[Pat Gorman] (0:00 - 0:32)

And what I would say from what I've heard is do it with a group of friends. I think it's a little more exciting and I got that information from Nomset. So definitely go out there and get with a group of folks and I think that'll be, it'll be better to do it like that than like, okay, you know, let's jump into a program and jump into an app and do it all by yourself, especially if you never did it before.

Hi, I'm Kyser Clark and welcome to The Hacker's Cash.

[Kyser Clark] (0:32 - 2:10)

The show that decrypts the secrets of offensive security one bite at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Hello, hello. Welcome to The Hacker's Cash. My name is Kyser Clark.

I have over six years of experience in the cybersecurity field and I am here to help you grow your hacking cybersecurity knowledge. Today I have Patrick Gorman, aka InfoSecPat. He has over 23 years of experience in the field.

He currently works as a senior penetration tester. He is a fellow cybersecurity content creator. He runs the InfoSecPat channel on YouTube.

He's a cybersecurity trainer slash mentor and a speaker for educations. He has a bachelor's and a master's in cybersecurity and for certifications. It's a long list.

I had to fill some out, but here are the highlights. It's CPTS, CBBH, PMPT, ECSA, LPT, that's the EC Council License Pen Tester, CHFI, that's the EC Council Computer Hacking Forensic Investigator, PJPT, CISSP, SSCP. He has a ton of Microsoft certs, a handful of CompTIA certs, and tons of other training and other certs.

So Pat, thank you so much for joining the show and thank you for being here. Go ahead and introduce yourself to the audience.

[Pat Gorman] (2:11 - 3:36)

Yeah, thank you so much. I really appreciate you having me on tonight. And yeah, you did a really good introduction.

And my name is Pat Gorman, or Patrick Gorman. I go by the name of Pat. But yeah, I've been in the field for, yeah, 23 years in IT, from health desk to sysadmin to network engineer and to cloud engineer, and then segued into cybersecurity.

And I've been doing cybersecurity now for, I want to say 10, 11 years or something like that, I believe. Maybe a little longer, time flies when you're having fun. But yeah, man, that's pretty much it.

And yeah, I have a lot of certifications. Certifications definitely help you grow in the industry, not only in cyber, in every space, from network engineering, system engineering, cloud, etc. And it's a good discipline to have because it shows employers that you can complete a task, not only start something.

So it's just like when you say like bachelor's degrees, master's degrees, PhDs, etc. It just shows someone that you can start something and finish something. But I want to give you one word of advice, doesn't mean you know it.

But we'll get on that in a different conversation. But certifications definitely will look good on your resume, your LinkedIn and your portfolio.

[Kyser Clark] (3:38 - 4:49)

Yeah, yeah. Well, thank you for introducing yourself, Pat. And I mean, yeah, I'll just go right off what you said there.

Like you said, you know, certification doesn't mean you know it. And I agree with that. Because at the end of the day, like every certification, like you don't need 100% to pass a cert.

You only need like a 70, some certs are like an 80%. So when you pass a certification, that doesn't guarantee you know everything about what's in that certification. There's always going to be something that you don't know.

I mean, I've never gotten 100% on a certification. I have 16 certs now and I've never got 100%. So like you said, there's always something that you don't know in that training.

So that's a good point you mentioned. And even people like, let's say I do know 70% of the content. Some people get certs and they forget the content.

And that happens a lot too. I hear in the field, I do my best not to forget the content. Like I really, I think that's one of the reasons why I go after other certs because they just kind of build on each other.

And I kind of continuously reuse the fundamentals. But yeah, it's important that you don't forget the content after you do the training and the certification.

[Pat Gorman] (4:51 - 6:26)

Yeah. I guess I can sprinkle some frosting on top of that. It all depends on what you're doing, right?

So obviously if you started out in cybersecurity and you're like, screw this, I want to go to cloud engineering, be an AWS expert, right? And I went the other way, right? I was a network engineer.

I have a ton of Cisco certs, a ton of VMware certs, a ton of Microsoft certs. Can I still build out ESXi and vCenter? And yeah, I can.

Can I still route switch? Yes, I can. I can still do firewalls.

