[Matthew Younker (Zumi Yumi)]

I had to grind really hard to break in a very unhealthy amount. Like I gained weight. I was like doing five hours a day.

Like you said, I did time calculations for the lead up to OSCP. I probably put in 500 hours at least, and that was over three months. So, and I was working full time, I was going to college full time and doing that on top of it.

So adding all these things together, like I had one day off a month. Pretty much what was my average was one day where I didn't have to do anything cyber security or my computer. And the worst part of it was, I was like, I should be studying right now on my one day off.

[Kyser Clark]

Hi, I'm Kyser Clark and welcome to the Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Thank you for tuning in today. I have Matthew Younker, also known as Zumi Yumi, who has a year and a half of experience in vulnerability management. And then he transitioned into a senior penetration tester for education.

He has a bachelor of applied science in cybersecurity for certification. He has the OSWA, the OSCP, and the security plus. So Matthew, thank you so much for stopping in and doing this show with me.

Go ahead and unpack your experience and introduce yourself to the audience.

[Matthew Younker (Zumi Yumi)]

So my name is Matthew Younker. I was in the army for nine years, active duty, eight years for that. And then one year, national guard.

I worked in a CBRN MOS, which is like hazmat stuff. And I was stationed in Germany, Georgia, Korea, and Washington state. And, um, I worked for AWS and vulnerability management.

I also worked as a mechanic for a short period and I have one CV. It's a cross-site scripting CV. And I currently work for Astreon as a pen tester.

[Kyser Clark]

Nice. I didn't even know you had a CV. So actually, actually my first question.

So your CVE, what was it? And yeah, just explain everything about that CV. I'm curious about that one.

[Matthew Younker (Zumi Yumi)]

Yeah. So it is a, just a reflective two-step cross-site scripting and it's two-step because, uh, when I discovered the vulnerability, I inputted like a simple, you know, script alert, script, uh, tag for, uh, JavaScript into like a search function for a CMS. And nothing happened, but I left clicked it and then the JavaScript loaded and executed the alert. So I was like, oh, cool.

It's a two-step. It's not a very simple, you know, just put it in there and it goes. So then I, uh, got the URL for it.

And I tested a few payloads to show impact like, oh, you can steal a cookie. You can do whatever, submitted it to MITRE and three months later I had a CV.

[Kyser Clark]

Nice. And was you looking to get a CV at that time? Or was it kind of like something just happened to come across?

[Matthew Younker (Zumi Yumi)]

Yeah, I was looking for it. So for my capstone for my bachelor's, they were like, you can pick whatever you want to pick that relates to cybersecurity. I was like, Hmm, I want to find CVs and add it to my resume.

So I searched online, got in contact with some friends of mine on Discord who had a little bit of experience. And we kind of talked about, oh, use some applications we can try. So, you know, I kind of talked about it in my Medium blog, but, you know, I'll pull the application locally.

I start fuzzing it using different tools like, uh, Pursuit Pro and, you know, other SAS scanners and just start playing around with the application starting from, you know, um, the admin privileges working my way down back to like a regular user. And it was just like the first thing I tested. I loaded the demo application.

It was like, oh, we've got the search function. You can look for stuff. It was like, uh, control V paste in the payload.

It, nothing happened. Clicked it and boom. I was like, oh, that was fast.

[Kyser Clark]

Nice. That's really cool. And that's, it's really cool how you could do anything you want for your cybersecurity capstone.

I have, I just finished my master's degree in cybersecurity and for my bachelor's and my master's degree, like I could pick, well, for my master's, I could pick between cybersecurity management and policy stuff or threat intelligence stuff. I did threat intelligence because I didn't do a whole lot of that, uh, during my degree path. So, but other than that, like it was pretty structured.

So I mean, man, I wish I could have done a CV for my capstone. That would have been really cool.

[Matthew Younker (Zumi Yumi)]

Yeah, it was really nice. Go ahead. Yeah, it was really nice.

We had to like create a plan to follow, like, oh, you know, first two weeks we have to draft up. Um, this is how we're going to approach it. And then, uh, like a work plan.

