In my opinion, burnout isn't all bad because you want to push yourself, and if you don't push yourself, then you're not going to know what you're capable of. And when you hit burnout, okay, you understand what you're capable of. You push yourself to the limit.

That's good. And every time you push yourself to the limit, guess what? You get better. Right? It's like going to the gym and you're lifting weights.

You go to failure. And that's how your muscles get bigger. It's the same thing when it comes to your training and your brain.

Yeah, you're going to hit burnout, but then once you recover, you're going to come back so much stronger. It's not fun to go through it, but like I said, every time I fight through a series of burnout, I come back better than ever. Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time.

Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Hello, hello.

Welcome to the show. Today, we have another Q&A episode where you, the viewer slash listener, ask me questions and I will answer them on the show. If you want to submit questions for the show, there's multiple ways to do it.

The first way is to join the Discord. The link is in the show notes of this episode, and you can go into my Discord, and there's a specific channel in there where you can ask questions for The Hacker's Cache podcast. The next way, and the most common way that I pull these questions are from the YouTube videos, so if you comment on any YouTube video, it might get pulled for a question to be featured on my Q&A episodes here on The Hacker's Cache podcast.

And the questions that get asked on the actual Q&A episodes are going to take priority. However, all YouTube comments are eligible to be featured in the Q&A episodes. It's just, I'm just pulling the best questions that I think are the best ones to answer.

Last way to ask questions is to email me, Kyser at Kyserclerk.com, and if you want to feature your question on the podcast, make sure you say that in the email. Otherwise, I want to assume that the email is a private conversation, and feel free to email me a question, and, you know, if you email me a question, and you don't tell me it's for The Hacker's Cache podcast, then I won't put it on the show, and I'll just treat it as a private conversation, and I'll just answer your question. So don't mind getting questions in my email either.

But if you want it on the show, and you send an email, then just say, hey, it's for the show, for the podcast. For those who don't know, for those who are new to the show, there's multiple different types of episodes. So right now, you're listening to Q&A, this is where I answer guys' questions, and I also do guest episodes, where I invite guests, other experts in the field, and I just have a conversation.

I just do an interview with them, and pull their insights and expertise from them, and deliver them to you, the viewer, and that's going to be the most common type of episode you're going to get. And then I also do solo episodes quarterly, where I just ramble and rant about whatever I feel like talking about. And like I said, I do that once a quarter, these Q&A episodes are once a month.

I typically release these Q&A episodes the second to last week of every month. And every other episode is a guest episode. So you're going to run into guest episodes more times than not.

With that out of the way, do me a favor, and if you haven't already, share the show. And if you have already, share the show again, because there's always new content, there's always new topics, and you probably made some more friends since the last time you shared it. So if you're getting value out of this show, if you're getting value out of any of my content, I would appreciate you sharing, because for the podcast, for audio podcasts, there's no algorithm that pushes it out to people, it's literally just people discovering it themselves through people sharing and people just seeing my posts on social media.

Now, YouTube, it does have an algorithm that helps push it out there, but for the audio listeners, there's no algorithm out there that helps it go out there to new viewers and listeners. So if you could share the show, I'd really appreciate it. And leave a five-star review if you're on audio, that would help out tremendously as well, if you think the show deserves it.

That being said, let's go ahead and dive into this first question. So first question. Hi, Clark.

I am your follower from Bangladesh. Here cybersecurity industry is not good enough. I joined a cybersecurity intern and I started a company one month ago.

I was told to set up Elk Stacks and take logs from three out of four laptops and router. They're paying me $66 for 260 hours of on-premise. The working environment is a little bit toxic, which makes me demotivate to continue the internship.

Should I continue? For sake of my future career, I plan to make hard preparation for CPTS and OSCP within one year after leaving internship in 2026. I will apply for cybersecurity master's in Germany. Please suggest me what to do next.

So you got a lot going on here. And I'm just going to start from the top. So the first thing you're talking about is your internship.

And that's great. Internships, for those who don't know, are the best way to get your foot in cybersecurity. So if you're in an internship, you are doing great.