And that's what I'm starting to put together now of whole Florida Gate training course. But because I always loved network security as well, but doesn't mean I can jump in and like, oh, let's go configure EIGRP. We're going to be configuring OSPF spokes or whatever, like everything that I did 12 years ago, right?

I'll probably have to do show question mark a whole bunch of times, right? So I think that's where obviously staying up to par with what you're trying to learn is definitely critical and building upon that. But I just want to put that out there because don't feel as if you forget something, you're a silly goose, right?

You're not dumb because you forgot something. Because like I said, I forgot a lot of what I learned from 15, 20 years ago, right? Because I'm not using that technology.

I'm not using that skill set today. So just obviously keep that in mind.

[Kyser Clark] (6:27 - 7:23)

Yeah. Yeah, I agree with you. And for me, I have all my commands and my notes and I never memorize the syntax for anything because it's impossible to memorize the syntax for all the commands.

I just got to know the core functionality. You got to know what the name of the command is and maybe a couple points for the command for it to work. If there's a dash or not a dash, what do I do?

I don't know. I'll look it up real quick or go to your notes. And that's why I think detailed note taking is so important because you got to be able to pull off a ton of commands, especially in pentesting.

You got to be able to pull off commands pretty quickly because every engagement is time-based. So I think for a pentester, you have to have a notebook full of just commands and text.

[Pat Gorman] (7:25 - 9:03)

Yep. I think having your own little cheat sheet and yet there's hackertricks.yxc or whatever the hell that site is. And all these different sites to help you and whatnot.

But having your own way of doing it definitely helps because my way of doing it and your way of doing it may be different. So even a tool set, even though we're trying to skin the cat, maybe you skin it with a different tool set than I do. You have your OSWP.

Maybe you learn how to use Aircrack NG and the whole Aircrack suite and all this good stuff. But maybe for me, I'll just use Wi-Fi Pumpkin or Wi-Fi or just a Wi-Fi Pineapple for my engagement. I make these videos because these are real things I do in real life.

And some people are like, oh, that's not real. No, it is real. Some people have silly passwords and you'll be surprised on some of the engagements, some of the wins I got in just a matter of five, 10 minutes just because of a silly config.

And then you have the real hardened infrastructures that you're like, damn, banging myself in the head. But you'll be surprised. I think when I made the video on, I don't remember, some tool I was using and I'm like, wow, was that easy to compromise this Wi-Fi password, right?

It wasn't Wi-Fi. It was something I just did probably a couple of months ago. And yeah, so yeah, I think that that's super critical as well.

[Kyser Clark] (9:05 - 9:20)

Yes. You mentioned your videos and one of the questions I'll ask you is, so what inspired you to create your YouTube channel and what keeps you going? Because you've been going for like over five years now, almost six years now.

So what inspired you to initially do it and what keeps you going back to it?

[Pat Gorman] (9:21 - 12:48)

Sweet. Awesome question. So I started my YouTube channel, not knowing what YouTube even was.

We spoke offline. I'm not your typical nerd. I never use YouTube.

I never did a lot of things that typical nerds do. So I was studying for the PCNSE, which is Palo Alto Certified Security Engineer with a few friends. So for an example, I would be in charge of site-to-site VPNs and you would be in charge of static and dynamic routing, whatever the case may be.

Or someone's in charge of access control lists or whatever, policies or whatever. So everyone, wherever we're really bad, that's what I'm going to go ahead and teach. And I would say, okay, I'm really bad with VPN.

So I want to talk about, what is Diffie-Hellman? What is this? What is that?

Et cetera. And we were studying, we would make a video. It was like four of us.

We would teach everyone the topic and vice versa. And we put it in just Google Drive. And one day, my friend Kenny was just like, dude, why don't you just throw this on YouTube?

I'm like, man, I don't even know how to use YouTube. And the first video I put up was how to install, I think, Palo Alto and VMware or something like that. So that's how I got the journey.

And about the third video, I got really turned off because I got a flag or a strike. I'm like, I have three people that are subscribed, my brother, my dad, and my uncle. You know what I mean?

Why am I getting flagged already? And then I started researching on some content that other people have like HackerSploit, John Hammond. But John didn't do too much back then.