Okay. I will spend 10 hours doing this, 10 hours doing that. So it wasn't just like go and do whatever we had to draft up a whole plan and kind of manage it like an actual project for work or something.

[Kyser Clark]

Yeah, that's really cool. Um, yeah, I never really looked for CVs. I guess, uh, once I started working full time, I was like, I don't really have time to look for CVs.

Uh, I feel like if I did try it, I would be all right with it. Cause I find like stuff like that all the time and, uh, web apps for my, my clients. Um, I was actually surprised on how easy it was to find CrossFit scripting.

I remember the first time I got CrossFit scripting, I started, I screened off top of my lungs, but then like, I kept finding it, kept finding it, kept finding. I'm like, oh, this actually wasn't that special. But that first time I got it was great.

The first time is amazing. Yeah. All right.

So let's go ahead and, uh, before we get into our main discussion, let's go ahead and start doing our rapid fire questions. Sure. So for those who are new to the show, Matthew will have 30 seconds to answer five questions.

If he answers all five questions, I want to stop my microphone off, pull out my phone, if he answers all five questions in 30 seconds, I'll get a bonus six question unrelated to cybersecurity. I'll try my best. All right, here we go.

Your time will start as soon as I finish asking the first question. Okay. All right, here we go.

Matthew. What is your favorite place to get cybersecurity news? Uh, size of Kev greatest hacker of all time.

[Matthew Younker (Zumi Yumi)]

Um, Oh, this is a hard one. Um, I can't decide.

[Kyser Clark]

Sorry. Do you think cyber insurance is worth it? No.

Top skills for cybersecurity professionals, soft skills.

[Matthew Younker (Zumi Yumi)]

Um, being friendly, being friendly, most memorable hacking experience, getting domain admin and OSCP.

[Kyser Clark]

Nice. That was 36 seconds. We're not going to get to the bonus question, but that's still a pretty good time nonetheless.

That greatest hacker of all time. I don't blame you. That's a hard one to answer.

I don't even know what I would say to that either. Like, because no one knows everything about everything. So it's like, who do you pick, you know?

And then like most criminal hackers get away with the crime.

[Matthew Younker (Zumi Yumi)]

So it's like, well, those might, might be the best, you know, I had to think about it for a while, Tiberius.

[Kyser Clark]

Yeah. That's kind of similar to my last, the last episode where I asked who's the greatest hacker alive today. So your question wouldn't, you was able to like save people who weren't alive.

Um, so slight difference to that question for the audience members. You're like, that's the same question as last week. All right.

Uh, so your most interesting response, I would say, hmm, let's go most memorable hacking experience. So you said getting domain admin in OSCP. Why was getting a domain admin in OSCP your most memorable hacking experience?

[Matthew Younker (Zumi Yumi)]

Because it was what gave me a passing points. I had the standalones. I had 10 on one.

So user, and I had root and user on another and just break, breaking into the domain then was so difficult because this was before you had to assume breach. So I like, I couldn't even get into the domain until 3.00 AM. And I had started 8.00 AM the previous day and then 5.30 AM rolled around and I had domain admin and I just, I just cheered at like, just stood up from my chair and like, was like, yes. And then woke up my wife.

[Kyser Clark]

Nice. Yeah. That's actually the, my most memorable hacking experience is what wasn't getting domain admin.

It was in the domain. It was in the domain. It was, uh, I think the second machine really, really got caught on that one.

I spent a long time on that one. Uh, then once I got that one, getting domain admin was pretty easy after that, but that was really like, I almost quit at that point. Um, yeah, it was the second to last slide is what it was.

And once I got that, I was like, I just screamed and like, usually I just like, I start clapping and I'm like, I'm like, just pumping, yelling. I wonder, I, I, sometimes I wonder like if, uh, if, uh, the proctors that watch us are watching, like, wonder if they'll like talk to each other, but like, yo, did you see anybody do anything crazy there during the exam? I feel like that'd be funny.

Like sharing the story. Like I saw some guy do a cartwheel.