Now I would recommend doing more than an internship. Like you said, you're doing college, you're doing the certs, and that's what I did. I did college certs and internships and the combination of all of that helped set me up for success.

But out of all those, internships is the best because it's experience. Experience trumps everything when it comes to growing in your career and getting your foot in the door and progressing because experience is king. Experience beats certifications, beats degrees, and it beats CTFs, it beats your home projects, all of it.

If you're getting paid to do something, that's even better. Paid jobs are number one. But even unpaid internships are worth more than the certs and degrees and the CTFs and all that.

So, you're in a good spot because internships is literally the move to make. If you have the ability to go through an internship, that's your best opportunity to break into this field if you haven't already broke into the field. And if you're in college, you definitely need to be figuring out how to get internships because as a college student, you are in a prime position to land internships.

And another person who is in a prime position to land internships are my fellow transitioning service members. So, for those who don't know, I served active duty for six years. When I was getting out, I took advantage of the DoD Skill Bridge Program.

For those who don't know what the DoD Skill Bridge Program is, it's just a way for transitioning service members to transition from military service back to civilian life. And they do that by, the military basically releases you for up to six months. It can be shorter than that, but it can't be longer than six months.

And the transitioning service member will work for a civilian company to gain real world civilian experience in their chosen discipline, in their chosen field. And it doesn't even need to be an internship. It can also be like some types of school, some training.

I would recommend going to internship for experience. You want to do something hands on. And that's what I did.

I got out of the military and I went into a penetration testing internship due to the DoD Skill Bridge Program. I was able to do that for four months. I did four months of Skill Bridge and I did two months of terminal leave.

And speaking of terminal leave for my military vets, you want to take as much terminal leave as you possibly can. So yes, it is nice to have more experience on an internship, but the more leave you can take, the better off you are. So if you have two months of leave saved up, then I would recommend doing two months, ideally two months of leave saved up, or sorry, two months of leave and then four months of Skill Bridge because both of them combined can't exceed six months.

So that's, in my opinion, the optimal. If you've got more than two months of leave saved up for terminal leave somehow, then take more. If you've got three months, then take your three months.

But I feel like it's pretty hard to have more than two months of leave saved up. But if you do, take it all. Take it all.

Three months, four months, whatever you've got. So definitely take advantage of internships, guys. Like I said, military veterans are in a good spot.

College students are in a good spot. And even if you're not a college student or a military veteran, if you're a high school student, you also got that as well. I think that there's probably some kind of programs for high school students as well.

And maybe even for general population. I'm not entirely sure. I've only pursued one internship in my entire life.

That was when I was getting out of the military and I jumped on it. And I, and when I say I jumped on it, you want to do this like months and months and months in advance because it's not easy to land an internship, right? Because you still have to prove you're worth something, right? You're not going to let any random person, they don't know what they're doing, touching production networks, guys. So you need to have some kind of certifications, some kind of education, some kind of projects that you're doing and to land these internships.

So definitely take advantage of internships. You're in a very good spot. The fact that they're paying you $66 for 260 hours worth of work, I did the math on that.

That's like $3.90 an hour. That's not a lot of money, but it's better than nothing. Like, like I said, most internships are unpaid.

Mine was unpaid technically. So the way the military DoD skill bridge program works for those who don't know, they, the company that you, that you work for doesn't pay you, but the military still pays you. So you still get your military pay and benefits, but the company that you work for, you're not getting a check from them.

You're getting a check from the government, which, which is nice because you can still live off the same money that you had when you was in the military while you're doing this transition. So in a way it is a paid internship, but the company's not paying it. It's the government that's paying it.

The taxpayer, the American taxpayer is paying it, which I'm all for. Like I will, I think that's a good use of tax dollars for sure. And you should definitely be taking advantage of that if you are in the military and you're trying to transition out.

And like I said, college students as well. And the fact that you're getting $66 for 260 hours worth of work, not good, but it's better than nothing. And the experience is going to be worth more than that money anyway.

So you're, you're doing fine in that department. The working environment is a little bit toxic, so this is interesting you bring this up. And I, I just want to emphasize the fact that, so I've worked, I've worked at several different places in my life, guys.