He was doing more coding and stuff like that. And it was more like HackerSploit and ZedSecurity, ZSecurity, and some of these other folks. I don't even think I knew TCM yet back then.

But I was like, okay, how are they getting away with it? And I'm not. So obviously, I didn't know the tricks of the trade.

Instead of saying, how to hack your girlfriend's Wi-Fi or something like that, you had to say, okay, today we're going to be talking about doing an engagement called Wi-Fi penetration testing and just learning how to maneuver the words. And yeah, that's pretty much how I got started. And fast forward to today, how do I stay empowered to keep doing it is making a difference in other people's lives.

That's really, really what's driving me today. If it wasn't for the folks that watch my videos and just say awesome comments like, hey man, I watched your video, I figured this out. Or if it's a walkthrough on hack the box or try hacking or whatever the case may be, it's so heart-touching, especially for someone that when I was coming up in the game, there was not much videos out there to actually learn from.

It was more like, it's more gray box type stuff. And then hack the box came out, try hack me, VulnHub, et cetera, over the wire and all these other platforms. But I didn't have that eight or nine years ago.

So yeah, that's pretty much what inspired me to do YouTube.

[Kyser Clark] (12:50 - 13:01)

What a story. That's great. So you started making videos for your friends for the cert, right?

So what made you want to get that cert to begin with?

[Pat Gorman] (13:03 - 13:28)

That's a good question. So I don't know why, but a good group of my friends, I still talk to them. They're not in cyber, they're more networking, network engineers, cloud engineers.

They always gravitate towards me to get in a group to study. I wasn't working with Palo Alto back then. I wasn't doing anything with Palo Alto.

I was just studying for the exam.

[Kyser Clark] (13:30 - 13:36)

You was in IT at this point, right? When you started your channel, you was already in IT, right? Oh yeah.

[Pat Gorman] (13:38 - 14:45)

So I was a network engineer when I started. I was working in cyber when I started my YouTube channel, but back then I was doing more network security engineering versus ethical hacking type stuff as a job per se. It was more like I was a network security engineer for that same company.

Then I went to director of offensive security. I got that certification just because I was doing it with a couple of friends. It's a certification that I have.

I have the PCNSA and a PCNSE. I've taken a lot of certifications in my career, but not every certification I've taken relates to more money or I'm doing this because my job is asking me to. It's more for my own satisfaction.

I don't put all my certs on the internet. I have a lot more than what I put out there for people to know.

[Kyser Clark] (14:45 - 14:46)

That's a lot.

[Pat Gorman] (14:46 - 14:52)

You have a lot listed on LinkedIn. I have about 97 total.

[Kyser Clark] (14:52 - 14:53)

That's crazy.

[Pat Gorman] (14:54 - 15:16)

Yeah. From every single one from when I started. That's including the Dell ones.

I have WatchGuard. I don't put those out there anymore.

[Kyser Clark] (15:18 - 15:23)

All right. Let's go ahead and dive into our wrap fire questions. Are you ready for the wrap fire round?

[Pat Gorman] (15:23 - 15:24)

Go for it.

[Kyser Clark] (15:25 - 15:52)

All right. For those who are new to the show, Pat will have 30 seconds to answer five questions. If he answers five questions in 30 seconds, he's going to get a bonus six question unrelated to cybersecurity.

Pulling on my stopwatch now. Pat, your time will start as soon as I stop asking the first question. Here we go.

Pat, do you think cybersecurity jobs are stressful?

[Pat Gorman] (15:52 - 15:53)

Yes.

[Kyser Clark] (15:53 - 16:02)

Have you ever participated in a bug bounty program? No. Favorite programming language?

Python. Favorite hacking or cybersecurity book?

[Pat Gorman] (16:06 - 16:09)

Probably the Red Team manual.

[Kyser Clark] (16:09 - 16:12)

Which country has the most dangerous threat actors?

[Pat Gorman] (16:12 - 16:13)

Romania.

[Kyser Clark] (16:15 - 16:40)

That was 21 seconds. That might be a record. I don't know what the record is, but that might be it.

