(0:00 - 1:03)

That's his plan. He flat out said it. He's like, yeah, we're going to bring in this AI, we're going to train it, and it's going to basically do the work of an intermediate developer, an intermediate engineer.

And that's his goal. Why does he want to do that? Well, AI labor, it's a heavy investment out front. However, long term, it's going to be cheaper because human labor is very expensive.

It always has been. I think it's safe to say, like, yeah, these tech giants, these tech billionaires, they want to replace you. Hi, I'm Kizer Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time.

Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Thank you so much for tuning in.

(1:03 - 3:39)

Today, we have another Q&A episode. And if you don't know, Q&A episodes is where you, the viewer slash listener sends me questions to answer on the show. And if you want to submit questions for the show, there are multiple ways to do it.

The first and best way is to leave a comment. The next way is to join my Discord server and then find the channel where you can submit questions for The Hacker's Cache podcast for the Q&A episodes. There's a dedicated channel for that purpose.

And then the last way is to email me at kizer at kizerclark.com. I'm looking forward to your questions, and I'm looking forward to answering your questions, because once you submit questions, it helps out the entire community. So not only do you get information that you're looking for, but there's a very good chance that someone else out there has the same type of question as you, and it helps out the entire community by doing these episodes. So definitely submit questions if you're having any.

Don't be shy. For those who are new to the show, there are multiple types of episodes for The Hacker's Cache podcast. So this is one type of episode, Q&A episodes.

The next and most common type of episode you will encounter for The Hacker's Cache podcast is guest episodes, where I bring in an expert in ethical hacking and cybersecurity, and I have a conversation with them, and I try to learn from them myself, and I try to ask questions that will help you, the viewer slash listener, grow in your ethical hacking and cybersecurity career. Last but not least, I also do solo episodes. These are more rare.

I only do those once a quarter, and in those episodes, I just talk about a topic that I feel like talking about that day that I believe will help out the community, help you, the viewer slash listener, out in a way that I think is best, and just have a discussion, and sometimes it's a rant or whatever I feel like talking about. So solo episodes are kind of like a wild card, really. With that out of the way, let's go ahead and dive into these questions.

So the first question is, do you think an OSCP can benefit one with getting a threat hunter position? And I think the quick answer here is yes, absolutely. Mainly because OSCP is a very recognized certification, and it is for offensive security professionals, and that's what it's geared for. However, a defensive cybersecurity professional, such as a threat hunter, a cybersecurity engineer, can greatly benefit from an OSCP.

(3:40 - 6:40)

For one, like I said, the recognition, but not only for the recognition, but the skill set. You're going to be able to think, not only think like a hacker, but you're going to be able to do like a hacker. You're going to have a real technical skill set.

You're going to be doing exploits, and exploiting machines, and you're going to know how to do so many different types of attacks yourself. And when you know how to do different types of attacks yourself, it helps you defend your network. It helps you hunt for threats within your network.

It helps you, you know, go through the logs. Like you're going to be able to find what sketchy activity is, because you've actually done those exploits. So, because of that, the OSCP can definitely benefit you, and I would highly recommend it to any cybersecurity professional.

I typically don't say, I typically don't recommend OSCP for cyber defenders, because it's not necessary. You don't need to have offensive security skill set to break in as a cyber defender. However, it helps you stick out tremendously, and it makes you a really good cyber defender.

So, if you want to get OSCP as a threat hunter, go for it. You can have nothing but gains, and I highly encourage you to do it, because offensive security skills are hard to come by, right? Not all defenders have it, like I said. It'll definitely help you stick out, and help you defend your networks.

I'm excited to announce that memberships are now live for my YouTube channel, and if you decide to become a member, you'll get early access to videos, access to member-only polls, loyalty badges for the YouTube channel chat, and priority reply to the YouTube comments. Of course, if you can't or don't want to become a member, that is totally fine. I will always release the same free content you've come to expect, and your support, just by watching, is more than enough to keep the channel going.

