Yeah, you know, I was always working in the same I mentioned you before in the greyhawk site, you know and Always try to understand how the criminals are working because after my 20 years of experience Give me the opportunity or give me the knowledge to know how the criminals are working. What is the the vectors of I enter to the companies how the company is always is taking care of the of the of the things or or the things inside of the company most of the time and then gives it the Way to understand the wide vision to understand how the companies are working and where it's leaking most of the time security things most of the companies have a huge teams of developing teams serious Teams and you know, whatever but when you have experience like me you can go and find holes or Forget it things we can say most of the companies are taking right and it's one of the reasons of iPhone inside of the government website is like, you know when you have a bunch of subdomains always you miss something you forget something or you miss like authentication or maybe you failing in your how you trade your your your files, maybe you are exposing your HCC passwords or maybe you are exposing your something of the done done to need to be exposed right and That's something easy. If you know where you need to go to to do it.

It's like a cherry picking we can say but Most of the times it's easy for you have experience. That's a it's totally legit because I did do it background Background BDP program and I believe if someone won't start and want to understand how the companies are working Something like that. First of all, always I say Understand how the company's it's working in the background.

What things do you have? What is the platform do you have behind and everything and after that move to to try or maybe? try your skills inside the platform like a background or Try hack me Sorry, this is not about the program like background Integrity hacker one or most of them because this is give you the possibility to understand a real world many times when you are playing with the platforms like try hack me or or hide the box or pentest labs or burp suite or This kind of platforms where you are training your skills.

You don't have web application firewalls you don't have Most of the EDRs one of the security things most of the companies are having today then It's important to to try your skills inside of the real world to see what is happening you're right and same before I was mentioned you important to have a Certification it's important to have certifications, but also it's interesting if you arrive to some job offer and also you have some if you have some VDP programs in the Hall of Fame something like that We will help you to push because show to the company you have experience in the real world and that's important for many companies

[Kyser Clark] (7:44 - 8:21)

Yeah, I can see that 100% Especially with with these training platforms that you said they don't have the the defenses in place They're vulnerable on purpose for as a bow bounty program.

It's not vulnerable on purpose so you have to dive a lot deeper to find a bounty so With bug bounty hunting so you do it on the side. It's not your full-time position So how much time are you spending on both bounties? And are you do you have like on a schedule or do you kind of just do it like, you know?

All willy-nilly or it's like hey I just feel like diving a boat bounty on this particular day or do you like kind of schedule your time on both bounties? Like how do you approach both bounties?

[Albert Corzo] (8:22 - 13:17)

Even though you have a full-time position in project management That's a really good question, thank you very much guys So because most of the people always is trying to do some Bounty program something like that and don't know how to how to approach right the first thing. It's Understand the scope because maybe you are doing something not legit and that's big can make you not have a hunter It's like may you in a criminal and no one to no one want to answer the jail, right? then when you understand the scope first of all, and the first thing always try to my main problem when I go to back bounty is I lose my focus because always I find many many many things and always it Try to go to somewhere and try to go to somewhere I move to another one when once born every it's hard for me to find it.

I am what's another then That's why I prefer to sometimes to do platform like try hack me or or hide the walls or whatever that because make me the Keeping focus or the follow the Potter and you need and finally it's better for learning But back bounty always can be the your playground, you know, because if you take black bounty as a professional job it can be hard and frustrating because most of the you need to understand you are fighting against one of the most professional cyber security around the globe then that's the first thing and the second thing is like That's my point. It's paid with payments.

It's sad, but is it true and With maybe for you need to take a p3 p3, maybe it can be xxs store it and he said it's a difficult one Some companies will pay you. I don't know two hundred dollars three hundred dollars But for find these vulnerability, maybe you need to pay pass the WAF and this is not an easy thing easy thing, right? Maybe you spend it in this rabbit hole or whatever when you prefer to say maybe two weeks and two hundred dollars for two weeks I believe it's no not a big money for many people, right and Then when you understand how the companies are working and the first thing is try to understand Where are you going when you reading the scope after that understand how the companies are working first?