That was fast. Great job. That was truly a wrap fire.

That might be the record. I think it might be. Here is your bonus question.

You can explain your answer as much or as little as you want to. Here it is. Is it okay to clap when the plane lands?

[Pat Gorman] (16:41 - 16:59)

Yes. Yeah. I guess we made it home alive or we made it to our destination alive.

So I think that's an important... I don't do it personally, but yeah. These days, they don't really do it as much as they did years ago.

But yeah, I think it's okay.

[Kyser Clark] (17:01 - 17:54)

Interesting. Yeah. So I've never witnessed anybody clapping when a plane lands, but I've only been flying around for six years now.

So I wasn't flying back in the day. But I think if I saw someone clapping, I'm going to mentally judge them. I'm like, the pilot just did his job.

That's what it's expected. Now, I thought about this as I was writing it for today's episode. And I was saying, I would clap if there was something crazy going on, like the wheel fell off or something crazy.

We almost died. We were close to dying. I would clap.

I would shake the pilot's hand and everything. But on a regular landing, I might judge a little bit. But I'm not going to say anything.

And I'm definitely not going to do it. But that's my opinion on the whole matter.

[Pat Gorman] (17:55 - 18:09)

Yeah. It's definitely not something that happens much anymore. But yeah.

Say 10 years ago? Yeah. People used to just clap and yeah.

[Kyser Clark] (18:12 - 18:37)

All right. So let's go ahead and talk about your most interesting response. And I think your most interesting response is, have you ever participated in a bug bounty program?

You said no, but you got certified bug bounty hunter. So are you thinking about getting into bug bounty hunting anytime soon or anytime in the future? Or is it kind of just you just wanted the web app training so you can do web app pentest?

[Pat Gorman] (18:38 - 20:28)

Yeah. So that's a really good question. So I never really truly got into bug bounty hunting like on HackerOne or any of those platforms.

I did the CBBH because I wanted to understand more web apps. And yeah, it was just like, okay. I went through the training and it was phenomenal.

But for me, I'm more of a visual learner and I like to listen and then do it. Obviously what hacked the box was really difficult because it's like a lot of reading. And like we said off air, reading is not my strength.

So it's like, okay, I want to listen and try to understand and then watch someone do it. That's how I learned better. And so that was a challenge for me, but it was really, really thorough notes.

And it was more to not so much do more web app testing. It's just more to understand when web app testers speak. So that's what it was more about.

Like I said, I've said this in my videos too, I don't do these certifications for more money or more clout or whatever you want to call it these days. I can do them and not even tell anyone. I do them more to give the advice to other people wanting to get this certification and what would it benefit them?

What would they get out of this? And yeah, so that was the reason. And am I interested in bug bounties?

Not really. That's not really my cup of tea. And I just did it more to create content more than anything, to be a hundred percent honest.

[Kyser Clark] (20:31 - 21:18)

Interesting. Yeah. For me, bug bounty, I keep saying I'm going to do it in the future, but I don't know if I actually will, because I feel like my schedule is so packed with everything I got going on.

And I don't know, maybe one day I will, but I think it's a good idea in theory for me. But in practice, I don't know if I can really get into it because I got a full-time pentesting job right now and I make content and I'm always training. But I was like, maybe at a certain point when I'm like, maybe in the future, stop going after training and just doing bug bounties.

But we'll see what happens with my career. But yeah, bug bounties, those things, it seems cool, but I don't know if it's for me, but I got to give it a shot before I can really be like, no, it's not for me.

[Pat Gorman] (21:19 - 22:17)

Yeah. No, a thousand percent. And what I would say from what I've heard is do it with a group of friends.

I think it's a little more exciting. And I got that information from Nomsec. So he was the one that's like, I'm like, hey man, if I'm interested, I'll hit you up and we can jump on and just like shoot the smack and go to town.

Sorry, I'm just getting over being sick too. But yeah, so definitely go out there and get with a group of folks. And I think that'll be better to do it like that than like, okay, let's jump into a program and jump into an app and do it all by yourself.

Especially if you never did it before, it's like, where do I start? That's just my advice for anyone that's out there that wants to get into it. But I'm not the right person to ask because I don't really, I'm not into that.