So I had, I don't know, three, four or five jobs before I joined the military and then I joined the military. And then I did an internship and I did, uh, the job I'm doing now. So overall, like, I don't know, seven or eight different organizations that I've worked for.

And none of them is perfect. There's no such thing as a perfect organization, right? There's no such thing as a perfect coworker. There's no such thing as a perfect manager.

There's no such thing as a perfect person. You're going to run in some things that are less than desirable in your career. That's just inevitable.

That's just life. There's no such thing as a perfect life. Okay.

So if it's a little bit toxic, that's pretty normal in my opinion, right? There's, there's, when you say a little bit, I would say that's, that seems pretty normal to me and I wouldn't really worry too much about it. Now what I would worry about if it's a lot toxic, so if it's a lot toxic and it's absolutely destroying your mental health and you need to leave that environment. Okay.

And when I say it's like destroying your mental health, like if you get off work and it's just, you know, someone says something to you and it just rubs you the wrong way and it bothers you all night, every night, or you know, you wake up every morning and you just dread going into work and you just hate it there and you don't enjoy it at all. And it's actually really destroying your mental health. Then you need to get out of that environment, right? Your mental health is got to take priority because you got a lot of years left on the earth and you got to take, you got to take care of that.

And you don't want, you don't want to suffer because there can be long-term consequences by being exposed to an extremely, a true toxic environment. But when you say a little bit, I just feel like that's, it just seems kind of normal. Like, you know, if they're having you stay after work every once in a while, that's normal.

If they're having you come in a little bit earlier, every now and again, that's normal. If they're having you come in on a weekend for a little bit, that's normal. If, but if it's continuing on, you know, for weeks on end, all right, then it's like, okay, now they're just taking advantage of you.

Okay. So, you know, do a little bit extra work. It's fine.

Um, but doing it for extended periods of time, that's where the, that's where the problem is. So you gotta, you just gotta find what works for you. Um, and you gotta assume that like, you know, every company is super competitive and they're doing what they can to win, uh, whatever industry it is, you know? So you're going to have to put in the work.

That's, I mean, that's, that's how capitalism works. Okay. And, uh, it's not always sunshine rainbows and butterflies, guys.

It's just not. And like I said, it's not just saying it's perfect organizations, perfect managers, perfect coworkers. You're going to clash here and there with people.

It's just going to happen. Customers, clients, you're going to get some bad ones and we're going to talk about some, uh, rough clients later on. So make sure you stick around for that.

Moving on to the, this is a big question. So moving on to the next part of the question, you said, my plan is to take hard preparation for CPTS and OSCP within one year after leaving the internship. That's a good idea.

I think that's a good idea. CPTS and OSCP, two great certifications. OSCP is going to get you through the HR.

CPTS is going to help you do some, some serious skills. So that's good. My question to you is why would you wait to leave the internship? Why would you wait to leave the internship? I would, I would jump on it now.

Okay. And the reason why I say that is because the, you can absolutely work full time and then get your certifications outside of work. And that's what I do.

That's what I've been doing since 2019. I've been doing it. I've been doing it for six years.

That's how I got all my certifications. I very rarely get time to study on the job. Very rarely.

Happens sometimes, but not very often. All my, the majority of my studying, 99% of it is done in my hours outside of work. I said this in an episode before, and I'll say it again.

Your nine to five pays your bills. Your six to midnight grows your skills. And if you're wasting your six at midnight and you're, you're not putting any time in your career outside of work, then you're at a disadvantage.

You know, I talked about how this industry is very competitive and another episode as well, and you got to do what you can to stick out. So my, my, yeah, that's my question. Why, why not do it now? Because you can absolutely work a full time job.

You can absolutely do your internship while also simultaneously pursuing certifications. Now, you know, maybe you're not at that level yet. And if that's the case, then I would go out for some lower level certifications.

And same thing for school as well. So you say in 2026, I will apply for cyber security masters in Germany. And you can also do school at the same time too.

It's not easy, but I'm proof that you can do it guys. I have a full time job. I work 40 hours a week as a full-time penetration tester.

I still get my certifications and I'm a full-time college student. I'm going for my master's degree. Currently, I'm actually one week away from my last project.

