[Betta Lyon Delsordo]

If you're afraid of coding because you have to set up like so many annoying things and download things and java versions and whatever, just use like an online editor and just do some basic tutorials. And honestly, I teach coding to middle school girls in this competition called the Technovation Challenge. It's like an international app building competition.

I've been doing it for like nine years and I'm like, if I can get some middle school girls to learn coding, like everyone can learn to code. It's not as hard as people think it is. It's like if you can type, if you can do basic math, you can code.

[Kyser Clark]

Hi, I'm Kyser Clark and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.

Thank you for tuning in today. I have Betta Lyon Delsordo, who started out in web development and did freelance web development for about four years and then pivoted into cyber security and pentesting. She's been doing that for about four years now and currently works as a lead application penetration tester.

For education, Betta has a bachelor's in computer science and a master's in cyber security. For certifications, she has GPEN, CEH, three AWS certs, the Google Cloud Platform, Cloud Architect, SecurityX, which is formerly the Cast Plus, Security Plus, and Linux Plus. She also has a Splunk certified cyber security defense analyst and the Cisco cyber security associate used to be the cyber ops associate.

So, Betta, thank you so much for hopping on the show and go ahead and introduce yourself to the audience.

[Betta Lyon Delsordo]

Hi, thanks so much for having me. You covered a lot of the big things there and I think one thing I always include in my story is that I actually got started with this all when I was 13. So, when I was growing up in Montana, I started messing around with code and teaching myself to code online and that grew into my own freelance web development business through high school and college.

And as you can imagine, as a teenager building websites, I wasn't really thinking about security when I started out. And my clients started coming to me with things like how do I keep bots off my website or how do I use password manager and also having to learn about application security, going back and looking at my code and being like, oh, my gosh, am I doing this right? And as soon as I started learning about ethical hacking, I was like, oh, that's way cooler and more interesting and I want to do that instead.

So, I got really into web hacking, I interned with a firm, did pen testing and I found out I was really good at it because I had seen the holes that I had left when I was creating things and I could find those in other people's apps and just kind of went from there. Yeah, did my education, a lot of certs, I got some funding from the NSA for all of those and yeah, currently a lead application pen tester on Defend. I specialize in web, cloud and AI hacking.

I'm really involved with several groups for women in cybersecurity and yeah, happy to be here.

[Kyser Clark]

Yeah, great story about starting at 13. That's unusual, I would say. I feel like most people when they're teenagers, at least most people I know, like they don't teach themselves how to code at such a young age.

So, I'm curious, what prompted you to get started in coding at such a young age?

[Betta Lyon Delsordo]

Honestly, it was because my parents didn't let me use technology. I came from a pretty strict household, so that was my rebellion was like, I'm going to learn to code and hack things because I wanted to get online and learn stuff. So, I convinced my parents that coding was basically studying math and that I was really just doing homework.

I was like, look, I'm doing math, mom and it's like, oh, it's fine. So, I got really into that and learning how to get around blocks on the internet and stuff when I wanted to just watch YouTube or something. And I wasn't allowed to have a phone growing up as well, but I won an iPod touch at the dentist's office.

My parents were like, I guess we have to let you use it, but they locked it down, everything. But I would learn little things to get around that. I was eventually just going into the command line and turning on settings and stuff and it's kind of my first hacks and stuff there.

But as I got into building websites and stuff, I was realizing the bigger impact of all of that. I was just an ambitious kid and I was like, I'm going to start building websites and Google paid me a little bit to do it. And I think I was just following my curiosity and I think hacking is the coolest career there is.

So, why would I want to do anything else, I guess?

[Kyser Clark]

Yeah, that's a perfect reason right there. Yes. When I was in high school, I did a web development course and I mean, I'm not trying to show too much of my former teacher, but I just didn't like the course and I just didn't think the teacher was really teaching me anything.

And I just didn't really like it. And I spent more time in that computer class on gaming forums than I did doing actual coding. So, I didn't really learn how to code.

I mean, I learned HTML basics and stuff when I was young, but I was way more interested in just playing video games. But that's really cool that you took that initial interest of coding and expand upon it. Yeah, that's really cool.

And I would say, if I started at 13, I would be like light years ahead in my career now. So, I feel like you had a really good path.