[Kyser Clark] (22:18 - 22:28)

Interesting. So for training and mentoring, what do you do and how do you help people with training and mentoring and how does that whole process with you work?

[Pat Gorman] (22:29 - 25:11)

Yeah, that's a good question. So I put out a course. I've done so much free stuff on like YouTube, right?

Like create so many different playlists from windows server to VMware to Cisco, whatever. And even like a little intro beginner pen testings type stuff. So I just wanted to put something together more like formal and people have been asking me for probably years just to like, oh, you should create a pen testing course.

And I'm like, I'm not any different than the next Joe Schmo. You know what I mean? Like there's so many good things out there.

Like, what am I going to bring to the table? You know? And this is interesting because I got a lot of, not a lot, probably about a half a dozen.

And I'll put it out there of, oh, you used other people's content. And at first I'm like, you know, this is, I learned it and I've done this for a couple of years. This is my methodology.

And a friend of mine said this, I brought this up to a friend and I'm like, yo, like some people just talk and smack. Like, and he goes, think about this. You think that doctor that you that's teaching that medical student at that med school learned it from where?

His med school, his med school. So they always learn the same thing and it's the same thing taught. So if you learned this somewhere else and you're teaching it, maybe someone relates better the way you convey that versus maybe Joe Schmo.

Right. And that really, really stuck with me. And I'm like, oh, so you don't feel like I'm copying or whatever?

He goes, no, because that's just, what do you think that person got it? You know, that person got it from somewhere, whatever. So it's like a trickle down effect.

And after I heard that, I was like, I bet. Like that's true. Like, I don't feel guilty anymore because I felt like some type of way.

I'm like, okay, like maybe someone's thinking I copied, but I'm like, this is just a way, like for an example, hacking AD. Right. You know, you should have to run responder.

You have to capture a hash. You have to crack this hash. You have to pass this around with net exact of crack.

You know, you have to do this regardless. Right. So if I teach it, you teach it, Joe Blow teaches it, it's probably going to be in that same sequence.

Right. Unless I'm, you know, so, and after that, like, you know, I really, I really put my step, put my foot forward to present it and put it out there. And that was more of the course.

And what was the second part?

[Kyser Clark] (25:13 - 25:17)

I just asked, like, how do you do your training and mentoring and how does the mentoring?

[Pat Gorman] (25:18 - 28:01)

So yeah, like the training, that's pretty much how I got the training. Cause I have like a beginner, a junior penetration testing course on, on teachable on my site and the mentoring. All right.

So I don't like, and I've said this a million times, I don't like asking for money, money. I'm famous out there. I'm doing all right.

You know what I mean? I, I, but family is so important to me, right? Like I have a daughter, I have a family, but when I'm spending, when I used to like say, oh, I'm going to do, you know, get a calendar.

Oh, like, you know, hit me up between these hours. This is when I'm free. And I'm waiting on a, on a chat or on a meeting and no one shows up without even like, yo, I just stepped away from my kid to sit in his office to talk to you.

And you just like a no show after that happened about like 10 times that happened to me a lot of times. And I'm like, yo, like my time is more valuable. Like if you don't want help, you can have the, you know, you can at least tell me and have the audacity to be like, yo, like I'm busy.

Sorry. You know, just like I did with you, you know, I wasn't, you know, things didn't line up the first time I was like, Hey, like, can we just schedule this? And, uh, and then I was like, you know what?

Like, how can I get serious people? If someone wants to talk to me, like, I don't need your money, but at the end of the day, time is time is money, you know? And, and that's when I started saying, okay, I want to put something in place.

If you know, not just like, I want to talk to you for an hour, be, be, you know, be your, your therapist, you know, like I want to actually give you value. Like, okay. So that's when I was like, okay, I have a whole program and I have something I've written.

You know, I don't really advertise that I only add, you know, I only give it to the people that actually come into the program. I don't, I don't really put that out there because it's not in no one's business unless you're serious. So that's how, you know, that, that's why I came up with the mentoring and like one-on-one coaching, whatever you want to call it.

Um, and I was doing it with, uh, hack smarter with Tyler as well. And the same thing happened. So when you do stuff for free, people don't value it.