I'm actually going to take my project tomorrow and I'll have my master's degree next week. So I am actual proof that you can do it all at once. Now you're going to have to make some sacrifices.

You know, you got to cut back into video games. You got to cut back into Netflix. You got to cut back on the nights out with the boys.

Nights out with the girls. Get to, you know, see your friends less. You have to maybe hang out with your family less.

But those are sacrifices that I was personally willing to make. And I'm in a very good spot because of it. And no one has ever really resented me for that.

Maybe my ex-girlfriend. I mean, that could have played a role in that relationship failing. But it wasn't the only thing.

But, you know, my parents, literally my dad texted me a week or so ago. He's like, hey, haven't heard from you for a while. How's it going? And I literally went like a month without talking to my parents.

My mom came over here earlier today, actually. The first time I seen her in probably over a month. So, you know, the people who truly love you, they're going to understand that you're on a mission.

They understand that you're working to better yourself. So any family member that holds it against you for wanting to better your life, better your career, then this is the kind of type of people that you don't want in your life. Now, I'm not saying to completely neglect your family, guys.

But I'm just saying, like, you don't need to hang out with your family, friends and family every single day. You just don't. And your family is going to understand if they truly love you that that's what's best for you.

So, like I said, I'm living proof that you can have a full time job, be a full time college student and pursue certifications. And in my case, also make content like, guys, I'm doing this like 80 plus hours a week, guys. Sometimes 90.

And because I just love the field. And don't get me wrong, like I do experience burnout. I'm actually going through a state of burnout right now.

There's a reason why there wasn't a video that dropped on Saturday because I just I just couldn't muster up the energy to make one. So there you are at a risk of facing burnout. But in my opinion, I made a newsletter article about this last week.

The. In my opinion, burnout is isn't all bad because you want to push yourself. And if you if you don't push yourself, then you're not going to know what you're capable of.

And when you hit burnout, like, OK, you understand what you're capable of. You push yourself to the limit. That's good.

And every time you push yourself to the limit, guess what? You get better. Right. That's like going to the gym and you're lifting weights like you go to failure.

And that's how your muscles get bigger. It's the same thing when it comes to your training in your brain. Like, yeah, you're going to hit burnout.

But then once you recover, you're going to come back so much stronger. So I think burnout is. It's not fun to go through it.

But like I said, every time I fight through a series of burnout, like I come back better than ever, because like I said, it's a very good like it's similar to going to the gym. Like you go to failure, you're super sore. It sucks.

But then once you recover, you're stronger than ever. So that's all I'll say about that. And like I said, I think you're on a good path here.

You know, if you don't want to do all that by, you know, at the same time, you know, you can do whatever you want to do. It's it's definitely a good track. I would say try to put some of the stuff together, because the more stuff you do, the better off you're going to be.

And that's that's really what it comes down to. You are in a competition for other people for the same positions. Competition is fierce.

There's a lot of people applying for the same positions. And there is the job market is pretty tough right now. 2025 is one of the roughest job markets we've seen in in our lifetime.

So you really got to stick out and stick out. You got to be doing a lot of things at once. Wow, that was a 20 minute response.

I was rambling for that one for a while. Let's move on to the next question. I'm excited to announce that memberships are now live for my YouTube channel.

And if you decide to become a member, you'll get early access to videos, access to member only polls, loyalty badges for the YouTube channel chat and priority reply to the YouTube comments. Of course, if you can't or don't want to become a member, that is totally fine. I will always release the same free content you come to expect.

And your support just by watching is more than enough to keep the channel going. But for those who do join, your contribution helps invest into new tools, technologies and people to help the channel go further. The goal is to create even more content and raise the quality of every video for everyone.

Thank you for considering memberships. And as always, thank you so much for your support. It's interesting that no matter how tech heavy a job is, communication and customer service is always one of the higher skills to have.

I have a question. Do you ever have difficult clients? If so, what makes a difficult client difficult in the world of pentesting? And what is the best way to work with them? This is a really good question. I really like it because this is one thing that I didn't realize was an aspect of pentesting until I got in the field.