[Betta Lyon Delsordo]

Thank you. Yeah, I mean, it's definitely given me, you know, I've been doing this for enough to see the languages that I initially started out on. I had a class where I was learning Flash, making games with Flash, and that's not even a thing anymore.

Because that was the classes that I had, again, were just very rudimentary. And so, very quickly, I just convinced the teachers that I would just do my own thing and I had independent studies. But it is interesting to, at the time when I was starting out as a kid, that I was like, wow, there's so much to learn.

I'm never going to learn this. And to look back, and it's great that, I'm really grateful that my 13-year-old self sat down and did that because it's really paid off now. So, I'd say, if there's anybody out there and you're young, get started.

Your future self will thank you so much for the things that you started learning then.

[Kyser Clark]

Yeah, so, since you've been in world development and ethical hacking for a while now, what keeps a passion there? I mean, I'm sure there's times where you get burned out. What do you do there and how do you handle keeping your passion high?

[Betta Lyon Delsordo]

Yeah, I haven't gotten burnt out yet. Maybe I will, but I just think I'm just, I just love doing cool stuff. And for me, it's finding opportunities that are the coolest possible thing I could be doing right now.

So, like, my current job is looking at the source code for a social media app for anything suspicious that shouldn't be there. And that's just, like, really fun. And, you know, getting to sort of, it's like threat hunting in the code.

And source code is, like, one of my favorite things. But I've also, you know, gotten hacked, like, AI, which is also just really exciting and fun, like, social engineering it. So, for me, it's, like, just finding out what are the coolest possible things I could be doing right now and then studying on that so I'm qualified to be the one that gets picked to work on the cool projects.

So, I would say it's just, like, following that curiosity. Don't feel like you get stagnant or, like, stuck. I think when I first started out in web development, I had, like, this whole thing going.

I was, like, I could have just stayed and I definitely could have had a career where I just had my own business doing web stuff. But even at that time, I was looking ahead and seeing how web development was going to kind of die out because eventually I was, like, why would I tell a client to pay me to build a website manually when a site like Wix or Squarespace could make it in, like, a minute with their, like, AI. And I realized, you know, this career is not going anywhere and it's not as fun.

I want to do something cool. So, I think for anyone out there who's feeling, like, burnt out or stuck or stagnant, it's just, like, you know, don't feel like you're locked into something even if it's, like, working for you. Go find something cool and then, like, be the one who's qualified to get picked to do the cool stuff.

So, there's always something cool out.

[Kyser Clark]

That's really good advice. Thanks. Yeah.

I'm going to remember that. Just ask yourself, what's the coolest possible thing I could be doing right now and then just do that.

[Betta Lyon Delsordo]

What a thought.

[Kyser Clark]

Okay. Before we dive into the main discussion, let's go ahead and knock out the rapid fire round. So, are you ready for the rapid fire questions?

[Betta Lyon Delsordo]

Awesome. I'm ready.

[Kyser Clark]

For those who are new to the show, Beto will have 30 seconds to answer five questions. She answers all five questions in 30 seconds. She will get a bonus six question unrelated to cyber security.

[Betta Lyon Delsordo]

All right.

[Kyser Clark]

The time will start as soon as I'm done asking the first question. So, here we go. Beto, in your opinion, what is the most concerning cyber breach?

[Betta Lyon Delsordo]

Equifax.

[Kyser Clark]

Best hacker movie, show, or game?

[Betta Lyon Delsordo]

I don't know any. I really don't watch TV much. I will say the Matrix, I guess, is sort of close.

[Kyser Clark]

Favorite type of pen testing?

[Betta Lyon Delsordo]

AI hacking.

[Kyser Clark]

Most overrated cyber security threat?

[Betta Lyon Delsordo]

I will say physical.

[Kyser Clark]

Ethical hacking, art, or science?

[Betta Lyon Delsordo]

Oh.

[Kyser Clark]

That was about 37 seconds, so you just missed it.

[Betta Lyon Delsordo]

I missed it. All right.

[Kyser Clark]

It is hard for a reason.

[Betta Lyon Delsordo]

All right. I guess I didn't pass the test. I'll be quick.

[Kyser Clark]

You're fine. I would say it's like 50-50. Some people get it, some people don't.

Sometimes you get harder questions.

[Betta Lyon Delsordo]

Yeah. There's good ones.

[Kyser Clark]

So, you said the most overrated cyber security threat was physical. Why do you think it's physical?