That's the God honest truth. It's like, Oh, like, Oh, it's a placeholder. I'll just do it.

And if I'm available, I'll show up. If not F him, you know what I mean? And that's when I was like, yo, you know what I mean?

I'm just, when I'm, you know, I want to put on when I'm available, you know what I mean? Like I say on, on the holidays, I'm not even, I'm not even trying to do that. So that's pretty much how I got into it and why I do it.

[Kyser Clark] (28:02 - 28:45)

Yeah, that's a great point. And I, I think the same approach of training, I, I almost exclusively only study things that cost me money because when I got skin in the game, I'm more likely to pay attention to it. You know what I mean?

And when you talk about your training that you made, you know, like things click with different instructors, click with different people. And, you know, I've had experience with that. Like the first time I was like learning Linux was not clicking and it was a free course, by the way, I was like, I'm just going to do this free Linux course.

And I was like, am I dumb? Like, I don't understand why this guy can't, like, I don't understand this at all. And then I went and did the Contia Linux plus, and I did a CBT Nuggets course for that.

And it changed everything just because the- Sean Powers.

[Pat Gorman] (28:45 - 28:46)

Sean is awesome.

[Kyser Clark] (28:47 - 30:06)

Sean Powers. Yeah. Sean Powers' personality was so good.

I was like, dude, I love Linux. This is amazing. And that's how I learned Linux because of a instructor change.

And, you know, one instructor, you know, might resonate with me, but might not resonate with you. There's been people that they say, hey, I love Professor Messer. It's the greatest thing for me.

I, Professor Messer doesn't resonate with me. He's, you know, he's trying content, but for me, it doesn't click, you know, so it's important that, that we have a lot of options for, for training and for, for YouTube videos too. Like, you know, there's, there's all kinds of videos on different topics.

And, you know, the way you say something is different than the way I say something and it's going to resonate with different people. And I just experienced that recently. I did, I got OSWA certified and I got PWPA certified very recently.

And, you know, I'm going through each courses and it's the same kind of content, but they do it in different ways. And there's things that click here that don't click there. And, you know, I'm doing one course and I'm like, dude, why didn't the other course say it like that?

You know what I mean? And it clicks differently just because of the instructor. So I say the more the merrier, the more training out there, the better, because you never know what, what's going to resonate with people out there.

[Pat Gorman] (30:08 - 30:59)

No facts. Yeah. Sean, that's where I started my career with CBT Nuggets.

And I know Keith Barker. I know Sean Powers. There, you know, some, I don't know who's up there now.

I know Sean and Keith obviously, but like Jeremy Chara that did all the Cisco training, CCNA, CCNP. He's not with them anymore. He doesn't, I don't think, train with them.

But yeah, like you, if you have that energy and you just like, you have that, like being intrigued and just being like, pay attention. It's like, if it's someone like Professor Messer, which he's awesome, but he's very dry, he just like reading off of, you know, it's like, no, it's like, you want to go to bed, you know, but if you keep it energetic and, you know, you keep it in entertaining, it's definitely going to be more, you're going to be more in tune.

[Kyser Clark] (31:00 - 31:38)

Yeah. And I was trying to show you Professor Messer, like there are a lot of people that love his content. It's just, you know, it doesn't resonate with me, unfortunately.

And that's okay, I think. Absolutely. So one thing I want to talk to you about is burnout.

So what do you do to protect yourself against burnout? And what are some strategies that other people can use? You know, if they're experiencing burnout, or if they haven't experienced it, like, what are some tips?

Like, what can you do to, I don't know if it's even, it might even be impossible to prevent entirely, but I'll let you talk about that for a minute. Like, what can you do to avoid it?

[Pat Gorman] (31:38 - 34:36)

Yeah, so what I do personally, I, for example, these, probably like last month, I got sick. And then, for example, right, I was a part of the advert of cyber for TriHackMe. I was burnt out.

I'm like, the only way I want to get really driven to want to do this is if I take a break. Right. And I took a break, I saw some family, I traveled.

And I came back. And, you know, it sucks because I wasn't a part of it. Because I had some problems in my room, I was day three, and Tyler Ramsey took that.