And furthermore, it's not something you can train for. Even if you know what's coming, even if you know ahead of time, there's no really no way to to prepare for a difficult client. So the first part of this question, do you ever had difficult clients? And that's absolutely yes.

Absolutely. It happens every once in a while. Doesn't happen often.

It doesn't happen frequently, but it happens every once in a while. If so, what makes a difficult client difficult in the world of pentesting? So I would say there's the main thing is they argue your findings, right? You write something at a medium. They disagree and they think it's a low or you put market as low.

They don't think you should be on the report at all. Or you have it as a critical and you're like, no, this is really should be a medium. You know, so you got clients who argue your findings.

And I also did a remediation test recently. And long story short is for those who don't know what a remediation test is, let me just dive in that real quick. A remediation test is a test to prove that a vulnerability was mitigated after a pentest.

So let's say I do a pentest for a client. I write the report. I have these findings.

I give it to the client. They have a certain amount of time to remediate these findings and they fix the findings. And when they do that, they say, hey, can you test for this again? And you're only testing for the things that they attempted to mitigate.

And you go in there and you do the same exact method that you did when you first found the finding and you see if they actually did mitigate that. And if you can't replicate the finding like you did in the original pentest, then it's mitigated. Well, in my situation here, that's what I did.

But they mitigated one aspect of it, but it opened up another door to the same finding is the best way to put it. So there was a finding and I was able to find some information that I shouldn't have been able to see. And in the response, I can see it clear as day.

So I wrote it up and said, hey, this is, you know, look into this, try to fix this. And they mitigated it. And the way that I was discovering it was mitigated.

However, when they fixed it, they changed the mechanisms. They changed the the responses and all the code base. They changed all this stuff on the back end.

And when I went in to do the reagent test, the responses were different. And because the responses were different, technically, you know, they mitigated like the original method of what I was using to find this vulnerability, but it opened up another door to the same vulnerability, if that makes sense. So a good analogy for this would be, let's say you have a house with windows.

Someone throws a brick to the window, shatters the window, and they have a broken window and any person on the street can just climb through a window in your house. Security vulnerability for your house. So imagine you like, OK, we got to fix this.

And you fix the broken window. You go get a whole another window. And now the glass is not broken.

It's, you know, a piece of glass. But the lock on the window doesn't lock. So, yeah, you fix the broken glass, but you don't have working locks.

So now anybody can just come into the same window and, you know, they don't have to throw a brick in it. They just got to open it. You know what I mean? So the same vulnerability is there.

It's just a slightly different method to break in. And that's pretty much what it was for me. And they were arguing that like, well, I thought it feels like you're shifting, you know, the goalposts here because we fix it one way and and we didn't know this other way existed.

It's like, yeah, I understand, you know, where you're coming from and. But it's still a vulnerability because even though you fix one aspect of it, it opened up another door to the same finding, which is why I can't mark it as remediated and had to deal with a difficult client here. Now, it wasn't like terribly difficult, right? It was just they're a little bit disappointed because they put a lot of time, effort, energy into fixing that.

And it wasn't always fixed like they hoped. And ultimately, what we end up doing to satisfy them is we lowered the findings from medium to low. And I had my lead pen tester help me out with that because he had a lot more experience in me dealing with the full clients.

And it was just nice having to back me up on my finding because when it happens, you're like, oh, man, am I wrong? I went to my other pen testers and I'm like, guys, is this remediated? And everyone was like, no, no, you got the right call. And I was like, OK, good, because this client's not really happy with me right now. So, yeah, I would say that's number one, just clients arguing your findings.

Or another one would be a scope creeper, like you're supposed to do pen tests on a certain scope and they want you to do more than that. Or and one time that actually happened to me is we pretty much underbid it. Right.

We said we promised we can do too much in a short amount of time. And we had to come back and be like, hey, sorry, we can't actually pen test this much stuff in one week. We're going to have to renegotiate this scope here.

And the client was happy with that, which, to be fair, you know, as a customer, I wouldn't be happy with that either. So just disagreements, they arise, especially when these, you know, networks and applications can be pretty, pretty complex and everyone is different. There's no cookie cutter answers.