[Matthew Younker (Zumi Yumi)]

Yeah. He does a handstand. That's so funny.

Yeah. That was an amazing experience. Just being like, yes, I did it.

Like those hundreds of hours of work paid off and like, all I gotta do is write the report and that's the easiest part. I know I took screenshots and I, and you, and you go through all your steps. You're like, Oh, did I, you know, let me make sure just in case, before you close up the session that you have everything.

[Kyser Clark]

Yeah. Right. Exactly.

It's definitely a hard exam. And speaking of hard exam, that's actually a question I want to ask you would between OSCP and OSWA, which one did you think was more difficult?

[Matthew Younker (Zumi Yumi)]

OSWA without a doubt was harder than OSCP. I did OSWA after the thing is that it's tricky. There is a lot of rabbit holes that it's not very clear what the exploits are.

And I didn't have passing score until 30 minutes before it finished for me. Like I did not have a passage for until 30 minutes before that was scary. I mean, yes, I passed the first try, but that I, it is a hard exam.

[Kyser Clark]

Yeah. Yeah. I also think that was WA was more difficult.

I failed those three times and I feel, I don't blame you. I don't blame you. I passed OSCP on my first try.

So yeah, OSWA for me was, was way more difficult. Luckily on the, the one I passed, like I wasn't 30 minutes away from closing out.

[Matthew Younker (Zumi Yumi)]

I was like, I was like, no.

[Kyser Clark]

Yeah. By the time I got in the fourth attempt, I actually didn't spend a crazy amount of time in the exam environment. Yeah.

[Matthew Younker (Zumi Yumi)]

Because you have an idea.

[Kyser Clark]

But still, it was, it was a fun, it was a fun exam. And I was very frustrated going through it, failing three times. But then when I finally got it, I was like.

Cracked, I felt like I just cracked the code and it was one of my most memorable experiences as well. Getting that one. Yeah.

Yeah, for sure. So I want to rewind back into your, back into your military service and even back when you was a mechanic. So how, how did you get from there into cyber?

I mean, I know it's probably a long journey and you got a lot of steps, but like when you was in the military, did you always have an eye on cyber? Like where did this like patch for cyber security and hacking come from?

[Matthew Younker (Zumi Yumi)]

Yeah, that's a, that's a good question. And yeah, it is kind of a long story. I'll, I'll try to simplify it, but basically like when I first became a sergeant, really, I started like feeling like the physical effects of being in the service and feeling it in my knees.

I was like, I probably need to get out. I probably need to find.

[Kyser Clark]

Your lower back starts to hurt and your knees start to creak.

[Matthew Younker (Zumi Yumi)]

Oh yeah, exactly. Your knees are creaking. They do going down steps, especially, but yeah.

So I started feeling like, okay, I need to change careers basically, because. Uh, I don't know if you know, those seabirds not really in high demand, necessarily. So I was trying to figure out like, okay, well, what am I interested in?

What am I good at? So at first I was like, I think I'm interested in pharmacy. And then I started going to school, like doing online schooling at a local college.

And then I was like, I was looking at the like pay rates and whether or not it was interesting to me. And I was like, this, this is not going to do well if I stick through this whole thing. So I had to make a switch.

And while I was serving, I had experienced doing like satellite communication, setting up networks like that, using ground drones, like Talon 4. So, and they use, you know, TCP IP and we had to learn how to do that. And I had a like natural talent for it.

I figured out like how to do it pretty quickly. And even the people training were like, you know, Sergeant Younker, you're pretty good at this. You should go into, I was like, no, I don't want to do nerd stuff.

I don't want to do that nerd stuff. So I kind of had it like embedded in me, like a seed planted, like, oh, you know, this is something that you like, something that you're good at. So I was like, okay, I don't want to do pharmacy anymore.

I jumped into like a sysadmin type associates for that college. So I doing that and they had a pen testing class and I did it. And surprisingly, I was like, this is too hard for me.

I was like, I can't do pen testing. This is way above me. I use this tool called Legion.