Think most of the times try to find some subdomains using some finder or some tools or sale 99 you have a website or Why did I forget the name? then then I don't remember it's apart from where you put a domain and do you get all the Other subdomains and you start to see what is happening there, right? This can be a good approach.

And also you have many broken authentication. This is easy You can create a double accounts you create your own account like Albert in my case and I make an impersonalization of cursor and I have or Albert one Albert two and you try to access two different points with a with a different with where I can give you an example if you have a possibility to do a read a billing you have from your platform and Albert one hand half access to this billing to download the PDF type with a Try with with Albert not with Albert one and see what happens Maybe you can over to to the low and then this is a vulnerability.

It's a bit risk this is a problem in the platform and you you need to you need to use it because Ever the company it's bigger and you do do you have more? platform, it's difficult to Handle the access to the to the positions or the access to the files or the actions to the options Because most of the people forget Jerry over the JWT token is not authentication tokens authorization token then it's authentication but most of the time it's used for for authorization then this authorization give you the access to the company then if someone want to start inside of Panty is like you first of all, you need to understand and this is can be your playground at the beginning and a real world Because that's a very funny thing, you know It's always funny for everyone can say I hate them. I hack at the NASA or the government United States, right? That's funny But it's a good playground and the first try to understand how the companies are working with subdomains How we're using the subdomains why it's using the subdomain try to find all websites Maybe you are able to find some workers forget it for someone because what's created someday for something and no one is taking care About these workers today or try to do broken access authentication try with different accounts and see what happened, right? That's a good good approach to to do it if someone went to do you have a lot of videos on Berkshire, right where you can learn it and if someone want to learn more we can talk about my platform in cyber mentor Institute or Contact with guys or because he have you can see the degrees here and the certification he have it behind That's not something someone give to him for free, right?

[Kyser Clark] (13:21 - 14:02)

Wow, yeah, thanks like detail explanation on bug bounty. So Yeah, it's I always say like I want to get into I just for me It's like it's hard to find a time because I got my full-time pen testing job And then I'm trying to spend a lot of time making content and then I'm trying to spend a lot of time getting more certifications and then spending time on try hack me hack the box and The port swagger why we carry so it's like I just can't squeeze in and maybe maybe once I graduate college I try to finish my master's degree. Maybe I might start dabbling in a bug bounties That's kind of my goal But uh, it's always good to know like bug bounties is like a real-world playground and eventually I need to get away from like the Labs and go in those real-world playgrounds.

[Albert Corzo] (14:02 - 14:44)

Like you said, so it's really good advice And also remember maybe many people get frustrated because maybe you report your p3 after two months So two weeks working behind the scenes trying to find it Started the SSS and you send it to the platform and after that you get like this is duplicated, right? this can be very frustrating for many people because I have experience and I know many people inside of a bounty war and I know box reported two years ago and still their excesses story and I was to say who is the guilty if someone have the exploitation of this vulnerability The owner of the platform or or we don't know right?

[Kyser Clark] (14:45 - 15:30)

Yeah Hey, I wanted to tell you about my new cyber security insider list where you get raw Unfiltered cyber security advice tips and hot takes plus exclusive first looks at my content delivered directly to your inbox Every single week no flow for spam just valuable content head over to Kyser Clark comm Slash newsletter and level up your cyber security knowledge today. Once again, that's Kyser Clark comm slash newsletter There is also a link in the description. Alright now back to the show All right, before we move on to the next topic.

We need to go into our rap fire question round So are you ready for the rapid fire questions?

[Albert Corzo] (15:30 - 15:36)

I will try to do my best Can you remember me? Can you remember me the loon the the roof?

[Kyser Clark] (15:38 - 17:15)

These are it's really a low threat and just say the first thing comes in your mind and we'll don't Don't explain them and then we'll get the opportunity to explain one of your answers at the end So for those you don't know those who are new to the show Albert will have 30 seconds to answer five questions if he answers all five questions at 30 seconds He will get a bonus six question unrelated to cyber security It's the only way to get an off-topic conversation going is by winning the challenge His time is gonna start as soon as I stop asking the first question, so here we go Albert blockchain yay or nay? Yeah, always What was your first computer?