So it was a really good, good thing that we have someone for backup. But what I did is like, I disconnected, I disconnected. And when I disconnect, like, some there's pros and cons to that, right?

Especially being a content creator and doing all this stuff, because it's like, you know, hockey seasons, you know, I play hockey, and we were talking about that. And it's like, hockey is way more important to me than creating a video. That's the God honest truth.

I want to keep it a buck. You know what I mean? Like, if it's either hockey, or sit in front of a camera to see my ugly face, I'm going to I'm going to go check some people.

So that's what I ended up doing. Like I, I ended up just like disconnecting and just like, not doing anything on the computer. And even still, like, you know, I just got over being had a really, really bad flu.

So I was sick for like, almost two weeks. And then I got went away. And then like, just around Thanksgiving, like after that is like came back.

But yeah, that's pretty much what I did. And just disconnect. And I don't think you're ever going to be 100% away from it, per se.

But I think that's definitely a good way to go about it. And that's what I do. Everyone, you know, maybe someone likes to go punch the wall.

You know what I mean? Like this, you know, that's how they, you know, want to take their whatever out. But yeah, burnout is definitely a real thing.

And, you know, disconnected. Oh, that's what I was gonna say. There's pros and cons to it.

Because it's like, when it's like, okay, I, you know, the last video I did was like nine days ago, before I did a Windows Server 2025 video on my channel. It was just like, as we don't, at least for me, like, when I'm not doing it, it's like, I get less motivated to do it. As the time goes on, it's like, like, when you're in the mix, when you're in the groove, it's like, oh, I can't wait to do this next video.

But once you disconnect, it's like studying, right? It's like, oh, I'll study next week. I'll do it.

I'll do it next week. Next week comes around one more week. So you just have to be careful for that too.

And yeah, that's pretty much my advice in my TED talk for that.

[Kyser Clark] (34:38 - 36:13)

Yeah. So when I was getting out of the military and coming in to my civilian pen testing role, you know, I honestly, I was like, man, how am I gonna get burned out? Like, I love this stuff.

You know what I mean? Like, I'm like, this is great. Like, I, how can I get burned out on a job that I choose?

Like, before, you know, I worked in oil refinery and stuff that burned me out because I had no passion about that. I just did that because I needed a paycheck because I needed to pay bills. And I was like, how can I get burned out of a job that I chose to be in?

You know what I mean? But now, now I got my career going on. I'm like, oh, I get it now.

Like, you got to take time away from the keyboard. And I actually, I said this in one of my recent videos, like, I finally bought a TV for the first time in 10 years. And I intentionally, like, just go play a video game for an hour every day.

I went so long, because I was a huge gamer before I joined InfoSec. And then I stopped because I was like, I have to put in the hours of studying, because if I don't, then I'm never going to make it into the field. But now that I'm here, and like, you know, I got out of the military and stuff, I was like, all right, I can kind of let off the gas a little bit.

Because if I don't, I'm going to burn myself out. And I'm going to hate this, you know. And I mean, I'm experiencing a little bit, but you know, I got I'm trying to figure out, you know, like I said, play video games and go go.

I've been working out a lot more to that that helps a lot too. So you just got to figure out like, what works for you, whether that's a run or walk or, you know, hang out with your family that I've been doing that more now that I'm out of the military, you know, dude, I went six years without having a Thanksgiving with my family. This is the first time I had Thanksgiving my family and for six years, so that felt pretty good.

[Pat Gorman] (36:14 - 36:14)

Awesome.

[Kyser Clark] (36:15 - 36:15)

Yeah.

[Pat Gorman] (36:18 - 37:47)

Yeah, family is important, man. Family is always number one. That's in my opinion.

That's I always choose that. Like I said, I'll hang up the mic tomorrow. If if my family says, you know, it's either me or those videos.

Love you guys. See you, you know, better luck next time. But, you know, I think it's it's it's good to have a happy balance, you know, to have a balance.

And this is what I want to try to do next year is have more of a schedule. You know, I have my thirsty Thursdays. I do, you know, my little thing on Thursday nights at seven.