But for those who do join, your contribution helps invest into new tools, technologies, and people to help the channel go further. The goal is to create even more content, and raise the quality of every video, for everyone. Thank you for considering memberships, and as always, thank you so much for your support.

Next question, what are your thoughts about AI? Do you think this will reduce jobs in cybersecurity? Is it still worth to learn it, to earn money from it? So this is a really interesting question, because I actually already answered this question in the YouTube comments, because this is a YouTube comment question, and I replied to that answer. In a way, I replied it. I said, hey, check out my AI video.

I made a dedicated AI video with my thoughts on AI, about specifically talking about, is it going to take cybersecurity jobs? And in that video, I pretty much said, you don't have nothing to worry about. I said, you know, maybe the entry-level jobs are going to get replaced in the next five or ten years. And then I said something like, you know, intermediate jobs are, you know, maybe 20, 30 years from being replaced.

(6:41 - 9:03)

And the expert level stuff probably would never get replaced, because AI just might not ever get there. And that was kind of my opinion, but my opinion recently changed. And you're allowed to do that, by the way, because for one, that shows that you're growing as a person, and for two, this deal is constantly changing and evolving, especially with AI.

So if someone has a hot take about AI yesterday, and they changed their mind in four days, like, let them be, man. Like, AI changes so much. So I'm changing my opinion a little bit.

And the reason why I'm changing my opinion is because I got new information. I saw a video with Mark Zuckerberg. He actually, it was the podcast where he went on Joe Rogan and started talking.

I didn't watch or listen to that entire episode. I actually don't listen or watch Joe Rogan, who is the GOAT podcaster, which you think I would listen to him because he's a GOAT podcaster, and I'm a podcaster. I have a lot to learn from him, to be honest with you.

However, I just don't. And anyways, I saw a clip, though, because I am on social media, and I do see clips of the Joe Rogan experience quite a bit. So I saw the clip.

And basically, it was Mark Zuckerberg basically saying that, like, at Meta, which is the parent company of Facebook and Instagram and I think WhatsApp too, right? Man, they own a lot, threads, all these different social media platforms. And Mark Zuckerberg is bringing AI, obviously. And as someone who's a tech giant, someone who is a leader, a leader in tech, they're highly interested in AI.

And not only are they highly interested, they have a heavy, heavy, heavy, heavy influence on the way AI is going to go in the future. You know, people like Elon Musk, Mark Zuckerberg, he is saying that he's using AI to replace mid-level engineers at Meta. Like, that's his goal.

That's his plan. He flat out said it. He's like, yeah, we're going to bring in this AI, we're going to train it.

And it's going to basically do the work of an intermediate developer, an intermediate engineer. And that's his goal. And you gotta ask yourself, like, why does he want to do that? Well, AI labor, it's a heavy investment out front.

(9:03 - 9:52)

However, long term, it's going to be cheaper because human labor is very expensive. It always has been. So with that in mind, like, I think it's safe to say like, yeah, these tech giants, these tech billionaires, they want to replace you.

They want to get rid of you. They want to replace you with artificial intelligence. Because it streamlines, you know, whatever goals that they're doing for their business.

Because AI doesn't need to take breaks. AI doesn't complain. AI never takes sick days, never calls off.

AI doesn't leave the company to go for another company. It doesn't ask for a pay raise. And all these things that humans do, AI don't do.

(9:52 - 10:13)

They just work. And that's what an employer wants. They just want a worker to be.

They want you to shut up and do the work. So I think AI is definitely a threat to the middle class worker. Like, people like you and me, assuming, I would say most audiences are probably middle class.

(10:13 - 11:01)

If you're a tech billionaire listening to this podcast, definitely reach out to me. And we'll have a discussion. I'll bring you on the show.

But yeah, like, middle class people, like, we have a lot to worry about here. And I, like I said, in my video I made, if you want, man, it's been almost a year since I made that video. I said, yeah, we don't have much to worry about.