[Betta Lyon Delsordo]

Honestly, I think it's one of those cool things that you hear about. You're like, wow, people that sneak into places. I've had coworkers do that.

It's very cool. But I will say, I think sometimes when clients pay for that, they're paying for it because it's cool and it sounds awesome. Someone sneaking into your office or whatever.

And I just feel like the volume of what realistically is happening is just a lot of phishing and boring stuff that's not as cool. So, to the people that do that stuff, you are very cool. Keep doing it.

But for the companies that are paying for stuff, look at the data. Should you maybe just do some basic MFA and test some phishing stuff if you don't have a lot of money versus paying someone to sneak all the way into your little bank or perhaps?

[Kyser Clark]

Yeah, that's a good point you make. And that kind of goes back to the whole argument of, is it more secure to write your passwords in a notepad or keeping it on an online password manager? Because if you put on an online password manager, I mean, theoretically, it's supposed to be secure, but it's still connected to the internet where anybody can attack it.

But if you write your password in an notepad, the scope of threat is so narrow because they have to physically be where you're at. And so there's a whole debate there. Some people say, oh yeah, don't write your passwords down.

But in my opinion, it's like, well, if you write your passwords down and you put that in a locked filing cabinet, that could theoretically be more secure than a password manager. So I agree with that. Physical security is a little overrated.

Now, it does need to be taken seriously in some situations. Especially me coming from a military background, your physical security has to be top notch. But you're right.

Most businesses probably shouldn't be worrying about physical security.

[Betta Lyon Delsordo]

I'm from Montana. So when people are like a small little bank in the middle of nowhere, and they're like, what if the spies come and steal our passwords? I'm like, I think you're okay.

I don't think they're coming out there in a van and stealing your password. So I think you should be more worried about people phishing.

[Kyser Clark]

Yeah. Yeah. I would say, worry about the physical security after you've handled all the other- Basic stuff.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

Yeah. Right. Yeah.

That would be for me like a last box to check. Once you do your phishing tests and your pen tests and your code review. If you're doing all that right, then okay, go start doing the physical stuff.

But you shouldn't start there.

[Betta Lyon Delsordo]

No. Yeah. Even if it's cool.

[Kyser Clark]

It is cool. It is cool. You listen to Dark Knight Diaries and they break into stuff.

And I even was on a physical pen test myself and it is cool. It's fun, but it isn't, like you said, it's not the biggest, most concerning threat out there. It is overrated a little bit.

So I agree with you.

[Betta Lyon Delsordo]

All right.

[Kyser Clark]

Okay. So moving on. So you said you moved from web development to cyber security and ethical hacking because it's cooler.

Is that the only reason or is there some other reasons behind it?

[Betta Lyon Delsordo]

Mostly because it's cool. Also just thinking about career security, like hacking something that's always going to be around no matter what, like even if AI automates everything, we're going to still have to hack the AI. So I just could see that web development is going away as we know it.

Like no one today should be hiring someone to like write them a raw HTML website. Like it just doesn't work that way anymore. Like for most small businesses, like the type of clients I had, I would just like far and away recommend them to use like a website builder, like Wix or Squarespace, because it just has all the things they want.

It integrates their tools. It like is far more like has basic security settings that they should be worried about versus like, yes, like big companies that, you know, major social media companies always going to need people to like design their pages and stuff. But I think those jobs are going away in that sense.

And also just getting less interesting. Like if you're just, you know, changing colors on a webpage, not so fun. Or maybe it's like, you know, making a button do something cool.

So just more fun, more interesting. I know I'll have a really cool career.

[Kyser Clark]

So yeah, that's why I chose to get an ethical hacking and pentesting just because it's cool. Like I knew I wanted to get into cybersecurity, but then when I had like, when it was my choice to choose, like, oh, do I want to be a stock analyst? Do I want to be in government risk compliance, pentesting?

I just wanted pentesting because ethical hacker is cool. Like that's really what it came down to.

[Betta Lyon Delsordo]

Totally. And I actually had like a professor that like tried to discourage me from doing this because he was like, oh, he's like, oh, you already, you're already good at web development. Why would you do hacking?

Like, you think that just sounds cool or something? And I was like, yeah, that's exactly why I want to do it. So I told that to people too.