Commodore is 64. Is it okay to get in the cyber security just for the money? Of course it is Is compliance equal to security No Do you think biometrics are secure No, of course not.

That might be the best time. That was that was 24.8 second. That was really fast.

So That was that was really good. So congratulations on Getting the bonus question. So here's the bonus question.

You can explain your answer as much or as little as you want to and It's it's a heated topic among with certain people out in the world Maybe not everybody but with some people will have strong opinions on this one And I'm kind of see it kind of curious if you even have one you might not even have one So here it is. Okay, should the Oxford comma be mandatory?

[Albert Corzo] (17:20 - 17:25)

If you want to explain like the security It's not the same of compliance we can say.

[Kyser Clark] (17:28 - 17:55)

Oh Okay, so you don't want to answer the bonus question. I prefer Oh Well, we can you can't okay. Yeah, we'll just pass it.

Okay, so let's dive into Let's dive into your mind All right, yeah, that's fine let's go ahead and dive into is compliance equal to six security you said no Why do you think compliance isn't equal to security?

[Albert Corzo] (17:56 - 22:46)

Because most of the companies are doing only compliance for the insurance cover coverage, you know But so always I mentioned that the people forget we are not taking care of Computer we are not taking care of data. We are taking care of people That's many companies for God that you know If someone stole your data from the company can duplicate your identity can stole you all your money How many people know listen stories before of someone? I Don't want to use this word but because it's so hard but we can say half a depression or something like that because because half as hack it or something like that for the company for the problem of the company because doesn't really take care of the security of the company and that's dangerous thing that no one is taking care about that and You are only taking care about knowing I need to cover these points and these points and I understand you need to cover some points But the first thing is like you need to understand how the criminals are working Because as you know Kyser 70 70% of the tax is coming from fishing Today in 2024. How can be like that in 24 2024? The people still get it hook it by fishing.

That's terrible. Why because the companies do know I do the The The course or whatever to my company Yeah, but the people inside or just or your security team understand how the criminals are working No, because most of the people have the OSCP have the certification like you whatever I understand this is a very very very good point for understand how the criminals are working You know, that's what I did during these years is like stay inside of criminals Understand the tools are using understand how it's using this tool for why it's using this tour where it's using these tools how do you need to use it these tools because Okay, if I store your data in a SQL injection or something like that or or whatever I take the data from somewhere or I send a phishing and that person don't load Software something like that and in hacking the company. Okay, you get the information you get the data. What are you gonna do with this?

Sell it somewhere It's easy to sell it. It's not because if you sell it you can expose in your entity How you can sell it you need a broker a data broker often How you find out a data broker? This is not easy thing.

That's why most of the companies like many criminals companies are finding always a new blood because if you find a new people you You know don't put always the eggs in the same In the same basket, that's the same if you find more people working for your company It's easy for you because you sell the data Okay, you find some work and someone can do this for you in depth in the deep web Okay, and you get the money back. What are you gonna do with the money?

You need to do this money laundry, right? How do you can do it? It's not easy depending the amount is if it's $1,000 is not a problem, but if you get 300,000 what are you gonna do?

That's that's that's that's a problem right but when the people are start to explain you like that They're like, okay, you need to understand how the criminals are working Deeply to understand how the criminals are working That's why it doesn't really take care about your security or your ADR or your whatever is someone do a click You know, that's something explained very well kevin minnick most of the time because he's really taking care about about this, right? Because it doesn't matter how many money you spend in your property.

You have someone behind Get hit a click inside of their phishing but and today we are need to be more worried about that Not only in the phishing because phishing you have many many tools today You can do broken links or whatever in your platform You have microsoft security where you can send a link and it's broken the link and do something like that For because for the criminals is easy create a hyperlink behind and you cannot see the real direction.

It's easy but What happened with this mission? How many companies you have to platform your your mobile devices in the platform? not many That that's the scope and if I make you the question how many companies is having a security plan for Phishing that's mean someone call you with a fake with with a fake fake face or something like that not many And that's a future Then how how do you take care about that?