As long as you're learning, you're growing, and you're growing your skill set, you don't have much to worry about. You have, what you should be worried about are the people who are learning how to use AI, not AI itself. But like I said, I saw a video with Mark Zuckerberg saying, yeah, we want to replace mid-level engineers.

You're like, well, dude, that's what I am. I'm a mid-level penetration tester. You know what I mean? So there's a lot to worry about here.

(11:02 - 15:08)

And if you are scared that you're going to get replaced, then I think you should be. And that's healthy, though. Like, I'm not saying, like, use that fear to make it away.

Like, don't, like, don't leave the field. Don't quit your job because they are going to take over inevitably. No, that's basically me saying, like, keep growing your skill set and start doing the things that AI will never be able to do, like human instinct, human intuition that can never be replaced, at least not for a very long time.

And the goal really is for people who are listening to this now, is to really just survive until you can hit retirement age, which I think most of us can do. Now, the generation behind us, you know, the kids of modern day who aren't professionals, that aren't thinking about their career, they have a lot of challenges because they're going to be significantly behind, right? They're going to become adults, and they're not going to be able to come close to what AI can do. So I don't know, man.

It's kind of scary. I feel like AI is going to start replacing jobs. And it might be for the worst.

And I have been a huge fan of AI. I definitely use AI myself. I use chatDBT for so much things.

Like, for example, like, this show, I use AI to help launch a show. And I'm not going to say it was, it would have been impossible, wouldn't have been done without it, chatDBT. But it significantly made the process faster.

And I think it made it better. So I use chatDBT all the time. So I'm not anti-AI, but I just, I do think you need to be careful when it comes to staying stagnant, right? If you're not growing your skills, yeah, you're going to get replaced.

And it came right out of Mark Zuckerberg's mouth. So, and then the last part of that question, is it still worth to learn it to earn money from it? Absolutely. Yeah.

Like I said, if you're not going to, my opinion was you're not going to get replaced by AI. You will get replaced by someone who knows how to use AI. And I still think that still applies.

So you're going to get replaced by those people that know how to use AI and you get replaced by AI itself. So if you're not learning how AI works, you're not growing your skill sets, yeah, you're, it's definitely worth learning it. And when you learn it, yeah, you can earn money from it.

Whether that's a job or a business that you might want to start or maybe you want to create something that you can sell, whatever it is, like there's a lot of money in AI, but you need to jump on the bandwagon sooner rather than later. Okay. That's enough reading about AI.

Hopefully that helped people out there. Next question. Do you think there are more jobs in web app or network pen testing? Right now I would say there's more jobs in web app pen testing by a little bit.

I definitely feel myself on more web apps lately than network pen tests. As for those who don't know, I do web apps and network pen testing, which is the ultimate way to stand out in this field, in my opinion, because I can do both and it offers my employer a lot of flexibility with the products they put me on. But when it comes to, you know, network or web apps, I think web apps pop up a little bit more often.

And furthermore, if you aren't working full time, you can get into bug bindings and you can do that freelance. You don't even need a employer. You can just work for yourself as a bug bind if you're good enough.

And even if you do have an employer, you can do bug bindings on the side and make an extra additional income. So web apps, there's way more opportunities out there, in my opinion. But if you learn both, then that is undefeated.

But the con of learning both is you're not going to be an expert in either one of those. So, for example, you know, I do network pen testing. I know how to do web app pen testing.

(15:09 - 16:54)

But because of that, I'm not an expert in either one of them. And I might struggle on bug bindings more than someone who is dedicated only to web app pen testing, if that makes sense. So that puts me at a disadvantage when it comes to like bug bindings, which is why I don't do bug bindings, because it puts me at a disadvantage.

But the pro is that, you know, I'm very valuable to employers for full time work, which is something that I'm personally more interested in. Moving on to the next question. This one's a long one.

So just let me read this and we'll dive into it. It's a multi-stage question here. I got rejected for my very important internship.

It was a very good opportunity and I failed at the very last stage where only three out of nine contestants were accepted. I have now hit a quote unquote motivational wall and I only want to keep moving forward with some projects. Hack the Box training and in a couple of months finish CPTS.