Like don't let people tell you, you don't want, like you shouldn't be a hacker just because you think it's cool. Like that's why we all want to be hackers. So.

[Kyser Clark]

That's a perfectly good reason because you have that passion for it. And you know, if you don't have the passion for it, then you're not going to, you're not going to survive very long, in my opinion, because you'll get burned out. And yeah, I do have a high passion for it.

I still face a level of burnout that I wish I didn't face, but my passion is what keeps me in the game. And back to what your professor said, like, why would you leave web development to go into ethical hacking? But in my mind, I'm like, well, that just makes you a better web app pentester, right?

[Betta Lyon Delsordo]

Totally.

[Kyser Clark]

That set you up so well for web app application testing, I'm sure. Like someone like you who had a web development background, you have a massive advantage compared to me who got into web app testing with no web development background. So I'm sure that gave you a huge advantage going in.

So that professor, I don't know. I'm not going to say anything bad.

[Betta Lyon Delsordo]

I mean, that's what I tell people too that are trying to like get into cyber is like, take whatever experience you already have. Like you come from like a sysadmin background. So web or network pentesting comes easily to you.

You know, for me, it was that web. So it's like, whatever you're coming from, even people come from like a less technical background, like marketing or something. I bet your marketing people are really good at writing phishing emails.

So like, it's all like taking that experience that you have and where do you start and then you can branch out later. But getting that first foothold is it's a lot easier with something you're really familiar with.

[Kyser Clark]

Right. Yeah, that makes sense. And I agree with that.

And but at the same time, like you can take what you're experiencing and expand upon that. But don't be afraid to go into completely new areas.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

Because you can learn, you can find some more passions and that way as well. Because, you know, like you said, I was a sysadmin and network pentesting was a little bit easier. So I got started with the network pentesting.

And then once I got my grasp on that, I started going to web app pentesting, which was really hard for me to get into. But it was a challenge and it was well worth the challenge. And it was it was a fun journey for sure.

[Betta Lyon Delsordo]

Yeah, totally.

[Kyser Clark]

So speaking of not having a web development background, for those who don't have the web development background, in your opinion, what's the best way to learn? How do you source code reviews?

[Betta Lyon Delsordo]

Yes, I'll say for web app pentesting, the web security academy, the whole burp suite training, best resource out there. That's where I learned a lot of what I know. It's free.

So if you haven't started there, like just go do like all I think I've done, like all of the apprentice and practitioner ones. I'm almost done with the expert ones, like just do all of them and you will learn like so much. So it's where people start for source code review.

It's interesting because there's actually not a lot of good free resources out there. I was looking for my co-workers like, you know, not everyone in my office comes from that background. I was trying to find more resources for that.

It's kind of kind of an interesting field. But I started, I taught myself to code on Code Academy, which is still around. It doesn't have as much free stuff as it did back then.

So it's not always the best place. But there's so many like free online code editors. Like if you're afraid of coding because you have to set up like so many annoying things and download things and Java versions and whatever, just use an online editor and just do some basic tutorials.

And honestly, I teach coding to middle school girls in this competition called the Technovation Challenge. It's like an international app building competition. I've been doing it for like nine years.

And I'm like, if I can get some middle school girls to learn coding, like everyone can learn to code. It's not as hard as people think it is. It's like if you can type, if you can do basic math, you can code.

So I think a lot of people are scared of it because it's like when you look at it, you're like, whoa, what is that? I would just like go look at tutorials for kids. And I know it can feel like, oh my God, this is stupid, but they're a lot more fun.

There's all these games like I think hourofcode.com or like Scratch, whatever. Like you make little games and it's just drag and drop blocks. That just like helps you understand like what's happening.

Like what is a loop? It like makes things happen again. And you can move a little character on a screen.

If you can do that, then you can write a loop that like helps you automate your hacking. Like, you know, I don't want to have to send this payload manually. Like you write a script to do it over and over.

And once you get into that mindset, then you can start understanding like actual software code. For that, I would just go on any website and, you know, right click and go to the developer tools. Just start like scrolling and clicking on things.

Like when I click on the search bar, what happens? I go to the, you know, the debug console and also the network traffic and like just look and start clicking, see if you can like, you know, change the color of stuff or get some of the JavaScript things to pop. And I think just like having that curiosity and learning everything you need to learn for free is available for free online, like YouTube, whatever.