I'm not sure if you're familiar with it, but it's like a, it's like, um, auto recon, if you know what that is by Tiberius, it's like that, but worse. Anyways, I used it on the wrong network and I made my printers start printing stuff in my house. And that experience was like, okay, you know, pen testing is not something you're good at is what I was thinking at the time, so I kept doing it.

And then, you know, I got out of the service and I couldn't find an it job. I just, at the time I had just the associates. So I was like, let me get a help desk job.

Let me get, you know, whatever, couldn't find one, but I got, you know, those people that you bring your car or truck to and at like a dealership and you check in with them. Well, I could get that job. So I got something like that for heavy machinery and that, um, in that, in that role, I was able to watch the mechanics work and I just learned how to do mechanicing, like welding, electrical work, you know, after six months of just watching them do it and kind of doing hands on, it just let me transition over into a full-time mechanic role.

I was a heavy equipment technician working on wood chippers, trucks, spider lifts, all sorts of crazy stuff, you know, changing engines, doing diagnostics, electrical work. And at the time I was still working on my bachelor's in cybersecurity and my wife had interviewed for a AWS vulnerability management role and she turned it down in favor of a sysadmin role. So she referred them to me and I did the interview.

They liked me, took me on. And then I started and they're like, Hey, we offer offsec and OSCP. Do you want to take that?

I was like, what is offsec? Like at the time I was still not, I still didn't know what I wanted to get into and they're like, oh, it's pen testing, learn how to pen test. I was like, Oh, okay, I'll do it.

And then I just became addicted, like just studying every day, two, four hours doing boxes on tryhackmehackthebox, offsec, you know, PG labs and getting involved with the communities on discord as just became like a fanatic about pen testing. I was like, okay, I am addicted to this. I love it.

It's like puzzle solving. It's everything I like. I can do it.

You know, I didn't really feel the imposter syndrome. I was like, this is something that I'm good at. Once I had that structured learning that OSCP gave me and that's like how I transitioned over.

And I think the, the, like the military soft skills, the, the like hardware experience of God being a mechanic has helped me in my current role as a pen tester with Astrion. But, um, I think all those things combined set me up for success to get into it because pen testing really is not an entry level role. It's not something you just jump into.

You need to transition to it. So that was kind of my long and windy path into pen testing really.

[Kyser Clark]

Yeah. Thanks for sharing that and expand on that. It sounds like a pretty cool journey.

And, um, I think my biggest question here is, so when you as a mechanic, there's a lot of troubleshooting, how much of that troubleshooting, this troubleshooting skills transitioned into like your IT troubleshooting skills? Is there a lot of overlap there?

[Matthew Younker (Zumi Yumi)]

Yes, there really is. I think even if you're in something as kind of silly sounding as being a mechanic or technician, like think about it, you're going to be following the same kind of steps, like, oh, the engine won't start. Okay.

Check the battery. Does it have power? It's the same sort of things that you do in it.

Oh, my computer won't turn on. Do you mean your monitor? Or do you mean the computer?

Is it plugged in? Does it have, um, is the wire broken? Like is the wire fully seated?

Like there's all sorts of, all these things overlap and you'll experience the similar things, um, being in either field and they transition over a lot better than you would think, you know?

[Kyser Clark]

Yeah. And I've covered it on other episodes, like from other guests, you've had other backgrounds, uh, that's not C-burner mechanic, but different fields that's not IT and cybersecurity, and there's always something from every field that carries over into IT and cybersecurity. And, uh, yeah.

So that's, that's important to know if you are listening or watching and you're trying to break in this field and you are in a completely different field, there's gotta be some overlap. You just gotta figure out what the overlap is and, um, figure out how to communicate that to employers. So when you were making your transition, how was it, how difficult was it?

Like, what was the biggest challenges for you when you was making a transition from a non-cyber, uh, into IT and cybersecurity?

[Matthew Younker (Zumi Yumi)]

Um, actually surprisingly, my transition into cyber IT was very easy because there was a contracting role at AWS. Um, they didn't ask a lot of questions. They're like, what'd you do in your bachelor's?