That's the Certified Pen Testing Specialist from Hack the Box for those who don't know. I am very skilled in entry level requirements for penetration testing, but that's it. What would be your specific short tips for a guy in my position? Once again, I've already answered this question in the YouTube comments, but I'm going to dive into it a little bit deeper and maybe provide a different perspective because I answered this one a while ago, a few weeks ago.

So here's what I would say. You can't hit a motivational wall, especially after getting rejected. You're going to get rejected.

It's inevitable. And my advice is you can't quit, right? If you quit, if you stop looking for a job, if you let one rejection kill your hopes and dreams, then that's exactly what it does. It kills your hopes and dreams.

(16:55 - 18:24)

If you want to be a penetration tester, it's never going to happen if you don't keep moving, keep pushing on. You have to be resilient. It's a vital skill.

And that's why I talk about never giving up. We talked about it multiple times on this podcast. You can't quit.

And if you quit, it's never going to happen for you. So that's the first piece of advice I would say. The next thing I would say is keep applying and network within the field and keep growing your skill sets.

Do everything you can. And ultimately, I talked about this in, I think it was my last solo episode. It just comes down to who wants it more, man.

It's a competition. That's what my last solo episode was all about. It's a competition.

And you're in competition with other people. Like you said, three out of nine contestants were accepted. So nine people competed and only three people won.

Most of the time, only one person wins. And there's hundreds of applicants. So it's really hard to get in this field.

And like I said, it's a competition. And you have to approach it as such. And the more you do, the more you stand out, the better off you're going to be.

And that's why I spend so much time on my career. I'm studying, making content, and I get tons of certifications. And I read about cybersecurity all the time.

(18:25 - 19:29)

I'm consuming cybersecurity content, and I'm doing everything I can. And it takes a lot of sacrifices. I don't have the best social life.

My apartment's not the cleanest. My hobbies take a backseat. I'd like to play video games, but I don't because there's work to be done.

I don't watch Netflix. I've been wanting to watch Squid Game season two. I love the season one, but I just haven't gotten to Squid Game season two.

I think it's been out for a month now. I haven't even dove into it. I don't even have a Netflix subscription, by the way, or Who's subscription or any of that because it's all distractions.

And I recently blocked YouTube on my web browser because I get sucked into the YouTube algorithm by watching content that doesn't help me out. It's just junk content. It's entertaining.

That's why it's distracting because it's fun and interesting to watch, but it's not making me a better cybersecurity professional. So that's my tips. Cut the distractions and keep on keeping on.

(19:32 - 22:39)

And then last question. This one is also very long and multi-stage. So let's go ahead and let's just dive right into it.

I'm actually trying to break into the field after 15 years in a completely non-IT role and have completed the Google Cybersecurity Cert and the Google AI Essentials Cert and currently studying to take the CompTIA Security Plus exam, hopefully by the end of this coming week, depending on how ready I am by. But that's schedule so far. I've not worked in cybersecurity yet.

I hope to get a job into it soon, hopefully, and still weighing my options as to which route I want to take in my career. Currently, though, the consulting route seems to be on my immediate interest, but I'm leaning towards purple teaming and cloud as more of an end goal. I'm thinking of possibly taking the TCM PGPT course and exam as my next step, not only to boost my resume, but also skill set.

All while doing TryHackMe labs, I want to know your thoughts and get your input, please. And I would say you're on track. You're doing everything you can.

You're on TryHackMe. You're getting your certifications. I would say, you know, anything else you're not doing is networking.

If you're networking, good. But if you're not, I would start doing that. Get on LinkedIn.

Start posting. Every time you complete a TryHackMe room, post on LinkedIn. Every time you get a certification, post on LinkedIn.

And when you do that, people take notice and they will send you a connection request because people like connecting with knowledgeable people. And the more knowledge you have, people like to connect with hardworking people, too. So the more knowledge you have and the harder you work, the more likely people will want to connect with you.