So it's more just having the time and the dedication to do it. Yeah.

[Kyser Clark]

What a tip. Do the coding for kids.

[Betta Lyon Delsordo]

Yeah. Have fun while you're doing it. I tell people to do it.

They always think I'm stupid when I tell them that. And then they go try it and they're like, actually, that was helpful.

[Kyser Clark]

So no one will know.

[Betta Lyon Delsordo]

If you do it alone in your room, no one will know.

[Kyser Clark]

But it makes sense because, you know, because gaming, when you gamify your learning, it's easier to grasp the concepts and it's, it's just more fun when you can, when you can have fun while you're learning. That's, that's how the information sticks.

[Betta Lyon Delsordo]

Yeah. There's one called code combat too, that I think is fun. It's like, um, actually you have to write the commands in like real Python or Lua or I think maybe it has JavaScript too, but you're like, you're writing actual Python commands to like move a warrior through a maze and there's like dragons and things.

So you're into kind of like old like RPG games, like that could be, you know, uh, fun.

[Kyser Clark]

Yeah. That, that reminds me of when I was at AWS reinforce, there was this game that had, it was alien from like the alien movie and movies on the ship, on the spaceship. And you have to like, to move your character, you have to like type in like an AWS rule and to like open up the door and then you can like shut another door and then like lock the alien in this room.

And it was really hard because the alien moved away like really, really fast. And like, I didn't, I didn't have any experience of like writing those AWS rules. So I just got disturbed by the alien, but it was, it was a cool game nonetheless.

Um, it wasn't a video game. It was, it was very rudimentary, but like it was, the concept was there. Like if they, if they, you know, put like cool graphics and stuff and made it like kind of more like a video game, that would have been, it's a, it's a really good idea.

And I think more learning platforms should do stuff like that.

[Betta Lyon Delsordo]

Totally. Yeah. Games are fun.

That's why we like to play.

[Kyser Clark]

So do you, do you play video games?

[Betta Lyon Delsordo]

I don't, I don't really have the time these days, but, um, I used to play RuneScape back in the day. That was kind of my thing, but, um, someday I'll have more time, but these days I'm like, if I have time, I was like, I better do a little hacking practice and study some things, but eventually.

[Kyser Clark]

Yeah. Yeah. So my, my, my story is very similar.

I used to be a hardcore gamer, you know, all the way up to my young adult days. And then I decided to join the air force and I pretty much quit playing video games and that really set me up for success. And I tell people like, Hey, you got to quit playing the video games if you want to build a career in, in cybersecurity.

But then like, after I got my 17th certification, I was like, dude, I'm going to slow down a little bit. I've been, I've been playing some games a little lately. Not, I'm not going to lie, but, um, it's just taking a break.

And then I do want to get back on the, the learning grind eventually, but I've been having a lot of fun with the Otter Scrolls Oblivion remaster.

[Betta Lyon Delsordo]

Um, yeah, I know. It's like, we got to study so that we can play and have fun.

[Kyser Clark]

Okay. So moving on. So you say you like AI hacking, so you're into that.

So that's like a new frontier for our industry. Um, and in my opinion, that's really not a whole lot of resources that really teach you how to do it. And I have, I mean like the burp, the Port Swigger web security Academy has like a LLM learning module.

And I think TryHackMe had like a learning module. I've done these, but to me it just seemed so basic and I don't really know how to like go deeper in the AI hacking. So what are you doing to go deeper?

And like, what are some good resources that, um, people can, can do if they really want to do a deep dive in AI hacking?

[Betta Lyon Delsordo]

Totally. So yeah, I've been, um, doing a few talks at conferences about AI hacking. Everyone's really excited about it.

So I keep, people keep asking me to do this talk and I'm like, all right, I thought people were going to be sick of it, but I do start pretty basic with people with like, you know, basic prompt injection, but I did have a previous client that was a cloud provider that was putting AI into everything. And they would send it to my team and we had to kind of figure out like, what are we going to do here? So the interesting thing is that I know prompt injection seems silly and easy, but it actually works.

Like that's the reason we test it. But I approached it more from like a fuzzing standpoint of like writing a list of, you know, you just go online and look up prompt injection lists. Most of those are going to be blocked obviously, but if you just make like small changes on them, like load them into like burp intruder and like start adding things.