Do you know what SQL is? It was very simple, low threat interview, which is not normal for AWS. And it was just one hour long, not the seven hours that you hear about.

So they took me on and like having that low threat to getting into an IT slash cybersecurity role was awesome. So very fortunate. And I got lucky to have such an easy entry, but the pen testing role was much different.

That was extremely hard to get into after I had the IT slash cybersecurity role. And that one was extremely challenging. Like I had to like ask people who are pen testers, I had to ask on Discord, like, can you review my resume?

Like, what am I missing? Like I've, I've got X, Y, Z. Um, I'm still struggling.

I had OSCP still struggling to get a role. Like that, that was the hardest part was getting the pen testing role.

[Kyser Clark]

Yeah. And I had similar, my, my background in military was IT and I was trying to apply for pen testing jobs and I still face a multitude of rejection. So even if you have like me, six years of experience in IT and system administration, it's still difficult because there's a lot of, it's a, it's a lot different being a pen testers requires a deeper understanding, I would say, and, uh, and more of a wide variety of skillsets and knowledge.

Yeah, for sure. So what would you say is if you was giving advice to someone who was trying to make a transition from a non-cyber field into a cyber field, what would the biggest piece of advice you would give them?

[Matthew Younker (Zumi Yumi)]

Yeah. So, um, you kind of want to round yourself out. I think you need to check all the boxes.

Don't shoot yourself in the foot and try to jump into the pen testing role without having a box check. It's going to make your job harder. And to kind of list them, um, you know, get a bachelor's I'll be honest.

Like it helps a lot having a bachelor's cybersecurity or computer engineering. Or computer science, just pick one. A lot of people get too worried about what is the best one to pick, just pick one and follow through and get the paper.

That's the most important thing. The, the college doesn't really matter too much unless you're trying to get into a thing or something. Uh, like Facebook, Amazon, Netflix, and, uh, Google, like one of those.

Um, but so, you know, get the degree and then certifications start with security plus is a definite one to have. Then you're going to want to get into like CPTS for, from hack the box. I'll give you the skillset to do pen testing and OSCP.

This will give you the HR recommendation or the HR bypass to get through the filters and then CVE hunt. So find a CVE if you can. Um, there's plenty of guides online.

I have a guide. And then another one is like develop tooling. So have demonstration.

Oh, look, I've made a PR to this, or I've made this new tool. Like it doesn't have to be a completely new thing. You can just redo a tool, basically just change the language.

And look, I made this, but now it's in go, or I made this and now it's in C sharp. So just try to check all those boxes and get an IT role also is the most important thing. Just get into IT somehow, a junior role like help desk, or, or you can take the other path, like when I recommend to people, I'm like, Oh, there's usually two to three paths that people take.

There's IT. There is developer. Then there is SOC and SOC sometimes comes from being in IT, but sometimes people start in SOC.

So those are the three most common rules. So look at the requirements for those and try to make them. I think that is the biggest advice I would have to breaking into a pen testing role is just check all the boxes.

[Kyser Clark]

Yeah. And then once you break into the role, what advice could you give someone who wants to stay in the role? Cause you got to stay sharp.

Otherwise you're going to fall behind. What, what do you think people should be doing once they land that first pen testing job, staying sharp and leveling up in their career? What, what are you doing in your career right now?

And what would you recommend?

[Matthew Younker (Zumi Yumi)]

Yeah. Number one is communicating. That's communicating with teammates.

That's communicating with your boss, your mentor, your leadership, your clients, customers. It's just making sure you're very clear with everybody. Like how am I doing?

What do I need to know? What do I need to learn? So the first one is just communication and getting the constant feedback about yourself and knowing what you're weak at, what you need to work on, what you're good at too, because if you are especially good at some specific thing, like if you're in a red team or something, and now people can come to you for that specific task to learn about, or you can teach them or help them with.

That is also a very useful skill to have. And, another thing is, doing training. So doing hack the box, doing pen tester labs, port swigger, try hack me.

These are all different platforms that you can use to keep training and progressing in your skills. So if you are a web app pen tester, do pen tester labs and port swigger. Those are absolutely phenomenal for learning it.