Right. Because every environment is so much different than the other ones. And there's a lot of gray areas.

And that's what makes it hard. Move on to the next question. I'm wondering, what should we pursue as a first certification in cybersecurity? I'm studying bachelor's in cybersecurity, but I have no clue about what the best certification is.

Best and first certification is. So this one, I would say for a first certification, I would go for network plus followed by security plus. You can skip network plus, but only skip network plus if you actually know how to network.

Like if you know what DNS is, you know what the OSI model is, you know what a subnet is, you know how to subnet, you know, the difference between an IP address and a MAC address is, you know, the difference between a frame and a packet, you know, the difference between layer one, two, three, four. If you know this stuff and this is ringing bells for you, then you can probably skip network plus. However, if all that's like foreign language to you, then I would take network plus.

Make sure you understand networking very well, especially if you want to be a network pen tester. Less important if you only want to be a web app pen tester. But if you want to be a network pen tester, then networking, knowing how network works, it's essential.

You got to know what a router does. You got to know what a switch does. You got to know all these protocols.

If you don't know your protocol, ports and protocols off the top of your head, then you're in trouble. Like if you don't know what port 443 is, port 53 is, 22, 21, and the list goes on and on. Right.

If you don't know any of that stuff, then you got to take network plus, in my opinion. If you know what that stuff is, you can probably skip network plus and go straight to security plus. Security plus is my first certification and it's technically higher level than network plus.

But if you have, even if you have security plus, it doesn't mean you have network plus knowledge. So it's worth going backwards and getting network plus. That's what I did.

And I think it's absolutely worth it. And then speaking of like certifications, someone commented on one of my videos and asked if, you know, I have CH, that's a certified ethical hacker from NC council. And I had the CompTIA pen test plus, do I need to go backwards and get to security plus? And my answer to that is no, you don't need to go back.

And you can, if you want to, but typically speaking, I wouldn't go backwards. The only time I would ever go backwards is if you don't know networking, go get the network plus. Like if you have a pen test plus and you still feel fuzzy on, you don't know what a, what DNS is, or you don't know what ARP is, then yeah, you should probably go get network plus.

But generally speaking, well, you know, you got the pen test plus and CH, you can probably not go backwards and you should look forward. Moving on. This isn't really a question.

This is more like a comment, but it's definitely a discussion worth having. So I'm going to feature it on the show. It's absurd.

How no, no one is complaining about hide the boxes, absurd prices. It's a software at the end of the day. Hello? Question mark.

And my response to this is, I think you're looking at the wrong way. Is half the box expensive? Yeah. I had the box.

Academy is especially expensive. Hide the box. Like the main platform, by the way, it's two different platforms.

Just hide the boxes. I had the most Academy, two different platforms, two different subscriptions. Academy is expensive guys.

It is, but it's worth it. And the reason why it's worth it is because you got to look at it as not a cost, but an investment. It's not a cost.

It's an investment because you're going to use those skills that you're going to learn and you're going to use them on the job that you're going to, you're going to get right. Whether you're trying to break into the field or you're like me, someone who's already in the field, but training to level up so they can go from a pen tester to a senior pen tester. And guess what happens when you go from senior to senior, sorry, pen tester to senior pen tester that comes with a, that comes with a raise.

So, you know, when I put time, effort, time, effort, energy, and money into my training, there is a return on investment. Like you're going to get that money back. Okay.

Very, very rarely are you not going to get that money back. Now there are some certs that probably isn't going to benefit you as much. And I would say a lot of them are worth it though.

A lot of them are worth it. People complain about OSCP a lot. Oh, it's $1,700.

That's not cheap, dude. It's not, you know, $1,700 is a lot of money. However, if you look at it as an investment rather than a cost, then it's a steal.

It's a steal. Why is it a steal? Well, if it costs you $1,700 to get OSCP, dude, you're just going to help you land a six-figure job. You're going to be able to, like your first paycheck is going to be more than $1,700.

You know what I mean? Or close to it. You're going to pay it off in like two checks tops once you land your six-figure job. So it's well worth it, guys.