And that's been my strategy for success. Just gain more knowledge and just keep working, dude. Like, that's it.

And that's how I just recently passed 20,000 subscribers. Sorry, not subscribers, 20,000 followers on LinkedIn. And all I do is just learn cool stuff about cybersecurity and talk about cool stuff that I learned.

And that's that's the formula for success. And if you just keep doing that every day, day in, day out, don't take breaks. Don't let things distract you.

Now, I'm not saying you can't enjoy life. Like, don't get wrong. I've enjoyed some life.

But, you know, it's my career takes priority and there is some sacrifices there, right? Like I already said. So, like I said, you're on you're on track. Now, when it comes to consulting, I would say consulting is probably the hardest part to get into, in my opinion.

Consulting is the hardest jobs you get into because consulting firms, they only sell products and services, typically services when it comes to consulting and cybersecurity. They only sell when they look better compared to their competitors. And the way they look better compared to competitors is they have a lot of experts.

(22:41 - 23:43)

And so consulting firms have very high standards for the people who work for their company because they hire the wrong person. They can destroy a relationship with a client or they could, you know, mess up a network or something. So consulting, I would say, it's probably the hardest thing to break into right off the rip.

I would say the easiest thing is probably a stock analyst. That's the most common job. There's more blue teaming, cyber defense jobs out there than there are like penetrative testing, red teaming, offense security jobs out there.

So I would say the easiest way and I say easiest, not lately, because nothing is easy about breaking into cybersecurity. But I would say out of all the hard jobs you can get into in cybersecurity, I would say stock analyst is probably the easiest because there's a lot of positions available. Well, I don't want to say there's a lot of positions available, but there's more stock analysts, cybersecurity positions available compared to other positions, such as penetration tester, for example.

(23:45 - 25:04)

And I would say the bar is a little bit, quite a little bit lower, right? They're not, they don't expect you to have as a bunch of knowledge, right? You just need to be able to work a seam and go through logs and escalate tickets. It's kind of the skillset you need in a nutshell. And I've seen tons of people landing stock analyst type roles without having a hands-on certification.

But when pen testing, like if you don't have a hands-on certification, like you can pretty much kiss your pen testing hopes and dreams goodbye. You need to have some sort of hands-on cert for pen testing. So that would be my recommendation if you're trying to break in, go through a stock spot.

I didn't do that, but at the same time, I was already in cyber defense operations in the military. And my reason why I got out was because I wanted to become a pen tester, but I would have never went straight to pen tester if I didn't have six years of cyber defense operation experience, right? That was a huge advantage coming out of the military. And that's why I went in the military to begin with, because I didn't know how to get in this field.

And that's why I made the content that I do is to help people break in this field. I thought I had to go to college, which I didn't want to do. And the only other option was the military.

(25:04 - 25:46)

And I went into the military. Well, that's not your only options. I thought at the time, back in 2017, I thought that was my only option, but now I know way more, which is why I make content that I do to help people who used to be in my shoes.

And then he said, I'm leaning towards purple teaming and cloud as more of an end goal. So purple teaming, I would say purple teaming, it's probably not as many jobs for purple teaming because purple teaming is more of a activity where blue teamers, red teamers work together on the same project. And I would say not that many people are well versed in both of them at the same time.

(25:46 - 28:46)

Like I said earlier in this episode, if you do have both skill sets, offensive and deceptive skills, it's very rare and it definitely makes you stand out, but it puts twice the amount of pressure on you. You have to put in twice the amount of work because you're learning two different disciplines. So purple teaming is definitely going to be a hard endeavor.

Cloud, on the other hand, I would say it's probably a little bit easier because cloud engineers, cloud security is in very, very high demand. And if you want to go like cloud engineer and not the security route and you just want to configure cloud assets, there's very high demand for that. And the pay is really good too.

Matter of fact, I would say a lot of cloud engineers make more money than cybersecurity professionals. So if you're interested in boosting your salary, cloud engineer is a really good option for you, especially if you like building and configuring things and making things work. Connectivity, it's almost like a network engineer, but in the cloud.