[Kyser Clark] (22:46 - 23:56)

Like most of the companies have the recovery plans and this but no one don't don't no one talk about that Right Yeah Yeah, it's really good point you bring up like, you know, we have to understand the cyber criminals and what are the threat actors doing? And that's not really talked about enough Like you said But my question to you is how can someone learn? about cyber crime, how can they learn about what the cyber criminals are doing because the traditional training such as certifications They don't really cover like cyber crime unless you're doing like like specifically threat intelligence They don't really talk about what the cyber criminals are doing In the modern day and the college definitely isn't talking about that They'll kind of give you an overview of like oh like an advanced persistent threat is a nation-state actor Activist is someone who has an agenda Political agenda that they want to push or a cyber criminal is in it for the money But it doesn't really go anywhere deeper than that. How can someone go deeper into cyber crime?

And learn to how the third actors are working and how they can apply that into like their organization

[Albert Corzo] (23:57 - 28:29)

That's a that's a really good question guys because that's something I try to explain to the companies always when I go to the cons to the conference and and I go and and I share my my my my My presentation about that is always rejected because this is like no, this is skip kitties This is skip kitties. It's true But you know, this is skip kiddies I'm fucking on your company, you know That's a that's a terrible thing, you know, that's true And then the first you start to understand how the criminals are working That's the first step to understand how you can protect your company First of all, you can do like adversarial simulation Most of the companies are running pen testing programs, but like you you are a professional pen tester But how many companies do you know because you was working before?

Have adversarial simulation plans And when I say adversarial simulation only I don't send you Okay, we're going to send the phishing and we're going to see what happens No, I want to find someone working in your company I want to go there and I want to send a message for linkedin and I want to say to that person Hey, you know I can send you a email this email have a ransomware Your company don't want to know nothing and I will pay you five thousand dollars How your company going to protect about that? The only way it's trying Right and how you can know or how do you know this is happening?

Because someone is inside of this world and it's explaining you what happened behind the scenes, you know but we need to start to open open doors to that person's it's inside of this world because Most of the time it's like no because you are promoting the crime Sorry, but I am not promoting the crime. That's why I come here to explain you because I am not a criminal I want you can take care about that because that person today opened a link and stole the money of the account Can be your company, but tomorrow can be can be my mom Or your mom right and that's that's terrible. That's a terrible thing You know how many you know, the good thing is I made family and really teach my family to understand, you know My position is it's complicated.

Maybe some companies want something about me because when you are working in this world You know some people contact and maybe can can do something Because most of the time my linkedin account is trying to be stolen and getting emails most of the time and because I am inside of this world and I come to explain this to the people and some people don't really like it because I Open the door to understand how the criminals are working, you know If more people know how the criminals are working more people really take care about how to take care about that, right? and don't really like it and One of the things like my family get emails or get messages like hey mom, uh, you know, I don't have my phone Can you call me here and I always explain to my family don't use these links don't contact with no one Don't open any whatsapp. It's not mine.

Don't open any telegram Don't touch nothing If you don't talk with me before and call me and we have a we have a word right? A sentence for for us, we know and that's something that I do with my family how many companies have this Not many and Then then we need to start from the beginning like before to understand how the criminals are working We need to create the base and the base explain to the people how you can take care of your company How you can take care in this case and what's going to happen when this happens, you know? And the few days ago I did interview with a guy I don't remember very well how to explain he is a versari emulation professional And he have platforms to where you can use this adversari and you have a versari emulation from apd russians You have a versari emulation from china and this is like creating like the malware putting your company and see what happened Because the only way to to know it is that they're like, you know Kyser how many companies say?

No, I have my data very well stored. I say you always try to put a ransomware in your company to see what happened Never why? Because you are afraid of Arrests, right?

But I believe you will be more afraid the day that's happened truly Yes or not imagine someone to call you like, you know, we lose most of the information Okay, you can recover the backup where is the backup in the in the server, right? That's a typical one

[Kyser Clark] (28:31 - 29:08)

Yeah That's funny Uh, so you say that we gotta emulate third actors in to really prepare for this stuff, which is really good advice But you know when I think of third actor emulation, I think of red teaming Is there other ways that's not red teaming that that companies can be doing to emulate their actors because red team assessments are Very expensive especially for small organizations.