Like if you know the, the AI you're testing is like supposed to talk about a certain thing or a certain product or a certain customer base, whatever, try and like add those keywords in there or like the prompt, like a prompt that you know it works and it responds well too. And then like add things in the end and see what you can do. And I've gotten really interesting results, like just getting it to crash or one of the big things is like resource consumption because AI is really expensive.

So if you can trigger like a massive scale up in resources by asking it things like ask about the theory of relativity or like financial models and it would actually like run out of resources and crash or like make their cloud bill go way up and they don't want that. So you can like demonstrate like a threat that way is really good. I have thought about a possible proof of concept, maybe I haven't tried this yet really, but thinking about like, you know, like crypto jacking is like people trying to get into the cloud and run that stuff.

You could just use like public AI to like do something in that way and like rob people's cloud storage, cloud resources and like processing that way through AI would be interesting. But I have also a big thing there is going from the backend, like insider threat. So one of the interesting pen tests that I did, I like simulated like infiltrating the pipeline for the LLM.

So they had built, you know, chatbot that was supposed to talk to the users about things. And I was saying like, what if I was malicious insider and I could like change the code as it went? Like either changing the prompt to do malicious things and like turning off their guardrails and things like that.

So I would say like be creative about it. And from a code review standpoint, I found very interesting things. If it's a white box pen test, I would find like developers like deliberately just like commenting out the guardrails because it wasn't working.

And so whatever filtering that was on there was being like, you know, not working. But in the whole like OWASP top 10 for LLM, a lot of them are a little redundant, but there's some interesting aspects there just talking about authorization. So if people are hooking their APIs up to an AI, can you go delete things that you're not supposed to?

Can you get discount codes, you know, that you're not supposed to? Stuff like that. And I think another interesting aspect, not LLM specific, but just machine learning is training data poisoning.

So that's, I've been going through the HackerBox, just put out like a new path on that. So I've gotten through most of it, but there's a project on there where you have to like poison an LLM spam detector, or I don't know if it is LLM. I think it's just machine learning spam detector for email.

So as the emails come in, it's trying to determine does it match like spam or ham, it calls it, so good or bad. And if you can like start to poison that so that things that it keeps like marking false positives, eventually it'll degrade the quality of the model and you can slip in, you know, some phishing stuff. So there's like interesting attacks there more on like statistics of like what it's statistically determining to be spam and can you like change the curve one way or the other.

So there are some interesting things out there, but I've yet to see like some really good, I don't know, some more like interesting stuff that a lot of the things that people publish have gotten blocked already because there's such few like good like popular models. But I guess, oh some other ones I was thinking of, just like for people that are like doing the wild west of AI stuff, like Hugging Face has a ridiculous amount of models out there that are just malware, like any of the pickle files are just malware. So be careful when you just use random models off the internet, because you can just plug those into your site that way.

I just thought of one more thing, oh a really good CTF is Prompt Airlines. So for people who've already done like Gandalf, which is like, you know, famous AI one, Prompt Airlines is you're trying to trick a chatbot into giving you a free flight and you have to do visual prompt injection where you forge an ID card that, you know, allows you to authenticate and get something. So if you want more of a challenge, that's a good one.

But I think I covered some more there.

[Kyser Clark]

That last one sounds pretty fun.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

So while you were talking about AI, I was thinking, I was like, man, you know, AI prompt injection, like it might, it's a career skill today, but in the future, it might be a survival skill.

[Betta Lyon Delsordo]

So we don't know, depending on your doom or optimism view of AI, people have different takes, but yeah.

[Kyser Clark]

Yeah. I feel like I lean more on the optimism side, but yeah. What's your take on AI taking jobs in cybersecurity in particular?

[Betta Lyon Delsordo]

It will, like, I mean, it's going to take jobs for everything, but it's going to make jobs. And I think it's going to take jobs for people that don't learn anything new. There are just people out there that like, you know, got their first job and never learned anything new in like 20 years.

And like, yeah, it's going to take your job probably. But for the people that are like learning new things and, you know, staying up to date, you're always going to have stuff to do. There's always going to be need for people to test whatever the AI is doing.

So I'm not, I'm not too worried about it.

[Kyser Clark]

Yeah. And you know, for people like me and you, and I would say the vast majority of the audience members, like we're in ethical acting because we like learning new stuff. So that shouldn't be a problem for the bulk of us.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

So you mentioned your speaking engagements. So how do you get involved with speaking engagements? So for those who are aspiring to give talks at events, how can they get started?