So definitely a viable option. But for cloud security, same thing. I would say probably less jobs out there for cloud security, but I would say it's like medium demand because everyone's putting everything in a cloud now, but they want to secure it.

So it's definitely an option. I haven't looked into cloud security by itself. I do have cloud experience and I do have a cloud certification, but I haven't really specialized in the cloud all that much.

So I'm not too oversight in that one, but I do know that there is a lot of demand in the cloud and it's definitely might be a good, good option for you. And then continue on with the rest of the question. I'm thinking of possibly taking TCMPJPT course and exam as my next step.

Yeah. I mean, that's a good option. If you want to get into consulting for sure.

Yeah. Like I said, you need some kind of hands-on office security certification. The TCMPJPT is a great start for that.

By the way, if you are listening or watching to this episode, definitely check out my, how do we call it? Pentester Roadmap. It's a video that I released not too long ago. And it's actually my second most video watched video at the time I was recording.

So it definitely was a hit and has a lot of information and pretty much what I would recommend if you want to become a penetration tester. So, and PJPT is in that list. I would recommend that one as a first step after you get out of the multiple choice certification, which looks like you are.

You could, you could also do like a Pentest plus in between security plus and PJPT. Definitely not mandatory, but it could definitely help you out with the PJPT, but you can skip it if you feel like you can skip it. Pentest plus isn't crazy vital to the resume.

(28:47 - 28:53)

And then he says, all while doing try hack me labs. Perfect. That's literally what I recommend.

(28:53 - 31:20)

Like study your certifications, do one hour, try hack me on the side and just post about it. Every time you complete try hack me on the side, post it. Every time you get a certification, post it.

And then connect with the people. Send people connection requests that you want to connect with and, you know, accept other people's connection requests when they connect with you. People are, people, there's, there's advice out there that says not to connect with strangers that you don't know.

I just, I'm not a fan of that because I've had many connections by people I don't know who gave me wonderful opportunities. Matter of fact, that's how I got my current position. I, like I said, I accept all connection requests and it's funny as I got 300 connection requests just from the last meme video that I posted.

One of my meme videos went viral and I got to sit there and connect with 300 people. I got to hit the button. But anyways, I don't remember connecting with this person because I just simply accept everything.

And that way people can hit me up in the DMs with opportunities. If people can't send you a DM, then that's, they can't hit you up for opportunities. So that's my advice.

I mean, it's definitely goes against the grain, but you know, I also have a lot more followers than most people and it's been working out for me. The biggest con to that for me is you get a lot of junk, right? You get people would dive in your DMs with opportunities that you don't care about for one. And then for two, um, your feed on LinkedIn isn't good either.

Like you'll screw it out and you'll just see people posting off things that don't even, they don't even care about because you connect with everybody. Um, so you're going to get a lot of junk content. Uh, cause not everybody shares valuable content on LinkedIn.

And the more connections you have, the more people you're connected with, the more your, your fee, your LinkedIn fee is just filled with things that don't make you better. But I don't think LinkedIn is like scrolling through the feed is the best way to really learn about the field. So I don't really, I don't like scrolling anyways.

Like I said, I, I try to stay off social media as much as I can because it's just a distraction. So that's a con, but at the same time, um, you know, you're less likely to doom So that's a pro on a way to, and I think that's pretty much all my things I want to say for that last question. So hopefully you guys get some value out of this.

(31:20 - 31:42)

If you did leave the video, like if you're watching on YouTube, subscribe to YouTube channel, if you have already. And if you're on audio, do me a favor, leave a five-star review on Apple podcasts or Spotify, whatever platform you're on that would help out this show tremendously. And then the thing that will help out the show the most is just share this episode with a friend.

(31:42 - 31:57)

If you got some value out of this episode, you learned something, change your perspective, definitely share the show with your friend. Thank you so much for watching. And I, hopefully I will see you in the next episode until then this is Kaiser signing off.