Even with that, like I moved to a new house. So it's like, oh, I can't wait to get my new office set up. It's like, no, one week past, two week past.

I'm like, shit, like, I don't really want to do this right now. Like, I'd rather just like hang out on a Thursday, watch a hockey game than like, you know, because hockey's at like usually like seven, seven thirty EST. So it's like, man, I'm missing like a range of game or whatever. But, you know, having a schedule to no matter what, like if it's your.

If you're doing content, if you're trying to learn something new, having a regiment is super important to keep you on track without that that burnout, too, because then you can say, OK, today I want to do X, Y, Z, and then the rest of the week I want to go work out or spend time with my family. As long as you have your your things carved out, I think that'll be a good idea as well.

[Kyser Clark] (37:49 - 37:59)

Yeah, I agree. So, Pat, we're running out of time, unfortunately, and I got to ask you the final question, which is, do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share?

[Pat Gorman] (38:01 - 39:50)

Hmm. I don't think it's really hidden wisdom or anything like that, but I think the most important thing for if you're looking to get into cybersecurity, if you're looking to build your career in this field, the most important thing, in my opinion, is networking. No matter how much skills you have, if you don't know folks, if you don't really put yourself out there, you're not going to get anywhere, especially this field is so tiny.

You know what I mean? Someone will know someone. So you don't have to put your face like, you know, like us on a camera, but just like maybe do write ups, go right up on Medium, on LinkedIn, just connect with folks.

And that doesn't mean just like, you know, hit connect to every single person because, you know, like if you don't come at me with purpose, I'm going to decline you. That's the God honest truth. Like I decline probably 50 people every day.

Just because you connect doesn't mean I want to connect with you. Just have something like, and don't say, Hey, I need help. That doesn't really, you know, that doesn't really not going to help you out.

But yeah, just, you know, network with folks, go to conferences and any way to break into the field. There's so many avenues today versus even 10 years ago, there's no excuse not to do it. And like you said, like if you're super, super passionate about it, you know, maybe it's a double-edged sword.

Like sometimes I don't feel like I'm even working, but at the end of the day, that can be bad because it's like, Holy moly, it's 10 o'clock at night and I'm still working. And where's my time for my family and friends. So sometimes you can go so, you know, balls deep into something and it's like, Oh man, how can I get out of here?

So, you know, just make that time and divide and conquer and you should be okay.

[Kyser Clark] (39:53 - 40:37)

Yeah. Yeah. I feel that.

I agree with you there. And yeah, networking is really important and that's, it's a lot easier than you think it would be, because like you said, the field's tiny and like, you can connect with people pretty easily as long as you, you know, offer value to people. Cause like, you know, I get a lot of messages too, and you're like, and they're just like, Hey, and I'm like, well, why did you just send me?

Hey, like come at me with like something, a question, something like, you know what I mean? So that's, you got to do it the right way. There's, there's good ways and bad ways.

And unfortunately, I don't have enough time to talk about all that, but we'll leave it at that. So Pat, we thought about your YouTube channel, where else can the audience get ahold of you if they want to connect with you?

[Pat Gorman] (40:38 - 41:08)

Yeah. So, you know, obviously you can connect with me on LinkedIn, uh, Patrick Gorman on LinkedIn and pretty much InfoSec Pat pretty much everywhere, right? Like on, you know, my YouTube channel is InfoSec space Pat, uh, InfoSec Pat on Instagram, Twitter.

I think that's pretty much all I use and, uh, Instagram, Twitter, LinkedIn, and YouTube. I don't do, I have a Tik Tok. I don't know.

It's InfoSec Pat, but I don't even know how to use Tik Tok. But, uh, yeah, that's pretty much it.

[Kyser Clark] (41:10 - 41:39)

Perfect. And audience, the best place to come to me is LinkedIn and my website, KyserClark.com. Thank you so much, Pat, for taking your time and being here and offering value to the audience.

And, uh, yeah, thank you so much for your time and attention. Likewise. Thank you so much.

And audience, if you haven't shared a show, hit the share button, share with your friends. If you found value in today's episode and hopefully I'll see you on the next episode. Until then, this is Kyser signing off.