They're not going to be able to afford like a real red team engagement what can What are some other ways that they can do to emulate their actors that isn't a full-blown red team engagement?

[Albert Corzo] (29:09 - 32:33)

That's a really good question one, you know uh Why your edr it or your antivirus is able to catch the virus? Because someone put this virus in a database and saying this is a virus, right? Okay, and what's going to happen if someone is using a virus?

It's not in any Platform in any database and for do this you have software Very easy windows is two clicks. You take the malware you put in software camouflage and you have a new x file or pdf Where you can use it? That's easy Everyone can do it like that like a Five years old kid can do this and most of the companies don't know that right?

Then that's that's that's a good point for understand where you can start from the beginning and say, okay The first thing is understand. I don't need to touch here. I need to understand and the most important thing is like Understand your company if it's not hacked It It will it will be right because most of the companies hack it and doesn't know it Because i'm gonna give you something like very very very very dangerous thing.

Don't many people know You know how the threat actors most of the times? People say hi. Hey how someone stole my my my password If I didn't play any any budan, I didn't use anything It's like totally legit software because you know, most of the criminals have money And with the money you can buy things And then you can go to the typical application What 1 million 10 million people are using like a video game typical bubble game or whatever?

And you can say hey you put this source code in that version and if someone Check this source code. This is not a malware. It's everything but in the next version you put this another source code And this it's also nothing but the third version If you put it all the dots together, this is a malware right, but who in google gonna take care a check like if it is working with the other like Do the dots union no one then you have you have you have a And you have that Some something can stole that of your phone or your device or your cookies or everything from your device During 15 days in your device, but the next day you remove this you did Who gonna know nothing this this how the most of the ransomware are more than Info stealers are working Because maybe you play, you know most of the companies this video games is not making a lot of money because only taking One cent for the usage of the people for the ads and it's not a lot of money Then if you pay 5 000 or 10 000 How much the people are going to pay you for a database of 10 million devices infected in the in the dark web? I can tell you around 100 000 200 000 then How you can trade? How how how you can protect about that I believe it's impossible I believe it's impossible.

[Kyser Clark] (32:33 - 32:37)

Yeah, it's it's it's very hard. Um, Go ahead.

[Albert Corzo] (32:37 - 36:36)

Go ahead. Yeah, i'm taking and coming back to your to your question before is like how because this this is the beginning of a Question like why I need to waste my time doing pentesting when I can put for five thousand dollars um ransomware in 10 million devices That's why Exactly. Why i'm going to waste my time trying to find sql injection reflected Or stored or whatever you want prefer to say in a website When I can pay 400 to someone from india and give me the access to the database Why I need to waste my time trying to find a storage xss when I can do AdSense of with your clone of your website with a good good AdSense and When the people go to your company and say I need to log in in the front page Go to login in AdSense is the first one access is the same website. No one really take care and you Get the get the user and password And also the multi-factor authentication Because you get us uh later you're going to take the the cookie and when you have the cookie, you know The cookie sometimes there's like 15 days or in the best scenarios, you know, many many companies just like never Never never expire the cookie maybe one year or something like that. And that means you have access to the platform one year Then pentesting is really really good tool.

I really love pentesting, but we need to understand Criminals don't want to waste the time there because you have Ways to do it easiest that one And the people think okay, it's very difficult to arrive to this software or is it very difficult? It's not difficult. You only need to go to telegram You have telegram where you can buy and you can buy this software as um, uh, um as a server around somewhere as a server and you can pay like You have different for example raccoon, do you know raccoon is very very famous, uh, Info stealer.