If you are a internal pen tester or you do like enterprise network stuff, go to hack the box and learn there. If you are a little bit unsure about what you need to learn, hack the box and try hack me has plenty of different material that can keep yourself fresh. And for me personally, I try to do at least 10 hours a week of training and studying, I think this keeps my skills sharp.

I try to do a box every week. That does not happen. But, you know, just keeping yourself sharp is the most important thing.

[Kyser Clark]

Yeah. That's a good point. You mentioned that you said you try to do 10 hours a week.

You try to do a box a week. And, you know, I've done that, you know, do a box every week or, uh, you know, my goal was to do like three hours of studying every day, which was what is that 21 hours or something. And I kind of burned myself out.

So now I'm turning it back to like two hours a day. So I'm, I'm trying to put myself at that 10 hour mark, but it doesn't flow. Sometimes you're going to do more than your 10 hours and less than your 10 hours.

You know, sometimes, um, I, I think when you, I always tell people like, yeah, you got to put in my crazy amount of hours. And if you're trying to break in, like you do have to put in crazy amount of hours. Then once you get in the field, like you still need to put in time, but you don't need to go as hard as you once did because you'll, you'll face, you'll get burned out.

Uh, and I've done that, um, for sure. A couple of times now. So, um, I definitely have been trying to like, instead of putting four or five hours in a study in a day, maybe just do two or three and do a box every once a week.

You know, like you said, yeah, for sure. So what do you do to not burn yourself out? Is it just pace yourself?

Are you still like, just do a couple hours a day or, or, or maybe one box a week? Are you trying not to overdo it?

[Matthew Younker (Zumi Yumi)]

Or yeah. So I, I give myself like cutoff times, like, Oh, 8 p.m. I'm not going to study past 8 p.m. Uh, for boxes, I'm not hard on the do one a week. Like, I'm not feeling it.

I'm not going to do it. Like as long as I study the modules and things I need to study, I'm fine with not having to lock in and spend 12, 14 hours doing a machine or something. Cause it was a big time sink.

And sometimes the juice is not worth the squeeze. Like, Oh, like it was, it was this thing. This is, this is not helping me in my career.

This was kind of a waste of time, like putting this many hours into something. So understanding like the balance that, you know, you don't want to sink so much time into it. And then to combat burning out, it's like talking to family, going out to dinners, it's, you know, working out, it's going on walks like today.

Uh, I went to go pick up like pizza instead of driving there. And it was like a mile away. So it was a pretty long walk.

So, you know, just getting that outside time kind of helps, you know, decompress and let your brain, you know, refocus the process of things.

[Kyser Clark]

Yeah. That's good. You mentioned, uh, don't force it.

Like if you're not feeling it, you're not feeling it. There's I mean, I would say when I was trying to break in the field, like I would definitely force it. But now I'm most like, you know, let's say I planned like, yeah, I'm going to do a hack the box on this day, or like, I'm going to study for this cert this many hours on this day and this day, and I'm like, I'm not feeling it today, or maybe I just, you know, shorten it up a little bit.

So, um, yeah, I always, I always tell people like, yeah, I gotta do the work when you don't feel like it. But I think once you break in, it's kind of okay to like, yeah, go ahead and take a break because you got a long career. It's going to be, you know, if you're for me anyways, I got 40 more years.

So, uh, it was plenty more time to, to learn stuff.

[Matthew Younker (Zumi Yumi)]

Yeah. And, um, to kind of expand on that, like I had to grind really hard to break in like a very unhealthy amount, like I gained weight, I was like doing five hours a day, like you said, I did time calculations for the lead up to OSCP. I probably put in 500 hours at least, and I was over three months.

So, and I was working full time. I was going to college full time and doing that on top of it. So adding all these things together, like I had one day off a month pretty much.

What was my average was one day I didn't have to do anything, cybersecurity or my computer. And the worst part of it was, I was like, I should be studying right now on my one day off. So yeah, when, when you're breaking in, you're going to sacrifice and it's, unfortunately it's part of it, but it's just understanding once, once this grinding is over, you can chill out and then it is hard to turn the dial back because you're like, I need to study.