It's not, there's no better investment than the one you're making yourself. There's no stock market trade that's better than that. There's no Facebook marketplace item that you can flip better that's going to make you more money, dude.

It is a little bit of a steep cost initially, but it's just going to pay off and it pays off for life. It's a good for life certification, man. Like once you break into pentesting, it's like you're in.

You are in and you're going to have a six-figure salary until you retire, dude. So it's definitely worth it. And back to the Hack the Box thing, like, yeah, it's like $400 or $500 for a year's subscription for Hack the Box Academy Silver.

It comes with a certification. It comes with a lot of training and it's a little, it's a steep price, you know? But at the same time, it's like, you know what else people spend $500 on? PlayStation 5, Xbox Series X, 65-inch big screen TV. The average car payment in America right now is $800.

People are spending more money on other things. You know, Hack the Box VIP Plus, the best Hack the Box subscription you can get is $20 a month. And the way I know that is because I subscribe to it.

It's in my budget. It's a line item in my budget. Hack the Box, $20 a month for VIP Plus.

Totally worth it. Keeps my skills sharp. I'll gladly pay it.

But people don't question like, oh, what about, you know, Disney Plus and Netflix and Hulu, PlayStation Plus, Xbox Live, and whatever else you subscribe to. DoorDash, you know, you're spending $50 on one sandwich, dude. It's like, bro, people are wasting a lot of money.

Like, I don't see anybody complaining about like, oh, PlayStation Plus costs $80 a year. I don't see no one complaining about that. You know, all my car payment, $800 a month.

People are gladly forking over money. You know, they buy a new iPhone for $1,300 every single year. But they can't use that $1,300.

They can't skip a generational iPhone and put it towards an OCP. So I would say you're looking at it the wrong way. It's an investment.

It's not a cost. And the investment is the best investment you're going to make. There's no better investment than the investment that you make in yourself.

And the return on investment is incredibly high. And it's absolutely worth it. And it's just going to take some saving.

It's going to take cutting back. You know, you know, eat out less, cancel Netflix, cancel Hulu. Stop buying a video game every week.

And you're going to have the money. And if you're, you know, still struggling financially, if, you know, this isn't a finance channel, but I try to tell you guys, like, you got to take care of your finances because you take care of your finances, then you're going to be able to afford your training. Right.

So learn how to take care of your finances. Don't waste your money. And if you already made all the cutbacks you can possibly make, then you need to figure out ways to increase your income through whatever means possible.

If you got to do Uber as a side hustle or DoorDash temporarily as a side hustle, whatever you got to do to raise the money to get your training, it's going to be worth it. I promise you. All right, guys.

So that's going to be the last question. I don't have time to answer another one. So thank you so much for listening.

Thanks for watching. If you are on YouTube, hit the like button, hit the subscribe button for more hacking and cybersecurity content. If you're on audio, do me a favor and leave a five star review would help the show tremendously.

And the thing that helped the show out the most right now is just share the show with your friends. And if you already shared it, share it again. I'm always making new content, always have new topics.

So if this episode inspired you, gave you insights, changed your mind, made you laugh, and you got overall a good vibe from the show, do me a favor, hit the share button, send it to a friend that's also trying to break into cybersecurity or, or send it to a loved one, send it to a loved one who isn't actually pursuing a cybersecurity career, because it takes sacrifices, guys. Like I talked about, you know, sacrifices and how, you know, you get to spend less time with your friends and family, you know, send this to your friends and let me explain it to, let me explain it to your friends and family for you. It's in the first part of the episode, and that can help you out.

Like, yeah, yeah. Tell your wife, tell your mom, your best friend, like guys can't hang out as much anymore. I got, I got hit the labs.

I got to hit the books because that's what it takes to break in the field, guys. It's a hard job market, like I said, and you are in competition. You got to put in the work.

And that's the best advice I can give you. You just show up every single day and don't quit. And it is tough.

I face, you know, like I said, I'm facing burnout right now myself. And it's just part of the process, in my opinion. Like, I don't think there's really any way to avoid it because the competition is super steep.

So share this with your friends. And yeah, hopefully see you in the next episode. Until then, this is Kyser, signing off.