This is around 100 to 150 uh monthly and you get your dates because these people from raccoon is doing your dates because the same i've mentioned you before you you don't want to put all your eggs in the same basket because later you need to Do the money laundering and clean the money and this is difficult part You find many people can do it and later you handle that and maybe I get only the percentage but you have also groups of criminals pay you for go inside of the group and give you all the things because Depending on the country where you are It's it's easier, right? That's why many companies is moving to a different locations Because you don't have interpol for example, taiwan. I believe doesn't have interpol then You are you are able to do whatever you want to do there or a few days ago or one one friend of mine because I was living in in thailand because I Really like to study this and one of the things I was living in thailand is try to study this world And you know what doing one of the people it's going to cambodia because it's just a border And then you buy the same cars there When you buy the same cars you move to the border you enter to thailand No one knows because this sim card doesn't have case I kc or something like it's totally Totally free you go to buy whatever. Okay, and then you buy 100 or 200 sim cards.

You don't need to buy you go to the people and say hey Can you buy this sim card for me? It's like five dollars I pay you six dollars seven dollars and someone do it for you. And when you have the 100 or 200 sim cards You can hear me

[Kyser Clark] (36:37 - 36:39)

Yeah, yeah, i'm sorry

[Albert Corzo] (36:39 - 38:53)

you you take the sim card you move to another country and You have the same connection because you are able to arrive to the antenna from another country because the border is something physical we put it but the the The border doesn't the antenna doesn't know if you are here or you are 100 meters at the front right and you are able to do like scam callings and if someone is trying to Follow the sim card from where it's getting whatever it's so hard because you know You buy you bought this sim card from many different people Many different locations and you are also in another country Then it's easy, right?

Like the same I mentioned you before like criminals don't want to waste time doing this difficult difficult stuff That's why 70 of the infections come from fishing Because fishing and do you know also many people still get trapped or get hooked by the nigerian prince or The people spend the money but they're still working in 2024. It's like crazy, right? And I did some investigation.

It was so funny someday someone sent me a message like an email We hacked your computer. We have all your pictures. We have everything you need to send this money to to this To this bitcoin account Okay, I have the bitcoin account and I use my maltego to the investigation of the bitcoin account this bitcoin account in the last 72 hours Get it.

I believe around seven thousand and eight thousand dollars Because some people are sending the money Imagine how crazy it is how much you need to work to get seven thousand dollars These people is getting seven thousand dollars in 72 in 72 hours Only 72 hours and this email because I believe like maybe it's using a different different number for bitcoin bitcoin numbers like Imagine how why do you need to do pentesting when you can do mail?

[Kyser Clark] (38:55 - 39:45)

Yeah All right our well, man, that was a lot of insights and and Information you just gave to me in the audience. Um, unfortunately, we don't have enough time for the final question I normally like to ask everyone which is additional cybersecurity hot takes and hinduism But you had so many hot takes and hinduism in this episode that I think it qualifies for the final question. So The last question here is going to be where can the audience get a hold of you if they want to connect with you Uh, do you have my you know, one of the things uh, maybe I don't know how many time we we need we have more Uh, yeah, usually Um, yeah about we're running out of time now Unfortunately, I can't I keep my my podcast episodes are generally shorter.

Okay. I try to keep under 40 minutes

[Albert Corzo] (39:45 - 40:34)

Okay guys, I will I will try to do the shortest as possible the first thing like, you know, uh many times people are looking for When you are in this world, like you hear people like me you you hear people like you're like wow I want to contact with that with that person, you know Most of the time it's important to find a mentor in your career or help you and try to find that And that's why I created cyber mentor institute where you can find me there. I have my profile and You can find more professionals like me there and you can contact there Cyber mental dot institute we can put if if you want in the in the episode notes if not, I always have linkedin or my twitter account xx now and Whatever, you know Most of the people can can find me there and always my door are open for try to help someone Is looking for this information or whatever?

[Kyser Clark] (40:35 - 41:10)

And also my podcast Great And audience the best place to reach me is my linkedin and my website Kyserclark.com audience Thank you so much for watching. Thanks for hanging out Hopefully got a lot of value out of this one. This one was packed with a lot of information and uh, Thank you so much albert for bringing your wisdom on to the hacker's cache really appreciate your time And attention to this episode audience If you haven't shared the show if you haven't shared the podcast yet with your friends, please do so that would help out the show Tremendously and hopefully I see you on the next episode.

So until then, this is Kyser signing off