I need to study. I need to study. Well, you're going to have to force yourself to turn it.

And I'm still struggling with that kind of turning the dial back and letting myself breathe and relax and process things and enjoy life.

[Kyser Clark]

Yeah. Yeah, man, I'm a hundred percent in agreeance with you. I, my, my feelings are exactly the same and I had a very similar story as you.

I mean, I put 400 plus hours in OSCP and 30 days or not 30 days, three months. And I was a college student and I had a full-time job in the military. And it was, you know, three to five hours a day on the weekdays.

And then on the weekends I'm putting in 10 to 12. Yes, exactly. And, uh, now that I'm, I've been a Pentester for a year now, I still have a hard time, like relaxing.

Like I'm like playing the video game. I'm like, I feel like I'm wasting my life.

[Matthew Younker (Zumi Yumi)]

You know what I mean? I'm like, I'm studying right now.

[Kyser Clark]

Yeah. Yeah. It's, it's hard to tone it back.

Like you said, it's, but like you said, the grind is, I would say is essential to breaking in and there is no shortcut to success. I always tell people that on the, on the show and then, uh, but the sacrifices are a hundred percent worth it. Like once you're in, you're like, okay, it is, you know, it's definitely worth it.

Sure. A hundred percent. So let's go ahead and do our last question here.

Matthew, do you have any additional cybersecurity hot takes or hidden wisdom you would like to share?

[Matthew Younker (Zumi Yumi)]

Yeah. So my hidden wisdom is that networking matters. Um, I mean the talking kind, not the IP networking, but, uh, I mean that matters too, but, um, so talking with people online in person, um, discord was a huge help to me, uh, getting into the cybersecurity communities, try hack me at box offset, just getting in there, talking to people and asking questions, helping other people.

You meet a lot of cool people. You, um, you'll join like splinter servers with like info sec prep, my server chaos control. Like we all have, uh, you know, these little small cybersecurity servers that you'll join and you'll just learn so much and you'll meet hiring managers.

You'll meet people who can get you hired or point you in the right direction. So it doesn't have to just be in person. Like it is important, like going to cybersecurity meets, going to B sites and Defcon and things like that.

But like, don't forget about the online part, like talking to people online is fruitful. Like it helped for me. So just don't forget about that.

[Kyser Clark]

Yeah, that's a really good day. You bring that up that you don't have to be in person. I mean, I started my career out in Korea and I went to Alaska after that.

And I was definitely disconnected from the whole main mainland United States. And I never went to a conference at my first conference. I didn't go to until I got my first pen testing job and I still haven't been doing Defcon.

I'm hoping to go to Defcon this year for the first time. And I'm going to Wild West Hacking Fest, uh, later this year as well. My company is funding that.

So that's really cool. But yeah, I didn't, I use the internet to network, do all my networking as well. And you definitely, you know, people say, Oh yeah, go to conferences.

And yeah, if you can, but I don't think it's essential. Uh, you can do a lot on just online.

[Matthew Younker (Zumi Yumi)]

Yeah, I agree. I will be at Defcon. So if, uh, you know, viewers are going or you're going like, I will be there.

You can come say hi. Um, and I, yeah, I, for me, the in-person networking never worked for me. It was all online that I was able to have success.

[Kyser Clark]

Great wisdom. Thanks for sharing. So Matthew, thank you so much for giving your wisdom and your insights and your expertise to the show.

Where can the audience get ahold of you if they want to connect with you?

[Matthew Younker (Zumi Yumi)]

Yeah. So you can find me as Zumi Yumi on, uh, discord and get hub. I have a discord channel called chaos control.

You can search for it. And then there's also my LinkedIn, uh, Matthew Younker, and I'll give you the links after.

[Kyser Clark]

Perfect. And audience best place to reach me is LinkedIn and my website, Kyserclerk.com audience. Thanks for watching.

Thanks for listening. Hope I see you in the next episode until then this is Kyser signing off.