[Betta Lyon Delsordo]

Yes. So a lot of this has really happened in just the past six months or so. I've had a lot of people just reaching out for me to talk at places.

And I think it's kind of a cascading effect. Like you just have to start really small. So one, be a confident public speaker.

No one's going to ask you to go someplace if you're not good at it. So be good at public speaking. And if you're not like join like a Toastmasters club, like practice things.

And starting small with things that are really easy. Like I just started speaking at like schools, elementary schools, community colleges, just like small nonprofit events for like women in cyber. And that gives you the place to polish your talks or the things and find what people are actually interested in.

A lot of my AI hacking talks just started as stuff I was doing with like middle schoolers, because I thought they would think was fun. And people were like, can you do this for adults? And I was like, I guess.

Do you think they'll want it? And they're like, yeah. And like just more people keep asking me to do that talk.

So I would say like kids are a great one. And if you can get some like middle schoolers to pay attention to you for like an hour, you can for sure get adults to do that. It's way harder to keep middle schoolers engaged and off their phones.

So yeah, I would just say start small. And then when you're like trying to get into conferences, you have to like watch out for those calls for proposals. So they will put out the CFPs.

You can reach out to people who have spoken in the past and ask them for tips about what gets a good proposal in like that kind of thing. But also it's just networking. But I am very active on LinkedIn.

So I pop up for people. So I post that I did this talk. And people are like, oh, you did that?

Come talk for us. So it's more like once you have that presence, it just goes up from there. Because there's actually very few people in cybersecurity that are very vocal and speaking a lot.

I think a lot of people are very introverted and whatever. So if you're not, you have a big advantage. I like to talk.

So it's good for me in that way.

[Kyser Clark]

Yeah, that makes a lot of sense. And thanks for that advice and for that wisdom for anybody that's wanting to do that. I feel like my goal one time is to start getting into talks.

I mean, I talk a lot on the podcast and on my YouTube videos and stuff, but I haven't done like a formal talk at like an event or anything. So when you mentioned Toastmasters, so is that how you build up your confidence with public speaking?

[Betta Lyon Delsordo]

Not me personally. I did speech and debate in high school. So I think that gave me that.

I did like a lot of United Nations and a lot of those like public speaking things. So I think I learned a lot from there. But I do know people that are like, once you're older, that's like the type of thing that you can join.

They're just clubs. A lot of businesses or just regional cities will have a Toastmasters club. So you join and you just like practice speaking small things.

And even like some of my co-workers have asked me to do like many public speaking lessons. So I just ask people to do something like, I'll give you a random color, like blue. Can you talk about the color blue for 30 seconds without saying, you have to stand up and act confident and do transitions.

You just have to say something. And we work up from there until you're actually talking about something technical that you like for 30 seconds or five minutes. And then it's like swimming.

It's like learning an instrument. You just got to start somewhere and eventually get good at it. Just keep practicing.

[Kyser Clark]

Yeah. Thanks for bringing that insight. Speaking of Toastmasters, I looked it up because I want to practice my public speaking.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

And my closest Toastmasters is 45 minutes away. I was like, dude, that's a long drive.

[Betta Lyon Delsordo]

They have online ones though. I think you can look into those.

[Kyser Clark]

Yeah. I mean, that makes sense. And I might have to look into that, but I feel like I do enough online.

[Betta Lyon Delsordo]

For sure.

[Kyser Clark]

You know what I mean? I want to do more in-person stuff.

[Betta Lyon Delsordo]

Yeah.

[Kyser Clark]

So you also do mentoring. So like you said, you mentor middle school girls. So how did you get into mentoring and how does that help your career more specifically?

Why is that such a big deal to you? Why is that important?

[Betta Lyon Delsordo]

Yeah. I mean, to me, it's just really important from a giving back standpoint, because I want to be a mentor that I didn't have when I was starting out in middle school. I was a 13-year-old girl coding in Montana.

There was nobody I could ask for advice. There was no one I could look up to. There wasn't that presence.

And when I was 16, I started this coding club at the middle school I went to. So every week, I would go back and teach middle school girls coding. And every year, I'd coach them through this Technovation Challenge.

It's an international girls competition. And then in college, I started doing that remotely. So I've had teams in Spain, because I also speak Spanish, and other teams in the US.

So I just kept doing that competition. So it's middle school and high school girls. And now that I'm professional, I also mentor students and things.

And I think for me, yeah, it's about giving back. It's like you have to put yourself in that chain of mentorship that if you want people to help you, you've got to help other people, too. And it gives you that leadership, too.

I recently got promoted to a team lead. And a big part of that was saying, I've led teams in mentoring sense for almost a decade now. And being able to have that experience and knowing that I know how to get people engaged, get people motivated, give people more confidence.

Those are skills that a leader should have. And that will make you a good leader when you want to move into management. So I think it's just amazing.

There's so many programs out there. So I would say find one in your local community that you care about and get involved there. And it will help you so much.

[Kyser Clark]

Nice. Yeah. And that's why I make the content I do, because no one told me that I could hack your peers for a living when I was in middle school.

If they did, like I said earlier, I would have been light years ahead. So that's why I make the content that I do, is because I wish someone would have told me about this profession way earlier. Because I didn't start until I was 24.

[Betta Lyon Delsordo]

Wow.

[Kyser Clark]

Yeah. And that's why I had to like, I feel like I had to play catch-up. So when I got started, I was just like really hammering it, you know?

[Betta Lyon Delsordo]

Yeah. Thanks for doing this. It's great to have this stuff online, because yeah, someone's going to see this.

It's going to help them. And yeah, that's why we do it.

[Kyser Clark]

All right. So we're running out of time. So let's go ahead and move on to the final question, which everyone gets.

So do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share that we didn't already cover?

[Betta Lyon Delsordo]

I think in a lot of my big ones, I think one thing I always tell people from an advice and mentoring standpoint is you have to specialize starting out, that there are so many people wanting to get into cybersecurity because it's cool, but you really have to differentiate yourself. I think if you come up to me and you're like, hey, I think cyber is cool, but like, what is hacking? Do some research, find out what you actually want to be in.

And I can help you a lot more if you say, I'm really into, you know, web hacking or malware analysis. Like, what should I learn? Do you know anyone who has like that skill set that I can introduce you to?

And that is, you know, how you differentiate yourself online and job applications. Instead of just being a generalist, being a specialist in a particular area helps you, you know, go into something. So I always say, instead of doing 50 things one time, do one thing 50 times.

A lot of intro to cyber courses will teach you, you know, you'll open up Wireshark one time, you'll learn how to analyze the cyber law one time, you'll like maybe learn about cross-site scripting once. But if you go to a job interview and you say, oh yeah, I've only done this one time, like they're not going to hire you to do that. So you really have to pick something you're excited about, something you're willing to spend a lot of your free time studying and build some kind of portfolio where like analyze 50 samples of malware, like write, you know, analyze 50 cyber laws, whatever it is that your specific area is, and then you become that like expert and you can create content around that, you can promote yourself, you can go to networking events specifically for that, and you will, you know, you'll have your time. And as you go through your career, you can add more specializations.

So I've added, you know, started in web, added like cloud and AI, working on, you know, branching out, but you're really trying to get that first foot in the door. It's always good to specialize.

[Kyser Clark]

That's really good wisdom. Thanks for sharing that. It reminds me of that saying, you don't practice until you get it right, practice until you can't get it wrong.

[Betta Lyon Delsordo]

That's what it reminds me of. That's a good one too. I like that.

[Kyser Clark]

So thanks for that wisdom. Betta, thank you so much for being here and providing your insights and expertise. Where can the audience get a hold of you if they want to connect with you?

[Betta Lyon Delsordo]

I am on LinkedIn. Just look me up, Betta Lyon Delsordo. And I also have a personal website when you hit the top there.

So I have a lot of my upcoming talks linked there. Any, you know, webinars that I'll be speaking at, pretty much everything is, you know, free and open to the public. So feel free to join there.

I also have like an FAQ page for some resources that I like, people often ask me about. So feel free to reach out. I always love to hear about people's journeys and any cool research you're doing.

If you're into AI hacking, I'd love to hear from you as well. So thanks for having me.

[Kyser Clark]

And audience, best place to reach me is LinkedIn as well. And my website, kevinclarry.com. Audience, thanks for watching.

Thanks for listening. Hopefully I see you next episode. Until then, this is Kyser signing off.